Your search keyword '"Buchanan, William J."' showing total 60 results

1. Review of Generative AI Methods in Cybersecurity

Author

Yigit, Yagmur, Buchanan, William J, Tehrani, Madjid G, and Maglaras, Leandros

Subjects

Computer Science - Cryptography and Security

Abstract

Over the last decade, Artificial Intelligence (AI) has become increasingly popular, especially with the use of chatbots such as ChatGPT, Gemini, and DALL-E. With this rise, large language models (LLMs) and Generative AI (GenAI) have also become more prevalent in everyday use. These advancements strengthen cybersecurity's defensive posture and open up new attack avenues for adversaries as well. This paper provides a comprehensive overview of the current state-of-the-art deployments of GenAI, covering assaults, jailbreaking, and applications of prompt injection and reverse psychology. This paper also provides the various applications of GenAI in cybercrimes, such as automated hacking, phishing emails, social engineering, reverse cryptography, creating attack payloads, and creating malware. GenAI can significantly improve the automation of defensive cyber security processes through strategies such as dataset construction, safe code development, threat intelligence, defensive measures, reporting, and cyberattack detection. In this study, we suggest that future research should focus on developing robust ethical norms and innovative defense mechanisms to address the current issues that GenAI creates and to also further encourage an impartial approach to its future application in cybersecurity. Moreover, we underscore the importance of interdisciplinary approaches further to bridge the gap between scientific developments and ethical considerations., Comment: 40 pages

Published

2024

2. vSPACE: Voting in a Scalable, Privacy-Aware and Confidential Election

Author

Elnour, Se, Buchanan, William J, Keating, Paul, Abubakar, Mwrwan, and Elnour, Sirag

Subjects

Computer Science - Cryptography and Security, Computer Science - Computers and Society

Abstract

The vSPACE experimental proof-of-concept (PoC) on the TrueElect[Anon][Creds] protocol presents a novel approach to secure, private, and scalable elections, extending the TrueElect and ElectAnon protocols with the integration of AnonCreds SSI (Self-Sovereign Identity). Such a protocol PoC is situated within a Zero-Trust Architecture (ZTA) and leverages confidential computing, continuous authentication, multi-party computation (MPC), and well-architected framework (WAF) principles to address the challenges of cybersecurity, privacy, and trust over IP (ToIP) protection. Employing a Kubernetes confidential cluster within an Enterprise-Scale Landing Zone (ESLZ), vSPACE integrates Distributed Ledger Technology (DLT) for immutable and certifiable audit trails. The Infrastructure as Code (IaC) model ensures rapid deployment, consistent management, and adherence to security standards, making vSPACE a future-proof solution for digital voting systems.

Published

2024

3. DID:RING: Ring Signatures using Decentralised Identifiers For Privacy-Aware Identity

Author

Kasimatis, Dimitrios, Grierson, Sam, Buchanan, William J., Eckl, Chris, Papadopoulos, Pavlos, Pitropakis, Nikolaos, Thomson, Craig, and Ghaleb, Baraq

Subjects

Computer Science - Cryptography and Security

Abstract

Decentralised identifiers have become a standardised element of digital identity architecture, with supra-national organisations such as the European Union adopting them as a key component for a unified European digital identity ledger. This paper delves into enhancing security and privacy features within decentralised identifiers by integrating ring signatures as an alternative verification method. This allows users to identify themselves through digital signatures without revealing which public key they used. To this end, the study proposed a novel decentralised identity method showcased in a decentralised identifier-based architectural framework. Additionally, the investigation assesses the repercussions of employing this new method in the verification process, focusing specifically on privacy and security aspects. Although ring signatures are an established asset of cryptographic protocols, this paper seeks to leverage their capabilities in the evolving domain of digital identities.

Published

2024

4. TIPS: Threat Sharing Information Platform for Enhanced Security

Author

Pasumarthy, Lakshmi Rama Kiran, Ali, Hisham, Buchanan, William J, Ahmad, Jawad, Josang, Audun, Mavroeidis, Vasileios, and Lemoudden, Mouad

Subjects

Computer Science - Cryptography and Security

Abstract

There is an increasing need to share threat information for the prevention of widespread cyber-attacks. While threat-related information sharing can be conducted through traditional information exchange methods, such as email communications etc., these methods are often weak in terms of their trustworthiness and privacy. Additionally, the absence of a trust infrastructure between different information-sharing domains also poses significant challenges. These challenges include redactment of information, the Right-to-be-forgotten, and access control to the information-sharing elements. These access issues could be related to time bounds, the trusted deletion of data, and the location of accesses. This paper presents an abstraction of a trusted information-sharing process which integrates Attribute-Based Encryption (ABE), Homomorphic Encryption (HE) and Zero Knowledge Proof (ZKP) integrated into a permissioned ledger, specifically Hyperledger Fabric (HLF). It then provides a protocol exchange between two threat-sharing agents that share encrypted messages through a trusted channel. This trusted channel can only be accessed by those trusted in the sharing and could be enabled for each data-sharing element or set up for long-term sharing.

Published

2024

5. RNA-TransCrypt: Image Encryption Using Chaotic RNA Encoding, Novel Transformative Substitution, and Tailored Cryptographic Operations

Author

Khan, Muhammad Shahbaz, Ahmad, Jawad, Al-Dubai, Ahmed, Ghaleb, Baraq, Pitropakis, Nikolaos, and Buchanan, William J.

Subjects

Computer Science - Cryptography and Security

Abstract

Given the security concerns of Internet of Things (IoT) networks and limited computational resources of IoT devices, this paper presents RNA-TransCrypt, a novel image encryption scheme that is not only highly secure but also efficient and lightweight. RNA-TransCrypt integrates the biocryptographic properties of RNA encoding with the non-linearity and unpredictability of chaos theory. This scheme introduces three novel contributions: 1) the two-base RNA encoding method, which transforms the image into RNA strands-like sequence, ensuring efficient scrambling; 2) the transformative substitution technique, which transforms the s-box values before replacing the pixel values, and is responsible for making the scheme lightweight; and 3) three mathematical cryptographic operations designed especially for image encryption that ensure the effective transformation of the s-box values, resulting in a new outcome even for the same input values. These modules are key-dependent, utilizing chaotic keys generated by the De Jong Fractal Map and the Van der Pol Oscillator. Extensive security analysis, including histogram analysis, correlation analysis, and the results of the statistical security parameters obtained from the Gray-Level Co-occurrence Matrix (GLCM) validate the efficacy of the proposed scheme in encrypting input images with close-to-ideal results of 7.997 entropy and 0.0006 correlation.

Published

2024

6. On families of elliptic curves $E_{p,q}:y^2=x^3-pqx$ that intersect the same line $L_{a,b}:y=\frac{a}{b}x$ of rational slope

Author

Sultanow, Eldar, Amir, Malik, Jeschke, Anja, Tfiha, Amir Darwish, Tehrani, Madjid, and Buchanan, William J

Subjects

Mathematics - Number Theory, Mathematics - Algebraic Geometry, 14H52

Abstract

Let $p$ and $q$ be two distinct odd primes, $p

Published

2023

7. PermutEx: Feature-Extraction-Based Permutation -- A New Diffusion Scheme for Image Encryption Algorithms

Author

Khan, Muhammad Shahbaz, Ahmad, Jawad, Al-Dubai, Ahmed, Jaroucheh, Zakwan, Pitropakis, Nikolaos, and Buchanan, William J.

Subjects

Computer Science - Cryptography and Security

Abstract

Traditional permutation schemes mostly focus on random scrambling of pixels, often neglecting the intrinsic image information that could enhance diffusion in image encryption algorithms. This paper introduces PermutEx, a feature-extraction-based permutation method that utilizes inherent image features to scramble pixels effectively. Unlike random permutation schemes, PermutEx extracts the spatial frequency and local contrast features of the image and ranks each pixel based on this information, identifying which pixels are more important or information-rich based on texture and edge information. In addition, a unique permutation key is generated using the Logistic-Sine Map based on chaotic behavior. The ranked pixels are permuted in conjunction with this unique key, effectively permuting the original image into a scrambled version. Experimental results indicate that the proposed method effectively disrupts the correlation in information-rich areas within the image resulting in a correlation value of 0.000062. The effective scrambling of pixels, resulting in nearly zero correlation, makes this method suitable to be used as diffusion in image encryption algorithms.

