ICISSP 2024 Abstracts


Area 1 - Management and Operations

Full Papers
Paper Nr: 18
Title:

Anywhere on Earth: A Look at Regional Characteristics of DRDoS Attacks

Authors:

Tiago Heinrich, Newton C. Will, Rafael R. Obelheiro and Carlos A. Maziero

Abstract: By observing new trends in distributed reflection denial of service ( DRDoS) attacks, it is possible to highlight how they have adapted over the years to better match the attackers’ goals. However, the geolocation characteristics of this type of attack have not been widely explored in the literature and could show new information about these attacks. Considering this gap, we use data collected by honeypots over the last four years to better understand what can be gleaned from attacks targeted at different continents and countries. This dataset also enables us to investigate how attackers interact with reflectors, and how such interactions vary according to the location of victims.
Download

Paper Nr: 28
Title:

The Role of Heuristics and Biases in Linux Server Administrators’ Information Security Policy Compliance at Healthcare Organizations

Authors:

John McConnell, Yair Levy, Marti Snyder and Ling Wang

Abstract: Information Security Policy (ISP) compliance is crucial to healthcare organizations due to the potential for data breaches. The healthcare industry relies heavily on Linux servers to house electronically Protected Health Information (ePHI) due to their inherited lower volume of known vulnerabilities. However, Linux Server Administrators appear to be more relaxed than other server administrators when it comes to ISP compliance. Prior research suggests that the use of cognitive heuristics and biases may negatively influence threat appraisal and coping appraisal, while ultimately impacting ISP compliance. Thus, the goal of our study was to empirically assess the effect of cognitive heuristics, biases, and knowledge-sharing level on actual ISP compliance measured based on actual security setting adjustments. Aside from the novel measure of actual ISP compliance, we developed a survey instrument based on prior validated instruments to measure cognitive heuristics and biases. A group of 42 Linux Server Administrators who oversee the servers at a major healthcare organization participated in our study. Additionally, an intervention in the form of hands-on cybersecurity training, periodic security update emails, and Linux-focused tabletop exercises was introduced. Our results indicated that information security knowledge-sharing significantly influenced both cognitive heuristics and biases. Conclusions and discussions are provided.
Download

Paper Nr: 57
Title:

Automating IoT Security Standard Testing by Common Security Tools

Authors:

Rauli Kaksonen, Kimmo Halunen, Marko Laakso and Juha Röning

Abstract: Cybersecurity standards play a vital role in safeguarding the Internet of Things (IoT). Currently, standard compliance is assessed through manual reviews by security experts, a process which cost and delay is often too high. This research delves into the potential of automating IoT security standard testing, focusing on the ETSI TS 103 701 test specification for the ETSI EN 303 645 standard. From the test specification, 56 tests are relevant for the network attack threat model and considered for automation. The results are promising: basic network security tools can automate 52% of these tests, and advanced tools can push that number up to 70%. For full test coverage, custom tooling is required. The approach is validated by creating a test verdict automation for a real-world IoT product. Test automation is an investment, but the results indicate it can streamline security standard verification, especially for product updates and variants. The automation can use data from other testing activities to reduce effort. Automating the security standard testing would enable the certification of a large number of IoT products for their lifetime.
Download

Paper Nr: 70
Title:

FeedMeter: Evaluating the Quality of Community-Driven Threat Intelligence

Authors:

Andreas Rüedlinger, Rebecca Klauser, Pavlos Lamprakis, Markus Happe, Bernhard Tellenbach, Onur Veyisoglu and Ariane Trammell

Abstract: A sound understanding of the adversary in the form of cyber threat intelligence (CTI) is key to successful cyber defense. Various sources of CTI exist, however there is no state-of-the-art method to approximate feed quality in an automated and continuous way. In addition, finding, combining and maintaining relevant feeds is very laborious and impedes taking advantage of the full potential of existing feeds. We propose FeedMeter, a platform that collects, normalizes, and aggregates threat intelligence feeds and continuously monitors them using eight descriptive metrics that approximate the feed quality. The platform aims to reduce the workload of duplicated manual processing and maintenance tasks and shares valuable insights about threat intelligence feeds. Our evaluation of a FeedMeter prototype with more than 150 OSINT sources, conducted over four years, shows that the platform has a real benefit for the community and that the metrics are promising approximations of source quality. A comparison with a prevalent commercial threat intelligence feed further strengthens this finding.
Download

Paper Nr: 105
Title:

CPE-Identifier: Automated CPE Identification and CVE Summaries Annotation with Deep Learning and NLP

Authors:

Wanyu Hu and Vrizlynn L. L. Thing

Abstract: With the drastic increase in the number of new vulnerabilities in the National Vulnerability Database (NVD) every year, the workload for NVD analysts to associate the Common Platform Enumeration (CPE) with the Common Vulnerabilities and Exposures (CVE) summaries becomes increasingly laborious and slow. The delay causes organisations, which depend on NVD for vulnerability management and security measurement, to be more vulnerable to zero-day attacks. Thus, it is essential to come out with a technique and tool to extract the CPEs in the CVE summaries accurately and quickly. In this work, we propose the CPE-Identifier system, an automated CPE annotating and extracting system, from the CVE summaries. The system can be used as a tool to identify CPE entities from new CVE text inputs. Moreover, we also automate the data generating and labeling processes using deep learning models. Due to the complexity of the CVE texts, new technical terminologies appear frequently. To identify novel words in future CVE texts, we apply Natural Language Processing (NLP) Named Entity Recognition (NER), to identify new technical jargons in the text. Our proposed model achieves an F1 score of 95.48%, an accuracy score of 99.13%, a precision of 94.83%, and a recall of 96.14%. We show that it outperforms prior works on automated CVE-CPE labeling by more than 9% on all metrics.
Download

Short Papers
Paper Nr: 21
Title:

Policy-Driven XACML-Based Architecture for Dynamic Enforcement of Multiparty Computation

Authors:

Arghavan Hosseinzadeh, Jessica Chwalek and Robin Brandstädter

Abstract: The need to protect sensitive business and personal information while adhering to data protection regulations, along with the exponential growth of digital data, presents a significant challenge. Data sovereignty addresses this challenge by focusing on safeguarding data across different domains, such as business and healthcare. This objective is accomplished through the specification of Usage Control policies, implementation of data anonymization techniques, and enhancement of policy enforcement in distributed systems. In this work we present a data sovereignty solution that enhances the capabilities of the XACML framework within a data sharing ecosystem. When this solution is realized, the data providers can benefit from dynamic enforcement of Multiparty Computation (MPC) by specifying MPC-enabling policies. Following this approach, the data providers who seek to collaboratively compute a function over their inputs while keeping those inputs private can enforce MPC by specifying a corresponding policy at runtime. Resulting in heightened security and privacy preservation, our solution motivates data providers to engage in data sharing.
Download

Paper Nr: 33
Title:

Security Contracts a Property-Based Approach to Support Security Patterns

Authors:

Sylvain Guérin, Joel Champeau, Salvador Martínez and Raul Mazo

Abstract: Security patterns represent reusable solutions and best practices intended to avoid security-related flaws in software and system designs. Unfortunately, the implementation and enforcement of these patterns remains a complex and error-prone task. As a consequence, and besides implementing a given security pattern, applications often remain insecure w.r.t. the security risk they intended to tackle. This is so for two main reasons: 1) patterns are rarely re-usable without adaptation, and thus concrete implementations may fail to deal with a number of (often implicit) properties, which must hold in order for the pattern to be effective; 2) patterns are deployed in environments with uncertainties that can only be known at runtime. In order to deal with this problem, we propose here Security Contracts, a framework that permits the specification and runtime monitoring of security patterns and related properties (including temporal ones) in both new and existing applications. It is based on an extension of the Design-by-Contract paradigm to enable the specification of security patterns and the runtime adaptation of applications. We demonstrate the feasibility of our approach with an implementation and its evaluation on a framework used worldwide in web technologies, Spring.
Download

Paper Nr: 58
Title:

Revolutionizing Board Cyber-Risk Management Using Collaborative Gaming

Authors:

Tony Delvecchio, Sander Zeijlemaker, Giancarlo De Bernardis and Michael Siegel

Abstract: International and regulatory developments push cybersecurity into the boardroom. However, strategic group decision-making approach akin to a management board process need to be developed. We used a scientifically grounded cyber-risk management collaborative game in our research. Since not all board members have a solid background in technology and security, we followed the natural user interface design theory to create a management dashboard serious game that fosters an understandable and collaborative setting for managing and educating on cyber-risks. The results show that groups perform significantly better in terms of financial performance and risk profile than individuals. Moreover, the collaborative game allowed executives and business leaders to learn about cyber-risk management issues, thus improving their results. Our future work should focus more on emerging and unpredictable adversarial behavior. Our research has significant implications for security awareness and education in high-level collaborative decision-making bodies.
Download

Paper Nr: 69
Title:

Towards Automated Information Security Governance

Authors:

Ariane Trammell, Benjamin Gehring, Marco Isele, Yvo Spielmann and Valentin Zahnd

Abstract: Securing a company is not an easy task. Many organizations such as NIST, CIS, or ISO offer frameworks that offer comprehensive security measures. However, those frameworks are generally large and require expert knowledge to be tailored to a given organization. Since such experts are rare, we propose an automated solution that selects security controls and prioritizes them according to an organizations need. We performed initial steps towards the implementation of the proposed solution by evaluating how Natural Language Processing can be used to select security controls that are relevant for the assets of a company and by showing that we can prioritize the selected controls based on the current threat landscape. We expect the proposed solution to be a major benefit for all organizations that intend to improve their security posture but are limited in specialized personnel.
Download

Paper Nr: 75
Title:

An Open-Source Approach to OT Asset Management in Industrial Environments

Authors:

Luca Pöhler, Marko Schuba, Tim Höner, Sacha Hack and Georg Neugebauer

Abstract: The need for compliance and the growing number of IT security threats force many companies to improve their level of IT security. At the same time, new legal regulations and the trend to interconnect IT with automation environments (operational technology, OT) lead to the situation that IT security and OT security need to be approached at the same time. However, OT differs from IT in several aspects and many well-established IT security procedures cannot simply be copied to OT networks. As in IT the first step to establish an acceptable security level for OT is to perform a proper risk assessment. Available tools that support OT asset management are either expensive or they do not provide the functionality needed. In the context of this paper a new open-source approach to OT asset management is presented. The tool that was developed to collect OT assets considers the specific characteristics of OT devices, the sensitivity of production environments, and the typically rudimentary starting situation of many real-world machine operators while being free of charge at the same time.
Download

Paper Nr: 89
Title:

An Empirical Study of Ransomware Vulnerabilities Descriptions

Authors:

Claudia Lanza, Abdelkader Lahmadi and Fabian Osmond

Abstract: Cyber threat awareness requires the building of an accurate knowledge and analysis of the vulnerabilities used by the attackers and their respective attack toolkits. Ransomware are today one of the most significant threats faced by information systems and their number continues to grow. They are a type of malware targeting the information system by locking its equipment and users data and claiming a ransom for its release. They have been becoming more and more sophisticated and mainly relying on software vulnerabilities to access and lock the system data. In this paper we have carried out an empirical analysis of the Common Vulnerabilities Enumeration (CVE) exploited by known ransomware using a semantic annotation technique in order to create the condition from which to start to build a knowledge base of ransomware behaving processes. The main focus of this paper is towards the way vulnerabilities are commonly exploited by ransomware, their sharing ratio and the definition of their common causes and impacts. We have built a database, by scrapping multiple publicly available security reports, which associates each known ransomware to its used vulnerability contained in the CVE. We have applied a semantic annotation methodology which encompasses a semantic analysis of the CVE dataset through a pattern recognition process. This latter has enabled the extraction for each CVE of its key features, i.e., the cause, the performed exploit action and effect, as well as its impact. In the resulting collected and extracted knowledge we show a twofold analysis, statistical and semantic, of the CVE descriptions and their extracted features.
Download

Paper Nr: 94
Title:

Evaluating the Security and Privacy Risk Postures of Virtual Assistants

Authors:

Borna Kalhor and Sanchari Das

Abstract: Virtual assistants (VAs) have seen increased use in recent years due to their ease of use for daily tasks. Despite their growing prevalence, their security and privacy implications are still not well understood. To address this gap, we conducted a study to evaluate the security and privacy postures of eight widely used voice assistants: Alexa, Braina, Cortana, Google Assistant, Kalliope, Mycroft, Hound, and Extreme. We used three vulnerability testing tools—AndroBugs, RiskInDroid, and MobSF—to assess the security and privacy of these VAs. Our analysis focused on five areas: code, access control, tracking, binary analysis, and sensitive data confidentiality. The results revealed that these VAs are vulnerable to a range of security threats, including not validating SSL certificates, executing raw SQL queries, and using a weak mode of the AES algorithm. These vulnerabilities could allow malicious actors to gain unauthorized access to users’ personal information. This study is a first step toward understanding the risks associated with these technologies and provides a foundation for future research to develop more secure and privacy-respecting VAs.
Download

