cypherpunks

Download

cypherpunks@lists.cpunks.org

33802 discussions

Deception in Information Security
by coderman 24 Jan '19

24 Jan '19

deception is becoming all the rage these days. done right, it provides a unique window into attacker intention and capability. rather than the isolated, fabricated structures commonly used (honey-*) consider instrumenting your actual systems with traps for the nefarious: - set browser strings showing out of date, vulnerable versions - leave packages old, but replace with source built updates - instrument applications with sanitizers and hardened allocators - jail and container, to observe unexpected calls exploits, like any other software, are fragile! slight changes in build and configuration can render even the most expensive and carefully constructed chain impotent. some things will get through (think: logic bugs, rather than technical exploitation) so keep your most sensitive work on truly hardened systems with strong compartmentalization and attack surface reduction. (yes, Qubes is still better than a vanilla distro! it's amazing how much malware simply aborts when it finds itself in a virtualized environment. feature, not bug! :) --- https://www.springer.com/cda/content/document/cda_downloaddocument/97833193… [Page 1] Cyber Security DeceptionMohammed H. Almeshekah and Eugene H. Spafford Abstract Our physical and digital worlds are converging at a rapid pace, putting a lot of our valuable information in digital formats. Currently, most computer systems’ predictable responses provide attackers with valuable information on how to infiltrate them. In this chapter, we discuss how the use of deception can play a prominent role in enhancing the security of current computer systems. We show how deceptive techniques have been used in many successful computer breaches. Phishing, social engineering, and drive-by-downloads are some prime examples. We discuss why deception has only been used haphazardly in computer security. Additionally, we discuss some of the unique advantages deception-based security mechanisms bring to computer security. Finally, we present a framework where deception can be planned and integrated into computer defenses.1 IntroductionMost data is digitized and stored in organizations’ servers, making them a valuable target. Advanced persistent threats (APT), corporate espionage, and other forms of attacks are continuously increasing. Companies reported 142 million unsuccessful attacks in the first half of 2013, as reported by Fortinet [[1](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…)] In addition, a recent Verizon Data Breach Investigation Report (DBIR) points out that currently deployed protection mechanisms are not adequate to address current threats [[1](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…)] The report states that 66 % of the breaches took months or years to discover, rising from 56 % in 2012. Furthermore, 84% of these attacks only took hours or less to infiltrate computer systems [[1](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…)] Moreover, the report states that only 5 % of these breaches were detected using traditional intrusion detection systems (IDSs) while 69 % were detected by external parties [[1](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…)] These numbers are only discussing attacks that were discovered. Because only 5 % of the attacks are discovered using traditional security tools, it is likely that theM.H. Almeshekah ( ) King Saud University, Riyadh, Saudi Arabia e-mail: meshekah(a)ksu.edu.sa E.H. Spafford Purdue University, West Lafayette, IN, USA e-mail: spaf(a)purdue.edu © Springer International Publishing Switzerland 2016 S. Jajodia et al. (eds.), Cyber Deception, DOI 10.1007/978-3-319-32699-3_2 25 --------------------------------------------------------------- [Page 2] 26 M.H. Almeshekah and E.H. Spaffordreality is significantly worse as there are unreported and undiscovered attacks. These findings show that the status quo of organizations’ security posture is not enough to address current threats. Within computer systems, software and protocols have been written for decades with an intent of providing useful feedback to every interaction. The original design of these systems is structured to ease the process of error detection and correction by informing the user about the exact reason why an interaction failed. This behavior enhances the efforts of malfeasors by giving them information that helps them to understand why their attack was not successful, refine their attacks and tools, and then re-attack. As a result, these systems are helpful to attackers and guide them throughout their attack. Meanwhile, targeted systems learn nothing about these attempts, other than a panic in the security team. In fact, in many cases multiple attempts that originate from the same entity are not successfully correlated. Deception-based techniques provide significant advantages over traditional se- curity controls. Currently, most security tools are responsive measures to attackers’ probes to previously known vulnerabilities. Whenever an attack surfaces, it is hit hard with all preventative mechanisms at the defender’s disposal. Eventually, persistent attackers find a vulnerability that leads to a successful infiltration by evading the way tools detect probes or by finding new unknown vulnerabilities. This security posture is partially driven by the assumption that “hacking-back” is unethical, while there is a difference between the act of “attacking back” and the act of deceiving attackers. There is a fundamental difference in how deception-based mechanisms work in contrast to traditional security controls. The latter usually focuses on attackers’ actions—detecting or preventing them—while the former focuses on attackers’ perceptions—manipulating them and therefore inducing adversaries to take action- s/inactions in ways that are advantageous to targeted systems; traditional security controls position themselves in response to attackers’ actions while deception-based tools are positioned in prospect of such actions.1.1 DefinitionOne of the most widely accepted definitions of computer-security deception is the one by Yuill [[2](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…)] Computer Deception is “Planned actions taken to mislead attackers and to thereby cause them to take (or not take) specific actions that aid computer- security defenses.” We adapt this definition and add “confusion” as one of goals of using deceit (the expression of things that are not true) in computer system protection. Therefore, the definition of defensive computer deception we will use throughout this chapter is Definition 1. Deception is “Planned actions taken to mislead and/or confuse attackers and to thereby cause them to take (or not take) specific actions that aid computer-security defenses.” --------------------------------------------------------------- [Page 3] Cyber Security Deception 272 A Brief HistoryThroughout history, deception has evolved to find its natural place in our societies and eventually our technical systems. Deception and decoy-based mechanisms have been used in security for more than two decades in mechanisms such as honeypots and honeytokens. An early example of how deception was used to attribute and study attackers can be seen in the work of Cheswick in his well-known paper “An Evening with Berferd” [[3](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…)] He discusses how he interacted with an attacker in real time providing him with fabricated responses. Two of the earliest documented uses of deceptive techniques for computer security are in the work of Cliff Stoll in his book “The Cuckoo’s Egg” [[4](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…)] and the work of Spafford in his own lab [[5](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…)] The Deception Toolkit (DTK),[1](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ… by Fred Cohen in 1997 was one of the first publicly available tools to use deception for the purpose of computer defenses. In late 1990s, “honeypots”—“a component that provides its value by being attacked by an adversary” i.e. deceiving the attacker to interact with them— have been used in computer security. In 2003, Spitzner published his book on “Honeypots” discussing how they can be used to