Secure IT Systems : 27th Nordic Conference, NordSec 2022, Reykjavic, Iceland, November 30–December 2, 2022, Proceedings
معرفی کتاب «Secure IT Systems : 27th Nordic Conference, NordSec 2022, Reykjavic, Iceland, November 30–December 2, 2022, Proceedings» نوشتهٔ Hans P. Reiser, Marcel Kyas، منتشرشده توسط نشر Springer International Publishing AG در سال 1370. این کتاب در 20 صفحه، فرمت pdf، زبان انگلیسی ارائه شده است.
This book constitutes the refereed proceedings of the 27th Nordic Conference on Secure IT Systems, NordSec 2022, held in Reykjavic, Iceland, during November 30 – December 2, 2022. The 20 full papers presented in this volume were carefully reviewed and selected from 89 submissions. The NordSec conference series addresses a broad range of topics within IT security and privacy. Preface Organization Contents Privacy On the Effectiveness of Intersection Attacks in Anonymous Microblogging 1 Introduction 2 Design and Assumptions 2.1 Messaging Patterns 2.2 Threat Model 2.3 Delay 2.4 Cover Traffic 3 Attacks 3.1 User-Pseudonym Linking 3.2 User-Topic Linking 4 Evaluation 4.1 User-Pseudonym Linking 4.2 User-Topic Linking 5 Related Work 6 Conclusion and Future Work References Data Privacy in Ride-Sharing Services: From an Analysis of Common Practices to Improvement of User Awareness 1 Introduction 2 Related Work 3 Analysis of Ride-Sharing Services 3.1 Collection and Exposure of Personal Information 3.2 Privacy-Related Features 4 Proposed Transparency Enhancing Technology 5 Scenario-Based Online Experiment 5.1 Sample 5.2 Setup 5.3 Methods 6 Results 6.1 Privacy Concerns 6.2 Disclosure Rate 6.3 Icon Recognizability and Understandability 6.4 Data Disclosure 6.5 Use of Profile Settings 6.6 Information Usefulness 7 Limitations 8 Conclusion and Outlook References Location Privacy, 5G AKA, and Enhancements 1 Introduction 2 Mobile Network Architecture 3 Contributions and Related Work 4 5G Authentication and Key Agreement Protocol (5G AKA) 4.1 The UE's Identification 4.2 The Authentication and Key Agreement 5 A New Attack: Replay in GUTI (RIG) 5.1 The RIG Attack 6 Feasibility of the RIG Attack 6.1 IMSI-Catchers 6.2 The Attack Area 7 Attacking 5G AKA Enhancements 7.1 Applying the RIG Attack to 5G AKA' 7.2 Discussion on Further 5G AKA Enhancements 8 Protecting Against the RIG Attack 8.1 Threat Model 8.2 A Privacy-Preserving GUTI Protocol 8.3 Remarks on the Security of the Fixed Protocol 8.4 Formal Verification 8.5 Efficiency and Backward Compatibility 9 Conclusion References Local Differential Privacy for Private Construction of Classification Algorithms 1 Introduction 2 Preliminaries 2.1 Local Differential Privacy 2.2 Classification Algorithms 3 Architecture 4 LDP-Based Classification Algorithms 4.1 LDP-Based Naïve Bayes Classifier 4.2 LDP-Based Logistic Regression Classifier 4.3 LDP-Based Decision Tree Classifier 4.4 LDP-Based Random Forest Classifier 5 Experimental Analysis 5.1 Experimental Set-up 5.2 Experimental Results 5.3 Findings 6 Related Work 7 Conclusion and Future Directions A Appendix A.1 Frequency Estimation A.2 Mean Estimation References IMSI Probing: Possibilities and Limitations 1 Introduction 2 IMSI Probing Attack 2.1 Attack Presumptions 2.2 Triggering Paging Messages 2.3 Connection Mode 2.4 Monitoring the Paging Channel 2.5 Result Verification 3 Analyzing Idle Behavior with Passive Phones 3.1 Test Setup 3.2 Idle Time Behavior of Passive Phones 3.3 Analysis of Process Behavior in Passive Mode 4 Analyzing Idle Behavior with Active Phones 5 Empirical Evaluation in Real World Mobile Networks 5.1 Experimental Environment 5.2 Required Number of Probing Repetitions 5.3 Capture Rates 6 Attack Success Probability and Impact Factors 