Paper Nr: 99
Title:

ADMIn: Attacks on Dataset, Model and Input: A Threat Model for AI Based Software

Authors:

Vimal Kumar, Juliette Mayo and Khadija Bahiss

Abstract: Machine learning (ML) and artificial intelligence (AI) techniques have now become commonplace in software products and services. When threat modelling a system, it is therefore important that we consider threats unique to ML and AI techniques, in addition to threats to our software. In this paper, we present a threat model that can be used to systematically uncover threats to AI based software. The threat model consists of two main parts, a model of the software development process for AI based software and an attack taxonomy that has been developed using attacks found in adversarial AI research. We apply the threat model to two real life AI based software and discuss the process and the threats found.
Download

Paper Nr: 114
Title:

Perceptions of Cyber Security Risk of the Norwegian Advanced Metering Infrastructure

Authors:

Eirik Lien, Karl Magnus Grønning Bergh and Sokratis Katsikas

Abstract: The Advanced Metering Infrastructure (AMI) has contributed to the further digitalization of the energy sector, but has also increased the complexity and the requirements for specialized knowledge to protect the infrastructure and the delivery of power. With different areas of focus and gaps in knowledge, the work of securing AMI can be challenging. This paper aims to provide an overview of the AMI cyber security risk perception as reflected in the research literature on one hand and amongst the stakeholders in the Norwegian energy sector on the other. The findings indicate that there is a gap between these two, both in areas of focus and the understanding of risk. Based on the identified differences, the study proposes solutions to reduce these.
Download

Paper Nr: 116
Title:

ArkThor: Threat Categorization Based on Malware’s C2 Communication

Authors:

Mohammed Jawed, Sriram Parameshwaran, Nitesh Kumar, Anand Handa and Sandeep K. Shukla

Abstract: In today’s digital world, network security is of utmost importance. Cyber-attacks are becoming more sophisticated and complex, making it increasingly difficult to detect and prevent them. Command-and-Control (C2) communication is a common technique used by attackers to control infected hosts and steal sensitive information. Therefore, it is crucial to identify and categorize network threats accurately to prevent and mitigate cyber-attacks. However, traditional methods of threat categorization are often insufficient in identifying and classifying these communications. This work aims to develop a threat categorization tool based on C2 communication in archived/live stream .pcap files that can help organizations more effectively detect and respond to cyber threats. The resulting tool, ArkThor, represents safety and strength and is a cutting-edge threat categorization engine designed to empower organizations to stay ahead of emerging threats in the cybersecurity landscape.
Download

Paper Nr: 118
Title:

Your Robot Might Be Inadvertently or Deliberately Spying on You: A Critical Analysis of Privacy Practices in the Robotics Industry

Authors:

Farida Eleshin, Patrick Iradukunda, David Ishimwe Ruberamitwe and Eric Ishimwe

Abstract: In 2022, there were approximately 4.8 million operational robots, with 3.6 million of them serving industrial purposes and another 1.2 million dedicated to various service applications (Statistics, 2022). Robots, irrespective of their intended function, act as a kind of ‘third eye’ in the realm of activities. As we witness the growing capabilities of robotics, concerns about privacy implications in these domains are becoming increasingly common (Ryan, 2020). One notable aspect of these concerns is the profound impact of robots on surveillance. Their ability to directly observe and record information magnifies their potential for data collection. This paper delves into the externalities stemming from the use of data gathered by robots. It also investigates the themes of consent and choice in the context of data acquisition by robotics. Moreover, we explore privacy policies, protocols, and regulations applicable to robots and how robot companies comply with them. Surprisingly, our research unveiled the fact that not all companies seek explicit consent from their users to collect their personal information. This raises the unsettling possibility that your robot might be inadvertently or deliberately spying on you. In some cases, companies even go as far as selling user data to third parties, including data brokers.
Download

Paper Nr: 153
Title:

An Automated Adaptive Security Framework for Cyber-Physical Systems

Authors:

Elias Seid, Oliver Popov and Fredrik Blix

Abstract: The paper promotes the notion that any security solution for cyber-physical systems (CPS) should be adaptive and based on the type of attacks and their frequency. Namely, the solution should monitor its environment continuously to defend itself from a cyber-attack by modifying its defensive mechanism. Moreover, the research provides analyses of situations where the environment changes dynamically over time, requiring the designated adaptation to contemplate and respond adequately to these changes. In particular, it explores applying adaptive model predictive control concepts derived from control theory to develop specific adaptive security solutions. These systems can make decisions by forecasting their future performance for various modes or options of adaptation. Using quantitative information, the software then selects the adaptations that minimise the cost associated with security failures. This is highly significant considering that CPS are engineered systems built from and depend upon the seamless integration of computational algorithms and physical components. Moreover, security breaches are rising, and CPS are challenged by catastrophic damage, resulting in billions of losses making many of today’s solutions obsolete. While security agents issue new sets of vulnerability indicators and patches to address security breaches, these changes are continuous processes ad infinitum. A case study on a medical emergency response system illustrates the essential and salient futures of the proposed adaptive security framework for CPS.
Download

Paper Nr: 157
Title:

Detecting eBPF Rootkits Using Virtualization and Memory Forensics

Authors:

Nezer Jacob Zaidenberg, Michael Kiperberg, Eliav Menachi and Asaf Eitani

Abstract: There is a constant increase in the sophistication of cyber threats. Areas considered immune to malicious code, such as eBPF, are shown to be perfectly suitable for malware. Initially, the eBPF mechanism was devised to inject small programs into the kernel, assisting in network routing and filtering. Recently, it was demonstrated that malicious eBPF programs can be used to construct rootkits. The previously proposed countermeasures need to be revised against rootkits that attempt to hide their presence. We propose a novel detection scheme that divides the detection process into two phases. In the first phase, the memory image of the potentially infected system is acquired using a hypervisor. In the second phase, the image is analyzed. The analysis includes extraction and classification of the eBPF programs. The classifier’s decision is based on the set of helper functions used by each eBPF program. Our study revealed a set of helper functions used only by malicious eBPF programs. The proposed scheme achieves optimal precision while suffering only a minor performance penalty for each additional eBPF program.
Download

Paper Nr: 163
Title:

Cybersecurity Incident Response Readiness in Organisations

Authors:

Aseel Aldabjan, Steven Furnell, Xavier Carpent and Maria Papadaki

Abstract: The number and nature of cyber-attacks is continuously evolving, disrupting the productivity and operations of organisations worldwide. Timely and effective detection and response to incidents are important, as they could limit the spread of threats and restrict the risks from compromises. Studies have revealed the level of preparedness to respond for many organisations is low and varies across different industry sectors. At the same time, cybersecurity researchers have identified a substantial gap in implementing readiness assessment frameworks as they are dependent on the type, context and specific requirement of the respective industries. Moreover, organisations have a gap between their practices and the establishment of the measures. This highlights the need for a more comprehensive and holistic framework to address this issue. This paper aims to determine the current state of incident response practices across organisations of different sizes and capabilities. It further seeks to identify the factors that influence them to reach the desired level of cyber security readiness.
Download

Paper Nr: 24
Title:

Analysis of Payload Confidentiality for the IoT/ LPWAN Technology ‘Lora’

Authors:

Bernard McWeeney, Ilya Mudritskiy and Renaat Verbruggen

Abstract: Climate change necessitates a transition towards renewable energy sources like solar panels and wind turbines. The integration of the Internet of Things (IoT) has been pivotal in achieving these advances, offering the potential to optimise renewable energy system performance and efficiency through real-time data collection and predictive maintenance. Prominently, Low Power Wide Area Network (LPWAN) technologies like LoRa are aiding this transition, providing IoT with extended coverage, reduced infrastructure complexity, and ensuring low power consumption. With IoT playing a central role in critical infrastructure, secure communication is crucial to protect against potential cyber threats. Maintaining the integrity of sensitive data relayed through IoT devices is paramount. We provide an in-depth analysis of payload confidentiality in LoRa point-to-point (P2P) communication within remote smart grids. We explore the integration of IoT hardware encryption features and the implementation of user-controlled Advanced Encryption Standard (AES) algorithms on ESP32. We propose a robust solution for secure P2P communication using AES cryptography on ESP32 with LoRa. It is feasible to integrate end-to-end payload confidentiality in LoRa P2P communication. This study offers secure communication in remote smart grids, valuable insights into trade-offs and potential security risks in implementing LoRa P2P in IoT applications.
Download

Paper Nr: 83
Title:

The Classification and Impact of Cyber Attacks Targeting Critical Service Providers

Authors:

Josefin Andersson and Elias Seid

Abstract: Over the past few decades, technological solutions have become increasingly crucial for providers of societal services. Though increased productivity is advantageous, it also exposes people to the vulnerability of cyber-attacks that aim to disrupt their systems and networks. While security agents issue new indicators and patches to address breaches, the ever-changing nature of these indicators renders security solutions to cyber-attacks potentially obsolete. Therefore, defending cyber-attacks requires a continuous and ongoing process. A thorough analysis of the impact of cyber security on the cyberinfrastructure and functionality of critical service providers is lacking. Conducting an analysis of cyberattacks and their impact on both digital and non-digital domains is crucial for obtaining a thorough awareness. The Swedish Civil Contingencies Agency (MSB) receives reports of IT incidents from Service Providers and Government Agencies that are within the jurisdiction of the European Union. This study analyses IT incidents reported to MSB to enhance knowledge of cyber-attacks and their impact on vital service providers. It evaluates the impact of cyberattacks on infrastructure, organisations, and society. The objective is to analyse the impact of cyberattacks on the cyberinfrastructure of vital service providers and their implications for organisations and society. Moreover, this paper categorised the internal and external impact of cyber attacks, demonstrating the broad cyber threat landscape and vulnerability of crucial service providers in Sweden.
Download

Paper Nr: 96
Title:

Effectiveness of Malware Incident Management in Security Operations Centres: Trends, Challenges and Research Directions

Authors:

Dakouri Gazo, Asma Patel and Mohammad Hasan

Abstract: In the ever-changing realm of cybersecurity, protecting digital assets requires constant awareness and rapid incident response in security operations centre (SOC), where security professionals employ cutting-edge threat-fighting strategies. The battle becomes more intense in the face of ever-more complex adversaries, such as advanced and persistent malware. The riddle of malware incidents, on the other hand, provides distinct ob-stacles, requiring steadfast specialised competence and innovative strategies. Effective incident handling is essential for protecting organisational digital assets, given the ongoing evolution and rising sophistication of cyberattacks. This paper reviews the literature that explores the complexities of the current state of malware event-handling solutions and identifies challenges by delving into SOC operations. It provides the recommen-dations and guidance necessary to SOC researchers and security professionals, empowering them to tackle malware incidents and strengthen cybersecurity defences.
Download

Paper Nr: 110
Title:

Merging Policy and Practice: Crafting Effective Social Engineering Awareness-Raising Policies

Authors:

Eliana Stavrou, Andriani Piki and Panayiotis Varnava

Abstract: Cybersecurity policies play a fundamental role in fostering organizational cyber governance and cyber resilience. Cybersecurity awareness-raising and training policies specify upskilling requirements and explicitly address persistent threats such as social engineering attacks. While cybersecurity awareness-raising and training activities complement the objectives of security policies, challenges including stakeholder diversity, budget constraints, generic messaging and low user engagement hinder their effectiveness. For successful policy adoption it is crucial for the workforce to grasp the relevance of these policies within their work context, understand how social engineering attacks are deployed, and apply policy rules appropriately. However, existing awareness-raising and training policies often lack specificity, leading to gaps in employee engagement and behavioural change, especially regarding social engineering threats. To address these issues, the paper proposes a dedicated social engineering awareness-raising policy, guided by Merrill’s Principles of Instructions. This work aims to merge policy and practice, offering tailored examples of social engineering attacks, explicitly connecting them to relevant cybersecurity policies and making the content more engaging and relevant to the workforce. This is envisioned as a cost-effective resource for organizations with a limited training budget, which can be utilized as a starting point to enhance employee awareness, engagement, and foster a stronger organizational cyber resilience culture.
Download

Paper Nr: 115
Title:

Interpretable Android Malware Detection Based on Dynamic Analysis

Authors:

Arunab Singh, Maryam Tanha, Yashsvi Girdhar and Aaron Hunter

Abstract: Android has emerged as the dominant operating system for smart devices, which has consequently led to the proliferation of Android malware. In response to this, different analysis methods have been suggested for the identification of Android malware. In this paper, we focus on so-called dynamic analysis, in which we run applications and monitor their behaviour at run-time rather analyzing the source code and resources (which is called static analysis). One approach to dynamic analysis is to use machine learning methods to identify malware; essentially we run a large set of applications that may or may not be malware, and we learn how to tell them apart. While this approach has been successfully applied, both academic and industrial stakeholders exhibit a stronger interest in comprehending the rationale behind the classification of apps as malicious. This falls under the domain of interpretable machine learning, with a specific focus on the research field of mobile malware detection. To fill this gap, we propose an explainable ML-based dynamic analysis framework for Android malware. Our approach provides explanations for the classification results by indicating the features that are contributing the most to the detection result. The quality of explanations are assessed using stability metrics.
Download

