Skip to Content

Research Proposal

Add your abstract and contact information and we will be in touch

Thanks We will be in touch soon

Contact us

Leave a massage and we’ll get back to you

You can also reach us at:

Cyber Security Research Center @ Ben-Gurion University of the Negev
P.O.B. 653
Beer Sheva, 84105,
Israel

+972 8 6428005
+972 8 6428121
cyber-labs bgu.ac.il

Evil third-party screens on smartphones are able to see all that you poke

Of course researchers added machine learning to the mix too Smartphone hackers can glean secrets by analysing touchscreen user interactions, according to new research. Boffins from Ben-Gurion University in Israel have shown it’s possible to impersonate a user by tracking touch movements on smartphones with compromised third-party touchscreens, whether they’re sending emails, conducting financial transactions or even playing games. The research provides a new spin on what was already a recognised threat. Broken smartphone touchscreens are often switched with aftermarket third-party components that have been found to have malicious ...

Read More ...

Royal Bank of Canada invests $2m in BGU cybersecurity R&D

The collaboration aims to develop protection methods to strengthen AI and machine learning techniques, while limiting their vulner...

Read More ...
Mikael Häggström / Wikimedia

New hacks siphon private cryptocurrency keys from airgapped wallets

Beware of smartphones and cameras around wallets storing your digital coin. Researchers have defeated a key protection against cry...

Read More ...
Illustration by NiroWorld/Shutterstock.com

New algorithm identifies fake users on social networks

Israeli and American researchers develop generic method to detect fake accounts on most types of social networks, including Facebo...

Read More ...

MOSQUITO Attack Allows Air-Gapped Computers to Covertly Exchange Data

The team of security researchers—who last month demonstrated how attackers could steal data from air-gapped computers protecte...

Read More ...

Police Issue Warning After Cameras At Women’s Apparel Shop Hacked

‘Assume every camera on a network can be hacked,’ cautioned the police cybercrimes unit. Aviral Peeping Tom who hacked into th...

Read More ...

How dangerous are IOT devices? | Yuval Elovici | TEDxBGU

Prof. Elovici is Head of the Cyber Security Research Center at Ben Gurion University Think of your typical day: you wake up, do yo...

Read More ...

Researchers find 29 types of USB attacks, recommend never plugging into a USB you don’t own

If you ever find a lost charger, don’t use it. If you need power and are tempted to plug into a public USB port, don’t...

Read More ...

New research: Most IoT devices can be hacked into botnets

A team of Israeli researchers have discovered that the average IoT devices you buy on store shelves can be compromised within 30 m...

Read More ...

Israel Developing Cutting Edge Artificial Intelligence Crime-fighting Tools

“Today, we are on the threshold of the next big breakthrough: analyzing big data to discover hidden patterns to predict and prev...

Read More ...

Of course researchers added machine learning to the mix too

Smartphone hackers can glean secrets by analysing touchscreen user interactions, according to new research.

Boffins from Ben-Gurion University in Israel have shown it’s possible to impersonate a user by tracking touch movements on smartphones with compromised third-party touchscreens, whether they’re sending emails, conducting financial transactions or even playing games.

The research provides a new spin on what was already a recognised threat. Broken smartphone touchscreens are often switched with aftermarket third-party components that have been found to have malicious code embedded.

“Our research objective was to use machine learning to determine the amount of high-level context information the attacker can derive by observing and predicting the user’s touchscreen interactions,” said Dr Yossi Oren, a researcher in the BGU Department of Software and Information Systems Engineering. “If an attacker can understand the context of certain events, he can use the information to create a more effective customized attack.”

The researchers recorded 160 touch interaction sessions from users running many different applications. Using a series of questions and games, the researchers employed machine learning to determine stroke velocity, duration and stroke intervals on specially modified LG Nexus Android phones.

The team said the machine learning results demonstrated an accuracy rate of 92 per cent.

“Now that we have validated the ability to obtain high-level context information based on touch events alone, we recognize that touch injection attacks are a more significant potential threat,” Dr Oren added. “Using this analysis defensively, we can also stop attacks by identifying anomalies in a user’s typical phone use and deter unauthorized or malicious phone use.”

David Rogers, a mobile IoT specialist and lecturer in software engineering at the University of Oxford, told El Reg: “I think it is a legitimate avenue for attack if somewhat convoluted. We did some work on secure UI and extraction of screen memory at OMTP [Open Mobile Terminal Platform].”