enhance computer defenses [[6](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…)] Following on the idea of honeypots, a proliferation of “honey-*” prefixed tools have been proposed. Additionally, with the release of Tripwire, Kim and Spafford suggested the use of planted files that should not be accessed by normal users, with interesting names and/or locations and serving as bait that will trigger an alarm if they are accessed by intruders [[7](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https… Honey-Based Tools2.1.1 Honeypots Honeypots have been used in multiple security applications such as detecting and stopping spam[2](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:… analyzing malware [[8](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…)] In addition, honeypots have been used to secure databases [[9](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…)] They are starting to find their way into mobile environments [[10](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] where some interesting results have been reported [[11](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Honeypots in the literature come in two different types: server honeypot and client honeypot. The server honeypot is a computer system that contains no valuable information and is designed to appear vulnerable for the goal of enticing attackers to access them. Client honeypots are more active. These are vulnerable user agents that troll many servers actively trying to get compromised [[12](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] When such incidents happen, the client honeypots report the servers that are infecting users’ clients. Honeypots have been used in computing in four main areas as we discuss in the following paragraphs.1http://www.all.net/dtk/. 2http://www.projecthoneypot.org. --------------------------------------------------------------- [Page 4] 28 M.H. Almeshekah and E.H. SpaffordDetection Honeypots provide an additional advantage over traditional detection mechanisms such as Intrusion Detection Systems (IDS) and anomaly detection. First, they generate less logging data as they are not intended to be used as part of normal operations and thus any interaction with them is illicit. Second, the rate of false positive is low as no one should interact with them for normal operations. Angnos- takis et al. proposed an advanced honeypot-based detection architecture in the use of shadow honeypots [[13](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] In their scheme they position Anomaly Detection Sensors (ADSs) in front of the real system where a decision is made as whether to send the request to a shadow machine or to the normal machine. The scheme attempts to integrate honeypots with real systems by seamlessly diverting suspicious traffic to the shadow system for further investigation. Finally, honeypots are also helpful in detecting industry-wide attacks and outbreaks, e.g. the case of the Slammer worm as discussed in [[14](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Prevention Honeypots are used in prevention where they assist in slowing down the attackers and/or deterring them. Sticky honeypots are one example of machines that utilize unused IP address space and interact with attackers probing the network to slow them down [[15](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] In addition, Cohen argues that by using his Deception ToolKit (DTK) we can deter attackers confusing them and introducing risk on their side [[16](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] However, we are not aware of any studies that investigated those claims. Beyond the notion of enticement and traps used in honeypots, deception has been studied from other perspectives. For example, Rowe et al. present a novel way of using honeypots for deterrence [[17](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] They protect systems by making them look like a honeypot and therefore deter attackers from accessing them. Their observation stemmed from the developments of anti-honeypots techniques that employ advanced methods to detect if the current system is a honeypot [[18](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Response One of the advantages of using honeypots is that they are totally independent systems that can be disconnected and analyzed after a successful attack on them without hindering the functionality of the production systems. This simplifies the task of forensic analysts as they can preserve the attacked state of the system and extensively analyze what went wrong. --------------------------------------------------------------- [Page 5] Cyber Security Deception 29Research Honeypots are heavily used in analyzing and researching new families of malware. The honeynet project[3](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHET… an “international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security.” For example, the HoneyComb system uses honeypots to create unique attack signatures [[19](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Other more specific tools, such as dionaea,[4](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHE… designed to capture a copy of computer malware for further study. Furthermore, honeypots help in inferring and understanding some widespread attacks such as Distributed Denial of Service (DDoS) [[20](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] 2.1.2 Other Honey Prefixed Tools The prefix “honey-*” has been used to refer to a wide range of techniques that incorporate the act of deceit in them. The basic idea behind the use of the prefix word “honey” in these techniques is that they need to entice attackers to interact with them, i.e. fall for the bait—the “honey.” When such an interaction occurs the value of these methods is realized. The term honeytokens has been proposed by Spitzner [[21](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] to refer to honeypots but at a smaller granularity. Stoll used a number of files with enticing names and distributed them in the targeted computer systems, acting as a beaconing mechanism when they are accessed, to track down Markus Hess [[4](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…)] Yuill et al. coined the term honeyfiles to refer to these files [[22](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] HoneyGen was also used to refer to tools that are used to generate honeytokens [[23](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Most recently, a scheme named Honeywords was proposed by Jules and Rivest to confuse attackers when they crack a stolen hashed password file [[24](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] by hiding the real password among a list of “fake” ones. Their scheme augmenting password databases with an additional .N 1/ fake credentials [[24](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] If the DB is stolen and cracked, attackers are faced with N different passwords to choose from where only one of them is the correct one. However, if they use any of the fake ones the system triggers an alarm alerting system administrators that the DB has been cracked.2.2 Limitations of Isolated Use of DeceptionHoneypot-based tools are a valuable technique used for the detection, prevention, and response to cyber attacks as we discuss in this chapter. Nevertheless, those techniques suffer from the following major limitations:3www.honeynet.org[.](http://www.honeynet.org) 4http://dionaea.carnivore.it/[.](http://dionaea.carnivore.it/) --------------------------------------------------------------- [Page 6] 30 M.H. Almeshekah and E.H. Spafford• As the prefix honey-* indicates, for such techniques to become useful, the adversary needs to interact with them. Attackers and malware are increasingly becoming sophisticated and their ability to avoid honeypots is increasing [[25](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] • Assuming we manage to lure the attacker into our honeypot, we need to be able to continuously deceive them that they are in the real system. Chen et al. study such a challenge and show that some malware, such as polymorphic malware, not only detects honeypots, but also changes its behavior to deceive the honeypot itself [[25](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] In this situation, attackers are in a position where