Abstract: Systems, apparatuses, and methods to mitigate effects of glitch attacks on a broadcast communication bus are provided. The voltage levels of the communication bus are repeatedly sampled to identify glitch attacks. The voltage level on the communication bus can be overdriven or overwritten to either corrupt received messages or correct received messages.

Abstract: A method for synchronizing transmitter and receiver initialization vectors includes: generating a key and providing the key to a transmitter and a receiver; initializing a transmitter initialization vector and a receiver initialization vector with an initialization vector; forming a transmitter partial counter from a counter of the transmitter initialization vector; encrypting a message using the key and the transmitter initialization vector; generating and transmitting a data packet containing the encrypted message and the transmitter partial counter; incrementing the counter; receiving a data packet with an encrypted message and the transmitter partial counter; extracting the transmitter partial counter from the data packet; forming a receiver partial counter from a counter of the receiver initialization vector; based on a comparison of the receiver partial counter and the transmitter partial counter, changing the counter of the receiver initialization vector; decrypting the message and incrementing the cou

Abstract: Systems and methods for performing multi-factor authentication using a smart ring are disclosed. An exemplary method includes performing a first authentication operation by: collecting, by sensors, gestural data representing a candidate gesture corresponding to ring movement; comparing the candidate gesture to an authentication gesture for a known user; when the candidate gesture matches the authentication gesture, generating a first signal indicating that a particular user has been identified and authenticated as the known user; and transmitting the first signal to a second device, wherein the second device controls access to a resource. The method also includes performing a second authentication operation by detecting contact between the ring and an external component; and generating and transmitting a second signal in response to detecting the contact, and when the second device receives the first and the second signals, causing the second device to grant the particular user access to the resource.

Abstract: Embodiments of the present disclosure are directed to systems and methods for improving wireless network services by carrying out various procedures to identify and filter suspect user devices. A network function may monitor a plurality of network service requests from a particular user device and determine, based on the plurality of network services requests, that the requesting user device is engaged in suspicious activity. Upon such a determination, the network function may initiate one or more enforcement actions by communicating an instruction to an equipment identity register to add the requesting user device to a suspect device list stored on a unified data repository.

Abstract: Systems and methods are provided for dynamic virtual private network concentrators (VPNC) gateway selection and on-demand VRF-ID configuration. A dynamic VPNC gateway selection component can dynamically route to a particular VPNC gateway based on multiple user-specific factors, including: a) behavior of users on the network; and b) performance of a destination service/device. A dynamic VPNC gateway selection component can rank a user based on one or more factors relating to the behavior of the user. Also, the dynamic VPNC gateway selection component can determine whether a VPNC gateway at a data center is healthy, and whether a destination service at the data center is healthy. The dynamic VPNC gateway selection component can dynamically select a VPNC gateway from a plurality of VPNC gateways at the data center for communicating forwarded traffic from the user based on the user's ranking if either the VPNC gateway or the service are unhealthy.

Abstract: There is disclosed in an example, a gateway apparatus, including a hardware platform having a processor and a memory; a wireless network interface; and instructions encoded within the memory to instruct the processor to: provide a first virtual access point (VAP) secured by an IEEE 802.1x extensible authentication protocol (EAP) enterprise security method; provide a second VAP secured by a WiFi protected access pre-shared key (WPA-PSK) method; onboard a device, comprising determining whether the device supports the EAP method, and enrolling the device with the EAP method if the device supports the EAP method; and if the device does not support the EAP method, enrolling the device with the WPA-PSK method.

Abstract: A system and method for selectively transmitting cryptographically signed information to a limited number of parties of an agreement using one or more processors. For each party affected by a decision of a first party, the processors generate a token according to a function of both (i) a cryptographic key of the given party and (ii) a cryptographic key of a second party, and transmit to respective private data stores of each party (a) the first party's decision, (b) the generated token, and (c) an identity of the second party. The decision of the first party and the generated tokens are transmitted to the private data stores of only the parties that are affected by the decision of the first party.

Abstract: The present invention is provided with a threat analysis processing unit that, on the basis of an analysis result from the vulnerability analysis unit, analyzes a threat to the system and outputs a threat analysis result; a countermeasure planning unit that, on the basis of the threat analysis result and vulnerability information, plans the countermeasure plan which reduces the impact of the vulnerability; a security test planning unit that plans the security test on the basis of the countermeasure plan; an evaluation calculation unit that performs an evaluation on the basis of the security test, and outputs an evaluation result; and a result processing unit that processes the evaluation result and generates a security countermeasure.

Abstract: Systems and methods are disclosed herein for real-time digital authentication. According to some embodiments, a certification authentication method includes receiving a list of third party root certificates from a remote server, the list of third party root certificates including at least one association between a program configured to run on the computing apparatus and a public key for authenticating communication between the program and an associated server of the program. The method may also include authenticating the list of third party root certificates. The method may also include initiating a communication between the computing apparatus and the associated server and authenticating the communication with the associated server using the public key. Furthermore, the method may also include loading the program onto the one or more memories during a bootstrapping process in response to determining that the communication with the associated server is authentic.

