UnSafengine64: A Safengine Unpacker for 64-Bit Windows Environments and Detailed Analysis Results on Safengine 2.4.0.

Despite recent remarkable advances in binary code analysis, malware developers still use complex anti-reversing techniques that make analysis difficult. Packers are used to protect malware, which are (commercial) tools that contain diverse anti-reversing techniques, including code encryption, anti-debugging, and code virtualization. In this study, we present UnSafengine64: a Safengine unpacker for 64-bit Windows. UnSafengine64 can correctly unpack packed executables using Safengine, which is considered one of the most complex commercial packers in Windows environments; to the best of our knowledge, there have been no published analysis results. UnSafengine64 was developed as a plug-in for Pin, which is one of the most widely used dynamic analysis tools for Microsoft Windows. In addition, we utilized Detect It Easy (DIE), IDA Pro, x64Dbg, and x64Unpack as auxiliary tools for deep analysis. Using UnSafengine64, we can analyze obfuscated calls for major application programming interface (API) functions or conduct fine-grained analyses at the instruction level. Furthermore, UnSafengine64 detects anti-debugging code chunks, captures a memory dump of the target process, and unpacks packed files. To verify the effectiveness of our scheme, experiments were conducted using Safengine 2.4.0. The experimental results show that UnSafengine64 correctly executes packed executable files and successfully produces an unpacked version. Based on this, we provided detailed analysis results for the obfuscated executable file generated using Safengine 2.4.0.

An Adaptive Simultaneous Multi-Protocol Extension of CRAFT.

An exponential number of devices connect to Internet of Things (IoT) networks every year, increasing the available targets for attackers. Protecting such networks and devices against cyberattacks is still a major concern. A proposed solution to increase trust in IoT devices and networks is remote attestation. Remote attestation establishes two categories of devices, verifiers and provers. Provers must send an attestation to verifiers when requested or at regular intervals to maintain trust by proving their integrity. Remote attestation solutions exist within three categories: software, hardware and hybrid attestation. However, these solutions usually have limited use-cases. For instance, hardware mechanisms should be used but cannot be used alone, and software protocols are usually efficient in particular contexts, such as small networks or mobile networks. More recently, frameworks such as CRAFT have been proposed. Such frameworks enable the use of any attestation protocol within any network. However, as these frameworks are still recent, there is still considerable room for improvement. In this paper, we improve CRAFT's flexibility and security by proposing ASMP (adaptative simultaneous multi-protocol) features. These features fully enable the use of multiple remote attestation protocols for any devices. They also enable devices to seamlessly switch protocols at any time depending on factors such as the environment, context, and neighboring devices. A comprehensive evaluation of these features in a real-world scenario and use-cases demonstrates that they improve CRAFT's flexibility and security with minimal impact on performance.

Adversarial-Aware Deep Learning System Based on a Secondary Classical Machine Learning Verification Approach.

Deep learning models have been used in creating various effective image classification applications. However, they are vulnerable to adversarial attacks that seek to misguide the models into predicting incorrect classes. Our study of major adversarial attack models shows that they all specifically target and exploit the neural networking structures in their designs. This understanding led us to develop a hypothesis that most classical machine learning models, such as random forest (RF), are immune to adversarial attack models because they do not rely on neural network design at all. Our experimental study of classical machine learning models against popular adversarial attacks supports this hypothesis. Based on this hypothesis, we propose a new adversarial-aware deep learning system by using a classical machine learning model as the secondary verification system to complement the primary deep learning model in image classification. Although the secondary classical machine learning model has less accurate output, it is only used for verification purposes, which does not impact the output accuracy of the primary deep learning model, and, at the same time, can effectively detect an adversarial attack when a clear mismatch occurs. Our experiments based on the CIFAR-100 dataset show that our proposed approach outperforms current state-of-the-art adversarial defense systems.

Design and Testing of a Computer Security Layer for the LIN Bus.