6.1 Passive Mobile Phone with Default Configuration 6.2 Active Mobile Phone with Default Configuration 7 Optimizing the Attack Success Probability 8 A Novel Attack Technique for IMSI Probing 9 Conclusions A Installed Applications in Section4 References Attacks and Attack Detection Honeysweeper: Towards Stealthy Honeytoken Fingerprinting Techniques 1 Introduction 2 Background 3 Related Work 3.1 Honeypot Fingerprinting 3.2 Honeytoken Fingerprinting 4 Methodology 4.1 Honeytoken Analysis 4.2 Honeytoken Fingerprinting 5 Proof of Concept: Honeysweeper 5.1 Overview 5.2 Limitations 6 Countermeasures Against Fingerprinting 7 Conclusion References Towards Self-monitoring Enclaves: Side-Channel Detection Using Performance Counters 1 Introduction 2 Background and Related Work 2.1 Attacks on Trusted Execution Environments 2.2 Detection Methods 3 Characterization of LVI Invariant Footprint 3.1 LVI Attacks 3.2 Measuring LVI Impact 4 Detecting LVI Attacks 4.1 Chosen Attack Indicators 4.2 Footprint-Based Detection 4.3 Detection Performance 5 Towards Self-monitoring Enclaves 6 Conclusions References DeCrypto: Finding Cryptocurrency Miners on ISP Networks 1 Introduction 2 Related Work 3 Datasets 3.1 Generation of Traffic Capture Rules 3.2 Communication Capture 4 Introduction to DeCrypto System 4.1 Weak Indicators of Cryptomining 4.2 Stratum Detector 4.3 TLS SNI Classifier 4.4 ML Classifier 4.5 Meta Classifier 4.6 Selection of the Optimal Detection Parameters 5 Evaluation 6 Deployment 7 Conclusion A Appendix A.1 Detailed Results of Weak-Indication Classifiers References Detection of Voice Conversion Spoofing Attacks Using Voiced Speech 1 Introduction 2 ASVspoof Challenge Dataset and Evaluation Metric 3 Brief Review of Speech Production 4 Spectral Differences in Voiced/Unvoiced Segments from Human and Spoofed Speech 5 Subsampling and Voiced Segmentation as a Pre-processing Stage 6 Spoofing Detection Results Using Proposed Pre-processing Stage 6.1 Brief Overview of Anti-spoofing Systems Used in This Work 6.2 Results Using Proposed Pre-processing Stage 7 Related Work 8 Discussion 9 Conclusions References A Wide Network Scanning for Discovery of UDP-Based Reflectors in the Nordic Countries 1 Introduction 2 Background 2.1 Source IP Address Spoofing 2.2 Calculation of Amplification Factor 2.3 Evaluated Protocols 3 Methodology 4 Results 4.1 IP Demographics 4.2 SSDP 4.3 SNMP 4.4 CoAP 4.5 WSD 4.6 Discussion 5 Related Work 6 Conclusions References GPU-FAN: Leaking Sensitive Data from Air-Gapped Machines via Covert Noise from GPU Fans 1 Introduction 1.1 Air-Gap Networks 1.2 Air-Gap Attacks 1.3 Air-Gap Exfiltration 1.4 Our Contribution 1.5 Contribution to Prior Work 2 Attack Model 2.1 Air-Gap Infection 2.2 Mobile Infection 2.3 Data Gathering 2.4 Data Exfiltration 3 Related Work 3.1 Acoustic 4 Transmission 4.1 GPU Fan Control 4.2 Blade Pass Frequency (BPF) 4.3 Modulation 4.4 Encoding and Framing 4.5 Multiple Fans 5 Reception 6 Evaluation 6.1 Acoustic Range 6.2 Transition Time 6.3 Bit Rates 6.4 Effective Distance 6.5 Data Transmission 7 Countermeasures 8 Conclusion References Secure Protocols and Systems Simplex: Repurposing Intel Memory Protection Extensions for Secure Storage 1 Introduction 2 Background 2.1 Intel MPX 2.2 Information Hiding 3 Simplex 3.1 Threat Model 3.2 Design Decisions 3.3 Simplex-Enabled Compilation 3.4 Context Behavior 4 Implementation 4.1 Components of Simplex 4.2 Security Impact of the Simplex Implementation 5 Evaluation 5.1 Benchmarks 5.2 Modifications to Existing Codebases 6 Related Work 7 Conclusion References Automatic Implementations Synthesis of Secure Protocols and Attacks from Abstract Models 1 Introduction 2 Overview of BIFROST 3 