Biblio

With the emergence of advanced technology, the user authentication methods have also been improved. Authenticating the user, several secure and efficient approaches have been introduced, but the biometric authentication method is considered much safer as compared to password-driven methods. In this paper, we explore the risks, concerns, and methods by installing well-known open-source software used in Unibiometric analysis by the partners of The National Institute of Standards and Technology (NIST). Not only are the algorithms used all open source but it comes with test data and several internal open source utilities necessary to process biometric data.

Along with the development of the Windows operating system, browser applications to surf the internet are also growing rapidly. The most widely used browsers today are Google Chrome and Mozilla Firefox. Both browsers have a username and password management feature that makes users login to a website easily, but saving usernames and passwords in the browser is quite dangerous because the stored data can be hacked using brute force attacks or read through a program. One way to get a username and password in the browser is to use a program that can read Google Chrome and Mozilla Firefox login data from the computer's internal storage and then show those data. In this study, an attack will be carried out by implementing Rubber Ducky using BadUSB to run the ChromePass and PasswordFox program and the PowerShell script using the Arduino Pro Micro Leonardo device as a USB Password Stealer. The results obtained from this study are the username and password on Google Chrome and Mozilla Firefox successfully obtained when the USB is connected to the target device, the average time of the attack is 14 seconds then sending it to the author's email.

The facial recognition time by time takes more importance, due to the extend kind of applications it has, but it is still challenging when faces big variations in the characteristics of the biometric data used in the process and especially referring to the transportation of information through the internet in the internet of things context. Based on the systematic review and rigorous study that supports the extraction of the most relevant information on this topic [1], a software architecture proposal which contains basic security requirements necessary for the treatment of the data involved in the application of facial recognition techniques, oriented to an IoT environment was generated. Concluding that the security and privacy considerations of the information registered in IoT devices represent a challenge and it is a priority to be able to guarantee that the data circulating on the network are only accessible to the user that was designed for this.

The current paper is proposing a three-factor authentication (3FA) scheme based on three components. In the first component a token and a password will be generated (this module represents the kernel of the three-factor authentication scheme - 3FA). In the second component a pass-code will be generated, using to the token resulted in the first phase. We will use RSA for encryption and decryption of the generated values (token and pass-code). For the token ID and passcode the user will use his smartphone. The third component uses a searchable encryption scheme, whose purpose is to retrieve the documents of the user from the cloud server, based on a keyword and his/her fingerprint. The documents are stored encrypted on a mistrust server (cloud environment) and searchable encryption will help us to search specific information and to access those documents in an encrypted content. We will introduce also a software simulation developed in C\# 8.0 for our scheme and a source code analysis for the main algorithms.

A biometric system is a developing innovation which is utilized in different fields like forensics and security system. Finger recognition is the innovation that confirms the personality of an individual which relies upon the way that everybody has unique fingerprints. Fingerprint biometric systems are smaller in size, simple to utilize and have low power. This proposed study focuses on fingerprint biometric systems and how such a system would be implemented. If implemented, this system would have multifactor authentication strategies and improvised features based on encryption algorithms. The scanner that will be used is Biometric Fingerprint Sensor that is connected to system which determines the authorization and access control rights. All user access information is gathered by the system where the administrators can retrieve and analyse the information. This system has function of being up to date with the data changes like displaying the name of the individual for controlling security of the system.

The use of a very wide windows operating system is undeniably also followed by increasing attacks on the operating system. Universal Serial Bus (USB) is one of the mechanisms used by many people with plug and play functionality that is very easy to use, making data transfers fast and easy compared to other hardware. Some research shows that the Windows operating system has weaknesses so that it is often exploited by using various attacks and malware. There are various methods used to exploit the Windows operating system, one of them by using a USB device. By using a USB device, a criminal can plant a backdoor reverse shell to exploit the victim's computer just by connecting the USB device to the victim's computer without being noticed. This research was conducted by planting a reverse shell backdoor through a USB device to exploit the victim's device, especially the webcam and microphone device on the target computer. From 35 experiments that have been carried out, it was found that 83% of spying attacks using USB devices on the Windows operating system were successfully carried out.

