-
DID:RING: Ring Signatures using Decentralised Identifiers For Privacy-Aware Identity
Authors:
Dimitrios Kasimatis,
Sam Grierson,
William J. Buchanan,
Chris Eckl,
Pavlos Papadopoulos,
Nikolaos Pitropakis,
Craig Thomson,
Baraq Ghaleb
Abstract:
Decentralised identifiers have become a standardised element of digital identity architecture, with supra-national organisations such as the European Union adopting them as a key component for a unified European digital identity ledger. This paper delves into enhancing security and privacy features within decentralised identifiers by integrating ring signatures as an alternative verification metho…
▽ More
Decentralised identifiers have become a standardised element of digital identity architecture, with supra-national organisations such as the European Union adopting them as a key component for a unified European digital identity ledger. This paper delves into enhancing security and privacy features within decentralised identifiers by integrating ring signatures as an alternative verification method. This allows users to identify themselves through digital signatures without revealing which public key they used. To this end, the study proposed a novel decentralised identity method showcased in a decentralised identifier-based architectural framework. Additionally, the investigation assesses the repercussions of employing this new method in the verification process, focusing specifically on privacy and security aspects. Although ring signatures are an established asset of cryptographic protocols, this paper seeks to leverage their capabilities in the evolving domain of digital identities.
△ Less
Submitted 11 March, 2024; v1 submitted 8 March, 2024;
originally announced March 2024.
-
RNA-TransCrypt: Image Encryption Using Chaotic RNA Encoding, Novel Transformative Substitution, and Tailored Cryptographic Operations
Authors:
Muhammad Shahbaz Khan,
Jawad Ahmad,
Ahmed Al-Dubai,
Baraq Ghaleb,
Nikolaos Pitropakis,
William J. Buchanan
Abstract:
Given the security concerns of Internet of Things (IoT) networks and limited computational resources of IoT devices, this paper presents RNA-TransCrypt, a novel image encryption scheme that is not only highly secure but also efficient and lightweight. RNA-TransCrypt integrates the biocryptographic properties of RNA encoding with the non-linearity and unpredictability of chaos theory. This scheme i…
▽ More
Given the security concerns of Internet of Things (IoT) networks and limited computational resources of IoT devices, this paper presents RNA-TransCrypt, a novel image encryption scheme that is not only highly secure but also efficient and lightweight. RNA-TransCrypt integrates the biocryptographic properties of RNA encoding with the non-linearity and unpredictability of chaos theory. This scheme introduces three novel contributions: 1) the two-base RNA encoding method, which transforms the image into RNA strands-like sequence, ensuring efficient scrambling; 2) the transformative substitution technique, which transforms the s-box values before replacing the pixel values, and is responsible for making the scheme lightweight; and 3) three mathematical cryptographic operations designed especially for image encryption that ensure the effective transformation of the s-box values, resulting in a new outcome even for the same input values. These modules are key-dependent, utilizing chaotic keys generated by the De Jong Fractal Map and the Van der Pol Oscillator. Extensive security analysis, including histogram analysis, correlation analysis, and the results of the statistical security parameters obtained from the Gray-Level Co-occurrence Matrix (GLCM) validate the efficacy of the proposed scheme in encrypting input images with close-to-ideal results of 7.997 entropy and 0.0006 correlation.
△ Less
Submitted 9 January, 2024;
originally announced January 2024.
-
PermutEx: Feature-Extraction-Based Permutation -- A New Diffusion Scheme for Image Encryption Algorithms
Authors:
Muhammad Shahbaz Khan,
Jawad Ahmad,
Ahmed Al-Dubai,
Zakwan Jaroucheh,
Nikolaos Pitropakis,
William J. Buchanan
Abstract:
Traditional permutation schemes mostly focus on random scrambling of pixels, often neglecting the intrinsic image information that could enhance diffusion in image encryption algorithms. This paper introduces PermutEx, a feature-extraction-based permutation method that utilizes inherent image features to scramble pixels effectively. Unlike random permutation schemes, PermutEx extracts the spatial…
▽ More
Traditional permutation schemes mostly focus on random scrambling of pixels, often neglecting the intrinsic image information that could enhance diffusion in image encryption algorithms. This paper introduces PermutEx, a feature-extraction-based permutation method that utilizes inherent image features to scramble pixels effectively. Unlike random permutation schemes, PermutEx extracts the spatial frequency and local contrast features of the image and ranks each pixel based on this information, identifying which pixels are more important or information-rich based on texture and edge information. In addition, a unique permutation key is generated using the Logistic-Sine Map based on chaotic behavior. The ranked pixels are permuted in conjunction with this unique key, effectively permuting the original image into a scrambled version. Experimental results indicate that the proposed method effectively disrupts the correlation in information-rich areas within the image resulting in a correlation value of 0.000062. The effective scrambling of pixels, resulting in nearly zero correlation, makes this method suitable to be used as diffusion in image encryption algorithms.
