English
Related papers

Related papers: A "Final" Security Bug

200 papers

A paper presented at the ICICS 2019 conference describes what is claimed to be a `provably secure group authentication [protocol] in the asynchronous communication model'. We show here that this is far from being the case, as the protocol…

Cryptography and Security · Computer Science 2021-06-10 Chris J Mitchell

In Ethereum, the practice of verifying the validity of the passed addresses is a common practice, which is a crucial step to ensure the secure execution of smart contracts. Vulnerabilities in the process of address verification can lead to…

Cryptography and Security · Computer Science 2024-06-03 Tianle Sun , Ningyu He , Jiang Xiao , Yinliang Yue , Xiapu Luo , Haoyu Wang

The Third Generation Partnership Project (3GPP) released its first 5G security specifications in March 2018. This paper reviews the 5G security architecture, requirements and main processes and evaluates them in the context of known and new…

Cryptography and Security · Computer Science 2018-11-30 Roger Piqueras Jover , Vuk Marojevic

The recent release of Solidity 0.5 introduced a new type to prevent Ether transfers to smart contracts that are not supposed to receive money. Unfortunately, the compiler fails in enforcing the guarantees this type intended to convey, hence…

Programming Languages · Computer Science 2019-07-08 Silvia Crafa , Matteo Di Pirro

The context of this work is specification, detection and ultimately removal of detectable harmful patterns in source code that are associated with defects in design and implementation of software. In particular, we investigate five code…

Software Engineering · Computer Science 2017-04-03 Nicole Vavrová , Vadim Zaytsev

The signcryption is a relatively new cryptographic technique that is supposed to fulfill the functionalities of encryption and digital signature in a single logical step. Several signcryption schemes are proposed throughout the years, each…

Cryptography and Security · Computer Science 2012-03-20 M. Toorani , A. A. Beheshti

Neural network model extraction has recently emerged as an important security concern, as adversaries attempt to recover a network's parameters via black-box queries. Carlini et al. proposed in CRYPTO'20 a model extraction approach,…

Machine Learning · Computer Science 2026-02-19 Haolin Liu , Adrien Siproudhis , Samuel Experton , Peter Lorenz , Christina Boura , Thomas Peyrin

Modern malware poses a severe threat to cybersecurity, continually evolving in sophistication. To combat this threat, researchers and security professionals continuously explore advanced techniques for malware detection and analysis.…

Cryptography and Security · Computer Science 2024-04-26 Pasquale Caporaso , Giuseppe Bianchi , Francesco Quaglia

JDBC remains a key technology for database access in Java applications. Since the database dictionary and the Java type system have distinct scopes, developers inevitably need to deal with bugs in SQL-to-Java type mappings. We propose an…

Databases · Computer Science 2026-05-05 Thomas James Kirz , Werner Dietl , Mattias Ulbrich , Stefanie Scherzinger

We present True2F, a system for second-factor authentication that provides the benefits of conventional authentication tokens in the face of phishing and software compromise, while also providing strong protection against token faults and…

Cryptography and Security · Computer Science 2019-08-13 Emma Dauterman , Henry Corrigan-Gibbs , David Mazières , Dan Boneh , Dominic Rizzo

As cyber threats continue to evolve and diversify, it has become increasingly challenging to identify the root causes of security breaches that occur between periodic security assessments. This paper explores the fundamental importance of…

Cryptography and Security · Computer Science 2024-12-24 Prakhar Paliwal , Arjun Sable , Manjesh K. Hanawal

Browsers can detect malicious websites that are provisioned with forged or fake TLS/SSL certificates. However, they are not so good at detecting malicious websites if they are provisioned with mistakenly issued certificates or certificates…

Cryptography and Security · Computer Science 2017-07-21 Abhishek Singh , Binanda Sengupta , Sushmita Ruj

String obfuscation is an established technique used by proprietary, closed-source applications to protect intellectual property. Furthermore, it is also frequently used to hide spyware or malware in applications. In both cases, the…

Cryptography and Security · Computer Science 2020-09-10 Leonid Glanz , Patrick Müller , Lars Baumgärtner , Michael Reif , Sven Amann , Pauline Anthonysamy , Mira Mezini

Smartphones and tablets have become prime targets for malware, due to the valuable private and corporate information they hold. While Anti-Virus (AV) program may successfully detect malicious applications (apps), they remain ineffective…

Cryptography and Security · Computer Science 2016-11-17 Mordechai Guri , Yuri Poliak , Bracha Shapira , Yuval Elovici

To prevent concurrency errors, programmers need to obey a locking discipline. Annotations that specify that discipline, such as Java's @GuardedBy, are already widely used. Unfortunately, their semantics is expressed informally and is…

Programming Languages · Computer Science 2015-11-17 Michael Ernst , Damiano Macedonio , Massimo Merro , Fausto Spoto

CVE-2024-25825 is a vulnerability found in FydeOS. This thesis describes its discovery, disclosure, and its further investigation in connection to a nation state actor. The vulnerability is CWE-1392: Use of Default Credentials, CWE-1393:…

Cryptography and Security · Computer Science 2025-07-30 Hunter Chasens

Custom tokens are an integral component of decentralized applications (dapps) deployed on Ethereum and other blockchain platforms. For Ethereum, the ERC20 standard is a widely used token interface and is interoperable with many existing…

Cryptography and Security · Computer Science 2019-07-02 Reza Rahimian , Shayan Eskandari , Jeremy Clark

Binary program vulnerability detection is critical for software security, yet existing deep learning approaches often rely on source code analysis, limiting their ability to detect unknown vulnerabilities. To address this, we propose…

Cryptography and Security · Computer Science 2024-08-15 Abdulrahman Hamman Adama Chukkol , Senlin Luo , Kashif Sharif , Yunusa Haruna , Muhammad Muhammad Abdullahi

Our objective is to protect the integrity and confidentiality of applications operating in untrusted environments. Trusted Execution Environments (TEEs) are not a panacea. Hardware TEEs fail to protect applications against Sybil, Fork and…

Cryptography and Security · Computer Science 2023-11-13 Gabriel P. Fernandez , Andrey Brito , Ardhi Putra Pratama Hartono , Muhammad Usama Sardar , Christof Fetzer

Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". We…