Published

2023

8. PASSION: Permissioned Access Control for Segmented Devices and Identity for IoT Networks

Author

Ali, Hisham, Abubakar, Mwrwan, Ahmad, Jawad, Buchanan, William J., and Jaroucheh, Zakwan

Subjects

Computer Science - Cryptography and Security

Abstract

In recent years, there has been a significant proliferation of industrial Internet of Things (IoT) applications, with a wide variety of use cases being developed and put into operation. As the industrial IoT landscape expands, the establishment of secure and reliable infrastructure becomes crucial to instil trust among users and stakeholders, particularly in addressing fundamental concerns such as traceability, integrity protection, and privacy that some industries still encounter today. This paper introduces a privacy-preserving method in the industry's IoT systems using blockchain-based data access control for remote industry safety monitoring and maintaining event information confidentiality, integrity and authenticity.

Published

2023

9. Scalable Multi-domain Trust Infrastructures for Segmented Networks

Author

Grierson, Sam, Buchanan, William J, Thomson, Craig, Ghaleb, Baraq, Maglaras, Leandros, and Eckl, Chris

Subjects

Computer Science - Cryptography and Security

Abstract

Within a trust infrastructure, a private key is often used to digitally sign a transaction, which can be verified with an associated public key. Using PKI (Public Key Infrastructure), a trusted entity can produce a digital signature, verifying the authenticity of the public key. However, what happens when external entities are not trusted to verify the public key or in cases where there is no Internet connection within an isolated or autonomously acting collection of devices? For this, a trusted entity can be elected to generate a key pair and then split the private key amongst trusted devices. Each node can then sign part of the transaction using their split of the shared secret. The aggregated signature can then define agreement on a consensus within the infrastructure. Unfortunately, this process has two significant problems. The first is when no trusted node can act as a dealer of the shares. The second is the difficulty of scaling the digital signature scheme. This paper outlines a method of creating a leaderless approach to defining trust domains to overcome weaknesses in the scaling of the elliptic curve digital signature algorithm. Instead, it proposes the usage of the Edwards curve digital signature algorithm for the definition of multiple trust zones. The paper shows that the computational overhead of the distributed key generation phase increases with the number of nodes in the trust domain but that the distributed signing has a relatively constant computational overhead.

Published

2023

10. CellSecure: Securing Image Data in Industrial Internet-of-Things via Cellular Automata and Chaos-Based Encryption

Author

Ali, Hassan, Khan, Muhammad Shahbaz, Driss, Maha, Ahmad, Jawad, Buchanan, William J., and Pitropakis, Nikolaos

Subjects

Computer Science - Cryptography and Security

Abstract

In the era of Industrial IoT (IIoT) and Industry 4.0, ensuring secure data transmission has become a critical concern. Among other data types, images are widely transmitted and utilized across various IIoT applications, ranging from sensor-generated visual data and real-time remote monitoring to quality control in production lines. The encryption of these images is essential for maintaining operational integrity, data confidentiality, and seamless integration with analytics platforms. This paper addresses these critical concerns by proposing a robust image encryption algorithm tailored for IIoT and Cyber-Physical Systems (CPS). The algorithm combines Rule-30 cellular automata with chaotic scrambling and substitution. The Rule 30 cellular automata serves as an efficient mechanism for generating pseudo-random sequences that enable fast encryption and decryption cycles suitable for real-time sensor data in industrial settings. Most importantly, it induces non-linearity in the encryption algorithm. Furthermore, to increase the chaotic range and keyspace of the algorithm, which is vital for security in distributed industrial networks, a hybrid chaotic map, i.e., logistic-sine map is utilized. Extensive security analysis has been carried out to validate the efficacy of the proposed algorithm. Results indicate that our algorithm achieves close-to-ideal values, with an entropy of 7.99 and a correlation of 0.002. This enhances the algorithm's resilience against potential cyber-attacks in the industrial domain.

Published

2023

11. Double Public Key Signing Function Oracle Attack on EdDSA Software Implementations

Author

Grierson, Sam, Chalkias, Konstantinos, Buchanan, William J, and Maglaras, Leandros

Subjects

Computer Science - Cryptography and Security

Abstract

EdDSA is a standardised elliptic curve digital signature scheme introduced to overcome some of the issues prevalent in the more established ECDSA standard. Due to the EdDSA standard specifying that the EdDSA signature be deterministic, if the signing function were to be used as a public key signing oracle for the attacker, the unforgeability notion of security of the scheme can be broken. This paper describes an attack against some of the most popular EdDSA implementations, which results in an adversary recovering the private key used during signing. With this recovered secret key, an adversary can sign arbitrary messages that would be seen as valid by the EdDSA verification function. A list of libraries with vulnerable APIs at the time of publication is provided. Furthermore, this paper provides two suggestions for securing EdDSA signing APIs against this vulnerability while it additionally discusses failed attempts to solve the issue.

Published

2023

12. SRSS: A New Chaos-Based Single-Round Single S-Box Image Encryption Scheme for Highly Auto-Correlated Data

Author

Khan, Muhammad Shahbaz, Ahmad, Jawad, Ali, Hisham, Pitropakis, Nikolaos, Al-Dubai, Ahmed, Ghaleb, Baraq, and Buchanan, William J.

Subjects

Computer Science - Cryptography and Security, Computer Science - Information Theory

Abstract

With the advent of digital communication, securing digital images during transmission and storage has become a critical concern. The traditional s-box substitution methods often fail to effectively conceal the information within highly auto-correlated regions of an image. This paper addresses the security issues presented by three prevalent S-box substitution methods, i.e., single S-box, multiple S-boxes, and multiple rounds with multiple S-boxes, especially when handling images with highly auto-correlated pixels. To resolve the addressed security issues, this paper proposes a new scheme SRSS-the Single Round Single S-Box encryption scheme. SRSS uses a single S-box for substitution in just one round to break the pixel correlations and encrypt the plaintext image effectively. Additionally, this paper introduces a new Chaos-based Random Operation Selection System-CROSS, which nullifies the requirement for multiple S-boxes, thus reducing the encryption scheme's complexity. By randomly selecting the operation to be performed on each pixel, driven by a chaotic sequence, the proposed scheme effectively scrambles even high auto-correlation areas. When compared to the substitution methods mentioned above, the proposed encryption scheme exhibited exceptionally well in just a single round with a single S-box. The close-to-ideal statistical security analysis results, i.e., an entropy of 7.89 and a correlation coefficient of 0.007, validate the effectiveness of the proposed scheme. This research offers an innovative path forward for securing images in applications requiring low computational complexity and fast encryption and decryption speeds., Comment: 6 Pages

Published

2023

13. Enabling Quantum Cybersecurity Analytics in Botnet Detection: Stable Architecture and Speed-up through Tree Algorithms

Author

Tehrani, Madjid, Sultanow, Eldar, Buchanan, William J, Amir, Malik, Jeschke, Anja, Chow, Raymond, and Lemoudden, Mouad

