Publications by Prof Julio Hernandez-Castro

LLL-style lattice reduction algorithms iteratively employ size reduction and reordering on ordered basis vectors to find progressively shorter, more orthogonal vectors. DeepLLL reorders the basis through deep insertions, yielding much shorter vectors than LLL. DeepLLL was introduced alongside BKZ, however, the latter has received greater attention and has emerged as the state-of-the-art. We first show that LLL-style algorithms work with a designated measure of basis quality and iteratively improves it; specifically, DeepLLL improves a sublattice measure based on the generalised Lovász condition. We then introduce a new generic framework X-GG for lattice reduction algorithms that work with a measure X of basis quality. X-GG globally searches for deep insertions that minimise X in each iteration. We instantiate the framework with two quality measures – basis potential (Pot) and squared sum (SS) – both of which have corresponding DeepLLL algorithms. We prove polynomial runtimes for our X-GG algorithms and also prove their output to be X-DeepLLL reduced. Our experiments on non-preprocessed bases show that X-GG produces better quality outputs whilst being much faster than the corresponding DeepLLL algorithms. We also compare SS-GG and the FPLLL implementation of BKZ with LLL-preprocessed bases. In small dimensions (40 to 210), SS-GG is significantly faster than BKZ with block sizes 8 to 12, while simultaneously also providing better output quality in most cases. In higher dimensions (250 and beyond), by varying the threshold for deep insertion, SS-GG offers new trade-offs between the output quality and runtime. On the one hand, it provides significantly better runtime than BKZ-5 with worse output quality; on the other hand, it is significantly faster than BKZ-21 while providing increasingly better output quality after around dimension 350.

Ransomware remains one of the most prevalent cyberthreats to individuals and businesses alike. Psychological techniques are often employed by attackers when infecting victims' devices with ransomware, in an attempt to increase the likelihood of the victims paying the ransom demand. At the same time, cybersecurity researchers are continually putting in effort to find new ways to prevent ransomware infections and victimisation from happening. Since employees and contractors are often considered to be the most frequent and well-known attack vectors, it makes sense to focus on them. Identifying factors to predict the most vulnerable population to cyberattacks can be useful in preventing or mitigating the impact of ransomware attacks. Additionally, understanding victims' psychological traits can help us devise better solutions to recover from the attack more effectively, while at the same time, encouraging victims not to pay the ransom demand to cybercriminals. In this paper, we investigated the relationship between personality types and ransomware victimisation, in order to understand whether people with certain personality types would be more prone to becoming a ransomware victim or not. We also studied the behavioural and psychological effects of becoming a ransomware victim, in an attempt to see whether such an experience can be used to reinforce positive cybersecurity behaviours in the future. We carried out a survey involving 880 participants, recruited through the Prolific online survey platform. First, these participants were asked to answer a set of standard questions to determine their personality type, using the Big-Five personality trait indicators. They were then asked to answer several follow-up questions regarding victimisation, as well as their feelings and views post-victimisation. We found that 9.55% (n=84) of the participants had been a victim of ransomware. Out of these, 2.38% (n=2) were found to have paid the ransom. We found no compelling evidence to suggest that personality traits would influence ransomware victimisation. In other words, there are no discernible differences regarding potential ransomware victimisation based on people's personality types alone. Therefore, we should not blame victims for falling prey – in particular, we should not apportion the blame to their personality type. These findings can be used to improve positive cybersecurity behaviours, for example, by encouraging victims to invest more in cybersecurity products and tools. Additionally, our results showed that the aftermath of a ransomware attack could be quite devastating and hard to deal with for many victims. Finally, our research shows that properly dealing with ransomware is a complex socio-technical challenge that requires both technical and psychological support.

The fast pace of blockchain technology and cryptocurrencies' evolution makes people vulnerable to financial fraud and provides a relatively straightforward monetisation mechanism for cybercriminals, in particular ransomware groups which exploit crypto's pseudo-anonymity properties. At the same time, regulatory efforts for addressing crimes related to crypto assets are emerging worldwide. In this work, we shed light on the current state of practice of ransomware monetisation to provide evidence of their payment traceability, explore future trends, and—above all—showcase that over-regulating cryptocurrencies is not the best way to mitigate their risks. For that purpose, first, we provide an overview of the legislative initiatives currently taken by the USA, the EU, and the OECD to regulate cryptocurrencies, showing that strict laws and the divergences between the regulatory regimes can hardly efficiently regulate the global phenomenon of cryptocurrency, which transcends borders and states. Next, we focus on illicit payments in bitcoin to ransomware groups, illustrating how these payments are siphoned off and how criminals cash out the ransom, often leaving traceable evidence behind. To this end, we leverage a publicly available dataset and a set of state-of-the-art blockchain analysis tools to identify payment patterns, trends, and transaction trails, which are provided in an anonymised form. Our work reveals that a significant amount of illicit bitcoin transactions can be easily traced, and consequently, many cyber crimes like ransomware can actually be tracked down and investigated with existing tools and laws, thus providing fertile ground for better and fairer legislation on crypto.

Random numbers play a key role in a wide variety of applications, ranging from mathematical simulation to cryptography. Generating random or pseudo-random numbers is not an easy task, especially when hardware, time and energy constraints are considered. In order to assess whether generators behave in a random fashion, there are several statistical test batteries. ENT is one of the simplest and most popular, at least in part due to its efficacy and speed. Nonetheless, only one of the tests of this suite provides a p value, which is the most useful and standard way to determine whether the randomness hypothesis holds, for a certain significance level. As a consequence of this, rather arbitrary and at times misleading bounds are set in order to decide which intervals are acceptable for its results. This paper introduces an extension of the battery, named StringENT, which, while sticking to the fast speed that makes ENT popular and useful, still succeeds in providing p values with which sound decisions can be made about the randomness of a sequence. It also highlights a flagrant randomness flaw that the classical ENT battery is not capable of detecting but the new StringENT notices, and introduces two additional tests.

Ransomware is a type of malware that locks out its victim's access to their device or data – typically by encrypting files – and demands payment in exchange of restoring access. To fight the increasing threat posed by ransomware, security researchers and practitioners have developed decryption tools. These tools aim to help victims in recovering their data, generally by decrypting the compromised files without paying the ransom. Unfortunately, there has been minimal research on the effectiveness of decryption and recovery tools. There is a scant understanding regarding the extent to which these tools can actually recover compromised data. The research presented in this work aims to cover this gap by providing an empirical study on these tools' effectiveness – in terms of decrypting and restoring compromised data. For doing so, we tested a total of 78 tools created by 11 security companies against 61 ransomware samples. That allows us to present an in-depth critical discussion of the real effectiveness of the recovery tools studied. We found that nearly half of the tools fail to recover compromised data satisfactorily. We conclude that there is still a lot of work to be done before these tools can make a real positive impact on ransomware victims. We finish our work by offering some additional insights and recommendations that could help in improving the effectiveness of ransomware decryption tools.

Ransomware is a type of malicious software that locks out its victim from accessing functionality or data on their device, typically by encrypting files. To regain access, victims would typically need to make a ransom payment. Victims get notified that their device has been infected through a ransom note (splash screen) displayed on their device. Ransomware splash screens can be presented in many ways; the most common ones are via a text file or a graphical user interface (GUI). Splash screens may also include additional features, such as a countdown timer, as part of the ransomware operator's ploy to encourage their victims to pay. The main aim of this study was to gain valuable insights into how ransomware splash screens might affect victims' responses. Moreover, the study also investigated whether exposure to different splash screens would encourage participants to adopt good security behaviours. A controlled experiment was conducted by randomly assigning 538 participants into one of the three ransomware infection scenarios based on the splash screen type (Text-based, GUI or GUI + Timer). After watching a demonstration of a ransomware scenario, each participant was asked to complete a survey regarding their post-infection behaviour and their cybersecurity habits. The study concluded that ransomware's user interface elements do not have a notable effect on how victims would react, in terms of their willingness to pay or their reporting rates. Additionally findings included that, even though 60% of the participants would like to report a ransomware incident, they were not sure how to do this. This illustrates the lack of public awareness about cybercrime reporting. Lack of trust was the main reason why participants did not want to click on links offering cybersecurity advice after the exposure. This shows that more effective methods for encouraging cybersecurity behaviour are still needed.