Windows is one of the popular operating systems in use today, while Universal Serial Bus (USB) is one of the mechanisms used by many people with practical plug and play functions. USB has long been used as a vector of attacks on computers. One method of attack is Keylogger. The Keylogger can take advantage of existing vulnerabilities in the Windows 10 operating system attacks carried out in the form of recording computer keystroke activity without the victim knowing. In this research, an attack will be carried out by running a Powershell Script using BadUSB to be able to activate the Keylogger program. The script is embedded in the Arduino Pro Micro device. The results obtained in the Keyboard Injection Attack research using Arduino Pro Micro were successfully carried out with an average time needed to run the keylogger is 7.474 seconds with a computer connected to the internet. The results of the keylogger will be sent to the attacker via email.

This paper argues about a new conceptual modeling language for the White-Box (WB) security analysis. In the WB security domain, an attacker may have access to the inner structure of an application or even the entire binary code. It becomes pretty easy for attackers to inspect, reverse engineer, and tamper the application with the information they steal. The basis of this paper is the 14 patterns developed by a leading provider of software protection technologies and solutions. We provide a part of a new modeling language named i-WBS (White-Box Security) to describe problems of WB security better. The essence of White-Box security problem is code security. We made the new modeling language focus on code more than ever before. In this way, developers who are not security experts can easily understand what they need to really protect.

The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior of the preinstalled apps on their devices. Yet, the landscape of preinstalled software in Android has largely remained unexplored, particularly in terms of the security and privacy implications of such customizations. In this paper, we present the first large- scale study of pre-installed software on Android devices from more than 200 vendors. Our work relies on a large dataset of real-world Android firmware acquired worldwide using crowd-sourcing methods. This allows us to answer questions related to the stakeholders involved in the supply chain, from device manufacturers and mobile network operators to third- party organizations like advertising and tracking services, and social network platforms. Our study allows us to also uncover relationships between these actors, which seem to revolve primarily around advertising and data-driven services. Overall, the supply chain around Android's open source model lacks transparency and has facilitated potentially harmful behaviors and backdoored access to sensitive data and services without user consent or awareness. We conclude the paper with recommendations to improve transparency, attribution, and accountability in the Android ecosystem.

The size and complexity of the software ecosystem is a major challenge for vendors, asset owners and cybersecurity professionals who need to understand the security posture of these systems. Annotated and Translated Disassembled Code is a graph based datastore designed to organize firmware and software analysis data across builds, packages and systems, providing a highly scalable platform enabling automated binary software analysis tasks including corpora construction and storage for machine learning. This paper describes an approach for the identification of ubiquitous third-party libraries in firmware and software using Annotated and Translated Disassembled Code and supervised machine learning. Annotated and Translated Disassembled Code provide matched libraries, function names and addresses of previously unidentified code in software as it is being automatically analyzed. This data can be ingested by other software analysis tools to improve accuracy and save time. Defenders can add the identified libraries to their vulnerability searches and add effective detection and mitigation into their operating environment.

Network policies govern the use of an institution's networks, and are usually written in a high-level human-readable natural language. Normally these policies are enforced by low-level, technically detailed network configurations. The translation from network policies into network configurations is a tedious, manual and error-prone process. To address this issue, we propose a new intermediate language called POlicy LANguage for Campus Operations (POLANCO), which is a human-readable network policy definition language intended to approximate natural language. Because POLANCO is a high-level language, the translation from natural language policies to POLANCO is straightforward. Despite being a high-level human readable language, POLANCO can be used to express network policies in a technically precise way so that policies written in POLANCO can be automatically translated into a set of software defined networking (SDN) rules and actions that enforce the policies. Moreover, POLANCO is capable of incorporating information about the current network state, reacting to changes in the network and adjusting SDN rules to ensure network policies continue to be enforced correctly. We present policy examples found on various public university websites and show how they can be written as simplified human-readable statements using POLANCO and how they can be automatically translated into SDN rules that correctly enforce these policies.