Subjects

Quantum Physics, I.2

Abstract

For the first time, we enable the execution of hybrid machine learning methods on real quantum computers with 100 data samples and real-device-based simulations with 5,000 data samples, thereby outperforming the current state of research of Suryotrisongko and Musashi from 2022 who were dealing with 1,000 data samples and quantum simulators (pure software-based emulators) only. Additionally, we beat their reported accuracy of $76.8\%$ by an average accuracy of $91.2\%$, all within a total execution time of 1,687 seconds. We achieve this significant progress through two-step strategy: Firstly, we establish a stable quantum architecture that enables us to execute HQML algorithms on real quantum devices. Secondly, we introduce new hybrid quantum binary classification algorithms based on Hoeffding decision tree algorithms. These algorithms speed up the process via batch-wise execution, reducing the number of shots required on real quantum devices compared to conventional loop-based optimizers. Their incremental nature serves the purpose of online large-scale data streaming for DGA botnet detection, and allows us to apply hybrid quantum machine learning to the field of cybersecurity analytics. We conduct our experiments using the Qiskit library with the Aer quantum simulator, and on three different real quantum devices from Azure Quantum: IonQ, Rigetti, and Quantinuum. This is the first time these tools are combined in this manner., Comment: 32 pages, 4 figures, 5 tables

Published

2023

14. Majority Voting Approach to Ransomware Detection

Author

Davies, Simon R, Macfarlane, Richard, and Buchanan, William J

Subjects

Computer Science - Cryptography and Security

Abstract

Crypto-ransomware remains a significant threat to governments and companies alike, with high-profile cyber security incidents regularly making headlines. Many different detection systems have been proposed as solutions to the ever-changing dynamic landscape of ransomware detection. In the majority of cases, these described systems propose a method based on the result of a single test performed on either the executable code, the process under investigation, its behaviour, or its output. In a small subset of ransomware detection systems, the concept of a scorecard is employed where multiple tests are performed on various aspects of a process under investigation and their results are then analysed using machine learning. The purpose of this paper is to propose a new majority voting approach to ransomware detection by developing a method that uses a cumulative score derived from discrete tests based on calculations using algorithmic rather than heuristic techniques. The paper describes 23 candidate tests, as well as 9 Windows API tests which are validated to determine both their accuracy and viability for use within a ransomware detection system. Using a cumulative score calculation approach to ransomware detection has several benefits, such as the immunity to the occasional inaccuracy of individual tests when making its final classification. The system can also leverage multiple tests that can be both comprehensive and complimentary in an attempt to achieve a broader, deeper, and more robust analysis of the program under investigation. Additionally, the use of multiple collaborative tests also significantly hinders ransomware from masking or modifying its behaviour in an attempt to bypass detection., Comment: 17 pages

Published

2023

15. Review of the NIST Light-weight Cryptography Finalists

Author

Buchanan, William J and Maglaras, Leandros

Subjects

Computer Science - Cryptography and Security

Abstract

Since 2016, NIST has been assessing lightweight encryption methods, and, in 2022, NIST published the final 10: ASCON, Elephant, GIFT-COFB, Grain128-AEAD, ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak. At the time that the article was written, NISC announced ASCOn as the chosen method that will be published as NIST'S lightweight cryptography standard later in 2023. In this article, we provide a comparison between these methods in terms of energy efficiency, time for encryption, and time for hashing., Comment: 6 pages

Published

2023

16. An Omnidirectional Approach to Touch-based Continuous Authentication

Author

Aaby, Peter, Giuffrida, Mario Valerio, Buchanan, William J, and Tan, Zhiyuan

Subjects

Computer Science - Cryptography and Security, Computer Science - Machine Learning

Abstract

This paper focuses on how touch interactions on smartphones can provide a continuous user authentication service through behaviour captured by a touchscreen. While efforts are made to advance touch-based behavioural authentication, researchers often focus on gathering data, tuning classifiers, and enhancing performance by evaluating touch interactions in a sequence rather than independently. However, such systems only work by providing data representing distinct behavioural traits. The typical approach separates behaviour into touch directions and creates multiple user profiles. This work presents an omnidirectional approach which outperforms the traditional method independent of the touch direction - depending on optimal behavioural features and a balanced training set. Thus, we evaluate five behavioural feature sets using the conventional approach against our direction-agnostic method while testing several classifiers, including an Extra-Tree and Gradient Boosting Classifier, which is often overlooked. Results show that in comparison with the traditional, an Extra-Trees classifier and the proposed approach are superior when combining strokes. However, the performance depends on the applied feature set. We find that the TouchAlytics feature set outperforms others when using our approach when combining three or more strokes. Finally, we highlight the importance of reporting the mean area under the curve and equal error rate for single-stroke performance and varying the sequence of strokes separately.

Published

2023

17. Towards The Creation Of The Future Fish Farm

Author

Papadopoulos, Pavlos, Buchanan, William J, Sayeed, Sarwar, and Pitropakis, Nikolaos

Subjects

Computer Science - Computers and Society, Computer Science - Cryptography and Security

Abstract

A fish farm is an area where fish raise and bred for food. Fish farm environments support the care and management of seafood within a controlled environment. Over the past few decades, there has been a remarkable increase in the calorie intake of protein attributed to seafood. Along with this, there are significant opportunities within the fish farming industry for economic development. Determining the fish diseases, monitoring the aquatic organisms, and examining the imbalance in the water element are some key factors that require precise observation to determine the accuracy of the acquired data. Similarly, due to the rapid expansion of aquaculture, new technologies are constantly being implemented in this sector to enhance efficiency. However, the existing approaches have often failed to provide an efficient method of farming fish. This work has kept aside the traditional approaches and opened up new dimensions to perform accurate analysis by adopting a distributed ledger technology. Our work analyses the current state-of-the-art of fish farming and proposes a fish farm ecosystem that relies on a private-by-design architecture based on the Hyperledger Fabric private-permissioned distributed ledger technology. The proposed method puts forward accurate and secure storage of the retrieved data from multiple sensors across the ecosystem so that the adhering entities can exercise their decision based on the acquired data. This study demonstrates a proof-of-concept to signify the efficiency and usability of the future fish farm.

Published

2023

18. Hamming Distributions of Popular Perceptual Hashing Techniques

Author

McKeown, Sean and Buchanan, William J

Subjects

Computer Science - Cryptography and Security

Abstract

Content-based file matching has been widely deployed for decades, largely for the detection of sources of copyright infringement, extremist materials, and abusive sexual media. Perceptual hashes, such as Microsoft's PhotoDNA, are one automated mechanism for facilitating detection, allowing for machines to approximately match visual features of an image or video in a robust manner. However, there does not appear to be much public evaluation of such approaches, particularly when it comes to how effective they are against content-preserving modifications to media files. In this paper, we present a million-image scale evaluation of several perceptual hashing archetypes for popular algorithms (including Facebook's PDQ, Apple's Neuralhash, and the popular pHash library) against seven image variants. The focal point is the distribution of Hamming distance scores between both unrelated images and image variants to better understand the problems faced by each approach.

Published

2022

19. Transforming EU Governance: The Digital Integration through EBSI and GLASS

Author

Kasimatis, Dimitrios, Buchanan, William J, Abubakar, Mwarwan, Lo, Owen, Chrysoulas, Christos, Pitropakis, Nikolaos, Papadopoulos, Pavlos, Sayeed, Sarwar, and Sel, Marc

Subjects

Computer Science - Cryptography and Security

Abstract

Traditionally, government systems managed citizen identities through disconnected data systems, using simple identifiers and paper-based processes, limiting digital trust and requiring citizens to request identity verification documents. The digital era offers a shift towards unique digital identifiers for each citizen, enabling a 'citizen wallet' for easier access to personal documents like academic records and licences, with enhanced security through digital signatures. The European Commission's initiative for a digital wallet for every EU citizen aims to improve mobility and integration, leveraging the European Blockchain Services Infrastructure (EBSI) for harmonised citizen integration. This paper discusses how EBSI and the GLASS project can advance governance and streamline access to identity documents.

Published

2022

20. A DNA Based Colour Image Encryption Scheme Using A Convolutional Autoencoder

Author

Ahmed, Fawad, Rehman, Muneeb Ur, Ahmad, Jawad, Khan, Muhammad Shahbaz, Boulila, Wadii, Srivastava, Gautam, Lin, Jerry Chun-Wei, and Buchanan, William J.

