Showing 1–50 of 62 results for author: Buchanan, W

Review of Generative AI Methods in Cybersecurity

Authors: Yagmur Yigit, William J Buchanan, Madjid G Tehrani, Leandros Maglaras

Abstract: Over the last decade, Artificial Intelligence (AI) has become increasingly popular, especially with the use of chatbots such as ChatGPT, Gemini, and DALL-E. With this rise, large language models (LLMs) and Generative AI (GenAI) have also become more prevalent in everyday use. These advancements strengthen cybersecurity's defensive posture and open up new attack avenues for adversaries as well. Thi… ▽ More Over the last decade, Artificial Intelligence (AI) has become increasingly popular, especially with the use of chatbots such as ChatGPT, Gemini, and DALL-E. With this rise, large language models (LLMs) and Generative AI (GenAI) have also become more prevalent in everyday use. These advancements strengthen cybersecurity's defensive posture and open up new attack avenues for adversaries as well. This paper provides a comprehensive overview of the current state-of-the-art deployments of GenAI, covering assaults, jailbreaking, and applications of prompt injection and reverse psychology. This paper also provides the various applications of GenAI in cybercrimes, such as automated hacking, phishing emails, social engineering, reverse cryptography, creating attack payloads, and creating malware. GenAI can significantly improve the automation of defensive cyber security processes through strategies such as dataset construction, safe code development, threat intelligence, defensive measures, reporting, and cyberattack detection. In this study, we suggest that future research should focus on develo** robust ethical norms and innovative defense mechanisms to address the current issues that GenAI creates and to also further encourage an impartial approach to its future application in cybersecurity. Moreover, we underscore the importance of interdisciplinary approaches further to bridge the gap between scientific developments and ethical considerations. △ Less

Submitted 19 March, 2024; v1 submitted 13 March, 2024; originally announced March 2024.

Comments: 40 pages

vSPACE: Voting in a Scalable, Privacy-Aware and Confidential Election

Authors: Se Elnour, William J Buchanan, Paul Keating, Mwrwan Abubakar, Sirag Elnour

Abstract: The vSPACE experimental proof-of-concept (PoC) on the TrueElect[Anon][Creds] protocol presents a novel approach to secure, private, and scalable elections, extending the TrueElect and ElectAnon protocols with the integration of AnonCreds SSI (Self-Sovereign Identity). Such a protocol PoC is situated within a Zero-Trust Architecture (ZTA) and leverages confidential computing, continuous authenticat… ▽ More The vSPACE experimental proof-of-concept (PoC) on the TrueElect[Anon][Creds] protocol presents a novel approach to secure, private, and scalable elections, extending the TrueElect and ElectAnon protocols with the integration of AnonCreds SSI (Self-Sovereign Identity). Such a protocol PoC is situated within a Zero-Trust Architecture (ZTA) and leverages confidential computing, continuous authentication, multi-party computation (MPC), and well-architected framework (WAF) principles to address the challenges of cybersecurity, privacy, and trust over IP (ToIP) protection. Employing a Kubernetes confidential cluster within an Enterprise-Scale Landing Zone (ESLZ), vSPACE integrates Distributed Ledger Technology (DLT) for immutable and certifiable audit trails. The Infrastructure as Code (IaC) model ensures rapid deployment, consistent management, and adherence to security standards, making vSPACE a future-proof solution for digital voting systems. △ Less

Submitted 8 March, 2024; originally announced March 2024.

DID:RING: Ring Signatures using Decentralised Identifiers For Privacy-Aware Identity

Authors: Dimitrios Kasimatis, Sam Grierson, William J. Buchanan, Chris Eckl, Pavlos Papadopoulos, Nikolaos Pitropakis, Craig Thomson, Baraq Ghaleb

Abstract: Decentralised identifiers have become a standardised element of digital identity architecture, with supra-national organisations such as the European Union adopting them as a key component for a unified European digital identity ledger. This paper delves into enhancing security and privacy features within decentralised identifiers by integrating ring signatures as an alternative verification metho… ▽ More Decentralised identifiers have become a standardised element of digital identity architecture, with supra-national organisations such as the European Union adopting them as a key component for a unified European digital identity ledger. This paper delves into enhancing security and privacy features within decentralised identifiers by integrating ring signatures as an alternative verification method. This allows users to identify themselves through digital signatures without revealing which public key they used. To this end, the study proposed a novel decentralised identity method showcased in a decentralised identifier-based architectural framework. Additionally, the investigation assesses the repercussions of employing this new method in the verification process, focusing specifically on privacy and security aspects. Although ring signatures are an established asset of cryptographic protocols, this paper seeks to leverage their capabilities in the evolving domain of digital identities. △ Less

Submitted 11 March, 2024; v1 submitted 8 March, 2024; originally announced March 2024.

TIPS: Threat Sharing Information Platform for Enhanced Security

Authors: Lakshmi Rama Kiran Pasumarthy, Hisham Ali, William J Buchanan, Jawad Ahmad, Audun Josang, Vasileios Mavroeidis, Mouad Lemoudden

Abstract: There is an increasing need to share threat information for the prevention of widespread cyber-attacks. While threat-related information sharing can be conducted through traditional information exchange methods, such as email communications etc., these methods are often weak in terms of their trustworthiness and privacy. Additionally, the absence of a trust infrastructure between different informa… ▽ More There is an increasing need to share threat information for the prevention of widespread cyber-attacks. While threat-related information sharing can be conducted through traditional information exchange methods, such as email communications etc., these methods are often weak in terms of their trustworthiness and privacy. Additionally, the absence of a trust infrastructure between different information-sharing domains also poses significant challenges. These challenges include redactment of information, the Right-to-be-forgotten, and access control to the information-sharing elements. These access issues could be related to time bounds, the trusted deletion of data, and the location of accesses. This paper presents an abstraction of a trusted information-sharing process which integrates Attribute-Based Encryption (ABE), Homomorphic Encryption (HE) and Zero Knowledge Proof (ZKP) integrated into a permissioned ledger, specifically Hyperledger Fabric (HLF). It then provides a protocol exchange between two threat-sharing agents that share encrypted messages through a trusted channel. This trusted channel can only be accessed by those trusted in the sharing and could be enabled for each data-sharing element or set up for long-term sharing. △ Less

Submitted 8 March, 2024; originally announced March 2024.

Privacy-Aware Single-Nucleotide Polymorphisms (SNPs) using Bilinear Group Accumulators in Batch Mode

Authors: William J Buchanan, Sam Grierson, Daniel Uribe

Abstract: Biometric data is often highly sensitive, and a leak of this data can lead to serious privacy breaches. Some of the most sensitive of this type of data relates to the usage of DNA data on individuals. A leak of this type of data without consent could lead to privacy breaches of data protection laws. Along with this, there have been several recent data breaches related to the leak of DNA informatio… ▽ More Biometric data is often highly sensitive, and a leak of this data can lead to serious privacy breaches. Some of the most sensitive of this type of data relates to the usage of DNA data on individuals. A leak of this type of data without consent could lead to privacy breaches of data protection laws. Along with this, there have been several recent data breaches related to the leak of DNA information, including from 23andMe and Ancestry. It is thus fundamental that a citizen should have the right to know if their DNA data is contained within a DNA database and ask for it to be removed if they are concerned about its usage. This paper outlines a method of hashing the core information contained within the data stores - known as Single-Nucleotide Polymorphisms (SNPs) - into a bilinear group accumulator in batch mode, which can then be searched by a trusted entity for matches. The time to create the witness proof and to verify were measured at 0.86 ms and 10.90 ms, respectively. △ Less

Submitted 15 January, 2024; originally announced January 2024.

RNA-TransCrypt: Image Encryption Using Chaotic RNA Encoding, Novel Transformative Substitution, and Tailored Cryptographic Operations

Authors: Muhammad Shahbaz Khan, Jawad Ahmad, Ahmed Al-Dubai, Baraq Ghaleb, Nikolaos Pitropakis, William J. Buchanan

Abstract: Given the security concerns of Internet of Things (IoT) networks and limited computational resources of IoT devices, this paper presents RNA-TransCrypt, a novel image encryption scheme that is not only highly secure but also efficient and lightweight. RNA-TransCrypt integrates the biocryptographic properties of RNA encoding with the non-linearity and unpredictability of chaos theory. This scheme i… ▽ More Given the security concerns of Internet of Things (IoT) networks and limited computational resources of IoT devices, this paper presents RNA-TransCrypt, a novel image encryption scheme that is not only highly secure but also efficient and lightweight. RNA-TransCrypt integrates the biocryptographic properties of RNA encoding with the non-linearity and unpredictability of chaos theory. This scheme introduces three novel contributions: 1) the two-base RNA encoding method, which transforms the image into RNA strands-like sequence, ensuring efficient scrambling; 2) the transformative substitution technique, which transforms the s-box values before replacing the pixel values, and is responsible for making the scheme lightweight; and 3) three mathematical cryptographic operations designed especially for image encryption that ensure the effective transformation of the s-box values, resulting in a new outcome even for the same input values. These modules are key-dependent, utilizing chaotic keys generated by the De Jong Fractal Map and the Van der Pol Oscillator. Extensive security analysis, including histogram analysis, correlation analysis, and the results of the statistical security parameters obtained from the Gray-Level Co-occurrence Matrix (GLCM) validate the efficacy of the proposed scheme in encrypting input images with close-to-ideal results of 7.997 entropy and 0.0006 correlation. △ Less

Submitted 9 January, 2024; originally announced January 2024.

