Category: academic papers

Auto Added by WPeMatico

Ethical Problems in Computer Security

Posted on By infossl
academic papers, computer security, ethics, Security technology, Uncategorized

Tadayoshi Kohno, Yasemin Acar, and Wulf Loh wrote excellent paper on ethical thinking within the computer security community: “Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversation“: Abstract: The computer security research community regularly tackles ethical questions. The field of ethics / moral philosophy has for centuries considered what it means to be “morally … Read More “Ethical Problems in Computer Security” »

AI-Generated Steganography

Posted on By infossl
academic papers, artificial intelligence, cryptography, encryption, Security technology, steganography, Uncategorized

New research suggests that AIs can produce perfectly secure steganographic images: Abstract: Steganography is the practice of encoding secret information into innocuous content in such a manner that an adversarial third party would not realize that there is hidden meaning. While this problem has classically been studied in security literature, recent advances in generative models … Read More “AI-Generated Steganography” »

How Attorneys Are Harming Cybersecurity Incident Response

Posted on By infossl
academic papers, breaches, cybersecurity, incident response, insurance, Security technology, Uncategorized

New paper: “Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys“: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders … Read More “How Attorneys Are Harming Cybersecurity Incident Response” »

Brute-Forcing a Fingerprint Reader

Posted on By infossl
academic papers, authentication, cracking, fingerprints, Security technology, smartphones, Uncategorized

It’s neither hard nor expensive: Unlike password authentication, which requires a direct match between what is inputted and what’s stored in a database, fingerprint authentication determines a match using a reference threshold. As a result, a successful fingerprint brute-force attack requires only that an inputted image provides an acceptable approximation of an image in the … Read More “Brute-Forcing a Fingerprint Reader” »

On the Poisoning of LLMs

Posted on By infossl
academic papers, artificial intelligence, ChatGPT, hacking, secrecy, Security technology, snake oil, Uncategorized

Interesting essay on the poisoning of LLMs—ChatGPT in particular: Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it’s entirely possible that bad actors have been poisoning ChatGPT for months. We don’t know because OpenAI doesn’t talk about their processes, how they … Read More “On the Poisoning of LLMs” »

Using LLMs to Create Bioweapons

Posted on By infossl
academic papers, artificial intelligence, biological warfare, machine learning, Security technology, Uncategorized

I’m not sure there are good ways to build guardrails to prevent this sort of thing: There is growing concern regarding the potential misuse of molecular machine learning models for harmful purposes. Specifically, the dual-use application of models for predicting cytotoxicity18 to create new poisons or employing AlphaFold2 to develop novel bioweapons has raised alarm. … Read More “Using LLMs to Create Bioweapons” »

Research on AI in Adversarial Settings

Posted on By infossl
academic papers, artificial intelligence, Security technology, Uncategorized

New research: “Achilles Heels for AGI/ASI via Decision Theoretic Adversaries“: As progress in AI continues to advance, it is important to know how advanced systems will make choices and in what ways they may fail. Machines can already outsmart humans in some domains, and understanding how to safely build ones which may have capabilities at … Read More “Research on AI in Adversarial Settings” »

The Security Vulnerabilities of Message Interoperability

Posted on By infossl
academic papers, authentication, economics of security, privacy, psychology of security, Security technology, Uncategorized

Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other: The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a real Pandora’s box. How will the networks manage … Read More “The Security Vulnerabilities of Message Interoperability” »

Prompt Injection Attacks on Large Language Models

Posted on By infossl
academic papers, ChatGPT, cyberattack, Security technology, Uncategorized

This is a good survey on prompt injection attacks on large language models (like ChatGPT). Abstract: We are currently witnessing dramatic advances in the capabilities of Large Language Models (LLMs). They are already being adopted in practice and integrated into many systems, including integrated development environments (IDEs) and search engines. The functionalities of current LLMs … Read More “Prompt Injection Attacks on Large Language Models” »

Side-Channel Attack against CRYSTALS-Kyber

Posted on By infossl
academic papers, cryptography, encryption, machine learning, quantum computing, quantum cryptography, Security technology, side-channel attacks, Uncategorized

CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process. Researchers have just published a side-channel attack—using power consumption—against an implementation of the algorithm that was supposed to be resistant against that sort of attack. The algorithm is not “broken” or “cracked”—despite headlines to the contrary—this … Read More “Side-Channel Attack against CRYSTALS-Kyber” »