Subjects

Computer Science - Cryptography and Security

Abstract

With the advancement in technology, digital images can easily be transmitted and stored over the Internet. Encryption is used to avoid illegal interception of digital images. Encrypting large-sized colour images in their original dimension generally results in low encryption/decryption speed along with exerting a burden on the limited bandwidth of the transmission channel. To address the aforementioned issues, a new encryption scheme for colour images employing convolutional autoencoder, DNA and chaos is presented in this paper. The proposed scheme has two main modules, the dimensionality conversion module using the proposed convolutional autoencoder, and the encryption/decryption module using DNA and chaos. The dimension of the input colour image is first reduced from N $\times$ M $\times$ 3 to P $\times$ Q gray-scale image using the encoder. Encryption and decryption are then performed in the reduced dimension space. The decrypted gray-scale image is upsampled to obtain the original colour image having dimension N $\times$ M $\times$ 3. The training and validation accuracy of the proposed autoencoder is 97% and 95%, respectively. Once the autoencoder is trained, it can be used to reduce and subsequently increase the dimension of any arbitrary input colour image. The efficacy of the designed autoencoder has been demonstrated by the successful reconstruction of the compressed image into the original colour image with negligible perceptual distortion. The second major contribution presented in this paper is an image encryption scheme using DNA along with multiple chaotic sequences and substitution boxes. The security of the proposed image encryption algorithm has been gauged using several evaluation parameters, such as histogram of the cipher image, entropy, NPCR, UACI, key sensitivity, contrast, etc. encryption.

Published

2022

21. Comparison of Entropy Calculation Methods for Ransomware Encrypted File Identification

Author

Davies, Simon R, Macfarlane, Richard, and Buchanan, William J.

Subjects

Computer Science - Cryptography and Security

Abstract

Ransomware is a malicious class of software that utilises encryption to implement an attack on system availability. The target's data remains encrypted and is held captive by the attacker until a ransom demand is met. A common approach used by many crypto-ransomware detection techniques is to monitor file system activity and attempt to identify encrypted files being written to disk, often using a file's entropy as an indicator of encryption. However, often in the description of these techniques, little or no discussion is made as to why a particular entropy calculation technique is selected or any justification given as to why one technique is selected over the alternatives. The Shannon method of entropy calculation is the most commonly-used technique when it comes to file encryption identification in crypto-ransomware detection techniques. Overall, correctly encrypted data should be indistinguishable from random data, so apart from the standard mathematical entropy calculations such as Chi-Square, Shannon Entropy and Serial Correlation, the test suites used to validate the output from pseudo-random number generators would also be suited to perform this analysis. he hypothesis being that there is a fundamental difference between different entropy methods and that the best methods may be used to better detect ransomware encrypted files. The paper compares the accuracy of 53 distinct tests in being able to differentiate between encrypted data and other file types. The testing is broken down into two phases, the first phase is used to identify potential candidate tests, and a second phase where these candidates are thoroughly evaluated. To ensure that the tests were sufficiently robust, the NapierOne dataset is used. This dataset contains thousands of examples of the most commonly used file types, as well as examples of files that have been encrypted by crypto-ransomware.

Published

2022

22. GLASS: A Citizen-Centric Distributed Data-Sharing Model within an e-Governance Architecture

Author

Lo, Owen, Buchanan, William J., Sayeed, Sarwar, Papadopoulos, Pavlos, Pitropakis, Nikolaos, and Chrysoulas, Christos

Subjects

Computer Science - Cryptography and Security, Computer Science - Computers and Society

Abstract

E-governance is a process that aims to enhance a government's ability to simplify all the processes that may involve government, citizens, businesses, and so on. The rapid evolution of digital technologies has often created the necessity for the establishment of an e-Governance model. There is often a need for an inclusive e-governance model with integrated multiactor governance services and where a single market approach can be adopted. e-Governance often aims to minimise bureaucratic processes, while at the same time including a digital-by-default approach to public services. This aims at administrative efficiency and the reduction of bureaucratic processes. It can also improve government capabilities, and enhances trust and security, which brings confidence in governmental transactions. However, solid implementations of a distributed data sharing model within an e-governance architecture is far from a reality; hence, citizens of European countries often go through the tedious process of having their confidential information verified. This paper focuses on the sinGLe sign-on e-GovernAnce Paradigm based on a distributed file-exchange network for security, transparency, cost-effectiveness and trust (GLASS) model, which aims to ensure that a citizen can control their relationship with governmental agencies. The paper thus proposes an approach that integrates a permissioned blockchain with the InterPlanetary File System (IPFS). This method demonstrates how we may encrypt and store verifiable credentials of the GLASS ecosystem, such as academic awards, ID documents and so on, within IPFS in a secure manner and thus only allow trusted users to read a blockchain record, and obtain the encryption key. This allows for the decryption of a given verifiable credential that stored on IPFS. This paper outlines the creation of a demonstrator that proves the principles of the GLASS approach., Comment: Sensors 2022, 22(6), 2291; https://doi.org/10.3390/s22062291

Published

2022

23. Ransomware: Analysing the Impact on Windows Active Directory Domain Services

Author

McDonald, Grant, Papadopoulos, Pavlos, Pitropakis, Nikolaos, Ahmad, Jawad, and Buchanan, William J.

Subjects

Computer Science - Cryptography and Security

Abstract

Ransomware has become an increasingly popular type of malware across the past decade and continues to rise in popularity due to its high profitability. Organisations and enterprises have become prime targets for ransomware as they are more likely to succumb to ransom demands as part of operating expenses to counter the cost incurred from downtime. Despite the prevalence of ransomware as a threat towards organisations, there is very little information outlining how ransomware affects Windows Server environments, and particularly its proprietary domain services such as Active Directory. Hence, we aim to increase the cyber situational awareness of organisations and corporations that utilise these environments. Dynamic analysis was performed using three ransomware variants to uncover how crypto-ransomware affects Windows Server-specific services and processes. Our work outlines the practical investigation undertaken as WannaCry, TeslaCrypt, and Jigsaw were acquired and tested against several domain services. The findings showed that none of the three variants stopped the processes and decidedly left all domain services untouched. However, although the services remained operational, they became uniquely dysfunctional as ransomware encrypted the files pertaining to those services

Published

2022

24. NapierOne: A modern mixed file data set alternative to Govdocs1

Author

Davies, Simon R, Macfarlane, Richard, and Buchanan, William J

Subjects

Computer Science - Cryptography and Security

Abstract

It was found when reviewing the ransomware detection research literature that almost no proposal provided enough detail on how the test data set was created, or sufficient description of its actual content, to allow it to be recreated by other researchers interested in reconstructing their environment and validating the research results. A modern cybersecurity mixed file data set called NapierOne is presented, primarily aimed at, but not limited to, ransomware detection and forensic analysis research. NapierOne was designed to address this deficiency in reproducibility and improve consistency by facilitating research replication and repeatability. The methodology used in the creation of this data set is also described in detail. The data set was inspired by the Govdocs1 data set and it is intended that NapierOne be used as a complement to this original data set. An investigation was performed with the goal of determining the common files types currently in use. No specific research was found that explicitly provided this information, so an alternative consensus approach was employed. This involved combining the findings from multiple sources of file type usage into an overall ranked list. After which 5000 real-world example files were gathered, and a specific data subset created, for each of the common file types identified. In some circumstances, multiple data subsets were created for a specific file type, each subset representing a specific characteristic for that file type. For example, there are multiple data subsets for the ZIP file type with each subset containing examples of a specific compression method. Ransomware execution tends to produce files that have high entropy, so examples of file types that naturally have this attribute are also present.