In the coming future, Software-defined networking (SDN) will become a technology more responsive, fully automated, and highly secure. SDN is a way to manage networks by separate the control plane from the forwarding plane, by using software to manage network functions through a centralized control point. A distributed denial-of-service (DDoS) attack is the most popular malicious attempt to disrupt normal traffic of a targeted server, service, or network. The problem of the paper is the DDoS attack inside the SDN environment and how could use SDN specifications through the advantage of Open vSwitch programmability feature to stop the attack. This paper presents DDoS attack detection and mitigation in the SDN data-plane by applying a written SDN application in python language, based on the malicious traffic abnormal behavior to reduce the interference with normal traffic. The evaluation results reveal detection and mitigation time between 100 to 150 sec. The work also sheds light on the programming relevance with the open daylight controller over an abstracted view of the network infrastructure.

Software-defined networks (SDN), through their programmability, significantly increase network resilience by enabling dynamic reconfiguration of network topologies in response to faults and potentially malicious attacks detected in real-time. Another key trend in network softwarization is cloud-native software, which, together with SDN, will be an integral part of the core of future 5G networks. In SDN, the control plane forms the "brain" of the software-defined network and is typically implemented as a set of distributed controller replicas to avoid a single point of failure. Distributed consensus algorithms are used to ensure agreement among the replicas on key data even in the presence of faults. Security is also a critical concern in ensuring that attackers cannot compromise the SDN control plane; byzantine fault tolerance algorithms can provide protection against compromised controller replicas. However, while reliability/availability and security form key attributes of resilience, they are typically modeled separately in SDN, without consideration of the potential impacts of their interaction. In this paper we present an initial framework for a model that unifies reliability, availability, and security considerations in distributed consensus. We examine – via simulation of our model – some impacts of the interaction between accidental faults and malicious attacks on SDN and suggest potential mitigations unique to cloud-native software.

Cross-site scripting (XSS) is an often-occurring major attack that developers should consider when developing web applications. We develop a system that can provide practical exercises for learning how to create web applications that are secure against XSS. Our system utilizes free software and virtual machines, allowing low-cost, safe, and practical exercises. By using two virtual machines as the web server and the attacker host, the learner can conduct exercises demonstrating both XSS countermeasures and XSS attacks. In our system, learners use a web browser to learn and perform exercises related to XSS. Experimental evaluations confirm that the proposed system can support learning of XSS countermeasures.

the purpose of this paper is investigation of existing approaches to formation of electronic digital signatures, as well as the possibility of software developing for electronic signature generation at electronic document circulation of institution. The article considers and analyzes the existing algorithms for generating and processing electronic signatures. Authors propose the model for documented information exchanging in institution, including cryptographic module and secure key storage, blockchain storage of electronic signatures, central web-server and web-interface. Examples of the developed software are demonstrated, and recommendations are given for its implementation, integration and using in different institutions.

The purpose of the work is a formalized description of the method determining numerical expression of the danger from actions potentially implemented by an information security violator. The implementation of such actions may lead to a disruption of the ordered functioning of multilevel distributed automated process control systems, which indicates the importance of developing new adequate solutions for predicting attacks consequences. The analysis of the largest destructive effects on information security systems of critical objects is carried out. The most common methods of obtaining the value of the hazard quotient of information security violators' destructive actions are considered. Based on the known methods for determining the possible damage from attacks implemented by a potential information security violator, a new, previously undetected in open sources method for determining the hazard quotient of destructive actions of an information security violator has been proposed. In order to carry out experimental calculations by the proposed method, the authors developed the required software. The calculations results are presented and indicate the possibility of using the proposed method for modeling threats and information security violators when designing an information security system for automated process control systems.

The current exploratory study examined software programmer trust in binary analysis techniques used to evaluate and understand binary code components. Experienced software developers participated in knowledge elicitations to identify factors affecting trust in tools and methods used for understanding binary code behavior and minimizing potential security vulnerabilities. Developer perceptions of trust in those tools to assess implementation risk in binary components were captured across a variety of application contexts. The software developers reported source security and vulnerability reports provided the best insight and awareness of potential issues or shortcomings in binary code. Further, applications where the potential impact to systems and data loss is high require relying on more than one type of analysis to ensure the binary component is sound. The findings suggest binary analysis is viable for identifying issues and potential vulnerabilities as part of a comprehensive solution for understanding binary code behavior and security vulnerabilities, but relying simply on binary analysis tools and binary release metadata appears insufficient to ensure a secure solution.

