密码学与安全
Time-constrained interactive systems such as USSD (Unstructured Supplementary Service Data)-based financial services operate under strict session limits and sequential user interaction. While stronger authentication mechanisms improve…
Botnets pose a significant cybersecurity threat, enabling attacks such as DDoS, data theft, and service disruptions on IoT devices. These devices often lack built-in botnet traffic filtering, leaving them highly exposed. Existing AI-based…
Blockchain systems are undergoing a fundamental transition from decentralized ledgers for digital assets to general-purpose trust infrastructures for verifiable computation, decentralized physical resources, and automated infrastructure…
Electronic voting must keep individual ballots private while letting anyone verify the final tally. This paper presents an architecture that meets both goals without a trusted key dealer: each voter encrypts a ballot in the browser with a…
Agentic red-teaming benchmarks report whether an injected agent was compromised as a single bit: the attack succeeded, or it did not. We argue that this binary attack-success rate discards the information a defender most needs, namely how…
Large language models (LLMs) are increasingly deployed as autonomous agents that interact with external tools and services via the Model Context Protocol (MCP), a standardized interface for dynamic tool invocation. While MCP simplifies…
The growing adoption of agentic LLM applications has introduced a new threat previously named as promptware. While prior work has established that adversaries can exploit direct channels to LLM applications to apply promptware under weak…
Address clustering is an important technique in blockchain forensics, widely employed by law enforcement to trace illicit crypto asset flows. The multi-input heuristic (MIH), which clusters addresses potentially associated with the same…
The automotive industry is transitioning to Zonal-oriented Architectures (ZoA) for Software-Defined Vehicles (SDVs), enabling frequent over-the-air (OTA) updates for 100+ Electronic Control Units (ECUs). While OTA updates improve…
The rapid adoption of artificial intelligence across regulated firms has produced an extensive governance response oriented around trustworthiness: the EU AI Act, ISO IEC 42001, the NIST AI Risk Management Framework, and the United…
Ride-hailing mobile apps have become an essential feature in the mobility ecosystem in Africa, offering much safer and much more affordable rides. Although user bases have increased and the number of daily trips has proliferated, reports of…
Nowadays, mobile forensics is less explored in Digital Forensics case analysis due to the increase in data protection mechanisms implemented by tech companies (i.e., Google for Android and Apple for iOS). For example, the physical…
Software-defined vehicles (SDVs) are revolutionizing transportation by integrating complex, interconnected hardware, and software systems. This evolution introduces significant security challenges. We present a comprehensive security…
Modern federated and streaming learning systems often release intermediate models, so privacy must hold for the full trajectory under adaptive interaction. Motivated by participation privacy, we study single-edit neighboring user streams,…
Post-compromise test variants are widely used in controlled security evaluation and endpoint robustness benchmarking. However, modern Antivirus (AV) and Endpoint Detection and Response (EDR) systems increasingly combine signature- and…
The EU Cyber Resilience Act (CRA) makes a smart bet. It does not demand that products be free of vulnerabilities, but only that manufacturers run a process: assess risk, handle flaws, ship updates. The bet pays off if four things about the…
The Adaptive Data Analysis (ADA) problem formalizes the challenge of preventing false discovery and overfitting when a dataset is repeatedly reused. Formally, our input is a dataset containing $n$ i.i.d. samples from an unknown distribution…
Entropy-based methods have long been used for network anomaly detection, but most existing approaches treat entropy as a scalar statistic on narrow observables rather than as part of a broader behavioral state-space for cyber systems. We…
Monero is a privacy-focused cryptocurrency that deploys the Dandelion++ protocol and incorporates anonymity networks (such as Tor and I2P) to prevent malicious attackers from linking transactions with their source IPs. In this paper, we…
Hardware Trojans (HTs) pose significant threats across the Integrated Circuit (IC) design lifecycle because they can be inserted by untrusted entities at different stages under the zero-trust model. When triggered under rare conditions, HTs…