they have the ability to conduct counter-deception activities by behaving in a manner that is different than how would they do in a real environment. • To learn about attackers’ objectives and attribute them, we need them to interact with the honeypot systems. However, with a high-interaction honeypot there is a risk that attackers might exploit the honeypot itself and use it as a pivot point to compromise other, more sensitive, parts of the organization’s internal systems. Of course, with correct separation and DMZs we can alleviate the damage, but many organizations consider the risk intolerable and simply avoid using such tools. • As honeypots are totally “fake systems” many tools currently exist to identify whether the current system is a honeypot or not [[18](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http… [25](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] This fundamental limitation is intrinsic in their design.3 Deception as a Security TechniqueAchieving security cannot be done with single, silver-bullet solutions; instead, good security involves a collection of mechanisms that work together to balance the cost of securing our systems with the possible damage caused by security compromises, and drive the success rate of attackers to the lowest possible level. In Fig. [1](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…, we present a taxonomy of protection mechanisms commonly used in systems. The diagram shows four major categories of protection mechanisms and illustrates how they intersect achieving multiple goals. The rationale behind having these intersecting categories is that a single layer of security is not adequate to protect organizations so multi-level security controls are needed [[26](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] In this model, the first goal is to deny unauthorized access and isolate our information systems from untrusted agents. However, if adversaries succeed in penetrating these security controls, we should have degradation and obfuscation mechanisms in place that slow the lateral movement of attackers in penetrating our internal systems. At the same time, this makes the extraction of information from penetrated systems more challenging. Even if we slow the attackers down and obfuscate our information, advanced adversaries may explore our systems undetected. This motivates the need for a third level of security controls that involves using means of deceit and negative information. These techniques are designed to lead attackers astray and augment our systems with decoys to detect stealthy adversaries. Furthermore, this deceitful information will waste the time of the attackers and/or add risk during their --------------------------------------------------------------- [Page 7] Cyber Security Deception 31 Fig. 1 Taxonomy of information protection mechanismsinfiltration. The final group of mechanisms in our taxonomy is designed to attribute attackers and give us the ability to have counter-operations. Booby-trapped software is one example of counter-operations that can be employed. Securing a system is an economic activity and organizations have to strike the right balance between cost and benefits. Our taxonomy provides a holistic overview of security controls, with an understanding of the goals of each group and how can they interact with each other. This empowers decision makers on what and which security controls they should deploy. --------------------------------------------------------------- [Page 8] 32 M.H. Almeshekah and E.H. SpaffordDespite all the efforts organizations have in place, attackers might infiltrate information systems, and operate without being detected or slowed. In addition, persistent adversaries might infiltrat the system and passively observe for a while to avoid being detected and/or slowed when moving on to their targets. As a result, a deceptive layer of defense is needed to augment our systems with negative and deceiving information to lead attackers astray. We may also significantly enhance organizational intrusion detection capabilities by deploying detection methods using multiple, additional facets. Deception techniques are an integral part of human nature that is used around us all the time. As an example of a deception widely used in sports: teams attempt to deceive the other team into believing they are following a particular plan so as to influence their course of action. Use of cosmetics may also be viewed as a form of mild deception. We use white lies in conversation to hide mild lapses in etiquette. In cybersecurity, deception and decoy-based mechanisms haven been used in security for more than two decades in technologies such as honeypots and honeytokens. When attackers infiltrate the system and successfully overcome traditional detection and degradation mechanisms we would like to have the ability to not only obfuscate our data, but also lead the attackers astray by deceiving them and drawing their attention to other data that are false or intestinally misleading. Furthermore, exhausting the attacker and causing frustration is also a successful defensive outcome. This can be achieved by planting fake keys and/or using schemes such as endless files [[5](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…)] These files look small on the organization servers but when downloaded to be exfiltrated will exhaust the adversaries’ bandwidth and raise some alarms. Moreover, with carefully designed deceiving information we can even cause damage at the adversaries’ servers. A traditional, successful, deception technique can be learned from the well-known story of Farewell Dossier during the cold war where the CIA provided modified items to a Soviet spy ring. When the Soviets used these designs thinking they are legitimate, it resulted in a major disaster affecting a trans-Siberian pipeline. When we inject false information we cause some confusion for the adversaries even if they have already obtained some sensitive information; the injection of negative information can degrade and/or devalue the correct information obtained by adversaries. Heckman and his team, from Lockheed Martin, conducted an experiment between a red and a blue team using some deception techniques, where they found some interesting results [[27](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Even after the red team successfully attacked and infiltrate the blue system and obtained sensitive information, the blue team injected some false information in their system that led the red team to devalue the information they had obtained, believing that the new values were correct. Another relationship can be observed between the last group of protection tech- niques, namely attribution, and deception techniques. Deception-based mechanisms are an effective way to lure attackers to expose themselves and their objectives when we detect them accessing things and conducting unusual activities. Other tools, such as anomaly-based IDS, have similar goals, but the advantage deception-based tools have is that there is a clear line between normal user activities and abnormal ones. This is because legitimate users are clearly not supposed to access this information. --------------------------------------------------------------- [Page 9] Cyber Security Deception 33This difference significantly enhances the effectiveness of deception-based security controls and reduces the number of false-positives, as well as the size of the system’s log file.3.1 Advantages of Using Deception in Computer DefensesReginald Jones, the British scientific military intelligence scholar, concisely articu- lated the relationship between security and deception. He referred to security as a “negative activity, in that you are trying to stop the flow of clues to an opponent” and it needs its other counterpart, namely deception, to have a competitive advantage in a conflict [[28](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] He refers to deception as the “positive counterpart to security” that provides false clues to be fed to opponents. By intelligently using deceptive techniques, system defenders can mislead and/or confuse attackers, thus enhancing their defensive capabilities over time. By exploiting attackers’ unquestioned trust of computer system responses, system defenders can gain an edge and position