Published

2022

25. Electromagnetic Side-Channel Attack Resilience against PRESENT Lightweight Block Cipher

Author

Gunathilake, Nilupulee A., Al-Dubai, Ahmed, Buchanan, William J., and Lo, Owen

Subjects

Computer Science - Cryptography and Security

Abstract

Lightweight cryptography is a novel diversion from conventional cryptography that targets internet-of-things (IoT) platform due to resource constraints. In comparison, it offers smaller cryptographic primitives such as shorter key sizes, block sizes and lesser energy drainage. The main focus can be seen in algorithm developments in this emerging subject. Thus, verification is carried out based upon theoretical (mathematical) proofs mostly. Among the few available side-channel analysis studies found in literature, the highest percentage is taken by power attacks. PRESENT is a promising lightweight block cipher to be included in IoT devices in the near future. Thus, the emphasis of this paper is on lightweight cryptology, and our investigation shows unavailability of a correlation electromagnetic analysis (CEMA) of it. Hence, in an effort to fill in this research gap, we opted to investigate the capabilities of CEMA against the PRESENT algorithm. This work aims to determine the probability of secret key leakage with a minimum number of electromagnetic (EM) waveforms possible. The process initially started from a simple EM analysis (SEMA) and gradually enhanced up to a CEMA. This paper presents our methodology in attack modelling, current results that indicate a probability of leaking seven bytes of the key and upcoming plans for optimisation. In addition, introductions to lightweight cryptanalysis and theories of EMA are also included.

Published

2021

26. Blockchain-based Platform for Secure Sharing and Validation of Vaccination Certificates

Author

Abubakar, Mwrwan, McCarron, Pádraig, Jaroucheh, Zakwan, Al-Dubai, Ahmed, and Buchanan, William J

Subjects

Computer Science - Cryptography and Security

Abstract

The COVID-19 pandemic has recently emerged as a worldwide health emergency that necessitates coordinated international measures. To contain the virus's spread, governments and health organisations raced to develop vaccines that would lower Covid-19 morbidity, relieve pressure on healthcare systems, and allow economies to open. As a way forward after the COVID-19 vaccination, the Vaccination certificate has been adopted to help the authorities formulate policies by controlling cross-border travelling. To resolve significant privacy concerns and remove the need for relying on third parties to maintain trust and control the user's data, in this paper, we leverage blockchain technologies in developing a secure and verifiable vaccination certificate. Our approach has the advantage of utilising a hybrid architecture that implements different advanced technologies, such as smart contracts, interPlanetary File System (IPFS), and Self-sovereign Identity (SSI). We will rely on verifiable credentials paired with smart contracts to implement on-chain access control decisions and provide on-chain verification and validation of the user and issuer DIDs. The usability of this approach was further analysed, particularly concerning performance and security. Our analysis proved that our approach satisfies vaccination certificate security requirements.

Published

2021

27. Privacy-preserving and Trusted Threat Intelligence Sharing using Distributed Ledgers

Author

Ali, Hisham, Papadopoulos, Pavlos, Ahmad, Jawad, Pitropakis, Nikolaos, Jaroucheh, Zakwan, and Buchanan, William J.

Subjects

Computer Science - Cryptography and Security

Abstract

Threat information sharing is considered as one of the proactive defensive approaches for enhancing the overall security of trusted partners. Trusted partner organizations can provide access to past and current cybersecurity threats for reducing the risk of a potential cyberattack - the requirements for threat information sharing range from simplistic sharing of documents to threat intelligence sharing. Therefore, the storage and sharing of highly sensitive threat information raises considerable concerns regarding constructing a secure, trusted threat information exchange infrastructure. Establishing a trusted ecosystem for threat sharing will promote the validity, security, anonymity, scalability, latency efficiency, and traceability of the stored information that protects it from unauthorized disclosure. This paper proposes a system that ensures the security principles mentioned above by utilizing a distributed ledger technology that provides secure decentralized operations through smart contracts and provides a privacy-preserving ecosystem for threat information storage and sharing regarding the MITRE ATT\&CK framework.

Published

2021

28. PAN-DOMAIN: Privacy-preserving Sharing and Auditing of Infection Identifier Matching

Author

Abramson, William, Buchanan, William J., Sayeed, Sarwar, Pitropakis, Nikolaos, and Lo, Owen

Subjects

Computer Science - Cryptography and Security, Computer Science - Computers and Society

Abstract

The spread of COVID-19 has highlighted the need for a robust contact tracing infrastructure that enables infected individuals to have their contacts traced, and followed up with a test. The key entities involved within a contact tracing infrastructure may include the Citizen, a Testing Centre (TC), a Health Authority (HA), and a Government Authority (GA). Typically, these different domains need to communicate with each other about an individual. A common approach is when a citizen discloses his personally identifiable information to both the HA a TC, if the test result comes positive, the information is used by the TC to alert the HA. Along with this, there can be other trusted entities that have other key elements of data related to the citizen. However, the existing approaches comprise severe flaws in terms of privacy and security. Additionally, the aforementioned approaches are not transparent and often being questioned for the efficacy of the implementations. In order to overcome the challenges, this paper outlines the PAN-DOMAIN infrastructure that allows for citizen identifiers to be matched amongst the TA, the HA and the GA. PAN-DOMAIN ensures that the citizen can keep control of the mapping between the trusted entities using a trusted converter, and has access to an audit log.

Published

2021

29. A Privacy-Preserving Platform for Recording COVID-19 Vaccine Passports

Author

Barati, Masoud, Buchanan, William J., Lo, Owen, and Rana, Omer

Subjects

Computer Science - Cryptography and Security

Abstract

Digital vaccine passports are one of the main solutions which would allow the restart of travel in a post COVID-19 world. Trust, scalability and security are all key challenges one must overcome in implementing a vaccine passport. Initial approaches attempt to solve this problem by using centralised systems with trusted authorities. However, sharing vaccine passport data between different organisations, regions and countries has become a major challenge. This paper designs a new platform architecture for creating, storing and verifying digital COVID-19 vaccine certifications. The platform makes use of the InterPlanetary File System (IPFS) to guarantee there is no single point of failure and allow data to be securely distributed globally. Blockchain and smart contracts are also integrated into the platform to define policies and log access rights to vaccine passport data while ensuring all actions are audited and verifiably immutable. Our proposed platform realises General Data Protection Regulation (GDPR) requirements in terms of user consent, data encryption, data erasure and accountability obligations. We assess the scalability and performance of the platform using IPFS and Blockchain test networks.

Published

2021

30. Evaluating Tooling and Methodology when Analysing Bitcoin Mixing Services After Forensic Seizure

Author

Young, Edward Henry, Chrysoulas, Christos, Pitropakis, Nikolaos, Papadopoulos, Pavlos, and Buchanan, William J

Subjects

Computer Science - Cryptography and Security

Abstract

Little or no research has been directed to analysis and researching forensic analysis of the Bitcoin mixing or 'tumbling' service themselves. This work is intended to examine effective tooling and methodology for recovering forensic artifacts from two privacy focused mixing services namely Obscuro which uses the secure enclave on intel chips to provide enhanced confidentiality and Wasabi wallet which uses CoinJoin to mix and obfuscate crypto currencies. These wallets were set up on VMs and then several forensic tools used to examine these VM images for relevant forensic artifacts. These forensic tools were able to recover a broad range of forensic artifacts and found both network forensics and logging files to be a useful source of artifacts to deanonymize these mixing services., Comment: Accepted for publication in the International Conference on Data Analytics for Business and Industry (ICDABI) 2021 - (DATA'21)

Published

2021

31. GLASS: Towards Secure and Decentralized eGovernance Services using IPFS

Author

Chrysoulas, Christos, Thomson, Amanda, Pitropakis, Nikolaos, Papadopoulos, Pavlos, Lo, Owen, Buchanan, William J., Domalis, George, Karacapilidis, Nikos, Tsakalidis, Dimitris, and Tsolis, Dimitris

Subjects

Computer Science - Cryptography and Security, Computer Science - Computers and Society, Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

