Sept. 10, 2016 (6 months, 1 week ago)

Okayama University reveals first flexible cryptoprocessor

Researchers at Okayama University have collaborated with Tokyo Electron Device to create a cryptography chip that can adjust its level of security on the fly - a secure cryptoprocessor that can change the scale of security without requiring changes in the hardware. As computer performance improves, it will become increasingly difficult to adjust the security level of devices to match emerging techniques and use new schemes. For example the secure key length of RSA cryptography can be 512, 1024, 2048, and 3072 bits. The processor also supports recent advances in cryptography like elliptic curve and paring-based cryptography. Cryptoprocessors need to be upgraded together with their arithmetic architectures. The new cryptoprocessor scales with evolving security needs using a cyclic vector multiplication algorithm (CVMA), a concept previously developed at Okayama. The chip has a compact circuit scale, and could be used in terminals and IoT devices.

Sept. 6, 2016 (6 months, 2 weeks ago)

Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction | RSA Conference

Noted Bitcoin experts have produced a highly technical resource that is a comprehensive introduction to Bitcoin. The authors explain in technical detail how the underlying Bitcoin protocol and technology operates. Bitcoin also has a number of technical and security limitations which are also discussed. One of the more significant limitations is that the cryptographic algorithms in Bitcoin are hardcoded and fixed within in the protocol. If the underlying cryptography in Bitcoin is one day broken the logical solution would be to change the protocols, but the authors go into a detailed technical overview of why this is not feasible.

Sept. 6, 2016 (6 months, 2 weeks ago)

Randomized Prediction Games for Adversarial Machine Learning

Malware code is typically obfuscated using random strings or byte sequences to hide known exploits and increase their chances of evading detection. Randomization has also been proposed to improve security of learning algorithms against evasion attacks, as it hides information about the classifier from the attacker. Recent work has proposed game-theoretical formulations to learn secure classifiers, by simulating different evasion attacks and modifying the classification function. However, both the classification function and the simulated data manipulations have been modeled in a deterministic manner, without accounting for randomization. This work proposes a non-cooperative game-theoretic formulation in which the classifier and the attacker make randomized strategy selections. The approach allows an improvement in the trade-off between attack detection and false alarms even against attacks that are different from those hypothesized during design. Reducing false alarms is a crtical problem in the cost effective analysis of security data.

July 15, 2016 (8 months, 1 week ago)

Security Pricing as an Enabler of Cyber-Insurance

Despite the promising potential of cyber-insurance to improve information security, deployment is relatively scarce. This paper explores a possible symbiotic relationship between security vendors capable of price differentiating their clients, and cyber-insurance agencies having possession of information related to the security investments of their clients. The goal of this relationship is to (i) allow security vendors to price differentiate their clients based on security investment information from insurance agencies, (ii) allow the vendors to make more profit than in homogeneous pricing settings, and (iii) subsequently transfer some of the extra profit to cyber-insurance agencies to make insurance services more viable. This theoretical study proposes novel and computationally efficient consumer differentiated pricing mechanisms.

July 14, 2016 (8 months, 1 week ago)

The SensorCloud Protocol: Securely Outsourcing Sensor Data to the Cloud

When securing the outsourcing of sensor data to the cloud, the representation of the sensor data and the choice of security measures applied to it are key. This paper presents the SensorCloud protocol, which enables the representation of sensor data and actuator commands using JSON, as well as the encoding of the object security mechanisms applied to a given sensor data item. It utilizes mechanisms that have been or currently are in the process of being standardized at the IETF to aid its wide applicability.

Feb. 24, 2016 (1 year ago)

Byzcoin - Bitcoin protocol improvements for low latency transactions

Bitcoin is a decentralized cryptocurrency providing an open, self-regulating alternative to classical currencies. Bitcoin uses a peer-to-peer network where users submit transactions without intermediaries. Bitcoin miners collect transactions, solve computational puzzles (proof-of-work) to reach consensus, and add the transactions to a distributed public ledger known as the blockchain. The original Bitcoin paper argues that transaction processing is secure and irreversible as long as the largest colluding group of miners represents less than 50% of total computing capacity and at least about one hour has elapsed. Critically this transaction latency limits Bitcoin's suitability for real-time transactions, furthermore recent work has exposed vulnerabilities to transaction reversibility, double-spending, and strategic mining attacks. This paper introduces ByzCoin, a novel protocol that leverages scalable collective signing to commit Bitcoin transactions irreversibly within seconds.

Jan. 6, 2016 (1 year, 2 months ago)

P2CySeMoL: Predictive, Probabilistic Cyber Security Modelling Language

This paper presents an attack graph tool that can be used to estimate the cyber security of enterprise architectures. The principal current approach for this purpose uses attack graphs; applying formal reasoning and graphical modelling to present possible attack paths corresponding to a certain architecture. According to a recent survey there are more than 30 different types of attack graph approaches but there are still many important aspects that current approaches do not manage. P2CySeMoL includes theory on how attacks and defences relate quantitatively; users model their assets and how these are connected in order to enable calculations. It has been validated on both a component level and a system level using literature, domain experts, surveys, observations, experiments and case studies.

Dec. 16, 2015 (1 year, 3 months ago)

Eight startups selected for Cyber London security accelerator programme

Cyber security startup accelerator and incubator Cyber London (CyLon) has announced the participants in its second programme to support fledgling security companies. The 14-week programme gives entrepreneurial teams access to professional training and guidance from a network of mentors and investors. In addition, the teams selected to participate in the programme receive a £15,000 investment in return for 3% equity. CyLon partners and sponsors are Amadeus Capital Partners, Epsilon Advisory Partners, Winton Capital, BAE Systems Applied Intelligence, Freshfields Bruckhaus Deringer LLP and Fried Frank. The startups taking part in the second programme are: *Aves Netsec, Finland. An adaptive cyber deception system for efficiently countering the advanced attacker. *BitNinja, Hungary. The first integrated server defence network powered by a machine-learning system. *Fabric, UK. Secure and private mobile communications. *Mazor, Israel. Solution for detection of threats on network and security components. *Simudyne, UK. Identifies and reduces the risk from cyber attacks. *Torsion InfoSec, UK. Delivering accurate rules and classifications-driven security for SharePoint and Office 365: Simple, Precise and Robust. *UkkoBox, UK and Brazil. An easy tool that safely encrypts and spreads user files to existing cloud providers worldwide. *Verity, South Africa. Enables organisations to prevent document forgery through digital document certification.