△ Less
Submitted 5 November, 2023;
originally announced November 2023.
-
CellSecure: Securing Image Data in Industrial Internet-of-Things via Cellular Automata and Chaos-Based Encryption
Authors:
Hassan Ali,
Muhammad Shahbaz Khan,
Maha Driss,
Jawad Ahmad,
William J. Buchanan,
Nikolaos Pitropakis
Abstract:
In the era of Industrial IoT (IIoT) and Industry 4.0, ensuring secure data transmission has become a critical concern. Among other data types, images are widely transmitted and utilized across various IIoT applications, ranging from sensor-generated visual data and real-time remote monitoring to quality control in production lines. The encryption of these images is essential for maintaining operat…
▽ More
In the era of Industrial IoT (IIoT) and Industry 4.0, ensuring secure data transmission has become a critical concern. Among other data types, images are widely transmitted and utilized across various IIoT applications, ranging from sensor-generated visual data and real-time remote monitoring to quality control in production lines. The encryption of these images is essential for maintaining operational integrity, data confidentiality, and seamless integration with analytics platforms. This paper addresses these critical concerns by proposing a robust image encryption algorithm tailored for IIoT and Cyber-Physical Systems (CPS). The algorithm combines Rule-30 cellular automata with chaotic scrambling and substitution. The Rule 30 cellular automata serves as an efficient mechanism for generating pseudo-random sequences that enable fast encryption and decryption cycles suitable for real-time sensor data in industrial settings. Most importantly, it induces non-linearity in the encryption algorithm. Furthermore, to increase the chaotic range and keyspace of the algorithm, which is vital for security in distributed industrial networks, a hybrid chaotic map, i.e., logistic-sine map is utilized. Extensive security analysis has been carried out to validate the efficacy of the proposed algorithm. Results indicate that our algorithm achieves close-to-ideal values, with an entropy of 7.99 and a correlation of 0.002. This enhances the algorithm's resilience against potential cyber-attacks in the industrial domain.
△ Less
Submitted 20 September, 2023;
originally announced September 2023.
-
SRSS: A New Chaos-Based Single-Round Single S-Box Image Encryption Scheme for Highly Auto-Correlated Data
Authors:
Muhammad Shahbaz Khan,
Jawad Ahmad,
Hisham Ali,
Nikolaos Pitropakis,
Ahmed Al-Dubai,
Baraq Ghaleb,
William J. Buchanan
Abstract:
With the advent of digital communication, securing digital images during transmission and storage has become a critical concern. The traditional s-box substitution methods often fail to effectively conceal the information within highly auto-correlated regions of an image. This paper addresses the security issues presented by three prevalent S-box substitution methods, i.e., single S-box, multiple…
▽ More
With the advent of digital communication, securing digital images during transmission and storage has become a critical concern. The traditional s-box substitution methods often fail to effectively conceal the information within highly auto-correlated regions of an image. This paper addresses the security issues presented by three prevalent S-box substitution methods, i.e., single S-box, multiple S-boxes, and multiple rounds with multiple S-boxes, especially when handling images with highly auto-correlated pixels. To resolve the addressed security issues, this paper proposes a new scheme SRSS-the Single Round Single S-Box encryption scheme. SRSS uses a single S-box for substitution in just one round to break the pixel correlations and encrypt the plaintext image effectively. Additionally, this paper introduces a new Chaos-based Random Operation Selection System-CROSS, which nullifies the requirement for multiple S-boxes, thus reducing the encryption scheme's complexity. By randomly selecting the operation to be performed on each pixel, driven by a chaotic sequence, the proposed scheme effectively scrambles even high auto-correlation areas. When compared to the substitution methods mentioned above, the proposed encryption scheme exhibited exceptionally well in just a single round with a single S-box. The close-to-ideal statistical security analysis results, i.e., an entropy of 7.89 and a correlation coefficient of 0.007, validate the effectiveness of the proposed scheme. This research offers an innovative path forward for securing images in applications requiring low computational complexity and fast encryption and decryption speeds.
△ Less
Submitted 21 August, 2023;
originally announced August 2023.