Random number generation is critical to many applications. Gaming, gambling, and particularly cryptography all require random numbers that are uniform and unpredictable. For testing whether supposedly random sources feature particular characteristics commonly found in random sequences, batteries of statistical tests are used. These are fundamental tools in the evaluation of random number generators and form part of the pathway to certification of secure systems implementing them. Although there have been previous studies into this subject becker2013stealthy, RNG manufacturers and vendors continue to use statistical tests known to be of dubious reliability, in their RNG verification processes. Our research shows that FIPS-140-2 cannot identify adversarial biases effectively, even very primitive ones. Concretely, this work illustrates the inability of the FIPS 140 family of tests to detect bias in three obviously flawed PRNGs. Deprecated by official standards, these tests are nevertheless still widely used, for example in hardware-level self-test schemes incorporated into the design of many True RNGs (TRNGs). They are also popular with engineers and cryptographers for quickly assessing the randomness characteristics of security primitives and protocols, and even with manufacturers aiming to market the randomness features of their products to potential customers. In the following, we present three biased-by-design RNGs to show in explicit detail how simple, glaringly obvious biases are not detected by any of the FIPS 140-2 tests. One of these RNGs is backdoored, leaking key material, while others suffer from significantly reduced unpredictability in their output sequences. To make our point even more straightforward, we show how files containing images can also fool the FIPS 140 family of tests. We end with a discussion on the security issues affecting an interesting and active project to create a randomness beacon. Their authors only tested the quality of their randomness with the FIPS 140 family of tests, and we will show how this has led them to produce predictable output that, albeit passing FIPS fails other randomness tests quite catastrophically.

We present in this work an economic analysis of ransomware, a relatively new form of cyber-enabled extortion. We look at how the illegal gains of the criminals will depend on the strategies they use, examining uniform pricing and price discrimination. We also explore the welfare costs to society of such strategies. In addition, we present the results of a pilot survey which demonstrate proof of concept in evaluating the costs of ransomware attacks. We discuss at each stage whether the different strategies we analyse have been encountered already in existing malware, and the likelihood of them being implemented in the future. We hope this work will provide some useful insights for predicting how ransomware may evolve in the future.

Random numbers are essential for cryptography and scientific simulation. Generating truly random numbers for cryptography can be a slow and expensive process. Quantum physics offers a variety of promising solutions to this challenge, proposing sources of entropy that may be genuinely unpredictable, based on the inherent randomness of certain physical phenomena. These properties have been employed to design Quantum Random Number Generators (QRNGs), some of which are commercially available. In this work, we present the first published analysis of the Quantis family of QRNGs (excluding AIS-31 models), designed and manufactured by ID Quantique (IDQ). Our study also includes Comscire's PQ32MU QRNG, and two online services: the Australian National University's (ANU) QRNG, and the Humboldt Physik generator. Each QRNG is analysed using five batteries of statistical tests: Dieharder, National Institute of Standards and Technology (NIST) SP800-22, Ent, Tuftests and TestU01, as part of our thorough examination of their output. Our analysis highlights issues with current certification schemes, which largely rely on NIST SP800-22 and Diehard tests of randomness. We find that more recent tests of randomness identify issues in the output of QRNG, highlighting the need for mandatory post-processing even for low-security usage of random numbers sourced from QRNGs.

Android malware is increasing in spread and complexity. Advanced obfuscation, emulation detection, delayed payload activation or dynamic code loading are some of the techniques employed by the current malware to hinder the use of reverse engineering techniques and anti-malware tools. This growing complexity is particularly noticeable in the evolution of different strands of the same malware family. Over the years, these families mature to become more effective by incorporating new and enhanced techniques. In this paper, we focus on a particular Android ransomware family named Jisut, and perform a thorough technical analysis. We also provide a detailed overall perspective, which will hopefully help to create new tools and techniques to tackle more effectively the threat posed by ransomware.

Existence of mobile devices with high performance cameras and powerful image processing applications eases the alteration of digital images for malicious purposes. This work presents a new approach to detect digital image tamper detection technique based on CFA artifacts arising from the differences in the distribution of acquired and interpolated pixels. The experimental evidence supports the capabilities of the proposed method for detecting a broad range of manipulations, e.g., copy-move, resizing, rotation, filtering and colorization. This technique exhibits tampered areas by computing the probability of each pixel of being interpolated and then applying the DCT on small blocks of the probability map. The value of the coefficient for the highest frequency on each block is used to decide whether the analyzed region has been tampered or not. The results shown here were obtained from tests made on a publicly available dataset of tampered images for forensic analysis. Affected zones are clearly highlighted if the method detects CFA inconsistencies. The analysis can be considered successful if the modified zone, or an important part of it, is accurately detected. By analizing a publicly available dataset with images modified with different methods we reach an 86% of accuracy, which provides a good result for a method that does not require previous training.

We present a steganalytic attack against the PDF component of the popular OpenPuff tool. We show that our findings allow us to accurately detect the presence of OpenPuff steganography over the PDF format by using a simple script. OpenPuff is a prominent multi-format and semi-open-source stego-system with a large user base. Because of its popularity, we think our results could potentially have relevant security and privacy implications. The relative simplicity of our attack, paired with its high accuracy and the existence of previous steganalytic findings against this software, warrants major concerns over the real security offered by this steganography tool.

This paper tries to tackle the modern challenge of practical steganalysis over large data by presenting a novel approach whose aim is to perform with perfect accuracy and in a completely automatic manner. The objective is to detect changes introduced by the steganographic process in those data objects, including signatures related to the tools being used. Our approach achieves this by first extracting reliable regularities by analyzing pairs of modified and unmodified data objects; then, combines these findings by creating general patterns present on data used for training. Finally, we construct a Naive Bayes model that is used to perform classification, and operates on attributes extracted using the aforementioned patterns. This technique has been be applied for different steganographic tools that operate in media files of several types. We are able to replicate or improve on a number or previously published results, but more importantly, we in addition present new steganalytic findings over a number of popular tools that had no previous known attacks.

This paper reports the first in-depth analysis of the DESFire EV1's EAL4+ certified TRNG and raises some difficult questions regarding the certification of non-deterministic random number generators. We start by analyzing the quality of the purportedly true random number generator (TRNG) on the DESFire EV1 card. Clear and consistent biases are identified, despite good performance in most randomness tests. These statistical tests, commonly used in popular certification processes, such as Common Criteria EAL4+, are found not to be able to detect these anomalies. The means we employ for the detection and characterization of the bias are explored, highlighting both novel and existing ways of spotting deficient TRNG output. Further analysis shows systemic issues affecting TRNG output at the byte level, for which we have developed an accurate explanation. Our results have been acknowledged by the manufacturer, after responsible disclosure.

In the last few years, the world has witnessed a ground-breaking growth in the use of digital images and their applications in the modern society. In addition, image editing applications have downplayed the modification of digital photos and this compromises the authenticity and veracity of a digital image. These applications allow for tampering the content of the image without leaving visible traces. In addition to this, the easiness of distributing information through the Internet has caused society to accept everything it sees as true without questioning its integrity. This paper proposes a digital image authentication technique that combines the analysis of local texture patterns with the discrete wavelet transform and the discrete cosine transform to extract features from each of the blocks of an image. Subsequently, it uses a vector support machine to create a model that allows verification of the authenticity of the image. Experiments were performed with falsified images from public databases widely used in the literature that demonstrate the efficiency of the proposed method.

