Cryptography and Security (cs.CR)

Abstract: Since communication signals are publicly exposed while they transmit across space, Ad Hoc Networks (MANETs) are where secured communication is most crucial. Unfortunately, these systems are more open to intrusions that range from passive listening to aggressive spying. A Hybrid Team centric Re-Key Control Framework (HT-RCF) suggests that this research examines private group communication in Adhoc environments. Each group selects a Group Manager to oversee the group's members choose the group manager, and the suggested HT-RCF uses the Improved Hybrid Power-Aware Decentralized (I-HPAD) mechanism. The Key Distribution Center (KDC) generates the keys and distributes them to the group managers (GMs) using the base algorithm Rivest Shamir Adleman (RSA). The key agreement technique is investigated for safe user-user communication. Threats that aim to exploit a node are recognized and stopped using regular transmissions. The rekeying procedure is started every time a node enters and exits the network. The research findings demonstrate that the suggested approach outperforms the currently used Cluster-based Group Key Management in terms of power use, privacy level, storage use, and processing time.

Abstract: Wireless Ad-Hoc Networks are especially helpful and quite well for essential circumstances such as defense, public safety, and disaster recovery. MANETs require communication privacy and security, notably in core routing protocols, when functioning in hostile or suspicious environments. The Trust Aware Privacy-Preserving Protocol (TAP3) is a mechanism for supporting the origin in proactively selecting a trust-able target and doing privacy-preserving route verification. We suggest TAP3 using the fellow recommendation model for MANETs in this work. Nodes use their features to discover their fellow node and use the trust to create strong connections with the random node via a multi-hop trusting chain by identifying the secure location. The verification duties are then spread among the nodes and validate the log updates without exposing the nodes' details. Unlike previous models that uncover node vulnerabilities or misconduct after an attack, TAP3 may guarantee the origin node to prevent data from being transferred through malicious nodes from the beginning and do verification without needing a third party. Our results show that this approach can locate problematic nodes with minimal overhead than the conventional routing protocol.

Abstract: The two biggest problems with wireless sensor networks are security and energy usage. In sensing devices, malicious nodes could be found in large numbers. The researchers have proposed several methods to find these rogue nodes. To prevent assaults on these networks and data transmission, the data must be secured. Data aggregation aids in reducing the number of messages transmitted within the network, which in turn lowers total network energy consumption. Additionally, when decrypting the aggregated data, the base station can distinguish between encrypted and consolidated analysis based on top of the cryptographic keys. By examining the effectiveness of the data aggregation in this research. To solve the above problem, the system provides a method in which an efficient cluster agent is preferred pedestal on its location at the access point and energy availability. The sensor network's energy consumption is reduced by selecting an effective cluster agent, extending the network's lifespan. The cluster's agent is in indict of compiling data for each member node. The clustering agent validates the data and tosses any errors before aggregation. The clustering agent only aggregates confirmed data. To provide end-to-end anonymity, ElGamal elliptic curve (ECE) encryption is used to secure the client data and reassign the encrypted information en route for the cluster agent. Only the base station (BS) can decrypt the data. Furthermore, an ID-based signature system is utilized to enable authenticity. This research presents a technique for recuperating lost data. The access point employs a cache-based backup system to search for lost data.

Abstract: Trusted Platform Modules constitute an integral building block of modern security features. Moreover, as Windows 11 made a TPM 2.0 mandatory, they are subject to an ever-increasing academic challenge. While discrete TPMs - as found in higher-end systems - have been susceptible to attacks on their exposed communication interface, more common firmware TPMs (fTPMs) are immune to this attack vector as they do not communicate with the CPU via an exposed bus. In this paper, we analyze a new class of attacks against fTPMs: Attacking their Trusted Execution Environment can lead to a full TPM state compromise. We experimentally verify this attack by compromising the AMD Secure Processor, which constitutes the TEE for AMD's fTPMs. In contrast to previous dTPM sniffing attacks, this vulnerability exposes the complete internal TPM state of the fTPM. It allows us to extract any cryptographic material stored or sealed by the fTPM regardless of authentication mechanisms such as Platform Configuration Register validation or passphrases with anti-hammering protection. First, we demonstrate the impact of our findings by - to the best of our knowledge - enabling the first attack against Full Disk Encryption solutions backed by an fTPM. Furthermore, we lay out how any application relying solely on the security properties of the TPM - like Bitlocker's TPM- only protector - can be defeated by an attacker with 2-3 hours of physical access to the target device. Lastly, we analyze the impact of our attack on FDE solutions protected by a TPM and PIN strategy. While a naive implementation also leaves the disk completely unprotected, we find that BitLocker's FDE implementation withholds some protection depending on the complexity of the used PIN. Our results show that when an fTPM's internal state is compromised, a TPM and PIN strategy for FDE is less secure than TPM-less protection with a reasonable passphrase.