-
Towards The Creation Of The Future Fish Farm
Authors:
Pavlos Papadopoulos,
William J Buchanan,
Sarwar Sayeed,
Nikolaos Pitropakis
Abstract:
A fish farm is an area where fish raise and bred for food. Fish farm environments support the care and management of seafood within a controlled environment. Over the past few decades, there has been a remarkable increase in the calorie intake of protein attributed to seafood. Along with this, there are significant opportunities within the fish farming industry for economic development. Determinin…
▽ More
A fish farm is an area where fish raise and bred for food. Fish farm environments support the care and management of seafood within a controlled environment. Over the past few decades, there has been a remarkable increase in the calorie intake of protein attributed to seafood. Along with this, there are significant opportunities within the fish farming industry for economic development. Determining the fish diseases, monitoring the aquatic organisms, and examining the imbalance in the water element are some key factors that require precise observation to determine the accuracy of the acquired data. Similarly, due to the rapid expansion of aquaculture, new technologies are constantly being implemented in this sector to enhance efficiency. However, the existing approaches have often failed to provide an efficient method of farming fish. This work has kept aside the traditional approaches and opened up new dimensions to perform accurate analysis by adopting a distributed ledger technology. Our work analyses the current state-of-the-art of fish farming and proposes a fish farm ecosystem that relies on a private-by-design architecture based on the Hyperledger Fabric private-permissioned distributed ledger technology. The proposed method puts forward accurate and secure storage of the retrieved data from multiple sensors across the ecosystem so that the adhering entities can exercise their decision based on the acquired data. This study demonstrates a proof-of-concept to signify the efficiency and usability of the future fish farm.
△ Less
Submitted 2 January, 2023;
originally announced January 2023.
-
Transforming EU Governance: The Digital Integration through EBSI and GLASS
Authors:
Dimitrios Kasimatis,
William J Buchanan,
Mwarwan Abubakar,
Owen Lo,
Christos Chrysoulas,
Nikolaos Pitropakis,
Pavlos Papadopoulos,
Sarwar Sayeed,
Marc Sel
Abstract:
Traditionally, government systems managed citizen identities through disconnected data systems, using simple identifiers and paper-based processes, limiting digital trust and requiring citizens to request identity verification documents. The digital era offers a shift towards unique digital identifiers for each citizen, enabling a 'citizen wallet' for easier access to personal documents like acade…
▽ More
Traditionally, government systems managed citizen identities through disconnected data systems, using simple identifiers and paper-based processes, limiting digital trust and requiring citizens to request identity verification documents. The digital era offers a shift towards unique digital identifiers for each citizen, enabling a 'citizen wallet' for easier access to personal documents like academic records and licences, with enhanced security through digital signatures. The European Commission's initiative for a digital wallet for every EU citizen aims to improve mobility and integration, leveraging the European Blockchain Services Infrastructure (EBSI) for harmonised citizen integration. This paper discusses how EBSI and the GLASS project can advance governance and streamline access to identity documents.
△ Less
Submitted 19 April, 2024; v1 submitted 6 December, 2022;
originally announced December 2022.
-
The Greater The Power, The More Dangerous The Abuse: Facing Malicious Insiders in The Cloud
Authors:
Nikolaos Pitropakis,
Christos Lyvas,
Costas Lambrinoudakis
Abstract:
The financial crisis made companies around the world search for cheaper and more efficient solutions to cover their needs in terms of computational power and storage. Their quest came to end with the birth of Cloud Computing infrastructures. However, along with the new promising technology, new attack vectors were born, and one old and known threat, that of Malicious Insiders reappeared. Insiders…
▽ More
The financial crisis made companies around the world search for cheaper and more efficient solutions to cover their needs in terms of computational power and storage. Their quest came to end with the birth of Cloud Computing infrastructures. However, along with the new promising technology, new attack vectors were born, and one old and known threat, that of Malicious Insiders reappeared. Insiders can use their privileged position inside the Cloud infrastructure to accomplish or help in attacks against a Cloud infrastructure. In this paper, we propose a practical and efficient intrusion detection system solution for Cloud infrastructures based on Graphical Processing Unit (GPU) acceleration. Our solution monitors the deployed virtual machines' operations and especially those of the host Operating System, known as Dom0, correlating the collected information to detect uncommon behavior based on the Smith-Waterman algorithm. Our proposal makes possible the cooperation of a variety of known hypervisors along with every known GPU acceleration unit used, thus offering the maximum of security mechanics while at the same time minimizing the imposed overhead in terms of Central Processing Unit (CPU) usage.
△ Less
Submitted 20 June, 2022;
originally announced June 2022.
-
GLASS: A Citizen-Centric Distributed Data-Sharing Model within an e-Governance Architecture
Authors:
Owen Lo,
William J. Buchanan,
Sarwar Sayeed,
Pavlos Papadopoulos,
Nikolaos Pitropakis,
Christos Chrysoulas
Abstract:
E-governance is a process that aims to enhance a government's ability to simplify all the processes that may involve government, citizens, businesses, and so on. The rapid evolution of digital technologies has often created the necessity for the establishment of an e-Governance model. There is often a need for an inclusive e-governance model with integrated multiactor governance services and where…
▽ More
E-governance is a process that aims to enhance a government's ability to simplify all the processes that may involve government, citizens, businesses, and so on. The rapid evolution of digital technologies has often created the necessity for the establishment of an e-Governance model. There is often a need for an inclusive e-governance model with integrated multiactor governance services and where a single market approach can be adopted. e-Governance often aims to minimise bureaucratic processes, while at the same time including a digital-by-default approach to public services. This aims at administrative efficiency and the reduction of bureaucratic processes. It can also improve government capabilities, and enhances trust and security, which brings confidence in governmental transactions. However, solid implementations of a distributed data sharing model within an e-governance architecture is far from a reality; hence, citizens of European countries often go through the tedious process of having their confidential information verified. This paper focuses on the sinGLe sign-on e-GovernAnce Paradigm based on a distributed file-exchange network for security, transparency, cost-effectiveness and trust (GLASS) model, which aims to ensure that a citizen can control their relationship with governmental agencies. The paper thus proposes an approach that integrates a permissioned blockchain with the InterPlanetary File System (IPFS). This method demonstrates how we may encrypt and store verifiable credentials of the GLASS ecosystem, such as academic awards, ID documents and so on, within IPFS in a secure manner and thus only allow trusted users to read a blockchain record, and obtain the encryption key. This allows for the decryption of a given verifiable credential that stored on IPFS. This paper outlines the creation of a demonstrator that proves the principles of the GLASS approach.