Most modern vehicles are connected to the internet via cellular networks for navigation, assistance, etc. via their onboard computer, which can also provide onboard Wi-Fi and Bluetooth services. The main in-vehicle communication buses (CAN, LIN, FlexRay) converge at the vehicle's onboard computer and offer no computer security features to protect the communication between nodes, thus being highly vulnerable to local and remote cyberattacks which target the onboard computer and/or the vehicle's electronic control units through the aforementioned buses. To date, several computer security proposals for CAN and FlexRay buses have been published; a formal computer security proposal for the LIN bus communications has not been presented. So, we researched possible security mechanisms suitable for this bus's particularities, tested those mechanisms in microcontroller and PSoC hardware, and developed a prototype LIN network using PSoC nodes programmed with computer security features. This work presents a novel combination of encryption and a hash-based message authentication code (HMAC) scheme with replay attack rejection for the LIN communications. The obtained results are promising and show the feasibility of the implementation of an LIN network with real-time computer security protection.

Zero-Day Malware Detection and Effective Malware Analysis Using Shapley Ensemble Boosting and Bagging Approach.

Software products from all vendors have vulnerabilities that can cause a security concern. Malware is used as a prime exploitation tool to exploit these vulnerabilities. Machine learning (ML) methods are efficient in detecting malware and are state-of-art. The effectiveness of ML models can be augmented by reducing false negatives and false positives. In this paper, the performance of bagging and boosting machine learning models is enhanced by reducing misclassification. Shapley values of features are a true representation of the amount of contribution of features and help detect top features for any prediction by the ML model. Shapley values are transformed to probability scale to correlate with a prediction value of ML model and to detect top features for any prediction by a trained ML model. The trend of top features derived from false negative and false positive predictions by a trained ML model can be used for making inductive rules. In this work, the best performing ML model in bagging and boosting is determined by the accuracy and confusion matrix on three malware datasets from three different periods. The best performing ML model is used to make effective inductive rules using waterfall plots based on the probability scale of features. This work helps improve cyber security scenarios by effective detection of false-negative zero-day malware.

The Health Care Sector's Experience of Blockchain: A Cross-disciplinary Investigation of Its Real Transformative Potential.

BACKGROUND: Academic literature highlights blockchain's potential to transform health care, particularly by seamlessly and securely integrating existing data silos while enabling patients to exercise automated, fine-grained control over access to their electronic health records. However, no serious scholarly attempt has been made to assess how these technologies have in fact been applied to real-world health care contexts. OBJECTIVE: The primary aim of this paper is to assess whether blockchain's theoretical potential to deliver transformative benefits to health care is likely to become a reality by undertaking a critical investigation of the health care sector's actual experience of blockchain technologies to date. METHODS: This mixed methods study entailed a series of iterative, in-depth, theoretically oriented, desk-based investigations and 2 focus group investigations. It builds on the findings of a companion research study documenting real-world engagement with blockchain technologies in health care. Data were sourced from academic and gray literature from multiple disciplinary perspectives concerned with the configuration, design, and functionality of blockchain technologies. The analysis proceeded in 3 stages. First, it undertook a qualitative investigation of observed patterns of blockchain for health care engagement to identify the application domains, data-sharing problems, and the challenges encountered to date. Second, it critically compared these experiences with claims about blockchain's potential benefits in health care. Third, it developed a theoretical account of challenges that arise in implementing blockchain in health care contexts, thus providing a firmer foundation for appraising its future prospects in health care. RESULTS: Health care organizations have actively experimented with blockchain technologies since 2016 and have demonstrated proof of concept for several applications (use cases) primarily concerned with administrative data and to facilitate medical research by enabling algorithmic models to be trained on multiple disparately located sets of patient data in a secure, privacy-preserving manner. However, blockchain technology is yet to be implemented at scale in health care, remaining largely in its infancy. These early experiences have demonstrated blockchain's potential to generate meaningful value to health care by facilitating data sharing between organizations in circumstances where computational trust can overcome a lack of social trust that might otherwise prevent valuable cooperation. Although there are genuine prospects of using blockchain to bring about positive transformations in health care, the successful development of blockchain for health care applications faces a number of very significant, multidimensional, and highly complex challenges. Early experience suggests that blockchain is unlikely to rapidly and radically revolutionize health care. CONCLUSIONS: The successful development of blockchain for health care applications faces numerous significant, multidimensional, and complex challenges that will not be easily overcome, suggesting that blockchain technologies are unlikely to revolutionize health care in the near future.