PermutEx: Feature-Extraction-Based Permutation -- A New Diffusion Scheme for Image Encryption Algorithms

Authors: Muhammad Shahbaz Khan, Jawad Ahmad, Ahmed Al-Dubai, Zakwan Jaroucheh, Nikolaos Pitropakis, William J. Buchanan

Abstract: Traditional permutation schemes mostly focus on random scrambling of pixels, often neglecting the intrinsic image information that could enhance diffusion in image encryption algorithms. This paper introduces PermutEx, a feature-extraction-based permutation method that utilizes inherent image features to scramble pixels effectively. Unlike random permutation schemes, PermutEx extracts the spatial… ▽ More Traditional permutation schemes mostly focus on random scrambling of pixels, often neglecting the intrinsic image information that could enhance diffusion in image encryption algorithms. This paper introduces PermutEx, a feature-extraction-based permutation method that utilizes inherent image features to scramble pixels effectively. Unlike random permutation schemes, PermutEx extracts the spatial frequency and local contrast features of the image and ranks each pixel based on this information, identifying which pixels are more important or information-rich based on texture and edge information. In addition, a unique permutation key is generated using the Logistic-Sine Map based on chaotic behavior. The ranked pixels are permuted in conjunction with this unique key, effectively permuting the original image into a scrambled version. Experimental results indicate that the proposed method effectively disrupts the correlation in information-rich areas within the image resulting in a correlation value of 0.000062. The effective scrambling of pixels, resulting in nearly zero correlation, makes this method suitable to be used as diffusion in image encryption algorithms. △ Less

Submitted 5 November, 2023; originally announced November 2023.

PASSION: Permissioned Access Control for Segmented Devices and Identity for IoT Networks

Authors: Hisham Ali, Mwrwan Abubakar, Jawad Ahmad, William J. Buchanan, Zakwan Jaroucheh

Abstract: In recent years, there has been a significant proliferation of industrial Internet of Things (IoT) applications, with a wide variety of use cases being developed and put into operation. As the industrial IoT landscape expands, the establishment of secure and reliable infrastructure becomes crucial to instil trust among users and stakeholders, particularly in addressing fundamental concerns such as… ▽ More In recent years, there has been a significant proliferation of industrial Internet of Things (IoT) applications, with a wide variety of use cases being developed and put into operation. As the industrial IoT landscape expands, the establishment of secure and reliable infrastructure becomes crucial to instil trust among users and stakeholders, particularly in addressing fundamental concerns such as traceability, integrity protection, and privacy that some industries still encounter today. This paper introduces a privacy-preserving method in the industry's IoT systems using blockchain-based data access control for remote industry safety monitoring and maintaining event information confidentiality, integrity and authenticity. △ Less

Submitted 8 October, 2023; originally announced October 2023.

Scalable Multi-domain Trust Infrastructures for Segmented Networks

Authors: Sam Grierson, William J Buchanan, Craig Thomson, Baraq Ghaleb, Leandros Maglaras, Chris Eckl

Abstract: Within a trust infrastructure, a private key is often used to digitally sign a transaction, which can be verified with an associated public key. Using PKI (Public Key Infrastructure), a trusted entity can produce a digital signature, verifying the authenticity of the public key. However, what happens when external entities are not trusted to verify the public key or in cases where there is no Inte… ▽ More Within a trust infrastructure, a private key is often used to digitally sign a transaction, which can be verified with an associated public key. Using PKI (Public Key Infrastructure), a trusted entity can produce a digital signature, verifying the authenticity of the public key. However, what happens when external entities are not trusted to verify the public key or in cases where there is no Internet connection within an isolated or autonomously acting collection of devices? For this, a trusted entity can be elected to generate a key pair and then split the private key amongst trusted devices. Each node can then sign part of the transaction using their split of the shared secret. The aggregated signature can then define agreement on a consensus within the infrastructure. Unfortunately, this process has two significant problems. The first is when no trusted node can act as a dealer of the shares. The second is the difficulty of scaling the digital signature scheme. This paper outlines a method of creating a leaderless approach to defining trust domains to overcome weaknesses in the scaling of the elliptic curve digital signature algorithm. Instead, it proposes the usage of the Edwards curve digital signature algorithm for the definition of multiple trust zones. The paper shows that the computational overhead of the distributed key generation phase increases with the number of nodes in the trust domain but that the distributed signing has a relatively constant computational overhead. △ Less

Submitted 10 October, 2023; v1 submitted 7 October, 2023; originally announced October 2023.

CellSecure: Securing Image Data in Industrial Internet-of-Things via Cellular Automata and Chaos-Based Encryption

Authors: Hassan Ali, Muhammad Shahbaz Khan, Maha Driss, Jawad Ahmad, William J. Buchanan, Nikolaos Pitropakis

Abstract: In the era of Industrial IoT (IIoT) and Industry 4.0, ensuring secure data transmission has become a critical concern. Among other data types, images are widely transmitted and utilized across various IIoT applications, ranging from sensor-generated visual data and real-time remote monitoring to quality control in production lines. The encryption of these images is essential for maintaining operat… ▽ More In the era of Industrial IoT (IIoT) and Industry 4.0, ensuring secure data transmission has become a critical concern. Among other data types, images are widely transmitted and utilized across various IIoT applications, ranging from sensor-generated visual data and real-time remote monitoring to quality control in production lines. The encryption of these images is essential for maintaining operational integrity, data confidentiality, and seamless integration with analytics platforms. This paper addresses these critical concerns by proposing a robust image encryption algorithm tailored for IIoT and Cyber-Physical Systems (CPS). The algorithm combines Rule-30 cellular automata with chaotic scrambling and substitution. The Rule 30 cellular automata serves as an efficient mechanism for generating pseudo-random sequences that enable fast encryption and decryption cycles suitable for real-time sensor data in industrial settings. Most importantly, it induces non-linearity in the encryption algorithm. Furthermore, to increase the chaotic range and keyspace of the algorithm, which is vital for security in distributed industrial networks, a hybrid chaotic map, i.e., logistic-sine map is utilized. Extensive security analysis has been carried out to validate the efficacy of the proposed algorithm. Results indicate that our algorithm achieves close-to-ideal values, with an entropy of 7.99 and a correlation of 0.002. This enhances the algorithm's resilience against potential cyber-attacks in the industrial domain. △ Less

Submitted 20 September, 2023; originally announced September 2023.

Double Public Key Signing Function Oracle Attack on EdDSA Software Implementations

Authors: Sam Grierson, Konstantinos Chalkias, William J Buchanan, Leandros Maglaras

Abstract: EdDSA is a standardised elliptic curve digital signature scheme introduced to overcome some of the issues prevalent in the more established ECDSA standard. Due to the EdDSA standard specifying that the EdDSA signature be deterministic, if the signing function were to be used as a public key signing oracle for the attacker, the unforgeability notion of security of the scheme can be broken. This pap… ▽ More EdDSA is a standardised elliptic curve digital signature scheme introduced to overcome some of the issues prevalent in the more established ECDSA standard. Due to the EdDSA standard specifying that the EdDSA signature be deterministic, if the signing function were to be used as a public key signing oracle for the attacker, the unforgeability notion of security of the scheme can be broken. This paper describes an attack against some of the most popular EdDSA implementations, which results in an adversary recovering the private key used during signing. With this recovered secret key, an adversary can sign arbitrary messages that would be seen as valid by the EdDSA verification function. A list of libraries with vulnerable APIs at the time of publication is provided. Furthermore, this paper provides two suggestions for securing EdDSA signing APIs against this vulnerability while it additionally discusses failed attempts to solve the issue. △ Less

Submitted 10 October, 2023; v1 submitted 29 August, 2023; originally announced August 2023.

SRSS: A New Chaos-Based Single-Round Single S-Box Image Encryption Scheme for Highly Auto-Correlated Data

Authors: Muhammad Shahbaz Khan, Jawad Ahmad, Hisham Ali, Nikolaos Pitropakis, Ahmed Al-Dubai, Baraq Ghaleb, William J. Buchanan

Abstract: With the advent of digital communication, securing digital images during transmission and storage has become a critical concern. The traditional s-box substitution methods often fail to effectively conceal the information within highly auto-correlated regions of an image. This paper addresses the security issues presented by three prevalent S-box substitution methods, i.e., single S-box, multiple… ▽ More With the advent of digital communication, securing digital images during transmission and storage has become a critical concern. The traditional s-box substitution methods often fail to effectively conceal the information within highly auto-correlated regions of an image. This paper addresses the security issues presented by three prevalent S-box substitution methods, i.e., single S-box, multiple S-boxes, and multiple rounds with multiple S-boxes, especially when handling images with highly auto-correlated pixels. To resolve the addressed security issues, this paper proposes a new scheme SRSS-the Single Round Single S-Box encryption scheme. SRSS uses a single S-box for substitution in just one round to break the pixel correlations and encrypt the plaintext image effectively. Additionally, this paper introduces a new Chaos-based Random Operation Selection System-CROSS, which nullifies the requirement for multiple S-boxes, thus reducing the encryption scheme's complexity. By randomly selecting the operation to be performed on each pixel, driven by a chaotic sequence, the proposed scheme effectively scrambles even high auto-correlation areas. When compared to the substitution methods mentioned above, the proposed encryption scheme exhibited exceptionally well in just a single round with a single S-box. The close-to-ideal statistical security analysis results, i.e., an entropy of 7.89 and a correlation coefficient of 0.007, validate the effectiveness of the proposed scheme. This research offers an innovative path forward for securing images in applications requiring low computational complexity and fast encryption and decryption speeds. △ Less

Submitted 21 August, 2023; originally announced August 2023.

Comments: 6 Pages

Majority Voting Approach to Ransomware Detection

Authors: Simon R Davies, Richard Macfarlane, William J Buchanan

Abstract: Crypto-ransomware remains a significant threat to governments and companies alike, with high-profile cyber security incidents regularly making headlines. Many different detection systems have been proposed as solutions to the ever-changing dynamic landscape of ransomware detection. In the majority of cases, these described systems propose a method based on the result of a single test performed on… ▽ More Crypto-ransomware remains a significant threat to governments and companies alike, with high-profile cyber security incidents regularly making headlines. Many different detection systems have been proposed as solutions to the ever-changing dynamic landscape of ransomware detection. In the majority of cases, these described systems propose a method based on the result of a single test performed on either the executable code, the process under investigation, its behaviour, or its output. In a small subset of ransomware detection systems, the concept of a scorecard is employed where multiple tests are performed on various aspects of a process under investigation and their results are then analysed using machine learning. The purpose of this paper is to propose a new majority voting approach to ransomware detection by develo** a method that uses a cumulative score derived from discrete tests based on calculations using algorithmic rather than heuristic techniques. The paper describes 23 candidate tests, as well as 9 Windows API tests which are validated to determine both their accuracy and viability for use within a ransomware detection system. Using a cumulative score calculation approach to ransomware detection has several benefits, such as the immunity to the occasional inaccuracy of individual tests when making its final classification. The system can also leverage multiple tests that can be both comprehensive and complimentary in an attempt to achieve a broader, deeper, and more robust analysis of the program under investigation. Additionally, the use of multiple collaborative tests also significantly hinders ransomware from masking or modifying its behaviour in an attempt to bypass detection. △ Less

Submitted 30 May, 2023; originally announced May 2023.

