Applied Cryptography and Network Security Workshops

In order to improve the security of password-based authentication in web applications, it is a common industry practice to profile users based on their sessions context, such as IP ranges and Browser type. On the other hand, behavioral dynamics such as mouse and keyword features have been proposed in order to improve authentication, but have been shown most effective only in continuous authentication scenarios. In this paper we propose to combine both fingerprinting and behavioral dynamics (for mouse and keyboard) in order to increase security of login mechanisms. We do this by using machine learning techniques that aim at high accuracy, and only occasionally raise alarms for manual inspection. Our combined approach achieves an AUC of 0.957. We discuss the practicality of our approach in industrial contexts.

The market demand for online machine-learning services is increasing, and so have the threats against them. Adversarial inputs represent a new threat to Machine-Learning-as-a-Services (MLaaSs). Meticulously crafted malicious inputs can be used to mislead and confuse the learning model, even in cases where the adversary only has limited access to input and output labels. As a result, there has been an increased interest in defence techniques to combat these types of attacks. In this paper, we propose a network of High-Interaction Honeypots (HIHP) as a decentralized defence framework that prevents an adversary from corrupting the learning model. We accomplish our aim by (1) preventing the attacker from correctly learning the labels and approximating the architecture of the black-box system; (2) luring the attacker away, towards a decoy model, using Adversarial HoneyTokens; and finally (3) creating infeasible computational work for the adversary.

The number of machine learning (ML) applications on networking security has increased recently thanks to the availability of processing and storage capabilities. Combined with new technologies such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), it becomes an even more interesting topic for the research community. In this survey, we present studies that employ ML techniques in SDN environments for security applications. The surveyed papers are classified into ML techniques (used to identify general anomalies or specific attacks) and IDS frameworks for SDN. The latter category is relevant since reviewed paers include the implementation of data collection and mitigation techniques, besides just defining a ML model, as the first category. We also identify the standard datasets, testbeds, and additional tools for researchers.

In this paper, we first present a theoretical analysis model on the Proof-of-Work (PoW) for cryptocurrency blockchain. Based on this analysis, we present a new type of PoW, which relies on the hardness of solving a set of random quadratic equations over the finite field GF(2). We will present the advantages of such a PoW, in particular, in terms of its impact on decentralization and the incentives involved, and therefore demonstrate that this is a new good alternative as a new type for PoW in blockchain applications.

The paper at hand proposes \(\mathcal {B}\)SIEM-IoT, a Security Information and Event Management solution (SIEM) for the Internet of Things (IoT) relying on blockchain to store and access security events. The security events included in the blockchain are contributed by a number of IoT sentinels in charge of protecting a group of IoT devices. A key feature here is that the blockchain guarantees a secure registry of security events. Additionally, the proposal permits SIEM functional components to be assigned to different miners servers composing a resilient and distributed SIEM. Our proposal is implemented using Ethereum and validated through different use cases and experiments.

To protect distributed network resources and assets, collaborative intrusion detection systems/networks (CIDSs/CIDNs) have been widely deployed in various organizations with the purpose of detecting any potential threats. While such systems and networks are usually vulnerable to insider attacks, some kinds of trust mechanisms should be integrated in a real-world application. Challenge-based trust mechanisms are one promising solution, which can measure the trustworthiness of a node by sending challenges to other nodes. In the literature, challenge-based CIDNs have proven to be robust against common insider attacks, but it may still be susceptible to advanced insider attacks. How to further improve the robustness of challenge-based CIDNs remains an issue. Motivated by the recently rapid development of blockchains, in this work, we aim to combine these two and provide a blockchained challenge-based CIDN framework. Our evaluation shows that blockchain technology has the potential to enhance the robustness of challenge-based CIDNs in the aspects of trust management (i.e., enhancing the detection of insider nodes) and alarm aggregation (i.e., identifying untruthful inputs).

Indoor location-based application and services based on Wi-Fi have serious problems in terms of privacy since attackers could track users by capturing their MAC addresses. Although several initiatives have been proposed by scientific community to properly address authentication by strongly preserving privacy, there are still improvements and steps that need to be developed as it is not clearly stated what would occur if a device is lost, stole or compromised. It has not been said how an affected user should proceed in such case. In this situation, this work provides an enhancement to a previous solution based on pseudo-certificates issued by third-party authorities for anonymous authentication of mobile devices. The proposed scheme provides privacy to users willing to remove a device that has been stolen or lost. The proposed system offers security while maintaining minimal cryptographic overhead.

Recent times have witnessed increasing utilization of wide area measurements to design the transmission line protection schemes as wide area measurements improve the reliability of protection methods. Usage of ICT tools for communicating sensor measurement in power networks demands immunity and resiliency of the associated protection scheme against false data injection attack (FDIA). Immunity against malicious manipulation of sensor information is attainable by securing the communication channels connecting the sensors through cryptographic protocols, and encryption. However, securing all the sensors and communication channels is economically unviable. A practical solution involves securing a reduced set of sensors without compromising fault detection accuracy. With the aim of developing a simple, economically viable and FDIA resilient scheme under the assumption that the adversary has complete knowledge of the system dynamics, the present work proposes a logical analysis of data (LAD) based fault detection scheme. The proposed scheme identifies the minimal set of sensors for FDIA resiliency and detects the state (faulty or healthy) of the power network relying on the measurements received from the ‘minimal sensor set’ only. Validation of the proposed protection scheme on IEEE 9-bus system reveals that in addition to being FDIA resilient, it is reliable and computationally efficient.

Leakage-resilient encryption is a powerful tool to protect data confidentiality against side channel attacks. In this work, we introduce a new and strong leakage setting to counter backdoor (or Trojan horse) plus covert channel attack, by relaxing the restrictions on leakage. We allow bounded leakage at anytime and anywhere and over anything. Our leakage threshold (e.g. 10000 bits) could be much larger than typical secret key (e.g. AES key or RSA private key) size. Under such a strong leakage setting, we propose an efficient encryption scheme which is semantic secure in standard setting (i.e. without leakage) and can tolerate strong continuous leakage. We manage to construct such a secure scheme under strong leakage setting, by hiding partial (e.g. 1%) ciphertext as secure as we hide the secret key using a small amount of more secure hardware resource, so that it is almost equally difficult for any adversary to steal information regarding this well-protected partial ciphertext or the secret key. We remark that, the size of such well-protected small portion of ciphertext is chosen to be much larger than the leakage threshold. We provide concrete and practical examples of such more secure hardware resource for data communication and data storage. Furthermore, we also introduce a new notion of computational entropy, as a sort of computational version of Kolmogorov complexity. Our quantitative analysis shows that, hiding partial ciphertext is a powerful countermeasure, which enables us to achieve higher security level than existing approaches in case of backdoor plus covert channel attacks. We also show the relationship between our new notion of computational entropy and existing relevant concepts, including All-or-Nothing Transform and Exposure Resilient Function. This new computation entropy formulation may have independent interests.