Dr Oren’s findings were presented at the Second International Symposium on Cybersecurity, Cryptography and Machine Learning (CSCML) on June 21-22 in Beer-Sheva, Israel. The researchers include BGU undergraduate students Moran Azaran, Niv Ben-Shabat, and Tal Shkonik. ®

Source: The Register

The collaboration aims to develop protection methods to strengthen AI and machine learning techniques, while limiting their vulnerability to threats.

The Royal Bank of Canada (RBC) is investing $2 million in research at Ben-Gurion University’s (BGU) Cybersecurity Research Center, RBC and BGU’s technology transfer company BGN Technologies have announced. The funding will support the development of adversarial artificial intelligence (AI), including machine learning-based cyber mitigation techniques.The collaboration aims to develop protection methods to strengthen and evaluate the resilience of current AI and machine learning techniques, while limiting their vulnerability to threats and tampering. The research areas will be developed in collaboration with Prof. Yuval Elovici and Dr. Asaf Shabtai, both from the Department of Software and Information Systems Engineering, at the Ben-Gurion University Cybersecurity Research Center.RBC EVP technology & operations Martin Wildberger said, “In today’s incredibly complex world, we need advanced technology like AI and machine learning to continue developing leading-edge cyber security. This partnership will help support our cyber defense by working with prominent experts in the field, such as the researchers at Ben-Gurion University.”

“We are looking forward to collaborating with RBC, Canada’s largest bank,” said Danny Shtaier, High-Tech Business Development, at BGN Technologies. “This partnership provides our researchers with the opportunity to further apply their leadership in cyber security research to the banking industry, where security is crucial for daily operations and the safety of customers.”

Source: Globes

Mikael Häggström / Wikimedia

Beware of smartphones and cameras around wallets storing your digital coin.

Researchers have defeated a key protection against cryptocurrency theft with a series of attacks that transmit private keys out of digital wallets that are physically separated from the Internet and other networks.

Like most of the other attacks developed by Ben-Gurion University professor Mordechai Guri and his colleagues, the currency wallet exploits start with the already significant assumption that a device has already been thoroughly compromised by malware. Still, the research is significant because it shows that even when devices are airgapped—meaning they aren’t connected to any other devices to prevent the leaking of highly sensitive data—attackers may still successfully exfiltrate the information. Past papers have defeated airgaps using a wide array of techniques, including electromagnetic emissions from USB devicesradio signals from a computer’s video cardinfrared capabilities in surveillance cameras, and sounds produced by hard drives.

On Monday, Guri published a new paper that applies the same exfiltration techniques to “cold wallets,” which are not stored on devices connected to the Internet. The most effective techniques take only seconds to siphon a 256-bit Bitcoin key from a wallet running on an infected computer, even though the computer isn’t connected to any network. Guri said the possibility of stealing keys that protect millions or billions of dollars is likely to take the covert exfiltration techniques out of the nation-state hacking realm they currently inhabit and possibly bring them into the mainstream.

“I think that the interesting issue is that the airgap attacks that were thought to be exotic issues for high-end attacks may become more widespread,” he wrote in an email. “While airgap covert channels might be considered somewhat slow for other types of information, they are very relevant for such brief amounts of information. I want to show the security of ‘cold wallet’ is not hermetic given the existing airgap covert channels.”

One technique can siphon private keys stored in a cold wallet running on a Raspberry Pi, which many security professionals say is one of the best ways to store private cryptocurrency keys. Even if the device became infected, the thinking goes, there’s no way for attackers to obtain the private keys because it remains physically isolated from the Internet or other devices. In such cases, users authorize a digital payment in the cold wallet and then use a USB stick or other external media to transfer a file to an online wallet. As the following video demonstrates, it takes only a few seconds for a nearby smartphone under the attacker’s control to covertly receive the secret key.

The technique works by using the Raspberry Pi’s general-purpose input/output pins to generate radio signals that transmit the key information. The headphones on the receiving smartphone act as an antenna to improve the radio-frequency signal quality, but in many cases they’re not necessary.

second video defeats a cold wallet running on a computer. It transmits the key by using inaudible, ultrasonic signals. Such inaudible sounds are already being used to covertly track smartphone users as they move about cities. It wouldn’t be a stretch to see similar capabilities built into malware that’s designed to steal digital coins.