Comments: 17 pages

Review of the NIST Light-weight Cryptography Finalists

Authors: William J Buchanan, Leandros Maglaras

Abstract: Since 2016, NIST has been assessing lightweight encryption methods, and, in 2022, NIST published the final 10: ASCON, Elephant, GIFT-COFB, Grain128-AEAD, ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak. At the time that the article was written, NISC announced ASCOn as the chosen method that will be published as NIST'S lightweight cryptography standard later in 2023. In this article,… ▽ More Since 2016, NIST has been assessing lightweight encryption methods, and, in 2022, NIST published the final 10: ASCON, Elephant, GIFT-COFB, Grain128-AEAD, ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak. At the time that the article was written, NISC announced ASCOn as the chosen method that will be published as NIST'S lightweight cryptography standard later in 2023. In this article, we provide a comparison between these methods in terms of energy efficiency, time for encryption, and time for hashing. △ Less

Submitted 28 March, 2023; v1 submitted 26 March, 2023; originally announced March 2023.

Comments: 6 pages

An Omnidirectional Approach to Touch-based Continuous Authentication

Authors: Peter Aaby, Mario Valerio Giuffrida, William J Buchanan, Zhiyuan Tan

Abstract: This paper focuses on how touch interactions on smartphones can provide a continuous user authentication service through behaviour captured by a touchscreen. While efforts are made to advance touch-based behavioural authentication, researchers often focus on gathering data, tuning classifiers, and enhancing performance by evaluating touch interactions in a sequence rather than independently. Howev… ▽ More This paper focuses on how touch interactions on smartphones can provide a continuous user authentication service through behaviour captured by a touchscreen. While efforts are made to advance touch-based behavioural authentication, researchers often focus on gathering data, tuning classifiers, and enhancing performance by evaluating touch interactions in a sequence rather than independently. However, such systems only work by providing data representing distinct behavioural traits. The typical approach separates behaviour into touch directions and creates multiple user profiles. This work presents an omnidirectional approach which outperforms the traditional method independent of the touch direction - depending on optimal behavioural features and a balanced training set. Thus, we evaluate five behavioural feature sets using the conventional approach against our direction-agnostic method while testing several classifiers, including an Extra-Tree and Gradient Boosting Classifier, which is often overlooked. Results show that in comparison with the traditional, an Extra-Trees classifier and the proposed approach are superior when combining strokes. However, the performance depends on the applied feature set. We find that the TouchAlytics feature set outperforms others when using our approach when combining three or more strokes. Finally, we highlight the importance of reporting the mean area under the curve and equal error rate for single-stroke performance and varying the sequence of strokes separately. △ Less

Submitted 13 January, 2023; originally announced February 2023.

Towards The Creation Of The Future Fish Farm

Authors: Pavlos Papadopoulos, William J Buchanan, Sarwar Sayeed, Nikolaos Pitropakis

Abstract: A fish farm is an area where fish raise and bred for food. Fish farm environments support the care and management of seafood within a controlled environment. Over the past few decades, there has been a remarkable increase in the calorie intake of protein attributed to seafood. Along with this, there are significant opportunities within the fish farming industry for economic development. Determinin… ▽ More A fish farm is an area where fish raise and bred for food. Fish farm environments support the care and management of seafood within a controlled environment. Over the past few decades, there has been a remarkable increase in the calorie intake of protein attributed to seafood. Along with this, there are significant opportunities within the fish farming industry for economic development. Determining the fish diseases, monitoring the aquatic organisms, and examining the imbalance in the water element are some key factors that require precise observation to determine the accuracy of the acquired data. Similarly, due to the rapid expansion of aquaculture, new technologies are constantly being implemented in this sector to enhance efficiency. However, the existing approaches have often failed to provide an efficient method of farming fish. This work has kept aside the traditional approaches and opened up new dimensions to perform accurate analysis by adopting a distributed ledger technology. Our work analyses the current state-of-the-art of fish farming and proposes a fish farm ecosystem that relies on a private-by-design architecture based on the Hyperledger Fabric private-permissioned distributed ledger technology. The proposed method puts forward accurate and secure storage of the retrieved data from multiple sensors across the ecosystem so that the adhering entities can exercise their decision based on the acquired data. This study demonstrates a proof-of-concept to signify the efficiency and usability of the future fish farm. △ Less

Submitted 2 January, 2023; originally announced January 2023.

Journal ref: Security and Safety, 3(4), 174-186 (2022)

Hamming Distributions of Popular Perceptual Hashing Techniques

Authors: Sean McKeown, William J Buchanan

Abstract: Content-based file matching has been widely deployed for decades, largely for the detection of sources of copyright infringement, extremist materials, and abusive sexual media. Perceptual hashes, such as Microsoft's PhotoDNA, are one automated mechanism for facilitating detection, allowing for machines to approximately match visual features of an image or video in a robust manner. However, there d… ▽ More Content-based file matching has been widely deployed for decades, largely for the detection of sources of copyright infringement, extremist materials, and abusive sexual media. Perceptual hashes, such as Microsoft's PhotoDNA, are one automated mechanism for facilitating detection, allowing for machines to approximately match visual features of an image or video in a robust manner. However, there does not appear to be much public evaluation of such approaches, particularly when it comes to how effective they are against content-preserving modifications to media files. In this paper, we present a million-image scale evaluation of several perceptual hashing archetypes for popular algorithms (including Facebook's PDQ, Apple's Neuralhash, and the popular pHash library) against seven image variants. The focal point is the distribution of Hamming distance scores between both unrelated images and image variants to better understand the problems faced by each approach. △ Less

Submitted 15 December, 2022; originally announced December 2022.

Journal ref: DFRWS (Digital Forensics Research Conference) EU 2023, 21-24 March 2023, Bonn, Germany

Transforming EU Governance: The Digital Integration through EBSI and GLASS

Authors: Dimitrios Kasimatis, William J Buchanan, Mwarwan Abubakar, Owen Lo, Christos Chrysoulas, Nikolaos Pitropakis, Pavlos Papadopoulos, Sarwar Sayeed, Marc Sel

Abstract: Traditionally, government systems managed citizen identities through disconnected data systems, using simple identifiers and paper-based processes, limiting digital trust and requiring citizens to request identity verification documents. The digital era offers a shift towards unique digital identifiers for each citizen, enabling a 'citizen wallet' for easier access to personal documents like acade… ▽ More Traditionally, government systems managed citizen identities through disconnected data systems, using simple identifiers and paper-based processes, limiting digital trust and requiring citizens to request identity verification documents. The digital era offers a shift towards unique digital identifiers for each citizen, enabling a 'citizen wallet' for easier access to personal documents like academic records and licences, with enhanced security through digital signatures. The European Commission's initiative for a digital wallet for every EU citizen aims to improve mobility and integration, leveraging the European Blockchain Services Infrastructure (EBSI) for harmonised citizen integration. This paper discusses how EBSI and the GLASS project can advance governance and streamline access to identity documents. △ Less

Submitted 19 April, 2024; v1 submitted 6 December, 2022; originally announced December 2022.

A DNA Based Colour Image Encryption Scheme Using A Convolutional Autoencoder

Authors: Fawad Ahmed, Muneeb Ur Rehman, Jawad Ahmad, Muhammad Shahbaz Khan, Wadii Boulila, Gautam Srivastava, Jerry Chun-Wei Lin, William J. Buchanan

Abstract: With the advancement in technology, digital images can easily be transmitted and stored over the Internet. Encryption is used to avoid illegal interception of digital images. Encrypting large-sized colour images in their original dimension generally results in low encryption/decryption speed along with exerting a burden on the limited bandwidth of the transmission channel. To address the aforement… ▽ More With the advancement in technology, digital images can easily be transmitted and stored over the Internet. Encryption is used to avoid illegal interception of digital images. Encrypting large-sized colour images in their original dimension generally results in low encryption/decryption speed along with exerting a burden on the limited bandwidth of the transmission channel. To address the aforementioned issues, a new encryption scheme for colour images employing convolutional autoencoder, DNA and chaos is presented in this paper. The proposed scheme has two main modules, the dimensionality conversion module using the proposed convolutional autoencoder, and the encryption/decryption module using DNA and chaos. The dimension of the input colour image is first reduced from N $\times$ M $\times$ 3 to P $\times$ Q gray-scale image using the encoder. Encryption and decryption are then performed in the reduced dimension space. The decrypted gray-scale image is upsampled to obtain the original colour image having dimension N $\times$ M $\times$ 3. The training and validation accuracy of the proposed autoencoder is 97% and 95%, respectively. Once the autoencoder is trained, it can be used to reduce and subsequently increase the dimension of any arbitrary input colour image. The efficacy of the designed autoencoder has been demonstrated by the successful reconstruction of the compressed image into the original colour image with negligible perceptual distortion. The second major contribution presented in this paper is an image encryption scheme using DNA along with multiple chaotic sequences and substitution boxes. The security of the proposed image encryption algorithm has been gauged using several evaluation parameters, such as histogram of the cipher image, entropy, NPCR, UACI, key sensitivity, contrast, etc. encryption. △ Less

Submitted 7 November, 2022; originally announced November 2022.

