arXiv daily

Cryptography and Security (cs.CR)

Tue, 09 May 2023

Other arXiv digests in this category:Thu, 14 Sep 2023; Wed, 13 Sep 2023; Tue, 12 Sep 2023; Mon, 11 Sep 2023; Fri, 08 Sep 2023; Tue, 05 Sep 2023; Fri, 01 Sep 2023; Thu, 31 Aug 2023; Wed, 30 Aug 2023; Tue, 29 Aug 2023; Mon, 28 Aug 2023; Fri, 25 Aug 2023; Thu, 24 Aug 2023; Wed, 23 Aug 2023; Tue, 22 Aug 2023; Mon, 21 Aug 2023; Fri, 18 Aug 2023; Thu, 17 Aug 2023; Wed, 16 Aug 2023; Tue, 15 Aug 2023; Mon, 14 Aug 2023; Fri, 11 Aug 2023; Thu, 10 Aug 2023; Wed, 09 Aug 2023; Tue, 08 Aug 2023; Mon, 07 Aug 2023; Fri, 04 Aug 2023; Thu, 03 Aug 2023; Wed, 02 Aug 2023; Tue, 01 Aug 2023; Mon, 31 Jul 2023; Fri, 28 Jul 2023; Thu, 27 Jul 2023; Wed, 26 Jul 2023; Tue, 25 Jul 2023; Mon, 24 Jul 2023; Fri, 21 Jul 2023; Thu, 20 Jul 2023; Wed, 19 Jul 2023; Tue, 18 Jul 2023; Mon, 17 Jul 2023; Fri, 14 Jul 2023; Thu, 13 Jul 2023; Wed, 12 Jul 2023; Tue, 11 Jul 2023; Mon, 10 Jul 2023; Fri, 07 Jul 2023; Thu, 06 Jul 2023; Wed, 05 Jul 2023; Tue, 04 Jul 2023; Mon, 03 Jul 2023; Fri, 30 Jun 2023; Thu, 29 Jun 2023; Wed, 28 Jun 2023; Tue, 27 Jun 2023; Mon, 26 Jun 2023; Fri, 23 Jun 2023; Thu, 22 Jun 2023; Wed, 21 Jun 2023; Tue, 20 Jun 2023; Fri, 16 Jun 2023; Thu, 15 Jun 2023; Tue, 13 Jun 2023; Mon, 12 Jun 2023; Fri, 09 Jun 2023; Thu, 08 Jun 2023; Wed, 07 Jun 2023; Tue, 06 Jun 2023; Mon, 05 Jun 2023; Fri, 02 Jun 2023; Thu, 01 Jun 2023; Wed, 31 May 2023; Tue, 30 May 2023; Mon, 29 May 2023; Fri, 26 May 2023; Thu, 25 May 2023; Wed, 24 May 2023; Tue, 23 May 2023; Mon, 22 May 2023; Fri, 19 May 2023; Thu, 18 May 2023; Wed, 17 May 2023; Tue, 16 May 2023; Mon, 15 May 2023; Fri, 12 May 2023; Thu, 11 May 2023; Wed, 10 May 2023; Mon, 08 May 2023; Fri, 05 May 2023; Thu, 04 May 2023; Wed, 03 May 2023; Tue, 02 May 2023; Mon, 01 May 2023; Fri, 28 Apr 2023; Thu, 27 Apr 2023; Wed, 26 Apr 2023; Tue, 25 Apr 2023; Mon, 24 Apr 2023; Fri, 21 Apr 2023; Thu, 20 Apr 2023; Wed, 19 Apr 2023; Tue, 18 Apr 2023; Mon, 17 Apr 2023; Fri, 14 Apr 2023; Thu, 13 Apr 2023; Wed, 12 Apr 2023; Tue, 11 Apr 2023; Mon, 10 Apr 2023
1.The Day-After-Tomorrow: On the Performance of Radio Fingerprinting over Time