Abstract: Techniques for mitigating BGP blackholes and hijackings are disclosed herein. The techniques include methods for determining, by a victim autonomous system (AS), that a first AS is associated with a first BGP route that includes the victim AS as the destination or as an AS along the first BGP route to the destination and sending a message to a second AS directing the second AS to refrain from using the first AS to propagate data to the victim AS. The message can include a set of one or more AS numbers to avoid in refraining from using to propagate data to the victim AS, a timestamp, an expiration interval, a signature of the victim AS, and an identifier identifying a certificate to be used to verify the signature. Systems and computer-readable media are also provided.

Abstract: The present disclosure is related to a cyber-security system that includes a Supervisory Control and Data Acquisition (SCADA) network monitor configured to receive a data set from a power system network, an event manager, and a mitigation system, where the SCADA network monitor includes an anomaly detector.

Abstract: A method for determining a behavior of a smart card, which may be implemented by a server. The method includes operations for obtaining a first reference time data corresponding to a time for setting a smart card clock, and a second reference time data corresponding to a time for reading a first time data from the clock, determining a time drift associated with the smart card based on the first reference time data and on the second reference time data, and determining a behavior of the smart card from the time drift.

Abstract: A proximity based authentication system and method is described. The system includes a gateway, a cloud component, and a mobile device. The gateway is associated with a particular location and is communicatively coupled to a cloud component. The gateway includes a gateway short-range wireless radio capable of establishing a short-range wireless communication channel. The mobile device is also communicatively coupled the cloud component and includes a mobile device short-range wireless radio that communicates with the gateway using the short-range wireless communication channel when the mobile device is in proximity of the gateway. The mobile device receives a gateway key over the short-range wireless communication channel. The mobile device then communicates the gateway key to a cloud component database. The cloud component authenticates the particular location of the mobile device when the cloud component receives the gateway key from the mobile device.

Abstract: A device may receive a malicious file associated with a network of network devices and may identify a file type and file characteristics associated with the malicious file. The device may determine one or more rules to apply to the malicious file based on the file type and the file characteristics associated with the malicious file and may apply the one or more rules to the malicious file to generate a partial file signature for the malicious file. The device may provide the partial file signature for the malicious file to one or more of the network devices of the network. The partial file signature may cause the one or more of the network devices to block the malicious file.

Abstract: A computing system including a processor and a memory, which includes a first memory region operating as a kernel space and a second memory region operating as a user space. Maintained within the kernel space, a first logic unit receives a notification identifying a newly created thread and extracts at least meta-information associated with the newly created thread. Maintained within the user space, a second logic unit receives at least the meta-information associated with the newly created thread and conducts analytics on at least the meta-information to attempt to classify the newly created thread. An alert is generated by the second logic unit upon classifying the newly created thread as a cyberattack associated with a malicious position independent code execution based at least on results of the analytics associated with the meta-information associated with the newly created thread.

Abstract: Disclosed systems and methods initiate an instance of an isolated application on a node computing device. The systems determine that the isolated application requests exclusive access to a block storage resource, create a control group associated with the block storage resource to provide access to members of the control group and set an access rate limit to zero for non-members of the control group, and assig the isolated application to the control group.

Abstract: A device may receive a file that has been downloaded, or is to be downloaded, to a user device, and that is to be subject to a malware detection procedure. The device may obtain, based on one or more file identification properties of the file, metadata identifying user interactions associated with the file. The metadata may include a first group of user interactions performed when the file was accessed on the user device or a second group of user interactions performed when the file was accessed on one or more other user devices. The device may test the file in a sandbox environment to obtain a result by performing the user interactions identified by the metadata and executing the malware detection procedure to determine whether the file is malware. The device may provide a notification to cause the user device to perform actions when the file is malware.

Abstract: Disclosed is an approach for detecting malicious network activity (e.g. based on a data hoarding activity identifies using a graph mixture density neural network (GraphMDN)). Generally, the approach includes generating embeddings using a graph convolution process and then processing the embeddings using a mixture density neural network. The approach may include collecting network activity data, generating a graph representing the network activity, or an aggregation thereof that maintains the inherent graphical nature and characteristics of the data, and training a GraphMDN in order to generate pluralities of distributions characterizing one or more aspects of the graph representing the network activity. The approach may also include capturing new network activity data, and evaluating that data using the distributions generated by the trained GraphMDN, and generation corresponding detection results.

Abstract: This invention discloses a method for discovering vulnerabilities of operating system access control based on model checking. In this method, security attribute and security specifications of operating system access control module are analyzed to construct the access control model. To discover vulnerabilities in the model, security analysis is performed for access control functionality with theorem proving techniques, and consistency of abstract machine specification and correctness and completeness of the components are verified with model checking tools. This method provides theoretical and technical support for studies in the field of operating system security.

Abstract: Traditional Media Access Channel (MAC) address filtering used to prevent a device from gaining access to a wireless network requires an operator to manually enter the MAC address of the undesirable device into the Dynamic Host Configuration Protocol (DHCP) server of the wireless network. However, the present invention does not require or permit manual entry of MAC addresses into the DHCP server. Instead, unique identifiers of devices seeking permission to join the wireless network are contained in a Candidate Joining Device (CJD) Record which resides on a distributed ledger technology infrastructure. The use of a distributed ledger infrastructure, prevents unauthorised users from modifying MAC address records in a DHCP server to grant an unauthorised device access to a wireless network, as any such modification to a CJD Record must be read from and accepted by the members of the distributed ledger infrastructure in accordance with the consensus mechanism thereof.