As already mentioned, the exfiltration techniques described in this post assume the device running the cold wallet is already infected by malware. Still, the widely repeated advice to use cold wallets is designed to protect people against this very scenario.

“We show that, despite the high degree of isolation of cold wallets, motivated attackers can steal the private keys out of the air-gapped wallets,” Guri wrote in the new paper. “With the private keys in hand, an attacker virtually owns all of the currency in the wallet.”

To protect keys, people should continue to store them in cold wallets whenever possible, but they should consider additional safeguards, including keeping cold wallets away from smartphones, cameras, and other receivers. They should also shield cold-wallet devices with metallic materials that prevent electromagnetic radiation from leaking. Of course, people should also prevent devices from becoming infected in the first place.

 

Source: Ars Technica

Illustration by NiroWorld/Shutterstock.com

Israeli and American researchers develop generic method to detect fake accounts on most types of social networks, including Facebook and Twitter.

Fraudulent user profiles – bots – are a serious and growing concern on social media. By some estimates, as many as 48 million Twitter accounts and 270 million Facebook accounts are phony, designed for nefarious purposes from ruining reputations to influencing shoppers and voters.

Now, researchers from Israel’s Ben-Gurion University (BGU) of the Negev and from the University of Washington in Seattle say they have developed a generic method to detect fake accounts on most types of social networks, including Facebook and Twitter.

According to their study published in the journal Social Network Analysis and Mining, the new method is based on the assumption that fake accounts tend to establish improbable links to other users in the networks.

“With recent disturbing news about failures to safeguard user privacy, and targeted use of social media by Russia to influence elections, rooting out fake users has never been of greater importance,” said Dima Kagan, lead researcher and a PhD student in BGU’s department of software and information systems engineering.

The algorithm consists of two main iterations based on machine-learning algorithms. The first constructs a link prediction classifier that can estimate, with high accuracy, the probability of a link existing between two users. The second iteration generates a new set of meta-features based on the features created by the link prediction classifier.

These meta-features are used to construct a generic classifier that can detect fake profiles in a variety of online social networks.

“We tested our algorithm on simulated and real-world data sets on 10 different social networks and it performed well on both,” Kagan reported.

“Overall, the results demonstrated that in a real-life friendship scenario we can detect people who have the strongest friendship ties as well as malicious users, even on Twitter. Our method outperforms other anomaly detection methods and we believe that it has considerable potential for a wide range of applications particularly in the cybersecurity arena,” the study authors said.

The algorithm can also be used to reveal the influential people in social networks.

The Israeli researchers involved in this project previously developed the Social Privacy Protector (SPP) to help users evaluate their friends list in seconds to identify which have few or no mutual links and might therefore be phony profiles.

Other researchers who contributed to the present study are former BGU doctoral student) Michael Fire of the University of Washington and Prof. Yuval Elovici, director of the Telekom Innovation Labs@BGU, director of  Cyber@BGU and a faculty member of BGU’s department of software and information systems engineering.

The study was supported by the Washington Research Foundation Fund for Innovation in Data-Intensive Discovery and the Moore/Sloan Data Science Environment Project at the University of Washington.

 

Source: ISRAEL21c

The team of security researchers—who last month demonstrated how attackers could steal data from air-gapped computers protected inside a Faraday cage—are back with its new research showing how two (or more) air-gapped PCs placed in the same room can covertly exchange data via ultrasonic waves.

Air-gapped computers are believed to be the most secure setup wherein the systems remain isolated from the Internet and local networks, requiring physical access to access data via a USB flash drive or other removable media.

Dubbed MOSQUITO, the new technique, discovered by a team of researchers at Israel’s Ben Gurion University, works by reversing connected speakers (passive speakers, headphones, or earphones) into microphones by exploiting a specific audio chip feature.

Two years ago, the same team of researchers demonstrated how attackers could covertly listen to private conversations in your room just by reversing your headphones (connected to the infected computer) into a microphone, like a bug listening device, using malware.Now, with its latest research [PDF], the team has taken their work to the next level and found a way to convert some speakers/headphones/earphones that are not originally designed to perform as microphones into a listening device—when the standard microphone is not present, muted, taped, or turned off.

Since some speakers/headphones/earphones respond well to the near-ultrasonic range (18kHz to 24kHz), researchers found that such hardware can be reversed to perform as microphones.