Paper Nr: 117
Title:

Comparing the Effectivity of Planned Cyber Defense Controls in Order to Support the Selection Process

Authors:

Paul Tavolato, Robert Luh, Sebastian Eresheim, Simon Gmeiner and Sebastian Schrittwieser

Abstract: Being able to compare the effectiveness of security controls on a sound quantitative basis would be of great benefit when it comes to decide which security controls should be implemented under given budget restrictions. This paper introduces a method for such comparisons based on a list of preventive defense actions and a list of attack actions, where the attack actions are supplemented by basic success probabilities; furthermore, a matrix showing the impact of the preventive defense actions on the success probabilities of attack actions is developed. Site specific characteristics are taken into account by the use of weights which must be defined by the security manager. Equipped with these tools a measure for the effectiveness of individual defense controls can be calculated. Comparing the measures provides valuable decision support in selecting defense controls to be implemented. A main focus lies on the easy applicability of the method to real-world situations. This is accomplished by incorporating information from several proven tactical and technical knowledge bases well established in the field.
Download

Paper Nr: 138
Title:

Privacy-Aware Single-Nucleotide Polymorphisms (SNPs) Using Bilinear Group Accumulators in Batch Mode

Authors:

William J. Buchanan, Sam Grierson and Daniel Uribe

Abstract: Biometric data is often highly sensitive, and a leak of this data can lead to serious privacy breaches. Some of the most sensitive of this type of data relates to the usage of DNA data on individuals. A leak of this type of data without consent could lead to privacy breaches of data protection laws. Along with this, there have been several recent data breaches related to the leak of DNA information, including from 23andMe and Ancestry. It is thus fundamental that a citizen should have the right to know if their DNA data is contained within a DNA database and ask for it to be removed if they are concerned about its usage. This paper outlines a method of hashing the core information contained within the data stores - known as Single-Nucleotide Polymorphisms (SNPs) - into a bilinear group accumulator in batch mode, which can then be searched by a trusted entity for matches. The time to create the witness proof and to verify were measured at 0.86 ms and 10.90 ms, respectively.
Download

Paper Nr: 144
Title:

The Right Tool for the Job: Contextualization of Cybersecurity Education and Assessment Methods

Authors:

Daniel Köhler and Christoph Meinel

Abstract: Today, cybersecurity attacks are one of the significant threats companies face. Employees, often the weakest link in the cybersecurity chain, are sensitized to threats in cyberspace by implemented cybersecurity awareness and education programs in companies. Success if often rated using obligatory quizzes. Those, however, do not accurately depict actual employee behavior; they only test for knowledge. Companies often lack accurate measures to validate the success of cybersecurity awareness measures. We aggregate previous literature on measures for education and assessment in the context of cybersecurity awareness and present a taxonomy of education and assessment measures, categorizing them for context, applicability, and effort while summarizing (dis-) advantages identified in previous research. Thereby, we enable easier decisions on specific cybersecurity awareness education and assessment methods for decision-makers with specific restraints.
Download

Area 2 - Technologies and Foundations

Full Papers
Paper Nr: 35
Title:

Security Analysis of an Image Encryption Based on the Kronecker Xor Product, the Hill Cipher and the Sigmoid Logistic Map

Authors:

George Teşeleanu

Abstract: In 2023, Mfungo et al. introduce an image encryption scheme that employs the Kronecker xor product, the Hill cipher and a chaotic map. Their proposal uses the chaotic map to dynamically generate two out of the three secret keys employed by their scheme. Note that both keys are dependent on the size of the original image, while the Hill key is static. Despite the authors’ assertion that their proposal offers sufficient security (149 bits) for transmitting color images over unsecured channels, we found that this is not accurate. To support our claim, we present a chosen plaintext attack that requires 2 oracle queries and has a worse case complexity of O(2 32 ). Note that in this case Mfungo et al.’s scheme has a complexity of O(233 ), and thus our attack is two times faster than an encryption. The reason why this attack is viable is that the two keys remain unchanged for different plaintext images of the same size, while the Hill key remains unaltered for all images.
Download

Paper Nr: 47
Title:

Enclave Management Models for Safe Execution of Software Components

Authors:

Newton Carlos Will and Carlos Alberto Maziero

Abstract: Data confidentiality is becoming increasingly important to computer users, both in corporate and personal environments. In this sense, there are several solutions proposed to maintain the confidentiality and integrity of such data, among them the Intel Software Guard Extensions (SGX) architecture. The use of such mechanisms to provide confidentiality and integrity for sensitive data imposes a performance cost on the application execution, due to the restrictions and checks imposed by the Intel SGX architecture. Thus, the efficient use of SGX enclaves requires some management. The present work presents two management models for using SGX enclaves: (i) enclave sharing; and (ii) enclave pool. In order to apply such models, an enclave provider architecture is proposed, offering a decoupling between the enclave and the application, allowing to apply the proposed management models and offering the resources provided by the enclaves to the applications through an “as a service” approach. A prototype was built to evaluate the proposed architecture and management models; the experiments demonstrated a considerable reduction in the performance impact for enclave allocation, while guaranteeing good response times to satisfy simultaneous requests.
Download

Paper Nr: 71
Title:

APP-CEP: Adaptive Pattern-Level Privacy Protection in Complex Event Processing Systems

Authors:

Majid Lotfian Delouee, Victoria Degeler, Peter Amthor and Boris Koldehofe

Abstract: Although privacy-preserving mechanisms endeavor to safeguard sensitive information at the attribute level, detected event patterns can still disclose privacy-sensitive knowledge in distributed complex event processing systems (DCEP). Events might not be inherently sensitive, but their aggregation into a pattern could still breach privacy. In this paper, we study in the context of APP-CEP the problem of integrating pattern-level privacy in event-based systems by selective assignment of obfuscation techniques to conceal private information. Compared to state-of-the-art techniques, we seek to enforce privacy independent of the actual events in streams. To support this, we acquire queries and privacy requirements using CEP-like patterns. The protection of privacy is accomplished through generating pattern dependency graphs, leading to dynamically appointing those techniques that have no consequences on detecting other sensitive patterns, as well as non-sensitive patterns required to provide acceptable Quality of Service. Besides, we model the knowledge that might be possessed by potential adversaries to violate privacy and its impacts on the obfuscation procedure. We assessed the performance of APP-CEP in a real-world scenario involving an online retailer’s transactions. Our evaluation results demonstrate that APP-CEP successfully provides a privacy-utility trade-off. Modeling the background knowledge also effectively prevents adversaries from realizing the modifications in the input streams.
Download

Paper Nr: 79
Title:

PenGym: Pentesting Training Framework for Reinforcement Learning Agents

Authors:

Thanh Huynh Phuong Nguyen, Zhi Chen, Kento Hasegawa, Kazuhide Fukushima and Razvan Beuran

Abstract: Penetration testing (pentesting) is an essential method for identifying and exploiting vulnerabilities in computer systems to improve their security. Recently, reinforcement learning (RL) has emerged as a promising approach for creating autonomous pentesting agents. However, the lack of realistic agent training environments has hindered the development of effective RL-based pentesting agents. To address this issue, we propose PenGym, a framework that provides real environments for training pentesting RL agents. PenGym makes available both network discovery and host-based exploitation actions to train, test, and validate RL agents in an emulated network environment. Our experiments demonstrate the feasibility of this approach, with the main advantage compared to typical simulation-based agent training being that PenGym is able to execute real pentesting actions in a real network environment, while providing a reasonable training time. Therefore, in PenGym there is no need to model actions using assumptions and probabilities, since actions are conducted in an actual network and their results are real too. Furthermore, our results show that RL agents trained with PenGym took fewer steps on average to reach the pentesting goal—7.72 steps in our experiments, compared to 11.95 steps for simulation-trained agents.
Download

Paper Nr: 81
Title:

Gradient-Based Clean Label Backdoor Attack to Graph Neural Networks

Authors:

Ryo Meguro, Hiroya Kato, Shintaro Narisada, Seira Hidano, Kazuhide Fukushima, Takuo Suganuma and Masahiro Hiji

Abstract: Graph neural networks (GNNs) can obtain useful information from graph structured data. Although its great capability is promising, GNNs are vulnerable to backdoor attacks, which plant a marker called trigger in victims’ models to cause them to misclassify poisoned data with triggers into a target class. In particular, a clean label backdoor attack (CLBA) on the GNNs remains largely unexplored. Revealing characteristics of the CLBA is vital from the perspective of defense. In this paper, we propose the first gradient based CLBA on GNNs for graph classification tasks. Our attack consists of two important phases, the graph embedding based pairing and the gradient based trigger injection. Our pairing makes pairs from graphs of the target class and the others to successfully plant the backdoor in the target class area in the graph embedding space. Our trigger injection embeds triggers in graphs with gradient-based scores, yielding effective poisoned graphs. We conduct experiments on multiple datasets and GNN models. Our results demonstrate that our attack outperforms the existing CLBA using fixed triggers. Our attack surpasses attack success rates of the existing CLBA by up to 50%. Furthermore, we show that our attack is difficult to detect with an existing defense.
Download

Paper Nr: 87
Title:

Performance Evaluation of Polynomial Commitments for Erasure Code Based Information Dispersal

Authors:

Antoine Stevan, Thomas Lavaur, Jérôme Lacan, Jonathan Detchart and Tanguy Pérennou

Abstract: Erasure coding is a common tool that improves the dependability of distributed storage systems. Basically, to decode data that has been encoded from k source shards into n output shards with an erasure code, a node of the network must download at least k shards and launch the decoding process. However, if one of the shards is intentionally or accidentally modified, the decoding process will reconstruct invalid data. To allow the verification of each shard independently without running the decoding for the whole data, the encoder can add a cryptographic proof to each output shard which certifies its validity. In this paper, we focus on the following commitment-based schemes: KZG+, aPlonK-PC and Semi-AVID-PC. These schemes perform polynomial evaluations in the same way as a Reed-Solomon encoding process. Still, such commitment-based schemes may introduce huge computation times as well as large storage space needs. This paper compares their performance to help designers of distributed storage systems identify the optimal proof depending on constraints like data size, information dispersal and frequency of proof verification against proof generation. We show that in most cases Semi-AVID-PC is the optimal solution, except when the input files and the required amount of verifications are large, where aPlonK-PC is optimal.
Download

Paper Nr: 101
Title:

Feasibility of Random Forest with Fully Homomorphic Encryption Applied to Network Data

Authors:

Shusaku Uemura and Kazuhide Fukushima

Abstract: Random forests are powerful and interpretable machine learning models. Such models are used for analyzing data in various fields. To protect privacy, many methods have been proposed to evaluate random forests with fully homomorphic encryption (FHE), which enables operations such as addition and multiplication under the encryption. In this paper, we focus on the feasibility of random forests with FHE applied to network data. We conducted experiments with random forests with FHE on IoT device classification for three types of bits and nine types of depths. By exponential regressions on the results, we obtained the relations between computation time and depths. This result enables us to estimate the computation time for deeper models.
Download

Paper Nr: 128
Title:

Exploring Errors in Binary-Level CFG Recovery

Authors:

Anjali Pare and Prasad A. Kulkarni

Abstract: The control-flow graph (CFG) is a graphical representation of the program and holds information that is critical to the correct application of many other program analysis, performance optimization, and software security algorithms. While CFG generation is an ordinary task for source level tools, like the compiler, the loss of high-level program information makes accurate CFG recovery a challenging issue for binary-level software reverse engineering (SRE) tools. Earlier research shows that while advanced SRE tools can precisely reconstruct most of the CFG for the programs, important gaps and inaccuracies remain that may hamper critical tasks, from vulnerability and malicious code detection to adequately securing software binaries. In this work, we perform an in-depth analysis of control-flow graphs generated by three popular reverse engineering tools - angr, radare2 and Ghidra. We develop a unique methodology using manual analysis and automated scripting to understand and categorize the CFG errors over a large benchmark set. Of the several interesting observations revealed by this work, one that is particularly unexpected is that most errors in the reconstructed CFGs appear to not be intrinsic limitations of the binary-level algorithms, as currently believed, and may be simply eliminated by more robust implementations. We expect our work to lead to more accurate CFG reconstruction in SRE tools and improved precision for other algorithms that employ CFGs.
Download

Paper Nr: 129
Title:

RoomKey: Extracting a Volatile Key with Information from the Local WiFi Environment Reconstructable Within a Designated Area

Authors:

