Visible to the public Biblio

Found 169 results

Filters: Keyword is Electronic mail  [Clear All Filters]
2023-03-03
Krishnamoorthy, R., Arun, S., Sujitha, N., Vijayalakshmi, K.M, Karthiga, S., Thiagarajan, R..  2022.  Proposal of HMAC based Protocol for Message Authenication in Kerberos Authentication Protocol. 2022 Second International Conference on Artificial Intelligence and Smart Energy (ICAIS). :1443–1447.
Kerberos protocol is a derivative type of server used for the authentication purpose. Kerberos is a network-based authentication protocol which communicates the tickets from one network to another in a secured manner. Kerberos protocol encrypts the messages and provides mutual authentication. Kerberos uses the symmetric cryptography which uses the public key to strengthen the data confidentiality. The KDS Key Distribution System gives the center of securing the messages. Kerberos has certain disadvantages as it provides public key at both ends. In this proposed approach, the Kerberos are secured by using the HMAC Hash-based Message Authentication Code which is used for the authentication of message for integrity and authentication purpose. It verifies the data by authentication, verifies the e-mail address and message integrity. The computer network and security are authenticated by verifying the user or client. These messages which are transmitted and delivered have to be integrated by authenticating it. Kerberos authentication is used for the verification of a host or user. Authentication is based on the tickets on credentials in a secured way. Kerberos gives faster authentication and uses the unique ticketing system. It supports the authentication delegation with faster efficiency. These encrypt the standard by encrypting the tickets to pass the information.
2023-02-17
Rekeraho, Alexandre, Balan, Titus, Cotfas, Daniel T., Cotfas, Petru A., Acheampong, Rebecca, Musuroi, Cristian.  2022.  Sandbox Integrated Gateway for the Discovery of Cybersecurity Vulnerabilities. 2022 International Symposium on Electronics and Telecommunications (ISETC). :1–4.
Emails are widely used as a form of communication and sharing files in an organization. However, email is widely used by cybercriminals to spread malware and carrying out cyber-attacks. We implemented an open-source email gateway in conjunction with a security sandbox for securing emails against malicious attachments. The email gateway scans all incoming and outgoing emails and stops emails containing suspicious files. An automated python script would then send the suspected email to the sandboxing element through sandbox API for further analysis, while the script is used also for the prevention of duplicate results. Moreover, the mail server administrator receives notifications from the email gateway about suspicious attachments. If detected attachment is a true positive based on the sandbox analysis result, email is deleted, otherwise, the email is delivered to the recipient. The paper describes in an empirical way the steps followed during the implementation, results, and conclusions of our research.
ISSN: 2475-7861
2023-02-13
Yu, Beiyuan, Li, Pan, Liu, Jianwei, Zhou, Ziyu, Han, Yiran, Li, Zongxiao.  2022.  Advanced Analysis of Email Sender Spoofing Attack and Related Security Problems. 2022 IEEE 9th International Conference on Cyber Security and Cloud Computing (CSCloud)/2022 IEEE 8th International Conference on Edge Computing and Scalable Cloud (EdgeCom). :80—85.

A mail spoofing attack is a harmful activity that modifies the source of the mail and trick users into believing that the message originated from a trusted sender whereas the actual sender is the attacker. Based on the previous work, this paper analyzes the transmission process of an email. Our work identifies new attacks suitable for bypassing SPF, DMARC, and Mail User Agent’s protection mechanisms. We can forge much more realistic emails to penetrate the famous mail service provider like Tencent by conducting the attack. By completing a large-scale experiment on these well-known mail service providers, we find some of them are affected by the related vulnerabilities. Some of the bypass methods are different from previous work. Our work found that this potential security problem can only be effectively protected when all email service providers have a standard view of security and can configure appropriate security policies for each email delivery node. In addition, we also propose a mitigate method to defend against these attacks. We hope our work can draw the attention of email service providers and users and effectively reduce the potential risk of phishing email attacks on them.

