Search results

  1. Honey Sheets: What Happens to Leaked Google Spreadsheets?

    compromising the account credentials they are associated with. In this paper, we present a system able to ...

    [email protected] - December 10, 2021 - 1:09 am

  2. Evaluating Malware Mitigation by Android Market Operators

    Yosuke Kikuchi, Hiroshi Mori, Hiroki Nakano, Katsunari Yoshioka, and Tsutomu Matsumoto, Yokohama National University; Michel Van Eeten, Delft University of Technology All Android markets are confronted with malicious apps, but they differ in how effective ...

    [email protected] - December 10, 2021 - 1:09 am

  3. A Cybersecurity Test and Evaluation Facility for the Next Generation Air Transportation System (NextGen)

    Transportation System (NextGen). This paper describes the goals, capabilities, architecture, current ... cybersecurity training of the FAA workforce. One of the major lessons learned, described in the paper, has been ...

    [email protected] - December 10, 2021 - 1:09 am

  4. Providing SCADA Network Data Sets for Intrusion Detection Research

    solutions. This paper presents our work to generate representative labeled data sets for SCADA networks that ...

    [email protected] - December 10, 2021 - 1:09 am

  5. Acceleration Attacks on PBKDF2: Or, What Is inside the Black-Box of oclHashcat?

    Andrew Ruddick, Oxford, UK;  Jeff Yan, Lancaster University The Password Based Key Derivation Function v2 (PBKDF2) is an important cryptographic primitive that has practical relevance to many widely deployed security systems. We investigate accelerated at ...

    arnold - December 10, 2021 - 1:09 am

  6. Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

    Hanno Böck; Aaron Zauner, SBA Research; Sean Devlin; Juraj Somorovsky, Ruhr University Bochum; Philipp Jovanovic, École Polytechnique Fédérale de Lausanne (EPFL) We investigate nonce reuse issues with the GCM block cipher mode as used in TLS and focus in ...

    arnold - December 10, 2021 - 1:09 am

  7. Putting LTE Security Functions to the Test: A Framework to Evaluate Implementation Correctness

    protect personal data from compromise. In this paper, we focus on two security aspects: user data ...

    arnold - December 10, 2021 - 2:09 am

  8. Eavesdropping One-Time Tokens Over Magnetic Secure Transmission in Samsung Pay

    Daeseon Choi, Kongju National University; Younho Lee, Seoul National University of Science and Technology We have discovered a security vulnerability in the Samsung Pay app. The magnetic secure transmission in Samsung Pay emits too many magnetic signals t ...

    arnold - December 10, 2021 - 2:09 am

  9. How to Phone Home with Someone Else’s Phone: Information Exfiltration Using Intentional Sound Noise on Gyroscopic Sensors

    Benyamin Farshteindiker, Nir Hasidim, Asaf Grosz, and Yossi Oren, Ben-Gurion University of the Negev We show how a low-power device, such as a surveillance bug, can take advantage of a nearby mobile phone to exfiltrate arbitrary secrets across the Interne ...

    arnold - December 10, 2021 - 2:09 am

  10. Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic

    with online services, but highly specialized apps come at a cost to privacy. In this paper we will ...

    arnold - December 10, 2021 - 2:09 am

  11. Hardware-Assisted Rootkits: Abusing Performance Counters on the ARM and x86 Architectures

    Matt Spisak, Endgame, Inc. In this paper, a novel hardware-assisted rootkit is introduced, which ...

    arnold - December 10, 2021 - 2:09 am

  12. AVLeak: Fingerprinting Antivirus Emulators through Black-Box Testing

    Jeremy Blackthorne, Alexei Bulazel, Andrew Fasano, Patrick Biernat, and Bülent Yener, Rensselaer Polytechnic Institute To fight the ever-increasing proliferation of novel malware, antivirus (AV) vendors have turned to emulation-based automated dynamic mal ...

    arnold - December 10, 2021 - 2:09 am

  13. malWASH: Washing Malware to Evade Dynamic Analysis

    Kyriakos K. Ispoglou and Mathias Payer, Purdue University Hiding malware processes from fingerprinting is challenging. Current techniques like metamorphic algorithms and diversity generate different instances of a program, protecting it against static det ...

    arnold - December 10, 2021 - 2:09 am

  14. Non-Deterministic Timers for Hardware Trojan Activation (or How a Little Randomness Can Go the Wrong Way)

    Frank Imeson and Saeed Nejati, University of Waterloo; Siddharth Garg, New York University; Mahesh Tripunitara, University of Waterloo The security of digital Integrated Circuits (ICs) is essential to the security of a computer system that comprises them. ...

    arnold - December 10, 2021 - 2:09 am

  15. Fillory of PHY: Toward a Periodic Table of Signal Corruption Exploits and Polyglots in Digital Radio

    Sergey Bratus, Dartmouth College; Travis Goodspeed, Bloomberg; Ange Albertini; Debanjum S. Solanky, Dartmouth College Boundaries between layers of digital radio protocols have been breached by techniques like packet-in-packet: an attacker controlling the ...

    arnold - December 10, 2021 - 2:09 am

  16. SoK: XML Parser Vulnerabilities

    by such vulnerabilities. In this paper we systematically analyze known attacks on XML parsers and ...

    arnold - December 10, 2021 - 3:09 am

  17. Abusing Public Third-Party Services for EDoS Attacks

    Sustainability (EDoS) attacks in which the cloud consumers would suffer from financial losses. In this paper, we ...

    arnold - December 10, 2021 - 3:09 am

  18. DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work

    “useful” proofs have been proposed. In this paper, we present DDoSCoin, which is a cryptocurrency with ...

    arnold - December 10, 2021 - 3:09 am

  19. A Rising Tide: Design Exploits in Industrial Control Systems

    and protocols, and ICS audits must begin now to focus on design. This paper a joint effort of the ...

    arnold - December 10, 2021 - 3:09 am

  20. This Ain't Your Dose: Sensor Spoofing Attack on Medical Infusion Pump

    this paper, we propose a new type of sensor spoofing attack based on saturation. A sensor shows ...

    arnold - December 10, 2021 - 3:09 am

  21. Sampling Race: Bypassing Timing-Based Analog Active Sensor Spoofing Detection on Analog-Digital Systems

    a fundamental vulnerability that allows an attacker to circumvent detection. In this paper, we show that PyCRA ...

    arnold - December 10, 2021 - 3:09 am

  22. Truck Hacking: An Experimental Analysis of the SAE J1939 Standard

    Yelizaveta Burakova, Bill Hass, Leif Millar, and André Weimerskirch, University of Michigan Consumer vehicles have been proven to be insecure; the addition of electronics to monitor and control vehicle functions have added complexity resulting in safety c ...

    arnold - December 10, 2021 - 3:09 am

  23. Controlling UAVs with Sensor Input Spoofing Attacks

    vehicles can plan and execute routes safely is crucial. The key insight of our paper is that the sensors ...

    arnold - December 10, 2021 - 3:09 am

  24. A Security Analysis of an In-Vehicle Infotainment and App Platform

    this paper, we focus on gaining insights into this question by performing a comprehensive security ...

    arnold - December 10, 2021 - 3:09 am

  25. How to Break Microsoft Rights Management Services

    Martin Grothe, Christian Mainka, Paul Rösler, and Jörg Schwenk, Ruhr University Bochum Rights Management Services (RMS) are used to enforce access control in a distributed environment, and to cryptographically protect companies’ assets by restricting acce ...

    arnold - December 10, 2021 - 3:09 am

Pages