Abstract: This research article presents various design patterns for improving interoperability in Polkadot, a blockchain platform. These patterns include chain bridges, interoperability standards, common asset identifiers, governance agreements, oracle chains, and a hypothetical design pattern called Zero Trust Chain. Implementation of these design patterns can help improve security and confidence in transactions between different chains on the Polkadot network, allowing for faster and more efficient communication. The article also emphasizes the importance of interoperability in blockchain technology and highlights Polkadot's flexibility in creating customized specialized chains that can further improve interoperability on the network. Overall, this article highlights how design patterns can improve interoperability in Polkadot, which could lead to greater adoption of blockchain technology in various industries.

Abstract: This paper presents the FlowTransformer framework, a novel approach for implementing transformer-based Network Intrusion Detection Systems (NIDSs). FlowTransformer leverages the strengths of transformer models in identifying the long-term behaviour and characteristics of networks, which are often overlooked by most existing NIDSs. By capturing these complex patterns in network traffic, FlowTransformer offers a flexible and efficient tool for researchers and practitioners in the cybersecurity community who are seeking to implement NIDSs using transformer-based models. FlowTransformer allows the direct substitution of various transformer components, including the input encoding, transformer, classification head, and the evaluation of these across any flow-based network dataset. To demonstrate the effectiveness and efficiency of the FlowTransformer framework, we utilise it to provide an extensive evaluation of various common transformer architectures, such as GPT 2.0 and BERT, on three commonly used public NIDS benchmark datasets. We provide results for accuracy, model size and speed. A key finding of our evaluation is that the choice of classification head has the most significant impact on the model performance. Surprisingly, Global Average Pooling, which is commonly used in text classification, performs very poorly in the context of NIDS. In addition, we show that model size can be reduced by over 50\%, and inference and training times improved, with no loss of accuracy, by making specific choices of input encoding and classification head instead of other commonly used alternatives.

Abstract: We study the gap between user perceptions of social media verification indicators and their actual meaning, and the type of behavior that emerges when such a gap is present. We use recent changes to Twitter's verification process as a unique case study wherein the meaning of a verification indicator has rapidly shifted. The study consists of a U.S. demographically-representative survey of 300 respondents and quantitative and qualitative analyses of results, and an analysis of verified Twitter accounts sampled from a large-scale dataset of 15 million Tweets collected in October 2022. The survey addresses differences in user-perceived and actual requirements for verification marks on popular social media platforms, with a focus on evolving perceptions of verification marks on Twitter. We find that more than half of survey respondents misunderstood Twitter's criteria for assigning blue verification check marks to user accounts; more than 80% of survey respondents did not understand what differentiated blue check marks from gold and grey check marks. We also note interesting correlations between respondent age and perception of verification marks. From our qualitative analysis of verified user accounts, we find that cryptocurrency promotion accounts constitute significantly more Blue subscribers than our randomly sampled control dataset, indicating that a significant number of Blue users may be leveraging the confusion between legacy and Blue verification to promote their own commodities. Finally, we provide recommendations for improving verification indicators and processes on social media.

Abstract: When a threat is observed, one of the most important challenges is to choose the most appropriate and adequate timely decisions in response to the current and near future situation in order to have the least consequences and costs. Making the appropriate and sufficient decisions requires knowing what situations the threat has engendered or may engender. In this paper, we propose a quantitative risk-based method called QR-SACP to calculate and project situational awareness in a network based on threat information sharing. In this method, we investigate a threat from different aspects and evaluate the threat's effects through dependency weight among a network's services. We calculate the definite effect of a threat on a service and the cascading propagation of the threat's definite effect on other dependent services to that service. In addition, we project the probability of a threat propagation or recurrence of the threat in other network services in three ways: procedurally, network connections and similar infrastructure or services. Experimental results demonstrate that the QR-SACP method can calculate and project definite and probable threats' effects across the entire network and reveal more details about the threat's current and near future situations.

Abstract: The growing adoption of IT solutions in the healthcare sector is leading to a steady increase in the number of cybersecurity incidents. As a result, organizations worldwide have introduced regulations, standards, and best practices to address cybersecurity and data protection issues in this sector. However, the application of this large corpus of documents presents operational difficulties, and operators continue to lag behind in resilience to cyber attacks. This paper contributes a systematization of the significant cybersecurity documents relevant to the healthcare sector. We collected the 49 most significant documents and used the NIST cybersecurity framework to categorize key information and support the implementation of cybersecurity measures.