Moreover, when it comes to a secret communication, it’s obvious that two computers can’t exchange data via audible sounds using speakers and headphones. So, inaudible ultrasonic waves offer the best acoustic covert channel for speaker-to-speaker communication.

Video Demonstrations of MOSQUITO Attack


Ben Gurion’s Cybersecurity Research Center, directed by 38-year-old Mordechai Guri, used ultrasonic transmissions to make two air-gapped computers talk to each other despite the high degree of isolation.

The attack scenarios demonstrated by researchers in the proof-of-concept videos involve two air-gap computers in the same room, which are somehow (using removable media) infected with malware but can not exchange data between them to accomplish attacker’s mission.

The attack scenarios include speaker-to-speaker communication, speaker-to-headphones communication, and headphones-to-headphones communication.

“Our results show that the speaker-to-speaker communication can be used to covertly transmit data between two air-gapped computers positioned a maximum of nine meters away from one another,” the researchers say.

“Moreover, we show that two (microphone-less) headphones can exchange data from a distance of three meters apart.”

However, by using loudspeakers, researchers found that data can be exchanged over an air-gap computer from a distance of eight meters away with an effective bit rate of 10 to 166 bit per second.

It’s not the first time when Ben-Gurion researchers have come up with a covert technique to target air-gapped computers. Their previous research of hacking air-gap computers include:

  • aIR-Jumper attack steals sensitive data from air-gapped PCs with the help of infrared-equipped CCTV cameras that are used for night vision.
  • USBee can be used to steal data from air-gapped computers using radio frequency transmissions from USB connectors.
  • DiskFiltration can steal data using sound signals emitted from the hard disk drive (HDD) of air-gapped computers.
  • BitWhisper relies on heat exchange between two computers to stealthily siphon passwords and security keys.
  • AirHopper turns a computer’s video card into an FM transmitter to capture keystrokes.
  • Fansmitter technique uses noise emitted by a computer fan to transmit data.
  • GSMem attack relies on cellular frequencies.

Source: The Hacker News

‘Assume every camera on a network can be hacked,’ cautioned the police cybercrimes unit.

Aviral Peeping Tom who hacked into the closed-circuit TV surveillance camera at a women’s bathing suit shop has led to a warning from the Israel Police Cybercrimes Unit that similar systems may be compromised and violate the privacy of unsuspecting persons.

According to police, an unidentified 41-year-old man was arrested on Wednesday after he allegedly used his computer to hack into the CCTV system at a high-end boutique in northern Tel Aviv and recorded customers as they undressed and tried on bathing suits.

While details of the incident remain unclear due to a gag order, police said the suspect subsequently posted the videos to a social media page.

“When the footage became public earlier this week, the national Cybercrimes Unit opened an investigation and arrested the suspect on Wednesday,” said police spokesman Micky Rosenfeld, adding that a Tel Aviv Magistrate’s Court judge ordered the suspect be remanded through Sunday.

Following the hacking, the Cybercrimes Unit recommended a number of preventive measures that should be taken by the public and by store owners to protect their privacy in similar situations.

“Take into account and assume that every camera that is on a network system can be hacked,” the unit warned in a statement. “Therefore, clothing store owners should ensure no cameras are placed in changing rooms or other sensitive locations.”

Additionally, the unit recommended that those who implement CCTV systems use complex passwords for accessing surveillance footage to make it difficult to hack into such video, and not connect the network systems used by the cameras to a public computer.

According to cyber-researchers at Ben-Gurion University of the Negev in Beersheba, security cameras infected with malicious software can use infrared light to receive covert signals and leak sensitive information.

The technique, called “aIR-Jumper,” also enables the creation of bidirectional covert optical communication between air-gapped internal networks that are isolated and disconnected from the Internet without remote access to the organization.

 

Source: The Jerusalem Post

Prof. Elovici is Head of the Cyber Security Research Center at Ben Gurion University Think of your typical day: you wake up, do your morning routine, open the fridge, maybe turn on the heat, boiler for the shower? Get in the car and drive to work. We hear the term Internet of Things get thrown around a lot and it seems as a society we are developing some sort of phobia from ‘smart’ devices.

On the TEDxBGU stage Prof. Elovici will take us through a typical day just a few years from now and make us realize the power of connectivity, for good or – for bad. This talk was given at a TEDx event using the TED conference format but independently organized by a local community.