themselves a step ahead of compromise attempts. In general, deception-based security defenses bring the following unique advantages to computer systems [[29](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] 1. Increases the entropy of leaked information about targeted systems during compromise attempts. When a computer system is targeted, the focus is usually only on protecting and defending it. With deception, extra defensive measures can be taken by feeding attackers false information that will, in addition to defending the targeted system, cause intruders to make wrong actions/inactions and draw incorrect conclusions. With the increased spread of APT attacks and government/corporate espionage threats such techniques can be effective. When we inject false information we cause some confusion for the adversaries even if they have already obtained some sensitive information; the injection of negative information can degrade and devalue the correct information ob- tained by adversaries. Heckman and her team, developed a tool, referred to as “Blackjack,” that dynamically copies an internal state of a production server— after removing sensitive information and injecting deceit—and then directs adversaries to that instance [[27](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Even after the red team successfully attacked and infiltrated the blue systems and obtained sensitive information, the blue team injected some false information in their system that led the red team to devalue the information they had obtained, believing that the new values were correct. --------------------------------------------------------------- [Page 10] 34 M.H. Almeshekah and E.H. Spafford2. Increases the information obtained from compromise attempts. Many security controls are designed to create a boundary around computer systems automatically stopping any illicit access attempts. This is becoming increasingly challenging as such boundaries are increasingly blurring, partly as a result of recent trends such as “consumerization”[5](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https://www.springer.com/cda/content/document/cda_downloaddocument/9783319326979-c2.pdf%3FSGWID%3D0-0-45-1579369-p179938846+&cd=16&hl=en&ct=clnk&gl=us&client=ubuntu#10)[[30](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https://www.springer.com/cda/content/document/cda_downloaddocument/9783319326979-c2.pdf%3FSGWID%3D0-0-45-1579369-p179938846+&cd=16&hl=en&ct=clnk&gl=us&client=ubuntu#27)]. Moreover, because of the low cost on the adversaries’ side, and the existence of many automated exploitation tools, attackers can continuously probe computer systems until they find a vulnerability to infiltrate undetected. During this process, systems’ defenders learn nothing about the intruders’ targets. Ironically, this makes the task of defending a computer system harder after every unsuccessful attack. We conjecture that incorporating deception-based techniques can enhance our understanding of compromise attempts using the illicit probing activity as opportunity to enhance our understanding of the threats and, therefore, better protect our systems over time. 3. Give defenders an edge in the OODA loop. The OODA loop (for Observe, Orient, Decide, and Act) is a cyclic process model, proposed by John Boyd, by which an entity reacts to an event [[31](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] The victory in any tactical conflict requires executing this loop in a manner that is faster than the opponent. The act of defending a computer system against persistent attacks can be viewed as an OODA loop race between the attacker and the defender. The winner of this conflict is the entity that executes this loop faster. One critical advantage of deception-based defenses is that they give defenders an edge in such a race as they actively feed adversaries deceptive information that affects their OODA loop, more specifically the “observe” and “orient” stages of the loop. Furthermore, slowing the adversary’s process gives defenders more time to decide and act. This is especially crucial in the situation of surprise, which is a common theme in digital attacks. 4. Increases the risk of attacking computer systems from the adversaries’ side. Many current security controls focus on preventing the actions associated with illicit attempts to access computer systems. As a result, intruders are using this accurate negative feedback as an indication that their attempts have been detected. Subsequently, they withdraw and use other, more stealthy, methods of infiltration. Incorporating deceit in the design of computer systems introduces a new possibility that adversaries need to account for; namely that they have been detected and currently deceived. This new possibility can deter attackers who are not willing to take the risk of being deceived, and further analyzed. In addition, such technique gives systems’ defenders the ability to use intruders’ infiltration attempts to their advantage by actively feeding them false information.5This term is widely used to refer to enterprises’ employees bringing their own digital devises andusing them to access the companies’ resources. --------------------------------------------------------------- [Page 11] Cyber Security Deception 353.2 Deception in the Cyber Kill-ChainThe cyber kill-chain introduced by Lockheed Martin researchers advocates an intelligence-driven security model [[32](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] The main premise behind this model is that for attackers to be successful they need to go through all these steps in the chain in sequence. Breaking the chain at any step will break the attack and the earlier that we break it the better we prevent the attackers from attacking our systems. The cyber kill-chain model is a good framework to demonstrate the effectiveness of incorporating deception at multiple levels in the chain. With the same underlying principle of the kill-chain—early detection of adversaries—we argue that the earlier we detect adversaries, the better we are at deceiving them and learning more about their methods and techniques. We postulate that full intelligence cannot be gathered without using some means of deception techniques. Also, the better we know our enemies the better we can defend against them. By using means of deception we can continuously learn about attackers at different levels of the kill-chain and enhance our capabilities of detecting them and reducing their abilities to attack us. This negative correlation is an interesting relationship between our ability to detect attackers and their ability to probe our resources. There is a consensus that we would like to be at least one step ahead of adver- saries when they attack our systems. We argue that by intelligently incorporating deception methods in our security models we can start achieving that. This is because the further we enhance our abilities to detect adversaries the further ahead of them we position ourselves. If we take an example of external network probing, if we simply detect an attack and identify a set of IP address and domain names as “bad,” we do not achieve much: these can be easily changed and adversaries will become more careful not to raise an alarm the next time they probe our systems. However, if we go one more step to attribute them by factors that are more difficult to change it can cause greater difficulty for future attacks. For example, if we are able to deceive attackers in manners that allow us to gather more information that allows us to distinguish them based on fixed artifacts (such as distinctive protocol headers, known tools and/or behavior and traits) we have a better position for defense. The attackers will now have a less clear idea of how we are able to detect them, and when they know, it should be more difficult for them to change these attributes. The deployment of the cyber kill-chain was seen as fruitful for Lockheed when they were able to detect an intruder who successfully logged into their system using the SecurID attack [[33](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] We adopt this model with slight modification to better reflect our additions. Many deception techniques, such as honeypots, work in isolation and inde- pendently of other parts of current information systems. This design decision has been