2023-02-03
Kersten, Leon, Burda, Pavlo, Allodi, Luca, Zannone, Nicola.  2022.  Investigating the Effect of Phishing Believability on Phishing Reporting. 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). :117–128.
Phishing emails are becoming more and more sophisticated, making current detection techniques ineffective. The reporting of phishing emails from users is, thus, crucial for organizations to detect phishing attacks and mitigate their effect. Despite extensive research on how the believability of a phishing email affects detection rates, there is little to no research about the relationship between the believability of a phishing email and the associated reporting rate. In this work, we present a controlled experiment with 446 subjects to evaluate how the reporting rate of a phishing email is linked to its believability and detection rate. Our results show that the reporting rate decreases as the believability of the email increases and that around half of the subjects who detect the mail as phishing, have an intention to report the email. However, the group intending to report an email is not a subset of the group detecting the mail as phishing, suggesting that reporting is still a concept misunderstood by many.
ISSN: 2768-0657
2022-12-20
Cheng, Leixiao, Meng, Fei.  2022.  An Improvement on “CryptCloud$^\textrm+\$$: Secure and Expressive Data Access Control for Cloud Storage”. IEEE Transactions on Services Computing. :1–2.
Recently, Ning et al. proposed the “CryptCloud$^\textrm+\$$: Secure and Expressive Data Access Control for Cloud Storage” in IEEE Transaction on Services Computing. This work provided two versatile ciphertext-policy attribute-based encryption (CP-ABE) schemes to achieve flexible access control on encrypted data, namely ATER-CP-ABE and ATIR-CP-ABE, both of which have attractive advantages, such as white-box malicious user traceability, semi-honest authority accountability, public auditing and user revocation. However, we find a bug of access control in both schemes, i.e., a non-revoked user with attribute set \$S\$ can decrypt the ciphertext \$ct\$ encrypted under any access policy \$(A,\textbackslashrho )\$, regardless of whether \$S\$ satisfies \$(A,\textbackslashrho )\$ or not. This paper carefully analyzes the bug, and makes an improvement on Ning's pioneering work, so as to fix it.
Conference Name: IEEE Transactions on Services Computing
2022-10-13
Sakurai, Yuji, Watanabe, Takuya, Okuda, Tetsuya, Akiyama, Mitsuaki, Mori, Tatsuya.  2020.  Discovering HTTPSified Phishing Websites Using the TLS Certificates Footprints. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). :522—531.
With the recent rise of HTTPS adoption on the Web, attackers have begun "HTTPSifying" phishing websites. HTTPSifying a phishing website has the advantage of making the website appear legitimate and evading conventional detection methods that leverage URLs or web contents in the network. Further, adopting HTTPS could also contribute to generating intrinsic footprints and provide defenders with a great opportunity to monitor and detect websites, including phishing sites, as they would need to obtain a public-key certificate issued for the preparation of the websites. The potential benefits of certificate-based detection include: (1) the comprehensive monitoring of all HTTPSified websites by using certificates immediately after their issuance, even if the attacker utilizes dynamic DNS (DDNS) or hosting services; this could be overlooked with the conventional domain-registration-based approaches; and (2) to detect phishing websites before they are published on the Internet. Accordingly, we address the following research question: How can we make use of the footprints of TLS certificates to defend against phishing attacks? For this, we collected a large set of TLS certificates corresponding to phishing websites from Certificate Transparency (CT) logs and extensively analyzed these TLS certificates. We demonstrated that a template of common names, which are equivalent to the fully qualified domain names, obtained through the clustering analysis of the certificates can be used for the following promising applications: (1) The discovery of previously unknown phishing websites with low false positives and (2) understanding the infrastructure used to generate the phishing websites. We use our findings on the abuse of free certificate authorities (CAs) for operating HTTPSified phishing websites to discuss possible solutions against such abuse and provide a recommendation to the CAs.
Li, Xue, Zhang, Dongmei, Wu, Bin.  2020.  Detection method of phishing email based on persuasion principle. 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). 1:571—574.
“Phishing emails” are phishing emails with illegal links that direct users to pages of some real websites that are spoofed, or pages where real HTML has been inserted with dangerous HTML code, so as to deceive users' private information such as bank or credit card account numbers, email account numbers, and passwords. People are the most vulnerable part of security. Phishing emails use human weaknesses to attack. This article describes the application of the principle of persuasion in phishing emails, and based on the existing methods, this paper proposes a phishing email detection method based on the persuasion principle. The principle of persuasion principle is to count whether the corresponding word of the feature appears in the mail. The feature is selected using an information gain algorithm, and finally 25 features are selected for detection. Finally experimentally verified, accuracy rate reached 99.6%.
Basit, Abdul, Zafar, Maham, Javed, Abdul Rehman, Jalil, Zunera.  2020.  A Novel Ensemble Machine Learning Method to Detect Phishing Attack. 2020 IEEE 23rd International Multitopic Conference (INMIC). :1—5.
Currently and particularly with remote working scenarios during COVID-19, phishing attack has become one of the most significant threats faced by internet users, organizations, and service providers. In a phishing attack, the attacker tries to steal client sensitive data (such as login, passwords, and credit card details) using spoofed emails and fake websites. Cybercriminals, hacktivists, and nation-state spy agencies have now got a fertilized ground to deploy their latest innovative phishing attacks. Timely detection of phishing attacks has become most crucial than ever. Machine learning algorithms can be used to accurately detect phishing attacks before a user is harmed. This paper presents a novel ensemble model to detect phishing attacks on the website. We select three machine learning classifiers: Artificial Neural Network (ANN), K-Nearest Neighbors (KNN), and Decision Tree (C4.5) to use in an ensemble method with Random Forest Classifier (RFC). This ensemble method effectively detects website phishing attacks with better accuracy than existing studies. Experimental results demonstrate that the ensemble of KNN and RFC detects phishing attacks with 97.33% accuracy.