Source: TEDx Talks YouTube

If you ever find a lost charger, don’t use it. If you need power and are tempted to plug into a public USB port, don’t do it.

It’s long been known that you should never insert an unknown USB drive to your computer because it could be loaded with malware. However, new research from Ben-Gurion University has exposed 29 types of USB attacks, and extends to your smartphone. It shows that you should never use a USB charger you find lying around or plug into a public USB port. Both can be compromised by attackers, as we talked about with one of the researchers on the project, Ran Yahalom.

Yahalom is the co-author of a journal article on the research with Dr. Nir Nissim, head of the Malware Lab of the Cyber Security Research Center at Ben-Gurion University, and Yuval Elovici, head of BGU’s Cyber Security Research Center (CSRC).

Yahalom said, “There are many non-trivial USB-based attacks. Some are carried out by the host, the computer connecting the USB peripheral. The most common ones are infected, or malicious. Once connected, they have access and take control of your computer.

“Microcontrollers are another attacks category. Microcontrollers can impersonate a USB peripheral. For example, you can program a teensy microcontroller or an Arduino [board] to act like a keyboard or a mouse. Once you program a keyboard and connect, it actually starts injecting key presses. It’s actually like having someone working on your computer.”

Yahalom added, “A more complicated category to implement doesn’t require any implantation. Someone can use an off-the-shelf product to find a way to reprogram firmware, update firmware, a legitimate process, supported by our protocol. It does bidding.

“A client bought the product benign but once reprogrammed by firmware update, it’s malicious and it’s owned and operated by someone else who has control.

“We surveyed 29 attacks, updated last year. New methods of likely developed and published attacks increase that number. The microcontroller, a reprogrammable microcontroller used to impersonate peripherals as well as an actually the firmware update. Academic circles call this ‘bad USB.’ It’s a family of attacks based on reprogramming the firmware.”

He continued, “The other are electrical attacks. In 2015, showed how to generate or build an electrical component enclosed in a flash drive casing. It looks like a flash drive, but it’s not a flash drive, it conducts a power surge attack once connected, and, fry the entire computer. New developments in this area of attack are also likely.

“If you go into a coffee shop and use charger there, or an airport or a train station, any charger that is not your own, you don’t know what that piece of hardware really does,” Yahalom stresses. “It may not be a charger, but a microcontroller hidden inside a charger casing. It could be something else. You don’t know. Once put into your phone, anything could happen.

I demonstrated how to connect a keyboard to a phone. But it doesn’t look like a keyboard, it looks like a charger, but it’s actually a microcontroller I reprogrammed. I programmed it to act as a keyboard, so it impersonates a keyboard and it looks like a charger. It’s connected to the socket, but without an electrical part of that charger, it’s just a microcontroller. I showed how to connect it to and lock the phone, a sort of ‘ransomware.'”

And Yahalom means “ransom” as in, “‘If you want the pin number, then to pay me,’ which can really happen. There are other types of attacks, where someone reprograms your phone and you wouldn’t even know. You’re carrying spyware, without knowledge of it, just because you injected something you weren’t aware of.

“The general rule of thumb is: treat technology as something you don’t naturally trust. As users, we have a tendency to trust technology, to trust peripherals, i.e., you trust your flash drive, you trust your keyboard, but you trust it because you’re not aware. Treat it as a syringe: You wouldn’t find a syringe in the parking lot, pick it up, and inject it to yourself. Because you’re aware you could be infected. You have no knowledge of what could happen, but are afraid because it could be dangerous. This is exactly the same thing.”

“Now that we’re moving from the cyber world to the physical world, it becomes increasingly clearer and we must get the word out,” he said.

“Bring your own charger.

“Use your own hardware.

“Don’t trust Wi-Fi networks.

“Educate yourself about different levels of security. For example, 3G is commonly believed to be more secure than Wi-Fi, since Wi-Fi’s easier to hack.”

In conclusion, Yahalom said, “These are important rules that will keep you safe. Anything like that, that you can do. Again, you don’t stop using technology because, obviously, that’s not the idea. Until manufacturers secure hardware and regulators enforce laws to keep us safe, we need to be extra aware and follow the simple rules.

Just be careful. Don’t trust anything.”

 

Source: TechRepublic

A team of Israeli researchers have discovered that the average IoT devices you buy on store shelves can be compromised within 30 minutes and added to a botnet.

