6894 matches found
Lightweight Hybrid Block-Stream Cryptographic Algorithm for the Internet of Things
In this thesis, a novel lightweight hybrid encryption algorithm named SEPAR is proposed, featuring a 16-bit block length and a 128-bit initialization vector. The algorithm is designed specifically for application in Internet of Things IoT technology devices. The design concept of this algorithm i...
ROSA: Finding Backdoors with Fuzzing
A code-level backdoor is a hidden access, programmed and concealed within the code of a program. For instance, hard-coded credentials planted in the code of a file server application would enable maliciously logging into all deployed instances of this application. Confirmed software supply chain...
Measuring the Accuracy and Effectiveness of PII Removal Services
This paper presents the first large-scale empirical study of commercial personally identifiable information PII removal systems -- commercial services that claim to improve privacy by automating the removal of PII from data broker's databases. Popular examples of such services include DeleteMe,...
Modeling Interdependent Cybersecurity Threats Using Bayesian Networks: a Case Study on In-Vehicle Infotainment Systems
Cybersecurity threats are increasingly marked by interdependence, uncertainty, and evolving complexity challenges that traditional assessment methods such as CVSS, STRIDE, and attack trees fail to adequately capture. This paper reviews the application of Bayesian Networks BNs in cybersecurity ris...
Cryptography without Long-Term Quantum Memory and Global Entanglement: Classical Setups for One-Time Programs, Copy Protection, and Stateful Obfuscation
We show how oracles which only allow for classical query access can be used to construct a variety of quantum cryptographic primitives which do not require long-term quantum memory or global entanglement. Specifically, if a quantum party can execute a semi-quantum token scheme Shmueli 2022 with...
SAFE-SiP: Secure Authentication Framework for System-In-Package Using Multi-Party Computation
The emergence of chiplet-based heterogeneous integration is transforming the semiconductor, AI, and high-performance computing industries by enabling modular designs and improved scalability. However, assembling chiplets from multiple vendors after fabrication introduces a complex supply chain th...
Privacy-Preserving Analytics for Smart Meter (AMI) Data: a Hybrid Approach to Comply with CPUC Privacy Regulations
Advanced Metering Infrastructure AMI data from smart electric and gas meters enables valuable insights for utilities and consumers, but also raises significant privacy concerns. In California, regulatory decisions CPUC D.11-07-056 and D.11-08-045 mandate strict privacy protections for customer...
Blockchain Technology: Core Mechanisms, Evolution, and Future Implementation Challenges
Blockchain technology has emerged as one of the most transformative digital innovations of the 21st century. This paper presents a comprehensive review of blockchain's fundamental architecture, tracing its development from Bitcoin's initial implementation to current enterprise applications. We...
Comparative Analysis of Blockchain Systems
Blockchain is a type of decentralized distributed database. Unlike traditional relational database management systems, it does not require management or maintenance by a third party. All data management and update processes are open and transparent, solving the trust issues of centralized databas...
Improved Algorithms for Differentially Private Language Model Alignment
Language model alignment is crucial for ensuring that large language models LLMs align with human preferences, yet it often involves sensitive user data, raising significant privacy concerns. While prior work has integrated differential privacy DP with alignment techniques, their performance...
MUBox: a Critical Evaluation Framework of Deep Machine Unlearning
Recent legal frameworks have mandated the right to be forgotten, obligating the removal of specific data upon user requests. Machine Unlearning has emerged as a promising solution by selectively removing learned information from machine learning models. This paper presents MUBox, a comprehensive...
On the Interplay of Explainability, Privacy and Predictive Performance with Explanation-Assisted Model Extraction
Machine Learning as a Service MLaaS has gained important attraction as a means for deploying powerful predictive models, offering ease of use that enables organizations to leverage advanced analytics without substantial investments in specialized infrastructure or expertise. However, MLaaS...
Multiparty Selective Disclosure Using Attribute-Based Encryption
This study proposes a mechanism for encrypting SD-JWT Selective Disclosure JSON Web Token Disclosures using Attribute-Based Encryption ABE to enable flexible access control on the basis of the Verifier's attributes. By integrating Ciphertext-Policy ABE CP-ABE into the existing SD-JWT framework, t...
Area Comparison of CHERIoT and PMP in Ibex
Memory safety is a critical concern for modern embedded systems, particularly in security-sensitive applications. This paper explores the area impact of adding memory safety extensions to the Ibex RISC-V core, focusing on physical memory protection PMP and Capability Hardware Extension to RISC-V...
Kudzu: Fast and Simple High-Throughput BFT
We present Kudzu, a high-throughput atomic broadcast protocol with an integrated fast path. Our contribution is based on the combination of two lines of work. Firstly, our protocol achieves finality in just two rounds of communication if all but $p$ out of $n = 3f + 2p + 1$ participating replicas...
Information Leakage in Data Linkage
The process of linking databases that contain sensitive information about individuals across organisations is an increasingly common requirement in the health and social science research domains, as well as with governments and businesses. To protect personal data, protocols have been developed t...