The continuously advancing digitization has provided answers to the bureaucratic problems faced by eGovernance services. This innovation led them to an era of automation it has broadened the attack surface and made them a popular target for cyber attacks. eGovernance services utilize internet, which is currently a location addressed system where whoever controls the location controls not only the content itself, but the integrity of that content, and the access to that content. We propose GLASS, a decentralised solution which combines the InterPlanetary File System (IPFS) with Distributed Ledger technology and Smart Contracts to secure EGovernance services. We also create a testbed environment where we measure the IPFS performance., Comment: To be published in the proceedings of the 7th Workshop On The Security Of Industrial Control Systems & Of Cyber-Physical Systems (CyberICPS 2021). In Conjunction With ESORICS 2021

Published

2021

32. Electromagnetic Analysis of an Ultra-Lightweight Cipher: PRESENT

Author

Gunathilake, Nilupulee A., Al-Dubai, Ahmed, Buchanan, William J., and Lo, Owen

Subjects

Computer Science - Cryptography and Security

Abstract

Side-channel attacks are an unpredictable risk factor in cryptography. Therefore, continuous observations of physical leakages are essential to minimise vulnerabilities associated with cryptographic functions. Lightweight cryptography is a novel approach in progress towards internet-of-things (IoT) security. Thus, it would provide sufficient data and privacy protection in such a constrained ecosystem. IoT devices are resource-limited in terms of data rates (in kbps), power maintainability (battery) as well as hardware and software footprints (physical size, internal memory, RAM/ROM). Due to the difficulty in handling conventional cryptographic algorithms, lightweight ciphers consist of small key sizes, block sizes and few operational rounds. Unlike in the past, affordability to perform side-channel attacks using inexpensive electronic circuitries is becoming a reality. Hence, cryptanalysis of physical leakage in these emerging ciphers is crucial. Among existing studies, power analysis seems to have enough attention in research, whereas other aspects such as electromagnetic, timing, cache and optical attacks continue to be appropriately evaluated to play a role in forensic analysis. As a result, we started analysing electromagnetic emission leakage of an ultra-lightweight block cipher, PRESENT. According to the literature, PRESENT promises to be adequate for IoT devices, and there still seems not to exist any work regarding correlation electromagnetic analysis (CEMA) of it. Firstly, we conducted simple electromagnetic analysis in both time and frequency domains and then proceeded towards CEMA attack modelling. This paper provides a summary of the related literature (IoT, lightweight cryptography, side-channel attacks and EMA), our methodology, current outcomes and future plans for the optimised results., Comment: 20 pages

Published

2021

33. Differential Area Analysis for Ransomware Attack Detection within Mixed File Datasets

Author

Davies, Simon R, Macfarlane, Richard, and Buchanan, William J

Subjects

Computer Science - Cryptography and Security

Abstract

The threat from ransomware continues to grow both in the number of affected victims as well as the cost incurred by the people and organisations impacted in a successful attack. In the majority of cases, once a victim has been attacked there remain only two courses of action open to them; either pay the ransom or lose their data. One common behaviour shared between all crypto ransomware strains is that at some point during their execution they will attempt to encrypt the users' files. Previous research Penrose et al. (2013); Zhao et al. (2011) has highlighted the difficulty in differentiating between compressed and encrypted files using Shannon entropy as both file types exhibit similar values. One of the experiments described in this paper shows a unique characteristic for the Shannon entropy of encrypted file header fragments. This characteristic was used to differentiate between encrypted files and other high entropy files such as archives. This discovery was leveraged in the development of a file classification model that used the differential area between the entropy curve of a file under analysis and one generated from random data. When comparing the entropy plot values of a file under analysis against one generated by a file containing purely random numbers, the greater the correlation of the plots is, the higher the confidence that the file under analysis contains encrypted data.

Published

2021

34. Launching Adversarial Attacks against Network Intrusion Detection Systems for IoT

Author

Papadopoulos, Pavlos, von Essen, Oliver Thornewill, Pitropakis, Nikolaos, Chrysoulas, Christos, Mylonas, Alexios, and Buchanan, William J.

Subjects

Computer Science - Machine Learning, Computer Science - Cryptography and Security, Computer Science - Networking and Internet Architecture

Abstract

As the internet continues to be populated with new devices and emerging technologies, the attack surface grows exponentially. Technology is shifting towards a profit-driven Internet of Things market where security is an afterthought. Traditional defending approaches are no longer sufficient to detect both known and unknown attacks to high accuracy. Machine learning intrusion detection systems have proven their success in identifying unknown attacks with high precision. Nevertheless, machine learning models are also vulnerable to attacks. Adversarial examples can be used to evaluate the robustness of a designed model before it is deployed. Further, using adversarial examples is critical to creating a robust model designed for an adversarial environment. Our work evaluates both traditional machine learning and deep learning models' robustness using the Bot-IoT dataset. Our methodology included two main approaches. First, label poisoning, used to cause incorrect classification by the model. Second, the fast gradient sign method, used to evade detection measures. The experiments demonstrated that an attacker could manipulate or circumvent detection with significant probability., Comment: MDPI Mach. Learn. Knowl. Extr. 2021, 3(2), 333-356; https://www.mdpi.com/2624-800X/1/2/14

Published

2021

35. Privacy and Trust Redefined in Federated Machine Learning

Author

Papadopoulos, Pavlos, Abramson, Will, Hall, Adam J., Pitropakis, Nikolaos, and Buchanan, William J.

Subjects

Computer Science - Cryptography and Security, Computer Science - Computers and Society, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Machine Learning

Abstract

A common privacy issue in traditional machine learning is that data needs to be disclosed for the training procedures. In situations with highly sensitive data such as healthcare records, accessing this information is challenging and often prohibited. Luckily, privacy-preserving technologies have been developed to overcome this hurdle by distributing the computation of the training and ensuring the data privacy to their owners. The distribution of the computation to multiple participating entities introduces new privacy complications and risks. In this paper, we present a privacy-preserving decentralised workflow that facilitates trusted federated learning among participants. Our proof-of-concept defines a trust framework instantiated using decentralised identity technologies being developed under Hyperledger projects Aries/Indy/Ursa. Only entities in possession of Verifiable Credentials issued from the appropriate authorities are able to establish secure, authenticated communication channels authorised to participate in a federated learning workflow related to mental health data., Comment: MDPI Mach. Learn. Knowl. Extr. 2021, 3(2), 333-356; https://doi.org/10.3390/make3020017

Published

2021

36. An Experimental Analysis of Attack Classification Using Machine Learning in IoT Networks

Author

Churcher, Andrew, Ullah, Rehmat, Ahmad, Jawad, Rehman, Sadaqat ur, Masood, Fawad, Gogate, Mandar, Alqahtani, Fehaid, Nour, Boubakr, and Buchanan, William J.

Subjects

Computer Science - Cryptography and Security, Computer Science - Machine Learning

Abstract

In recent years, there has been a massive increase in the amount of Internet of Things (IoT) devices as well as the data generated by such devices. The participating devices in IoT networks can be problematic due to their resource-constrained nature, and integrating security on these devices is often overlooked. This has resulted in attackers having an increased incentive to target IoT devices. As the number of attacks possible on a network increases, it becomes more difficult for traditional intrusion detection systems (IDS) to cope with these attacks efficiently. In this paper, we highlight several machine learning (ML) methods such as k-nearest neighbour (KNN), support vector machine (SVM), decision tree (DT), naive Bayes (NB), random forest (RF), artificial neural network (ANN), and logistic regression (LR) that can be used in IDS. In this work, ML algorithms are compared for both binary and multi-class classification on Bot-IoT dataset. Based on several parameters such as accuracy, precision, recall, F1 score, and log loss, we experimentally compared the aforementioned ML algorithms. In the case of HTTP distributed denial-of-service (DDoS) attack, the accuracy of RF is 99%. Furthermore, other simulation results-based precision, recall, F1 score, and log loss metric reveal that RF outperforms on all types of attacks in binary classification. However, in multi-class classification, KNN outperforms other ML algorithms with an accuracy of 99%, which is 4% higher than RF.