partly driven by the security risks associated with honeypots. We argue that intelligently augmenting our systems with interacting deception-based techniques can significantly enhance our security and gives us the ability to achieve deception in depth. If we examine Table [1](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…, we can see that we can apply deception at every stage of the cyber kill-chain, allowing us to break the chain and possibly attribute --------------------------------------------------------------- [Page 12] 36 M.H. Almeshekah and E.H. Spafford Table 1 Mapping deception to the kill-chain model Cyber kill-chain phase Deception Reconnaissance Artificial ports, fake sites Weaponization and delivery Create artificial bouncing back, sticky honeypots Exploitation and installation Create artificial exploitation response Command and control (operation) Honeypot Lateral movement and persistence HoneyAccounts, honeyFiles Staging and exfiltration Honeytokens, endless files, fake keysattackers. At the reconnaissance stage we can lure adversaries by creating a site and have honey-activities that mimic a real-world organization. As an example, an organization can subscribe with a number of cloud service providers and have honey activities in place while monitoring any activities that signal external interest. Another example is to address the problem of spear-phishing by creating a number of fake persons and disseminating their information into the Internet while at the same monitoring their contact details to detect any probing activities; some commercial security firms currently do this.3.3 Deception and ObscurityDeception always involves two basic steps, hiding the real and showing the false. This, at first glance, contradicts the widely believed misinterpretation of Kerckhoff’s principle; “no security through obscurity.” A more correct English translation of Kerckhoff’s principle is the one provided by Petitcolas in [[34](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http… system must not require secrecy and can be stolen by the enemy without causing trouble.The misinterpretation leads some security practitioners to believe that any “obscurity” is ineffective, while this is not the case. Hiding a system from an attacker or having a secret password does increase the work factor for the attacker— until the deception is detected and defeated. So long as the security does not materially depend on the obscurity, the addition of misdirection and deceit provides an advantage. It is therefore valuable for a designer to include such mechanisms in a comprehensive defense, with the knowledge that such mechanisms should not be viewed as primary defenses. In any system design there are three levels of viewing a system’s behavior and responses to service requests [[29](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] • Truthful. In such systems, the processes will always respond to any input with full “honesty.” In other words, the system’s responses are always “trusted” and accurately represent the internal state of the machine. For example, when the user --------------------------------------------------------------- [Page 13] Cyber Security Deception 37asks for a particular network port, a truthful system responds with either a real port number or denies the request giving the specific reason of such denial. • Naively Deceptive. In such systems, the processes attempt to deceive the interacting user by crafting an artificial response. However, if the user knows the deceptive behavior, e.g. by analyzing the previous deceptive response used by the system, the deception act becomes useless and will only alert the user that the system is trying to deceive her. For example, the system can designate a specific port that is used for deceptive purposes. When the attacker asks for a port, without carrying the appropriate permissions, this deceptive port is sent back. • Intelligently Deceptive. In this case, the systems “deceptive behavior” is indistin- guishable from the normal behavior even if the user has previously interacted with the system. For example, an intelligently-deceptive system responds to unauthorized port listening requests the same as a normal allowed request. How- ever, extra actions are taken to monitor the port, alert the system administrators, and/or sandbox the listening process to limit the damage if the process downloads malicious content.3.4 Offensive DeceptionOffensively, many current, common attacks use deceptive techniques as a corner- stone of their success. For example, phishing attacks often use two-level deceptive techniques; they deceive users into clicking on links that appear to be coming from legitimate sources, which take them to the second level of deception where they will be presented with legitimate-looking websites luring them to give their credentials. The “Nigerian 419” scams are another example of how users are deceived into providing sensitive information with the hope of receiving a fortune later. In many of these cases, attackers focus on deceiving users as they are usually the most vulnerable component. Kevin Mitnick showed a number of examples in his book, “The Art of Deception” [[35](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] of how he used social engineering, i.e., deceptive skills to gain access to many computer systems. Trojan horses, which are more than 30 years old, are a prime example of how deception has been used to infiltrate systems. Phishing, Cross-site Scripting (XSS) [[36](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] and Cross-site Request Forgery (XSRF) [[37](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] are some examples of using deception. Despite more than a decade of research by both the academic and private sectors, these problems are causing more damage every year. XSS and XSRF have remained on the OWASP’s top ten list since the first time they were added in 2007 [[38](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] The effectiveness of offensive deception techniques should motivate security researchers to think of positive applications for deception in security defenses. --------------------------------------------------------------- [Page 14] 38 M.H. Almeshekah and E.H. Spafford4 A Framework to Integrate Deception in Computer DefensesWe presented a framework that can be used to plan and integrate deception in computer security defenses [[39](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Many computer defenses that use deception were ad-hoc attempts to incorporate deceptive elements in their design. We show how our framework can be used to incorporate deception in many parts of a computer system and discuss how we can use such techniques effectively. A successful deception should present plausible alternative(s) to the truth and these should be designed to exploit specific adversaries’ biases, as we will discuss later. The framework discussed in this chapter is based on the general deception model discussed by Bell and Whaley in [[40](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] There are three general phases of any deceptive component; namely planning, implementing and integrating, and finally monitoring and evaluating. In the following sections we discuss each one of those phases in more detail. The framework is depicted in Fig. [3](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https… The Role of BiasesIn cognitive psychology a bias refers toAn inclination to judge others or interpret situations based on a personal and oftentimes unreasonable point of view [[41](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http… are a cornerstone component to the success of any deception-based mechanism. The target of the deception needs to be presented with a plausible “deceit” to successfully deceive and/or confuse him. If the target perceives this deceit to be non-plausible she is more inclined to reject it instead of believing it, or at least raise her suspicions about the possibility of currently being deceived. A successful deception should exploit a bias in the attackers’ perception and provide them with one or more plausible alternative information other than the truth. Thompson et al. discuss four major groups of biases any analysts need to be aware of: personal biases, cultural biases, organizational biases, and