Recent advances in Deep Learning (DL) allow for solving complex AI problems that used to be considered very hard. While this progress has advanced many fields, it is considered to be bad news for CAPTCHAs (Completely Automated Public Turing tests to tell Computers and Humans Apart), the security of which rests on the hardness of some learning problems. In this paper we introduce DeepCAPTCHA, a new and secure CAPTCHA scheme based on adversarial examples, an inherit limitation of the current Deep Learning networks. These adversarial examples are constructed inputs, either synthesized from scratch or computed by adding a small and specific perturbation called adversarial noise to correctly classified items, causing the targeted DL network to misclassify them. We show that plain adversarial noise is insufficient to achieve secure CAPTCHA schemes, which leads us to introduce immutable adversarial noise — an adversarial noise that is resistant to removal attempts. In this work we implement a proof of concept system, and its analysis shows that the scheme offers high security and good usability compared to the best previously existing CAPTCHAs.

Vaccines have contributed to dramatically decrease mortality from infectious diseases in the 20th century. However, several social discussion groups related to vaccines have emerged, influencing the opinion of the population about vaccination for the past 20 years. These communities discussing on vaccines have taken advantage of social media to effectively disseminate their theories. Nowadays, recent outbreaks of preventable diseases such as measles, polio, or influenza, have shown the effect of a decrease in vaccination rates. Social Networks are one of the most important sources of Big Data. Specifically, Twitter generates over 400 million tweets every day. Data mining provides the necessary algorithms and techniques to analyse massive data and to discover new knowledge. This work proposes the use of these techniques to detect and track discussion communities on vaccination arising from Social Networks. Firstly, a preliminary analysis using data from Twitter and official vaccination coverage rates is performed, showing how vaccine opinions of Twitter users can influence over vaccination decision-making. Then, algorithms for community detection are applied to discover user groups opining about vaccines. The experimental results show that these techniques can be used to discover social discussion communities providing useful information to improve immunisation strategies. Public Healthcare Organizations may try to use the detection and tracking of these social communities to avoid or mitigate new outbreaks of eradicated diseases

Use of the internet as a trade platform has resulted in a shift in the illegal wildlife trade. Increased scrutiny of illegal wildlife trade has led to concerns that online trade of wildlife will move onto the dark web. To provide a baseline of illegal wildlife trade on the dark web, we downloaded and archived 9852 items (individual posts) from the dark web, then searched these based on a list of 121 keywords associated with illegal online wildlife trade, including 30 keywords associated with illegally traded elephant ivory on the surface web. Results were compared with items known to be illegally traded on the dark web, specifically cannabis, cocaine, and heroin, to compare the extent of the trade. Of these 121 keywords, 4 resulted in hits, of which only one was potentially linked to illegal wildlife trade. This sole case was the sale and discussion of Echinopsis pachanoi (San Pedro cactus), which has hallucinogenic properties. This negligible level of activity related to the illegal trade of wildlife on the dark web relative to the open and increasing trade on the surface web may indicate a lack of successful enforcement against illegal wildlife trade on the surface web.

This article examines in great detail the most relevant security and privacy issues affecting the protocols used by contactless chips integrated in ePassports, and presents all relevant literature together with some new attacks and insights that could help in improving future standards and the next generations of ePassports.

Currently the number of cameras embedded in mobile devices is growing at an unprecedented rate. Additionally, the quality and performance of these mobile cameras is steadily improving, and is closing in on that of classical digital cameras. This scenario makes the forensic analysis of images taken with mobile cameras increasingly important and necessary. Among the various branches of forensic analysis, this paper focuses on the reliable acquisition of the make and model of the mobile camera that produced a given image. For this we have developed a technique based on exchangeable image file format (Exif) metadata analysis, allowing us in certain cases to obtain both the make and model with which the photo was taken. This comes with considerable analysis of whether this metadata information could be trusted, and with additional tools that can help in discovering image manipulation. These and other capabilities have been integrated into a new tool we have developed called Theia, that also offers many other advantages to the forensic analyst that has to mass process and analyze thousands of images in the fastest and most forensically sound way. To that end, we have also incorporated various complex functions that greatly help the forensic analyst, such as different types of advanced queries on Exif metadata information of large sets of images, and advanced geopositioning capabilities.

The forensic analysis of digital images from mobile devices is particularly important given their quick expansion and everyday use in the society. A further consequence of digital images' widespread use is that they are used today as silent witnesses in legal proceedings, as crucial evidence of the crime. This study specifically addresses the description of a technique that allows the identification of the image source acquisition, for the specific case of mobile devices images. This approach is to extract wavelet-based ...

In this work, we developed an automated system to detect potentially illegal elephant ivory items for sale on eBay. Two law enforcement experts, with specific knowledge of elephant ivory identification, manually classified items on sale in the Antiques section of eBay UK over an 8 week period. This set the "Gold Standard" that we aim to emulate using data-mining. We achieved close to 93% accuracy with less data than the experts, as we relied entirely on metadata, but did not employ item descriptions or associated images, thus proving the potential and generality of our approach. The reported accuracy may be improved with the addition of text mining techniques for the analysis of the item description, and by applying image classification for the detection of Schreger lines, indicative of elephant ivory. However, any solution relying on images or text description could not be employed on other wildlife illegal markets where pictures can be missing or misleading and text absent (e.g., Instagram). In our setting, we gave human experts all available information while only using minimal information for our analysis. Despite this, we succeeded at achieving a very high accuracy. This work is an important first step in speeding up the laborious, tedious and expensive task of expert discovery of illegal trade over the internet. It will also allow for faster reporting to law enforcement and better accountability. We hope this will also contribute to reducing poaching, by making this illegal trade harder and riskier for those involved.

Nowadays, forensic analysis of digital images is especially important, given the frequent use of digital cameras in mobile devices. The identification of the device type or the make and model of image source are two important branches of forensic analysis of digital images. In this paper we have addressed both of these, with an approach based on different types of image features and the classification using support vector machines. The study has mainly focused on images created with mobile devices and as a result, the techniques and features have been adapted or created for this purpose. There have been a total of 36 experiments classified into 5 sets, in order to test different configurations of the techniques. In the configuration of the experiments, the future use of the technique by the forensic analyst in real situations to create experiments with high technical requirements was taken into account, amongst other things.

The integrity of online games has important economic consequences for both the gaming industry and players of all levels, from professionals to amateurs. Where there is a high likelihood of cheating, there is a loss of trust and players will be reluctant to participate — particularly if this is likely to cost them money. Chess is a game that has been established online for around 25 years and is played over the Internet commercially. In that environment, where players are not physically present "over the board" (OTB), chess is one of the most easily exploitable games by those who wish to cheat, because of the widespread availability of very strong chess-playing programs. Allegations of cheating even in OTB games have increased significantly in recent years, and even led to recent changes in the laws of the game that potentially impinge upon players' privacy. In this work, we examine some of the difficulties inherent in identifying the covert use of chess-playing programs purely from an analysis of the moves of a game. Our approach is to deeply examine a large collection of games where there is confidence that cheating has not taken place, and analyse those that could be easily misclassified. We conclude that there is a serious risk of finding numerous "false positives" and that, in general, it is unsafe to use just the moves of a single game as prima facie evidence of cheating. We also demonstrate that it is impossible to compute definitive values of the figures currently employed to measure similarity to a chess-engine for a particular game, as values inevitably vary at different depths and, even under identical conditions, when multi-threading evaluation is used.

Apprehended criminals throughout history have always attempted to put the blame on someone else, a strategy popularly known as a SODDI defence (Some Other Dude Did It). When this defence is used, the act of the crime (actus reus) and the guilty mind (mens rea) is blamed on another party. A Trojan Horse Defence (THD) is a type of modern SODDI defence, where the mens rea and actus reus are blamed on a piece of software, known as a trojan

Radio frequency identification systems need secure protocols to provide confidentiality, privacy protection, mutual authentication, etc. These protocols should resist active and passive attacks such as forgery, traceability, replay and de-synchronization attacks. Cho et al. recently proposed a hash-based mutual authentication protocol (Cho et al., 2012) and claimed that their scheme addresses all privacy (Juels, 2006) and forgery concerns (Dimitriou, 2005; Yang et al., 2005) linked to RFID technology. However, we show in the following that the protocol fails to bear out many of the authors' security claims, which renders the protocol useless. More precisely, we present the following attacks on this protocol: 1. De-synchronization attack: the success probability of the attack is 1 while the attack complexity is one run of the protocol. 2. Tag impersonation attack : the success probability of the attack is View the MathML source for two runs of the protocol. 3. Reader impersonation attack : the success probability of the attack is View the MathML source for two runs of the protocol. We also show an additional and more general attack, which is still possible when the conditions needed for the ones above do not hold, and that highlights the poor design of the group ID (View the MathML source). Additionally we show how all the above mentioned attacks are applicable against another protocol, highly reminiscent of that of Cho et al. (2012) and designed in Cho et al. (2011), and also against an enhanced version of the Cho et al. protocol proposed by Kim (2012). Finally we end up by showing how slight modifications in the original protocol can prevent the aforementioned security faults.

