Security analysis

About: Security analysis is a research topic. Over the lifetime, 4550 publications have been published within this topic receiving 63862 citations.

ZETATM analysis A new model to identify bankruptcy risk of corporations

Abstract: The paper explores the development of a bankruptcy classification model which incorporates comprehensive inputs with respect to discriminant analysis and utilizes a sample of bankrupt firms essentially covering the period 1969–1975. Financial statement data and market related measures are transformed along guidelines suggested by traditional security analysis to promote comparability of companies and to reflect the most recent reporting standards so as to make the model relevant to future analysis. The results of the study are compared with alternative bankruptcy classification strategies via the explicit introduction of prior probabilities of group membership, observed accuracies, and estimates of costs of errors in misclassification. The latter is based on cost estimates derived from commercial bank lending errors. The results of the study indicate potential significant application to credit worthiness assessment, portfolio management, and to external and internal performance analysis.

Some basic cryptographic requirements for chaos-based cryptosystems

Abstract: In recent years, a large amount of work on chaos-based cryptosystems have been published. However, many of the proposed schemes fail to explain or do not possess a number of features that are fundamentally important to all kind of cryptosystems. As a result, many proposed systems are difficult to implement in practice with a reasonable degree of security. Likewise, they are seldom accompanied by a thorough security analysis. Consequently, it is difficult for other researchers and end users to evaluate their security and performance. This work is intended to provide a common framework of basic guidelines that, if followed, could benefit every new cryptosystem. The suggested guidelines address three main issues: implementation, key management and security analysis, aiming at assisting designers of new cryptosystems to present their work in a more systematic and rigorous way to fulfill some basic cryptographic requirements. Meanwhile, several recommendations are made regarding some practical aspects of analog chaos-based secure communications, such as channel noise, limited bandwith and attenuation.

On the Security and Performance of Proof of Work Blockchains

Abstract: Proof of Work (PoW) powered blockchains currently account for more than 90% of the total market capitalization of existing digital cryptocurrencies. Although the security provisions of Bitcoin have been thoroughly analysed, the security guarantees of variant (forked) PoW blockchains (which were instantiated with different parameters) have not received much attention in the literature. This opens the question whether existing security analysis of Bitcoin's PoW applies to other implementations which have been instantiated with different consensus and/or network parameters. In this paper, we introduce a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains. Based on our framework, we devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints such as network propagation, different block sizes, block generation intervals, information propagation mechanism, and the impact of eclipse attacks. Our framework therefore allows us to capture existing PoW-based deployments as well as PoW blockchain variants that are instantiated with different parameters, and to objectively compare the tradeoffs between their performance and security provisions.

On lightweight mobile phone application certification

Abstract: Users have begun downloading an increasingly large number of mobile phone applications in response to advancements in handsets and wireless networks. The increased number of applications results in a greater chance of installing Trojans and similar malware. In this paper, we propose the Kirin security service for Android, which performs lightweight certification of applications to mitigate malware at install time. Kirin certification uses security rules, which are templates designed to conservatively match undesirable properties in security configuration bundled with applications. We use a variant of security requirements engineering techniques to perform an in-depth security analysis of Android to produce a set of rules that match malware characteristics. In a sample of 311 of the most popular applications downloaded from the official Android Market, Kirin and our rules found 5 applications that implement dangerous functionality and therefore should be installed with extreme caution. Upon close inspection, another five applications asserted dangerous rights, but were within the scope of reasonable functional needs. These results indicate that security configuration bundled with Android applications provides practical means of detecting malware.

Cryptographic requirements for chaotic secure communications

Abstract: In recent years, a great amount of secure communications systems based on chaotic synchronization have been published. Most of the proposed schemes fail to explain a number of features of fundamental importance to all cryptosystems, such as key definition, characterization, and generation. As a consequence, the proposed ciphers are difficult to realize in practice with a reasonable degree of security. Likewise, they are seldom accompanied by a security analysis. Thus, it is hard for the reader to have a hint about their security. In this work we provide a set of guidelines that every new cryptosystems would benefit from adhering to. The proposed guidelines address these two main gaps, i.e., correct key management and security analysis, to help new cryptosystems be presented in a more rigorous cryptographic way. Also some recommendations are offered regarding some practical aspects of communications, such as channel noise, limited bandwith, and attenuation.