Philipp Jakubeit, Andreas Peter and Maarten van Steen

Abstract: We present a WiFi signal-based, volatile key extraction system called RoomKey. We derive a room’s key by creating a deterministic key from the ever-changing WiFi environment and investigating the extraction capabilities of a designated area. RoomKey uses wireless beacon frames as a component, which we combine with a strong random key to generate and reconstruct the same volatile key in the room. We provide an exemplary use case using RoomKeyas an authentication factor using the location-specific WiFi environment as an authentication claim. We identified and solved two problems in using location as an authentication factor: location being sensitive to privacy and the location of a user constantly changing. We mitigate privacy concerns by recognizing a particular location without the need to localize its precise geographical coordinates. To overcome the problem of location change, we restrict locations to work environments for laptop usage and allow a per-location-predetermined, designated area (e.g., a room). With the concept RoomKey, we demonstrate the potential of including environmental WiFi measurements for volatile key extraction and show the possibility of creating location-aware and privacy-preserving authentication systems for continuous authentication and adaptive security measures.
Download

Paper Nr: 131
Title:

The Design and Implementation of a Semantic Web Framework for the Event-Centric Digital Forensics Analysis

Authors:

Pavel Chikul, Hayretdin Bahşi and Olaf Maennel

Abstract: In the era of interconnected devices, digital crime scenes are characterized by their complexity and voluminous data from a plethora of heterogeneous sources. Addressing these twin challenges of data volume and heterogeneity is paramount for effective digital forensic investigations. This paper introduces a pioneering automated approach for the nuanced analysis of intricate cyber-physical crime environments within distributed settings. Central to our method is an event-centric ontology, anchored on the globally recognized UCO/CASE standard. Complementing this ontology is a robust software framework, designed to expedite data extraction processes, and ensure seamless interfacing with the knowledge repository. We demonstrate the usage of the framework on a public dataset, encapsulating a realistic crime scenario populated with diverse IoT devices.
Download

Paper Nr: 137
Title:

Secure Multiparty Computation of the Laplace Mechanism

Authors:

Amir Zarei and Staal A. Vinterbo

Abstract: Differential Privacy (DP) employs perturbation mechanisms to protect individual data, formulated as Y = q(D) + i, where q(D) is a query result from dataset D and i is random noise. Adjusting the variance of i ensures that an adversary cannot discern if Y originates from D or its neighboring D′. Complications arise when computing Y using floating-point (FL) or fixed-point (FP) arithmetic. Such approximations mean not every potential output for Y is feasible, leading to a mismatch between the output of q(D) + i and q(D′) + i that allows the adversary to breach DP. One solution is to approximate Y as Y˜ = qr(D) + ir, where qr(D) is q(D) rounded to a discretization factor r = 2−k. However, integrating this solution into secure multiparty computation (MPC) is still unexplored. Our work addresses this challenge by proposing an MPC protocol that rounds an FL number to the nearest multiple of r. We show how this protocol enables secure MPC of Y˜ by introducing two Laplace mechanisms. These are then specifically adapted for linear queries. Importantly, our protocols support real-valued query functions on FL inputs and are not limited to integer-valued ones. The first protocol uses FL arithmetic to generate the noise for DP, while the second utilizes integer arithmetic. Both offer information-theoretical security against passive adversaries and can be extended for protection against malicious adversaries. We also analyze the complexity of our protocols to evaluate their performance. Our protocols represent the first provably secure MPC for the Laplace mechanism managing real-valued queries.
Download

Paper Nr: 139
Title:

Towards Generalized Diffie-Hellman-esque Key Agreement via Generic Split KEM Construction

Authors:

Brian Goncalves and Atefeh Mashatan

Abstract: The Diffie-Hellman (DH) problem is a cornerstone of countless key agreement schemes. One of these schemes is the popular instant messaging protocol, Signal. The Signal protocol relies on a subprotocol based on the DH-problem in order to create a secure session key. Unfortunately, as the threat of robust quantum computers continues to loom over traditionally hard problems such as the DH problem, quantum-resistant replacements for these schemes must be created. One candidate for a drop-in DH-style replacement is a special type of key encapsulation mechanism (KEM) called a split KEM, which maintains the same message flow of DH key agreement schemes. In this work, we present an efficient combiner to construct a split from a public key encryption scheme, a signature algorithm, and a special type of pseudorandom function (PRF), called a constrained PRF. Constrained PRFs can produce PRF keys with limited domains, and by selecting the domain to be a single point, the master secret key can be reused. We then use the remaining schemes to transport the constrained key and point and ensure the authenticity of the source of the ciphertext. We then prove that our construction reaches the split KEM formulation of traditional IND-CCA-security with a tight reduction.
Download

Paper Nr: 145
Title:

LSTM Autoencoder-Based Insider Abnormal Behavior Detection Using De-Identified Data

Authors:

Seo-Yi Kim and Il-Gu Lee

Abstract: Leakages of national core technologies and industrial secrets have occurred frequently in recent years. Unfortunately, because most of the subjects of confidential data leaks are IT managers, executives, and employees who have easy access to confidential information, more sophisticated theft is possible, and there is a risk of large-scale data leakage incidents. Insider behavior monitoring is being conducted to prevent confidential data leaks, but there is a problem with personal information being collected indiscriminately during this process. This paper proposes a security solution that protects personal privacy through a process of de-identifying data, while maintaining detection performance in monitoring insider aberrations. In the abnormal behavior detection process, a long short-term memory (LSTM) autoencoder was used. To prove the effectiveness of the proposed method, de-identification evaluation and abnormal behavior detection performance comparison experiments were conducted. According to the experimental results, there was no degradation in detection performance even when data was de-identified. Furthermore, the average re-identification probability was approximately 1.2%, whereas the attack success probability was approximately 0.2%, proving that the proposed de-identification method resulted in low possibility of re-identification and good data safety.
Download

Paper Nr: 156
Title:

Blockchain for Privacy-Preserving Data Distribution in Healthcare

Authors:

Amitesh Singh Rajput and Arnav Agrawal

Abstract: As virtual transformation maintains to reshape healthcare, the security and privacy of health information have become paramount worries. This paper delves into the novel application of blockchain generation as a strategic technique to these urgent issues. In contrast to traditional centralized information control structures, blockchain introduces an intensive alternate with its decentralized, immutable, and transparent nature. This shift gives a robust alternative to comply with sensitive health data. We propose a contemporary, blockchain-primarily based method to seamlessly integrate existing healthcare records into ledgers and share them in a controlled way. The proposed method emphasizes enhanced data integrity, advanced security features, and a patient-centric technique to data governance using customized smart contracts. Experimental results underline the proposed method’s advanced performance for scalability, protection, and general machine performance, making a compelling case for its adoption in healthcare records control.
Download

Short Papers
Paper Nr: 25
Title:

Comparing Phishing Training and Campaign Methods for Mitigating Malicious Emails in Organizations

Authors:

Jackie Scott, Yair Levy, Wei Li and Ajoy Kumar

Abstract: Although there have been numerous significant technological advancements in the last several decades, there continues to be a real threat as it pertains to social engineering, especially phishing, spear-phishing, and Business Email Compromise (BEC). While the technologies to protect end-users have gotten better, the ‘human factor’ in cybersecurity is the main penetration surface. These three phishing methods are used by attackers to infiltrate corporate networks and manipulate end-users, especially through business email. Our research study was aimed at assessing several phishing mitigation methods, including phishing training and campaign methods, as well as any human characteristics that enable a successful cyberattack through business email. Following expert panel validation for the experimental procedure, a pilot study with 172 users and then a full study with 552 users were conducted to collect six actual end-users’ negative response actions to phishing campaigns conducted with traditional Commercial-Off-The-Shelf (COTS) product (KnowBe4) and a red team. Users were randomly assigned to three groups: no training; traditional training; and longitudinal customized training with 1,104 data points collected. While the phishing method was significant, our results indicate that current training methods appear to provide little to no added value vs. no training at all.
Download

Paper Nr: 36
Title:

KAIME: Central Bank Digital Currency with Realistic and Modular Privacy

Authors:

Ali Dogan and Kemal Bicakci

Abstract: Recently, with the increasing interest in Central Bank Digital Currency (CBDC), many countries have been working on researching and developing digital currency. The most important reasons for this interest are that CBDC eliminates the disadvantages of traditional currencies and provides a safer, faster, and more efficient system. These benefits also come with challenges, such as safeguarding individuals’ privacy and ensuring regulatory mechanisms. While most research address the privacy conflict between users and regulatory agencies, they miss an essential detail. Important parts of a financial system are banks and financial institutions. Some studies ignore the need for privacy and include these institutions in the CBDC system, no system currently offers a solution to the privacy conflict between banks, financial institutions, and users. In this study, while we offer a solution to the privacy conflict between the user and the regulatory agencies, we also provide a solution to the privacy conflict between the user and the banks. Our solution, KAIME (the name given to the first banknote issued by the Ottoman Empire) alsa has a modular structure. In the transaction, the sender and receiver can be hidden if desired. Compared to previous related research, security analysis and implementation of KAIME is substantially simpler because simple and well-known cryptographic methods are used. Additionally, the zero-knowledge proofs employed can function without the assistance of a trusted third party.
Download

Paper Nr: 43
Title:

Evaluating the Influence of Multi-Factor Authentication and Recovery Settings on the Security and Accessibility of User Accounts

Authors:

Andre Büttner and Nils Gruschka

Abstract: Nowadays, most online services offer different authentication methods that users can set up for multi-factor authentication but also as a recovery method. This configuration must be done thoroughly to prevent an adversary’s access while ensuring the legitimate user does not lose access to their account. This is particularly important for fundamental everyday services, where either failure would have severe consequences. Nevertheless, little research has been done on the authentication of actual users regarding security and the risk of being locked out of their accounts. To foster research in this direction, this paper presents a study on the account settings of Google and Apple users. Considering the multi-factor authentication configuration and recovery options, we analyzed the account security and lock-out risks. Our results provide insights into the usage of multi-factor authentication in practice, show significant security differences between Google and Apple accounts, and reveal that many users would miss access to their accounts when losing a single authentication device.
Download

Paper Nr: 44
Title:

Attestation with Constrained Relying Party

Authors:

Mariam Moustafa, Arto Niemi, Philip Ginzboorg and Jan-Erik Ekberg

Abstract: Allowing a compromised device to e.g., receive privacy-sensitive sensor readings carries significant privacy risks, but to implement the relying party of a contemporary attestation protocol in a computationally constrained sensor is not feasible, and the network reach of a sensor is often limited. In this paper, we present a remote platform attestation protocol suitable for relying parties that are limited to symmetric-key cryptography and a single communication channel. We validate its security with the ProVerif model checker.
Download

Paper Nr: 48
Title:

Forgery Resistance of User Authentication Methods Using Location, Wi-Fi and Their Correlation

Authors:

Ryosuke Kobayashi and Rie Shigetomi Yamaguchi

Abstract: In recent years, much research has been conducted on user authentication methods utilizing human behavioral information. It is known that human behavioral information represents their characteristics and can be utilized in user authentication as well as biometric information such as facial or fingerprints. Particularly, location information representing a person’s stay and movement history strongly reflects his/her characteristic and can achieve high accuracy in user authentication within behavioral authentication methods. On the other hand, location information is easily inferable by others and there is a concern that the inferred information could be exploited for impersonation. In user authentication methods utilizing location information, it is essential to enhance resistance to impersonation even when the location is inferred. However, there has been no research conducted on this aspect. In this paper, we aim to enhance forgery resistance by utilizing not only the location information collected by smartphones but also Wi-Fi information and the correlation between location and Wi-Fi data in the context of user authentication methods. These three modality were combined through the score fusion method. As a result, this approach successfully improved authentication accuracy and resistance to impersonation.
Download

Paper Nr: 50
Title:

Machine Learning-Based Classification of Hardware Trojans in FPGAs Implementing RISC-V Cores

Authors:

Stefano Ribes, Fabio Malatesta, Grazia Garzo and Alessandro Palumbo

Abstract: Hardware Trojans (HTs) pose a severe threat to integrated circuits, potentially compromising electronic devices, exposing sensitive data, or inducing malfunction. Detecting such malicious modifications is particularly challenging in complex systems and commercial CPUs, where they can occur at various design stages, from initial HDL coding to the final hardware implementation. This paper introduces a machine learning-based strategy for the detection and classification of HTs within RISC-V soft cores implemented in Field-Programmable Gate Arrays (FPGAs). Our approach comprises a systematic methodology for comprehensive data collection and estimation from FPGA bitstreams, enabling us to extract insights ranging from hardware performance counters to intricate metrics like design clock frequency and power consumption. Our ML models achieve perfect accuracy scores when analyzing features related to both synthesis, implementation results, and performance counters. We also address the challenge of identifying HTs solely through performance counters, highlighting the limitations of this approach. Additionally, our work emphasizes the significance of Implementation Features (IFs), particularly circuit timing, in achieving high accuracy in HT detection.
Download

Paper Nr: 51
Title:

An Improved PUF-Based Privacy-Preserving IoT Protocol for Cloud Storage

Authors:

