434 Hits in 4.1 sec

Private Data Exfiltration from Cyber-Physical Systems Using Channel State Information

Thomas Burton, Kasper Rasmussen
2021 Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society  
In this paper, we present a novel data exfiltration method making use of Channel State Information (CSI) from ambient WiFi signals.  ...  Data exfiltration methods aim to extract data without authorization from a network or device without detection.  ...  Private Data Exfiltration from Cyber-Physical Systems using Channel State Information WPES 2021, November 15, 2021, Seoul, South Korea Packet reception Data extraction Data analysis 10100...  ... 
doi:10.1145/3463676.3485606 fatcat:b62xwmk34fhrlk33e75svkqqsy

BeatCoin: Leaking Private Keys from Air-Gapped Cryptocurrency Wallets [article]

Mordechai Guri
2018 arXiv   pre-print
Having obtained a foothold in the wallet, an attacker can utilize various air-gap covert channel techniques (bridgeware [11]) to jump the airgap and exfiltrate the wallets private keys.  ...  We demonstrate how a 256-bit private key (e.g., bitcoin's private keys) can be exfiltrated from an offline, air-gapped wallet of a fictional character named Satoshi within a matter of seconds  ...  CONCLUSION The threat of data exfiltration from air-gapped computers is often discussed in the context of sophisticated cyber-attacks.  ... 
arXiv:1804.08714v1 fatcat:ckvo7hz2cve53kmtjsy2ucdnui

Data exfiltration: A review of external attack vectors and countermeasures

Faheem Ullah, Matthew Edwards, Rajiv Ramdhany, Ruzanna Chitchyan, M. Ali Babar, Awais Rashid
2018 Journal of Network and Computer Applications  
Context: One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity.  ...  These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data.  ...  Introduction Data theft (formally referred to as data exfiltration) is one of the main motivators for cyber-attacks irrespective of whether carried out by organised crime, commercial competitors, state  ... 
doi:10.1016/j.jnca.2017.10.016 fatcat:fweg67tparct5owb3r4qrpgvxq

Machine Learning for Detecting Data Exfiltration: A Review [article]

Bushra Sabir, Faheem Ullah, M. Ali Babar, Raj Gaire
2021 arXiv   pre-print
This review also aims at identifying gaps in research on ML-based data exfiltration countermeasures. Method: We used a Systematic Literature Review (SLR) method to select and review 92 papers.  ...  of automated feature engineering should be encouraged for efficiently detecting data exfiltration attacks.  ...  Timing channel [25] an attacker gains information from physical parameters of a system such as cache, memory or CPU and time for executing a program to steal information from a victim respectively.  ... 
arXiv:2012.09344v2 fatcat:zpsptvpqaba5zhtzqxtv5tdqra

Network Attack Analysis and the Behaviour Engine

Anthony Benham, Huw Read, Iain Sutherland
2013 International Journal of Computing and Network Technology  
capture data, to detect data exfiltration attempts over covert channelling.  ...  Behaviour Engines allow the acquisition of tacit knowledge by using a learn-by-doing workflow and provide a direct interface between the expert user and the developing project code based on an intuitive  ...  The medium used by a large number of APT's for data exfiltration is that of covert channelling, but data exfiltration has been carried out by physical methods such as printouts as well as those that utilise  ... 
doi:10.12785/ijcnt/010202 fatcat:g5chqpaafvdlpas46w4bfikab4

Network Attack Analysis and the Behaviour Engine

A. Benham, H. Read, I. Sutherland
2013 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA)  
capture data, to detect data exfiltration attempts over covert channelling.  ...  Behaviour Engines allow the acquisition of tacit knowledge by using a learn-by-doing workflow and provide a direct interface between the expert user and the developing project code based on an intuitive  ...  The medium used by a large number of APT's for data exfiltration is that of covert channelling, but data exfiltration has been carried out by physical methods such as printouts as well as those that utilise  ... 
doi:10.1109/aina.2013.157 dblp:conf/aina/BenhamRS13 fatcat:zwih4tl2k5chzgvy7qczzf4fzq

Cybersecurity: Exploring core concepts through six scenarios

Alan T. Sherman, David DeLatte, Michael Neary, Linda Oliva, Dhananjay Phatak, Travis Scheponik, Geoffrey L. Herman, Julia Thompson
2017 Cryptologia  
Presented as case studies, the scenarios illustrate how experts may reason through security challenges managing trust and information in the adversarial cyber world.  ...  segments, verifying compliance with the Nuclear Test Ban Treaty, and exfiltrating a USB stick from a top-secret government facility. 2 Schneider (2013) articulates the need for more thought in cybersecurity  ...  His main research interest is high-integrity voting systems.  ... 
doi:10.1080/01611194.2017.1362063 fatcat:7mkrp5q5zze3pmioywlrboqzlu

