| 1. |
- Dansarie, Marcus, doktorand, 1985-, et al.
(author)
-
Breaking HALFLOOP-24
- 2022
-
In: IACR Transactions on Symmetric Cryptology. - Bochum : Ruhr-Universität Bochum. - 2519-173X. ; :3, s. 217-238
-
Journal article (peer-reviewed)abstract
- HALFLOOP-24 is a tweakable block cipher that is used to protect automatic link establishment messages in high frequency radio, a technology commonly used by government agencies and industries that need highly robust long-distance communications. We present the first public cryptanalysis of HALFLOOP-24 and show that HALFLOOP-24, despite its key size of 128 bits, is far from providing 128 bit security. More precisely, we give attacks for ciphertext-only, known-plaintext, chosen-plaintext and chosen-ciphertext scenarios. In terms of their complexities, most of them can be considered practical. However, in the real world, the amount of available data is too low for our attacks to work. Our strongest attack, a boomerang key-recovery, finds the first round key with less than 210 encryption and decryption queries. In conclusion, we strongly advise against using HALFLOOP-24.
|
|
| 2. |
- Dansarie, Marcus, doktorand, 1985-
(author)
-
Cryptanalysis of the SoDark Cipher for HF Radio Automatic Link Establishment
- 2021
-
In: IACR Transactions on Symmetric Cryptology. - : Ruhr University Bochum. - 2519-173X. ; 2021:3, s. 36-53
-
Journal article (peer-reviewed)abstract
- The SoDark cipher is used to protect transmitted frames in the second and third generation automatic link establishment (ALE) standards for high frequency (HF) radios. The cipher is primarily meant to prevent unauthorized linking and attacks on the availability of HF radio networks. This paper represents the first known security analysis of the cipher used by the second generation ALE protocol—the de facto world standard—and presents a related-tweak attack on the full eight round version of the algorithm. Under certain conditions, collisions of intermediate states several rounds into the cipher can be detected from the ciphertext with high probability. This enables testing against the intermediate states using only parts of the key. The best attack is a chosen-ciphertext attack which can recover the secret key in about an hour with 100% probability, using 29 chosen ciphertexts.
|
|
| 3. |
- Dansarie, Marcus, doktorand, 1985-
(author)
-
sboxgates : A program for finding low gate count implementations of S-boxes
- 2021
-
In: Journal of Open Source Software. - : Open Journals. - 2475-9066. ; 6:62, s. 1-3
-
Journal article (peer-reviewed)abstract
- S-boxes are often the only nonlinear components in modern block ciphers. They are commonly selected to comply with very specific criteria in order to make a cipher secure against, for example, linear and differential attacks. An M x N S-box can be thought of as a lookup table that relates an M-bit input value to an N-bit output value, or as a set of N boolean functions of M variables (Schneier, 1996).Although cipher specifications generally describe S-boxes using their lookup tables, they can also be described as boolean functions or logic gate circuits. sboxgates, which is presented here, finds equivalent logic gate circuits for S-boxes, given their lookup table specification. Generated circuits are output in a human-readable XML format. The software can convert the output files into C or CUDA (a parallel computing platform for Nvidia GPUs) source code. The generated circuits can also be converted to the DOT graph description language for visualization with Graphviz (Ellson et al., 2002).
|
|
| 4. |
- Huskaj, Gazmend, et al.
(author)
-
An anticipatory ethical analysis of offensive cyberspace operations
- 2020
-
In: Proceedings of the 15th International Conference on Cyber Warfare and Security, ICCWS 2020. - Reading : Academic Conferences and Publishing International Limited. - 9781912764525 - 9781912764532 - 1912764539 ; , s. 512-520
-
Conference paper (peer-reviewed)abstract
- This article presents the ethical issues using offensive cyberspace operations. Previously enshrouded in secrecy, and now becoming the new norm, countries are using offensive cyberspace operations to achieve their strategic interests. Russia has conducted multiple offensive operations targeting Estonia, Georgia and the Ukraine; Hamas has targeted Israeli targets; and Iran has been targeting U.S. targets. The response to these operations has varied; Estonia and Georgia struggled with the attacks and were unable to respond while Ukraine tried to respond but the response was inefficient. Israel's response on Hamas offensive operations was an air strike on a building with Hamas Cyber-operatives. Iran shot down a U.S. Drone over the Strait of Hormuz, and the U.S. initially intended to respond with kinetic capabilities in the form of missile strikes. However, in the last minute, the U.S. chose to respond with offensive cyberspace operations targeting the Iranian missile systems. This last-minute change of response choosing between kinetic or cyber capabilities shows a need to further investigate how offensive cyberspace operations can be used against which targets from an ethical perspective. This article applies anticipatory ethical analysis on U.S. offensive operations in the “Global Hawk”-case when Iran shot down a U.S. drone over the Strait of Hormuz. Anticipatory ethical analysis looks at emerging technologies and their potential consequences. Offensive cyberspace operations present a range of possibilities, which include lowering the risk of harm to cyber operatives' lives belonging to the responding nation. However, a response can also be kinetic. Therefore, the analysis of the “Global Hawk”-case is compared with the Israeli-air strike of the building of Hamas Cyber-operatives. The authors argue that applying anticipatory ethical analysis on offensive operations and kinetic operations assist decision makers in choosing response actions to re-establish deterrence through the use of offensive cyberspace operations.
|
|
| 5. |
- Huskaj, Gazmend, et al.