Cédrick De Pauw, Jan Tobias Mühlberg and Jean-Michel Dricot

Abstract: The IoT technology allows many types of personal data to be measured by many kinds of devices and sensors, and to be sent over the Internet for various applications. However, this data transmission has to be secure and the privacy of the users should ideally be preserved. In this work, we propose a SRAM PUF-based privacy-preserving IoT protocol for cloud storage based on an existing protocol from the literature. Proposals are made to increase the supply chain security of the PUF construction used by a device, to extend the secure lifetime of this device by increasing the number of keys it may generate and avoiding reboot-based attacks, and to allow a PUF construction to be used for different applications. These proposals only require changes on the device enrollment and on the master key generation procedure, leaving the PUF construction, the fuzzy extractor construction and the cryptographic key derivation unchanged. Benefits and limitations of this new protocol are evaluated and security objectives achieved with these proposals are analyzed.
Download

Paper Nr: 64
Title:

Anonymous Multi-Receiver Certificateless Hybrid Signcryption for Broadcast Communication

Authors:

Alia Umrani, Apurva K. Vangujar and Paolo Palmieri

Abstract: Confidentiality, authentication, and anonymity are fundamental security requirements in broadcast communication achievable by Digital Signature (DS), encryption, and Pseudo-Identity (PID) techniques. Signcryption, particularly hybrid signcryption, offers both DS and encryption more efficiently than “sign-then-encrypt”, with lower computational and communication costs. This paper proposes an Anonymous Multi-receiver Certifi-cateless Hybrid Signcryption (AMCLHS) scheme for secure broadcast communication. AMCLHS combines public-key cryptography and symmetric key to achieve confidentiality, authentication, and anonymity. We provide a simple and efficient construction of a multi-recipient Key Encapsulation Mechanism (mKEM) to create a symmetric session key. This key, with the sender’s private key, is used in Data Encapsulation Mechanism (DEM) to signcrypt the message, ensuring confidentiality and authentication. The scheme generates identical ciphertext for multiple recipients while maintaining their anonymity by assigning a PID to each user. Security notions are demonstrated for indistinguishability against chosen-ciphertext attack using the elliptic curve computational diffie-hellman assumption in the random oracle model and existential unforgeability against chosen message attack under elliptic curve diffie-hellman assumption. The AMCLHS scheme operates in a multireceiver certificateless environment, preventing the key escrow problem. Comparative analysis shows that our scheme is computationally efficient, provides optimal communication cost, and simultaneously ensures confidentiality, authentication, anonymity, non-repudiation, and forward security.
Download

Paper Nr: 68
Title:

Security Analysis of an Image Encryption Scheme Based on a New Secure Variant of Hill Cipher and 1D Chaotic Maps

Authors:

George Teşeleanu

Abstract: In 2019, Essaid et al. introduced a chaotic map-based encryption scheme for color images. Their approach employs three improved chaotic maps to dynamically generate the key bytes and matrix required by the cryptosystem. It should be noted that these parameters are dependent on the size of the source image. According to the authors, their method offers adequate security (i.e. 279 bits) for transmitting color images over unsecured channels. However, we show in this paper that this is not the case. Specifically, we present two cryptanalytic attacks that undermine the security of Essaid et al.’s encryption scheme. In the case of the chosen plaintext attack, we require only two chosen plaintexts to completely break the scheme. The second attack is a a chosen ciphertext attack, which requires two chosen ciphertexts and compared to the first one has a rough complexity of 224 . The attacks are feasible due to the fact that the key bits and matrix generated by the algorithm remain unaltered for distinct plaintext images.
Download

Paper Nr: 78
Title:

A Framework for E2E Audit Trails in System Architectures of Different Enterprise Classes

Authors:

Luca Patzelt, Georg Neugebauer, Meik Döll, Sacha Hack, Tim Höner and Marko Schuba

Abstract: In today’s world, there are more and more IT systems that are interconnected to provide services to a wide variety of business classes. Since their services are usually inevitably linked to financial and political interests, the number of attacks aimed at disrupting or profiting from these and the associated systems in various ways is constantly increasing. In this paper we design and implement a framework for the comprehensive auditing of IT systems in system architectures of different enterprise classes. For our solution, we evaluate formal requirements regarding audit trails, provide concepts for the pseudonymisation of audit data, develop software components for E2E audit trails and finally present a secure system architecture based on Kubernetes and Istio in conjunction with the storage components ArangoDB and HashiCorp Vault to achieve an efficient framework for creating E2E audit trails.
Download

Paper Nr: 82
Title:

Differential Privacy for Distributed Traffic Monitoring in Smart Cities

Authors:

Marcus Gelderie, Maximilian Luff and Lukas Brodschelm

Abstract: We study differential privacy in the context of gathering real-time congestion of entire routes in smart cities. Gathering this data is a distributed task that poses unique algorithmic and privacy challenges. We introduce a model of distributed traffic monitoring and define a notion of adjacency for this setting that allows us to employ differential privacy under continual observation. We then introduce and analyze three algorithms that ensure ε differential privacy in this context. First we introduce two algorithms that are built on top of existing algorithmic foundations, and show how they are suboptimal in terms of noise or complexity. We focus, in particular, on whether algorithms can be deployed in our distributed setting. Next, we introduce a novel hybrid scheme that aims to bridge between the first two approaches, retaining an improved computational complexity and a decent noise level. We simulate this algorithm and demonstrate its performance in terms of noise.
Download

Paper Nr: 97
Title:

Learning from the Dark Side About How (not) to Engineer Privacy: Analysis of Dark Patterns Taxonomies from an ISO 29100 Perspective

Authors:

Philippe Valoggia, Anastasia Sergeeva, Arianna Rossi and Marietjie Botes

Abstract: The privacy engineering literature proposes requirements for the design of technologies but gives little guidance on how to correctly fulfil them in practice. On the other hand, a growing number of taxonomies document examples of how to circumvent privacy requirements via ”dark patterns,” i.e., manipulative privacy-invasive interface designs. To improve the actionability of the knowledge about dark patterns for the privacy engineering community, we matched a selection of existing dark patterns classifications with the ISO/IEC 29100:2011 standard on Privacy Principles by performing an iterative expert analysis, which resulted in clusters of dark patterns that potentially violate the ISO privacy engineering requirements. Our results can be used to develop practical guidelines for the implementation of technology designs that comply with the ISO Privacy Principles.
Download

Paper Nr: 111
Title:

AnonEmoFace: Emotion Preserving Facial Anonymization

Authors:

Jan Hintz, Jacob Rühe and Ingo Siegert

Abstract: Seeking therapy often implies a major hurdle, especially when it comes to addressing personal problems that cause shame or are socially stigmatized. This is where the recent developments of remote therapy can help. To further reduce this barrier, it can be accommodating to carry out the therapy anonymously. This paper present a proof of concept for such an anonymization of remote therapy video calls. The aim is to enable video calls for subjects without the risk of being identified by their face. The challenge lies in the contradiction of preserving emotional content and successful anonymization. To achieve this goal, avatarization by facial landmark detection is employed. In a user study with 30 participants we achieved an unweighted average recall of 48.6% for facial recognition task, confirming anonymity, while preserving emotional expressivity with an accuracy of 93.3% for happiness, 68.3% for fear, 50.05% for anger and 35.5% for disgust. Thus creating a safe environment for the user, while preserving emotional content for therapeutic purposes.
Download

Paper Nr: 121
Title:

A Decentralized Federated Learning Using Reputation

Authors:

Olive Chakraborty and Aymen Boudguiga

Abstract: Nowadays Federated learning (FL) is established as one of the best techniques for collaborative machine learning. It allows a set of clients to train a common model without disclosing their sensitive and private dataset to a coordination server. The latter is in charge of the model aggregation. However, FL faces some problems, regarding the security of updates, integrity of computation and the availability of a server. In this paper, we combine some new ideas like clients’ reputation with techniques like secure aggregation using Homomorphic Encryption and verifiable secret sharing using Multi-Party Computation techniques to design a decentralized FL system that addresses the issues of incentives, security and availability amongst others. One of the original contributions of this work is the new leader election protocol which uses a secure shuffling and is based on a proof of reputation. Indeed, we propose to select an aggregator among the clients participating to the FL training using their reputations. That is, we estimate the reputation of each client at every FL iteration and then we select the next round aggregator from the set of clients with the best reputations. As such, we remove misbehaving clients (e.g., byzantines) from the list of clients eligible for the role of aggregation server.
Download

Paper Nr: 122
Title:

Pure Multi Key BGV Implementation

Authors:

Justine Paillet, Olive Chakraborty and Marina Checri

Abstract: This paper offers an in-depth exploration of a Pure Multi-Key BGV Implementation. It provides a detailed analysis of the calculations involved for both the server and parties in the scheme, specifically focusing on the challenging and specific relinearisation of terms. Particular emphasis is given towards the extended RGSW multiplication and the complexity of addition, multiplication, and keyswitch key generation.
Download

Paper Nr: 125
Title:

EMplifier: Hybrid Electromagnetic Probe for Side Channel and Fault Injection Analysis

Authors:

Fabrizia Marrucco, Mosabbah Mushir Ahmed, Bechir Bouali and Alieeldin Mady

Abstract: Electromagnetic Fault Injection (EM-FI) analysis is increasingly emerging as an effective technique to bypass countermeasure and/or leak sensitive information by injecting fault during the execution of sensitive asset/operation. EM-FI analysis becomes an essential requirement for obtaining product security certification, whenever high assurance is claimed. The coils represent an integral part of the EM probe design. Therefore, it is important to focus on the practical study of coil design that accentuate the efficiency of EM capture and emission. In this work we tried to optimize the design of a hybrid coil (called EMplifier) that can efficiently sense the EM emissions and inject the fault, enabling a guided fault injection analysis with a single coil. This state-of-art investigates the various important coil parameters that can be used in a hybrid scenario of both capturing and emitting EM signals. Such design is useful in practical EM-FI setup where identifying the exact injection location over the chip is a key factor towards successful attacks.
Download

Paper Nr: 127
Title:

Vision Based Malware Classification Using Deep Neural Network with Hybrid Data Augmentation

Authors:

Md. Mahbubur Rahman, Md. Delwar Hossain, Hideya Ochiai, Youki Kadobayashi, Tanjim Sakib and Syed Taha Yeasin Ramadan

Abstract: Preventing malware attacks is crucial, as they can lead to financial losses, privacy breaches, system downtime, and reputational damage. Various machine learning and deep learning techniques have been proposed for malware classification. However, to evade detection, files from the same family are often altered by malware developers using various approaches so that they appear to be separate files. They may even appear as previously unidentified, commonly referred to as zero-day threats. These attacks can compromise the robustness of deep learning models trained for malware classification. In this research, we developed six fine-tuned Deep Neural Network (DNN) classifiers for classifying malware represented as images. A hybrid data augmentation technique based on Deep Convolutional Generative Adversarial Network (DCGAN) and traditional image transformation methods has been proposed to train the classifiers, enabling them to better handle malware vari-ants. A subset of the publicly available Malimg dataset, comprising six-class and the whole dataset, were used in the experiment. Additionally, both datasets were expanded using the proposed augmentation technique to train the developed classifiers. Experimental results reveal that vision transformer-based classifiers, trained with the proposed data augmentation technique, achieve a maximum accuracy of 99.94% for six-class classification and 99.79% for 25-class classification.
Download

Paper Nr: 133
Title:

Conceptualising an Anti-Digital Forensics Kill Chain for Smart Homes

Authors:

Mario Raciti

Abstract: The widespread integration of Internet of Things (IoT) devices in households generates extensive digital footprints, notably within Smart Home ecosystems. These IoT devices, brimming with data about residents, inadvertently offer insights into human activities, potentially embodying even criminal acts, such as a murder. As technology advances, so does the concern for criminals seeking to exploit various techniques to conceal evidence and evade investigations. This paper delineates the application of Anti-Digital Forensics (ADF) in Smart Home scenarios and recognises its potential to disrupt (digital) investigations. It does so by elucidating the current challenges and gaps and by arguing, in response, the conceptualisation of an ADF Kill Chain tailored to Smart Home ecosystems. While seemingly arming criminals, the Kill Chain will allow a better understanding of the distinctive peculiarities of Anti-Digital Forensics in Smart Home scenario. This understanding is essential for fortifying the Digital Forensics process and, in turn, developing robust countermeasures against malicious activities.
Download

Paper Nr: 143
Title:

Implementation and Analysis of Covert Channel Using iBeacon

Authors:

Ye-Sol Oh, Yeon-Ji Lee, Jiwon Jang, Hyunwoo Choi and Il-Gu Lee

Abstract: Covert channels are typically employed to transmit information and bypass security policies and controls simultaneously to maintain undetected communication. Various techniques have been proposed for establishing covert channels, including those at the network level, and for using different components. This study investigated the security implications of Apple’s iBeacon broadcast messages by focusing on the establishment of covert channels. We introduce two Bluetooth Low Energy (BLE) covert channels: one using broadcast payloads and the other employing broadcasting intervals. These channels can be used in a complementary manner, balancing covertness and bandwidth. In our evaluation, the payload-based covert channel achieved a maximum throughput of 911,600 Bytes per second (Bps) with a Packet Delivery Rate (PDR) exceeding 75%, demonstrating its capability to transmit substantial data via iBeacon covertly. This study focuses on enhancing the security of BLE Beacon deployment.
Download

