academicpapers – SSL and internet security news

Using Disinformation to Cause a Blackout

August 18, 2020 infossl

academicpapers, disinformation, infrastructure, Security technology, socialmedia

Interesting paper: “How weaponizing disinformation can bring down a city’s power grid“: Abstract: Social media has made it possible to manipulate the masses via disinformation and fake news at an unprecedented scale. This is particularly alarming from a security perspective, as humans have proven to be one of the weakest links when protecting critical infrastructure … Read More “Using Disinformation to Cause a Blackout” »

Robocall Results from a Telephony Honeypot

August 17, 2020 infossl

academicpapers, datacollection, metadata, phones, Security technology

A group of researchers set up a telephony honeypot and tracked robocall behavior: NCSU researchers said they ran 66,606 telephone lines between March 2019 and January 2020, during which time they said to have received 1,481,201 unsolicited calls — even if they never made their phone numbers public via any source. The research team said … Read More “Robocall Results from a Telephony Honeypot” »

UAE Hack and Leak Operations

August 13, 2020 infossl

academicpapers, cybersecurity, hacking, leaks, nationalsecuritypolicy, qatar, saudiarabia, Security technology, unitedarabemirates

Interesting paper on recent hack-and-leak operations attributed to the UAE: Abstract: Four hack-and-leak operations in U.S. politics between 2016 and 2019, publicly attributed to the United Arab Emirates (UAE), Qatar, and Saudi Arabia, should be seen as the “simulation of scandal” – deliberate attempts to direct moral judgement against their target. Although “hacking” tools enable … Read More “UAE Hack and Leak Operations” »

Adversarial Machine Learning and the CFAA

July 23, 2020 infossl

academicpapers, courts, fraud, machinelearning, Security technology

I just co-authored a paper on the legal risks of doing machine learning research, given the current state of the Computer Fraud and Abuse Act: Abstract: Adversarial Machine Learning is booming with ML researchers increasingly targeting commercial ML systems such as those used in Facebook, Tesla, Microsoft, IBM, Google to demonstrate vulnerabilities. In this paper, … Read More “Adversarial Machine Learning and the CFAA” »

Fawkes: Digital Image Cloaking

July 22, 2020 infossl

academicpapers, facerecognition, machinelearning, Security technology, socialmedia

Fawkes is a system for manipulating digital images so that they aren’t recognized by facial recognition systems. At a high level, Fawkes takes your personal images, and makes tiny, pixel-level changes to them that are invisible to the human eye, in a process we call image cloaking. You can then use these “cloaked” photos as … Read More “Fawkes: Digital Image Cloaking” »

Hacking a Power Supply

July 21, 2020 infossl

academicpapers, firmware, hacking, phones, Security technology

This hack targets the firmware on modern power supplies. (Yes, power supplies are also computers.) Normally, when a phone is connected to a power brick with support for fast charging, the phone and the power adapter communicate with each other to determine the proper amount of electricity that can be sent to the phone without … Read More “Hacking a Power Supply” »

Securing the International IoT Supply Chain

July 1, 2020 infossl

academicpapers, cybersecurity, hardware, internetofthings, Security technology, securitypolicies, supplychain

Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the … Read More “Securing the International IoT Supply Chain” »

The Unintended Harms of Cybersecurity

June 26, 2020 infossl

academicpapers, cyberattack, cybercrime, cybersecurity, riskassessment, risks, Security technology

Interesting research: “Identifying Unintended Harms of Cybersecurity Countermeasures“: Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed. Unintended consequences can potentially induce harm, adversely affecting user behaviour, user inclusion, or the … Read More “The Unintended Harms of Cybersecurity” »

Analyzing IoT Security Best Practices

June 25, 2020 infossl

academicpapers, internetofthings, nationalsecuritypolicy, Security technology, securityengineering

New research: “Best Practices for IoT Security: What Does That Even Mean?” by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices. … Read More “Analyzing IoT Security Best Practices” »

Cryptocurrency Pump and Dump Scams

June 24, 2020 infossl

academicpapers, cryptocurrency, fraud, scams, Security technology

Really interesting research: “An examination of the cryptocurrency pump and dump ecosystem“: Abstract: The surge of interest in cryptocurrencies has been accompanied by a proliferation of fraud. This paper examines pump and dump schemes. The recent explosion of nearly 2,000 cryptocurrencies in an unregulated environment has expanded the scope for abuse. We quantify the scope … Read More “Cryptocurrency Pump and Dump Scams” »