cognitive biases [[42](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] It can be seen in Fig. [2](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https… the more specific the bias being exploited in a deceptive security tool is, the less such a tool can be generalized, For example, exploiting a number of personal biases, specific to an attacker, might not be easily generalized to other adversaries who attack your system. However, the more specific the choice of bias enhances the effectiveness of the deceptive component. This is true partly because cognitive biases are well-known and adversaries might intentionally guard themselves with an additional layer of explicit reasoning to minimize their effects in manipulating their perceptions. In the following paragraphs we discuss each one of these classes of biases. --------------------------------------------------------------- [Page 15] Cyber Security Deception 39 Fig. 2 Deception target biases4.1.1 Personal Biases Personal biases are those biases that originate from either first-hand experiences or personal traits, as discussed by Jervis in [[43](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] These biases can be helpful in designing deceptive components/operation; however, they are (1) harder to obtain as they require specific knowledge of potential attackers and (2) they make deceptive components less applicable to a wider range of attackers while becoming more powerful against specific attackers. Personal biases have been exploited in traditional deception operations in war, such as exploiting the arrogance of Hitler’s administration in World War II as part of Operation Fortitude [[41](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] 4.1.2 Cultural Biases Hofstede refers to cultural biases as the “software of the mind” [[44](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] They represent the mental and cognitive ways of thinking, perception, and action by humans belonging to these cultures. In a study conducted by Guss and Dorner, they found that cultures influenced the subjects’ perception, strategy development and decision choices, even though all those subjects were presented with the same data [[45](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Hofstede discusses six main dimensions of cultures and assigns quantitative values to those dimensions for each culture in his website (geerte-hofstede.com) Also, he associates different behavior that correlates with his measurements. Theses dimensions are: 1. Power Distance Index (PDI)—PDI is a measure of the expectation and accep- tance that “power is distributed unequally.” Hofstede found that cultures with high PDI tend to have a sense of loyalty, show of strength, and preference to in-group-person. This feature can be exploited by a deception planner focusing on the attacker’s sense of pride to reveal himself, knowing that the attack is originating from a high PDI culture with a show-of-strength property. 2. Individualism versus Collectivism (IVC)—A collectivist society values the “betterment of a group” at the expense of the individual. Hofstede found that most cultures are collectivist, i.e. with low IVC index. 3. Masculine versus Feminine (MVF)—A masculine culture is a culture where “emotional gender roles are clearly distinct.” For example, an attacker coming --------------------------------------------------------------- [Page 16] 40 M.H. Almeshekah and E.H. Spaffordfrom a masculine culture is more likely to discredit information and warnings written by or addressed to a female. In this case, this bias can be exploited to influence attackers’ behaviors. 4. Uncertainty Avoidance Cultures (UAI)—This measures the cultural response to the unknown or the unexpected. High UAI means that this culture has a fairly structured response to uncertainty making the attackers’ anticipation of deception and confusion a much easier task. 5. Long-Term Orientation Versus Short-Term Orientation (LTO vs. STO)— STO cultures usually seek immediate gratification. For example, the defender may sacrifice information of lesser importance to deceive an attacker into thinking that such information is of importance, in support of an over-arching goal of protecting the most important information. 6. Indulgence versus Restraint (IVR)—This dimension characterizes cultures on their norms of how they choose activities for leisure time and happiness. Wirtz and Godson summarize the importance of accounting for cultures while designing deception in the following quote; “To be successful the deceiver must recognize the target’s perceptual context to know what (false) pictures of the world will appear plausible” [[46](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] 4.1.3 Organizational Biases Organizational biases are of importance when designing deception for an target within a heavily structured environment [[41](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] In such organizations there are many keepers who have the job of analyzing information and deciding what is to be passed to higher levels of analysts. This is one example of how organizational biases can be used. These biases can be exploited causing important information to be marked as less important while causing deceit to be passed to higher levels. One example of organizational biases is uneven distribution of information led to uneven perception and failure to anticipate the Pearl Harbor attack in 1941 by the United States [[41](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] 4.1.4 Cognitive Biases Cognitive biases are common among all humans across all cultures, personali- ties, and organizations. They represent the “innate ways human beings perceive, recall, and process information” [[41](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] These biases have long been studied by many researchers around the world in many disciplines (particularly in cognitive psychology); they are of importance to deception design as well as computing. Tversky and Kahneman proposed three general heuristics our minds seem to use to reduce a complex task to a simpler judgment decision—especially under conditions of uncertainty—thus leading to some predictable biases [[47](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] These are: representativeness, availability, and anchoring and adjustment. They defined the representativeness heuristic as a “heuristic to evaluate the probability of an --------------------------------------------------------------- [Page 17] Cyber Security Deception 41event by the degree to which it is (i) similar in essential properties to its parent population; and (ii) reflects the salient features of the process by which it is generated” [[47](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] The availability heuristic is another bias that assess the likelihood of an uncertain event by the ease with which someone can bring it to mind. Finally, the anchoring/adjustment heuristic is a bias that causes us to make estimations closer to the initial values we have been provided with than is otherwise warranted. Solman presented a discussion of two reasoning systems postulated to be common in humans: associative (system 1) and rule-based (system 2) [[48](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] System 1 is usually automatic and heuristic-based, and is usually governed by habits. System 2 is usually more logical with rules and principles. Both systems are theorized to work simultaneously in the human brain; deception targets System 1 to achieve more desirable reactions. In 1994, Tversky and Koehler argued that people do not subjectively attach probability judgments to events; instead they attach probabilities to the description of these events [[49](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] That is, two different descriptions of the same event often lead people to assign different probabilities to their likelihood. Moreover, the authors postulate that the more explicit and detailed the description of the event is, the higher the probability people assign to it. In addition, they found that unpacking the description of the event into several disjoint components increases the probability people attach to it. Their work provides an explanation for the errors often found in probability assessments associated with the “conjunction