From keyboard to cloud-base network revamped data lifecycle cybersecurity

Amadi Chukwuemeka Augustine, Juliet Nnenna Odii, Stanley A Okolie
2021 Zenodo  
The aim is to present a good practice that encourages data confidentiality, acceptable use policy, knowledge of personnel and physical security policy.  ...  This paper review seeks to identify the need for a revamped data life cycle security in the era of pervasive threat from skill cyber criminals at this time of internet of things.  ...  Under the cover of encryption, Zeus sends that password information and other sensitive data to an external user, constructing a channel for the remote attacker to capture a login session, and using the  ... 
doi:10.5281/zenodo.5559352 fatcat:b4y22buue5ckbn7lz5xpmtwlfu

Decoys in Cybersecurity: An Exploratory Study to Test the Effectiveness of 2-sided Deception [article]

Palvi Aggarwal, Yinuo Du, Kuldeep Singh, Cleotilde Gonzalez
2021 arXiv   pre-print
We observe that attackers attempted more exploits on honeypots and exfiltrated more data from honeypots in the two forms of deception conditions.  ...  However, the attacks on honeypots and data exfiltration were not different within the deception conditions.  ...  Acknowledgments This research was sponsored by the Combat Capabilities Development Command, Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber  ... 
arXiv:2108.11037v1 fatcat:zarbnhdpgfdgxcum5f6m5b6giq

Under false flag: using technical artifacts for cyber attack attribution

Florian Skopik, Timea Pahi
2020 Cybersecurity  
What is however only of limited interest for the private industry is in the center of interest for nation states.  ...  However, a serious problem which has not got the appropriate attention from research yet, are false flag campaigns, cyber attacks which apply covert tactics to deceive or misguide attribution attempts  ...  The victims of cyber attacks range from private businesses to nation states. Ukraine, France and the United States were affected by attacks during their elections, for instance.  ... 
doi:10.1186/s42400-020-00048-4 fatcat:gkn4xnfza5alzilrdtykpfurem

The Security of IP-based Video Surveillance Systems [article]

Naor Kalbo, Yisroel Mirsky, Asaf Shabtai, Yuval Elovici
2019 arXiv   pre-print
IP-based Surveillance systems protect industrial facilities, railways, gas stations, and even one's own home. Therefore, unauthorized access to these systems has serious security implications.  ...  However, in [7] the authors focus on visual attacks such as data exfiltration, covert channels, and steganography.  ...  Exfiltrating Information Cameras can be exploited to exfiltrate information for an attacker [7] .  ... 
arXiv:1910.10749v1 fatcat:qcf3cnvwbbefjerwtg3p4iqtbi

Exploiting Internet of Things Protocols for Malicious Data Exfiltration Activities

Ivan Vaccari, Sara Narteni, Maurizio Aiello, Maurizio Mongelli, Enrico Cambiaso
2021 IEEE Access  
In IoT networks, sensitive and critical information are exchanged between devices or external systems to perform data analysis.  ...  Internet of Things is a widely adopted and pervasive technology, but also one of the most relevant in cyber-security, given the volume and sensitivity of shared data and the availability of affordable  ...  A covert channel is a broader class of cyber-threats, based on a secret communication between different entities that may lead to data exfiltration, but not necessarily based on network protocols.  ... 
doi:10.1109/access.2021.3099642 fatcat:eginyrsxczcbpfvti7l7oiu5j4

Cyber-Security Threats and Side-Channel Attacks for Digital Agriculture

Adel N. Alahmadi, Saeed Ur Rehman, Husein S. Alhazmi, David G. Glynn, Hatoon Shoaib, Patrick Solé
2022 Sensors  
Smart sensors and systems are used to monitor crops, plants, the environment, water, soil moisture, and diseases.  ...  It also provides a comprehensive review of the side-channel attacks (SCA) specific to digital agriculture, which have not been explored previously.  ...  Side-channel attacks are related to extracting information from the data leakage during the communication or while accessing the system.  ... 
doi:10.3390/s22093520 pmid:35591211 pmcid:PMC9105922 fatcat:mjyoqamxcjam3hbgfyvj5jzukm

LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables [article]

Mordechai Guri
2021 arXiv   pre-print
Malicious code in air-gapped computers gathers sensitive data and then encodes it over radio waves emanating from the Ethernet cables, using them as antennas.  ...  Our experiments show that with the LANTENNA attack, data can be exfiltrated from air-gapped computers to a distance of several meters away.  ...  The stolen information can be documents, databases, access credentials, encryption keys, and so on. 1) Data transmission: Once the data is collected, the malware exfiltrates it using the covert channel  ... 
arXiv:2110.00104v1 fatcat:vt3e6xoebvghrmcqvy3jvr7qai

Comparative Research of Cybersecurity Information Sharing Models

Jussi Simola
2019 Information & Security An International Journal  
When the purpose is to protect vital functions of society, public safety organizations in EU member states need proactive features in their information systems.  ...  Summary of findings: unclear allocation of responsibilities in national government departments prevents authorities from fighting together against cyber and physical threats.  ...  Acknowledgement This work was supported by the ECHO project which has received funding from the European Union's Horizon 2020 research and innovation programme under the grant agreement no. 830943.  ... 
doi:10.11610/isij.4315 fatcat:bjvebj5ov5clfpvuubyrdwdcq4
« Previous Showing results 1 — 15 out of 434 results