SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography最新文献_第9页

Guidelines and a Framework to Improve the Delivery of Network Intrusion Detection Datasets 改进网络入侵检测数据集交付的指南和框架

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2023-01-01 DOI: 10.5220/0012052300003555

B. Lewandowski

引用次数: 0

Light Quantum Key Distribution Network Security Estimation Tool 光量子密钥分配网络安全估计工具

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2023-01-01 DOI: 10.5220/0012022100003555

Sara Nikula, Pekka Koskela, Outi-Marja Latvala, S. Lehtonen

引用次数: 0

Risk-Based Illegal Information Flow Detection in the IIoT 基于风险的工业物联网非法信息流检测

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2023-01-01 DOI: 10.5220/0012079800003555

Argiro Anagnostopoulou, I. Mavridis, D. Gritzalis

{"title":"Risk-Based Illegal Information Flow Detection in the IIoT","authors":"Argiro Anagnostopoulou, I. Mavridis, D. Gritzalis","doi":"10.5220/0012079800003555","DOIUrl":"https://doi.org/10.5220/0012079800003555","url":null,"abstract":": Industrial IoT (IIoT) consists of a great number of low-cost interconnected devices, including sensors, actuators, and PLCs. Such environments deal with vast amounts of data originating from a wide range of devices, applications, and services. These data should be adequately protected from unauthorized users and services. As IIoT environments are scalable and decentralized, the conventional security schemes have difficulties in protecting systems. Information flow control, along with delegation of accurate access control rules is crucial. In this work, we propose an approach to assess the existing information flows and detect the illegal ones in IIoT environments, which utilizes a risk-based method for critical infrastructure dependency modeling. We define formulas to indicate the nodes with a high-risk level. We create a graph based on business processes, operations, and current access control rules of an infrastructure. In the graph, the edges represent the information flows. For each information flow we calculate the risk level. This aids to reconstruct current access control rules on the high-risk nodes of the infrastructure.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"10 1","pages":"377-384"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91207858","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

How to Plausibly Deny Steganographic Secrets 如何合理否认隐写秘密

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2023-01-01 DOI: 10.5220/0012120100003555

Shahzad Ahmad, S. Rass

引用次数: 0

Labelled Vulnerability Dataset on Android Source Code (LVDAndro) to Develop AI-Based Code Vulnerability Detection Models 基于Android源代码的标记漏洞数据集(LVDAndro)开发基于人工智能的代码漏洞检测模型

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2023-01-01 DOI: 10.5220/0012060400003555

J. M. D. Senanayake, H. Kalutarage, M. Al-Kadri, Luca Piras, Andrei V. Petrovski

引用次数: 0

Privacy in Practice: Private COVID-19 Detection in X-Ray Images 实践中的隐私:x射线图像中的私人COVID-19检测

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-11-21 DOI: 10.5220/0012048100003555

Lucas Lange, Maja Schneider, E. Rahm

{"title":"Privacy in Practice: Private COVID-19 Detection in X-Ray Images","authors":"Lucas Lange, Maja Schneider, E. Rahm","doi":"10.5220/0012048100003555","DOIUrl":"https://doi.org/10.5220/0012048100003555","url":null,"abstract":"Machine learning (ML) can help fight the COVID-19 pandemic by enabling rapid screening of large volumes of chest X-ray images. To perform such data analysis while maintaining patient privacy, we create ML models that satisfy Differential Privacy (DP). Previous works exploring private COVID-19 ML models are in part based on small or skewed datasets, are lacking in their privacy guarantees, and do not investigate practical privacy. In this work, we therefore suggest several improvements to address these open gaps. We account for inherent class imbalances in the data and evaluate the utility-privacy trade-off more extensively and over stricter privacy budgets than in previous work. Our evaluation is supported by empirically estimating practical privacy leakage through actual attacks. Based on theory, the introduced DP should help limit and mitigate information leakage threats posed by black-box Membership Inference Attacks (MIAs). Our practical privacy analysis is the first to test this hypothesis on the COVID-19 detection task. In addition, we also re-examine the evaluation on the MNIST database. Our results indicate that based on the task-dependent threat from MIAs, DP does not always improve practical privacy, which we show on the COVID-19 task. The results further suggest that with increasing DP guarantees, empirical privacy leakage reaches an early plateau and DP therefore appears to have a limited impact on MIA defense. Our findings identify possibilities for better utility-privacy trade-offs, and we thus believe that empirical attack-specific privacy estimation can play a vital role in tuning for practical privacy.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"1 1","pages":"624-633"},"PeriodicalIF":0.0,"publicationDate":"2022-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78349586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 4