As Internet of Things devices multiply exponentially, it looks like security still isn’t improving. A team of Ben-Gurion University researchers recently went out and bought a bunch of off-the-shelf devices to see how easily they could compromise them—and then use that information to attack other devices like them over the internet. In an interview with TechRepublic, BGU senior lecturer Yossi Oren explained what they found.

You can watch the video interview above or read the transcript below.

Oren said, “So together with my team, we tried to find out how difficult it is to buy an IoT camera and get into its secrets—find out passwords, connections, all sorts of information. What we discovered is that you need about 30 minutes after you unbox the camera, until you can find its default password, and also the services it’s running. And then use this information to add this camera and all the cameras of the same make and model into a botnet, which you control. And it’s very, very concerning.”

“We investigated 16 different devices—baby monitors, doorbells, cameras, temperature sensors, [etc.] And out of these 16 devices, we were able to find the password for 14 of them. So, that’s a good percentage. What we did is we took these cameras apart in our lab and we looked for what is called a debug port. This is a connector, which developers and engineers use when they are building this camera to make sure it’s built properly. And because it’s very expensive to print out a new circuit board once you’re finished developing, all of these cameras actually had these debug ports still in the hardware. Once you connect to there, you have backstage access to the camera. Sometimes, there is a password you need to crack, so we had to do that.”

Oren said, “One device is the later generation version of a very popular thermostat, [It] actually didn’t have this diagnostic port because it’s a very well-selling device. They actually had the engineering time to create a new version without this port and another two devices had a port, but [were] protected by passwords which were unable to crack in one hour. It could be that if we would spend a week on it, we would be able to crack it.

“Right now, devices you are buying today are very, very easy to attack and the problem is that once you attack it once, all of these devices can be attacked remotely. So you only need to do this one time—this process of taking them apart. And one problem, a big problem, with IoT devices when you compare them to computers and phones is that these devices are mostly going to be installed in some corner, in some alley, in some doorway, and not touched for 10 or 20 years. Think of street lights or traffic lights. And this means that you might be still using these devices after their manufacturer has gone out of business and nobody will ever issue firmware updates. You compare this to phones, where you find a vulnerability and the next week later, your phone restarts and voila, it’s patched. So, these devices are going to be here to stay and this means that probably consumers or network providers or something are going to be responsible for keeping these devices secure. This is very concerning based on what consumers have been able to demonstrate so far.”

Oren concluded, “You only need physical access once. Once you buy one copy of a make and model of a camera and you attack it in your lab, you get information which will allow you to attack this make and model anywhere remotely. So out of the devices we surveyed, nine of them were able to be accessed over the network. The access was protected by a password, this password we discovered using our methods. So once you get this password, anywhere in the world, you can access [the device].”

Ben-Gurion University graduate student and researcher Yael Mathov speaks about how easily she and her teammates were able to compromise off-the-shelf IoT devices.
Image: Jason Hiner/TechRepublic

 

Source: TechRepublic

“Today, we are on the threshold of the next big breakthrough: analyzing big data to discover hidden patterns to predict and prevent crime.”

Ben-Gurion University of the Negev and the Israel Police aim to develop advanced cyber, big-data and artificial intelligence tools that may eventually be able to predict and prevent crime.
In a joint initiative with the police, the university launched the Center for Computational Criminology this week at BGU’s Advanced Technologies Park in the presence of Police Commissioner Insp.-Gen. Roni Alsheikh and BGU president Prof. Rivka Carmi.

“The last, most significant scientific breakthrough to change law enforcement was DNA testing,” said Prof. Lior Rokach, head of the new center, chairman of the Department of Software and Information Systems Engineering, and a leading expert on artificial intelligence.

“Today, we are on the threshold of the next big breakthrough: analyzing big data to discover hidden patterns to predict and prevent crime,” he said. “The AI revolution of the past few years will prove to be even more significant than DNA testing for law enforcement, providing them with unprecedented investigative tools and new sources of evidence.”

According to the university, cybercrime has risen precipitously in recent years as criminals and even rogue governments have capitalized on the anonymity of cyberspace to cloak their activities while reaping sizable profits.

Additionally, the use of social media-based evidence has also been on the uptick in recent years as more and more information is shared online.

As part of the initiative, BGU researchers will work side by side with the Israel Police’s cyber investigators to develop new artificial-intelligence and machine-learning tools for law enforcement.