This paper deals with the design and development of a Li-Fi (light fidelity) simplex communication system for data exchange between Android mobile devices. Li-Fi is an up-to-date technology in the modern world, since it uses visible light for data exchange, allowing for high-speed communication. The paper includes a brief review of Li-Fi technology, a review of the literature used, and a study of technological methods for implementing such systems, based on scientific sources. We propose the algorithms for data exchange, packet formation, and encryption-decryption. The paper presents the developed mobile application and the transceiver device, the development results, as well as experiments with the developed prototype. The results show that Li-Fi technology is workable and is a good alternative to existing communication methods.

In the northern gas fields, most data are transmitted via wireless networks, which requires special transmission security measures. Herewith, the gas field infrastructure dictates cybersecurity modules to not only meet standard requirements but also ensure reduced energy consumption. The paper discusses the issue of building such a module for a process control system based on the RTP-04M recorder operating in conjunction with an Android-based mobile device. The software options used for the RSA and Diffie-Hellman data encryption and decryption algorithms on both the RTP-04M and the Android-based mobile device sides in the Keil μVision4 and Android Studio software environments, respectively, have shown that the Diffie-Hellman algorithm is preferable. It provides significant savings in RAM and CPU resources and power consumption of the recorder. In terms of energy efficiency, the implemented programs have been analyzed in the Android Studio (Android Profiler) and Simplicity Studio (Advanced Energy Monitor) environments. The integration of this module into the existing software will improve the field's PCS cybersecurity level due to protecting data transmitted from third-party attacks.

Increased availability of mobile cameras has led to more opportunities for people to record videos of significantly more of their lives. Many times people want to share these videos, but only to certain people who were co-present. Since the videos may be of a large event where the attendees are not necessarily known, we need a method for proving co-presence without revealing information before co-presence is proven. In this demonstration, we present a privacy-preserving method for comparing the similarity of two videos without revealing the contents of either video. This technique leverages the Similarity of Simultaneous Observation technique for detecting hidden webcams and modifies the existing algorithms so that they are computationally feasible to run under fully homomorphic encryption scheme on modern mobile devices. The demonstration will consist of a variety of devices preloaded with our software. We will demonstrate the video sharing software performing comparisons in real time. We will also make the software available to Android devices via a QR code so that participants can record and exchange their own videos.

Rapidly growing shared information for threat intelligence not only helps security analysts reduce time on tracking attacks, but also bring possibilities to research on adversaries' thinking and decisions, which is important for the further analysis of attackers' habits and preferences. In this paper, we analyze current models and frameworks used in threat intelligence that suited to different modeling goals, and propose a three-layer model (Goal, Behavior, Capability) to study the statistical characteristics of APT groups. Based on the proposed model, we construct a knowledge network composed of adversary behaviors, and introduce a similarity measure approach to capture similarity degree by considering different semantic links between groups. After calculating similarity degrees, we take advantage of Girvan-Newman algorithm to discover community groups, clustering result shows that community structures and boundaries do exist by analyzing the behavior of APT groups.

An attack graph is a method used to enumerate the possible paths that an attacker can take in the organizational network. MulVAL is a known open-source framework used to automatically generate attack graphs. MulVAL's default modeling has two main shortcomings. First, it lacks the ability to represent network protocol vulnerabilities, and thus it cannot be used to model common network attacks, such as ARP poisoning. Second, it does not support advanced types of communication, such as wireless and bus communication, and thus it cannot be used to model cyber-attacks on networks that include IoT devices or industrial components. In this paper, we present an extended network security model for MulVAL that: (1) considers the physical network topology, (2) supports short-range communication protocols, (3) models vulnerabilities in the design of network protocols, and (4) models specific industrial communication architectures. Using the proposed extensions, we were able to model multiple attack techniques including: spoofing, man-in-the-middle, and denial of service attacks, as well as attacks on advanced types of communication. We demonstrate the proposed model in a testbed which implements a simplified network architecture comprised of both IT and industrial components

