Springer Science and Business Media LLC

Healthcare systems promise a significant impact in the field of quality of life. However, security is one of the hottest topics that must be guaranteed in these systems. One of the effective ways to provide security is through cryptographic protocols. The keys generated by these protocols must be disposable and time-dependent to resist replay attacks. In this paper, we show that not only secret keys must be time-dependent, but also the existence of a time-independent variable in authentication protocols can compromise users' privacy. Recently, an elliptic curve cryptography-based authentication protocol with time-independent variables has been proposed for wireless healthcare sensor networks. This paper intends to secure the previous protocol. We simulate our proposed scheme using AVISPA, a well-known formal method to validate security protocols, and the result shows that our proposed protocol is provably safe. Besides, we prove that our protocol preserves mutual authentication property using the widely-used BAN logic, and low complexity makes our protocol suitable for practical applications. We show that users can securely agree on a shared key within $$387\mu $$ s with a 256-byte overhead.

The use of TLS by malware poses new challenges to network threat detection because traditional pattern-matching techniques can no longer be applied to its messages. However, TLS also introduces a complex set of observable data features that allow many inferences to be made about both the client and the server. We show that these features can be used to detect and understand malware communication, while at the same time preserving the privacy of the benign uses of encryption. These data features also allow for accurate malware family attribution of network communication, even when restricted to a single, encrypted flow. To demonstrate this, we performed a detailed study of how TLS is used by malware and enterprise applications. We provide a general analysis on millions of TLS encrypted flows, and a targeted study on 18 malware families composed of thousands of unique malware samples and tens-of-thousands of malicious TLS flows. Importantly, we identify and accommodate for the bias introduced by the use of a malware sandbox. We show that the performance of a malware classifier is correlated with a malware family’s use of TLS, i.e., malware families that actively evolve their use of cryptography are more difficult to classify. We conclude that malware’s usage of TLS is distinct in an enterprise setting, and that these differences can be effectively used in rules and machine learning classifiers.

This paper will propose a natural language model based on all coherent (meaningful) texts of fixed length used in encryption. We use Shannon's cipher model to describe XOR ciphers by incorporating equinumerous alphabets of plaintexts, keys, and ciphertexts. The encryption function between the plaintext alphabet and the key should be defined as bijective with regard to each variable. The selection of key symbols from the key alphabet to encrypt a text of finite length is made randomly (and possibly randomly and with equal probability). The supposed attack consists of identifying at least two plaintext segments with a given length D in a known ciphertext of a given length. Further, we will estimate the complexity of the attack and calculate the reliability of the attack lower estimate.

The aim of the study is to assess the security of information systems during an influence of advanced persistent threats. The article shows the need to build a threat model during an analyzing the security of information systems. Various approaches to modeling threats in information systems are considered, their advantages and disadvantages are noted, requirements for the developed methodology are formed. As a result of the study, a method for modeling computer attack scenarios and assessing the security of information systems under the influence of advanced persistent threats is formed, based on the use of risk matrix models. A method for determining categorical variables characterizing the probability and damage as a result of the implementation of information threats using clustering methods is also proposed. The example demonstrates the use of a graph of threat matrices for modeling scenarios of targeted computer attacks on information system assets. The scientific novelty of the work consists in the proposal of a method for analyzing the security of information systems, which takes into account the possibility of changing the probability of the implementation of information threats during the life cycle of an advanced persistent threat, the dependence of information threats and the value of information assets for the intruder and their owner, which makes it possible to predict various scenarios of computer attacks.

We consider a classical problem of multi-party pairwise key agreement (MP-KA): n parties wish to establish a secure communication channels to each other. Currently, this problem is easily solved with involvement of a trusted Key Distribution Center (KDC) or Key Translation Center (KTC), public key encryption or key pre-distribution protocols. But these solutions are not applicable when some parties are corrupted and all of them have only a link to the Certificate Verification Center (CVC). We develop MP-KA protocol without Trusted Setup and involvement of KDC or KTC, which reduces the number $$(n(n-1))/2$$ of Diffie–Hellman key exchanges (DH-KE). Precisely, for an adversary, who corrupts no more then t-out-of-n parties, $$t \le [n/2]-1$$ , we reduce this number to $$(n-t-1)\cdot (t+1)$$ , and thus to O(n) for the constant value of t. Our protocol consists of two phases: (1) $$k = (n-t-1)\cdot (t+1)$$ DH-KE runs to establish secure channels between a subset of all parties and (2) a protocol based on secret sharing, intended to agree on pairwise keys between other parties. We prove that the second phase of protocol is perfectly secure against semi-honest threshold adversary. As a result, we improve the efficiency of multi-party pairwise key agreement in comparison with direct Diffie–Hellman-based approach.

The transformation of the contemporary societies through digital technologies has had a profound effect on all human activities including those that are in the realm of illegal, unlawful, and criminal deeds. Moreover, the affordances provided by the anonymity creating techniques such as the Tor protocol which are beneficial for preserving civil liberties, appear to be highly profitable for various types of miscreants whose crimes range from human trafficking, arms trading, and child pornography to selling controlled substances and racketeering. The Tor similar technologies are the foundation of a vast, often mysterious, sometimes anecdotal, and occasionally dangerous space termed as the Dark Web. Using the features that make the Internet a uniquely generative knowledge agglomeration, with no borders, and permeating different jurisdictions, the Dark Web is a source of perpetual challenges for both national and international law enforcement agencies. The anonymity granted to the wrong people increases the complexity and the cost of identifying both the crimes and the criminals, which is often exacerbated with lack of proper human resources. Technologies such as machine learning and artificial intelligence come to the rescue through automation, intensive data harvesting, and analysis built into various types of web crawlers to explore and identify dark markets and the people behind them. It is essential for an effective and efficient crawling to have a pool of dark sites or onion URLs. The research study presents a way to build a crawling mechanism by extracting onion URLs from malicious executables by running them in a sandbox environment and then analysing the log file using machine learning algorithms. By discerning between the malware that uses the Tor network and the one that does not, we were able to classify the Tor using malware with an accuracy rate of 91% with a logistic regression algorithm. The initial results suggest that it is possible to use this machine learning approach to diagnose new malicious servers on the Tor network. Embedding this kind of mechanism into the crawler may also induce predictability, and thus efficiency in recognising dark market activities, and consequently, their closure.