Paper Nr: 149
Title:

GPU-Based Brute Force Cryptanalysis of KLEIN

Authors:

Cihangir Tezcan

Abstract: KLEIN is a family of lightweight block ciphers that supports 64-bit, 80-bit, and 96-bit secret keys. In this work, we provide a CUDA optimized table-based implementation of the KLEIN family which does not contain shared memory bank conflicts. Our best optimization reach more than 45 billion 64-bit KLEIN key searches on an RTX 4090. Our results show that KLEIN block cipher is susceptible to brute force attacks via GPUs. Namely, in order to break KLEIN in a year via brute force, one needs around 13, 1.34 million, and 111 billion RTX 4090 GPUs for 64-bit, 80-bit, and 96-bit secret keys, respectively. We recommend lightweight designs to avoid short keys.
Download

Paper Nr: 152
Title:

A Brief Reflection on Trusted Platform Module Support

Authors:

Martin Pirker and Robert Haas

Abstract: Trusted Computing and its Trusted Platform Module were introduced about 20 years ago. However, their impact is still limited, only a small number of applications use a TPM, only a few people know that their computer hosts one and what it can be used for. With the ongoing transition from now dominant Windows 10 to Windows 11, every common PC is required to have a TPM to run Windows 11. This short paper reflects on the current environment and state of support for TPMs. It investigates a selection of TPMs, their features, and surveyed the available software stacks to use them. It reports on the findings and the finer details discovered while using TPMs. Overall, this paper contributes to the ongoing discovery and learning about TPM v2, as it will be inevitably a part of our computing with PCs future.
Download

Paper Nr: 161
Title:

What's Your Purpose? An Approach to Incorporating GDPR Purposes into Requirements Analysis

Authors:

Evangelia Vanezi, Georgia Kapitsaki and Anna Philippou

Abstract: Protecting personal data within software systems is crucial, and as such, several privacy regulations have been enacted, one being the EU’s General Data Protection Regulation (GDPR). While GDPR emphasizes “Purpose Limitation” for rightful personal data handling, the concept of purpose lacks clarity in software development practices. Building on our previous work on DiálogoP, which supports the definition of formal processing purposes, this study introduces purpose-aware system requirements. We present AnálisisP, a methodology for integrating processing purposes into the software engineering requirements analysis phase and visual representations of these enhanced requirements by extending the Unified Modeling Language (UML) Use Case and Sequence diagrams. We show how our approach enables the integration of AnálisisP with DiálogoP towards formal models whose compliance with processing purposes is rigorously validated. Additionally, we showcase how the proposed extended diagrams assist in addressing further GDPR-related system design queries.
Download

Paper Nr: 22
Title:

Smart Home Privacy: A Scoping Review

Authors:

Ali Ahmed, Victor Ungureanu, Tarek Gaber, Craig Watterson and Fatma Masmoudi

Abstract: Privacy concerns in smart home technologies have surged as their adoption becomes ubiquitous. This scoping review paper undertakes an exhaustive examination of the current literature to elucidate the state of privacy within this burgeoning context. Employing a scoping review methodology, we have analysed about 78 peer-reviewed articles. Key emergent themes include privacy concerns, trust, user perception, and a range of technical risks and mitigation. Our findings reveal significant gaps in privacy design and protection, establishing this paper as a novel contribution that sets the groundwork for future research. Additionally, it provides practitioners and policymakers with actionable insights for enhancing privacy measures in smart homes. Supplemental material, including a curated database of the reviewed literature and previously published papers, will be available to reviewers to enrich the understanding of our contribution.
Download

Paper Nr: 27
Title:

User Re-Authentication via Mouse Movements and Recurrent Neural Networks

Authors:

Paul R. B. Houssel and Luis A. Leiva

Abstract: Behavioral biometrics can determine whether a user interaction has been performed by a legitimate user or an impersonator. In this regard, user re-authentication based on mouse movements has emerged as a reliable and accessible solution, without being intrusive or requiring any explicit input from the user other than regular interactions. Previous work has reported remarkably good classification performance when predicting impersonated mouse movements, however, it has relied on manual data preprocessing or ad-hoc feature extraction methods. In this paper, we design and contrast different recurrent neural networks that take as input raw mouse movements, represented by discrete sequences of coordinate derivatives (coordinate offsets relative to time), as a mean of user re-authentication that could be used on web platforms. We show that a 2-layer BiGRU model outperforms state-of-the-art approaches while being much simpler and more efficient. Our software and models are publicly available.
Download

Paper Nr: 34
Title:

UPSS: A Global, Least-Privileged Storage System with Stronger Security and Better Performance

Authors:

Arastoo Bozorgi, Mahya Soleimani Jadidi and Jonathan Anderson

Abstract: Strong confidentiality, integrity, user control, reliability and performance are critical requirements in privacy-sensitive applications. Such applications would benefit from a data storage and sharing infrastructure that provides these properties even in decentralized topologies with untrusted storage backends, but users today are forced to choose between systemic security properties and system reliability or performance. As an alternative to this status quo we present UPSS: the user-centric private sharing system, a cryptographic storage system that can be used as a conventional filesystem or as the foundation for security-sensitive applications such as redaction with integrity and private revision control. We demonstrate that both the security and performance properties of UPSS exceed that of existing cryptographic filesystems and that its performance is comparable to mature conventional filesystems — in some cases even superior. Whether used directly via its Rust API or as a conventional filesystem, UPSS provides strong security and practical performance on untrusted storage.
Download

Paper Nr: 38
Title:

Enhancing Cybersecurity Through Comparative Analysis of Deep Learning Models for Anomaly Detection

Authors:

Kateřina Macková, Dominik Benk and Martin Šrotýř

Abstract: With the increasing complexity of cyber attacks, traditional methods for anomaly detection in cybersecurity are insufficient, leading to the necessity of integrating deep learning and neural network approaches. This paper presents a comparative analysis of the most powerful deep learning methods for such anomaly detection. We analysed existing datasets for syslog and dataflow, compared several preprocessing methods and identified their strengths and weaknesses. Additionally, we trained and evaluated several deep learning models to provide a comprehensive overview of the current state-of-the-art in cybersecurity. The CNN model achieves excellent results, with 0.999 supervised and 0.938 semi-supervised F1-score in syslog anomaly detection on the BGL dataset and 0.985 F1-score in dataflow anomaly detection on the NIDS dataset. This research contributes to the field of cybersecurity by aiding researchers and practitioners in selecting effective deep-learning models for robust real-life anomaly detection systems. Our findings highlight the reusability of these models in real-life systems.
Download

Paper Nr: 90
Title:

Using ILP to Learn AppArmor Policies

Authors:

Lukas Brodschelm and Marcus Gelderie

Abstract: Access control has become ubiquitous in contemporary computer systems but creating policies is an costly and errorprone task, thus it is desirable to automize it. Machine learning is a common tool to automate such tasks. But typical modern machine learning (ML) techniques require large example sets and do not give guarantees which makes it hard to learn policies with them. Inductive logic programming (ILP) is a symbolic form of ML that addresses these limitations. We show how ILP can be used to create generalized file access policies from examples. To do so we introduce two strategies to use the ILASP ILP framework to create file access rulesets for AppArmor. Further, we introduce concepts to generate negative examples for the learning tasks. Our evaluation shows the feasibility of our strategies by comparing them with AppArmor’s default tooling.
Download

Paper Nr: 119
Title:

The Status and Management of Web-Related Security at Higher Education Institutions in Poland

Authors:

Jackson Barreto, Paulina Rutecka, Karina Cicha and Pedro Pinto

Abstract: In an era marked by escalating cyber threats, the need for robust cybersecurity measures is paramount, especially for Higher Education Institutions (HEIs). As custodians of sensitive information, HEIs must ensure secure channels for data transmission to protect their stakeholders. These institutions should increase their cyber resilience, recognizing the heightened risk they face from cybercriminal activities. A breach in an HEI’s cybersecurity can have severe consequences, ranging from data confidentiality breaches to operational disruptions and damage to institutional reputation. This paper conducts a comprehensive evaluation of the cybersecurity mechanisms in HEIs within Poland. The focus is on assessing the adoption of important web security protocols—Hyper Text Transfer Protocol Secure (HTTPS) and Domain Name System Security Extensions (DNSSEC)—and the implementation of security headers on HEI websites. This study aims to provide a snapshot of the current cyber defense maturity in HEIs and to offer actionable insights for enhancing web security practices. The findings indicate a high adoption rate of HTTPS among HEIs, yet reveal significant gaps in web security practices. Also, there is a low adherence to security headers and an absence regarding DNSSEC implementation across the surveyed institutions. These results highlight crucial areas for improvement and underscore the need for HEIs in Poland to strengthen their web security measures, safeguarding their data and enhancing the overall cybersecurity resilience.
Download

Paper Nr: 134
Title:

PETRIoT - A Privacy Enhancing Technology Recommendation Framework for IoT Computing

Authors:

Fatema Rashid, Ali Miri and Atefeh Mashatan

Abstract: Data sharing has become a critical component in any computing domain for organizations of different scales. Governments and organizations often must share their sensitive data with third parties in order to analyze, mine or fine tune data for critical operations. However, this can lead to privacy concerns when dealing with sensitive data. Privacy Enhancing Techniques (PETs) allow data sharing between two or more parties, while protecting the privacy of the data. There are different types of PETs that offer different advantages and disadvantages for specific application domains. Therefore, it is imperative that a careful selection and matching of application domain and PET is exercised. Selection of PETs becomes more critical when it comes to the data generated from Internet of Things (IoT) devices as such devices are becoming more pervasively present in our lives and thus, capturing more sensitive information. In this paper, we design a novel framework in accordance with National Institute of Standards and Technology (NIST) recommendations to select an appropriate PET in different application settings with respect to privacy, computational cost and usability. We design a recommendation system based on a strategy which requires input from data owners and end users. On the basis of the responses selected, the recommendation is made for an appropriate PET to be deployed in a given IoT application.
Download

Paper Nr: 141
Title:

Preserving Privacy in High-Dimensional Data Publishing

Authors:

Narges Alipourjeddi and Ali Miri

Abstract: As the era of big data unfolds, high-dimensional datasets with complex structures have become increasingly prevalent in various fields, including healthcare, finance, and social sciences. Extracting valuable insights from such data is essential for scientific discovery and decision-making. However, the publication of these datasets is full of privacy concerns, as they often contain sensitive and personally identifiable information. In this paper, we introduce a novel approach that addresses the delicate balance between data privacy and the exploration of high-dimensional data’s underlying structure. We leverage the power of persistent homology, a topological data analysis method, to unveil hidden patterns and captures the persistent topological features of the data, allowing us to study its shape and structure across different scales. Adding noise into the low dimensional embedding and provide private persistence diagram with differential privacy, offers a rigorous and well-established framework to ensure that individuals’ privacy in the dataset is protected. We synthetically generate high-dimensional data with a focus on differential privacy-preserved persistence diagrams, ensuring privacy in our publication of the synthesized dataset. We conduct extensive experiments on three real-world datasets and the experimental results demonstrate that our mechanism can significantly improve the data structure of the published data while satisfying differential privacy.
Download

Paper Nr: 142
Title:

Security Evaluation of Decision Tree Meets Data Anonymization

Authors:

Ryousuke Wakabayashi, Lihua Wang, Ryo Nojima and Atsushi Waseda

Abstract: This paper focuses on the relationship between decision trees, a typical machine learning methods, and data anonymization. We first demonstrate that the information leakage from trained decision trees can be evaluated using well-studied data anonymization techniques. We then show that decision trees can be strengthened against specific attacks using data anonymization techniques. Specifically, we propose two decision tree pruning methods to improve security against uniqueness and homogeneity attacks, and we evaluate the accuracy of these methods experimentally.
Download

Paper Nr: 146
Title:

Smart Homes as Digital Ecosystems: Exploring Privacy in IoT Contexts

Authors:

Sally Bagheri, Andreas Jacobsson and Paul Davidsson

Abstract: Although smart homes are tasked with an increasing number of everyday activities to keep users safe, healthy, and entertained, privacy concerns arise due to the large amount of personal data in flux. Privacy is widely acknowledged to be contextually dependent, however, the interrelated stakeholders involved in developing and delivering smart home services – IoT developers, companies, users, and lawmakers, to name a few – might approach the smart home context differently. This paper considers smart homes as digital ecosystems to support a contextual analysis of smart home privacy. A conceptual model and an ecosystem ontology are proposed through design science research methodology to systematize the analyses. Four privacy-oriented scenarios of surveillance in smart homes are discussed to demonstrate the utility of the digital ecosystem approach. The concerns pertain to power dynamics among users such as main users, smart home bystanders, parent-child dynamics, and intimate partner relationships and the responsibility of both companies and public organizations to ensure privacy and the ethical use of IoT devices over time. Continuous evaluation of the approach is encouraged to support the complex challenge of ensuring user privacy in smart homes.
Download

Paper Nr: 147
Title:

