Visible to the public Biblio

Filters: Keyword is stochastic models  [Clear All Filters]
2023-02-02
Saarinen, Markku-Juhani O..  2022.  SP 800–22 and GM/T 0005–2012 Tests: Clearly Obsolete, Possibly Harmful. 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). :31–37.
When it comes to cryptographic random number generation, poor understanding of the security requirements and “mythical aura” of black-box statistical testing frequently leads it to be used as a substitute for cryptanalysis. To make things worse, a seemingly standard document, NIST SP 800–22, describes 15 statistical tests and suggests that they can be used to evaluate random and pseudorandom number generators in cryptographic applications. The Chi-nese standard GM/T 0005–2012 describes similar tests. These documents have not aged well. The weakest pseudorandom number generators will easily pass these tests, promoting false confidence in insecure systems. We strongly suggest that SP 800–22 be withdrawn by NIST; we consider it to be not just irrelevant but actively harmful. We illustrate this by discussing the “reference generators” contained in the SP 800–22 document itself. None of these generators are suitable for modern cryptography, yet they pass the tests. For future development, we suggest focusing on stochastic modeling of entropy sources instead of model-free statistical tests. Random bit generators should also be reviewed for potential asymmetric backdoors via trapdoor one-way functions, and for security against quantum computing attacks.
2020-09-21
Arrieta, Miguel, Esnaola, Iñaki, Effros, Michelle.  2019.  Universal Privacy Guarantees for Smart Meters. 2019 IEEE International Symposium on Information Theory (ISIT). :2154–2158.
Smart meters enable improvements in electricity distribution system efficiency at some cost in customer privacy. Users with home batteries can mitigate this privacy loss by applying charging policies that mask their underlying energy use. A battery charging policy is proposed and shown to provide universal privacy guarantees subject to a constraint on energy cost. The guarantee bounds our strategy's maximal information leakage from the user to the utility provider under general stochastic models of user energy consumption. The policy construction adapts coding strategies for non-probabilistic permuting channels to this privacy problem.
2020-09-08
Hoffmann, Romuald.  2019.  Markov Models of Cyber Kill Chains with Iterations. 2019 International Conference on Military Communications and Information Systems (ICMCIS). :1–6.
A understanding of the nature of targeted cyber-attack processes is needed to defend against this kind of cyber threats. Generally, the models describing processes of targeted cyber attacks are called in the literature as cyber kill chains or rarely cyber-attacks life cycles. Despite the fact that cyber-attacks have random nature, almost no stochastic models of cyber kill chains bases on the theory of stochastic processes have been proposed so far. This work, attempting to fill this deficiency, proposes to start using Markov processes for modeling some cyber-attack kill chains. In this paper two example theoretical models of cycles of returning cyber-attacks are proposed which have been generally named as the models of cyber kill chains with iterations. Presented models are based on homogeneous continuous time Markov chains.