Journal ref: (2022) ACM Trans. Multimedia Comput. Commun. Appl

Comparison of Entropy Calculation Methods for Ransomware Encrypted File Identification

Authors: Simon R Davies, Richard Macfarlane, William J. Buchanan

Abstract: Ransomware is a malicious class of software that utilises encryption to implement an attack on system availability. The target's data remains encrypted and is held captive by the attacker until a ransom demand is met. A common approach used by many crypto-ransomware detection techniques is to monitor file system activity and attempt to identify encrypted files being written to disk, often using a… ▽ More Ransomware is a malicious class of software that utilises encryption to implement an attack on system availability. The target's data remains encrypted and is held captive by the attacker until a ransom demand is met. A common approach used by many crypto-ransomware detection techniques is to monitor file system activity and attempt to identify encrypted files being written to disk, often using a file's entropy as an indicator of encryption. However, often in the description of these techniques, little or no discussion is made as to why a particular entropy calculation technique is selected or any justification given as to why one technique is selected over the alternatives. The Shannon method of entropy calculation is the most commonly-used technique when it comes to file encryption identification in crypto-ransomware detection techniques. Overall, correctly encrypted data should be indistinguishable from random data, so apart from the standard mathematical entropy calculations such as Chi-Square, Shannon Entropy and Serial Correlation, the test suites used to validate the output from pseudo-random number generators would also be suited to perform this analysis. he hypothesis being that there is a fundamental difference between different entropy methods and that the best methods may be used to better detect ransomware encrypted files. The paper compares the accuracy of 53 distinct tests in being able to differentiate between encrypted data and other file types. The testing is broken down into two phases, the first phase is used to identify potential candidate tests, and a second phase where these candidates are thoroughly evaluated. To ensure that the tests were sufficiently robust, the NapierOne dataset is used. This dataset contains thousands of examples of the most commonly used file types, as well as examples of files that have been encrypted by crypto-ransomware. △ Less

Submitted 24 October, 2022; originally announced October 2022.

Journal ref: Entropy. 2022; 24(10):1503

Measuring the Carbon Intensity of AI in Cloud Instances

Authors: Jesse Dodge, Taylor Prewitt, Remi Tachet Des Combes, Erika Odmark, Roy Schwartz, Emma Strubell, Alexandra Sasha Luccioni, Noah A. Smith, Nicole DeCario, Will Buchanan

Abstract: By providing unprecedented access to computational resources, cloud computing has enabled rapid growth in technologies such as machine learning, the computational demands of which incur a high energy cost and a commensurate carbon footprint. As a result, recent scholarship has called for better estimates of the greenhouse gas impact of AI: data scientists today do not have easy or reliable access… ▽ More By providing unprecedented access to computational resources, cloud computing has enabled rapid growth in technologies such as machine learning, the computational demands of which incur a high energy cost and a commensurate carbon footprint. As a result, recent scholarship has called for better estimates of the greenhouse gas impact of AI: data scientists today do not have easy or reliable access to measurements of this information, precluding development of actionable tactics. Cloud providers presenting information about software carbon intensity to users is a fundamental step** stone towards minimizing emissions. In this paper, we provide a framework for measuring software carbon intensity, and propose to measure operational carbon emissions by using location-based and time-specific marginal emissions data per energy unit. We provide measurements of operational software carbon intensity for a set of modern models for natural language processing and computer vision, and a wide range of model sizes, including pretraining of a 6.1 billion parameter language model. We then evaluate a suite of approaches for reducing emissions on the Microsoft Azure cloud compute platform: using cloud instances in different geographic regions, using cloud instances at different times of day, and dynamically pausing cloud instances when the marginal carbon intensity is above a certain threshold. We confirm previous results that the geographic region of the data center plays a significant role in the carbon intensity for a given cloud instance, and find that choosing an appropriate region can have the largest operational emissions reduction impact. We also show that the time of day has notable impact on operational software carbon intensity. Finally, we conclude with recommendations for how machine learning practitioners can use software carbon intensity information to reduce environmental impact. △ Less

Submitted 10 June, 2022; originally announced June 2022.

Comments: In ACM Conference on Fairness, Accountability, and Transparency (ACM FAccT) 2022

GLASS: A Citizen-Centric Distributed Data-Sharing Model within an e-Governance Architecture

Authors: Owen Lo, William J. Buchanan, Sarwar Sayeed, Pavlos Papadopoulos, Nikolaos Pitropakis, Christos Chrysoulas

Abstract: E-governance is a process that aims to enhance a government's ability to simplify all the processes that may involve government, citizens, businesses, and so on. The rapid evolution of digital technologies has often created the necessity for the establishment of an e-Governance model. There is often a need for an inclusive e-governance model with integrated multiactor governance services and where… ▽ More E-governance is a process that aims to enhance a government's ability to simplify all the processes that may involve government, citizens, businesses, and so on. The rapid evolution of digital technologies has often created the necessity for the establishment of an e-Governance model. There is often a need for an inclusive e-governance model with integrated multiactor governance services and where a single market approach can be adopted. e-Governance often aims to minimise bureaucratic processes, while at the same time including a digital-by-default approach to public services. This aims at administrative efficiency and the reduction of bureaucratic processes. It can also improve government capabilities, and enhances trust and security, which brings confidence in governmental transactions. However, solid implementations of a distributed data sharing model within an e-governance architecture is far from a reality; hence, citizens of European countries often go through the tedious process of having their confidential information verified. This paper focuses on the sinGLe sign-on e-GovernAnce Paradigm based on a distributed file-exchange network for security, transparency, cost-effectiveness and trust (GLASS) model, which aims to ensure that a citizen can control their relationship with governmental agencies. The paper thus proposes an approach that integrates a permissioned blockchain with the InterPlanetary File System (IPFS). This method demonstrates how we may encrypt and store verifiable credentials of the GLASS ecosystem, such as academic awards, ID documents and so on, within IPFS in a secure manner and thus only allow trusted users to read a blockchain record, and obtain the encryption key. This allows for the decryption of a given verifiable credential that stored on IPFS. This paper outlines the creation of a demonstrator that proves the principles of the GLASS approach. △ Less

Submitted 16 March, 2022; originally announced March 2022.

Comments: Sensors 2022, 22(6), 2291; https://doi.org/10.3390/s22062291

Ransomware: Analysing the Impact on Windows Active Directory Domain Services

Authors: Grant McDonald, Pavlos Papadopoulos, Nikolaos Pitropakis, Jawad Ahmad, William J. Buchanan

Abstract: Ransomware has become an increasingly popular type of malware across the past decade and continues to rise in popularity due to its high profitability. Organisations and enterprises have become prime targets for ransomware as they are more likely to succumb to ransom demands as part of operating expenses to counter the cost incurred from downtime. Despite the prevalence of ransomware as a threat t… ▽ More Ransomware has become an increasingly popular type of malware across the past decade and continues to rise in popularity due to its high profitability. Organisations and enterprises have become prime targets for ransomware as they are more likely to succumb to ransom demands as part of operating expenses to counter the cost incurred from downtime. Despite the prevalence of ransomware as a threat towards organisations, there is very little information outlining how ransomware affects Windows Server environments, and particularly its proprietary domain services such as Active Directory. Hence, we aim to increase the cyber situational awareness of organisations and corporations that utilise these environments. Dynamic analysis was performed using three ransomware variants to uncover how crypto-ransomware affects Windows Server-specific services and processes. Our work outlines the practical investigation undertaken as WannaCry, TeslaCrypt, and Jigsaw were acquired and tested against several domain services. The findings showed that none of the three variants stopped the processes and decidedly left all domain services untouched. However, although the services remained operational, they became uniquely dysfunctional as ransomware encrypted the files pertaining to those services △ Less

Submitted 7 February, 2022; originally announced February 2022.

Journal ref: Sensors 22, no. 3: 953 (2022)

NapierOne: A modern mixed file data set alternative to Govdocs1

Authors: Simon R Davies, Richard Macfarlane, William J Buchanan

Abstract: It was found when reviewing the ransomware detection research literature that almost no proposal provided enough detail on how the test data set was created, or sufficient description of its actual content, to allow it to be recreated by other researchers interested in reconstructing their environment and validating the research results. A modern cybersecurity mixed file data set called NapierOne… ▽ More It was found when reviewing the ransomware detection research literature that almost no proposal provided enough detail on how the test data set was created, or sufficient description of its actual content, to allow it to be recreated by other researchers interested in reconstructing their environment and validating the research results. A modern cybersecurity mixed file data set called NapierOne is presented, primarily aimed at, but not limited to, ransomware detection and forensic analysis research. NapierOne was designed to address this deficiency in reproducibility and improve consistency by facilitating research replication and repeatability. The methodology used in the creation of this data set is also described in detail. The data set was inspired by the Govdocs1 data set and it is intended that NapierOne be used as a complement to this original data set. An investigation was performed with the goal of determining the common files types currently in use. No specific research was found that explicitly provided this information, so an alternative consensus approach was employed. This involved combining the findings from multiple sources of file type usage into an overall ranked list. After which 5000 real-world example files were gathered, and a specific data subset created, for each of the common file types identified. In some circumstances, multiple data subsets were created for a specific file type, each subset representing a specific characteristic for that file type. For example, there are multiple data subsets for the ZIP file type with each subset containing examples of a specific compression method. Ransomware execution tends to produce files that have high entropy, so examples of file types that naturally have this attribute are also present. △ Less

Submitted 20 January, 2022; originally announced January 2022.

Journal ref: Forensic Science International: Digital Investigation, Volume 40, 2022, 301330, ISSN 2666-2817

Electromagnetic Side-Channel Attack Resilience against PRESENT Lightweight Block Cipher

Authors: Nilupulee A. Gunathilake, Ahmed Al-Dubai, William J. Buchanan, Owen Lo

Abstract: Lightweight cryptography is a novel diversion from conventional cryptography that targets internet-of-things (IoT) platform due to resource constraints. In comparison, it offers smaller cryptographic primitives such as shorter key sizes, block sizes and lesser energy drainage. The main focus can be seen in algorithm developments in this emerging subject. Thus, verification is carried out based upo… ▽ More Lightweight cryptography is a novel diversion from conventional cryptography that targets internet-of-things (IoT) platform due to resource constraints. In comparison, it offers smaller cryptographic primitives such as shorter key sizes, block sizes and lesser energy drainage. The main focus can be seen in algorithm developments in this emerging subject. Thus, verification is carried out based upon theoretical (mathematical) proofs mostly. Among the few available side-channel analysis studies found in literature, the highest percentage is taken by power attacks. PRESENT is a promising lightweight block cipher to be included in IoT devices in the near future. Thus, the emphasis of this paper is on lightweight cryptology, and our investigation shows unavailability of a correlation electromagnetic analysis (CEMA) of it. Hence, in an effort to fill in this research gap, we opted to investigate the capabilities of CEMA against the PRESENT algorithm. This work aims to determine the probability of secret key leakage with a minimum number of electromagnetic (EM) waveforms possible. The process initially started from a simple EM analysis (SEMA) and gradually enhanced up to a CEMA. This paper presents our methodology in attack modelling, current results that indicate a probability of leaking seven bytes of the key and upcoming plans for optimisation. In addition, introductions to lightweight cryptanalysis and theories of EMA are also included. △ Less

Submitted 22 December, 2021; originally announced December 2021.