Relatively little is known about the scale and cost of cybercrime in the UK, as current industry and academic efforts have produced largely unreliable estimates, often focusing primarily on large businesses. To address this, the authors developed one of the first customer surveys centred on the impact and prevalence of cybercrime to the average UK citizen. Just under one fifth of individuals surveyed had been victims of online crime, and of these, 6% reported being victimised more than once. Surprisingly, 2.3% reported losses in excess of £10,000 from online crime. We discuss the methodology used, its advantages, limitations, and main findings. We also reflect on the media coverage, and propose some cautionary notes for generalising and interpreting results. We additionally offer future research directions.

Radio frequency identification (RFID) is a powerful technology that enables wireless information storage and control in an economical way. These properties have generated a wide range of applications in different areas. Due to economic and technological constrains, RFID devices are seriously limited, having small or even tiny computational capabilities. This issue is particularly challenging from the security point of view. Security protocols in RFID environments have to deal with strong computational limitations, and classical protocols cannot be used in this context. There have been several attempts to overcome these limitations in the form of new lightweight security protocols designed to be used in very constrained (sometimes called ultra-lightweight) RFID environments. One of these proposals is the David–Prasad ultra-lightweight authentication protocol. This protocol was successfully attacked using a cryptanalysis technique named Tango attack. The capacity of the attack depends on a set of boolean approximations. In this paper, we present an enhanced version of the Tango attack, named Genetic Tango attack, that uses Genetic Programming to design those approximations, easing the generation of automatic cryptanalysis and improving its power compared to a manually designed attack. Experimental results are given to illustrate the effectiveness of this new attack.

Nowadays the number of cameras integrated on mobile phones is growing very fast, making it essential to design new specific forensic analysis techniques aimed towards the pictures created with these devices. Most of these phones automatically add relevant Exif metadata in the process of image acquisition. This metadata, even if it is vulnerable to tampering, can be very helpful for a variety of forensic analysis techniques. That is why the existence of efficient, robust and specialised tools is a necessity. These should allow metadata to be extracted in a consistent, fast and sound way. Besides, metadata extraction must never manipulate the image and it needs to take into account possible departures from the Exif specification, including the insertion of the metadata in the image acquisition process by the makers, as well as any modification, whether malicious or not. This paper will show the multiple anomalies in the Exif specification we have found during our study, which can produce serious problems in classical tools for the extraction of image metadata, including crashes and wrong results, and even interoperability problems among different devices. We will also show some anomalies found in the operation of different well-known forensic tools.

Internet of Things is a paradigm that enables communication between different devices connected to a local network or to Internet. Identification and communication between sensors used in Internet of Things and devices like smart-phones or tablets are established using radio frequency identification technology. However, this technology still has several security and privacy issues because of its severe computational constraints. In 2011, Jeong and Anh proposed the combined use of an authentication radio frequency identification protocol together with a ticket issuing system for bank services (in J. Supercomput. 55:307, 2011). In this paper we show that their message generation is weak, because it abuses the XOR operation and the use of a counter, which leaks too much secret protocol information. Our analysis shows important security faults that ruin most of the security properties claimed in the original paper. More precisely, information privacy (via a disclosure and leakage attack) and location privacy (traceability attack) are both compromised. Moreover, an attacker can disrupt the proper working of the system by exploiting the fact that message integrity is not properly checked.

In this paper we analyse Stegdetect, one of the well-known image steganalysis tools, to study its false positive rate. In doing so, we process more than 40,000 images randomly downloaded from the Internet using Google images, together with 25,000 images from the ASIRRA (Animal Species Image Recognition for Restricting Access) public corpus. The aim of this study is to help digital forensic analysts, aiming to study a large number of image files during an investigation, to better understand the capabilities and the limitations of steganalysis tools like Stegdetect. The results obtained show that the rate of false positives generated by Stegdetect depends highly on the chosen sensitivity value, and it is generally quite high. This should support the forensic expert to have better interpretation in their results, and taking the false positive rates into consideration. Additionally, we have provided a detailed statistical analysis for the obtained results to study the difference in detection between selected groups, close groups and different groups of images. This method can be applied to any steganalysis tool, which gives the analyst a better understanding of the detection results, especially when he has no prior information about the false positive rate of the tool.

One of the most relevant applications of digital image forensics is to accurately identify the device used for taking a given set of images, a problem called source identification. This paper studies recent developments in the field and proposes the mixture of two techniques (Sensor Imperfections and Wavelet Transforms) to get better source identification of images generated with mobile devices. Our results show that Sensor Imperfections and Wavelet Transforms can jointly serve as good forensic features to help trace the source camera of images produced by mobile phones. Furthermore, the model proposed here can also determine with high precision both the brand and model of the device.

When operating from the cloud, traces of user activities and behavioral patterns are accessible to anyone with enough privileges within the system. This could be, for example, the case of dishonest technical staff who may well be interested in selling user logs to competitors. In this paper, we investigate some of the security and privacy leakages derived from the analysis of user activities.Weshow that the working behavioral patterns exhibited by users can be easily captured into computationally useful representations that would allow an adversary to predict future activities, detect the occurrence of events of interest, or infer the organization's internal structure. We then introduce the idea of obfuscating user behaviour through Online Action Randomization Algorithms. In doing so, we introduce an indistinguishability-based definition for perfectly obfuscated actions and a concrete scheme to randomize user traces in an incremental way. We report experimental results confirming the obfuscation quality and other properties of the proposed schemes.

Insider threats are an increasing concern for most modern organizations. Information leakage is one of the most important insider threats, particularly according to its potential financial impact. Data Leakage Protection (DLP) systems have been developed to tackle this issue and they constitute the main solution to protect information systems against leaks. They work by tracking sensitive information flows and monitoring executed applications to ensure that sensitive information is not leaving the organization. However, current DLP systems do not fully consider that trusted applications represent a threat to sensitive information confidentiality. In this paper, we demonstrate how to use common trusted applications to evade current DLP systems. Thanks to its wide range, trusted applications such as Microsoft Excel can be transformed into standardized block ciphers. Information can thus be encrypted in such a way that current DLP techniques cannot detect that sensitive information is being leaked. This method could be used by non-skilled malicious insiders and leaves almost no traces. We have successfully tested our method against a well-known DLP solution from a commercial provider (TrendMicro LeakProof). Finally, we also analyze the proposed evasion technique from the malicious insider point of view and discuss some possible countermeasures to mitigate its use to steal information.

The design of a secure RFID identification scheme is a thought-provoking challenge, and this paper deals with this problem adopting a groundbreaking approach. The proposed protocol, called Noent, is based on cryptographic puzzles to avoid the indiscriminate disclose of the confidential information stored on tags and on an innovative role reversal distance-bounding protocol to distinguish between honest and rogue readers. The protocol provides moderate privacy protection (data and location) to single tags but its effectiveness increases hugely when it is used to protect a large population of tags (e.g., protection against inventory disclosure). Moreover, in comparison with classical approaches, Noent does not require an online database, which facilitates key updating and mitigates desynchronization attacks.

We present a metaheuristic-based attack against the traceability of an ultra-lightweight authentication protocol for RFID environments called SLMAP, and analyse its implications. The main interest of our approach is that it is a complete black-box technique that doesn't make any assumptions on the components of the underlying protocol and can thus be easily generalised to analyse many other proposals.