Offline-verifiable Data from Distributed Ledger-based Registries 来自基于分布式账本的注册表的离线可验证数据

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-07-19 DOI: 10.5220/0011327600003283

Stefan More, Jakob Heher, Clemens Walluschek

{"title":"Offline-verifiable Data from Distributed Ledger-based Registries","authors":"Stefan More, Jakob Heher, Clemens Walluschek","doi":"10.5220/0011327600003283","DOIUrl":"https://doi.org/10.5220/0011327600003283","url":null,"abstract":": Trust management systems often use registries to authenticate data, or form trust decisions. Examples are revocation registries and trust status lists. By introducing distributed ledgers (DLs), it is also possible to create decentralized registries. A veriﬁer then queries a node of the respective ledger, e.g., to retrieve trust status information during the veriﬁcation of a credential. While this ensures trustworthy information, the process requires the veriﬁer to be online and the ledger node available. Additionally, the connection from the veriﬁer to the registry poses a privacy issue, as it leaks information about the user’s behavior. In this paper, we resolve these issues by extending existing ledger APIs to support results that are trustworthy even in an ofﬂine setting. We do this by introducing attestations of the ledger’s state, issued by ledger nodes, aggregatable into a collective attestation by all nodes. This attestation enables a user to prove the provenance of DL-based data to an ofﬂine veriﬁer. Our approach is generic. So once deployed it serves as a basis for any use case with an ofﬂine veriﬁer. We also provide an implementation for the Ethereum stack and evaluate it, demonstrating the practicability of our approach.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"25 1","pages":"687-693"},"PeriodicalIF":0.0,"publicationDate":"2022-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74696058","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A Decentralised Real Estate Transfer Verification Based on Self-Sovereign Identity and Smart Contracts 基于自我主权身份和智能合约的去中心化房地产转让验证

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-07-10 DOI: 10.48550/arXiv.2207.04459

A. Shehu, António Pinto, M. Correia

{"title":"A Decentralised Real Estate Transfer Verification Based on Self-Sovereign Identity and Smart Contracts","authors":"A. Shehu, António Pinto, M. Correia","doi":"10.48550/arXiv.2207.04459","DOIUrl":"https://doi.org/10.48550/arXiv.2207.04459","url":null,"abstract":": Since its first introduction in late 90s, the use of marketplaces has continued to grow, today virtually every-thing from physical assets to services can be purchased on digital marketplaces, real estate is not an exception. Some marketplaces allow acclaimed asset owners to advertise their products, to which the services gets com-mission/percentage from proceeds of sale/lease. Despite the success recorded in the use of the marketplaces, they are not without limitations which include identity and property fraud, impersonation and the use of centralised technology with trusted parties that are prone to single point of failures (SPOF). Being one of the most valuable assets, real estate has been a target for marketplace fraud as impersonators take pictures of properties they do not own, upload them on marketplace with promising prices that lures innocent or naive buyers. This paper addresses these issues by proposing a self sovereign identity (SSI) and smart contract based framework for identity verification and verified transaction management on secure digital marketplaces. First, the use of SSI technology enable methods for acquiring verified credential (VC) that are verifiable on a decentralised blockchain registry to identify both real estate owner(s) and real estate property. Second, the smart contracts are used to negotiate the secure transfer of real estate property deeds on the marketplace. To assess the viability of our proposal we define an application scenario and compare our work with other approaches.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"20 1","pages":"469-476"},"PeriodicalIF":0.0,"publicationDate":"2022-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75278652","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

