Search for: All records

The distributed cryptocurrency networking is critical because the information delivered through it drives the mining consensus protocol and the rest of the operations. However, the cryptocurrency peer-to-peer (P2P) network remains vulnerable, and the existing security approaches are either ineffective or inefficient because of the permissionless requirement and the broadcasting overhead. We design a Lightweight and Identifier-Oblivious eNgine (LION) for the anomaly detection of the cryptocurrency networking. LION is not only effective in permissionless networking but is also lightweight and practical for the computation-intensive miners. We build LION for anomaly detection and use traffic analyses so that it minimally affects the mining rate and is substantially superior in its computational efficiency than the previous approaches based on machine learning. We implement a LION prototype on an active Bitcoin node to show that LION yields less than 1% of mining rate reduction subject to our prototype, in contrast to the state-of-the-art machine-learning approaches costing 12% or more depending on the algorithms subject to our prototype, while having detection accuracy of greater than 97% F1-score against the attack prototypes and real-world anomalies. LION therefore can be deployed on the existing miners without the need to introduce new entities in the cryptocurrency ecosystem.

Recent trends in the cybersecurity workforce have recognized that effective solutions for complex problems require collective efforts from individuals with diverse sets of knowledge, skills, and abilities. Therefore, the growing need to train students in team collaboration skills propelled educators in computer science and engineering to adopt team-based pedagogical strategies. Team-based pedagogy has shown success in enhancing students' knowledge in course subjects and their motivation in learning. However, it is limited in offering concrete frameworks specifically focusing on how to teach team collaboration skills. As part of an interdisciplinary effort, we draw on Transactive Memory Systems Theory-a communication theory that explains how individuals in groups learn who knows what and organize who does what-in developing a Team Knowledge Sharing Assignment as a tool for student teams to structure their team collaboration processes. This paper reports a result of a case study in designing and facilitating the assignment for cybersecurity students enrolled in a scholarship program. Students' evaluations and the instructor's assessment reveal that the assignment made a positive impact on students' team collaboration skills by helping them successfully identify their team members' expertise and capitalize on their team's knowledge resources when delegating functional roles. Based on this case study, wemore »offer practical suggestions on how the assignment could be used for various classes or cybersecurity projects and how instructors could maximize its benefits.« less

Public Key Infrastructure (PKI) generates and distributes digital certificates to provide the root of trust for securing digital networking systems. To continue securing digital networking in the quantum era, PKI should transition to use quantum-resistant cryptographic algorithms. The cryptography community is developing quantum-resistant primitives/algorithms, studying, and analyzing them for cryptanalysis and improvements. National Institute of Standards and Technology (NIST) selected finalist algorithms for the post-quantum digital signature cipher standardization, which are Dilithium, Falcon, and Rainbow. We study and analyze the feasibility and the processing performance of these algorithms in memory/size and time/speed when used for PKI, including the key generation from the PKI end entities (e.g., a HTTPS/TLS server), the signing, and the certificate generation by the certificate authority within the PKI. The transition to post-quantum from the classical ciphers incur changes in the parameters in the PKI, for example, Rainbow I significantly increases the certificate size by 163 times when compared with RSA 3072. Nevertheless, we learn that the current X.509 supports the NIST post-quantum digital signature ciphers and that the ciphers can be modularly adapted for PKI. According to our empirical implementations-based study, the post-quantum ciphers can increase the certificate verification time cost compared to the current classicalmore »cipher and therefore the verification overheads require careful considerations when using the post-quantum-cipher-based certificates.« less

Blockchain relies on the underlying peer-to-peer (p2p) networking to broadcast and get up-to-date on the blocks and transactions. It is therefore imperative to have high p2p connectivity for the quality of the blockchain system operations. High p2p networking connectivity ensures that a peer node is connected to multiple other peers providing a diverse set of observers of the current state of the blockchain and transactions. However, in a permissionless blockchain network, using the peer identifiers—including the current approach of counting the number of distinct IP addresses and port numbers—can be ineffective in measuring the number of peer connections and estimating the networking connectivity. Such current approach is further challenged by the networking threats manipulating the identifiers. We build a robust estimation engine for the p2p networking connectivity by sensing and processing the p2p networking traffic. We implement a working Bitcoin prototype connected to the Bitcoin Mainnet to validate and improve our engine’s performances and evaluate the estimation accuracy and cost efficiency of our estimation engine.