Alsheikh said that the police’s Cyber Unit, which was created to lead the national effort to combat cybercrime, would collaborate with the university’s cybersecurity experts to improve police enforcement and prevention capabilities.

“The cooperation will enable the police to bring technology to bear more effectively in enforcing the law and fighting crime – whether [committed by] cybercriminals or traditional criminals – by turning a threat into an opportunity,” Alsheikh said.

Ben-Gurion has in recent years become a recognized international leader in cybersecurity and big data research with a national initiative to promote Beersheba as the “Cyber Capital of Israel.”

The Center joins Cyber@BGU (CBG), a shared research platform for the most innovative and technologically challenging cyber-related projects run in collaboration with multi-national companies and government organizations.

Among others, the CBG includes the Cyber Security Research Center, a joint initiative with the Israel National Cyber Bureau and Telekom Innovation Laboratories, in partnership with Deutsche Telekom.

Carmi said that “putting that expertise to work for the State of Israel is a privilege,” which comes on the heels of the government’s decision to place the national Computer Emergency Response Team at the Advanced Technologies Park.

 

Source: The Jerusalem Post

About Us

Cyber@BGU is an umbrella organization at Ben Gurion University, being home to various cyber security, big data analytics and AI applied research activities.Residing in newly established R&D center at the new Hi-Tech park of Beer Sheva (Israel’s Cyber Capital), Cyber@BGU serves as a platform for the most innovative and technologically challenging projects with various industrial and governmental partners.

Latest Publications

Incentivized Delivery Network of IoT Software Updates Based on Trustless Proof-of-Distribution

Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, Asaf Shabtai

IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B) AN IEEE EUROPEAN SYMPOSIUM ON SECURITY & PRIVACY AFFILIATED WORKSHOP 23 April 2018, University College London (UCL), London, UK

Incentivized Delivery Network of IoT Software Updates Based on Trustless Proof-of-Distribution

Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, Asaf Shabtai

IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B) AN IEEE EUROPEAN SYMPOSIUM ON SECURITY & PRIVACY AFFILIATED WORKSHOP 23 April 2018, University College London (UCL), London, UK

The Internet of Things (IoT) network of connected devices currently contains more than 11 billion devices and is estimated to double in size within the next four years. The prevalence of these devices makes them an ideal target for attackers. To reduce the risk of attacks vendors routinely deliver security updates (patches) for their devices. The delivery of security updates becomes challenging due to the issue of scalability as the number of devices may grow much quicker than vendors’ distribution systems. Previous studies have suggested a permissionless and decentralized blockchainbased network in which nodes can host and deliver security updates, thus the addition of new nodes scales out the network. However, these studies do not provide an incentive for nodes to join the network, making it unlikely for nodes to freely contribute their hosting space, bandwidth, and computation resources.
In this paper, we propose a novel decentralized IoT software update delivery network in which participating nodes (referred to as distributors) are compensated by vendors with digital currency for delivering updates to devices. Upon the release of a new security update, a vendor will make a commitment to provide digital currency to distributors that deliver the update; the commitment will be made with the use of smart contracts, and hence will be public, binding, and irreversible. The smart contract promises compensation to any distributor that provides proof-of-distribution, which is unforgeable proof that a single update was delivered to a single device. A distributor acquires the proof-of-distribution by exchanging a security update for a device signature using the Zero-Knowledge Contingent Payment (ZKCP) trustless data exchange protocol. Eliminating the need for trust between the security update distributor and the security consumer (IoT device) by providing fair compensation, can significantly increase the number of distributors, thus facilitating rapid scale out.

Link

EEG-triggered dynamic difficulty adjustment for multiplayer games

Adi Stein, Yair Yotam, Rami Puzis, Guy Shani, Meirav Taieb-Maimon

Entertainment Computing Volume 25, March 2018, Pages 14-25

EEG-triggered dynamic difficulty adjustment for multiplayer games

Adi Stein, Yair Yotam, Rami Puzis, Guy Shani, Meirav Taieb-Maimon

Entertainment Computing Volume 25, March 2018, Pages 14-25

In online games, gamers may become frustrated when playing against stronger players or get bored when playing against weaker players, thus losing interest in the game. Dynamic Difficulty Adjustment (DDA) has been suggested as an intelligent handicapping mechanism, by reducing the difficulty for the weaker player, or increasing the difficulty for the stronger player. A key question when using DDA, is when to activate the difficulty adjustment.