△ Less
Submitted 16 March, 2022;
originally announced March 2022.
-
Ransomware: Analysing the Impact on Windows Active Directory Domain Services
Authors:
Grant McDonald,
Pavlos Papadopoulos,
Nikolaos Pitropakis,
Jawad Ahmad,
William J. Buchanan
Abstract:
Ransomware has become an increasingly popular type of malware across the past decade and continues to rise in popularity due to its high profitability. Organisations and enterprises have become prime targets for ransomware as they are more likely to succumb to ransom demands as part of operating expenses to counter the cost incurred from downtime. Despite the prevalence of ransomware as a threat t…
▽ More
Ransomware has become an increasingly popular type of malware across the past decade and continues to rise in popularity due to its high profitability. Organisations and enterprises have become prime targets for ransomware as they are more likely to succumb to ransom demands as part of operating expenses to counter the cost incurred from downtime. Despite the prevalence of ransomware as a threat towards organisations, there is very little information outlining how ransomware affects Windows Server environments, and particularly its proprietary domain services such as Active Directory. Hence, we aim to increase the cyber situational awareness of organisations and corporations that utilise these environments. Dynamic analysis was performed using three ransomware variants to uncover how crypto-ransomware affects Windows Server-specific services and processes. Our work outlines the practical investigation undertaken as WannaCry, TeslaCrypt, and Jigsaw were acquired and tested against several domain services. The findings showed that none of the three variants stopped the processes and decidedly left all domain services untouched. However, although the services remained operational, they became uniquely dysfunctional as ransomware encrypted the files pertaining to those services
△ Less
Submitted 7 February, 2022;
originally announced February 2022.
-
Privacy-preserving and Trusted Threat Intelligence Sharing using Distributed Ledgers
Authors:
Hisham Ali,
Pavlos Papadopoulos,
Jawad Ahmad,
Nikolaos Pitropakis,
Zakwan Jaroucheh,
William J. Buchanan
Abstract:
Threat information sharing is considered as one of the proactive defensive approaches for enhancing the overall security of trusted partners. Trusted partner organizations can provide access to past and current cybersecurity threats for reducing the risk of a potential cyberattack - the requirements for threat information sharing range from simplistic sharing of documents to threat intelligence sh…
▽ More
Threat information sharing is considered as one of the proactive defensive approaches for enhancing the overall security of trusted partners. Trusted partner organizations can provide access to past and current cybersecurity threats for reducing the risk of a potential cyberattack - the requirements for threat information sharing range from simplistic sharing of documents to threat intelligence sharing. Therefore, the storage and sharing of highly sensitive threat information raises considerable concerns regarding constructing a secure, trusted threat information exchange infrastructure. Establishing a trusted ecosystem for threat sharing will promote the validity, security, anonymity, scalability, latency efficiency, and traceability of the stored information that protects it from unauthorized disclosure. This paper proposes a system that ensures the security principles mentioned above by utilizing a distributed ledger technology that provides secure decentralized operations through smart contracts and provides a privacy-preserving ecosystem for threat information storage and sharing regarding the MITRE ATT\&CK framework.
△ Less
Submitted 19 December, 2021;
originally announced December 2021.