Steganographic techniques allow users to covertly transmit information, hiding the existence of the communication itself. These can be used in several scenarios ranging from evading censorship to discreetly extracting sensitive information from an organization. In this paper, we consider the problem of using steganography through a widely used network protocol (i.e. HTTP). We analyze the steganographic possibilities of HTTP, and propose an active warden model to hinder the usage of covert communication channels. Our framework is meant to be useful in many scenarios. It could be employed to ensure that malicious insiders are not able to use steganography to leak information outside an organization. Furthermore, our model could be used by web servers administrators to ensure that their services are not being abused, for example, as anonymous steganographic mailboxes. Our experiments show that steganographic contents can be successfully eliminated, but that dealing with high payload carriers such as large images may introduce notable delays in the communication process.

Recently, Chen and Deng (2009) proposed an interesting new mutual authentication protocol. Their scheme is based on a cyclic redundancy code (CRC) and a pseudo-random number generator in accordance with the EPC Class-1 Generation-2 specification. The authors claimed that the proposed protocol is secure against all classical attacks against RFID systems, and that it has better security and performance than its predecessors. However, in this paper we show that the protocol fails short of its security objectives, and in fact offers the same security level than the EPC standard it tried to correct. An attacker, following our suggested approach, will be able to impersonate readers and tags. Untraceability is also not guaranteed, since it is easy to link a tag to its future broadcast responses with a very high probability. Furthermore, readers are vulnerable to denial of service attacks (DoS), by obtaining an incorrect EPC identifier after a successful authentication of the tag. Moreover, from the implementation point of view, the length of the variables is not compatible with those proposed in the standard, thus further discouraging the wide deployment of the analyzed protocol. Finally, we propose a new EPC-friendly protocol, named Azumi, which may be considered a significant step toward the security of Gen-2 compliant tags.

During the last years many RFID authentication protocols have been proposed with major or minor success (van Deursen and Radomirovi?, 2008). Juels (2004) introduced a different and novel problem that aims to evidence that two tags have been simultaneously scanned. He called this kind of evidence a yoking-proof that is supposed to be verifiable offline. Then, some authors suggested the generalization of the proof for a larger number of tags. In this paper, we review the literature published in this research topic and show the security flaws of the proposed protocols, named RFID grouping-proofs generally. More precisely, we cryptanalyze five of the most recent schemes and we also show how our techniques can be applied to older proposals. We provide some guidelines that should be followed to design secure protocols and preclude past errors. Finally, we present a yoking-proof for low-cost RFID tags, named Kazahaya, that conforms to the proposed guidelines.

In this paper we present a steganalytic a ttack against mp3stego, a publicly available open-source steganographic tool which uses mp3 audio files as the stego m edium to embed hidden infor mation. We first identify through extensive statistical exper imentation which parameters of the m edium suffer a significant deviation from normality, then we construct a very efficient blind steganalytic algorithm based on their use. We finally present the results obtained with this steganaly tic approach over various sets of m p3 files, and an algorithm for the estimation of the amount of hidden data.

n RFIDSec'08, Song proposed an ownership transfer scheme, which consists of an ownership transfer protocol and a secret update protocol [7]. The ownership transfer protocol is completely based on a mutual authentication protocol proposed in WiSec'08 [8]. In Rizomiliotis et al. (2009) [6], van Deursen and Radomirovic (2008), the first weaknesses to be identified (tag and server impersonation) were addressed and this paper completes the consideration of them all. We find that the mutual authentication protocol, and therefore the ownership transfer protocol, possesses certain weaknesses related to most of the security properties initially required in protocol design: tag information leakage, tag location tracking, and forward traceability. Moreover, the secret update protocol is not immune to de-synchronization attacks.

In 2006 EPCglobal and the International Organization for Standards (ISO) ratified the EPC Class-1 Generation-2 (Gen-2) [1] and the ISO 18000-6C standards [2], respectively. These efforts represented major advancements in the direction of universal standardization for low-cost RFID tags. However, a cause for concern is that security issues do not seem to be properly addressed. In this paper, we propose a new lightweight RFID tag-reader mutual authentication scheme for use under the EPCglobal framework. The scheme is based on previous work by Konidala and Kim [3]. We attempt to mitigate the weaknesses observed in the original scheme and, at the same time, consider other possible adversarial threats as well as constraints on low-cost RFID tags requirements.

Distance bounding protocols are an effective countermeasure against relay attacks including distance fraud, mafia fraud and terrorist fraud attacks. Reid et al. proposed the first symmetric key distance bounding protocol against mafia and terrorist fraud attacks [1]. However, [2] claims that this is only achieved with a (7/8) n probability of success for mafia fraud, rather than the theoretical value of (3/4) n (for n rounds) achieved by distance bounding protocols without a final signature. We prove that the mafia fraud attack success using the Reid et al. protocol is bounded by (3/4) n and reduces as noise increases. The proof can be of further interest as it is the first - to the best of our knowledge - detailed analysis of the effects of communication errors on the security of a distance bounding protocol.

The EPC Class-1 Generation-2 RFID standard provides little security, as has been shown in previous works such as [S. Karthikeyan, M. Nesterenko, RFID security without extensive cryptography, in: Proceedings of the 3rd ACM Workshop on Security of Ad Hoc and Sensor Networks, 2005, pp. 63-67; D.N. Duc, J. Park, H. Lee, K. Kim, Enhancing security of EPCglobal Gen-2 RFID tag against traceability and cloning, in: The 2006 Symposium on Cryptography and Information Security, 2006; H.Y. Chien, C.H. Chen, Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards, Computer Standards & Interfaces 29 (2007) 254-259; P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, A. Ribagorda, Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard, in: Proceedings of Int'l Conference on RFID Security (RFIDSec)'07, Jul 2007; T.L. Lim, T. Li, Addressing the weakness in a lightweight RFID tag-reader mutual authentication scheme, in Proceedings of the IEEE Int'l Global Telecommunications Conference (GLOBECOM) 2007, Nov 2007, pp. 59-63]. In particular, the security of an RFID tag's access and kill passwords is almost non-existent. Konidala and Kim recently proposed a new mutual authentication scheme [D.M. Konidala, Z. Kim, K. Kim, A simple and cost-effective RFID tag-reader mutual authentication scheme, in: Proceedings of Int'l Conference on RFID Security (RFIDSec)'07, Jul 2007, pp. 141-152] - an improved version of their first attempt [D.M. Konidala, K. Kim, RFID tag-reader mutual authentication scheme utilizing tag's access password, Auto-ID Labs White Paper WP-HARDWARE-033, Jan 2007] - in which a tag's access and kill passwords are used for authentication. In this paper, we show that the new scheme continues to present serious security flaws. The 16 least significant bits of the access password can be obtained with probability 2- 2, and the 16 most significant bits with a probability greater than 2- 5. Finally, we show how an attacker can recover the entire kill password with probability 2- 2.

In 2006, the standard EPC Class-1 Generation-2 (EPC-C1G2) was ratified both by EPCglobal and ISO. This standard can be considered as a "universal" specification for low-cost RFID tags. Although it represents a great advance for the consolidation of RFID technology, it does not pay due attention to security and, as expected, its security level is very low. In 2007, Chien et al. published a mutual authentication protocol conforming to EPC-C1G2 which tried to correct all its security shortcomings. In this article, we point out various major security flaws in Chien et al.'s proposal. We show that none of the authentication protocol objectives are met. Unequivocal identification of tagged items is not guaranteed because of possible birthday attacks. Furthermore, an attacker can impersonate not only legitimate tags, but also the back-end database. The protocol does not provide forward security either. Location privacy is easily jeopardized by a straightforward tracking attack. Finally, we show how a successful auto-desynchronization (DoS attack) can be accomplished in the back-end database despite the security measures taken against it.