A Password Meter without Password Exposure.

To meet password selection criteria of a server, a user occasionally needs to provide multiple choices of password candidates to an on-line password meter, but such user-chosen candidates tend to be derived from the user's previous passwords-the meter may have a high chance to acquire information about a user's passwords employed for various purposes. A third party password metering service may worsen this threat. In this paper, we first explore a new on-line password meter concept that does not necessitate the exposure of user's passwords for evaluating user-chosen password candidates in the server side. Our basic idea is straightforward; to adapt fully homomorphic encryption (FHE) schemes to build such a system but its performance achievement is greatly challenging. Optimization techniques are necessary for performance achievement in practice. We employ various performance enhancement techniques and implement the NIST (National Institute of Standards and Technology) metering method as seminal work in this field. Our experiment results demonstrate that the running time of the proposed meter is around 60 s in a conventional desktop server, expecting better performance in high-end hardware, with an FHE scheme in HElib library where parameters support at least 80-bit security. We believe the proposed method can be further explored and used for a password metering in case that password secrecy is very important-the user's password candidates should not be exposed to the meter and also an internal mechanism of password metering should not be disclosed to users and any other third parties.

A Blockchain-Based Consent Platform for Active Assisted Living: Modeling Study and Conceptual Framework.

BACKGROUND: Recent advancements in active assisted living (AAL) technologies allow older adults to age well in place. However, sensing technologies increase the complexity of data collection points, making it difficult for users to consent to data collection. One possible solution for improving transparency in the consent management process is the use of blockchain, an immutable and timestamped ledger. OBJECTIVE: This study aims to provide a conceptual framework based on technology aimed at mitigating trust issues in the consent management process. METHODS: The consent management process was modeled using established methodologies to obtain a mapping of trust issues. This mapping was then used to develop a conceptual framework based on previous monitoring and surveillance architectures for connected devices. RESULTS: In this paper, we present a model that maps trust issues in the informed consent process; a conceptual framework capable of providing all the necessary underlining technologies, components, and functionalities required to develop applications capable of managing the process of informed consent for AAL, powered by blockchain technology to ensure transparency; and a diagram showing an instantiation of the framework with entities comprising the participants in the blockchain network, suggesting possible technologies that can be used. CONCLUSIONS: Our conceptual framework provides all the components and technologies that are required to enhance the informed consent process. Blockchain technology can help overcome several privacy challenges and mitigate trust issues that are currently present in the consent management process of data collection involving AAL technologies.

Towards a Safer Internet of Things-A Survey of IoT Vulnerability Data Sources.

The security of the Internet of Things (IoT) is an important yet often overlooked subject. Specifically, the publicly available information sources about vulnerabilities affecting the connected devices are unsatisfactory. Our research shows that, while the information is available on the Internet, there is no single service offering data focused on the IoT in existence. The national vulnerability databases contain some IoT related entries, but they lack mechanisms to distinguish them from the remaining vulnerabilities. Moreover, information about many vulnerabilities affecting the IoT world never reaches these databases but can still be found scattered over the Internet. This review summarizes our effort at identifying and evaluating publicly available sources of information about vulnerabilities, focusing on their usefulness in the scope of IoT. The results of our search show that there is not yet a single satisfactory source covering vulnerabilities affecting IoT devices and software available.

Anomaly Detection for Individual Sequences with Applications in Identifying Malicious Tools.