Jin, Yong, Tomoishi, Masahiko, Yamai, Nariyoshi.  2020.  A Detour Strategy for Visiting Phishing URLs Based on Dynamic DNS Response Policy Zone. 2020 International Symposium on Networks, Computers and Communications (ISNCC). :1—6.
Email based Uniform Resource Locator (URL) distribution is one of the popular ways for starting phishing attacks. Conventional anti-phishing solutions rely on security facilities and investigate all incoming emails. This makes the security facilities get overloaded and cause consequences of upgrades or new deployments even with no better options. This paper presents a novel detour strategy for the traffic of visiting potential phishing URLs based on dynamic Domain Name System (DNS) Response Policy Zone (RPZ) in order to mitigate the overloads on security facilities. In the strategy, the URLs included in the incoming emails will be extracted and the corresponding Fully Qualified Domain Name (FQDN) will be registered in the RPZ of the local DNS cache server with mapping the IP address of a special Hypertext Transfer Protocol (HTTP) proxy. The contribution of the approach is to avoid heavy investigations on all incoming emails and mitigate the overloads on security facilities by directing the traffic to phishing URLs to the special HTTP proxy connected with a set of security facilities conducting various inspections. The evaluation results on the prototype system showed that the URL extraction and FQDN registration were finished before the emails had been delivered and accesses to the URLs were successfully directed to the special HTTP proxy. The results of overhead measurements also confirmed that the proposed strategy only affected the internal email server with 11% of performance decrease on the prototype system.
Drury, Vincent, Meyer, Ulrike.  2020.  No Phishing With the Wrong Bait: Reducing the Phishing Risk by Address Separation. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). :646—652.
Email-based phishing is still a widespread problem, that affects many users worldwide. Although many aspects of phishing have been extensively studied in the past, they mainly focus on the execution and prevention of different types of phishing and do not consider the process how attackers collect the contact information of potential victims. In this paper, we analyze the collection process of email addresses in more detail. Based on the results of this analysis, we propose email address separation as a way for users to detect phishing emails, and reason about its effectiveness against several typical types of phishing attacks. We find, that email address separation has the potential to greatly reduce the perceived authenticity of general phishing emails, that target a large amount of users, e.g., by impersonating a popular service and spreading malware or links to phishing websites. It is, however, not likely to prevent more sophisticated phishing attacks, that do not depend on the impersonation of a previously known organization or entity. Our results motivate further studies to analyze the usability and applicability of the proposed method, and to determine, whether address separation has additional positive effects on users’ phishing awareness or automated phishing detection.
A.A., Athulya, K., Praveen.  2020.  Towards the Detection of Phishing Attacks. 2020 4th International Conference on Trends in Electronics and Informatics (ICOEI)(48184). :337—343.
Phishing is an act of creating a website similar to a legitimate website with a motive of stealing user's confidential information. Phishing fraud might be the most popular cybercrime. Phishing is one of the risks that originated a couple of years back but still prevailing. This paper discusses various phishing attacks, some of the latest phishing evasion techniques used by attackers and anti-phishing approaches. This review raises awareness of those phishing strategies and helps the user to practice phishing prevention. Here, a hybrid approach of phishing detection also described having fast response time and high accuracy.
2022-10-12
Sharevski, Filipo, Jachim, Peter.  2021.  Alexa in Phishingland: Empirical Assessment of Susceptibility to Phishing Pretexting in Voice Assistant Environments. 2021 IEEE Security and Privacy Workshops (SPW). :207—213.
This paper investigates what cues people use to spot a phishing email when the email is spoken back to them by the Alexa voice assistant, instead of read on a screen. We configured Alexa to read there emails to a sample of 52 participants and ask for their phishing evaluations. We also asked a control group of another 52 participants to evaluate these emails on a regular screen to compare the plausibility of phishing pretexting in voice assistant environments. The results suggest that Alexa can be used for pretexting users that lack phishing awareness to receive and act upon a relatively urgent email from an authoritative sender. Inspecting the sender (authority cue”) and relying on their personal experiences helped participants with higher phishing awareness to use Alexa towards a preliminary email screening to flag an email as potentially “phishing.”
Lim, Jaewan, Zhou, Lina, Zhang, Dongsong.  2021.  Verbal Deception Cue Training for the Detection of Phishing Emails. 2021 IEEE International Conference on Intelligence and Security Informatics (ISI). :1—3.
Training on cues to deception is one of the promising ways of addressing humans’ poor performance in deception detection. However, the effect of training may be subject to the context of deception and the design of training. This study aims to investigate the effect of verbal cue training on the performance of phishing email detection by comparing different designs of training and examining the effect of topic familiarity. Based on the results of a lab experiment, we not only confirm the effect of training but also provide suggestions on how to design training to better facilitate the detection of phishing emails. In addition, our results also discover the effect of topic familiarity on phishing detection. The findings of this study have significant implications for the mitigation and intervention of online deception.
2022-08-12
Medeiros, Ibéria, Neves, Nuno.  2020.  Impact of Coding Styles on Behaviours of Static Analysis Tools for Web Applications. 2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S). :55–56.