Robustness Analysis against Adversarial Patch Attacks in Fully Unmanned Stores
The advent of convenient and efficient fully unmanned stores equipped with artificial intelligence-based automated checkout systems marks a new era in retail. However, these systems have inherent artificial intelligence security vulnerabilities, which are exploited via adversarial patch attacks,...
iOS SwiftZero CVE-2025-24203 Proof of Concept
SwiftZero is a proof of concept exploit for iOS versions 16.0 through 18.3.2 that performs a protected file overwrite...
Removing Watermarks with Partial Regeneration Using Semantic Information
As AI-generated imagery becomes ubiquitous, invisible watermarks have emerged as a primary line of defense for copyright and provenance. The newest watermarking schemes embed semantic signals - content-aware patterns that are designed to survive common image manipulations - yet their true...
Adaptive Security Policy Management in Cloud Environments Using Reinforcement Learning
The security of cloud environments, such as Amazon Web Services AWS, is complex and dynamic. Static security policies have become inadequate as threats evolve and cloud resources exhibit elasticity 1. This paper addresses the limitations of static policies by proposing a security policy managemen...
The Sponge Is Quantum Indifferentiable
The sponge is a cryptographic construction that turns a public permutation into a hash function. When instantiated with the Keccak permutation, the sponge forms the NIST SHA-3 standard. SHA-3 is a core component of most post-quantum public-key cryptography schemes slated for worldwide adoption...
Unencrypted Flying Objects: Security Lessons from University Small Satellite Developers and Their Code
Satellites face a multitude of security risks that set them apart from hardware on Earth. Small satellites may face additional challenges, as they are often developed on a budget and by amateur organizations or universities that do not consider security. We explore the security practices and...
Where the Devil Hides: Deepfake Detectors Can No Longer Be Trusted
With the advancement of AI generative techniques, Deepfake faces have become incredibly realistic and nearly indistinguishable to the human eye. To counter this, Deepfake detectors have been developed as reliable tools for assessing face authenticity. These detectors are typically developed on De...
Gaussian Shading++: Rethinking the Realistic Deployment Challenge of Performance-Lossless Image Watermark for Diffusion Models
Ethical concerns surrounding copyright protection and inappropriate content generation pose challenges for the practical implementation of diffusion models. One effective solution involves watermarking the generated images. Existing methods primarily focus on ensuring that watermark embedding doe...
Optimized Couplings for Watermarking Large Language Models
Large-language models LLMs are now able to produce text that is, in many cases, seemingly indistinguishable from human-generated content. This has fueled the development of watermarks that imprint a signal'' in LLM-generated text with minimal perturbation of an LLM's output. This paper provides a...
Key Exchange Protocol Based on Circulant Matrix Action over Congruence-Simple Semiring
We present a new key exchange protocol based on circulant matrices acting on matrices over a congruence-simple semiring. We describe how to compute matrices with the necessary properties for the implementation of the protocol. Additionally, we provide an analysis of its computational cost and its...
Cryptologic Techniques and Associated Risks in Public and Private Security. an Italian and European Union Perspective with an Overview of the Current Legal Framework
This article examines the evolution of cryptologic techniques and their implications for public and private security, focusing on the Italian and EU legal frameworks. It explores the roles of cryptography, steganography, and quantum technologies in countering cybersecurity threats, emphasising th...
GPML: Graph Processing for Machine Learning
The dramatic increase of complex, multi-step, and rapidly evolving attacks in dynamic networks involves advanced cyber-threat detectors. The GPML Graph Processing for Machine Learning library addresses this need by transforming raw network traffic traces into graph representations, enabling...
Inference Attacks for X-Vector Speaker Anonymization
We revisit the privacy-utility tradeoff of x-vector speaker anonymization. Existing approaches quantify privacy through training complex speaker verification or identification models that are later used as attacks. Instead, we propose a novel inference attack for de-anonymization. Our attack is...
Quantum Support Vector Regression for Robust Anomaly Detection
Anomaly Detection AD is critical in data analysis, particularly within the domain of IT security. In recent years, Machine Learning ML algorithms have emerged as a powerful tool for AD in large-scale data. In this study, we explore the potential of quantum ML approaches, specifically quantum kern...
Red Teaming the Mind of the Machine: a Systematic Evaluation of Prompt Injection and Jailbreak Vulnerabilities in LLMs
Large Language Models LLMs are increasingly integrated into consumer and enterprise applications. Despite their capabilities, they remain susceptible to adversarial attacks such as prompt injection and jailbreaks that override alignment safeguards. This paper provides a systematic investigation o...
Nmap Port Scanner 7.97
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols UDP, TCP, ICMP, etc...
LM-Scout: Analyzing the Security of Language Model Integration in Android Apps
Developers are increasingly integrating Language Models LMs into their mobile apps to provide features such as chat-based assistants. To prevent LM misuse, they impose various restrictions, including limits on the number of queries, input length, and allowed topics. However, if the LM integration...
