No abstract available.
Proceeding Downloads
Automated, Dynamic Android App Vulnerability and Privacy Leak Analysis: Design Considerations, Required Components and Available Tools
Smartphones apps aid humans in plenty of situations. There exists an app for everything. However, without the user’s awareness, some apps contain vulnerabilities or leak private data. Static and dynamic app analysis are ways to find these software ...
USBCulprit: USB-borne Air-Gap Malware
Air-gapped networks are disconnected from the Internet due to the sensitive data they store and process. These networks are usually maintained by military organizations, defense industries, critical infrastructures, and more. Malware that is capable of ...
Operation Digital Ant: A Serious Game Approach to Collect Insider Threat Scenarios and Raise Awareness
Insiders pose severe threats to the supply chain, the security of infrastructures, and the safety of products and services. "Operation Digital Ant" is a tabletop game that explores insider threats in the food supply chain. Three to four teams compete ...
It is not as simple as that: Playing out password security trainings in order to nudge password changes
The COVID-19 pandemic forced a number of companies to place their staff into home office. In terms of security awareness measures, this means that content or training can only be played out remotely. Within this work, we report about a security ...
Salt&Pepper: Spice up Security Behavior with Cognitive Triggers
This paper presents an interdisciplinary approach to improve impact factors on Information Security Behavior (ISB) considering various aspects from human behavior research. According to the Fogg Behavior Model (FBM) human behavior is a product of three ...
Non-Interactive VDF Client Puzzle for DoS Mitigation
Denial of Service (DoS) attacks pose a growing threat to network services. Client puzzles have been proposed to mitigate DoS attacks by requiring a client to prove legitimate intentions. Since its introduction, there have been several constructions of ...
A Statefull Firewall and Intrusion Detection System Enforced with Secure Logging for Controller Area Network
The Controller Area Network standard represents one of the most commonly used communication protocol present in today’s vehicles. While it’s main properties facilitate the communication between different control units, several protocol design ...
With a Little Help from Your Friends: Collaboration with Vendors During Smart Grid Incident Response Exercises
The introduction of Information and Communications Technology (ICT) into conventional power grids has resulted in a digitalized smart grid, enabling a more efficient and robust operation. However, it can also lead to increased risk and new threats due ...
Sealed Storage for Low-Cost IoT Devices: an Approach Using SRAM PUFs and Post-Quantum Cryptography
The number of Internet of Things (IoT) devices is increasing since they can solve many problems, such as those found in healthcare or power grid. Since they are susceptible to be attacked, solutions must be explored to make them more trustworthy and, ...
Retransmission steganography in real-world scenarios: a practical study
Retransmission steganography (RSTEG) is one of the state-of-the-art network steganography techniques which can be used for various network protocols that make use of a retransmission mechanism. Essentially, RSTEG works by intentionally not ...
Reset- and Reconnection-based Covert Channels in CoAP
The Internet of Things (IoT) and the Industrial Internet of Things (IIoT) are fast growing areas. Therefore, several protocols are specifically designed for these domains. CoAP (Constrained Application Protocol) is one of the more common ones. This ...
Multilevel Network Steganography in Fountain Codes
We present a method to establish a network storage covert channel in a fountain code, which is used to provide reliable communication over lossy network with low overhead and without acknowledgment. As also parts of the secret message get lost when a ...
How to Make an Intrusion Detection SystemAware of Steganographic Transmission
Information hiding techniques are becoming a major threat in network communication. This paper describes how to modify an intrusion detection system (IDS) to detect certain types of steganography. As a sample IDS we use open-source Zeek software. We ...
How Feasible are Steganographic and Stealth Attacks on TIA Project Metadata of ICS: A Case Study with Real-world Data
The protection of industrial control systems (ICS) is crucial for a robust provision of essential services for the modern society. Stealthy and steganographic attacks are a considerable threat against the reliability and security of such ICS. Several ...
How to Tweak a Cryptographic Permutation by Direct Manipulation
Cryptographic primitives with internal state and bijective state-transition function can be improved by modifying a small number of transitions, achieving larger periodicity without increase of state space. We show how to tweak such a permutation best ...
A Comparison of SONA and MTurk for Cybersecurity Surveys
For almost every online account, people are required to create a password to protect their information online. Since many people have many accounts, they tend to create insecure passwords and re-use passwords. These insecure passwords are often easy to ...
Key Exchange and Management Schemes for Automotive Control Units
Today's vehicles are typically equipped with dozens of electronic control units that control one or more of the electrical systems or subsystems. Due to the rapid development towards autonomous driving, vehicle functionalities strongly depend on the ...
Detection of Anomalous Values within TIA Project Data History for Industrial Control Systems
Attacks on industrial control systems (ICS) have been intensively studied during the last decade. Malicious alternations of ICS can appear in several different ways, e.g. in changed network traffic patterns or in modified data stored on ICS components. ...
Index Terms
- Proceedings of the 2021 European Interdisciplinary Cybersecurity Conference