Journal ref: 2022 IEEE 6th International Conference on Cryptography, Security and Privacy (CSP 2022)

Blockchain-based Platform for Secure Sharing and Validation of Vaccination Certificates

Authors: Mwrwan Abubakar, Pádraig McCarron, Zakwan Jaroucheh, Ahmed Al-Dubai, William J Buchanan

Abstract: The COVID-19 pandemic has recently emerged as a worldwide health emergency that necessitates coordinated international measures. To contain the virus's spread, governments and health organisations raced to develop vaccines that would lower Covid-19 morbidity, relieve pressure on healthcare systems, and allow economies to open. As a way forward after the COVID-19 vaccination, the Vaccination certif… ▽ More The COVID-19 pandemic has recently emerged as a worldwide health emergency that necessitates coordinated international measures. To contain the virus's spread, governments and health organisations raced to develop vaccines that would lower Covid-19 morbidity, relieve pressure on healthcare systems, and allow economies to open. As a way forward after the COVID-19 vaccination, the Vaccination certificate has been adopted to help the authorities formulate policies by controlling cross-border travelling. To resolve significant privacy concerns and remove the need for relying on third parties to maintain trust and control the user's data, in this paper, we leverage blockchain technologies in develo** a secure and verifiable vaccination certificate. Our approach has the advantage of utilising a hybrid architecture that implements different advanced technologies, such as smart contracts, interPlanetary File System (IPFS), and Self-sovereign Identity (SSI). We will rely on verifiable credentials paired with smart contracts to implement on-chain access control decisions and provide on-chain verification and validation of the user and issuer DIDs. The usability of this approach was further analysed, particularly concerning performance and security. Our analysis proved that our approach satisfies vaccination certificate security requirements. △ Less

Submitted 21 December, 2021; v1 submitted 19 December, 2021; originally announced December 2021.

Journal ref: IEEE SINCONF 2021 (14th International Conference on Security of Information and Networks)

Privacy-preserving and Trusted Threat Intelligence Sharing using Distributed Ledgers

Authors: Hisham Ali, Pavlos Papadopoulos, Jawad Ahmad, Nikolaos Pitropakis, Zakwan Jaroucheh, William J. Buchanan

Abstract: Threat information sharing is considered as one of the proactive defensive approaches for enhancing the overall security of trusted partners. Trusted partner organizations can provide access to past and current cybersecurity threats for reducing the risk of a potential cyberattack - the requirements for threat information sharing range from simplistic sharing of documents to threat intelligence sh… ▽ More Threat information sharing is considered as one of the proactive defensive approaches for enhancing the overall security of trusted partners. Trusted partner organizations can provide access to past and current cybersecurity threats for reducing the risk of a potential cyberattack - the requirements for threat information sharing range from simplistic sharing of documents to threat intelligence sharing. Therefore, the storage and sharing of highly sensitive threat information raises considerable concerns regarding constructing a secure, trusted threat information exchange infrastructure. Establishing a trusted ecosystem for threat sharing will promote the validity, security, anonymity, scalability, latency efficiency, and traceability of the stored information that protects it from unauthorized disclosure. This paper proposes a system that ensures the security principles mentioned above by utilizing a distributed ledger technology that provides secure decentralized operations through smart contracts and provides a privacy-preserving ecosystem for threat information storage and sharing regarding the MITRE ATT\&CK framework. △ Less

Submitted 19 December, 2021; originally announced December 2021.

Journal ref: IEEE SINCONF 2021: 14th International Conference on Security of Information and Networks

PAN-DOMAIN: Privacy-preserving Sharing and Auditing of Infection Identifier Matching

Authors: William Abramson, William J. Buchanan, Sarwar Sayeed, Nikolaos Pitropakis, Owen Lo

Abstract: The spread of COVID-19 has highlighted the need for a robust contact tracing infrastructure that enables infected individuals to have their contacts traced, and followed up with a test. The key entities involved within a contact tracing infrastructure may include the Citizen, a Testing Centre (TC), a Health Authority (HA), and a Government Authority (GA). Typically, these different domains need to… ▽ More The spread of COVID-19 has highlighted the need for a robust contact tracing infrastructure that enables infected individuals to have their contacts traced, and followed up with a test. The key entities involved within a contact tracing infrastructure may include the Citizen, a Testing Centre (TC), a Health Authority (HA), and a Government Authority (GA). Typically, these different domains need to communicate with each other about an individual. A common approach is when a citizen discloses his personally identifiable information to both the HA a TC, if the test result comes positive, the information is used by the TC to alert the HA. Along with this, there can be other trusted entities that have other key elements of data related to the citizen. However, the existing approaches comprise severe flaws in terms of privacy and security. Additionally, the aforementioned approaches are not transparent and often being questioned for the efficacy of the implementations. In order to overcome the challenges, this paper outlines the PAN-DOMAIN infrastructure that allows for citizen identifiers to be matched amongst the TA, the HA and the GA. PAN-DOMAIN ensures that the citizen can keep control of the map** between the trusted entities using a trusted converter, and has access to an audit log. △ Less

Submitted 6 December, 2021; originally announced December 2021.

Journal ref: IEEE SIN 2021

A Privacy-Preserving Platform for Recording COVID-19 Vaccine Passports

Authors: Masoud Barati, William J. Buchanan, Owen Lo, Omer Rana

Abstract: Digital vaccine passports are one of the main solutions which would allow the restart of travel in a post COVID-19 world. Trust, scalability and security are all key challenges one must overcome in implementing a vaccine passport. Initial approaches attempt to solve this problem by using centralised systems with trusted authorities. However, sharing vaccine passport data between different organisa… ▽ More Digital vaccine passports are one of the main solutions which would allow the restart of travel in a post COVID-19 world. Trust, scalability and security are all key challenges one must overcome in implementing a vaccine passport. Initial approaches attempt to solve this problem by using centralised systems with trusted authorities. However, sharing vaccine passport data between different organisations, regions and countries has become a major challenge. This paper designs a new platform architecture for creating, storing and verifying digital COVID-19 vaccine certifications. The platform makes use of the InterPlanetary File System (IPFS) to guarantee there is no single point of failure and allow data to be securely distributed globally. Blockchain and smart contracts are also integrated into the platform to define policies and log access rights to vaccine passport data while ensuring all actions are audited and verifiably immutable. Our proposed platform realises General Data Protection Regulation (GDPR) requirements in terms of user consent, data encryption, data erasure and accountability obligations. We assess the scalability and performance of the platform using IPFS and Blockchain test networks. △ Less

Submitted 3 December, 2021; originally announced December 2021.

Journal ref: CloudAM: 10th International Workshop on Cloud and Edge Computing, and Applications Management, 2021

Evaluating Tooling and Methodology when Analysing Bitcoin Mixing Services After Forensic Seizure

Authors: Edward Henry Young, Christos Chrysoulas, Nikolaos Pitropakis, Pavlos Papadopoulos, William J Buchanan

Abstract: Little or no research has been directed to analysis and researching forensic analysis of the Bitcoin mixing or 'tumbling' service themselves. This work is intended to examine effective tooling and methodology for recovering forensic artifacts from two privacy focused mixing services namely Obscuro which uses the secure enclave on intel chips to provide enhanced confidentiality and Wasabi wallet wh… ▽ More Little or no research has been directed to analysis and researching forensic analysis of the Bitcoin mixing or 'tumbling' service themselves. This work is intended to examine effective tooling and methodology for recovering forensic artifacts from two privacy focused mixing services namely Obscuro which uses the secure enclave on intel chips to provide enhanced confidentiality and Wasabi wallet which uses CoinJoin to mix and obfuscate crypto currencies. These wallets were set up on VMs and then several forensic tools used to examine these VM images for relevant forensic artifacts. These forensic tools were able to recover a broad range of forensic artifacts and found both network forensics and logging files to be a useful source of artifacts to deanonymize these mixing services. △ Less

Submitted 5 October, 2021; originally announced October 2021.

Comments: Accepted for publication in the International Conference on Data Analytics for Business and Industry (ICDABI) 2021 - (DATA'21)

GLASS: Towards Secure and Decentralized eGovernance Services using IPFS

Authors: Christos Chrysoulas, Amanda Thomson, Nikolaos Pitropakis, Pavlos Papadopoulos, Owen Lo, William J. Buchanan, George Domalis, Nikos Karacapilidis, Dimitris Tsakalidis, Dimitris Tsolis

Abstract: The continuously advancing digitization has provided answers to the bureaucratic problems faced by eGovernance services. This innovation led them to an era of automation it has broadened the attack surface and made them a popular target for cyber attacks. eGovernance services utilize internet, which is currently a location addressed system where whoever controls the location controls not only the… ▽ More The continuously advancing digitization has provided answers to the bureaucratic problems faced by eGovernance services. This innovation led them to an era of automation it has broadened the attack surface and made them a popular target for cyber attacks. eGovernance services utilize internet, which is currently a location addressed system where whoever controls the location controls not only the content itself, but the integrity of that content, and the access to that content. We propose GLASS, a decentralised solution which combines the InterPlanetary File System (IPFS) with Distributed Ledger technology and Smart Contracts to secure EGovernance services. We also create a testbed environment where we measure the IPFS performance. △ Less

Submitted 17 September, 2021; originally announced September 2021.