Post-Quantum Secure Decentralized Random Number Generation Protocol with Two Rounds of Communication in the Standard Model
Randomness plays a vital role in numerous applications, including simulation, cryptography, distributed systems, and gaming. Consequently, extensive research has been conducted to generate randomness. One such method is to design a decentralized random number generator DRNG, a protocol that enabl...
Comet: Accelerating Private Inference for Large Language Model by Predicting Activation Sparsity
With the growing use of large language models LLMs hosted on cloud platforms to offer inference services, privacy concerns about the potential leakage of sensitive information are escalating. Secure multi-party computation MPC is a promising solution to protect the privacy in LLM inference...
A Large-Scale Empirical Analysis of Custom GPTs' Vulnerabilities in the OpenAI Ecosystem
Millions of users leverage generative pretrained transformer GPT-based language models developed by leading model providers for a wide range of tasks. To support enhanced user interaction and customization, many platforms-such as OpenAI-now enable developers to create and publish tailored model...
Federated Large Language Models: Feasibility, Robustness, Security and Future Directions
The integration of Large Language Models LLMs and Federated Learning FL presents a promising solution for joint training on distributed data while preserving privacy and addressing data silo issues. However, this emerging field, known as Federated Large Language Models FLLM, faces significant...
Assessing the Latency of Network Layer Security in 5G Networks
In contrast to its predecessors, 5G supports a wide range of commercial, industrial, and critical infrastructure scenarios. One key feature of 5G, ultra-reliable low latency communication, is particularly appealing to such scenarios for its real-time capabilities. However, 5G's enhanced security,...
LLM-Text Watermarking Based on Lagrange Interpolation
The rapid advancement of LLMs Large Language Models has established them as a foundational technology for many AI and ML-powered human computer interactions. A critical challenge in this context is the attribution of LLM-generated text -- either to the specific language model that produced it or ...
Browser Security Posture Analysis: a Client-Side Security Assessment Framework
Modern web browsers have effectively become the new operating system for business applications, yet their security posture is often under-scrutinized. This paper presents a novel, comprehensive Browser Security Posture Analysis Framework1, a browser-based client-side security assessment toolkit...
ABAC Lab: an Interactive Platform for Attribute-Based Access Control Policy Analysis, Tools, and Datasets
Attribute-Based Access Control ABAC provides expressiveness and flexibility, making it a compelling model for enforcing fine-grained access control policies. To facilitate the transition to ABAC, extensive research has been conducted to develop methodologies, frameworks, and tools that assist...
GDNTT: an Area-Efficient Parallel NTT Accelerator Using Glitch-Driven Near-Memory Computing and Reconfigurable 10T SRAM
With the rapid advancement of quantum computing technology, post-quantum cryptography PQC has emerged as a pivotal direction for next-generation encryption standards. Among these, lattice-based cryptographic schemes rely heavily on the fast Number Theoretic Transform NTT over polynomial rings,...
Invariant-Based Cryptography: toward a General Framework
We develop a generalized framework for invariant-based cryptography by extending the use of structural identities as core cryptographic mechanisms. Starting from a previously introduced scheme where a secret is encoded via a four-point algebraic invariant over masked functional values, we broaden...
F5 BIG-IP 16.1.4.1 Remote Command Execution
F5 BIG-IP version 16.1.4.1 suffers from a command injection vulnerability via an authenticated user with administrator privileges...
Machine Learning-Based Detection of DDoS Attacks in VANETs for Emergency Vehicle Communication
Vehicular Ad Hoc Networks VANETs play a key role in Intelligent Transportation Systems ITS, particularly in enabling real-time communication for emergency vehicles. However, Distributed Denial of Service DDoS attacks, which interfere with safety-critical communication channels, can severely impai...
Evaluating Explanation Quality in X-IDS Using Feature Alignment Metrics
Explainable artificial intelligence XAI methods have become increasingly important in the context of explainable intrusion detection systems X-IDSs for improving the interpretability and trustworthiness of X-IDSs. However, existing evaluation approaches for XAI focus on model-specific properties...
Private LoRA Fine-Tuning of Open-Source LLMs with Homomorphic Encryption
Preserving data confidentiality during the fine-tuning of open-source Large Language Models LLMs is crucial for sensitive applications. This work introduces an interactive protocol adapting the Low-Rank Adaptation LoRA technique for private fine-tuning. Homomorphic Encryption HE protects the...
Valida ISA Spec, Version 1.0: a Zk-Optimized Instruction Set Architecture
The Valida instruction set architecture is designed for implementation in zkVMs to optimize for fast, efficient execution proving. This specification intends to guide implementors of zkVMs and compiler toolchains for Valida. It provides an unambiguous definition of the semantics of Valida program...
Zeek 7.0.7
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...
Fair Play for Individuals, Foul Play for Groups? Auditing Anonymization'S Impact on ML Fairness
Machine learning ML algorithms are heavily based on the availability of training data, which, depending on the domain, often includes sensitive information about data providers. This raises critical privacy concerns. Anonymization techniques have emerged as a practical solution to address these...