Moving target defense (MTD) has emerged as a proactive defense mechanism aiming to thwart a potential attacker. The key underlying idea of MTD is to increase uncertainty and confusion for attackers by changing the attack surface (i.e., system or network configurations) that can invalidate the intelligence collected by the attackers and interrupt attack execution; ultimately leading to attack failure. Recently, the significant advance of software-defined networking (SDN) technology has enabled several complex system operations to be highly flexible and robust; particularly in terms of programmability and controllability with the help of SDN controllers. Accordingly, many security operations have utilized this capability to be optimally deployed in a complex network using the SDN functionalities. In this paper, by leveraging the advanced SDN technology, we developed an attack graph-based MTD technique that shuffles a host's network configurations (e.g., MAC/IP/port addresses) based on its criticality, which is highly exploitable by attackers when the host is on the attack path(s). To this end, we developed a hierarchical attack graph model that provides a network's vulnerability and network topology, which can be utilized for the MTD shuffling decisions in selecting highly exploitable hosts in a given network, and determining the frequency of shuffling the hosts' network configurations. The MTD shuffling with a high priority on more exploitable, critical hosts contributes to providing adaptive, proactive, and affordable defense services aiming to minimize attack success probability with minimum MTD cost. We validated the out performance of the proposed MTD in attack success probability and MTD cost via both simulation and real SDN testbed experiments.

Bluetooth technologies have widespread applications in personal area networks, device-to-device communications and forming ad hoc networks. Studying Bluetooth devices security is a challenging task as they lack support for monitor mode available with other wireless networks (e.g. 802.11 WiFi). In addition, the frequency-hoping spread spectrum technique used in its operation necessitates special hardware and software to study its operation. This investigation examines methods for analyzing Bluetooth devices' security and presents a proof-of-concept DoS attack on the Link Manager Protocol (LMP) layer using the InternalBlue framework. Through this study, we demonstrate a method to study Bluetooth device security using existing tools without requiring specialized hardware. Consequently, the methods proposed in the paper can be used to study Bluetooth security in many applications.

Mobile and IoT operating systems–and their ensuing software updates–are usually distributed as binary files. Given that these binary files are commonly closed source, users or businesses who want to assess the security of the software need to rely on reverse engineering. Further, verifying the correct application of the latest software patches in a given binary is an open problem. The regular application of software patches is a central pillar for improving mobile and IoT device security. This requires developers, integrators, and vendors to propagate patches to all affected devices in a timely and coordinated fashion. In practice, vendors follow different and sometimes improper security update agendas for both mobile and IoT products. Moreover, previous studies revealed the existence of a hidden patch gap: several vendors falsely reported that they patched vulnerabilities. Therefore, techniques to verify whether vulnerabilities have been patched or not in a given binary are essential. Deep learning approaches have shown to be promising for static binary analyses with respect to inferring binary similarity as well as vulnerability detection. However, these approaches fail to capture the dynamic behavior of these systems, and, as a result, they may inundate the analysis with false positives when performing vulnerability discovery in the wild. In particular, they cannot capture the fine-grained characteristics necessary to distinguish whether a vulnerability has been patched or not. In this paper, we present PATCHECKO, a vulnerability and patch presence detection framework for executable binaries. PATCHECKO relies on a hybrid, cross-platform binary code similarity analysis that combines deep learning-based static binary analysis with dynamic binary analysis. PATCHECKO does not require access to the source code of the target binary nor that of vulnerable functions. We evaluate PATCHECKO on the most recent Google Pixel 2 smartphone and the Android Things IoT firmware images, within which 25 known CVE vulnerabilities have been previously reported and patched. Our deep learning model shows a vulnerability detection accuracy of over 93%. We further prune the candidates found by the deep learning stage–which includes false positives–via dynamic binary analysis. Consequently, PATCHECKO successfully identifies the correct matches among the candidate functions in the top 3 ranked outcomes 100% of the time. Furthermore, PATCHECKO's differential engine distinguishes between functions that are still vulnerable and those that are patched with an accuracy of 96%.