Abstract: Systems and methods for preparing and re-commissioning a controlled device in a home area network are described. A utility meter is communicated with. An authentication key and encryption data for communicating with the utility meter may be determined. The authentication key and encryption data are sent to a controlled device. A set of translation rules for a message are determined. The translation rules are sent to the controlled device. The controlled device establishes a secure communication link with the utility meter using the authentication key and the encryption data. The controlled device receives a request to change power usage from the utility meter over the secure communication link. The controlled device translates the request to change power usage into control instructions using the translation rules.

Abstract: Disclosed are various examples for distributed profile and key management. In one example, a management service can generate a partially populated device profile and provide the partially populated device profile to a client application executable on a client device. The client application can generate a credential and insert the credential into the partially populated device profile to generate a fully populated device profile. The credential can be shared with at least one other client application on the client device. The management service can use the fully populated device profile to generate multiple profiles that rely on a single credential, such as a single X.509 security certificate.

Abstract: Examples are disclosed for detecting synthetic online entities that may be used for fraudulent purposes or other purposes. In some aspects, a computing system can generate a data structure that includes nodes and links between the nodes. The nodes can represent online entities and the links can represent geographic associations or transactional associations between pairs of online entities. These associations can be identified from electronic transactions involving the online entities. The computing system can determine, from the links between the nodes, that a degree of connectivity among a subset of the nodes exceeds a threshold connectivity. The degree of connectivity indicates electronic communications involving online entities represented by the subset of the nodes. The computing system can transmit, based on the degree of connectivity exceeding the threshold connectivity, an alert indicating a potential synthetic entity (e.g., potentially fraudulent activity) within the subset of the nodes.

Abstract: A cyber-security threat detection system and method stores physical data measurements from a cyber-physical system and extracts synchronized measurement vectors synchronized to one or more timing pulses. The system and method synthesize data integrity attacks in response to the physical data measurements and applies alternating parameterized linear and non-linear operations in response to the synthesized data integrity attacks. The synthesis renders optimized model parameters used to detect multiple cyber-attacks.

Abstract: Systems and methods for an automotive security gateway include an in-gateway security system that monitors local host behaviors in vehicle devices to identify anomalous local host behaviors using a blueprint model trained to recognize secure local host behaviors. An out-of-gateway security system monitors network traffic across remote hosts, local devices, hotspot network, and in-car network to identify anomalous behaviors using deep packet inspection to inspect packets of the network. A threat mitigation system issues threat mitigation instructions corresponding to the identified anomalous local host behaviors and the anomalous remote host behaviors to secure the vehicle devices by removing the identified anomalous local host behaviors and the anomalous remote host behaviors. Automotive security gateway services and vehicle electronic control units operate the vehicle devices according to the threat mitigation instructions.

Abstract: Method and apparatus for remotely accessing a computing resource service provider are disclosed. In the method and apparatus, a first computing environment sends, to a second computing environment, a request for information usable for accessing the second computing environment. In response to the request, the information that is usable to remotely access a subset of the computing resources of the second computing environment is made available to a computing system of the first computing environment, whereby the subset of the computing resources is provisioned for a customer of the second computing environment and the customer of the second environment operates the first computing environment.

Abstract: A secure network communication system and method for secure data exchange using TCP are disclosed. The system provides data exchange between a client and server, through an agent and broker interconnected to exchange data over an unsecured network. Upon receipt of a control packet from the client, the broker forwards a modified control packet to the agent using a secure protocol. The agent inspects the modified control packet and forwards it to the server. Upon receipt of a response packet from the server, the agent forwards the response packet to the broker using a secure protocol. Upon receipt of the response packet, the agent modifies the response packet and forwards it to the client. If the exchange of control packets indicates establishment of a TCP session, the agent and the broker establish a data channel between themselves to create a transparent TCP channel between the client and the server.

Abstract: Techniques for resource protection using metric-based access control policies are described. A policy enforcement service receives a request involving a resource, and determines a dynamic metric value for the resource. The dynamic metric value is generated via a monitoring of one or more resources. The one or more resources may include the resource. Responsive to a determination that the dynamic metric value does not satisfy a dynamic metric condition of a policy defined by a user for the resource, the policy enforcement service performs one or more security actions related to the request. The dynamic metric condition was configured by the user.

Abstract: A command server identification device adds a tag to data received by malware upon execution of the malware, the tag capable of uniquely identifying identification information for a transmission source of the data, and tracks propagation of the data added with the tag. The command server identification device acquires a tag of data referenced by a branch instruction executed by the malware, among the tracked data. The command server identification device analyzes information on an instruction of a branch destination not executed by the malware after the branch instruction. Then, the command server identification device identifies identification information of a command server for issuing a command to the malware from the identification information of the transmission source corresponding to the acquired tag, based on the result of analysis.

Abstract: An application for dynamic, granular access permissions can include a database interface, a user interface, a login process, an administrator, an event handler and an authorization process. The database interface can be an interface to an access control permissions database that stores roles, actions, or policies for users of the application. The login process can authenticate a user and determine a default set of access control permissions for that user when they are using the user interface. The administrator can provide access control permissions for a user by using the database interface. The event handler can dynamically modify access to functionality in the user interface based on an event. The authorization process can determine whether a request from the user interface is authorized before process the request. The authorization process can use access control permissions from the administrator and either a scope limited or a temporally limited access permission.