Anomaly detection refers to the problem of identifying abnormal behaviour within a set of measurements. In many cases, one has some statistical model for normal data, and wishes to identify whether new data fit the model or not. However, in others, while there are normal data to learn from, there is no statistical model for this data, and there is no structured parameter set to estimate. Thus, one is forced to assume an individual sequences setup, where there is no given model or any guarantee that such a model exists. In this work, we propose a universal anomaly detection algorithm for one-dimensional time series that is able to learn the normal behaviour of systems and alert for abnormalities, without assuming anything on the normal data, or anything on the anomalies. The suggested method utilizes new information measures that were derived from the Lempel-Ziv (LZ) compression algorithm in order to optimally and efficiently learn the normal behaviour (during learning), and then estimate the likelihood of new data (during operation) and classify it accordingly. We apply the algorithm to key problems in computer security, as well as a benchmark anomaly detection data set, all using simple, single-feature time-indexed data. The first is detecting Botnets Command and Control (C&C) channels without deep inspection. We then apply it to the problems of malicious tools detection via system calls monitoring and data leakage identification.We conclude with the New York City (NYC) taxi data. Finally, while using information theoretic tools, we show that an attacker's attempt to maliciously fool the detection system by trying to generate normal data is bound to fail, either due to a high probability of error or because of the need for huge amounts of resources.

Server-Focused Security Assessment of Mobile Health Apps for Popular Mobile Platforms.

BACKGROUND: The importance of mobile health (mHealth) apps is growing. Independent of the technologies used, mHealth apps bring more functionality into the hands of users. In the health context, mHealth apps play an important role in providing information and services to patients, offering health care professionals ways to monitor vital parameters or consult patients remotely. The importance of confidentiality in health care and the opaqueness of transport security in apps make the latter an important research subject. OBJECTIVE: This study aimed to (1) identify relevant security concerns on the server side of mHealth apps, (2) test a subset of mHealth apps regarding their vulnerability to those concerns, and (3) compare the servers used by mHealth apps with servers used in all domains. METHODS: Server security characteristics relevant to the security of mHealth apps were assessed, presented, and discussed. To evaluate servers, appropriate tools were selected. Apps from the Android and iOS app stores were selected and tested, and the results for functional and other backend servers were evaluated. RESULTS: The 60 apps tested communicate with 823 servers. Of these, 291 were categorized as functional backend servers, and 44 (44/291, 15.1%) of these received a rating below the A range (A+, A, and A-) by Qualys SSL Labs. A chi-square test was conducted against the number of servers receiving such ratings from SSL Pulse by Qualys SSL Labs. It was found that the tested servers from mHealth apps received significantly fewer ratings below the A range (P<.001). The internationally available apps from the test set performed significantly better than those only available in the German stores (alpha=.05; P=.03). Of the 60 apps, 28 (28/60, 47%) were found using at least one functional backend server that received a rating below the A range from Qualys SSL Labs, endangering confidentiality, authenticity, and integrity of the data displayed. The number of apps that used at least one entirely unsecured connection was 20 (20/60, 33%) when communicating with functional backend servers. It was also found that a majority of apps used advertising, tracking, or external content provider servers. When looking at all nonfunctional backend servers, 48 (48/60, 80%) apps used at least one server that received a rating below the A range. CONCLUSIONS: The results show that although servers in the mHealth domain perform significantly better regarding their security, there are still problems with the configuration of some. The most severe problems observed can expose patient communication with health care professionals, be exploited to display false or harmful information, or used to send data to an app facilitating further damage on the device. Following the recommendations for mHealth app developers, the most regularly observed security issues can be avoided or mitigated.

[Urgent need of action for the future of digital hospitals]. / Dringender Handlungsbedarf für die Zukunft des digitalen Krankenhauses.