Authors:Saeif Alhazbi, Savio Sciancalepore, Gabriele Oligeri

Abstract: The performance of Radio Frequency (RF) fingerprinting techniques is negatively impacted when the training data is not temporally close to the testing data. This can limit the practical implementation of physical-layer authentication solutions. To circumvent this problem, current solutions involve collecting training and testing datasets at close time intervals -- this being detrimental to the real-life deployment of any physical-layer authentication solution. We refer to this issue as the Day-After-Tomorrow (DAT) effect, being widely attributed to the temporal variability of the wireless channel, which masks the physical-layer features of the transmitter, thus impairing the fingerprinting process. In this work, we investigate the DAT effect shedding light on its root causes. Our results refute previous knowledge by demonstrating that the DAT effect is not solely caused by the variability of the wireless channel. Instead, we prove that it is also due to the power-cycling of the radios, i.e., the turning off and on of the radios between the collection of training and testing data. We show that state-of-the-art RF fingerprinting solutions double their performance when the devices under test are not power-cycled, i.e., the accuracy increases from about 0.5 to about 1 in a controlled scenario. Finally, we propose a new technique to mitigate the DAT effect in real-world scenarios. Our experimental results show a significant improvement in accuracy, from approximately 0.45 to 0.85. Additionally, our solution reduces the variance of the results, making the overall performance more reliable.

2.PSP Framework: A novel risk assessment method in compliance with ISO/SAE-21434

Authors:Franco Oberti, Ernesto Sanchez, Alessandro Savino, Filippo Parisi, Stefano Di Carlo

Abstract: As more cars connect to the internet and other devices, the automotive market has become a lucrative target for cyberattacks. This has made the industry more vulnerable to security threats. As a result, car manufacturers and governments are working together to reduce risks and prevent cyberattacks in the automotive sector. However, existing attack feasibility models derived from the information technology field may not always provide accurate assessments of the potential risks faced by Vehicle Electronic Control Units in different operating conditions and domains. This paper introduces the PUNCH Softronix and Politecnico di Torino (PSP) framework to address this issue. This framework is designed to provide accurate assessments compatible with the attack feasibility models defined by the automotive product security standards. The PSP framework utilizes social sentiment analysis to evaluate the real threat risk levels.

3.Data Protection and Security Issues With Network Error Logging

Authors:Libor Polčák, Kamil Jeřábek

Abstract: Network Error Logging helps web server operators detect operational problems in real-time to provide fast and reliable services. This paper analyses Network Error Logging from two angles. Firstly, this paper overviews Network Error Logging from the data protection view. The ePrivacy Directive requires consent for non-essential access to the end devices. Nevertheless, the Network Error Logging design does not allow limiting the tracking to consenting users. Other issues lay in GDPR requirements for transparency and the obligations in the contract between controllers and processors of personal data. Secondly, this paper explains Network Error Logging exploitations to deploy long-time trackers to the victim devices. Even though users should be able to disable Network Error Logging, it is not clear how to do so. Web server operators can mitigate the attack by configuring servers to preventively remove policies that adversaries might have added.

4.Probabilistic Detection of GNSS Spoofing using Opportunistic Information

Authors:Wenjie Liu, Panos Papadimitratos

Abstract: Global Navigation Satellite Systems (GNSS) are integrated into many devices. However, civilian GNSS signals are usually not cryptographically protected. This makes attacks that forge signals relatively easy. Considering modern devices often have network connections and onboard sensors, the proposed here Probabilistic Detection of GNSS Spoofing (PDS) scheme is based on such opportunistic information. PDS has at its core two parts. First, a regression problem with motion model constraints, which equalizes the noise of all locations considering the motion model of the device. Second, a Gaussian process, that analyzes statistical properties of location data to construct uncertainty. Then, a likelihood function, that fuses the two parts, as a basis for a Neyman-Pearson lemma (NPL)-based detection strategy. Our experimental evaluation shows a performance gain over the state-of-the-art, in terms of attack detection effectiveness.

5.Energy-Efficient Mining for Blockchain-Enabled IoT Applications. An Optimal Multiple-Stopping Time Approach

Authors:Anurag Gupta, Vikram Krishnamurthy

Abstract: What are the optimal times for an Internet of Things (IoT) device to act as a blockchain miner? The aim is to minimize the energy consumed by low-power IoT devices that log their data into a secure (tamper-proof) distributed ledger. We formulate the energy-efficient blockchain mining for IoT devices as a multiple-stopping time partially observed Markov decision process (POMDP) to maximize the probability of adding a block in the blockchain; we also present a model to optimize the number of stops (mining instants). In general, POMDPs are computationally intractable to solve, but we show mathematically using submodularity that the optimal mining policy has a useful structure: 1) it is monotone in belief space, and 2) it exhibits a threshold structure, which divides the belief space into two connected sets. Exploiting the structural results, we formulate a computationally-efficient linear mining policy for the blockchain-enabled IoT device. We present a policy gradient technique to optimize the parameters of the linear mining policy. Finally, we use synthetic and real Bitcoin datasets to study the performance of our proposed mining policy. We demonstrate the energy efficiency achieved by the optimal linear mining policy in contrast to other heuristic strategies.