-
PAN-DOMAIN: Privacy-preserving Sharing and Auditing of Infection Identifier Matching
Authors:
William Abramson,
William J. Buchanan,
Sarwar Sayeed,
Nikolaos Pitropakis,
Owen Lo
Abstract:
The spread of COVID-19 has highlighted the need for a robust contact tracing infrastructure that enables infected individuals to have their contacts traced, and followed up with a test. The key entities involved within a contact tracing infrastructure may include the Citizen, a Testing Centre (TC), a Health Authority (HA), and a Government Authority (GA). Typically, these different domains need to…
▽ More
The spread of COVID-19 has highlighted the need for a robust contact tracing infrastructure that enables infected individuals to have their contacts traced, and followed up with a test. The key entities involved within a contact tracing infrastructure may include the Citizen, a Testing Centre (TC), a Health Authority (HA), and a Government Authority (GA). Typically, these different domains need to communicate with each other about an individual. A common approach is when a citizen discloses his personally identifiable information to both the HA a TC, if the test result comes positive, the information is used by the TC to alert the HA. Along with this, there can be other trusted entities that have other key elements of data related to the citizen. However, the existing approaches comprise severe flaws in terms of privacy and security. Additionally, the aforementioned approaches are not transparent and often being questioned for the efficacy of the implementations. In order to overcome the challenges, this paper outlines the PAN-DOMAIN infrastructure that allows for citizen identifiers to be matched amongst the TA, the HA and the GA. PAN-DOMAIN ensures that the citizen can keep control of the map** between the trusted entities using a trusted converter, and has access to an audit log.
△ Less
Submitted 6 December, 2021;
originally announced December 2021.
-
Evaluating Tooling and Methodology when Analysing Bitcoin Mixing Services After Forensic Seizure
Authors:
Edward Henry Young,
Christos Chrysoulas,
Nikolaos Pitropakis,
Pavlos Papadopoulos,
William J Buchanan
Abstract:
Little or no research has been directed to analysis and researching forensic analysis of the Bitcoin mixing or 'tumbling' service themselves. This work is intended to examine effective tooling and methodology for recovering forensic artifacts from two privacy focused mixing services namely Obscuro which uses the secure enclave on intel chips to provide enhanced confidentiality and Wasabi wallet wh…
▽ More
Little or no research has been directed to analysis and researching forensic analysis of the Bitcoin mixing or 'tumbling' service themselves. This work is intended to examine effective tooling and methodology for recovering forensic artifacts from two privacy focused mixing services namely Obscuro which uses the secure enclave on intel chips to provide enhanced confidentiality and Wasabi wallet which uses CoinJoin to mix and obfuscate crypto currencies. These wallets were set up on VMs and then several forensic tools used to examine these VM images for relevant forensic artifacts. These forensic tools were able to recover a broad range of forensic artifacts and found both network forensics and logging files to be a useful source of artifacts to deanonymize these mixing services.
△ Less
Submitted 5 October, 2021;
originally announced October 2021.
-
GLASS: Towards Secure and Decentralized eGovernance Services using IPFS
Authors:
Christos Chrysoulas,
Amanda Thomson,
Nikolaos Pitropakis,
Pavlos Papadopoulos,
Owen Lo,
William J. Buchanan,
George Domalis,
Nikos Karacapilidis,
Dimitris Tsakalidis,
Dimitris Tsolis
Abstract:
The continuously advancing digitization has provided answers to the bureaucratic problems faced by eGovernance services. This innovation led them to an era of automation it has broadened the attack surface and made them a popular target for cyber attacks. eGovernance services utilize internet, which is currently a location addressed system where whoever controls the location controls not only the…
▽ More
The continuously advancing digitization has provided answers to the bureaucratic problems faced by eGovernance services. This innovation led them to an era of automation it has broadened the attack surface and made them a popular target for cyber attacks. eGovernance services utilize internet, which is currently a location addressed system where whoever controls the location controls not only the content itself, but the integrity of that content, and the access to that content. We propose GLASS, a decentralised solution which combines the InterPlanetary File System (IPFS) with Distributed Ledger technology and Smart Contracts to secure EGovernance services. We also create a testbed environment where we measure the IPFS performance.
△ Less
Submitted 17 September, 2021;
originally announced September 2021.
-
Launching Adversarial Attacks against Network Intrusion Detection Systems for IoT
Authors:
Pavlos Papadopoulos,
Oliver Thornewill von Essen,
Nikolaos Pitropakis,
Christos Chrysoulas,
Alexios Mylonas,
William J. Buchanan
Abstract:
As the internet continues to be populated with new devices and emerging technologies, the attack surface grows exponentially. Technology is shifting towards a profit-driven Internet of Things market where security is an afterthought. Traditional defending approaches are no longer sufficient to detect both known and unknown attacks to high accuracy. Machine learning intrusion detection systems have…
▽ More
As the internet continues to be populated with new devices and emerging technologies, the attack surface grows exponentially. Technology is shifting towards a profit-driven Internet of Things market where security is an afterthought. Traditional defending approaches are no longer sufficient to detect both known and unknown attacks to high accuracy. Machine learning intrusion detection systems have proven their success in identifying unknown attacks with high precision. Nevertheless, machine learning models are also vulnerable to attacks. Adversarial examples can be used to evaluate the robustness of a designed model before it is deployed. Further, using adversarial examples is critical to creating a robust model designed for an adversarial environment. Our work evaluates both traditional machine learning and deep learning models' robustness using the Bot-IoT dataset. Our methodology included two main approaches. First, label poisoning, used to cause incorrect classification by the model. Second, the fast gradient sign method, used to evade detection measures. The experiments demonstrated that an attacker could manipulate or circumvent detection with significant probability.