Web applications have become an essential resource to access the services of diverse subjects (e.g., financial, healthcare) available on the Internet. Despite the efforts that have been made on its security, namely on the investigation of better techniques to detect vulnerabilities on its source code, the number of vulnerabilities exploited has not decreased. Static analysis tools (SATs) are often used to test the security of applications since their outcomes can help developers in the correction of the bugs they found. The conducted investigation made over SATs stated they often generate errors (false positives (FP) and false negatives (FN)), whose cause is recurrently associated with very diverse coding styles, i.e., similar functionality is implemented in distinct manners, and programming practices that create ambiguity, such as the reuse and share of variables. Based on a common practice of using multiple forms in a same webpage and its processing in a single file, we defined a use case for user login and register with six coding styles scenarios for processing their data, and evaluated the behaviour of three SATs (phpSAFE, RIPS and WAP) with them to verify and understand why SATs produce FP and FN.

2022-07-12
Ivanov, Michael A., Kliuchnikova, Bogdana V., Chugunkov, Ilya V., Plaksina, Anna M..  2021.  Phishing Attacks and Protection Against Them. 2021 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus). :425—428.
Phishing, ransomware and cryptojacking are the main threats to cyber security in recent years. We consider the stages of phishing attacks, examples of such attacks, specifically, attacks using ransomware, malicious PDF files, and banking trojans. The article describes the specifics of phishing emails. Advices on phishing protection are given.
2022-06-06
Dimitriadis, Athanasios, Lontzetidis, Efstratios, Mavridis, Ioannis.  2021.  Evaluation and Enhancement of the Actionability of Publicly Available Cyber Threat Information in Digital Forensics. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :318–323.

Cyber threat information can be utilized to investigate incidents by leveraging threat-related knowledge from prior incidents with digital forensic techniques and tools. However, the actionability of cyber threat information in digital forensics has not yet been evaluated. Such evaluation is important to ascertain that cyber threat information is as actionable as it can be and to reveal areas of improvement. In this study, a dataset of cyber threat information products was created from well-known cyber threat information sources and its actionability in digital forensics was evaluated. The evaluation results showed a high level of cyber threat information actionability that still needs enhancements in supporting some widely present types of attacks. To further enhance the provision of actionable cyber threat information, the development of the new TREVItoSTIX Autopsy module is presented. TREVItoSTIX allows the expression of the findings of an incident investigation in the structured threat information expression format in order to be easily shared and reused in future digital forensics investigations.

2022-04-26
AlQahtani, Ali Abdullah S., Alamleh, Hosam, El-Awadi, Zakaria.  2021.  Secure Digital Signature Validated by Ambient User amp;\#x2019;s Wi-Fi-enabled devices. 2021 IEEE 5th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE). :159–162.

