Abstract: Techniques for bridging a honey network to a suspicious device in a network (e.g., an enterprise network) are disclosed. In some embodiments, a system for bridging a honey network to a suspicious device in an enterprise network includes a device profile data store that includes a plurality of attributes of each of a plurality of devices in the target network environment; a virtual clone manager executed on a processor that instantiates a virtual clone of one or more devices in the target network environment based on one or more attributes for a target device in the device profile data store; and a honey network policy that is configured to route an internal network communication from a suspicious device in the target network environment to the virtual clone for the target device in the honey network.

Abstract: An intrusion device identifies network data to be sent to a destination endpoint and determines a sensitivity level of the destination endpoint based on asset valuation. The intrusion device identifies a subset of signatures that corresponds to the sensitivity level of the destination endpoint and determines whether the network data includes an intrusion based on the subset of signatures.

Abstract: A system and methods for registering and acquiring e-credentials using personal devices and an identity registry system that combines the method for handling digital seals with a proof-of-existence method. The identity registry system is used to register and verify e-credentials. Device owners register their e-credentials when created and updated and verify acquired e-credentials to safeguard against tampering and errors. When registering an e-credential, the e-credential is hashed and digitally sealed creating an identifying thumbprint that is stored in the identity registry system. When verifying an acquired e-credential, the e-credential is hashed, the identity registry system is searched to locate the identifying thumbprint, and the digital seal of the thumbprint is verified. A requesting owner can request an issuing owner to proof, attest, and digitally seal an e-credential of the requester.

Abstract: A protection method, which releases an attack of a malware to a network interface controller (NIC) system, includes processing a microbatching operation in a plurality of session channels at at least an operational period according to at least one input information, to generate a plurality of session-specific NIC patterns of the plurality of session channels; and merging the plurality of session-specific NIC patterns to generate an application-specific NIC pattern at an application layer, so as to dispose a script information corresponding to the application-specific NIC pattern in the NICs for releasing the attack of the malware, wherein the microbatching operation is processed to generate a plurality of independent subset-specific NIC pattern in each session channel, so as to generate the session-specific NIC pattern corresponding to each session channel.

Abstract: A method, a device, and a system for alerting against unknown malicious codes includes judging whether any suspicious code exists in the packet, recording a source path of the suspicious code and sending alert information that carries the source path to a monitoring device. The embodiments of the present disclosure report the source paths of suspicious codes proactively at the earliest possible time, which lays a foundation for shortening the time required for overcoming virus threats, and avoids the trouble of installing software on the terminal.

Abstract: Disclosed is a system and method for detecting anomalous behavior in Industrial Control Networks. The system first operates in a learning phase to learn various behaviors, and then in a protection phase to analyze packets to identify anomalous network events, and, for example, raise an alert.

Abstract: The techniques presented herein provide for verifying the integrity of an encryption key log file generated on a data storage system. Encryption key activity events associated with a storage system's back-end storage drives are identified. A unique signature is generated for each encryption key activity event. Each encryption key activity event and its corresponding signature are stored in an audit log file. An audit log hash file is generated using the contents of the audit log file. At an external location, the audit log file and the audit log hash file are retrieved from the storage system. The integrity of the retrieved audit log file is verified by generating a local audit log hash file and comparing the local audit log hash file to the retrieved audit log hash file and determining if the local audit log hash file matches the retrieved audit log hash file.

Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values to one intermediate value.

Abstract: The present disclosure is directed to a system and method for remotely initializing at least one device in communication with a local host device utilizing an asymmetric cryptographic authorization scheme. According to various embodiments, at least one remote device sends an authorization request including a random value to the local host device. The local host device returns an approval response to the remote device, where the approval response includes the random value encoded utilizing a private key. The remote device is then initialized (e.g. powered on or placed in an active state) upon verification of the encoded random value utilizing a public key that is paired with the private key.

Abstract: An authentication device is provided that authenticates an electronic device based on the responses from distinct types of physically unclonable functions. The authentication device receives a device identifier associated with the electronic device. It then sends one or more challenges to the electronic device. In response, the authentication device receives one or more responses from the electronic device, the one or more responses including characteristic information generated from two or more distinct types of physically unclonable functions in the electronic device.

Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values.

Abstract: A system and method are provided for detecting fraud and/or misuse of data in a computer environment through generating a rule for monitoring at least one of transactions and activities that are associated with the data. The rule can be generated based on one or more criteria related to the at least one of the transactions and the activities that is indicative of fraud or misuse of the data. The rule can be applied to the at least one of the transactions and the activities to determine if an event has occurred, where the event occurs if the at least one criteria has been met. A hit is stored if the event has occurred and a notification can be provided if the event has occurred. A compilation of hits related to the rule can be provided.