△ Less
Submitted 26 April, 2021;
originally announced April 2021.
-
Privacy and Trust Redefined in Federated Machine Learning
Authors:
Pavlos Papadopoulos,
Will Abramson,
Adam J. Hall,
Nikolaos Pitropakis,
William J. Buchanan
Abstract:
A common privacy issue in traditional machine learning is that data needs to be disclosed for the training procedures. In situations with highly sensitive data such as healthcare records, accessing this information is challenging and often prohibited. Luckily, privacy-preserving technologies have been developed to overcome this hurdle by distributing the computation of the training and ensuring th…
▽ More
A common privacy issue in traditional machine learning is that data needs to be disclosed for the training procedures. In situations with highly sensitive data such as healthcare records, accessing this information is challenging and often prohibited. Luckily, privacy-preserving technologies have been developed to overcome this hurdle by distributing the computation of the training and ensuring the data privacy to their owners. The distribution of the computation to multiple participating entities introduces new privacy complications and risks. In this paper, we present a privacy-preserving decentralised workflow that facilitates trusted federated learning among participants. Our proof-of-concept defines a trust framework instantiated using decentralised identity technologies being developed under Hyperledger projects Aries/Indy/Ursa. Only entities in possession of Verifiable Credentials issued from the appropriate authorities are able to establish secure, authenticated communication channels authorised to participate in a federated learning workflow related to mental health data.
△ Less
Submitted 30 March, 2021; v1 submitted 29 March, 2021;
originally announced March 2021.
-
A Privacy-Preserving Healthcare Framework Using Hyperledger Fabric
Authors:
Charalampos Stamatellis,
Pavlos Papadopoulos,
Nikolaos Pitropakis,
Sokratis Katsikas,
William J Buchanan
Abstract:
Electronic health record (EHR) management systems require the adoption of effective technologies when health information is being exchanged. Current management approaches often face risks that may expose medical record storage solutions to common security attack vectors. However, healthcare-oriented blockchain solutions can provide a decentralized, anonymous and secure EHR handling approach. This…
▽ More
Electronic health record (EHR) management systems require the adoption of effective technologies when health information is being exchanged. Current management approaches often face risks that may expose medical record storage solutions to common security attack vectors. However, healthcare-oriented blockchain solutions can provide a decentralized, anonymous and secure EHR handling approach. This paper presents PREHEALTH, a privacy-preserving EHR management solution that uses distributed ledger technology and an Identity Mixer (Idemix). The paper describes a proof-of-concept implementation that uses the Hyperledger Fabric's permissioned blockchain framework. The proposed solution is able to store patient records effectively whilst providing anonymity and unlinkability. Experimental performance evaluation results demonstrate the scheme's efficiency and feasibility for real-world scale deployment.
△ Less
Submitted 27 January, 2021; v1 submitted 18 November, 2020;
originally announced November 2020.
-
Review and Critical Analysis of Privacy-preserving Infection Tracking and Contact Tracing
Authors:
William J Buchanan,
Muhammad Ali Imran,
Masood Ur-Rehman,
Lei Zhang,
Qammer H. Abbasi,
Christos Chrysoulas,
David Haynes,
Nikolaos Pitropakis,
Pavlos Papadopoulos
Abstract:
The outbreak of viruses have necessitated contact tracing and infection tracking methods. Despite various efforts, there is currently no standard scheme for the tracing and tracking. Many nations of the world have therefore, developed their own ways where carriers of disease could be tracked and their contacts traced. These are generalized methods developed either in a distributed manner giving ci…
▽ More
The outbreak of viruses have necessitated contact tracing and infection tracking methods. Despite various efforts, there is currently no standard scheme for the tracing and tracking. Many nations of the world have therefore, developed their own ways where carriers of disease could be tracked and their contacts traced. These are generalized methods developed either in a distributed manner giving citizens control of their identity or in a centralised manner where a health authority gathers data on those who are carriers. This paper outlines some of the most significant approaches that have been established for contact tracing around the world. A comprehensive review on the key enabling methods used to realise the infrastructure around these infection tracking and contact tracing methods is also presented and recommendations are made for the most effective way to develop such a practice.
△ Less
Submitted 10 September, 2020;
originally announced September 2020.
