-
Cross-temporal Detection of Novel Ransomware Campaigns: A Multi-Modal Alert Approach
Authors:
Sathvik Murli,
Dhruv Nandakumar,
Prabhat Kumar Kushwaha,
Cheng Wang,
Christopher Redino,
Abdul Rahman,
Shalini Israni,
Tarun Singh,
Edward Bowen
Abstract:
We present a novel approach to identify ransomware campaigns derived from attack timelines representations within victim networks. Malicious activity profiles developed from multiple alert sources support the construction of alert graphs. This approach enables an effective and scalable representation of the attack timelines where individual nodes represent malicious activity detections with connec…
▽ More
We present a novel approach to identify ransomware campaigns derived from attack timelines representations within victim networks. Malicious activity profiles developed from multiple alert sources support the construction of alert graphs. This approach enables an effective and scalable representation of the attack timelines where individual nodes represent malicious activity detections with connections describing the potential attack paths. This work demonstrates adaptability to different attack patterns through implementing a novel method for parsing and classifying alert graphs while maintaining efficacy despite potentially low-dimension node features.
△ Less
Submitted 1 September, 2023;
originally announced September 2023.
-
Removable Weak Keys for Discrete Logarithm Based Cryptography
Authors:
Michael John Jacobson, Jr.,
Prabhat Kushwaha
Abstract:
We describe a novel type of weak cryptographic private key that can exist in any discrete logarithm based public-key cryptosystem set in a group of prime order $p$ where $p-1$ has small divisors. Unlike the weak private keys based on \textit{numerical size} (such as smaller private keys, or private keys lying in an interval) that will \textit{always} exist in any DLP cryptosystems, our type of wea…
▽ More
We describe a novel type of weak cryptographic private key that can exist in any discrete logarithm based public-key cryptosystem set in a group of prime order $p$ where $p-1$ has small divisors. Unlike the weak private keys based on \textit{numerical size} (such as smaller private keys, or private keys lying in an interval) that will \textit{always} exist in any DLP cryptosystems, our type of weak private keys occurs purely due to parameter choice of $p$, and hence, can be removed with appropriate value of $p$. Using the theory of implicit group representations, we present algorithms that can determine whether a key is weak, and if so, recover the private key from the corresponding public key. We analyze several elliptic curves proposed in the literature and in various standards, giving counts of the number of keys that can be broken with relatively small amounts of computation. Our results show that many of these curves, including some from standards, have a considerable number of such weak private keys. We also use our methods to show that none of the 14 outstanding Certicom Challenge problem instances are weak in our sense, up to a certain weakness bound.
△ Less
Submitted 15 November, 2020;
originally announced November 2020.
-
Optimal Runtime Verification of Finite State Properties over Lossy Event Streams
Authors:
Peeyush Kushwaha,
Rahul Purandare,
Matthew B. Dwyer
Abstract:
Monitoring programs for finite state properties is challenging due to high memory and execution time overheads it incurs. Some events if skipped or lost naturally can reduce both overheads, but lead to uncertainty about the current monitor state. In this work, we present a theoretical framework to model these lossy event streams and provide a construction for a monitor which observes them without…
▽ More
Monitoring programs for finite state properties is challenging due to high memory and execution time overheads it incurs. Some events if skipped or lost naturally can reduce both overheads, but lead to uncertainty about the current monitor state. In this work, we present a theoretical framework to model these lossy event streams and provide a construction for a monitor which observes them without producing false positives. The constructed monitor is optimally sound among all complete monitors. We model several loss types of practical relevance using our framework and provide construction of smaller approximate monitors for properties with a large number of states.
△ Less
Submitted 8 April, 2020;
originally announced April 2020.
-
A Probabilistic Baby-Step Giant-Step Algorithm
Authors:
Prabhat Kushwaha,
Ayan Mahalanobis
Abstract:
In this paper, a new algorithm to solve the discrete logarithm problem is presented which is similar to the usual baby-step giant-step algorithm. Our algorithm exploits the order of the discrete logarithm in the multiplicative group of a finite field. Using randomization with parallelized collision search, our algorithm indicates some weakness in NIST curves over prime fields which are considered…
▽ More
In this paper, a new algorithm to solve the discrete logarithm problem is presented which is similar to the usual baby-step giant-step algorithm. Our algorithm exploits the order of the discrete logarithm in the multiplicative group of a finite field. Using randomization with parallelized collision search, our algorithm indicates some weakness in NIST curves over prime fields which are considered to be the most conservative and safest curves among all NIST curves.
△ Less
Submitted 25 January, 2017;
originally announced January 2017.
-
Improved Lower Bound on DHP: Towards the Equivalence of DHP and DLP for Important Elliptic Curves Used for Implementation
Authors:
Prabhat Kushwaha
Abstract:
In 2004, Muzereau et al. showed how to use a reduction algorithm of the discrete logarithm problem to Diffie-Hellman problem in order to estimate lower bound on Diffie-Hellman problem on elliptic curves. They presented their estimates for various elliptic curves that are used in practical applications. In this paper, we show that a much tighter lower bound for Diffie-Hellman problem on those curve…
▽ More
In 2004, Muzereau et al. showed how to use a reduction algorithm of the discrete logarithm problem to Diffie-Hellman problem in order to estimate lower bound on Diffie-Hellman problem on elliptic curves. They presented their estimates for various elliptic curves that are used in practical applications. In this paper, we show that a much tighter lower bound for Diffie-Hellman problem on those curves can be achieved, if one uses the multiplicative group of a finite field as an auxiliary group. Moreover, improved lower bound estimates on Diffie-Hellman problem for various recommended curves are also given which are the tightest; thus, leading us towards the equivalence of Diffie-Hellman problem and the discrete logarithm problem for these recommended elliptic curves.
△ Less
Submitted 26 November, 2016; v1 submitted 5 October, 2016;
originally announced October 2016.