From Abstract Model to Implementation 4 Cryptographic Primitives 5 Attack Generation 6 An Example: The Needham-Schroeder Protocol 6.1 The Needham-Schroeder Protocol 6.2 From Protocol Model to Implementation 6.3 Attacker Implementation Generation 7 Conclusion References How to Avoid Repetitions in Lattice-Based Deniable Zero-Knowledge Proofs 1 Introduction 1.1 Our Contribution 1.2 Illustrating Our Technique 2 Preliminaries: (Public Coin) Interactive Proofs 3 The Transformation 3.1 Security Analysis 3.2 Extensions 4 Applications 4.1 Canonical Identification Schemes 4.2 Non-transferable Signatures 4.3 eVoting with CAI and CR Properties 4.4 Settings Where Our Result Is Not Useful 5 Implementation 6 Conclusion References Security Analysis Obfuscation-Resilient Semantic Functionality Identification Through Program Simulation 1 Introduction 2 Related Work 2.1 Semantic Binary Code Similarity 3 Approach 3.1 Program Simulation 3.2 Function Input and Output Matching 4 Evaluation 4.1 Samples 4.2 Obfuscation Techniques 5 Results 5.1 Costs 5.2 Resilience 5.3 Analysis Times 5.4 Limitations 6 Conclusions References Malware Analysis with Symbolic Execution and Graph Kernel 1 Introduction 2 On Graph Comparison for Malware Analysis 2.1 Graph Kernels 3 Approach: Symbolic Execution + Machine Learning for Malware Analysis 3.1 Extraction of Calls 3.2 Creating SCDGs 3.3 Creating a Classification Model and Evaluate New Samples 4 Experimental Results 5 Future Work A Gspan Algorithm References WearSec: Towards Automated Security Evaluation of Wireless Wearable Devices 1 Introduction 2 Related Work 2.1 Device Detection and Fingerprinting 2.2 Vulnerability Identification 3 Prototype Concept Description 4 Implementation Considerations 4.1 Frequency Bandwidth Consideration 4.2 Choice of SDR Device 4.3 Data Capture Bandwidth Issues 4.4 Interference by Surrounding Signals 4.5 Lack of Open Source, Instrumentable Low-Level Protocol Stack 5 Conclusions and Future Work References Forensics Maraudrone's Map: An Interactive Web Application for Forensic Analysis and Visualization of DJI Drone Log Data 1 Introduction 1.1 Related Work 1.2 Contribution 1.3 Outline 2 Background 2.1 UAV Models 2.2 DJI Drone Setup 2.3 DJI Universal Markup Language 3 DROP Extension for DATv3 3.1 Usage 3.2 Parsing of Log Messages 4 Anomaly Detection 4.1 Technical Anomalies 4.2 Flight Anomalies 4.3 Severity of Anomalies 5 Maraudrone's Map 6 Evaluation 6.1 DROP Extension 6.2 Maraudrone's Map 6.3 Anomaly Detection 6.4 Limitations 7 Conclusion and Future Work References VinciDecoder: Automatically Interpreting Provenance Graphs into Textual Forensic Reports with Application to OpenStack 1 Introduction 2 Preliminaries 2.1 Provenance Graph 2.2 Neural Machine Translation 2.3 Assumptions 3 VinciDecoder 3.1 Overview 3.2 Path to Intermediary Language Translation (PILT) 3.3 Normalization 3.4 Translation Model Training 3.5 Automatic Report Generation 4 Implementation and Evaluation 4.1 Evaluation Using Cloud Management-Level Provenance Graphs 4.2 Large Scale Experiments Using CVE-Based Provenance Graphs 4.3 User-Based Study 5 Discussion 6 Related Work 7 Conclusion References Actionable Cyber Threat Intelligence for Automated Incident Response 1 Introduction 2 Background and Related Work 2.1 Current Situation 2.2 Related Work 2.3 Gap Analysis 3 Methodology 3.1 Intelligence Gathering 3.2 CTI Filtering and Ranking 3.3 Pattern Building 3.4 Pattern Matching 4 Implementation and Evaluation 4.1 Implementation 4.2 Experimental Setup 4.3 Results 5 Conclusion References Author Index
دانلود کتاب Secure IT Systems : 27th Nordic Conference, NordSec 2022, Reykjavic, Iceland, November 30–December 2, 2022, Proceedings