-
Privacy Preserving Passive DNS
Authors:
Pavlos Papadopoulos,
Nikolaos Pitropakis,
William J. Buchanan,
Owen Lo,
Sokratis Katsikas
Abstract:
The Domain Name System (DNS) was created to resolve the IP addresses of the web servers to easily remembered names. When it was initially created, security was not a major concern; nowadays, this lack of inherent security and trust has exposed the global DNS infrastructure to malicious actors. The passive DNS data collection process creates a database containing various DNS data elements, some of…
▽ More
The Domain Name System (DNS) was created to resolve the IP addresses of the web servers to easily remembered names. When it was initially created, security was not a major concern; nowadays, this lack of inherent security and trust has exposed the global DNS infrastructure to malicious actors. The passive DNS data collection process creates a database containing various DNS data elements, some of which are personal and need to be protected to preserve the privacy of the end users. To this end, we propose the use of distributed ledger technology. We use Hyperledger Fabric to create a permissioned blockchain, which only authorized entities can access. The proposed solution supports queries for storing and retrieving data from the blockchain ledger, allowing the use of the passive DNS database for further analysis, e.g. for the identification of malicious domain names. Additionally, it effectively protects the DNS personal data from unauthorized entities, including the administrators that can act as potential malicious insiders, and allows only the data owners to perform queries over these data. We evaluated our proposed solution by creating a proof-of-concept experimental setup that passively collects DNS data from a network and then uses the distributed ledger technology to store the data in an immutable ledger, thus providing a full historical overview of all the records.
△ Less
Submitted 14 August, 2020;
originally announced August 2020.
-
Testing And Hardening IoT Devices Against the Mirai Botnet
Authors:
Christopher Kelly,
Nikolaos Pitropakis,
Sean McKeown,
Costas Lambrinoudakis
Abstract:
A large majority of cheap Internet of Things (IoT) devices that arrive brand new, and are configured with out-of-the-box settings, are not being properly secured by the manufactures, and are vulnerable to existing malware lurking on the Internet. Among them is the Mirai botnet which has had its source code leaked to the world, allowing any malicious actor to configure and unleash it. A combination…
▽ More
A large majority of cheap Internet of Things (IoT) devices that arrive brand new, and are configured with out-of-the-box settings, are not being properly secured by the manufactures, and are vulnerable to existing malware lurking on the Internet. Among them is the Mirai botnet which has had its source code leaked to the world, allowing any malicious actor to configure and unleash it. A combination of software assets not being utilised safely and effectively are exposing consumers to a full compromise. We configured and attacked 4 different IoT devices using the Mirai libraries. Our experiments concluded that three out of the four devices were vulnerable to the Mirai malware and became infected when deployed using their default configuration. This demonstrates that the original security configurations are not sufficient to provide acceptable levels of protection for consumers, leaving their devices exposed and vulnerable. By analysing the Mirai libraries and its attack vectors, we were able to determine appropriate device configuration countermeasures to harden the devices against this botnet, which were successfully validated through experimentation.
△ Less
Submitted 27 July, 2020;
originally announced July 2020.
-
A Distributed Trust Framework for Privacy-Preserving Machine Learning
Authors:
Will Abramson,
Adam James Hall,
Pavlos Papadopoulos,
Nikolaos Pitropakis,
William J Buchanan
Abstract:
When training a machine learning model, it is standard procedure for the researcher to have full knowledge of both the data and model. However, this engenders a lack of trust between data owners and data scientists. Data owners are justifiably reluctant to relinquish control of private information to third parties. Privacy-preserving techniques distribute computation in order to ensure that data r…
▽ More
When training a machine learning model, it is standard procedure for the researcher to have full knowledge of both the data and model. However, this engenders a lack of trust between data owners and data scientists. Data owners are justifiably reluctant to relinquish control of private information to third parties. Privacy-preserving techniques distribute computation in order to ensure that data remains in the control of the owner while learning takes place. However, architectures distributed amongst multiple agents introduce an entirely new set of security and trust complications. These include data poisoning and model theft. This paper outlines a distributed infrastructure which is used to facilitate peer-to-peer trust between distributed agents; collaboratively performing a privacy-preserving workflow. Our outlined prototype sets industry gatekeepers and governance bodies as credential issuers. Before participating in the distributed learning workflow, malicious actors must first negotiate valid credentials. We detail a proof of concept using Hyperledger Aries, Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs) to establish a distributed trust architecture during a privacy-preserving machine learning experiment. Specifically, we utilise secure and authenticated DID communication channels in order to facilitate a federated learning workflow related to mental health care data.
△ Less
Submitted 3 June, 2020;
originally announced June 2020.
-
Phishing URL Detection Through Top-level Domain Analysis: A Descriptive Approach
Authors:
Orestis Christou,
Nikolaos Pitropakis,
Pavlos Papadopoulos,
Sean McKeown,
William J. Buchanan
Abstract:
Phishing is considered to be one of the most prevalent cyber-attacks because of its immense flexibility and alarmingly high success rate. Even with adequate training and high situational awareness, it can still be hard for users to continually be aware of the URL of the website they are visiting. Traditional detection methods rely on blocklists and content analysis, both of which require time-cons…
▽ More
Phishing is considered to be one of the most prevalent cyber-attacks because of its immense flexibility and alarmingly high success rate. Even with adequate training and high situational awareness, it can still be hard for users to continually be aware of the URL of the website they are visiting. Traditional detection methods rely on blocklists and content analysis, both of which require time-consuming human verification. Thus, there have been attempts focusing on the predictive filtering of such URLs. This study aims to develop a machine-learning model to detect fraudulent URLs which can be used within the Splunk platform. Inspired from similar approaches in the literature, we trained the SVM and Random Forests algorithms using malicious and benign datasets found in the literature and one dataset that we created. We evaluated the algorithms' performance with precision and recall, reaching up to 85% precision and 87% recall in the case of Random Forests while SVM achieved up to 90% precision and 88% recall using only descriptive features.
