发布求助
文献互助 智能选刊 最新文献

arXiv: Cryptography and Security最新文献

筛选
英文 中文
Dial One for Scam: A Large-Scale Analysis of Technical Support Scams 拨打电话诈骗:技术支持诈骗的大规模分析
arXiv: Cryptography and Security Pub Date : 2016-07-23 DOI: 10.14722/ndss.2017.23163
N. Miramirkhani, Oleksii Starov, Nick Nikiforakis
{"title":"Dial One for Scam: A Large-Scale Analysis of Technical Support Scams","authors":"N. Miramirkhani, Oleksii Starov, Nick Nikiforakis","doi":"10.14722/ndss.2017.23163","DOIUrl":"https://doi.org/10.14722/ndss.2017.23163","url":null,"abstract":"In technical support scams, cybercriminals attempt to convince users that their machines are infected with malware and are in need of their technical support. In this process, the victims are asked to provide scammers with remote access to their machines, who will then \"diagnose the problem\", before offering their support services which typically cost hundreds of dollars. Despite their conceptual simplicity, technical support scams are responsible for yearly losses of tens of millions of dollars from everyday users of the web. In this paper, we report on the first systematic study of technical support scams and the call centers hidden behind them. We identify malvertising as a major culprit for exposing users to technical support scams and use it to build an automated system capable of discovering, on a weekly basis, hundreds of phone numbers and domains operated by scammers. By allowing our system to run for more than 8 months we collect a large corpus of technical support scams and use it to provide insights on their prevalence, the abused infrastructure, the illicit profits, and the current evasion attempts of scammers. Finally, by setting up a controlled, IRB-approved, experiment where we interact with 60 different scammers, we experience first-hand their social engineering tactics, while collecting detailed statistics of the entire process. We explain how our findings can be used by law-enforcing agencies and propose technical and educational countermeasures for helping users avoid being victimized by technical support scams.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126861186","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 85
Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks 设计零努力去认证的陷阱:机会主义的人类观察攻击
arXiv: Cryptography and Security Pub Date : 2015-05-21 DOI: 10.14722/NDSS.2016.23199
Otto Huhta, Prakash Shrestha, S. Udar, Mika Juuti, Nitesh Saxena, N. Asokan
{"title":"Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks","authors":"Otto Huhta, Prakash Shrestha, S. Udar, Mika Juuti, Nitesh Saxena, N. Asokan","doi":"10.14722/NDSS.2016.23199","DOIUrl":"https://doi.org/10.14722/NDSS.2016.23199","url":null,"abstract":"Deauthentication is an important component of any authentication system. The widespread use of computing devices in daily life has underscored the need for zero-effort deauthentication schemes. However, the quest for eliminating user effort may lead to hidden security flaws in the authentication schemes. As a case in point, we investigate a prominent zero-effort deauthentication scheme, called ZEBRA, which provides an interesting and a useful solution to a difficult problem as demonstrated in the original paper. We identify a subtle incorrect assumption in its adversary model that leads to a fundamental design flaw. We exploit this to break the scheme with a class of attacks that are much easier for a human to perform in a realistic adversary model, compared to the na\"ive attacks studied in the ZEBRA paper. For example, one of our main attacks, where the human attacker has to opportunistically mimic only the victim's keyboard typing activity at a nearby terminal, is significantly more successful compared to the na\"ive attack that requires mimicking keyboard and mouse activities as well as keyboard-mouse movements. Further, by understanding the design flaws in ZEBRA as cases of tainted input, we show that we can draw on well-understood design principles to improve ZEBRA's security.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"101 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132277380","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Augur: a decentralized oracle and prediction market platform Augur:一个去中心化的预言和预测市场平台
arXiv: Cryptography and Security Pub Date : 2015-01-05 DOI: 10.13140/2.1.1431.4563
Jack Peterson, Joseph Krug, Micah Zoltu, Austin K. Williams, Stephanie Alexander
{"title":"Augur: a decentralized oracle and prediction market platform","authors":"Jack Peterson, Joseph Krug, Micah Zoltu, Austin K. Williams, Stephanie Alexander","doi":"10.13140/2.1.1431.4563","DOIUrl":"https://doi.org/10.13140/2.1.1431.4563","url":null,"abstract":"Augur is a trustless, decentralized oracle and platform for prediction markets. The outcomes of Augur's prediction markets are chosen by users that hold Augur's native Reputation token, who stake their tokens on the actual observed outcome and, in return, receive settlement fees from the markets. Augur's incentive structure is designed to ensure that honest, accurate reporting of outcomes is always the most profitable option for Reputation token holders. Token holders can post progressively-larger Reputation bonds to dispute proposed market outcomes. If the size of these bonds reaches a certain threshold, Reputation splits into multiple versions, one for each possible outcome of the disputed market; token holders must then exchange their Reputation tokens for one of these versions. Versions of Reputation which do not correspond to the real-world outcome will become worthless, as no one will participate in prediction markets unless they are confident that the markets will resolve correctly. Therefore, token holders will select the only version of Reputation which they know will continue to have value: the version that corresponds to reality.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"108 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116194862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 74