(author)
-
Anticipatory ethics for vulnerability disclosure
- 2020
-
In: Proceedings of the 15th International Conference on Cyber Warfare and Security, ICCWS 2020. - Reading : Academic Conferences and Publishing International Limited. - 9781912764525 - 1912764539 - 9781912764532 ; , s. 254-261
-
Conference paper (peer-reviewed)abstract
- This article presents the ethical dilemma related to under what circumstances vulnerabilities should be disclosed. Vulnerabilities exist in hardware and software, and can be as a consequence of programming errors or design flaws. Threat actors can exploit these vulnerabilities to gain otherwise unintended access to information systems, resources and/or stored information. In other words, they can be used to impact the confidentiality, integrity and availability of information in information systems. As a result, various types of vulnerabilities are highly sought after since they enable this type of access. The most highly sought are so-called “zero-day”-vulnerabilities. These are vulnerabilities that exist but are unknown, and when exploited, enable one way of entry into a system that is not thought possible. This is also why zero-day vulnerabilities are very popular among criminal organizations, states and state-sponsored advanced persistent threats. The other side of the coin is when a state identifies a zero-day, and ends up in the ethical dilemma of whether to release the news and inform the vendor to patch it, i.e. close the vulnerability, or to use it for offensive or intelligence purposes. This article employs these distinctions to apply anticipatory ethics in the Stuxnet-case. Stuxnet was a computer software that was allegedly developed by the U.S. together with Israel to disrupt Iran's development of uranium for their nuclear program. More exactly, it was developed to disable the uranium centrifuges used to enrich uranium. To achieve this, Stuxnet exploited four zero-day vulnerabilities and, according to some experts, managed to delay Iran's nuclear program by one to two-years, forcing them to the negotiation table. Using vulnerabilities like zero-days presents opportunities but also risks. The results of the application of anticipatory ethics to the Stuxnet case are then compared with the “Osirak”-case and the “al-Kibar”-case. Osirak was the nuclear reactor in Iraq and was bombed in 1981; al-Kibar was the nuclear reactor being built up in Syria, also bombed in 2007.
|
|
| 6. |
- Huskaj, Gazmend, et al.
(author)
-
Designing attack infrastructure for offensive cyberspace operations
- 2020
-
In: Proceedings of the 19th European Conference on Cyber Warfare and Security. - Reading, UK : Academic Conferences and Publishing International Limited. - 9781912764617 - 9781912764624 ; , s. 473-482
-
Conference paper (peer-reviewed)abstract
- This article addresses the question ‘what considerations should be taken by cyber commands when designing attack infrastructure for offensive operations?’. Nation-states are investing in equipping units tasked to conduct offensive cyberspace operations. Generating ‘deny, degrade, disrupt, destroy or deceive’ effects on adversary targets requires to move from own (‘green’), through neutral (‘grey’), to adversary (‘red’) cyberspace. The movement is supported by attack infrastructure for offensive cyberspace operations. In this paper, we review the professional and scientific literature identifying the requirements for designing an attack infrastructure. Next, we develop and define the concepts for attack infrastructure. Finally, we explain and describe the considerations for designing attack infrastructure. The research question is answered by proposing a framework for designing attack infrastructure. This framework is vital for military and civilian commands designing attack infrastructure for offensive cyberspace operations.
|
|
| 7. |
- Huskaj, Gazmend, et al.
(author)
-
Toward an ambidextrous framework for offensive cyberspace operations : A theory, policy and practice perspective
- 2020
-
In: Proceedings of the 15th International Conference on Cyber Warfare and Security, ICCWS 2020. - Reading, UK : Academic Conferences and Publishing International Limited. - 9781912764525 - 9781912764532 - 1912764539 ; , s. 243-253
-
Conference paper (peer-reviewed)abstract
- This article addresses the rise in state-sponsored cyber attacks over the past three decades and proposes a new ambidextrous framework for offensive cyberspace operations. Since 1982, nation states have embarked in a fierce race to develop both clandestine and covert offensive cyber capabilities. Their intended targets range from foreign militaries and terrorist organizations to civilian populations and the critical infrastructures that they rely upon. Advancements in cyber security have, however, contributed to the discovery and attribution of offensive cyber operations, such as state-sponsored ransomware attacks, where state-built cyber capabilities have been used to attack governments, industries, academia and citizens of adversary nations. The financial and psychological costs of these ransomware attacks are today a threat to any state's national security. This article draws from academic research, the cyber military doctrines of four countries-a total of eight models from the Netherlands, Sweden, the U.S., and the U.K.-and the authors' operational experience to propose a new ambidextrous framework for offensive cyberspace operations. This ambidextrous framework for offensive cyberspace operations and the associated Cyberspace Operations Canvas are needed today in order to increase the resilience of national critical infrastructures against attacks from state-developed tools. We use the WannaCry-case to illustrate how the implementation of the ambidextrous framework for offensive cyberspace operations would result in increased awareness and understanding of the prospective cyber threats, their intended target(s), the likelihood of cascading effects and the options available by nation states to minimize them.
|
|
| 8. |
- Huskaj, Gazmend
(author)
-
What is a Substantial Contribution to a Research Project in Offensive Cyberspace Operations that Merits Co-Authorship?