△ Less
Submitted 13 May, 2020;
originally announced May 2020.
-
Performance Analysis of TLS for Quantum Robust Cryptography on a Constrained Device
Authors:
Jon Barton,
William J Buchanan,
Nikolaos Pitropakis,
Sarwar Sayeed,
Will Abramson
Abstract:
Advances in quantum computing make Shor's algorithm for factorising numbers ever more tractable. This threatens the security of any cryptographic system which often relies on the difficulty of factorisation. It also threatens methods based on discrete logarithms, such as with the Diffie-Hellman key exchange method. For a cryptographic system to remain secure against a quantum adversary, we need to…
▽ More
Advances in quantum computing make Shor's algorithm for factorising numbers ever more tractable. This threatens the security of any cryptographic system which often relies on the difficulty of factorisation. It also threatens methods based on discrete logarithms, such as with the Diffie-Hellman key exchange method. For a cryptographic system to remain secure against a quantum adversary, we need to build methods based on a hard mathematical problem, which are not susceptible to Shor's algorithm and which create Post Quantum Cryptography (PQC). While high-powered computing devices may be able to run these new methods, we need to investigate how well these methods run on limited powered devices. This paper outlines an evaluation framework for PQC within constrained devices, and contributes to the area by providing benchmarks of the front-running algorithms on a popular single-board low-power device.
△ Less
Submitted 7 February, 2022; v1 submitted 20 September, 2019;
originally announced December 2019.
-
Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier
Authors:
Adam James Hall,
Nikolaos Pitropakis,
William J Buchanan,
Naghmeh Moradpoor
Abstract:
Insider threats continue to present a major challenge for the information security community. Despite constant research taking place in this area; a substantial gap still exists between the requirements of this community and the solutions that are currently available. This paper uses the CERT dataset r4.2 along with a series of machine learning classifiers to predict the occurrence of a particular…
▽ More
Insider threats continue to present a major challenge for the information security community. Despite constant research taking place in this area; a substantial gap still exists between the requirements of this community and the solutions that are currently available. This paper uses the CERT dataset r4.2 along with a series of machine learning classifiers to predict the occurrence of a particular malicious insider threat scenario - the uploading sensitive information to wiki leaks before leaving the organization. These algorithms are aggregated into a meta-classifier which has a stronger predictive performance than its constituent models. It also defines a methodology for performing pre-processing on organizational log data into daily user summaries for classification, and is used to train multiple classifiers. Boosting is also applied to optimise classifier accuracy. Overall the models are evaluated through analysis of their associated confusion matrix and Receiver Operating Characteristic (ROC) curve, and the best performing classifiers are aggregated into an ensemble classifier. This meta-classifier has an accuracy of \textbf{96.2\%} with an area under the ROC curve of \textbf{0.988}.
△ Less
Submitted 24 July, 2019;
originally announced July 2019.
-
Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse
Authors:
Panagiotis Kintis,
Najmeh Miramirkhani,
Charles Lever,
Yizheng Chen,
Rosa Romero-Gómez,
Nikolaos Pitropakis,
Nick Nikiforakis,
Manos Antonakakis
Abstract:
Domain squatting is a common adversarial practice where attackers register domain names that are purposefully similar to popular domains. In this work, we study a specific type of domain squatting called "combosquatting," in which attackers register domains that combine a popular trademark with one or more phrases (e.g., betterfacebook[.]com, youtube-live[.]com). We perform the first large-scale,…
▽ More
Domain squatting is a common adversarial practice where attackers register domain names that are purposefully similar to popular domains. In this work, we study a specific type of domain squatting called "combosquatting," in which attackers register domains that combine a popular trademark with one or more phrases (e.g., betterfacebook[.]com, youtube-live[.]com). We perform the first large-scale, empirical study of combosquatting by analyzing more than 468 billion DNS records---collected from passive and active DNS data sources over almost six years. We find that almost 60% of abusive combosquatting domains live for more than 1,000 days, and even worse, we observe increased activity associated with combosquatting year over year. Moreover, we show that combosquatting is used to perform a spectrum of different types of abuse including phishing, social engineering, affiliate abuse, trademark abuse, and even advanced persistent threats. Our results suggest that combosquatting is a real problem that requires increased scrutiny by the security community.
△ Less
Submitted 28 August, 2017;
originally announced August 2017.