Model the System from Adversary Viewpoint: Threats Identification and Modeling 从对手的角度对系统建模:威胁识别和建模
arXiv: Cryptography and Security Pub Date : 2014-10-13 DOI: 10.4204/EPTCS.165
J. Garcia-Alfaro, Gurkan Gur
{"title":"Model the System from Adversary Viewpoint: Threats Identification and Modeling","authors":"J. Garcia-Alfaro, Gurkan Gur","doi":"10.4204/EPTCS.165","DOIUrl":"https://doi.org/10.4204/EPTCS.165","url":null,"abstract":"This volume contains the proceedings of the 2014 International Advanced Intrusion Detection and Prevention (AIDP'14) Workshop, held in Marrakesh, Morocco, on the 5th of June 2014, in conjunction with the 29th IFIP TC-11 SEC 2014 International Conference. It includes a revised version of the papers selected for presentation at the workshop","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122935244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Structure Analysis on the $k$-error Linear Complexity for $2^n$-periodic Binary Sequences $2^n$周期二元序列$k$误差线性复杂度的结构分析
arXiv: Cryptography and Security Pub Date : 2013-12-24 DOI: 10.3934/JIMO.2017016
Jianqin Zhou, Wanquan Liu, Xifeng Wang
{"title":"Structure Analysis on the $k$-error Linear Complexity for $2^n$-periodic Binary Sequences","authors":"Jianqin Zhou, Wanquan Liu, Xifeng Wang","doi":"10.3934/JIMO.2017016","DOIUrl":"https://doi.org/10.3934/JIMO.2017016","url":null,"abstract":"In this paper, in order to characterize the critical error linear complexity spectrum (CELCS) for $2^n$-periodic binary sequences, we first propose a decomposition based on the cube theory. Based on the proposed $k$-error cube decomposition, and the famous inclusion-exclusion principle, we obtain the complete characterization of $i$th descent point (critical point) of the k-error linear complexity for $i=2,3$. Second, by using the sieve method and Games-Chan algorithm, we characterize the second descent point (critical point) distribution of the $k$-error linear complexity for $2^n$-periodic binary sequences. As a consequence, we obtain the complete counting functions on the $k$-error linear complexity of $2^n$-periodic binary sequences as the second descent point for $k=3,4$. This is the first time for the second and the third descent points to be completely characterized. In fact, the proposed constructive approach has the potential to be used for constructing $2^n$-periodic binary sequences with the given linear complexity and $k$-error linear complexity (or CELCS), which is a challenging problem to be deserved for further investigation in future.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129332738","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Exploratory Ethnographic Study of Issues and Concerns with Whole Genome Sequencing 关于全基因组测序问题和关注的探索性民族志研究
arXiv: Cryptography and Security Pub Date : 2013-06-20 DOI: 10.14722/USEC.2014.23020
Emiliano De Cristofaro
{"title":"An Exploratory Ethnographic Study of Issues and Concerns with Whole Genome Sequencing","authors":"Emiliano De Cristofaro","doi":"10.14722/USEC.2014.23020","DOIUrl":"https://doi.org/10.14722/USEC.2014.23020","url":null,"abstract":"Progress in Whole Genome Sequencing (WGS) will soon allow a large number of individuals to have their genome fully sequenced. This lays the foundations to improve modern healthcare, enabling a new era of personalized medicine where diagnosis and treatment is tailored to the patient's genetic makeup. It also allows individuals motivated by personal curiosity to have access to their genetic information, and use it, e.g., to trace their ancestry. However, the very same progress also amplifies a number of ethical and privacy concerns, that stem from the unprecedented sensitivity of genomic information and that are not well studied. This paper presents an exploratory ethnographic study of users' perception of privacy and ethical issues with WGS, as well as their attitude toward different WGS programs. We report on a series of semi-structured interviews, involving 16 participants, and analyze the results both quantitatively and qualitatively. Our analysis shows that users exhibit common trust concerns and fear of discrimination, and demand to retain strict control over their genetic information. Finally, we highlight the need for further research in the area and follow-up studies that build on our initial findings.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115988025","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Security and Privacy Issues in Cloud Computing 云计算中的安全和隐私问题
arXiv: Cryptography and Security Pub Date : 2013-03-20 DOI: 10.4018/978-1-4666-4514-1.ch001
Jaydip Sen