BACKGROUND: Digitalization is significantly changing the entire healthcare sector. Hospitals must act now in order to remain competitive. OBJECTIVE: To assess which approaches exist for digitalization along the treatment chain and how digitalization can be strategically implemented. MATERIALS AND METHODS: An analysis of relevant examples from consulting work and success stories from the specialist press is presented, as is a discussion of expert recommendations. RESULTS: More than 90% of German hospitals are currently investing in digitalization. However, they often fail to understand that first and foremost, digitalization offers them the chance to successfully innovate their entire business model. Digital solutions can enhance quality of care, boost efficiency, and greatly improve attractiveness for the employees entrusted with these processes. CONCLUSION: German hospitals should be doing much more to exploit the many digital opportunities that exist. They can do so by deciding where to act first in the treatment chain, prioritizing the underlying actions, and making the necessary funds available. Other key success factors include forming strategic partnerships with startups and "medtech" companies, and introducing an agile corporate culture.

Timing of cyber conflict.

Nations are accumulating cyber resources in the form of stockpiles of zero-day exploits as well as other novel methods of engaging in future cyber conflict against selected targets. This paper analyzes the optimal timing for the use of such cyber resources. A simple mathematical model is offered to clarify how the timing of such a choice can depend on the stakes involved in the present situation, as well as the characteristics of the resource for exploitation. The model deals with the question of when the resource should be used given that its use today may well prevent it from being available for use later. The analysis provides concepts, theory, applications, and distinctions to promote the understanding strategy aspects of cyber conflict. Case studies include the Stuxnet attack on Iran's nuclear program, the Iranian cyber attack on the energy firm Saudi Aramco, the persistent cyber espionage carried out by the Chinese military, and an analogous case of economic coercion by China in a dispute with Japan. The effects of the rapidly expanding market for zero-day exploits are also analyzed. The goal of the paper is to promote the understanding of this domain of cyber conflict to mitigate the harm it can do, and harness the capabilities it can provide.

Enhanced quantum secret sharing protocol for anonymous secure communication utilizing W states.

Quantum secret sharing (QSS) represents the fusion of quantum mechanics principles with secret information sharing, allowing a sender to distribute a secret among receivers for collective recovery. This paper introduces the concept of quantum anonymous secret sharing (QASS) to enhance the practicality of such protocols. We propose a QASS protocol leveraging W states, ensuring both recover-security and anonymity of shared secrets. Our protocol undergoes rigorous evaluation verifying their accuracy and fortifying their security against scenarios involving the active adversary. Additionally, acknowledging the imperfections inherent in real-world communication channels, we conduct a comprehensive analysis of protocol security and efficacy in noisy quantum networks. Our investigations reveal that W states exhibit good performance in mitigating noise interference, making them apt for practical applications.

Health Data Sharing with the Goal of Value Creation; Trying to Develop a Framework Using Qualitative Content Analysis.

Introduction: Within the field of data sharing, discussions surrounding privacy concerns and big data management are extensive. This study aimed to provide a comprehensive framework for health data sharing with the objective of creating value. Methods: This study is a qualitative content analysis, which was conducted using a combination of written sources through a systematic review method, in conjunction with content derived from interviews with experts in information technology and healthcare within hospital and emergency settings. Grounded theory serves as the qualitative methodology, involving three coding phases: open, axial, and selective, facilitated by MAXQDA software. Results: Qualitative content analysis of the interviews revealed seven main (core) categories and 44 subcategories as driving factors in promoting healthcare data sharing. Simultaneously, inhibiting factors resulted in six main categories and 36 subcategories. The driving factors encompassed technology, education, patient management improvement, data utilization for various purposes, data-related considerations, legal and regulatory aspects, and health-related factors. Conversely, inhibiting factors encompassed security and privacy concerns, legal issues, external organizational influences, monitoring and control activities, financial considerations, and inter-organizational challenges. Conclusion: This study has identified key driving and inhibiting factors that influence the sharing of healthcare data. These factors contribute to a more comprehensive understanding of the dynamics surrounding data sharing within the healthcare information system.

SentinelFusion based machine learning comprehensive approach for enhanced computer forensics.