Abstract: Methods, systems, computer-readable media, and apparatuses for providing anti-rollback protection in a device which has no internal non-volatile memory are presented. One embodiment is a device for providing anti-rollback protection. The device may obtain a firmware version number associated with a first firmware installation for the device, wherein the device is implemented on a substrate that includes no non-volatile memory. The device may obtain a lowest acceptable firmware version number, wherein the lowest acceptable firmware version number is stored in a secure element environment, wherein the secure element environment utilizes memory separated from the substrate. The device may compare the firmware version number and the lowest acceptable firmware version number, wherein if the firmware version number is less than the lowest acceptable firmware version number, then disallow the first firmware installation.

Abstract: A system and method to communicate secure information between computing machines using an untrusted intermediate with resilience to disconnected network topology. The system and method utilize agnostic endpoints that are generalized to be interoperable among various systems, with their functionality based on their location in a network. The system and method enable horizontal scaling on the network. One or more clusters may be set up in a location within a network or series of networks in electronic communication, e.g., in a cloud or a sub-network, residing between a secure area of the network(s) and an unsecure area such as of an external network or portion of a network. The horizontal scaling allows the system to take advantage of a capacity of a local network. As long as an agent has connectivity to at least one locale of the network, the agent is advantageously operable to move data across the system.

Abstract: The described method is analogous to handling credentials in the physical world where agents and notary publics affix their attestations using their notary seals. The described method enables a person having a personal identity device and an electronic credential (e-credential) to create a digital seal to affix the owner's identity and attestation to an electronic artifact such as a transaction, document, or e-credential. The e-credential owner cannot repudiate having affixed the attestation to the electronic artifact. This enables other parties, including the e-credential owner, to inspect the digital seal affixed to the electronic artifact to identify the owner and the electronic artifact, verify the digital seal, and thereby obtain objective evidence that the attestation is truthful.

Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptic Curve Cryptography point addition algorithm for mixed Affine-Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values.

Abstract: This disclosure provides example details for apparatuses and methods that manage virtual firewalls in a wireless communication network that includes a Core Network, CN, and an associated Radio Access Network, RAN. The virtual firewalls process traffic for respective wireless devices supported by the network. For example, the virtual firewall associated with a given wireless device is maintained in the RAN at the RAN node supporting the device, and is migrated from that RAN node in response to detecting a handover event involving the device. Advantageously, migration may be “horizontal,” where the associated virtual firewall is moved between nodes in the RAN, or may be “vertical,” where the associated virtual firewall is moved from the RAN to the CN.

Abstract: Techniques for dynamic selection and generation of detonation location of suspicious content with a honey network are disclosed. In some embodiments, a system for dynamic selection and generation of detonation location of suspicious content with a honey network includes a virtual machine (VM) instance manager that manages a plurality of virtual clones executed in an instrumented VM environment, in which the plurality of virtual clones executed in the instrumented VM environment correspond to the honey network that emulates a plurality of devices in an enterprise network; and an intelligent malware detonator that detonates a malware sample in at least one of the plurality of virtual clones executed in the instrumented VM environment.

Abstract: The techniques presented herein provide for associating a data encryption lockbox backup with a data storage system. A first set of software system stable values (SSV) is derived from data storage system component values unique to the data storage system. A lockbox storing the first set of SSV and a set of encryption keys associated with a corresponding respective set of data storage system drives is created. Access to the lockbox requires providing a first minimum number of SSV that match corresponding SSV in the first set of SSV. A backup copy of the lockbox is created, wherein access to the backup copy requires providing a second minimum number of SSV that match corresponding SSV in the first set of SSV, wherein the minimum number of SSV is equal to a second match value. The backup copy of the lockbox is stored at a remote location.

Abstract: A method for a Mobile Mobility Entity (MME) to carry out mutual authentication with a group of Machine Type Communication (MTC) devices includes receiving group-related authentication data from a leader, transmitting the received information and an identification number of the MME, to a HSS, receiving from the HSS a random value, an Authentication Vector and information of group members, broadcasting the random value and the first authentication token to the MTC device group based on information received from the HSS, receiving from the leader a leader authentication response that the leader generates by using a local master key value calculated by using the first secret key value, authenticating the leader by comparing the leader authentication response with a leader authentication value received from the HSS, and authenticating members within the MTC device group according to the leader authentication result.