fallacy” [[50](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Tversky and Kahneman found that people usually would give a higher probability to the conjunction of two events, e.g. P(X and Y), than a single event, e.g. P(X) or P(Y). They showed that humans are usually more inclined to believe a detailed story with explicit details over a short compact one.4.2 Planning DeceptionThere are six essential steps to planning a successful deception-based defensive component. The first, and often neglected, step is specifying exactly the strategic goals the defender wants to achieve. Simply augmenting a computer system with honey-like components, such as honeypots and honeyfiles, gives us a false sense that we are using deception to lie to adversaries. It is essential to detail exactly what are the goals of using any deception-based mechanisms. As an example, it is significantly different to set up a honeypot for the purpose of simply capturing malware than having a honeypot to closely monitor APT-like attacks. After specifying the strategic goals of the deception process, we need to specify—in the second step of the framework—how the target (attacker) should react to the deception. This determination is critical to the long-term success of any deceptive process. For example the work of Zhao and Mannan in [[51](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] deceive attackers launching online guessing attacks into believing that they have found a correct username and password. The strategic goal of this deception process is to direct an attacker to a “fake” account thus wasting their resources and monitoring --------------------------------------------------------------- [Page 18] 42 M.H. Almeshekah and E.H. Spaffordtheir activities to learn about their objectives. It is crucial to analyze how the target should react after the successful “fake” login. The obvious reaction is that the attacker would continue to laterally move in the target system, attempting further compromise. However, an alternative response is that the attacker ceases the guessing attack and reports to its command and control that a successful username/password pair has been found. In consideration of the second alternative we might need to maintain the username/password pair of the fake account and keep that account information consistent for future targeting. Moreover, part of this second step is to specify how we desire an attacker to react such that we may try to influence his perception and thus lead him to the desired reaction. Continuing with the example in the previous paragraph, if we want the attacker to login again so we have more time to monitor and setup a fake account, we might cause an artificial network disconnection that will cause the target to login again. 4.2.1 Adversaries’ Biases Deception-based defenses are useful tools that have been shown to be effective in many human conflicts. Their effectiveness relies on the fact that they are designed to exploit specific biases in how people think, making them appear to be plausible but false alternatives to the hidden truth, as discussed above. These mechanisms give defenders the ability to learn more about their attackers, reduce indirect information leakages in their systems, and provide an advantage with regard to their defenses. Step 3 of planning deception is to understand the attackers’ biases. As discussed earlier, biases are a cornerstone component to the success of any deception-based mechanisms. The deceiver needs to present a plausible deceit to successfully deceive and/or confuse an adversary. If attackers decide that such information is not plausible they are more inclined to reject it, or at least raise their suspicions about the possibility of currently being deceived. When the defender determines the strategic goal of the deception and the desired reactions by the target, he needs to investigate the attacker’s biases to decide how best to influence the attacker’s perception to achieve the desired reactions. One example of using biases in developing some deceptive computer defenses is using the “confirmation bias” to lead adversaries astray and waste their time and resources. Confirmation bias is defined as “the seeking or interpreting of evidence in ways that are partial to existing beliefs, expectations, or a hypothesis in hand” [[52](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] A computer defender can use this bias in responding to a known adversarial probing of the system’s perimeter. Traditional security defenses are intended to detect and prevent such activity, by simply dropping such requests or actively responding with an explicit denial. Taking this a step further by exploiting some pre-existing expectation, i.e. the confirmation bias, we might provide a response that the system is being taken down for some regular maintenance or as a result of some unexpected failure. With such a response, the defender manages to prevent illicit activity, provide a pause to consider next steps for the defender, and perhaps waste the adversary’s time as they wait or investigate other alternatives to continue their attacks. --------------------------------------------------------------- [Page 19] Cyber Security Deception 43Cultural biases play an important role in designing deceptive responses, as discussed in Sect. [4.1.2](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:h…. For example, some studies found relationships between the type of computer attacks and the culture/country from which the attack originated [[53](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] In computing, the conjunction fallacy bias, discussed in Sect. [4.1.4](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:h…, can be exploited by presenting the deception story as a conjunction of multiple detailed components. For example, if deceivers want to misinform an attacker probing their system by creating an artificial network failure, instead of simply blocking these attempts, it is better to give a longer story. A message that says “Sorry the network is down for some scheduled network maintenance. Please come back in three hours” is more plausible than simply saying “The network is down” and thus more likely to be believed. 4.2.2 Creating the Deception Story After analyzing attackers’ biases the deceiver needs to decide exactly what compo- nents to simulate/dissimulate; namely step 4 of the framework in Fig. [3](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…. In Fig. [4](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https… provide an overview of the different system components where deception can be applied, exploiting the attacker’s biases to achieve the desired reaction. Overall, deceit can be injected into the functionality and/or state of our systems. We give a discussion of each one of these categories below and present some examples. System’s Decisions We can apply deception to the different decisions any computer system makes. As an example, Zhao and Mannan work in [[51](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] apply deception at the system’s authentication decision where they deceive adversaries by giving them access to “fake” accounts in the cases of online guessing attacks. Another system’s decision we can use concerns firewalls. Traditionally, we add firewall rules that prevent specific IP addresses from interacting with our systems after detecting that they are sources of some attacks. We consider this another form of data leakage in accordance with the discussion of Zhao and Mannan in [[51](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Therefore, we can augment firewalls by applying deception to their decisions by presenting adversaries with plausible responses other than simply denying access. System’s Software and Services Reconnaissance is the first stage of any attack on any computing system, as identified in the kill-chain model [[32](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Providing fake systems and services has been the main focus of honeypot-based mechanisms. Honeypots discussed earlier in this chapter are intended to provide attackers with a number of fake systems running --------------------------------------------------------------- [Page 20] 44 M.H. Almeshekah and E.H. Spafford Fig. 3 Framework to incorporate deception in computer security defensesfake