{"title":"Security and Privacy Issues in Cloud Computing","authors":"Jaydip Sen","doi":"10.4018/978-1-4666-4514-1.ch001","DOIUrl":"https://doi.org/10.4018/978-1-4666-4514-1.ch001","url":null,"abstract":"Cloud computing transforms the way information technology (IT) is consumed and managed, promising improved cost efficiencies, accelerated innovation, faster time-to-market, and the ability to scale applications on demand (Leighton, 2009). According to Gartner, while the hype grew exponentially during 2008 and continued since, it is clear that there is a major shift towards the cloud computing model and that the benefits may be substantial (Gartner Hype-Cycle, 2012). However, as the shape of the cloud computing is emerging and developing rapidly both conceptually and in reality, the legal/contractual, economic, service quality, interoperability, security and privacy issues still pose significant challenges. In this chapter, we describe various service and deployment models of cloud computing and identify major challenges. In particular, we discuss three critical challenges: regulatory, security and privacy issues in cloud computing. Some solutions to mitigate these challenges are also proposed along with a brief presentation on the future trends in cloud computing deployment.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127733740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 209
Two Way Concurrent Buffer System without Deadlock in Various Time Models Using Timed Automata 基于时间自动机的不同时间模型下无死锁的双向并发缓冲系统
arXiv: Cryptography and Security Pub Date : 2012-09-11 DOI: 10.5281/ZENODO.7694
R. Mishra, Muhammed Zeeshan, Sanjay Singh
{"title":"Two Way Concurrent Buffer System without Deadlock in Various Time Models Using Timed Automata","authors":"R. Mishra, Muhammed Zeeshan, Sanjay Singh","doi":"10.5281/ZENODO.7694","DOIUrl":"https://doi.org/10.5281/ZENODO.7694","url":null,"abstract":"Two way buffer system is a system that exhibits transfer of data using two buffers concurrently. It includes processes that synchronize to exchange data with each other along with executing certain delays between these synchronizations. In existing Tiny Two Way Buffer System, both generators produce packets in half duplex manner in no time, deterministic time, and non deterministic time. Analysis of the model for above time options leads the model in deadlock. The model can be out of the deadlock if timings in the model is incorporated in alternative fashion. The generators produce packets after a delay of 10 seconds. However, generator one has an initial shift of 5 seconds after which it begins sending a packet every 10 seconds. Hence, initial delay for generator one is 15 seconds and for generator two it is 10 seconds. Due to this initial shift, both generators produce packets alternatively and is deadlock free as the packets do not meet at the same time instant. Moreover, the existing system model is not concurrent and hence takes more time for packet transfer in every iteration. In this paper we have proposed a model of buffer system using an additional dummy buffer for transfer of data packets, we thus checking the model with various time models as no time, deterministic time and non deterministic time. The results of proposed model under above time models are in deadlock. We achieve deadlock free situation by introducing appropriate delay in various buffers of the proposed system, the delay timing is nondeterministic time. The new approach speeds up the transfer of packets, as a result the transfer of data becomes concurrent, deadlock free and hence the model proposed is time efficient. Simulation results shows that the proposed two way buffer system is fully concurrent and time efficient as compared to the existing buffer system.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129456382","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Attack on Fully Homomorphic Encryption over the Integers 整数上全同态加密的攻击
arXiv: Cryptography and Security Pub Date : 2012-02-15 DOI: 10.11591/IJINS.V1I4.798
Gu Chun-sheng
{"title":"Attack on Fully Homomorphic Encryption over the Integers","authors":"Gu Chun-sheng","doi":"10.11591/IJINS.V1I4.798","DOIUrl":"https://doi.org/10.11591/IJINS.V1I4.798","url":null,"abstract":"This paper presents a heuristic attack on the fully homomorphic encryption over the integers by using lattice reduction algorithm. Our result shows that the FHE in [DGHV10] is not secure for some parameter settings. We also present an improvement scheme to avoid the lattice attack in this paper.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"56 9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121936106","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
A Novel Chaotic Image Encryption using Generalized Threshold Function 一种基于广义阈值函数的混沌图像加密方法
arXiv: Cryptography and Security Pub Date : 2011-12-16 DOI: 10.5120/5793-8110
S. Ahadpour, Yaser Sadra, Zahra Arasteh-Fard
{"title":"A Novel Chaotic Image Encryption using Generalized Threshold Function","authors":"S. Ahadpour, Yaser Sadra, Zahra Arasteh-Fard","doi":"10.5120/5793-8110","DOIUrl":"https://doi.org/10.5120/5793-8110","url":null,"abstract":"In this paper, after reviewing the main points of image encryption and threshold function, we introduce the methods of chaotic image encryption based on pseudorandom bit padding that the bits be generated by the novel generalized threshold function (segmentation and self-similarity) methods. These methods decrease periodic effect of the ergodic dynamical systems in randomness of the chaotic image encryption. The essential idea of this paper is that given threshold functions of the ergodic dynamical systems. To evaluate the security of the cipher image of this scheme, the key space analysis, the correlation of two adjacent pixels and differential attack were performed. This scheme tries to improve the problem of failure of encryption such as small key space and level of security.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"394 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117321377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信