RFID is a relatively heterogenous radio technology, where it is necessary to put an extra effort on security and privacy-related issues. As early as 2004, some authors suggested the use of a PRNG for increasing security. This was later questioned because many thought a PRNG implementation may go well beyond the very limited computational capabilities of low-cost RFID tags. However, its use has been ratified by EPCGlobal (EPC Class-1 Generation-2) and ISO (ISO/IEC 18000-6C). This motivates our proposal of a new PRNG, named LAMED, which is compliant with the standards and successfully passes several batteries of very demanding randomness tests (ENT, DIEHARD, NIST, and SEXTON). A study of its hardware complexity shows that LAMED can be implemented with slightly less than 1.6 K gates, and that pseudo-random numbers can be generated each 1.8 ms. So we can affirm this is a realist proposal both conforming with the EPC-G1C2 standard, and suitable for low-cost RFID tags.

Low-cost Radio Frequency Identification (RFID) tags are devices with very limited computational capability, in which only 250-4K logic gates can be devoted to security-related tasks. Classical cryptographic primitives such as block ciphers or hash functions are well beyond the computational capabilities of low-cost RFID tags, as ratified by the EPCglobal Class-1 Gen-2 RFID specification. Moreover, the Gen-2 RFID specification does not pay due attention to security. For this reason, an efficient Ultra Light Authentication Protocol (ULAP) is proposed in this paper. This new scheme offers an adequate security level against passive attacks, and is compliant with Gen-2 RFID specification.

The notion of rational exchange introduced by Syverson in 1998 is a particularly interesting alternative when an e?cient scheme for fair exchange is required but the existence of a trusted third party simply cannot be assumed. A rational exchange protocol cannot provide true fairness, but it ensures that rational –i.e. self-interested– parties would have no reason to deviate from the protocol. In this paper, we identify some weaknesses in Syverson's rational exchange protocol which were neither detected by the original author nor by subsequent analysis. After presenting some attacks, we indicate how the scheme should be modi?ed to overcome these vulnerabilities. We also provide a formal analysis of our enhancement using BAN logic.

In the last years, a number of serious flaws and vulnerabilities have been found in classic cryptographic hash functions such as MD4 and MD5. More recently, similar attacks have been extended to the widely used SHA-1, to such an extent that nowadays is prudent to switch to schemes such as SHA-256 and Whirlpool. Nevertheless, many cryptographers believe that all the SHA-related schemes could be vulnerable to variants of the same attacks, for all these schemes have been largely influenced by the design of the MD4 hash function. In this paper, we present a general framework for the automated design of cryptographic block ciphers and hash functions by using Genetic Programming. After a characterization of the search space and the fitness function, we evolve highlys nonlinear and extremely efficient functions that can be used as the core components of a cryptographic construction. As an example, a new block cipher named Wheedham is proposed. Following the Miyaguchi-Preneel construction, this block cipher is then used as the compression function of a new hash scheme producing digests of 512 bits. We present a security analysis of our proposal and a comparison in terms of performance with the most promising alternatives in the near future: SHA-512 and Whirlpool. The results show that automatically-obtained schemes such as those presented are competitive both in security and speed.

Ordered channels, such as those provided by Internet protocol and transmission control protocol protocols, rely on sequence numbers to recover from packet reordering due to network dynamics. The existence of covert channels in any ordered channel is a well-known fact: Two parties can reorder the elements (packets) to be sent according to some predefined code. Schemes based on distance-bounded permutations have been proposed for steganographic communication with the aim of keeping and controling the increase of latency due to reordering. In this paper, we demonstrate that distance-bounded permutations are highly anomalous from a metric point of view. Our analysis is based on the study of the distribution of distances between normal permutations generated by the channel, and those produced when embedding hidden information. We provide results for four different distances: Kendall's ?, Spearman's ?, Spearman's footrule, and Levenshtein's distance (which is equivalent to Ulam's distance for permutations). In all cases, it is shown how sequences with hidden information can be separated from the normal ones. As a result, very accurate and efficient distinguishers can be easily constructed. Finally, we study the detection capabilities of the associated detectors through a receiver operating characteristic analysis.

Despite the advantages offered by pure Peer-to-Peer (P2P) networks (e.g. robustness and fault tolerance), a crucial requirement is to guarantee basic security properties, such as content authenticity and integrity, as well as to enforce appropriate access control policies. These mechanisms would pave the way for new models in which content providers can exert some control over the replication and file sharing process. However, the extremely decentralized nature of these environments makes impossible to apply classic solutions that rely on some kind of fixed infrastructure, typically in the form of on-line trusted third parties (TTP). In this paper, we introduce a suite of protocols for content authentication and access control in pure P2P networks based on attribute certificates that does not rely on the existence of a public key infrastructure (PKI), privilege management infrastructure (PMI), or any other form of centralized authority. We provide an analysis concerning the efficiency (computational effort and communication overhead) and the security of our proposal.

In this paper, we present a general framework for the automated design of cryptographic block ciphers by using Genetic Programming. We evolve highly nonlinear and extremely efficient functions that can be used as core components of any cryptographic construction. As an example, a new block cipher named Raiden is proposed. We present a preliminary security analysis of our proposal and a comparison in terms of performance with similar block ciphers such as TEA. The results show that automatically-obtained schemes, such as the one presented here, could be competitive both in security and speed.

The notion of rational exchange introduced by Syverson (Proceedings of the 11th IEEE Computer Society Foundations Workshop, pp. 2-13, 1998) is a particularly interesting alternative when an efficient scheme for fair exchange is required but the use of a trusted third party is not allowed. A rational exchange protocol cannot provide fairness, but it ensures that rational (i.e., self-interested) parties would have no reason to deviate from the protocol. Buttyán et al. (J. Comput. Security 12(3/4), 551-588, 2004) have recently pointed out how rationality in exchange protocols can be formalized and studied within the framework provided by Game Theory. In particular, Buttyan's formal model was used to analyze Syverson's rational exchange protocol. In this paper, we identify a series of drawbacks in Buttyan's model which make it somewhat restrictive and unrealistic. We propose an extension to the model which enables us to consider different classes of protocol parties (e.g., honest and dishonest parties), as well as modeling attributes such as reputation or any other participant beliefs that could have an effect on the protocol outcome. The resulting new model enables us to reason rational exchange protocols from the point of view of Bayesian rationality, a notion that may be in some scenarios more appropriate than that defined in terms of Nash equilibrium.

Honeypots are cybersecurity mechanisms that are set up as decoys in networks to lure and monitor attackers trying to compromise vulnerable systems. Two commonly used honeypot designs are high-interaction and low-interaction honeypots, which differ in the amount of interplay that the attackers are allowed to do. So far, the effectiveness of high-interaction and low-interaction honeypots has been understudied, making it difficult for security teams to choose between different honeypot technologies. The aim of this paper is to compare the effectiveness of high-interaction and low-interaction honeypots through real-world data. We deployed multiple Elasticsearch honeypot implementations to collect data: a closed-source high-interaction honeypot developed by the authors, and three types of open-source low-interaction honeypots (namely Elastichoney, Delilah and Elasticpot). The collected data came from 48 instances of high-interaction honeypots and 111 instances of low-interaction honeypots, over a period of 14 days. We found that low-interaction honeypots captured only a fraction of the attacks that high-interaction honeypots can catch. On the other hand, low-interaction honeypots are simpler, more efficient to run due to their low usage of resources, and easier to deploy. In our dataset, high-interaction honeypots captured 76.12% of the total attack packets and attracted 70.61% of the unique attacker IPs. In comparison, low-interaction honeypots performed a lot worse in collecting attack data; they only managed to capture 23.88% of the total attack packets and attracted 29.39% of the unique attacker IPs. In this paper, we present an experiment that evaluated and compared the effectiveness of high-interaction and low-interaction honeypots in terms of the amount and the type of information collected from attacks targeting them. It follows from our findings that it would be wiser to either concentrate solely on using high-interaction honeypots, or to increase the effectiveness of low-interaction ones by automatically changing each static value during deployment and/or by increasing the mimicking capabilities of low-interaction honeypots.