Because Bitcoin P2P networking is permissionless by the application requirement, it is vulnerable against networking threats based on identity/credential manipulations such as Sybil and spoofing attacks. The current Bitcoin implementation keeps track of its peer's networking misbehaviors through ban score. In this paper, we investigate the security problems of the ban-score mechanism and discover that the ban score is not only ineffective against the Bitcoin Message-based DoS attacks but also vulnerable to a Defamation attack. In the Defamation attack, the network adversary can exploit the ban-score mechanism to defame innocent peers.

While the blockchain technology provides strong cryptographic protection on the ledger and the system operations, the underlying blockchain networking remains vulnerable due to potential threats such as denial of service (DoS), Eclipse, spoofing, and Sybil attacks. Effectively detecting such malicious events should thus be an essential task for securing blockchain networks and services. Due to its importance, several studies investigated anomaly detection in Bitcoin and blockchain networks, but their analyses mainly focused on the blockchain ledger in the application context (e.g., transactions) and targets specific types of attacks (e.g., double-spending, deanonymization, etc). In this study, we present a security mechanism based on the analysis of blockchain network traffic statistics (rather than ledger data) to detect malicious events, through the functions of data collection and anomaly detection. The data collection engine senses the underlying blockchain traffic and generates multi-dimensional data streams in a periodic manner. The anomaly detection engine then detects anomalies from the created data instances based on semi-supervised learning, which is capable of detecting previously unseen patterns, and we introduce our profiling-based detection engine implemented on top of AutoEncoder (AE). Our experimental results support the effectiveness of the presented security mechanism for accurate, online detection of malicious events frommore »blockchain networking traffic data. We also show further reduction in time complexity (up to 66.8% for training and 85.7% for testing), without any performance degradation using feature prioritization compared to the utilization of the entire features.« less

Modern vehicles are equipped with vehicular sensors for smart navigation, vehicle state awareness, and other intelligent operations. Despite the previous belief that the sensor operations stay within a vehicle, as it is designed to be, we study information leakage through the tire pressure monitoring system (TPMS) sensors and the corresponding privacy breach. We demonstrate that, using a low-cost and off-the-shelf software defined radio (SDR), an unauthorized attacker can track uniquely-identifiable sensor IDs up to 40 meters away from the vehicle. To address the issue and protect vehicular privacy, we also propose an effective and lightweight TPMS ID randomization scheme and analyze its security and the implementation costs.

Colorado-Washington Security Scholars Program (CWSSP) is a scholarship program for training and educating cybersecurity engineering students. Hosted in two universities for the students in the cybersecurity degree programs, the cross-campus program emphasizes virtual teamwork and collaborations in learning cybersecurity and executing the cybersecurity projects. This paper explains how the CWSSP program uniquely enhances the cybersecurity education and workforce development particularly focusing on the mechanisms to incorporate collaborations for the student scholars' training and the outcomes of the collaborations. We share our experience and insights from delivering the scholarship program in this paper.

Network intrusion detection systems (IDS) has efficiently identified the profiles of normal network activities, extracted intrusion patterns, and constructed generalized models to evaluate (un)known attacks using a wide range of machine learning approaches. In spite of the effectiveness of machine learning-based IDS, it has been still challenging to reduce high false alarms due to data misclassification. In this paper, by using multiple decision mechanisms, we propose a new classification method to identify misclassified data and then to classify them into three different classes, called a malicious, benign, and ambiguous dataset. In other words, the ambiguous dataset contains a majority of the misclassified dataset and is thus the most informative for improving the model and anomaly detection because of the lack of confidence for the data classification in the model. We evaluate our approach with the recent real-world network traffic data, Kyoto2006+ datasets, and show that the ambiguous dataset contains 77.2% of the previously misclassified data. Re-evaluating the ambiguous dataset effectively reduces the false prediction rate with minimal overhead and improves accuracy by 15%.