In cyberspace, a digital signature is a mathematical technique that plays a significant role, especially in validating the authenticity of digital messages, emails, or documents. Furthermore, the digital signature mechanism allows the recipient to trust the authenticity of the received message that is coming from the said sender and that the message was not altered in transit. Moreover, a digital signature provides a solution to the problems of tampering and impersonation in digital communications. In a real-life example, it is equivalent to a handwritten signature or stamp seal, but it offers more security. This paper proposes a scheme to enable users to digitally sign their communications by validating their identity through users’ mobile devices. This is done by utilizing the user’s ambient Wi-Fi-enabled devices. Moreover, the proposed scheme depends on something that a user possesses (i.e., Wi-Fi-enabled devices), and something that is in the user’s environment (i.e., ambient Wi-Fi access points) where the validation process is implemented, in a way that requires no effort from users and removes the "weak link" from the validation process. The proposed scheme was experimentally examined.

2021-11-08
He, Hongmei, Gray, John, Cangelosi, Angelo, Meng, Qinggang, McGinnity, T. M., Mehnen, Jörn.  2020.  The Challenges and Opportunities of Artificial Intelligence for Trustworthy Robots and Autonomous Systems. 2020 3rd International Conference on Intelligent Robotic and Control Engineering (IRCE). :68–74.
Trust is essential in designing autonomous and semiautonomous Robots and Autonomous Systems (RAS), because of the ``No trust, no use'' concept. RAS should provide high quality services, with four key properties that make them trustworthy: they must be (i) robust with regards to any system health related issues, (ii) safe for any matters in their surrounding environments, (iii) secure against any threats from cyber spaces, and (iv) trusted for human-machine interaction. This article thoroughly analyses the challenges in implementing the trustworthy RAS in respects of the four properties, and addresses the power of AI in improving the trustworthiness of RAS. While we focus on the benefits that AI brings to human, we should realize the potential risks that could be caused by AI. This article introduces for the first time the set of key aspects of human-centered AI for RAS, which can serve as a cornerstone for implementing trustworthy RAS by design in the future.
2021-09-21
Sathya, K, Premalatha, J, Suwathika, S.  2020.  Reinforcing Cyber World Security with Deep Learning Approaches. 2020 International Conference on Communication and Signal Processing (ICCSP). :0766–0769.
In the past decade, the Machine Learning (ML) and Deep learning (DL) has produced much research interest in the society and attracted them. Now-a-days, the Internet and social life make a lead in most of their life but it has serious social threats. It is a challenging thing to protect the sensitive information, data network and the computers which are in unauthorized cyber-attacks. For protecting the data's we need the cyber security. For these problems, the recent technologies of Deep learning and Machine Learning are integrated with the cyber-attacks to provide the solution for the problems. This paper gives a synopsis of utilizing deep learning to enhance the security of cyber world and various challenges in integrating deep learning into cyber security are analyzed.
2021-05-20
Razaque, Abdul, Frej, Mohamed Ben Haj, Sabyrov, Dauren, Shaikhyn, Aidana, Amsaad, Fathi, Oun, Ahmed.  2020.  Detection of Phishing Websites using Machine Learning. 2020 IEEE Cloud Summit. :103—107.

Phishing sends malicious links or attachments through emails that can perform various functions, including capturing the victim's login credentials or account information. These emails harm the victims, cause money loss, and identity theft. In this paper, we contribute to solving the phishing problem by developing an extension for the Google Chrome web browser. In the development of this feature, we used JavaScript PL. To be able to identify and prevent the fishing attack, a combination of Blacklisting and semantic analysis methods was used. Furthermore, a database for phishing sites is generated, and the text, links, images, and other data on-site are analyzed for pattern recognition. Finally, our proposed solution was tested and compared to existing approaches. The results validate that our proposed method is capable of handling the phishing issue substantially.

2021-05-13
Feng, Liu, Jie, Yang, Deli, Kong, Jiayin, Qi.  2020.  A Secure Multi-party Computation Protocol Combines Pederson Commitment with Schnorr Signature for Blockchain. 2020 IEEE 20th International Conference on Communication Technology (ICCT). :57—63.