Comments: To be published in the proceedings of the 7th Workshop On The Security Of Industrial Control Systems & Of Cyber-Physical Systems (CyberICPS 2021). In Conjunction With ESORICS 2021

Electromagnetic Analysis of an Ultra-Lightweight Cipher: PRESENT

Authors: Nilupulee A. Gunathilake, Ahmed Al-Dubai, William J. Buchanan, Owen Lo

Abstract: Side-channel attacks are an unpredictable risk factor in cryptography. Therefore, continuous observations of physical leakages are essential to minimise vulnerabilities associated with cryptographic functions. Lightweight cryptography is a novel approach in progress towards internet-of-things (IoT) security. Thus, it would provide sufficient data and privacy protection in such a constrained ecosys… ▽ More Side-channel attacks are an unpredictable risk factor in cryptography. Therefore, continuous observations of physical leakages are essential to minimise vulnerabilities associated with cryptographic functions. Lightweight cryptography is a novel approach in progress towards internet-of-things (IoT) security. Thus, it would provide sufficient data and privacy protection in such a constrained ecosystem. IoT devices are resource-limited in terms of data rates (in kbps), power maintainability (battery) as well as hardware and software footprints (physical size, internal memory, RAM/ROM). Due to the difficulty in handling conventional cryptographic algorithms, lightweight ciphers consist of small key sizes, block sizes and few operational rounds. Unlike in the past, affordability to perform side-channel attacks using inexpensive electronic circuitries is becoming a reality. Hence, cryptanalysis of physical leakage in these emerging ciphers is crucial. Among existing studies, power analysis seems to have enough attention in research, whereas other aspects such as electromagnetic, timing, cache and optical attacks continue to be appropriately evaluated to play a role in forensic analysis. As a result, we started analysing electromagnetic emission leakage of an ultra-lightweight block cipher, PRESENT. According to the literature, PRESENT promises to be adequate for IoT devices, and there still seems not to exist any work regarding correlation electromagnetic analysis (CEMA) of it. Firstly, we conducted simple electromagnetic analysis in both time and frequency domains and then proceeded towards CEMA attack modelling. This paper provides a summary of the related literature (IoT, lightweight cryptography, side-channel attacks and EMA), our methodology, current outcomes and future plans for the optimised results. △ Less

Submitted 29 June, 2021; originally announced June 2021.

Comments: 20 pages

Report number: Volume 11 Number 09

Journal ref: 10th international conference on Cryptography and Information Security 2021

Differential Area Analysis for Ransomware Attack Detection within Mixed File Datasets

Authors: Simon R Davies, Richard Macfarlane, William J Buchanan

Abstract: The threat from ransomware continues to grow both in the number of affected victims as well as the cost incurred by the people and organisations impacted in a successful attack. In the majority of cases, once a victim has been attacked there remain only two courses of action open to them; either pay the ransom or lose their data. One common behaviour shared between all crypto ransomware strains is… ▽ More The threat from ransomware continues to grow both in the number of affected victims as well as the cost incurred by the people and organisations impacted in a successful attack. In the majority of cases, once a victim has been attacked there remain only two courses of action open to them; either pay the ransom or lose their data. One common behaviour shared between all crypto ransomware strains is that at some point during their execution they will attempt to encrypt the users' files. Previous research Penrose et al. (2013); Zhao et al. (2011) has highlighted the difficulty in differentiating between compressed and encrypted files using Shannon entropy as both file types exhibit similar values. One of the experiments described in this paper shows a unique characteristic for the Shannon entropy of encrypted file header fragments. This characteristic was used to differentiate between encrypted files and other high entropy files such as archives. This discovery was leveraged in the development of a file classification model that used the differential area between the entropy curve of a file under analysis and one generated from random data. When comparing the entropy plot values of a file under analysis against one generated by a file containing purely random numbers, the greater the correlation of the plots is, the higher the confidence that the file under analysis contains encrypted data. △ Less

Submitted 28 June, 2021; originally announced June 2021.

Journal ref: Computers & Security, 102377, 2021

Launching Adversarial Attacks against Network Intrusion Detection Systems for IoT

Authors: Pavlos Papadopoulos, Oliver Thornewill von Essen, Nikolaos Pitropakis, Christos Chrysoulas, Alexios Mylonas, William J. Buchanan

Abstract: As the internet continues to be populated with new devices and emerging technologies, the attack surface grows exponentially. Technology is shifting towards a profit-driven Internet of Things market where security is an afterthought. Traditional defending approaches are no longer sufficient to detect both known and unknown attacks to high accuracy. Machine learning intrusion detection systems have… ▽ More As the internet continues to be populated with new devices and emerging technologies, the attack surface grows exponentially. Technology is shifting towards a profit-driven Internet of Things market where security is an afterthought. Traditional defending approaches are no longer sufficient to detect both known and unknown attacks to high accuracy. Machine learning intrusion detection systems have proven their success in identifying unknown attacks with high precision. Nevertheless, machine learning models are also vulnerable to attacks. Adversarial examples can be used to evaluate the robustness of a designed model before it is deployed. Further, using adversarial examples is critical to creating a robust model designed for an adversarial environment. Our work evaluates both traditional machine learning and deep learning models' robustness using the Bot-IoT dataset. Our methodology included two main approaches. First, label poisoning, used to cause incorrect classification by the model. Second, the fast gradient sign method, used to evade detection measures. The experiments demonstrated that an attacker could manipulate or circumvent detection with significant probability. △ Less

Submitted 26 April, 2021; originally announced April 2021.

Comments: MDPI Mach. Learn. Knowl. Extr. 2021, 3(2), 333-356; https://www.mdpi.com/2624-800X/1/2/14

Journal ref: J. Cybersecur. Priv. 2021, 1(2), 252-273

Privacy and Trust Redefined in Federated Machine Learning

Authors: Pavlos Papadopoulos, Will Abramson, Adam J. Hall, Nikolaos Pitropakis, William J. Buchanan

Abstract: A common privacy issue in traditional machine learning is that data needs to be disclosed for the training procedures. In situations with highly sensitive data such as healthcare records, accessing this information is challenging and often prohibited. Luckily, privacy-preserving technologies have been developed to overcome this hurdle by distributing the computation of the training and ensuring th… ▽ More A common privacy issue in traditional machine learning is that data needs to be disclosed for the training procedures. In situations with highly sensitive data such as healthcare records, accessing this information is challenging and often prohibited. Luckily, privacy-preserving technologies have been developed to overcome this hurdle by distributing the computation of the training and ensuring the data privacy to their owners. The distribution of the computation to multiple participating entities introduces new privacy complications and risks. In this paper, we present a privacy-preserving decentralised workflow that facilitates trusted federated learning among participants. Our proof-of-concept defines a trust framework instantiated using decentralised identity technologies being developed under Hyperledger projects Aries/Indy/Ursa. Only entities in possession of Verifiable Credentials issued from the appropriate authorities are able to establish secure, authenticated communication channels authorised to participate in a federated learning workflow related to mental health data. △ Less

Submitted 30 March, 2021; v1 submitted 29 March, 2021; originally announced March 2021.

Comments: MDPI Mach. Learn. Knowl. Extr. 2021, 3(2), 333-356; https://doi.org/10.3390/make3020017

Journal ref: Mach. Learn. Knowl. Extr. 2021, 3(2), 333-356

An Experimental Analysis of Attack Classification Using Machine Learning in IoT Networks

Authors: Andrew Churcher, Rehmat Ullah, Jawad Ahmad, Sadaqat ur Rehman, Fawad Masood, Mandar Gogate, Fehaid Alqahtani, Boubakr Nour, William J. Buchanan

Abstract: In recent years, there has been a massive increase in the amount of Internet of Things (IoT) devices as well as the data generated by such devices. The participating devices in IoT networks can be problematic due to their resource-constrained nature, and integrating security on these devices is often overlooked. This has resulted in attackers having an increased incentive to target IoT devices. As… ▽ More In recent years, there has been a massive increase in the amount of Internet of Things (IoT) devices as well as the data generated by such devices. The participating devices in IoT networks can be problematic due to their resource-constrained nature, and integrating security on these devices is often overlooked. This has resulted in attackers having an increased incentive to target IoT devices. As the number of attacks possible on a network increases, it becomes more difficult for traditional intrusion detection systems (IDS) to cope with these attacks efficiently. In this paper, we highlight several machine learning (ML) methods such as k-nearest neighbour (KNN), support vector machine (SVM), decision tree (DT), naive Bayes (NB), random forest (RF), artificial neural network (ANN), and logistic regression (LR) that can be used in IDS. In this work, ML algorithms are compared for both binary and multi-class classification on Bot-IoT dataset. Based on several parameters such as accuracy, precision, recall, F1 score, and log loss, we experimentally compared the aforementioned ML algorithms. In the case of HTTP distributed denial-of-service (DDoS) attack, the accuracy of RF is 99%. Furthermore, other simulation results-based precision, recall, F1 score, and log loss metric reveal that RF outperforms on all types of attacks in binary classification. However, in multi-class classification, KNN outperforms other ML algorithms with an accuracy of 99%, which is 4% higher than RF. △ Less

Submitted 10 January, 2021; originally announced January 2021.

Journal ref: Sensors. 2021; 21(2):446

Evaluation of Live Forensic Techniques in Ransomware Attack Mitigation

Authors: Simon R. Davies, Richard Macfarlane, William J. Buchanan

Abstract: Memory was captured from a system infected by ransomware and its contents was examined using live forensic tools, with the intent of identifying the symmetric encryption keys being used. NotPetya, Bad Rabbit and Phobos hybrid ransomware samples were tested during the investigation. If keys were discovered, the following two steps were also performed. Firstly, a timeline was manually created by com… ▽ More Memory was captured from a system infected by ransomware and its contents was examined using live forensic tools, with the intent of identifying the symmetric encryption keys being used. NotPetya, Bad Rabbit and Phobos hybrid ransomware samples were tested during the investigation. If keys were discovered, the following two steps were also performed. Firstly, a timeline was manually created by combining data from multiple sources to illustrate the ransomware's behaviour as well as showing when the encryption keys were present in memory and how long they remained there. Secondly, an attempt was made to decrypt the files encrypted by the ransomware using the found keys. In all cases, the investigation was able to confirm that it was possible to identify the encryption keys used. A description of how these found keys were then used to successfully decrypt files that had been encrypted during the execution of the ransomware is also given. The resulting generated timelines provided a excellent way to visualise the behaviour of the ransomware and the encryption key management practices it employed, and from a forensic investigation and possible mitigation point of view, when the encryption keys are in memory. △ Less

Submitted 19 December, 2020; v1 submitted 15 December, 2020; originally announced December 2020.