Efficient Secure Computation of Edit Distance on Genomic Data

Authors:

Andrea Migliore, Stelvio Cimato and Gabriella Trucco

Abstract: Genetic data are the most sensitive information for a person, containing many specific features that uniquely determine an individual and also make it possible to trace relationships with other people or evaluate the predisposition to particular diseases. For this reason, any processing of genetic data should be carefully performed and any threat to their privacy properly considered. A very important computation in medical and public health domains involves the evaluation of the edit distance between human genomes, that can eventually lead to a better diagnosis of several diseases. To maintain the privacy of the genetic data, it is possible to apply secure computation protocols and then, in this context, the improvement of the computational performance of such techniques is a key factor for real-world application scenarios. In this paper we focus on the application of the garbling circuit technique for the computation of the edit distance, showing its efficiency. We apply the technique considering four different algorithms and compare their performances to the best previous results found in literature. We show that the Ukkonen algorithm with generalized cut-off is the one that performed better among the considered algorithms, reporting some experimental results obtained considering datasets composed of both randomly generated and real genomic strings.
Download

Paper Nr: 160
Title:

Feasibility of Privacy Preserving Minutiae-Based Fingerprint Matching

Authors:

Julia Mader and Thomas Lorünser

Abstract: While biometric data, such as fingerprints, are increasingly used for identification and authentication, their inability to be revoked once compromised raises privacy concerns. To mitigate these concerns, in this ongoing research, we explore the use of Multiparty Computation (MPC), which allows secure computations on encrypted data, as an option for privacy-preserving fingerprint matching. Despite MPC’s known drawback of slowing down computation, recent advancements make it a viable option for real-world applications. Our research focuses on implementing and optimizing a minutiae-based fingerprint matching algorithm with MPC, addressing the challenge of maintaining privacy while ensuring reasonable computation times. We present our implementation using SourceAFIS optimized for MPC and evaluate its performance to assess if current protocols are ready for deployment in time critical scenarios. Preliminary results show promise, emphasizing our ongoing research to achieve a fully-fledged MPC implementation with high accuracy.
Download

Area 3 - Applications and Services

Full Papers
Paper Nr: 19
Title:

A Categorical Data Approach for Anomaly Detection in WebAssembly Applications

Authors:

Tiago Heinrich, Newton C. Will, Rafael R. Obelheiro and Carlos A. Maziero

Abstract: The security of Web Services for users and developers is essential; since WebAssembly is a new format that has gained attention in this type of environment over the years, new measures for security are important. However, intrusion detection solutions for WebAssembly applications are generally limited to static binary analysis. We present a novel approach for dynamic WebAssembly intrusion detection, using data categorization and machine learning. Our proposal analyses communication data extracted from the WebAssembly sandbox, with the goal of better capturing the applications’ behavior. Our approach was validated using two strategies, online and offline, to assess the effectiveness of categorical data for intrusion detection. The obtained results show that both strategies are feasible for WebAssembly intrusion detection, with a high detection rate and low false negative and false positive rates.
Download

Paper Nr: 73
Title:

Supporting CAN Bus Anomaly Detection with Correlation Data

Authors:

Beatrix Koltai, András Gazdag and Gergely Ács

Abstract: Communication on the Controller Area Network (CAN) in vehicles is notably lacking in security measures, rendering it susceptible to remote attacks. These cyberattacks can potentially compromise safety-critical vehicle subsystems, and therefore endanger passengers and others around them. Identifying these intrusions could be done by monitoring the CAN traffic and detecting abnormalities in sensor measurements. To achieve this, we propose integrating time-series forecasting and signal correlation analysis to improve the detection accuracy of an onboard intrusion detection system (IDS). We predict sets of correlated signals collectively and report anomaly if their combined prediction error surpasses a predefined threshold. We show that this integrated approach enables the identification of a broader spectrum of attacks and significantly outperforms existing state-of-the-art solutions.
Download

Paper Nr: 77
Title:

IoT Device Classification Using Link-Level Features for Traditional Machine Learning and Large Language Models

Authors:

Gabriel Morales, Farhan Tajwar Romit, Adam Bienek-Parrish, Patrick Jenkins and Rocky Slavin

Abstract: Technological advancement has made strides due in part to added convenience in our daily lives. This addition of automation and quick access to information has given rise to the Internet-of-Things (IoT), where otherwise normal items such as kitchen appliances, smartphones, and even electrical meters are interconnected and can access the Internet. Since IoT devices can be accessed anywhere and have user-set behaviors, they transmit data frequently over various networking standards which can be obtained by a malicious actor. While network data is often encrypted, the patterns they construct can be used by such an adversary to infer user behavior, device behavior, or the device itself. In this work, we evaluate various traditional machine learning models for device classification using network traffic features generated from link-level flows to overcome both encryption and differences in protocols/standards. We also demonstrate the viability of the GPT 3.5 large language model (LLM) to perform the same task. Our experiments show the viability of flow-based classification across 802.11 Wi-Fi, Zigbee, and Bluetooth Low Energy devices. Furthermore, with a considerably smaller dataset, the LLM was able to identify devices with an overall accuracy of 79% through the use of prompt-tuning, and an overall accuracy of 63.73% for a larger more common dataset using fine-tuning. Compared to traditional models, the LLM closely matches the performance of the lowest-performing models and even achieves higher accuracy than the best-performing models.
Download

Paper Nr: 109
Title:

Banking Malware Detection: Leveraging Federated Learning with Conditional Model Updates and Client Data Heterogeneity

Authors:

Nahid Ferdous Aurna, Md Delwar Hossain, Hideya Ochiai, Yuzo Taenaka, Latifur Khan and Youki Kadobayashi

Abstract: Banking malware remains an ongoing and evolving threat as cybercriminals exploit vulnerabilities to steal sensitive user information in the digital banking landscape. Despite numerous efforts, developing an effective and privacy preserving solution for detecting banking malware remains an ongoing challenge. This paper proposes an effective privacy preserving Federated Learning (FL) based banking malware detection system utilizing network traffic flow. Challenges such as, dealing with data heterogeneity in FL scheme while maintaining robustness of the global shared model are addressed here. In our study, three distinct heterogenous datasets consisting benign and one of the prevalent malicious flows (zeus, emotet, or trickbot) are considered to address the data heterogeneity. To ensure model’s robustness, initially, we assess various models, selecting Convolutional Neural Network (CNN) for developing an ensemble model. Subsequently, FL is incorporated to maintain data confidentiality and privacy where ensemble model serves as the global model ensuring the effectiveness of the approach. Moreover, to improve the FL scheme, we introduce conditional update of client models, effectively addressing data heterogeneity among the federated clients. The evaluation results demonstrate the effectiveness of the proposed model, achieving high detection rates of 0.9819, 0.9982, and 0.9997 for client 1, client 2, and client 3, respectively. Overall, this study offers a promising solution to detect banking malware while effectively addressing data privacy and heterogeneity in the FL framework.
Download

Paper Nr: 130
Title:

Visual Attention and Privacy Indicators in Android: Insights from Eye Tracking

Authors:

Michele Guerra, Roberto Milanese, Michele Deodato, Vittorio Perozzi and Fausto Fasano

Abstract: In today’s digital landscape, where privacy preservation is of paramount importance, Android has implemented new features to enhance transparency: the Privacy Indicators (PIs). Our study employs eye-tracking technology to investigate how users perceive and interact with these indicators. As a visual alert system, PIs signal when sensitive resources, like camera or microphone, are in use. However, the structure of Android’s permission model, susceptible to exploitation by malevolent or commercial apps, places an excessive responsibility on PIs. They act as the final alert for users against the misuse of permissions in unexpected contexts. We conducted a controlled experiment with 29 participants who were exposed to various privacy scenarios while their eye movements were tracked and recorded. Our findings reveal a significant gap in PIs effectiveness, particularly in high-engagement tasks, indicating a need for more eye-catching privacy notifications. These findings suggest the need for redesigning some privacy interfaces to make them more effective. The study’s insights contribute to the broader discussion on balancing functionality with user privacy and the methodology of utilizing eye tracking in user experience research.
Download

Short Papers
Paper Nr: 26
Title:

Ethical Design for Data Privacy and User Privacy Awareness in the Metaverse

Authors:

Ophelia Prillard, Costas Boletsis and Shukun Tokas

Abstract: The significance of the metaverse has been growing rapidly within the online realm. However, several challenges remain, including privacy, ethics, and governance. Extended reality (XR) devices used to access the metaverse are equipped with high-quality sensors that can collect large amounts of sensitive user data, including biometric data and spatial data. Such considerations raise major concerns about the extent and nature of user data that this massive platform could accumulate, the data collection awareness and transparency it will provide to its users, and the ethical nature of the informed user consent it will request. This research aims to document and analyze the privacy challenges that arise from a prevalent metaverse application, align them with the related literature, and present an initial set of ethical design suggestions that can mitigate these privacy challenges. To do so, a case study shapes and informs a set of ethical design suggestions. The user onboarding of a prevalent multi-user/remote working metaverse application, Meta Horizon Workrooms, was documented and modeled through a user journey modeling language, CJML. The walkthrough revealed certain challenges regarding data privacy awareness, such as long, legally worded privacy policies, a hard-to-use user interface that can affect privacy awareness, and ambiguous wording in data-collection notices. Several best practices regarding user privacy were examined to tackle these issues, and certain ethical design solutions (e.g., informed user interface, design privacy icons, anonymization, logging, revising all consent) are suggested.
Download

Paper Nr: 30
Title:

Deep Q-Networks for Imbalanced Multi-Class Malware Classification

Authors:

Antonio Maci, Giuseppe Urbano and Antonio Coscia

Abstract: Nowadays, defending against malware-induced computer infections represents a key concern for both individuals and companies. Malware detection relies on analyzing the static or dynamic features of a file to determine whether it is malicious or not. In the case of dynamic analysis, the sample behavior is examined by performing a thorough inspection, such as tracking the sequence of functions, also called Application Programming Interfaces (APIs), executed for malicious purposes. Current machine learning paradigms, such as Deep Learning (DL), can be exploited to develop a classifier capable of recognizing different categories of malicious software for each API flow. However, some malware families are less numerous than others, leading to an imbalanced multi-class classification problem. This paper compares Deep Reinforcement Learning (DRL) algorithms that combine Reinforcement Learning (RL) with DL models to deal with class imbalance for API-based malware classification. Our investigation involves multiple configurations of Deep Q-Networks (DQNs) with a proper formulation of the Markov Decision Process that supports cost-sensitive learning to reduce bias due to majority class dominance. Among the algorithms compared, the dueling DQN showed promising macro F1 and area under the ROC curve scores in three test scenarios using a popular benchmark API call dataset.
Download

Paper Nr: 39
Title:

Desktop Crypto Wallets: A Digital Forensic Investigation and Analysis of Remnants and Traces on end-User Machines

Authors:

David Debono and Aleandro Sultana

Abstract: Cryptocurrencies have built-in anonymity and privacy features. These currencies can be used for illicit activities, and due to the nature of cryptocurrencies, it is difficult for forensic investigators to extract concrete proof and evidence from a seized system, that such wallets have been used for criminal activities. Evidence heavily depends on the status of the application, whether it is present on the system or has been recently uninstalled. In this study, we examine three mainstream desktop wallet cryptocurrencies Exodus, Electrum and Bitcoin Core and investigate which valuable forensic artefacts the software of these cryptocurrencies leaves behind on a Windows 10 computer system during the different phases of the application lifetime. Volatile and non-volatile memory as well as network traffic are examined. Artefacts included hidden files created from the wallet applications, roaming profiles, application directories, and cached browser history. Artefacts present in volatile memory included personal bank details, seed phrases, wallet names and plain text passwords. The network traffic generated was used to extract DNS records and IP addresses. Roaming profiles were still present after the uninstallation of the wallet applications Exodus and Bitcoin Core and passwords related to Bitcoin Core were found in volatile memory after the uninstallation process, before restarting the system.
Download

Paper Nr: 40
Title:

Build a Computationally Efficient Strong Defense Against Adversarial Example Attacks

Authors:

Changwei Liu, Louis DiValentin, Aolin Ding and Malek Ben Salem

Abstract: Input transformation techniques have been proposed to defend against adversarial example attacks in imageclassification systems. However, recent works have shown that, although input transformations and augmentations to adversarial samples can prevent unsophisticated adversarial example attacks, adaptive attackers can modify their optimization functions to subvert these defenses. Previous research, especially BaRT (Raff et al., 2019), has suggested building a strong defense by stochastically combining a large number of even individually weak defenses into a single barrage of randomized transformations, which subsequently increases the cost of searching the input space to levels that are not easily computationally feasible for adaptive attacks. While this research took approaches to randomly select input transformations that have different transformation effects to form a strong defense, a thorough evaluation of using well-known state-of-the-art attacks with extensive combinations has not been performed. Therefore, it is still unclear whether employing a large barrage of randomly combined input transformations ensures a robust defense. To answer these questions, we evaluated BaRT work by using a large number (33) of input transformation techniques. Contrary to BaRT’s recommendation of using five randomly combined input transformations, our findings indicate that this approach does not consistently provide robust defense against strong attacks like the PGD attack. As an improvement, we identify different combinations that only use three strong input transformations but can still provide a resilient defense.
Download