Consensus algorithms facilitate agreement on and resolution of blockchain functions, such as smart contracts and transactions. Ethereum uses a Proof-of-Stake (PoS) consensus mechanism, which depends on financial incentives to ensure that validators perform certain duties and do not act maliciously. Should a validator attempt to defraud the system, legitimate validators will identify this and then staked cryptocurrency is 'burned' through a process of slashing. In this paper, we show that an attacker who has compromised a set of validators could threaten to perform malicious actions that would result in slashing and thus, hold those validators to ransom. We use game theory to study how an attacker can coerce payment from a victim, for example by deploying a smart contract to provide a root of trust shared between attacker and victim during the extortion process. Our game theoretic model finds that it is in the interests of the validators to fully pay the ransom due to a lack of systemic protections for validators. Financial risk is solely placed on the victim during such an attack, with no mitigations available to them aside from capitulation (payment of ransom) in many scenarios. Such attacks could be disruptive to Ethereum and, likely, to many other PoS networks, if public trust in the validator system is eroded. We also discuss and evaluate potential mitigation measures arising from our analysis of the game theoretic model.

The prevalence and significance of web services in our daily lives make it imperative to ensure that they are – as much as possible – free from vulnerabilities. However, developing a complex piece of software free from any security vulnerabilities is hard, if not impossible. One way to progress towards achieving this holy grail is by using static code analysis tools to root out any common or known vulnerabilities that may accidentally be introduced during the development process. Static code analysis tools have significantly contributed to addressing the problem above, but are imperfect. It is conceivable that static code analysis can be improved by using AI-powered tools, which have recently increased in popularity. However, there is still very little work in analysing both types of tools' effectiveness, and this is a research gap that our paper aims to fill. We carried out a study involving 11 static code analysers, and one AI-powered chatbot named ChatGPT, to assess their effectiveness in detecting 92 vulnerabilities representing the top 10 known vulnerability categories in web applications, as classified by OWASP. We particularly focused on PHP vulnerabilities since it is one of the most widely used languages in web applications. However, it has few security mechanisms to help its software developers. We found that the success rate of ChatGPT in terms of finding security vulnerabilities in PHP is around 62-68%. At the same time, the best traditional static code analyser tested has a success rate of 32%. Even combining several traditional static code analysers (with the best features on certain aspects of detection) would only achieve a rate of 53%, which is still significantly lower than ChatGPT's success rate. Nonetheless, ChatGPT has a very high false positive rate of 91%. In comparison, the worst false positive rate of any traditional static code analyser is 82%. These findings highlight the promising potential of ChatGPT for improving the static code analysis process but reveal certain caveats (especially regarding accuracy) in its current state. Our findings suggest that one interesting possibility to explore in future works would be to pick the best of both worlds by combining traditional static code analysers with ChatGPT to find security vulnerabilities more effectively.

As the economic hubs of (potentially) illegal transactions, dark web markets are fraught with uncertainty, including their ending. The ending of a dark web market can bring disruption to the stakeholders involved, especially vendors and buyers. Most importantly, there is a growing concern that such an ending can cause financial repercussions or even fraud victimisation. At the moment, there is scant published work about how, why or when dark web markets would end. We aim to fill this gap to help the academic and security research communities to reflect on what would typically happen to dark web markets in their final days. We used crawling and data scraping techniques to gather relevant weekly data from six dark web markets over a span of several months, right up to their closure. We then analysed the data to find common characteristics and predictive features leading to the closure of these markets. We found three main reasons for the ending of dark web markets: (i) exit scam, (ii) voluntary closure, or (iii) taken down by Law Enforcement Agencies (LEAs). We also gained further insights by analysing our data more closely. For instance, markets are most likely to be closed down when they are most visible, when they are under attack or when they are growing rapidly to their peak. In particular, more mature markets (i.e. markets that have been in operation for a long period of time) are more likely to disappear when their economic patterns start to change (for example, there might be a rapid growth or a sudden – or even gradual, but noticeable – economic decline). When a market was closed down, vendors and buyers would typically move on quickly to other alternative markets – which might grow rapidly as a result – and in turn, those alternative markets' risk of being closed down would become higher. Whether a market is still accepting new vendors (or not) appears to be a valuable indicator for predicting the market's next move. These insights can be useful in anticipating potential market closure, so that sufficient warning can be provided to avoid people being victimised.

Ransomware (malware that threatens to lock or publish victims' assets unless a ransom is paid) has become a serious security threat, targeting individual users, companies and even governments, causing significant damage, disruption and cost. Instances of ransomware have also been observed stealing private data and blackmailing their victims. Worryingly, the prevalence of Internet of Things (IoT) devices and the massive amount of personal data that they collect have opened up another avenue of attack. The main aim of this paper is to determine whether privacy invasion based ransomware would be a viable vector for attackers to use on IoT devices. The secondary aim is to identify countermeasures that can be implemented to prevent such attacks from being used. To accomplish these aims, we examined how private data accessible via IoT devices could be obtained, processed and managed by a ransomware attacker. We identified a number of data sources on IoT devices that can be used to access private data, such as audio and video feeds. We then investigated methods to interpret such data in order to blackmail the device's owner. We then produced proof of concept malware for multiple IoT devices, including an external "collator" that manages the valuable data collected, demonstrating that an attack could be performed at scale. This research shows that attackers can use the functionality of an infected device to invade the privacy of the device's owner, as part of a ransomware attack. We have demonstrated that, given suitable infrastructure, attackers would be able to ransom users for values higher than the cost of the compromised device, as well as heavily damage the trust in the device itself, which would cause further negative impact on the device manufacturer. Finally, we highlight the need for proactive measures to deter this style of attack by applying the suggested countermeasures.

The Internet of Things (IoT) is a rapidly growing collection of "smart" devices capable of communicating over the Internet. Being connected to the Internet brings new features and convenience, but it also poses new security threats, such as IoT malware. IoT malware has shown similar growth, making IoT devices highly vulnerable to remote compromise. However, most IoT malware variants do not exhibit the ability to gain persistence, as they typically lose control over the compromised device when the device is restarted. This paper investigates how persistence for various IoT devices can be implemented by attackers, such that they retain control even after the device has been rebooted. Having persistence would make it harder to remove IoT malware. We investigated methods that could be used by an attacker to gain persistence on a variety of IoT devices, and compiled the requirements and potential issues faced by these methods, in order to understand how best to combat this future threat. We successfully used these methods to gain persistence on four vulnerable IoT devices with differing designs, features and architectures. We also identified ways to counter them. This work highlights the enormous risk that persistence poses to potentially billions of IoT devices, and we hope our results and study will encourage manufacturers and developers to consider implementing our proposed countermeasures or create new techniques to combat this nascent threat.

The popularity of online shopping and cryptocurrency has contributed to drive the economy of darknet markets in recent years. These are often perceived to be conducive to (or may even facilitate) cybercrime related activities. It is, therefore, worthwhile to have a deeper understanding of how various darknet markets operate, so that researchers and law enforcement agencies can test and deploy appropriate countermeasures to fight against online crime. Currently, there is a knowledge gap regarding the similarities and differences among darknet markets in different languages. This study aims to compare between darknet markets operating in English and Chinese. Data from three English and two Chinese darknet markets was collected. The gathered data is described, compared, and analysed in six main aspects: operation model and structures, product categories, market policies, payment methods, security mechanisms, and vendors' characteristics. Our datasets were collected during a seven-week period between 17 July and 30 August 2021, and they contain data from 384 vendors in the English darknet markets and 4,429 in the Chinese ones. The Chinese darknet markets generally seem to have more liberal policies than their English counterparts, as demonstrated by the variety and types of goods and services offered, many of which would have been banned in the English speaking ones. All darknet markets suffer from reputation issues. Cross-market actors are active, but they represent only a small proportion of the vendors observed in our study. In summary, our findings reveal key characteristics of darknet markets in two widely used languages. This information can provide useful insights for security researchers and law enforcement agencies in combating cybercrime.