Published

2021

37. Evaluation of Live Forensic Techniques in Ransomware Attack Mitigation

Author

Davies, Simon R., Macfarlane, Richard, and Buchanan, William J.

Subjects

Computer Science - Cryptography and Security, E.3, K.6.5

Abstract

Memory was captured from a system infected by ransomware and its contents was examined using live forensic tools, with the intent of identifying the symmetric encryption keys being used. NotPetya, Bad Rabbit and Phobos hybrid ransomware samples were tested during the investigation. If keys were discovered, the following two steps were also performed. Firstly, a timeline was manually created by combining data from multiple sources to illustrate the ransomware's behaviour as well as showing when the encryption keys were present in memory and how long they remained there. Secondly, an attempt was made to decrypt the files encrypted by the ransomware using the found keys. In all cases, the investigation was able to confirm that it was possible to identify the encryption keys used. A description of how these found keys were then used to successfully decrypt files that had been encrypted during the execution of the ransomware is also given. The resulting generated timelines provided a excellent way to visualise the behaviour of the ransomware and the encryption key management practices it employed, and from a forensic investigation and possible mitigation point of view, when the encryption keys are in memory., Comment: 11 pages, 10 figures

Published

2020

38. A Privacy-Preserving Healthcare Framework Using Hyperledger Fabric

Author

Stamatellis, Charalampos, Papadopoulos, Pavlos, Pitropakis, Nikolaos, Katsikas, Sokratis, and Buchanan, William J

Subjects

Computer Science - Cryptography and Security

Abstract

Electronic health record (EHR) management systems require the adoption of effective technologies when health information is being exchanged. Current management approaches often face risks that may expose medical record storage solutions to common security attack vectors. However, healthcare-oriented blockchain solutions can provide a decentralized, anonymous and secure EHR handling approach. This paper presents PREHEALTH, a privacy-preserving EHR management solution that uses distributed ledger technology and an Identity Mixer (Idemix). The paper describes a proof-of-concept implementation that uses the Hyperledger Fabric's permissioned blockchain framework. The proposed solution is able to store patient records effectively whilst providing anonymity and unlinkability. Experimental performance evaluation results demonstrate the scheme's efficiency and feasibility for real-world scale deployment., Comment: MDPI Sensors (This article belongs to the Special Issue Security, Trust and Privacy in New Computing Environments) URL: https://www.mdpi.com/1424-8220/20/22/6587

Published

2020

39. Review and Critical Analysis of Privacy-preserving Infection Tracking and Contact Tracing

Author

Buchanan, William J, Imran, Muhammad Ali, Ur-Rehman, Masood, Zhang, Lei, Abbasi, Qammer H., Chrysoulas, Christos, Haynes, David, Pitropakis, Nikolaos, and Papadopoulos, Pavlos

Subjects

Computer Science - Cryptography and Security

Abstract

The outbreak of viruses have necessitated contact tracing and infection tracking methods. Despite various efforts, there is currently no standard scheme for the tracing and tracking. Many nations of the world have therefore, developed their own ways where carriers of disease could be tracked and their contacts traced. These are generalized methods developed either in a distributed manner giving citizens control of their identity or in a centralised manner where a health authority gathers data on those who are carriers. This paper outlines some of the most significant approaches that have been established for contact tracing around the world. A comprehensive review on the key enabling methods used to realise the infrastructure around these infection tracking and contact tracing methods is also presented and recommendations are made for the most effective way to develop such a practice.

Published

2020

40. TRUSTD: Combat Fake Content using Blockchain and Collective Signature Technologies

Author

Jaroucheh, Zakwan, Alissa, Mohamad, and Buchanan, William J

Subjects

Computer Science - Cryptography and Security

Abstract

The growing trend of sharing news/contents, through social media platforms and the World Wide Web has been seen to impact our perception of the truth, altering our views about politics, economics, relationships, needs and wants. This is because of the growing spread of misinformation and disinformation intentionally or unintentionally by individuals and organizations. This trend has grave political, social, ethical, and privacy implications for society due to 1) the rapid developments in the field of Machine Learning (ML) and Deep Learning (DL) algorithms in creating realistic-looking yet fake digital content (such as text, images, and videos), 2) the ability to customize the content feeds and to create a polarized so-called "filter-bubbles" leveraging the availability of the big-data. Therefore, there is an ethical need to combat the flow of fake content. This paper attempts to resolve some of the aspects of this combat by presenting a high-level overview of TRUSTD, a blockchain and collective signature-based ecosystem to help content creators in getting their content backed by the community, and to help users judge on the credibility and correctness of these contents., Comment: arXiv admin note: text overlap with arXiv:1812.00315, arXiv:1807.06346, arXiv:1904.05386 by other authors

Published

2020

41. SklCoin: Toward a Scalable Proof-of-Stake and Collective Signature Based Consensus Protocol for Strong Consistency in Blockchain

Author

Jaroucheh, Zakwan, Ghaleb, Baraq, and Buchanan, William J

Subjects

Computer Science - Cryptography and Security

Abstract

The proof-of-work consensus protocol suffers from two main limitations: waste of energy and offering only probabilistic guarantees about the status of the blockchain. This paper introduces SklCoin, a new Byzantine consensus protocol and its corresponding software architecture. This protocol leverages two ideas: 1) the proof-of-stake concept to dynamically form stake proportionate consensus groups that represent block miners (stakeholders), and 2) scalable collective signing to efficiently commit transactions irreversibly. SklCoin has immediate finality characteristic where all miners instantly agree on the validity of blocks. In addition, SklCoin supports high transaction rate because of its fast miner election mechanism

Published

2020

42. Privacy Preserving Passive DNS

Author

Papadopoulos, Pavlos, Pitropakis, Nikolaos, Buchanan, William J., Lo, Owen, and Katsikas, Sokratis

Subjects

Computer Science - Cryptography and Security

Abstract

The Domain Name System (DNS) was created to resolve the IP addresses of the web servers to easily remembered names. When it was initially created, security was not a major concern; nowadays, this lack of inherent security and trust has exposed the global DNS infrastructure to malicious actors. The passive DNS data collection process creates a database containing various DNS data elements, some of which are personal and need to be protected to preserve the privacy of the end users. To this end, we propose the use of distributed ledger technology. We use Hyperledger Fabric to create a permissioned blockchain, which only authorized entities can access. The proposed solution supports queries for storing and retrieving data from the blockchain ledger, allowing the use of the passive DNS database for further analysis, e.g. for the identification of malicious domain names. Additionally, it effectively protects the DNS personal data from unauthorized entities, including the administrators that can act as potential malicious insiders, and allows only the data owners to perform queries over these data. We evaluated our proposed solution by creating a proof-of-concept experimental setup that passively collects DNS data from a network and then uses the distributed ledger technology to store the data in an immutable ledger, thus providing a full historical overview of all the records.

Published

2020

43. Decentralized Accessibility of e-commerce Products through Blockchain Technology

Author

Kumara, Gulshan, Sahaa, Rahul, Buchanan, William J, Geethaa, G., Thomasa, Reji, Kimc, Tai-Hoon, and Alazab, Mamoun

Subjects

Computer Science - Cryptography and Security

Abstract

A distributed and transparent ledger system is considered for various e-commerce products including health medicines, electronics, security appliances, food products and many more to ensure technological and e-commerce sustainability. This solution, named as 'PRODCHAIN', is a generic blockchain framework with lattice-based cryptographic processes for reducing the complexity for tracing the e-commerce products. Moreover, we have introduced a rating based consensus process called Proof of Accomplishment (PoA). The solution has been analyzed and experimental studies are performed on Ethereum network. The results are discussed in terms of latency and throughput which prove the efficiency of PRODCHAIN in e-commerce products and services. The presented solution is beneficial for improving the traceability of the products ensuring the social and financial sustainability. This work will help the researchers to gain knowledge about the blockchain implications for supply chain possibilities in future developments for society.

