MIT Technology Review August 17, 2018 Researchers at New York University introduced a new defensive technique called chaff bugs. Rather than eliminating bugs, they add large numbers of bugs that are provably (but not obviously) non-exploitable. Attackers who attempt to find and exploit bugs in software will, with high probability, find an intentionally placed non-exploitable bug and waste precious resources in trying to build a working exploit. They developed two strategies for ensuring non-exploitability and use them to automatically add thousands of non-exploitable bugs to real-world software such as nginx and libFLAC; they showed that the functionality of the software […]
Category Archives: Cyber security
Hackers could turn your garden sprinklers into a cyber weapon
MIT Technology Review August 8, 2018 The researchers in Israel found security weaknesses in popular commercial irrigation systems that could allow hackers to turn them on and off remotely. Large numbers of zombie sprinklers could be linked in a “botnet” that rapidly drains a city’s water reserves. The researchers claim a botnet of 1,350-odd sprinklers could empty an urban water tower in an hour, and around 24,000 could empty a flood water reservoir overnight. The researchers have notified manufacturers of the flaws they found in the software controlling the sprinklers… read more.
AI for cybersecurity is a hot new thing—and a dangerous gamble
MIT Technology Review August 11, 2018 Many firms are now rolling out machine-learning-based products to get an audience with customers who have bought into the AI hype cycle. According to experts many products being rolled out involve supervised learning. The training information they use has not been thoroughly scrubbed of anomalous data points which could lead to the algorithm missing some attacks. Other concerns include difficulty of figuring out why some very complex algorithms spit out certain answers and overreliance on a single, master algorithm to drive a security system. Experts emphasize the importance of monitoring and minimizing the risks… […]
Algorithms Help Power Grids Survive GPS Spoofs
IEEE Spectrum August 7, 2018 Phasor measurement units (PMUs) used to monitor and the control of power systems are vulnerable to GPS spoofing attacks. A team of researchers in the US (Clemson University, UC Santa Barbara) proposes a distributed real-time wide-area oscillation estimation approach that is robust to GPS spoofing on PMUs and their associated phasor data concentrators. The approach checks update consistency with histories and across distributed nodes and can tolerate up to one third of compromised nodes. It can be implemented in a completely decentralized architecture and in a completely asynchronous way. They have confirmed the effectiveness of […]
Protecting autonomous grids from potentially crippling GPS spoofing attacks
Science Daily July 19, 2018 Knowing the speed at which electricity moves, the distance between sensors, and the time it takes an oscillation to move between sensors, one can determine whether the oscillation is real. Phasor measurement units (PMUs) allow synchronous real-time measurements of voltage, phase angle, and frequency from multiple remote locations in the grid, enabled by their ability to align to (GPS) clocks. A team of researchers in the US (Clemson University, UC Santa Clara) proposes a distributed real-time wide-area oscillation estimation approach that is robust to GPS spoofing on PMUs and their associated phasor data concentrators. The […]
New study could hold key to hack-proof systems
Phys.org July 17, 2018 An international team of researchers (Austria, France, Czech Republic, Slovakia, Switzerland, Spain, UK) show how carefully constructed measurements in two bases (one of which is not orthonormal) can be used to faithfully and efficiently certify bipartite high-dimensional states and their entanglement for any physical platform. In an experimental set-up, they were able to verify 9-dimensional entanglement for a pair of photons on a 11-dimensional subspace each. The group is currently looking into a more direct use of this technique in actual quantum cryptography protocols and expect their technique to be widely applied in other quantum systems […]
The Future of Cybersecurity Is the Quantum Random Number Generator
IEEE Spectrum June 28, 2018 Nearly 140 years back Frank Miller proposed encrypting messages by shifting each letter in the message by a random number of places, resulting in a string of gibberish. And ever since, cryptographers have tried to devise a way to generate and distribute the unique and truly random numbers that the technique requires. This article reviews the various developments in random number generating research. Researchers have made good progress in recent years in developing technologies that can generate and distribute truly random numbers. By measuring the unpredictable attributes of subatomic particles, these devices can use the […]
Game changing invention to revolutionise cybersecurity
Phys.org July 2, 2018 Researchers in the UK propose using resonant tunnelling diodes as practical true random number generators based on a quantum mechanical effect. The output of the proposed devices can be directly used as a random stream of bits or can be further distilled using randomness extraction algorithms, depending on the application. With the lowest power requirements and high scalability due to the simple semiconductor structure it is hoped that this innovation will play a pivotal role in protecting both consumers and businesses across the globe in their digital futures… read more. Open Access TECHNICAL ARTICLE
City-crippling ransomware, crypto hijackings, and more: our 2018 mid-year cybersecurity update
MIT Technology Review June 25, 2018 In early January, Technology Review predicted some of the biggest cyberthreats the world would encounter in 2018. As predicted there have been more huge data breaches, bolder efforts to steal computer processing power for cryptocurrency mining, targeting more cryptocurrency exchanges and ransomware attacks are causing even more damage. There hasn’t yet been any concrete evidence of hackers weaponizing artificial intelligence… read more.
Defense Against the Dark Arts: An overview of adversarial example security research and future research directions
ArXiv June 11, 2018 This article presents a summary of a keynote lecture at the Deep Learning Security workshop at IEEE Security and Privacy 2018. This lecture summarizes the state of the art in defenses against adversarial examples and provides recommendations for future research directions on this topic… read more. Open Access TECHNICAL ARTICLE