Nov. 10, 2015 (1 year, 7 months ago)

UK government and industry launch £6.5m CyberInvest scheme to fund research into cyber security

The UK government, in collaboration with industry, has launched a scheme called CyberInvest to fund research into cyber security. To date, 18 companies have signed up to the scheme and have committed £6.5m of investment over the next five years. This includes BT which is investing £500,000 into the scheme. Other companies that have made their involvement public include Northrop Grumman, Crossword Cybersecurity, Nexor and Becrypt.

Oct. 31, 2015 (1 year, 7 months ago)

Six Potential Game-Changers in Cyber Security: Towards Priorities in Cyber Science and Engineering

Although this paper is not considering the commercial potential of cyber security technologies directly, it's analysis of potential game changers does give an indication of where research and innovation could have a commercial impact in addressing future risks. The fields of study encompassed by cyber science and engineering are broad and poorly defined at this time. This paper present results of a workshop that explored possible game-changers or disruptive changes that might occur in cyber security within the next 15 years. It suggests that such game-changers may be useful in focusing the attention of research communities on high-priority topics.

Oct. 15, 2015 (1 year, 8 months ago)

An Anomaly Analysis Framework for Database Systems

[Behind a paywall] To handle security incidents effectively, alerts should be accompanied by information about the nature of the incident and its criticality. Without this information it is difficult to process the large number of alerts often raised by anomaly detection systems. This work presents an anomaly analysis framework which assesses the criticality of alerts with respect to the disclosure of sensitive information, along with a feature-based classification according to the type of attack. The framework has been deployed as a web-based alert audit tool that provides classification and risk ranking capabilities, which eases the analysis of, and hence responses to, database security alerts. The classification and ranking approaches have been validated using synthetic data generated through a healthcare management system.

Oct. 13, 2015 (1 year, 8 months ago)

Diversity Reduces the Impact of Malware

The internet in general is typically diverse, from the perspective of malware attacks, due to distinct configurations, firewall rules, antimalware signature sets, intrusion detection, and router policies etc. However many networks still have limited internal diversity, making them vulnerable to malware spreading. Diversity can provide a malware-halting technique and this paper models the spreading of infectious malware over networked computing devices using a model comprising a simple graph with N nodes of L types. A good measure of a model's diversity is the number of node types L. Nodes of the same type share an exploitable vulnerability, whereas nodes of different types have no common exploitable vulnerability. An epidemiological model represents the spreading phase of multi-malware outbreaks. The analysis of this phase establishes a lower bound on the diversity L needed by various halting techniques proposed for spreading networks with three different topologies: i)Sparse and homogeneous, ii) Sparse and inhomogeneous, iii) Dense and homogeneous.

Aug. 18, 2015 (1 year, 10 months ago)

Sound Proof: two-factor authentication through ambient noise

A research paper from the Institute of Information Security at ETH in Zurich has proposed a new method to achieve two-factor authentication through the use of ambient sound and a user's smartphone. The researchers have developed a mechanism that relies on the proximity of the user's phone to the device being used to log in. When the user logs in, the two devices record the surrounding levels of ambient noise via their microphones. The phone compares the two recordings, determines if the computer is located in the same environment and then ultimately decides whether the login attempt is legitimate or fraudulent. The software is claimed to work with current phones and major browsers without plugins and apparently adds an average of five seconds to a password-only login operation. And it can even work if the phone is in a pocket or purse so does not require user interaction.

June 2, 2015 (2 years ago)

Lightweight Practical Private One-Way Anonymous Messaging,

This paper (a sample of which is available online) might be sub-titled "Ed Snowdens dream technology". The authors propose a one-way message routing scheme that guarantees message privacy, and sender anonymity, through the use of homomorphic encryption (a form of encryption that allows computations to be carried out on ciphertext, generating an encrypted result which, when decrypted, matches the result of operations performed on the plaintext.) The scheme uses intermediate relays and a real-world prototype built on HTML5 has been tested and deployed on a public cloud environment and run in a mobile web browser with no configuration at the network level. Practical applications potentially include whistle-blower protection, anonymous surveys and microblogging,

Jan. 30, 2015 (2 years, 4 months ago)

Bitcoin Startup Gem May Revolutionize MultiSig Wallet Security

Bitcoin startup Gem provides a scalable API for bitcoin developers, has a new security enhancement that may be significant for the future of Bitcoin security. The company announced the inclusion of Custom Hardware Security Modules produced by Thales e-Security, as part of their standard multi-sig bitcoin wallet. Multi-sig wallets have become the standard for Bitcoin wallet security. A multi-sig wallet is associated with several private keys, making it more secure.