In this paper we suggest using the Emotiv EPOC EEG headset to monitor the personal excitement level of a player and use this information to trigger DDA when the player’s excitement decreases in order to ensure that the player is engaged and enjoying the game. We experiment with an open-source third-person shooter game, in a multiplayer adversarial setting. We conduct experiments, showing that the detected excitement patterns correlate to game events. Experiments designed to evaluate the DDA triggering mechanism confirm that DDA triggered based on EEG increases the players excitement and improves the gaming experience compared to the heuristic triggered DDA and the experience of playing a game without DDA.

Link

Taxonomy of mobile users’ security awareness‏

R Bitton, A Finkelshtein, L Sidi, R Puzis, L Rokach, A Shabtai

Computers & Security Volume 73, March 2018, Pages 266-293

Taxonomy of mobile users’ security awareness‏

R Bitton, A Finkelshtein, L Sidi, R Puzis, L Rokach, A Shabtai

Computers & Security Volume 73, March 2018, Pages 266-293

The popularity of smartphones, coupled with the amount of valuable and private information they hold, make them attractive to attackers interested in exploiting the devices to harvest sensitive information. Exploiting human vulnerabilities (i.e., social engineering) is an approach widely used to achieve this goal. Improving the security awareness of users is an effective method for mitigating social engineering attacks. However, while in the domain of personal computers (PCs) the security awareness of users is relatively high, previous studies have shown that for the mobile platform, the security awareness level is significantly lower. The skills required from a mobile user to interact safely with his/her smartphone are different from those that are required for safe and responsible PC use. Therefore, the awareness of mobile users to security risks is an important aspect of information security. An essential and challenging requirement of assessing security awareness is the definition of measureable criteria for a security aware user. In this paper, we present a hierarchical taxonomy for security awareness, specifically designed for mobile device users. The taxonomy defines a set of measurable criteria that are categorized according to different technological focus areas (e.g., applications and browsing) and within the context of psychological dimensions (e.g., knowledge, attitude, and behavior). We demonstrate the applicability of the proposed taxonomy by introducing an expert-based procedure for deriving mobile security awareness models for different attack classes (each class is an aggregation of social engineering attacks that exploit a similar set of human vulnerabilities). Each model reflects the contribution (weight) of each criterion to the mitigation of the corresponding attack class. Application of the proposed procedure, based on the input of 17 security experts, to derive mobile security awareness models of four different attack classes, confirms that the skills required from a smartphone user to mitigate an attack are different for different attack classes.

Link

Foundations of Homomorphic Secret Sharing

E. Boyle, N. Gilboa, Y. Ishai, R. Lin and S. Tessaro

9th Innovations in Theoretical Computer Science Conference (ITCS 2018)

Foundations of Homomorphic Secret Sharing

E. Boyle, N. Gilboa, Y. Ishai, R. Lin and S. Tessaro

9th Innovations in Theoretical Computer Science Conference (ITCS 2018)

Homomorphic secret sharing (HSS) is the secret sharing analogue of homomorphic encryption. An HSS scheme supports a local evaluation of functions on shares of one or more secret inputs, such that the resulting shares of the output are short. Some applications require the stronger notion of additive HSS, where the shares of the output add up to the output over some finite Abelian group. While some strong positive results for HSS are known under specific cryptographic assumptions, many natural questions remain open. We initiate a systematic study of HSS, making the following contributions. – A definitional framework. We present a general framework for defining HSS schemes that unifies and extends several previous notions from the literature, and cast known results within this framework. – Limitations. We establish limitations on information-theoretic multi-input HSS with short output shares via a relation with communication complexity. We also show that additive HSS for non-trivial functions, even the AND of two input bits, implies non-interactive key exchange, and is therefore unlikely to be implied by public-key encryption or even oblivious transfer. – Applications. We present two types of applications of HSS. First, we construct 2-round protocols for secure multiparty computation from a simple constant-size instance of HSS. As a corollary, we obtain 2-round protocols with attractive asymptotic efficiency features under the Decision Diffie Hellman (DDH) assumption. Second, we use HSS to obtain nearly optimal worst-case to average-case reductions in P. This in turn has applications to fine-grained average-case hardness and verifiable computation.

Link
Back to top