Published

2020

44. Trust-by-Design: Evaluating Issues and Perceptions within Clinical Passporting

Author

Abramson, Will, van Deursen, Nicole E., and Buchanan, William J

Subjects

Computer Science - Cryptography and Security, Computer Science - Computers and Society

Abstract

A substantial administrative burden is placed on healthcare professionals as they manage and progress through their careers. Identity verification, pre-employment screening and appraisals: the bureaucracy associated with each of these processes takes precious time out of a healthcare professional's day. Time that could have been spent focused on patient care. In the midst of the COVID-19 crisis, it is more important than ever to optimize these professionals' time. This paper presents the synthesis of a design workshop held at the Royal College of Physicians of Edinburgh (RCPE) and subsequent interviews with healthcare professionals. The main research question posed is whether these processes can be re-imagined using digital technologies, specifically Self-Sovereign Identity? A key contribution in the paper is the development of a set of user-led requirements and design principles for identity systems used within healthcare. These are then contrasted with the design principles found in the literature. The results of this study confirm the need and potential of professionalising identity and credential management throughout a healthcare professional's career.

Published

2020

45. A Distributed Trust Framework for Privacy-Preserving Machine Learning

Author

Abramson, Will, Hall, Adam James, Papadopoulos, Pavlos, Pitropakis, Nikolaos, and Buchanan, William J

Subjects

Computer Science - Cryptography and Security, Computer Science - Computers and Society, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Computer Science and Game Theory, Computer Science - Machine Learning, 68M25, C.2.0

Abstract

When training a machine learning model, it is standard procedure for the researcher to have full knowledge of both the data and model. However, this engenders a lack of trust between data owners and data scientists. Data owners are justifiably reluctant to relinquish control of private information to third parties. Privacy-preserving techniques distribute computation in order to ensure that data remains in the control of the owner while learning takes place. However, architectures distributed amongst multiple agents introduce an entirely new set of security and trust complications. These include data poisoning and model theft. This paper outlines a distributed infrastructure which is used to facilitate peer-to-peer trust between distributed agents; collaboratively performing a privacy-preserving workflow. Our outlined prototype sets industry gatekeepers and governance bodies as credential issuers. Before participating in the distributed learning workflow, malicious actors must first negotiate valid credentials. We detail a proof of concept using Hyperledger Aries, Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs) to establish a distributed trust architecture during a privacy-preserving machine learning experiment. Specifically, we utilise secure and authenticated DID communication channels in order to facilitate a federated learning workflow related to mental health care data., Comment: To be published in the proceedings of the 17th International Conference on Trust, Privacy and Security in Digital Business - TrustBus2020

Published

2020

46. Fast Probabilistic Consensus with Weighted Votes

Author

Müller, Sebastian, Penzkofer, Andreas, Kuśmierz, Bartosz, Camargo, Darcy, and Buchanan, William J.

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

The fast probabilistic consensus (FPC) is a voting consensus protocol that is robust and efficient in Byzantine infrastructure. We propose an adaption of the FPC to a setting where the voting power is proportional to the nodes reputations. We model the reputation using a Zipf law and show using simulations that the performance of the protocol in Byzantine infrastructure increases with the Zipf exponent. Moreover, we propose several improvements of the FPC that decrease the failure rates significantly and allow the protocol to withstand adversaries with higher weight. We distinguish between cautious and berserk strategies of the adversaries and propose an efficient method to detect the more harmful berserk strategies. Our study refers at several points to a specific implementation of the IOTA protocol, but the principal results hold for general implementations of reputation models.

Published

2020

47. Phishing URL Detection Through Top-level Domain Analysis: A Descriptive Approach

Author

Christou, Orestis, Pitropakis, Nikolaos, Papadopoulos, Pavlos, McKeown, Sean, and Buchanan, William J.

Subjects

Computer Science - Cryptography and Security, Computer Science - Computers and Society, Computer Science - Machine Learning

Abstract

Phishing is considered to be one of the most prevalent cyber-attacks because of its immense flexibility and alarmingly high success rate. Even with adequate training and high situational awareness, it can still be hard for users to continually be aware of the URL of the website they are visiting. Traditional detection methods rely on blocklists and content analysis, both of which require time-consuming human verification. Thus, there have been attempts focusing on the predictive filtering of such URLs. This study aims to develop a machine-learning model to detect fraudulent URLs which can be used within the Splunk platform. Inspired from similar approaches in the literature, we trained the SVM and Random Forests algorithms using malicious and benign datasets found in the literature and one dataset that we created. We evaluated the algorithms' performance with precision and recall, reaching up to 85% precision and 87% recall in the case of Random Forests while SVM achieved up to 90% precision and 88% recall using only descriptive features., Comment: In Proceedings of the 6th ICISSP

Published

2020

48. Wi-Fi Channel Saturation as a Mechanism to Improve Passive Capture of Bluetooth Through Channel Usage Restriction

Author

Lowe, Ian, Buchanan, William J, Macfarlane, Richard J, and Lo, Owen

Subjects

Computer Science - Cryptography and Security

Abstract

Bluetooth is a short-range wireless technology that provides audio and data links between personal smartphones and playback devices, such as speakers, headsets and car entertainment systems. Since its introduction in 2001, security researchers have suggested that the protocol is weak, and prone to a variety of attacks against its authentication, link management and encryption schemes. Key researchers in the field have suggested that reliable passive sniffing of Bluetooth traffic would enable the practical application of a range of currently hypothesised attacks. Restricting Bluetooth's frequency hopping behaviour by manipulation of the available channels, in order to make brute force attacks more effective has been a frequently proposed avenue of future research from the literature. This paper has evaluated the proposed approach in a series of experiments using the software defined radio tools and custom hardware developed by the Ubertooth project. The work concludes that the mechanism suggested by previous researchers may not deliver the proposed improvements, but describes an as yet undocumented interaction between Bluetooth and Wi-Fi technologies which may provide a Denial of Service attack mechanism.

Published

2020

49. An authentication protocol based on chaos and zero knowledge proof

Author

Major, Will, Buchanan, William J, and Ahmad, Jawad

Subjects

Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Port Knocking is a method for authenticating clients through a closed stance firewall, and authorising their requested actions, enabling severs to offer services to authenticated clients, without opening ports on the firewall. Advances in port knocking have resulted in an increase in complexity in design, preventing port knocking solutions from realising their potential. This paper proposes a novel port knocking solution, named Crucible, which is a secure method of authentication, with high usability and features of stealth, allowing servers and services to remain hidden and protected. Crucible is a stateless solution, only requiring the client memorise a command, the server's IP and a chosen password. The solution is forwarded as a method for protecting servers against attacks ranging from port scans, to zero-day exploitation. To act as a random oracle for both client and server, cryptographic hashes were generated through chaotic systems., Comment: J. Nonlinear Dyn (2020)

Published

2020

50. Performance Analysis of TLS for Quantum Robust Cryptography on a Constrained Device

Author

Barton, Jon, Buchanan, William J, Pitropakis, Nikolaos, Sayeed, Sarwar, and Abramson, Will

Subjects

Computer Science - Cryptography and Security, Computer Science - Emerging Technologies

Abstract

Advances in quantum computing make Shor's algorithm for factorising numbers ever more tractable. This threatens the security of any cryptographic system which often relies on the difficulty of factorisation. It also threatens methods based on discrete logarithms, such as with the Diffie-Hellman key exchange method. For a cryptographic system to remain secure against a quantum adversary, we need to build methods based on a hard mathematical problem, which are not susceptible to Shor's algorithm and which create Post Quantum Cryptography (PQC). While high-powered computing devices may be able to run these new methods, we need to investigate how well these methods run on limited powered devices. This paper outlines an evaluation framework for PQC within constrained devices, and contributes to the area by providing benchmarks of the front-running algorithms on a popular single-board low-power device.

Published

2019