PAMMELA: Policy Administration Methodology using Machine Learning. PAMMELA:使用机器学习的政策管理方法。

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-07-01 DOI: 10.5220/0011272400003283

Varun Gumma, Barsha Mitra, Soumyadeep Dey, Pratik Shashikantbhai Patel, Sourabh Suman, Saptarshi Das, Jaideep Vaidya

{"title":"PAMMELA: Policy Administration Methodology using Machine Learning.","authors":"Varun Gumma, Barsha Mitra, Soumyadeep Dey, Pratik Shashikantbhai Patel, Sourabh Suman, Saptarshi Das, Jaideep Vaidya","doi":"10.5220/0011272400003283","DOIUrl":"https://doi.org/10.5220/0011272400003283","url":null,"abstract":"<p><p>In recent years, Attribute-Based Access Control (ABAC) has become quite popular and effective for enforcing access control in dynamic and collaborative environments. Implementation of ABAC requires the creation of a set of attribute-based rules which cumulatively form a policy. Designing an ABAC policy ab initio demands a substantial amount of effort from the system administrator. Moreover, organizational changes may necessitate the inclusion of new rules in an already deployed policy. In such a case, re-mining the entire ABAC policy requires a considerable amount of time and administrative effort. Instead, it is better to incrementally augment the policy. In this paper, we propose PAMMELA, a Policy Administration Methodology using Machine Learning to assist system administrators in creating new ABAC policies as well as augmenting existing policies. PAMMELA can generate a new policy for an organization by learning the rules of a policy currently enforced in a similar organization. For policy augmentation, new rules are inferred based on the knowledge gathered from the existing rules. A detailed experimental evaluation shows that the proposed approach is both efficient and effective.</p>","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"2022 ","pages":"147-157"},"PeriodicalIF":0.0,"publicationDate":"2022-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9767747/pdf/nihms-1854497.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"9732441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 5

A Longitudinal Study of Cryptographic API - a Decade of Android Malware 加密API的纵向研究——Android恶意软件的十年

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2022-05-11 DOI: 10.48550/arXiv.2205.05573

Adam Janovsky, Davide Maiorca, Dominik Macko, Vashek Matyás, G. Giacinto

{"title":"A Longitudinal Study of Cryptographic API - a Decade of Android Malware","authors":"Adam Janovsky, Davide Maiorca, Dominik Macko, Vashek Matyás, G. Giacinto","doi":"10.48550/arXiv.2205.05573","DOIUrl":"https://doi.org/10.48550/arXiv.2205.05573","url":null,"abstract":"Cryptography has been extensively used in Android applications to guarantee secure communications, conceal critical data from reverse engineering, or ensure mobile users' privacy. Various system-based and third-party libraries for Android provide cryptographic functionalities, and previous works mainly explored the misuse of cryptographic API in benign applications. However, the role of cryptographic API has not yet been explored in Android malware. This paper performs a comprehensive, longitudinal analysis of cryptographic API in Android malware. In particular, we analyzed $603,937$ Android applications (half of them malicious, half benign) released between $2012$ and $2020$, gathering more than 1 million cryptographic API expressions. Our results reveal intriguing trends and insights on how and why cryptography is employed in Android malware. For instance, we point out the widespread use of weak hash functions and the late transition from insecure DES to AES. Additionally, we show that cryptography-related characteristics can help to improve the performance of learning-based systems in detecting malicious applications.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"13 1","pages":"121-133"},"PeriodicalIF":0.0,"publicationDate":"2022-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82404939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0