Blockchain is being pursued by a growing number of people with its characteristics of openness, transparency, and decentralization. At the same time, how to secure privacy protection in such an open and transparent ledger is an urgent issue to be solved for deep study. Therefore, this paper proposes a protocol based on Secure multi-party computation, which can merge and sign different transaction messages under the anonymous condition by using Pedersen commitment and Schnorr Signature. Through the rationality proof and security analysis, this paper demonstrates the private transaction is safe under the semi-honest model. And its computational cost is less than the equivalent multi-signature model. The research has made some innovative contributions to the privacy computing theory.

Peck, Sarah Marie, Khan, Mohammad Maifi Hasan, Fahim, Md Abdullah Al, Coman, Emil N, Jensen, Theodore, Albayram, Yusuf.  2020.  Who Would Bob Blame? Factors in Blame Attribution in Cyberattacks Among the Non-Adopting Population in the Context of 2FA 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). :778–789.
This study focuses on identifying the factors contributing to a sense of personal responsibility that could improve understanding of insecure cybersecurity behavior and guide research toward more effective messaging targeting non-adopting populations. Towards that, we ran a 2(account type) x2(usage scenario) x2(message type) between-group study with 237 United States adult participants on Amazon MTurk, and investigated how the non-adopting population allocates blame, and under what circumstances they blame the end user among the parties who hold responsibility: the software companies holding data, the attackers exposing data, and others. We find users primarily hold service providers accountable for breaches but they feel the same companies should not enforce stronger security policies on users. Results indicate that people do hold end users accountable for their behavior in the event of a breach, especially when the users' behavior affects others. Implications of our findings in risk communication is discussed in the paper.
2021-04-27
Tolsdorf, J., Iacono, L. Lo.  2020.  Vision: Shred If Insecure – Persuasive Message Design as a Lesson and Alternative to Previous Approaches to Usable Secure Email Interfaces. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :172–177.
Despite the advances in research on usable secure email, the majority of mail user agents found in practice still violates best practices in UI design and uses ineffective and inhomogeneous design strategies to communicate and let users control the security status of an email message.We propose a novel interaction and design concept that we refer to as persuasive message design. Our approach is derived from heuristics and a systematic meta-study of existing HCI literature on email management, usable secure email and phishing research. Concluding on this body of knowledge we propose the design of interfaces that suppress weak cues and instead manipulate the display of emails according to their technical security level. Persuasive message design addresses several shortcomings of current secure email user interfaces and provides a consistent user experience that can be deployed even by email providers.
2021-03-30
Gillen, R. E., Carter, J. M., Craig, C., Johnson, J. A., Scott, S. L..  2020.  Assessing Anomaly-Based Intrusion Detection Configurations for Industrial Control Systems. 2020 IEEE 21st International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM). :360—366.

To reduce cost and ease maintenance, industrial control systems (ICS) have adopted Ethernetbased interconnections that integrate operational technology (OT) systems with information technology (IT) networks. This integration has made these critical systems vulnerable to attack. Security solutions tailored to ICS environments are an active area of research. Anomalybased network intrusion detection systems are well-suited for these environments. Often these systems must be optimized for their specific environment. In prior work, we introduced a method for assessing the impact of various anomaly-based network IDS settings on security. This paper reviews the experimental outcomes when we applied our method to a full-scale ICS test bed using actual attacks. Our method provides new and valuable data to operators enabling more informed decisions about IDS configurations.

2021-03-29
Distler, V., Lallemand, C., Koenig, V..  2020.  Making Encryption Feel Secure: Investigating how Descriptions of Encryption Impact Perceived Security. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :220—229.

When communication about security to end users is ineffective, people frequently misinterpret the protection offered by a system. The discrepancy between the security users perceive a system to have and the actual system state can lead to potentially risky behaviors. It is thus crucial to understand how security perceptions are shaped by interface elements such as text-based descriptions of encryption. This article addresses the question of how encryption should be described to non-experts in a way that enhances perceived security. We tested the following within-subject variables in an online experiment (N=309): a) how to best word encryption, b) whether encryption should be described with a focus on the process or outcome, or both c) whether the objective of encryption should be mentioned d) when mentioning the objective of encryption, how to best describe it e) whether a hash should be displayed to the user. We also investigated the role of context (between subjects). The verbs "encrypt" and "secure" performed comparatively well at enhancing perceived security. Overall, participants stated that they felt more secure not knowing about the objective of encryption. When it is necessary to state the objective, positive wording of the objective of encryption worked best. We discuss implications and why using these results to design for perceived lack of security might be of interest as well. This leads us to discuss ethical concerns, and we give guidelines for the design of user interfaces where encryption should be communicated to end users.