The frequent use of basic statistical techniques to detect ransomware is a popular and intuitive strategy; statistical tests can be used to identify randomness, which in turn can indicate the presence of encryption and, by extension, a ransomware attack. However, common file formats such as images and compressed data can look random from the perspective of some of these tests. In this work, we investigate the current frequent use of statistical tests in the context of ransomware detection, primarily focusing on false positive rates. The main aim of our work is to show that the current over-dependence on simple statistical tests within anti-ransomware tools can cause serious issues with the reliability and consistency of ransomware detection in the form of frequent false classifications. We determined thresholds for five key statistics frequently used in detecting randomness, namely Shannon entropy, chi-square, arithmetic mean, Monte Carlo estimation for Pi and serial correlation coefficient. We obtained a large data set of 84,327 files comprising of images, compressed data and encrypted data. We then tested these thresholds (taken from a variety of previous publications in the literature where possible) against our dataset, showing that the rate of false positives is far beyond what could be considered acceptable. False positive rates were often above 50% and even above 90% on several occasions. False negative rates were also generally between 5% and 20%, numbers which are also far too high. As a direct result of these experiments, we determine that relying on these simple statistical approaches is not good enough to detect ransomware attacks consistently. We instead recommend the exploration of higher-order statistics such as skewness and kurtosis for future ransomware detection techniques.

Internet of Things (IoT) devices are used in many facets of modern life, from smart homes to smart cities, including Internet-enabled healthcare systems and industrial control systems. The prevalence and ubiquity of IoT devices makes them extremely attractive targets for malicious actors, in particular for taking control of vulnerable devices and demand ransom from their owners. The aim of this paper is twofold: to investigate the viability of a ransomware-type attack being carried out on IoT devices; and to explore what damage can be inflicted upon devices after they have been compromised. To test whether ransomware is a viable method for attacking IoT devices, we developed our own proof of concept malware for Linux-based IoT devices dubbed "PaperW8". We looked at feasible ways for infecting IoT devices, as well as potential methods for gaining control and applying persistent changes to the target device. We successfully created a proof of concept ransomware, which we tested against six vulnerable IoT devices of various brands and functions, some of which are known to have been targeted in the past but are still widely in use today. Developing this proof of concept tool allowed us to identify the main requirements for a successful ransomware attack against IoT devices. We also determined some limitations of IoT devices that may discourage attackers from developing IoT-specific ransomware, while highlighting workarounds that more determined attackers may use to overcome these obstacles. This paper has demonstrated that IoT ransomware is a credible threat. We implemented a proof of concept tool that can compromise many IoT devices of varying types. We envisage that this work can be used to assist current and future IoT developers to improve the security of their devices, and also to help security researchers in implementing more effective ransomware countermeasures, including for IoT devices.

Ransomware is a form of malware designed to prevent access to data by either locking out the victims from their system or encrypting some or all of their files until a ransom has been paid to the attacker. Victims would know that they had been hit by ransomware because a ransom demand (splash screen) would be displayed on their compromised device. This study aims to identify key user interface features of ransomware splash screens and see how these features affect victims' likelihood to pay, and how this information may be used to create more effective countermeasures to mitigate the threat of ransomware. We devised an experiment that contained three broad types of splash screens (Text, Time-Sensitive Counter, and Other). A total of nine splash screens were shown to each participant, from which data on the participants' eye behaviour were collected. After each splash screen, participants were also asked a set of questions that would help describe their experience and be cross-referenced with the eye tracking data to aid analysis. Our experiment collected quantitative eye tracker data and qualitative data regarding willingness to pay from 25 participants. Several key components of the splash screens such as the text, logo, images, and technical information were analysed. Comments from the participants on whether they would pay the ransom or not, and the reasons behind their decision were also recorded. We found that there is no clear indication that one type of splash screen would have a higher chance of success with regard to ransom payment. Our study revealed that there are some characteristics in splash screens that would strongly discourage some victims from paying. Further investigation will be carried out in this direction, in order to design and develop more effective countermeasures to ransomware.

Ransomware is a type of malware which restricts access to a victim's computing resources and demands a ransom in order to restore access. This is a continually growing and costly threat across the globe, therefore efforts have been made both in academia and industry to develop techniques that can help to detect and recover from ransomware attacks. This paper aims to provide an overview of the current landscape of Windows-based anti-ransomware tools and techniques, using a clear, simple and consistent terminology in terms of Data Sources, Processing and Actions. We extensively analysed relevant literature so that, to the best of our knowledge, we had at the time covered all approaches taken to detect and recover from ransomware attacks. We grouped these techniques according to their main features as a way to understand the landscape. We then selected 15 existing anti-ransomware tools both to examine how they fit into this landscape and to compare them by aggregating their accuracy and overhead – two of the most important selection criteria of these tools – as reported by the tools' respective authors. We were able to determine popular solutions and unexplored gaps that could lead to promising areas of anti-ransomware development. From there, we propose two novel detection techniques, namely serial byte correlation and edit distance. This paper serves as a much needed roadmap of knowledge and ideas to systematise the current landscape of anti-ransomware tools.

The Internet of Things (IoT) has introduced a myriad of ways in which devices can interact with each other. The IoT concept provides opportunities for novel and useful applications but at the same time, concerns have been raised over potential security issues caused by buggy IoT software. It is therefore imperative to detect and fix these bugs in order to minimise the risk of IoT devices becoming the target or source of attacks. In this paper, we focus our investigation on the underlying IoT operating system (OS), which is critical for the overall security of IoT devices. We picked Contiki as our case study since it is a very popular IoT OS and we have access to part of the development team, allowing us to discuss potential vulnerabilities with them so that fixes can be implemented quickly. Using static program analysis tools and techniques, we are able to scan the source code of the Contiki OS systematically in order to identify, analyse and patch vulnerabilities. Our main contribution is a holistic and systematic analysis of Contiki, starting with an exploration of its metrics, fundamental architecture, and finally some of its vulnerabilities. Our analysis produced relevant data on the number of unsafe functions in use, as well as the bug density; both of which provide an indication of the overall security of the inspected system. Our effort led to the finding of two major issues, described in two Common Vulnerabilities and Exposures (CVE) reports.

This work examines some of the most relevant Bitcoin laundry Services, commonly known as tumblers or mixers, and studies their main features to try to answer some fundamental questions including their security, popularity, transaction volume, and generated revenue. Our research aims to inform both legitimate users and Law Enforcement about the characteristics and limitations of these services.

This paper presents a security analysis of the manual override feature of the Noke smart lock. The Noke allows its user to operate, monitor and even share his smart lock with others through a smartphone. To counter the risk of being unable to open the lock when the smartphone is unavailable, it provides an override mechanism. Noke implements this override feature using a quick-click scheme, whereby its user can choose a sequence of eight to sixteen short and long shackle presses (similar to a Morse code). To explore the security implications of this feature, we conducted a study collecting human-generated quick-click codes from 100 participants, and analysed and modelled the resulting dataset. Our analysis shows that the override mechanism, at least in its current implementation, presents a significant opportunity for successful guessing attacks. We demonstrate this by building a mechanical brute force tool that on average can test one quick-click code in under three seconds. We conclude that this speed, together with the low entropy of human-generated passcodes, makes this manual override feature one of the most significant weaknesses of the system and constitutes a promising attack vector. We responsibly disclosed our findings to the Noke manufacturer. We also provide a list of potential countermeasures that can help to address this risk. We believe that alternative authentication methods such as quick-click codes will become increasingly popular in ever-expanding Internet of Things devices, so the weaknesses and the countermeasures discussed in this paper are timely and relevant, as they can also apply to other devices and security systems that rely on unconventional user-generated authentication codes.

The ability to identify the source camera for an image has application in the areas of digital forensics and multimedia data mining. The majority of previous research in this area has focused on primary function imaging devices (i.e. digital cameras). In this work we use the pattern noise of an imaging sensor to classify digital photographs according to the source smartphone from which they originated. This is timely work as new smartphone models large imaging sensors, affording significant improvements in classification rates using pattern noise. Our approach is to extract wavelet based features which are then classified using a support vector machine. We show that this method generalises well when the number of source cameras is increased.