Abstract: A server receives a certificate signing request and onboarding information for an applicant device, and identifies a customer associated with the applicant device based on an applicant device identifier and a database identifiers associated with customers. The device determines a registered device associated with the customer is a trusted device, a location trust value for the applicant device based on a geolocation proximity between the applicant device and the trusted device, and an environment trust value for the applicant device based on a proximity in a network topology between the applicant device and the trusted device. The device further determines a trust score for the applicant device based on the location trust value and the environment trust value, and sends a signed certificate to the applicant device over the network when the trust score for the applicant device exceeds a threshold.

Abstract: Aspects of the present invention provide an approach for user authentication during a user session which potentially requires multiple user authentications. A library of authentication methods is provided for preforming the user authentications. For authentication, a threshold contribution value is set which needs to be exceeded for authentication to occur. To carry out the authentication, a chain of authentication methods is constructed at run time, selected from the library in order to provide an aggregate contribution value which exceeds the threshold. During run time, the contribution value of each authentication method is dynamically adjusted, so that construction of the chain uses current amounts for the contribution values of each authentication method. This allows the chain to be reconstructed at run time taking into account changing circumstances. Specifically, not yet executed authentication methods may be unlinked from the chain and replaced with one or more new ones.

Abstract: The disclosed computer-implemented method for securing Universal Plug and Play connections may include (1) detecting, by a network device within a local network, an attempt by a remote device to establish a connection with a client device within the local network via a UPnP protocol, (2) identifying a forwarding rule applied by the network device on the client device based at least in part on an identity of the client device, (3) determining at least one restriction placed on UPnP connections between the client device and remote devices by the forwarding rule, and then in response to determining the restriction placed on UPnP connections between the client device and remote devices by the forwarding rule, (4) enforcing the restriction on the connection attempted by the remote device with the client device via the UPnP protocol. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A controller and a device generate a shared key by performing mutual authentication using a public key certificate of the controller and a public key certificate of the device. The controller and the device set an expiry for the shared key to one of the expiry of the public key certificate of the controller and the expiry of the public key certificate of the device. The controller and the device perform the mutual authentication using neither the public key certificate of the controller nor the public key certificate of the device, but the shared key, if the expiry set for the shared key has not passed.

Abstract: A method and system for improving efficiency and security of a role based access control (RBAC) identity management system. A service provider owner requests an addition of a service provider identity dataset to a role dataset in the RBAC identity management system. The role dataset includes permissions to the individual users within the service provider identity dataset to access a secured resource of the RBAC identity management system and to perform the service on the secured resource. Addition of the service provider identity dataset to the role dataset is granted and is periodically revalidated which includes receiving an instruction to maintain or delete the service provider identity dataset from the role dataset. Access to the secured resource is based on the service provider identity dataset in the role dataset, instead of being based on the individual users, which improves the efficiency and security of the RBAC identity management system.

Abstract: A malware detection system to detect malware in a virtual machine (VM), the system including a profile generator adapted to generate a profile of a deployment of the VM, the profile including execution characteristics of the deployment; a VM package generator to generate a VM package including: a VM descriptor describing a particular deployment of the VM; and an image of the particular deployment, the image including a representation of data stored for the particular deployment of the VM; and a malware identifier adapted to identify malware in a deployment of the VM responsive to the identification of a difference between profiles of multiple different deployments of the VM.

Abstract: According to the presently disclosed subject matter, malware induced data compression is harnessed for detecting infection of a host computer by the malicious software, which caused data compression. To this end, compressed ratio of the compressed data received from a host computer is compared with an expected compression ratio and based on the comparison it is determined whether the received data is suspected of being infected by a malware.

Abstract: A method is disclosed for verifying a correctness of a result of an electronic activity on a communications network and having one or more cryptographic related processes for verifying the correctness, where the activity is among a plurality of parties and the activity results in an exchange of a monetary asset. The method includes receiving first information for securing first data from being changed, where the first data (i) is used in performing the activity by the parties, and (ii) identifies one or more values for applying one or more predetermined machine encoded constraints related to performing the activity. During, and prior to a termination, of the activity, the method further includes, for a first of the parties, obtaining second information for a data collection including the first data, the second information not being available to any of the parties for affecting the activity prior to an event terminating the activity.

Abstract: Technologies are generally described for methods and devices for generating a final signature. The methods may comprise receiving a message by a processor. The methods may comprise generating a random number by a random number generator. The methods may comprise forwarding, by the processor, the random number to a cloaking element generator. The methods may comprise forwarding, by the processor, a private key to the cloaking element generator. The methods may comprise forwarding, by the processor, a group to the cloaking element generator. The methods may comprise forwarding, by the processor, a homomorphism to the cloaking element generator. The methods may comprise processing, by the cloaking element generator, the random number, the group, the private key, and the homomorphism to produce a cloaking element. The methods may comprise applying the cloaking element to transform the message into the final signature.

Abstract: Communication partners known to be malignant or benign are input to a known communication partner input unit, a subject communication partner whose malignancy is to be calculated is input to a subject communication partner input unit, a characteristic extractor extracts changes over time in whether the known communication partners and the subject communication partner are listed at a past given time point on a malignancy communication partner list and a benign communication partner list, and a malignancy calculator calculates malignancy of the subject communication partner on the basis of the characteristic information about the known communication partners and the subject communication partner.