- 2022
-
In: Proceedings of the 17th International Conference on Cyber Warfare and Security. - Reading, UK : ACI Academic Conferences International. - 9781914587276 - 9781914587269 ; , s. 385-394
-
Conference paper (peer-reviewed)abstract
- This article reviews the question what is a substantial contribution to a research project in offensive cyberspace operations that merits co-authorship? Frustrations and conflicts may develop during research projects when researchers with different backgrounds, cultures, research fields and expertise decide to conduct research and produce and publish those results. The focus of this paper is a research project in cyberspace operations while taking into account the power-dynamics inherent in the academic system and how these can affect the co-authorship of research products. First, the purpose with doing research is presented. Next, three models of the research process are reviewed, describing their differences and similarities. Then, linguistic analysis is applied on a set of terms in guidelines for co-authorship described in some different universities in Sweden. The results present a model for a research project in offensive cyberspace operations and based on the output of the linguistic analysis, the model is used to quantify and describe what a substantial contribution is in three scenarios that merits co-authorship.
|
|
| 9. |
- Iftimie, Ion A., et al.
(author)
-
Strengthening the cybersecurity of smart grids : The role of artificial intelligence in resiliency of substation intelligent electronic devices
- 2020
-
In: Proceedings of the 19th European Conference on Cyber Warfare and Security. - Reading, UK : Academic Conferences and Publishing International Limited. - 9781912764617 - 9781912764624 ; , s. 143-150, s. 143-150
-
Conference paper (peer-reviewed)abstract
- The Executive Order 13800—Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure—issued by the President of the United States, calls for an evaluation of the “readiness and gaps in the United States’ ability to manage and mitigate consequences of a cyber incident against the electricity subsector.” In May of 2018, the Office of Management and Budget finished evaluating the 96 risk assessments conducted by various agencies and published Federal Cybersecurity Risk Determination Report and Action Plan (Risk Report). While the report embraced a broad defending forward strategy, it made no reference to smart grids or their vulnerable intelligent substations and did not address how federal agencies plan to respond to emerging threats to these systems. While the paper does not discuss how to attack the smart grids in the cyber domain, the contribution to the academic debate lies in validating some of the vulnerabilities of the grid’s substations in order for government, private industry, academia, and civil society to better collaborate in disrupting or halting malicious cyber activities before they disrupt the power supply of the United States and its Transatlantic allies. We also discuss how Artificial Intelligence and related techniques can mitigate security risks to cyber-physical systems. Until this technology becomes available, however, standardization of cyber security efforts must be enforced through regulatory means, such as the enforcement of security-by-design Intelligent Electronic Devices and protocols for the smart grid.
|
|
| 10. |
- Kävrestad, Joakim, 1989-, et al.
(author)
-
How the Civilian Sector in Sweden Perceive Threats from Offensive Cyberspace Operations
- 2021
-
In: Proceedings of the 20th European Conference on Cyber Warfare and Security. - Reading : ACI Academic Conferences International. - 9781912764433 - 9781912764990 ; , s. 499-506
-
Conference paper (peer-reviewed)abstract
- The presence of state-sponsored actors executing offensive cyberspace operations (OCO) has been made evident in recent years. The term offensive cyberspace operations encompass a range of different actions, including cyberespionage, disinformation campaigns, spread of malware and more. Based on an analysis of past events, it is evident that state-sponsored actors are causing harm to the civilian sector using OCO. However, the degree to which civilian organizations understand the threat from state-sponsored actors is currently unknown. This research seeks to provide new a better understanding of OCO and their impact on civilian organizations. To highlight this domain, the case of the threat actor Advanced Persistent Threat 1 (APT1) is presented, and its impact on three civilian organizations discussed. Semi-structured interviews were used to research how the threats from OCO and state-sponsored actors are perceived by civilian organizations. First, a computational literature review was used to get an overview of related work and establish question themes. Next, the question themes were used to develop questions for the interview guide, followed by separate interviews with five security professionals working in civilian organizations. The interviews were analysed using thematic coding and the identified themes summarized as the result of this research. The results show that all respondents are aware of the threat from OCO, but they perceive it in different ways. While all respondents acknowledge state-sponsored actors at a threat agent executing OCO, some respondent’s argue that state-sponsored actors are actively seeking footholds in systems for future use while others state that the main goal of state-sponsored actors is to steal information. This suggests that the understanding of the threat imposed by OCO is limited, or at least inconsistent, among civilian security experts. As an interview study, the generalisability of this research is limited. However, it does demonstrate that the civilian society does not share a common view of the threat from state-sponsored actors and OCO. As such, it demonstrates a need for future research in this domain and can serve as a starting point for such projects.
|
|