Comments: 11 pages, 10 figures

ACM Class: E.3; K.6.5

Journal ref: Forensic Science International: Digital Investigation. Volume 33, June 2020, 300979

A Privacy-Preserving Healthcare Framework Using Hyperledger Fabric

Authors: Charalampos Stamatellis, Pavlos Papadopoulos, Nikolaos Pitropakis, Sokratis Katsikas, William J Buchanan

Abstract: Electronic health record (EHR) management systems require the adoption of effective technologies when health information is being exchanged. Current management approaches often face risks that may expose medical record storage solutions to common security attack vectors. However, healthcare-oriented blockchain solutions can provide a decentralized, anonymous and secure EHR handling approach. This… ▽ More Electronic health record (EHR) management systems require the adoption of effective technologies when health information is being exchanged. Current management approaches often face risks that may expose medical record storage solutions to common security attack vectors. However, healthcare-oriented blockchain solutions can provide a decentralized, anonymous and secure EHR handling approach. This paper presents PREHEALTH, a privacy-preserving EHR management solution that uses distributed ledger technology and an Identity Mixer (Idemix). The paper describes a proof-of-concept implementation that uses the Hyperledger Fabric's permissioned blockchain framework. The proposed solution is able to store patient records effectively whilst providing anonymity and unlinkability. Experimental performance evaluation results demonstrate the scheme's efficiency and feasibility for real-world scale deployment. △ Less

Submitted 27 January, 2021; v1 submitted 18 November, 2020; originally announced November 2020.

Comments: MDPI Sensors (This article belongs to the Special Issue Security, Trust and Privacy in New Computing Environments) URL: https://www.mdpi.com/1424-8220/20/22/6587

Journal ref: Sensors 2020, 20(22), 6587

Review and Critical Analysis of Privacy-preserving Infection Tracking and Contact Tracing

Authors: William J Buchanan, Muhammad Ali Imran, Masood Ur-Rehman, Lei Zhang, Qammer H. Abbasi, Christos Chrysoulas, David Haynes, Nikolaos Pitropakis, Pavlos Papadopoulos

Abstract: The outbreak of viruses have necessitated contact tracing and infection tracking methods. Despite various efforts, there is currently no standard scheme for the tracing and tracking. Many nations of the world have therefore, developed their own ways where carriers of disease could be tracked and their contacts traced. These are generalized methods developed either in a distributed manner giving ci… ▽ More The outbreak of viruses have necessitated contact tracing and infection tracking methods. Despite various efforts, there is currently no standard scheme for the tracing and tracking. Many nations of the world have therefore, developed their own ways where carriers of disease could be tracked and their contacts traced. These are generalized methods developed either in a distributed manner giving citizens control of their identity or in a centralised manner where a health authority gathers data on those who are carriers. This paper outlines some of the most significant approaches that have been established for contact tracing around the world. A comprehensive review on the key enabling methods used to realise the infrastructure around these infection tracking and contact tracing methods is also presented and recommendations are made for the most effective way to develop such a practice. △ Less

Submitted 10 September, 2020; originally announced September 2020.

TRUSTD: Combat Fake Content using Blockchain and Collective Signature Technologies

Authors: Zakwan Jaroucheh, Mohamad Alissa, William J Buchanan

Abstract: The growing trend of sharing news/contents, through social media platforms and the World Wide Web has been seen to impact our perception of the truth, altering our views about politics, economics, relationships, needs and wants. This is because of the growing spread of misinformation and disinformation intentionally or unintentionally by individuals and organizations. This trend has grave politica… ▽ More The growing trend of sharing news/contents, through social media platforms and the World Wide Web has been seen to impact our perception of the truth, altering our views about politics, economics, relationships, needs and wants. This is because of the growing spread of misinformation and disinformation intentionally or unintentionally by individuals and organizations. This trend has grave political, social, ethical, and privacy implications for society due to 1) the rapid developments in the field of Machine Learning (ML) and Deep Learning (DL) algorithms in creating realistic-looking yet fake digital content (such as text, images, and videos), 2) the ability to customize the content feeds and to create a polarized so-called "filter-bubbles" leveraging the availability of the big-data. Therefore, there is an ethical need to combat the flow of fake content. This paper attempts to resolve some of the aspects of this combat by presenting a high-level overview of TRUSTD, a blockchain and collective signature-based ecosystem to help content creators in getting their content backed by the community, and to help users judge on the credibility and correctness of these contents. △ Less

Submitted 28 August, 2020; originally announced August 2020.

Comments: arXiv admin note: text overlap with arXiv:1812.00315, arXiv:1807.06346, arXiv:1904.05386 by other authors

Journal ref: 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), Toronto, ON, Canada, 2020, pp. 1-3

SklCoin: Toward a Scalable Proof-of-Stake and Collective Signature Based Consensus Protocol for Strong Consistency in Blockchain

Authors: Zakwan Jaroucheh, Baraq Ghaleb, William J Buchanan

Abstract: The proof-of-work consensus protocol suffers from two main limitations: waste of energy and offering only probabilistic guarantees about the status of the blockchain. This paper introduces SklCoin, a new Byzantine consensus protocol and its corresponding software architecture. This protocol leverages two ideas: 1) the proof-of-stake concept to dynamically form stake proportionate consensus groups… ▽ More The proof-of-work consensus protocol suffers from two main limitations: waste of energy and offering only probabilistic guarantees about the status of the blockchain. This paper introduces SklCoin, a new Byzantine consensus protocol and its corresponding software architecture. This protocol leverages two ideas: 1) the proof-of-stake concept to dynamically form stake proportionate consensus groups that represent block miners (stakeholders), and 2) scalable collective signing to efficiently commit transactions irreversibly. SklCoin has immediate finality characteristic where all miners instantly agree on the validity of blocks. In addition, SklCoin supports high transaction rate because of its fast miner election mechanism △ Less

Submitted 15 August, 2020; originally announced August 2020.

Journal ref: IEEE Conference on Software Architecture Companion, 143-150, 2020

Privacy Preserving Passive DNS

Authors: Pavlos Papadopoulos, Nikolaos Pitropakis, William J. Buchanan, Owen Lo, Sokratis Katsikas

Abstract: The Domain Name System (DNS) was created to resolve the IP addresses of the web servers to easily remembered names. When it was initially created, security was not a major concern; nowadays, this lack of inherent security and trust has exposed the global DNS infrastructure to malicious actors. The passive DNS data collection process creates a database containing various DNS data elements, some of… ▽ More The Domain Name System (DNS) was created to resolve the IP addresses of the web servers to easily remembered names. When it was initially created, security was not a major concern; nowadays, this lack of inherent security and trust has exposed the global DNS infrastructure to malicious actors. The passive DNS data collection process creates a database containing various DNS data elements, some of which are personal and need to be protected to preserve the privacy of the end users. To this end, we propose the use of distributed ledger technology. We use Hyperledger Fabric to create a permissioned blockchain, which only authorized entities can access. The proposed solution supports queries for storing and retrieving data from the blockchain ledger, allowing the use of the passive DNS database for further analysis, e.g. for the identification of malicious domain names. Additionally, it effectively protects the DNS personal data from unauthorized entities, including the administrators that can act as potential malicious insiders, and allows only the data owners to perform queries over these data. We evaluated our proposed solution by creating a proof-of-concept experimental setup that passively collects DNS data from a network and then uses the distributed ledger technology to store the data in an immutable ledger, thus providing a full historical overview of all the records. △ Less

Submitted 14 August, 2020; originally announced August 2020.

Journal ref: Computers 2020, 9, 64

Decentralized Accessibility of e-commerce Products through Blockchain Technology

Authors: Gulshan Kumara, Rahul Sahaa, William J Buchanan, G. Geethaa, Reji Thomasa, Tai-Hoon Kimc, Mamoun Alazab

Abstract: A distributed and transparent ledger system is considered for various e-commerce products including health medicines, electronics, security appliances, food products and many more to ensure technological and e-commerce sustainability. This solution, named as 'PRODCHAIN', is a generic blockchain framework with lattice-based cryptographic processes for reducing the complexity for tracing the e-comme… ▽ More A distributed and transparent ledger system is considered for various e-commerce products including health medicines, electronics, security appliances, food products and many more to ensure technological and e-commerce sustainability. This solution, named as 'PRODCHAIN', is a generic blockchain framework with lattice-based cryptographic processes for reducing the complexity for tracing the e-commerce products. Moreover, we have introduced a rating based consensus process called Proof of Accomplishment (PoA). The solution has been analyzed and experimental studies are performed on Ethereum network. The results are discussed in terms of latency and throughput which prove the efficiency of PRODCHAIN in e-commerce products and services. The presented solution is beneficial for improving the traceability of the products ensuring the social and financial sustainability. This work will help the researchers to gain knowledge about the blockchain implications for supply chain possibilities in future developments for society. △ Less

Submitted 10 July, 2020; originally announced July 2020.