Paper Nr: 42
Title:

Robust Image Deepfake Detection with Perceptual Hashing

Authors:

Chun-Shien Lu and Chao-Hsuan Lin

Abstract: Owing to advert of deep learning, deepfake has received considerable attention in this deep learning era. The challenging problem of deepfake detection has been identified to the generalization capability in two aspects: (1) Cross-dataset evaluation and (2) Robustness against content-preserving image manipulations. In this work, we study an image hashing scheme that can be plugged into the existing deepfake detection model to improve their generalization capability. Preliminary experimental results have demonstrates the effectiveness of our perceptual image hashing method.
Download

Paper Nr: 46
Title:

Federated Learning with Differential Privacy and an Untrusted Aggregator

Authors:

Kunlong Liu and Trinabh Gupta

Abstract: Federated learning for training models over mobile devices is gaining popularity. Current systems for this task exhibit significant trade-offs between model accuracy, privacy guarantee, and device efficiency. For instance, Oort (OSDI 2021) provides excellent accuracy and efficiency but requires a trusted central server. On the other hand, Orchard (OSDI 2020) provides good accuracy and the differential privacy guarantee without a trusted server, but creates high overhead for the devices. This paper describes Aero, a new federated learning system that significantly improves this trade-off. Aero guarantees good accuracy, differential privacy without a trusted server, and low device overhead. The key idea of Aero is to tune system architecture and design to a specific federated learning algorithm. This tuning requires novel optimizations and techniques, including a new protocol to securely aggregate gradient updates from devices. An evaluation of Aero demonstrates that it provides comparable accuracy to plain federated learning (without differential privacy), and it improves efficiency ( CPU and network) over Orchard by a factor of 10 5 .
Download

Paper Nr: 59
Title:

A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features

Authors:

Kağan Özgün, Ayşe Tosun and Mehmet Tahir Sandıkkaya

Abstract: Detecting Distributed Denial of Service (DDoS) attacks are crucial for ensuring the security of applications and computer networks. The ability to mitigate potential attacks before they happen could significantly reduce security costs. This study aims to address two research questions concerning the early detection of DDoS attacks. First, we explore the feasibility of detecting DDoS attacks in advance using machine learning approaches. Second, we focus on whether DDoS attacks could be successfully detected using a Long Short-Term Memory (LSTM) based approach. We have developed rule-based, Gaussian Naive Bayes (GNB), and LSTM models that were trained and assessed on two datasets, namely UNSW-NB15 and CIC-DDoS2019. The results of the experiments show that 82–99% of DDoS attacks can be successfully detected 300 seconds prior to their arrival using both GNB and LSTM models. The LSTM model, on the other hand, is significantly better at distinguishing attacks from benign packets. Additionally, incident response teams could utilize a two-level alert mechanism that ranks the attack detection results, and take actions such as blocking the traffic before the attack occurs if our proposed system generates a high risk alert.
Download

Paper Nr: 60
Title:

Silicon-Integrated Security Solutions Driving IoT Security

Authors:

Stephan Spitz and Alexander Lawall

Abstract: Internet of Things (IoT) devices still miss in many cases an ability to prove their identity, verify configuration changes based on a solid root-of-trust or have a data confidentiality protection anchored in hardware. This paper describes how to bridge between service-level security functionalities and a deeply silicon-integrated security solution, which is part of a larger System-on-Chip (SoC) for the benefit of increased security. Such a bridging raises new demands regarding silicon manufacturing, the Secure Operating System design, and also the communication and management interfaces. This is because in comparison to a “classical” Trusted Platform Module (TPM), no dedicated security hardware is available. This article describes the Sytem-onChip security integration’s impact on increasing the security level of the IoT service layer. “Integrated” refers to a secure enclave, which is no longer located on a separate chip, because it is part of the SoC of a larger device together with many other components on the same piece of silicon e.g. application/modem-processor cores, integrated memory and high-bandwidth I/O interfaces. A further aim of this paper is to create awareness about the capabilities of SoC-integrated security functions so that they can be leveraged by software designers, who are usually not deeply familiar with hardware security.
Download

Paper Nr: 159
Title:

Exploring BERT for Predicting Vulnerability Categories in Device Configurations

Authors:

Dmitry Levshun and Dmitry Vesnin

Abstract: Attack graphs have long been a popular method for modelling multistep attacks. They are useful for assessing the likelihood of network hosts being compromised and identifying attack paths with the highest probability and impact. Typically, this analysis relies on information about vulnerabilities from open databases. However, many devices are not included in these databases, making it impossible to utilize information about their vulnerabilities. To address this challenge, we are exploring different modifications of BERT in prediction of vulnerability categories in devices configurations. Our goal is to predict vulnerability categories in new versions of vulnerable systems or systems with configurations close to vulnerable ones. In this work, each device configuration is represented as a list of Common Platform Enumeration descriptions. We categorized vulnerabilities into 24 groups based on their access vector, initial access, and obtained access rights—metrics derived from the Common Vulnerabilities and Exposures within the Common Vulnerability Scoring System. During the experiments, we initially compared the performance of BERT, RoBERTa, XLM-RoBERTa, and DeBERTa-v3. Following this comparison, we used hyperparameter optimization for the model with the best performance in each metric prediction. Based on those predictions, we evaluated the performance of their combination in prediction of vulnerability categories.
Download

Paper Nr: 41
Title:

Botnet Detection by Integrating Multiple Machine Learning Models

Authors:

Thanawat Tejapijaya, Prarinya Siritanawan, Karin Sumongkayothin and Kazunori Kotani

Abstract: Botnets are persistent and adaptable cybersecurity threats, displaying diverse behaviors orchestrated by various attacker groups. Their ability to operate stealthily on a massive scale poses challenges to conventional security monitoring systems like Security Information and Event Management (SIEM). In this study, we propose an integrated machine learning method to effectively identify botnet activities under different scenarios. Our approach involves using Shannon entropy for feature extraction, training individual models using random forest, and integrating them in various ways. To evaluate the effectiveness of our methodology, we compare various integrating strategies. The evaluation is conducted using unseen network traffic data, achieving a remarkable reduction in false negatives by our proposed method. The results demonstrate the potential of our integrating method to detect different botnet behaviors, enhancing cybersecurity defense against this notorious threat.
Download

Paper Nr: 62
Title:

Vulnerability Information Sharing Platform for Securing Hardware Supply Chains

Authors:

Kento Hasegawa, Katsutoshi Hanahara, Hiroshi Sugisaki, Minoru Kozu, Kazuhide Fukushima, Yosuke Murakami and Shinsaku Kiyomoto

Abstract: The rise of complex global supply chains has increased the risk of malicious actors attempting to insert malicious functions, called hardware Trojans (HTs), into hardware components and devices. Although many HT detection methods have been proposed over a decade, implementing them in industries may take a long time due to concerns about these methods. In this paper, we propose a repository system to manage vulnerability information for securing hardware supply chains and investigate the demand and barriers to introducing hardware Trojan detection schemes in the industry. First, we design a scheme to share the results of HT detection methods. Second, we design questionnaires to investigate the actual situation of the industry’s awareness of the threat of HTs and other hardware security issues. We conclude that there is a gap between academics and the industry, whereas many business operators are concerned about the threat of HTs.
Download

Paper Nr: 74
Title:

Off-Chaining Approaches for Cost-Efficiency in Threshold-Based Elliptic Curve Systems over Blockchains

Authors:

Visakh K. Vijayan, Maria Francis and Kotaro Kataoka

Abstract: In this work, we propose an off-chaining technique – threshold off-chain computation (TOC) – to reduce the gas cost of threshold-based elliptic curve cryptographic systems over blockchains (TEB), while preserving the security guarantees. We use threshold-based anonymous credentials with opening (TACO) and without opening (TAC) as examples and instantiate them with a PoC implementation of a blockchain-based credential management system. These implementations are built for both Ganache and Sepolia. Based on the evaluation results, we propose a) selective off-chaining where functions are off-chained using the TOC approach solely for gas cost reduction, and b) empirical push-back off-chaining where operations within the off-chained functions are pushed back on-chain for a balance between gas cost reduction and execution time. We observe that selective off-chaining of the TACO system results in a significant reduction of gas cost – 32x and 29x w.r.t. to the on-chain system in Ganache and Sepolia, respectively, but with a degradation in execution time. The empirical push-back off-chaining of the TACO system results in gas costs that are 6x and 4x lower than the original system in Ganache and Sepolia, respectively with an improvement in execution time of 59% in Ganache and 23% in Sepolia.
Download

Paper Nr: 80
Title:

High Throughput Neural Network for Network Intrusion Detection on FPGAs: An Algorithm-Architecture Interaction

Authors:

Muhammad Ali Farooq, Syed Muhammad Fasih Ul Hassan, Muhammad Umer Farooq and Abid Rafique

Abstract: With the increasing digitization of human activities, the risk of cyberattacks has increased. The resulting potential for extensive harm underscores the need for robust detection mechanisms. Neural network-based solutions deployed on FPGAs provide robust and fast solutions to this challenge by scrutinizing network traffic patterns to identify malicious behaviours. This paper introduces a novel loss function tailored for use on the UNSW-NB15 dataset. This loss function allows a small, binarized neural network deployed on FPGAs to function at high speed with competitive accuracy. This paper further introduces a model trained using this method which has a maximum operating frequency of 1.028 GHz and LUT and flip-flop usage of 135 and 148 respectively, with an accuracy of 90.91% and an F1 score of 91.81%. The high operating frequency and low LUT footprint provide avenues for further research, even though the accuracy and F1 score are not groundbreaking.
Download

Paper Nr: 91
Title:

Comparative Analysis of Feature Selection Algorithms for Automated IoT Device Fingerprinting

Authors:

Ahmet Aksoy, Sundeep Varma, Ganesha Moorthy, Enya Pan and Gorkem Kar

Abstract: IoT devices are increasingly becoming a part of our daily lives. As such, there is a growing emphasis on enhancing their security, which will also ensure the security of the networks to which they belong. Identifying and isolating vulnerable devices from the network is crucial to increase overall security. In this paper, we demonstrate the contribution of various feature selection algorithms used with Decision Tree classifiers to the problem of detecting vendors and types of IoT devices. We use a single TCP/IP packet originating from each device and utilize their packet header field values to capture their unique fingerprints automatically. We compare several algorithms from the Filter, Wrapper, Embedded, and Search Optimization domains of feature selection and indicate which works best for individual scenarios. We utilize the IoT Sentinel dataset and achieve 95.3% accuracy in classifying 126,209 unique TCP/IP packets across various vendors of devices using weighted accuracy and 88.7% accuracy using macro accuracy, which is the average of F1-Scores of all vendors in the dataset.
Download

Paper Nr: 112
Title:

Cybersecurity-Related Tweet Classification by Explainable Deep Learning

Authors:

Giacomo Iadarola, Fabio Martinelli, Francesco Mercaldo, Luca Petrillo and Antonella Santone

Abstract: The use of computing devices such as computers, smartphones, and IoT systems has increased exponentially over the past decade. Given this great expansion, it becomes important to identify and correct the vulnerabilities present to ensure the safety of systems and people. Over time, many official entities have emerged that publish news about these vulnerabilities; in addition to these sources, however, social media, such as X (commonly referred to by its former name Twitter), can be used to learn about these vulnerabilities even before they are made public. The goal of this work is to create clusters of tweets, which are grouped according to the description of the vulnerability in the relevant text. This process is accomplished through the use of a combination of two Doc2Vec models and a variant of a BERT model, which allow a text document to be converted into its numerical representation. Once this step was completed, K-means, an unsupervised model for performing clustering, was used, which through this numerical representation obtained in the previous step, groups tweets based on text content.
Download

Paper Nr: 154
Title:

Fuzzing Matter(s): A White Paper for Fuzzing the Matter Protocol

Authors:

Marcello Maugeri

Abstract: IoT and smart home devices have transformed daily life, consequently raising more and more concerns about security vulnerabilities. Robust security testing methods are essential to fortify devices against potential threats. While dynamic analysis techniques, such as fuzzing, help identify vulnerabilities, some challenges arise due to diverse architectures, communication channels and protocols. Testing directly on devices overcomes difficulties in firmware emulation, but lack of protocol standardisation still poses hurdles. The recently released Matter protocol aims to unify smart home ecosystems, thus also simplifying security testing. In particular, Matter inherits the concept of Cluster from Zigbee in its Data Model. The Data Model clearly defines attributes, commands, status codes and events that could be leveraged to design automated security testing techniques such as fuzzing. This paper proposes the design of a fuzzing framework for Matter-enabled smart home devices. The framework employs stateful fuzzing to cover the inherent state-fullness of IoT devices. Such a framework would bestow benefits upon manufacturers, researchers, and end-users.
Download