In the rapidly evolving landscape of modern technology, the convergence of blockchain innovation and machine learning advancements presents unparalleled opportunities to enhance computer forensics. This study introduces SentinelFusion, an ensemble-based machine learning framework designed to bolster secrecy, privacy, and data integrity within blockchain systems. By integrating cutting-edge blockchain security properties with the predictive capabilities of machine learning, SentinelFusion aims to improve the detection and prevention of security breaches and data tampering. Utilizing a comprehensive blockchain-based dataset of various criminal activities, the framework leverages multiple machine learning models, including support vector machines, K-nearest neighbors, naive Bayes, logistic regression, and decision trees, alongside the novel SentinelFusion ensemble model. Extensive evaluation metrics such as accuracy, precision, recall, and F1 score are used to assess model performance. The results demonstrate that SentinelFusion outperforms individual models, achieving an accuracy, precision, recall, and F1 score of 0.99. This study's findings underscore the potential of combining blockchain technology and machine learning to advance computer forensics, providing valuable insights for practitioners and researchers in the field.

Handling Complexity in Decentralized Research Networks: The Data Sharing Framework Allowlist Management Application.

INTRODUCTION: With the establishment of the Data Sharing Framework (DSF) as a distributed business process engine in German research networks, it is becoming increasingly important to coordinate authentication, authorization, and role information between peer-to-peer network components. This information is provided in the form of an allowlist. This paper presents a concept and implementation of an Allowlist Management Application. STATE OF THE ART: In research networks using the DSF, allowlists were initially generated manually. CONCEPT: The Allowlist Management Application provides comprehensive tool support for the participating organizations and the administrators of the Allowlist Management Application. It automates the process of creating and distributing allowlists and additionally reduces errors associated with manual entries. In addition, security is improved through extensive validation of entries and enforcing review of requested changes by implementing a four-eyes principle. IMPLEMENTATION: Our implementation serves as a preliminary development for the complete automation of onboarding and allowlist management processes using established frontend and backend frameworks. The application has been deployed in the Medical Informatics Initiative and the Network University Medicine with over 40 participating organizations. LESSONS LEARNED: We learned the need for user guidance, unstructured communication in a structured tool, generalizability, and checks to ensure that the tool's outputs have actually been applied.

Connected to the cloud at time of death: a case report.

BACKGROUND: Our case report provides the first clinical evaluation of autopsy practices for a patient death that occurs on the cloud. We question how autopsy practices may require adaptation for a death that presents via the 'Internet of Things', examining how existing guidelines capture data related to death which is no longer confined to the patient's body. CASE PRESENTATION: The patient was a British man in his 50s, who came to the attention of the medical team via an alert on the cloud-based platform that monitored his implanted cardioverter defibrillator (ICD). The patient had a background of congenital heart disease, with previous ventricular fibrillation cardiac arrest, for which the ICD had been implanted two years earlier. Retrospective analysis of the cloud data demonstrated a gradually decreasing nocturnal heart rate over the previous three months, falling to a final transmission of 24 beats per minute (bpm). In the patient post-mortem the ICD was treated as medical waste, structural tissue changes precluded the effective evaluation of device hardware, potential issues related to device software were not investigated and the cause of death was assigned to underlying heart failure. The documentation from the attending law enforcement officials did not consider possible digital causes of harm and relevant technology was not collected from the scene of death. CONCLUSION: Through this patient case we explore novel challenges associated with digital deaths including; (1) device hardware issues (difficult extraction processes, impact of pathological tissue changes), (2) software and data limitations (impact of negative body temperatures and mortuary radio-imaging on devices, lack of retrospective cloud data analysis), (3) guideline limitations (missing digital components in autopsy instruction and death certification), and (4) changes to clinical management (emotional impact of communicating deaths occurring over the internet to members of family). We consider the implications of our findings for public health services, the security and intelligence community, and patients and their families. In sharing this report we seek to raise awareness of digital medical cases, to draw attention to how the nature of dying is changing through technology, and to motivate the development of digitally appropriate clinical practice.