Journal ref: Sustainable Cities and Society, 102361 (2020)

Trust-by-Design: Evaluating Issues and Perceptions within Clinical Passporting

Authors: Will Abramson, Nicole E. van Deursen, William J Buchanan

Abstract: A substantial administrative burden is placed on healthcare professionals as they manage and progress through their careers. Identity verification, pre-employment screening and appraisals: the bureaucracy associated with each of these processes takes precious time out of a healthcare professional's day. Time that could have been spent focused on patient care. In the midst of the COVID-19 crisis, i… ▽ More A substantial administrative burden is placed on healthcare professionals as they manage and progress through their careers. Identity verification, pre-employment screening and appraisals: the bureaucracy associated with each of these processes takes precious time out of a healthcare professional's day. Time that could have been spent focused on patient care. In the midst of the COVID-19 crisis, it is more important than ever to optimize these professionals' time. This paper presents the synthesis of a design workshop held at the Royal College of Physicians of Edinburgh (RCPE) and subsequent interviews with healthcare professionals. The main research question posed is whether these processes can be re-imagined using digital technologies, specifically Self-Sovereign Identity? A key contribution in the paper is the development of a set of user-led requirements and design principles for identity systems used within healthcare. These are then contrasted with the design principles found in the literature. The results of this study confirm the need and potential of professionalising identity and credential management throughout a healthcare professional's career. △ Less

Submitted 26 June, 2020; originally announced June 2020.

Journal ref: Blockchain in Healthcare Today, 3 (2020)

A Distributed Trust Framework for Privacy-Preserving Machine Learning

Authors: Will Abramson, Adam James Hall, Pavlos Papadopoulos, Nikolaos Pitropakis, William J Buchanan

Abstract: When training a machine learning model, it is standard procedure for the researcher to have full knowledge of both the data and model. However, this engenders a lack of trust between data owners and data scientists. Data owners are justifiably reluctant to relinquish control of private information to third parties. Privacy-preserving techniques distribute computation in order to ensure that data r… ▽ More When training a machine learning model, it is standard procedure for the researcher to have full knowledge of both the data and model. However, this engenders a lack of trust between data owners and data scientists. Data owners are justifiably reluctant to relinquish control of private information to third parties. Privacy-preserving techniques distribute computation in order to ensure that data remains in the control of the owner while learning takes place. However, architectures distributed amongst multiple agents introduce an entirely new set of security and trust complications. These include data poisoning and model theft. This paper outlines a distributed infrastructure which is used to facilitate peer-to-peer trust between distributed agents; collaboratively performing a privacy-preserving workflow. Our outlined prototype sets industry gatekeepers and governance bodies as credential issuers. Before participating in the distributed learning workflow, malicious actors must first negotiate valid credentials. We detail a proof of concept using Hyperledger Aries, Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs) to establish a distributed trust architecture during a privacy-preserving machine learning experiment. Specifically, we utilise secure and authenticated DID communication channels in order to facilitate a federated learning workflow related to mental health care data. △ Less

Submitted 3 June, 2020; originally announced June 2020.

Comments: To be published in the proceedings of the 17th International Conference on Trust, Privacy and Security in Digital Business - TrustBus2020

Report number: TrustBus 2020, LNCS 12395, pp. 205--220, 2020 MSC Class: 68M25 ACM Class: C.2.0

Journal ref: 17th International Conference TrustBus 2020

Fast Probabilistic Consensus with Weighted Votes

Authors: Sebastian Müller, Andreas Penzkofer, Bartosz Kuśmierz, Darcy Camargo, William J. Buchanan

Abstract: The fast probabilistic consensus (FPC) is a voting consensus protocol that is robust and efficient in Byzantine infrastructure. We propose an adaption of the FPC to a setting where the voting power is proportional to the nodes reputations. We model the reputation using a Zipf law and show using simulations that the performance of the protocol in Byzantine infrastructure increases with the Zipf exp… ▽ More The fast probabilistic consensus (FPC) is a voting consensus protocol that is robust and efficient in Byzantine infrastructure. We propose an adaption of the FPC to a setting where the voting power is proportional to the nodes reputations. We model the reputation using a Zipf law and show using simulations that the performance of the protocol in Byzantine infrastructure increases with the Zipf exponent. Moreover, we propose several improvements of the FPC that decrease the failure rates significantly and allow the protocol to withstand adversaries with higher weight. We distinguish between cautious and berserk strategies of the adversaries and propose an efficient method to detect the more harmful berserk strategies. Our study refers at several points to a specific implementation of the IOTA protocol, but the principal results hold for general implementations of reputation models. △ Less

Submitted 1 June, 2020; originally announced June 2020.

Report number: Conference: FTC 2020 - Future Technologies Conference 2020

BeepTrace: Blockchain-enabled Privacy-preserving Contact Tracing for COVID-19 Pandemic and Beyond

Authors: Hao Xu, Lei Zhang, Oluwakayode Onireti, Yang Fang, William Bill Buchanan, Muhammad Ali Imran

Abstract: The outbreak of COVID-19 pandemic has exposed an urgent need for effective contact tracing solutions through mobile phone applications to prevent the infection from spreading further. However, due to the nature of contact tracing, public concern on privacy issues has been a bottleneck to the existing solutions, which is significantly affecting the uptake of contact tracing applications across the… ▽ More The outbreak of COVID-19 pandemic has exposed an urgent need for effective contact tracing solutions through mobile phone applications to prevent the infection from spreading further. However, due to the nature of contact tracing, public concern on privacy issues has been a bottleneck to the existing solutions, which is significantly affecting the uptake of contact tracing applications across the globe. In this paper, we present a blockchain-enabled privacy-preserving contact tracing scheme: BeepTrace, where we propose to adopt blockchain bridging the user/patient and the authorized solvers to desensitize the user ID and location information. Compared with recently proposed contract tracing solutions, our approach shows higher security and privacy with the additional advantages of being battery friendly and globally accessible. Results show viability in terms of the required resource at both server and mobile phone perspectives. Through breaking the privacy concerns of the public, the proposed BeepTrace solution can provide a timely framework for authorities, companies, software developers and researchers to fast develop and deploy effective digital contact tracing applications, to conquer COVID-19 pandemic soon. Meanwhile, the open initiative of BeepTrace allows worldwide collaborations, integrate existing tracing and positioning solutions with the help of blockchain technology. △ Less

Submitted 21 December, 2021; v1 submitted 20 May, 2020; originally announced May 2020.

Phishing URL Detection Through Top-level Domain Analysis: A Descriptive Approach

Authors: Orestis Christou, Nikolaos Pitropakis, Pavlos Papadopoulos, Sean McKeown, William J. Buchanan

Abstract: Phishing is considered to be one of the most prevalent cyber-attacks because of its immense flexibility and alarmingly high success rate. Even with adequate training and high situational awareness, it can still be hard for users to continually be aware of the URL of the website they are visiting. Traditional detection methods rely on blocklists and content analysis, both of which require time-cons… ▽ More Phishing is considered to be one of the most prevalent cyber-attacks because of its immense flexibility and alarmingly high success rate. Even with adequate training and high situational awareness, it can still be hard for users to continually be aware of the URL of the website they are visiting. Traditional detection methods rely on blocklists and content analysis, both of which require time-consuming human verification. Thus, there have been attempts focusing on the predictive filtering of such URLs. This study aims to develop a machine-learning model to detect fraudulent URLs which can be used within the Splunk platform. Inspired from similar approaches in the literature, we trained the SVM and Random Forests algorithms using malicious and benign datasets found in the literature and one dataset that we created. We evaluated the algorithms' performance with precision and recall, reaching up to 85% precision and 87% recall in the case of Random Forests while SVM achieved up to 90% precision and 88% recall using only descriptive features. △ Less

Submitted 13 May, 2020; originally announced May 2020.

Comments: In Proceedings of the 6th ICISSP

MSC Class: 68-06

Journal ref: ICISSP, Volume 1, pages 289-298 (2020)

Wi-Fi Channel Saturation as a Mechanism to Improve Passive Capture of Bluetooth Through Channel Usage Restriction

Authors: Ian Lowe, William J Buchanan, Richard J Macfarlane, Owen Lo

Abstract: Bluetooth is a short-range wireless technology that provides audio and data links between personal smartphones and playback devices, such as speakers, headsets and car entertainment systems. Since its introduction in 2001, security researchers have suggested that the protocol is weak, and prone to a variety of attacks against its authentication, link management and encryption schemes. Key research… ▽ More Bluetooth is a short-range wireless technology that provides audio and data links between personal smartphones and playback devices, such as speakers, headsets and car entertainment systems. Since its introduction in 2001, security researchers have suggested that the protocol is weak, and prone to a variety of attacks against its authentication, link management and encryption schemes. Key researchers in the field have suggested that reliable passive sniffing of Bluetooth traffic would enable the practical application of a range of currently hypothesised attacks. Restricting Bluetooth's frequency hop** behaviour by manipulation of the available channels, in order to make brute force attacks more effective has been a frequently proposed avenue of future research from the literature. This paper has evaluated the proposed approach in a series of experiments using the software defined radio tools and custom hardware developed by the Ubertooth project. The work concludes that the mechanism suggested by previous researchers may not deliver the proposed improvements, but describes an as yet undocumented interaction between Bluetooth and Wi-Fi technologies which may provide a Denial of Service attack mechanism. △ Less

Submitted 12 February, 2020; originally announced February 2020.

Journal ref: Journal of Network Technology, 2019

An authentication protocol based on chaos and zero knowledge proof

Authors: Will Major, William J Buchanan, Jawad Ahmad

Abstract: Port Knocking is a method for authenticating clients through a closed stance firewall, and authorising their requested actions, enabling severs to offer services to authenticated clients, without opening ports on the firewall. Advances in port knocking have resulted in an increase in complexity in design, preventing port knocking solutions from realising their potential. This paper proposes a nove… ▽ More Port Knocking is a method for authenticating clients through a closed stance firewall, and authorising their requested actions, enabling severs to offer services to authenticated clients, without opening ports on the firewall. Advances in port knocking have resulted in an increase in complexity in design, preventing port knocking solutions from realising their potential. This paper proposes a novel port knocking solution, named Crucible, which is a secure method of authentication, with high usability and features of stealth, allowing servers and services to remain hidden and protected. Crucible is a stateless solution, only requiring the client memorise a command, the server's IP and a chosen password. The solution is forwarded as a method for protecting servers against attacks ranging from port scans, to zero-day exploitation. To act as a random oracle for both client and server, cryptographic hashes were generated through chaotic systems. △ Less

Submitted 22 January, 2020; originally announced January 2020.

Comments: J. Nonlinear Dyn (2020)