services. Moreover, we can use deception to mask the identities of our current existing software/services. The work of Murphy et al. in [[54](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] recommended the use of operating system obfuscation tools for Air Force computer defenses. System’s Internal and Public Data A honeyfile, discussed above, is an example of injecting deceit into the system’s internal data. It can be applied to the raw data in computer systems, e.g., files and directories, or to the administrative data that are used to make decisions and/or --------------------------------------------------------------- [Page 21] Cyber Security Deception 45 Fig. 4 Computer systems components where deception can be integrated withmonitor the system’s activities. An example applying deception to the administrative data can be seen in the honeywords proposal [[24](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Deceit can also be injected into the public data about our systems. Wang et al. made the case of disseminating public data about some “fake” personnel for the purpose of catching attacks such as spear phishing [[55](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Cliff Stoll did this during the story of his book [[4](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…)] In addition, we note that this category also includes offline stored data such as back-ups that can be used as a focus of deception. System’s Activity Different activities within a system are considered as one source of information leakage. For example, traffic flow analysis has long been studied as a means for attackers to deduce information [[56](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Additionally, a system’s activity has been used as a means of distinguishing between a “fake” and a real system [[25](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] We can intelligently inject some data about activities into our system to influence attackers’ perception and, therefore, their reactions. System’s Weaknesses Adversaries probe computer systems trying to discover and then exploit any weakness (vulnerability). Often, these adversaries come prepared with a list of possible vulnerabilities and then try to use them until they discover something that works. Traditional security mechanisms aid adversaries by quickly and promptly responding back to any attempt to exploit fixed, i.e. patched, vulnerabilities with a denial response. This response leaks information that these vulnerabilities are known and fixed. When we inject deceit into this aspect of our systems we can misinform adversaries by confusing them—by not giving them a definitive answer whether the exploit has succeeded—or by deceiving them by making it appear as if the vulnerability has been exploited. --------------------------------------------------------------- [Page 22] 46 M.H. Almeshekah and E.H. SpaffordSystem’s Damage Assessment This relates to the previous component; however, the focus here is to make the attacker perceive that the damage caused is more or less than the real damage. We may want the adversary to believe that he has caused more damage than what has happened so as to either stop the attack or cause the attacker to become less aggressive. This is especially important in the context of the OODA loop discussed earlier in this chapter. We might want the adversary to believe that he has caused less damage if we want to learn more about the attacker by prompting a more aggressive attack. System’s Performance Influencing the attacker’s perception of system’s performance may put the deceiver at an advantageous position. This has been seen in the use of sticky honeypots and tarpits discussed at the beginning of this chapter that are intended to slow the adversary’s probing activity. Also, tarpits have been used to throttle the spread of network malware. In a related fashion, Somayaji et al. proposed a method to deal with intrusions by slowing the operating system response to a series of anomalous system calls [[57](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] System’s Configurations Knowledge of the configuration of the defender’s systems and networks is often of great importance to the success of the adversary’s attack. In the lateral movement phase of the kill-chain adversarial model, attackers need to know how and where to move to act on their targets. In the red-teaming experiment by Cohen and Koike they deceived adversaries to attack the targeted system in a particular sequence from a networking perspective [[58](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] After deciding which components to simulate/dissimulate, we can apply one of Bell and Whaley’s techniques discussed in [[29](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] We give an example of how each one of these techniques can be used in the following paragraphs. • Using Masking—This has been used offensively where attackers hide potentially damaging scripts in the background of the page by matching the text color with the background color. When we apply hiding to software and services, we can hide the fact that we are running some specific services when we detect a probing activity. For example, when we receive an SSH connection request from a known bad IP address we can mask our SSHd demon and respond as if the service is not working or as if it is encountering an error. • Using Repackaging—In several cases it might be easier to “repackage” data as something else. In computing, repackaging has long been used to attack computer users. The infamous cross-site scripting (XSS) attack uses this technique where --------------------------------------------------------------- [Page 23] Cyber Security Deception 47an attacker masks a dangerous post as harmless to steal the user’s cookies when they view such post. Another example can be seen in the cross-site request forgery (XSRF) attacks where an adversary deceives a user into visiting some innocuous looking web pages that silently instruct the user’s browser to engage in some unwanted activities. In addition, repackaging techniques are used by botnet Trojans that repackage themselves as anti-virus software to deceive users into installing them so an attacker can take control of their machines. From the defensive standpoint, a repackaging act can be seen in HoneyFiles, discussed above, that repackage themselves as normal files while acting internally as silent alarms to system administrators when accessed. • Using Dazzling—This is considered to be the weakest form of dissimulation, where we confuse the targeted objects with others. An example of using dazzling can be seen in the “honeywords” proposal [[24](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] The scheme confuses each user’s hashed password with an extra .N 1/ hashes of other, similar, passwords dazzling an attacker who obtains the credentials database. • Using Mimicking—In computing, phishing attacks are a traditional example of an unwanted deceiving login page mimicking a real website login. An attacker takes advantage of users by deceiving them into giving up their credentials by appearing as the real site. From a defensive perspective, we can apply mimicking to software and services by making our system mimic the responses of a different system, e.g., respond as if we are running a version of Windows XP while we are running Windows 7. This will waste attackers’ resources in trying to exploit our Windows 7 machine thinking it is Windows XP, as well as increase the opportunity for discovery. This is seen in the work of Murphy et al. in operating system obfuscation [[54](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] • Using Inventing—Mimicking requires the results to look like something else; when this is not easy to achieve invention can be used instead. This technique has seen the most research in the application of deception to computer security defenses. Honeypots are one prominent example of inventing a number of nodes in an organizations with the goal of deceiving an attacker that they are real systems. • Using Decoying—This technique is used to attract adversaries’ attention away from the most valuable parts of a computer system. Honeypots are used, in some cases, to deceive attackers by showing that these systems are more vulnerable than other parts of the organization and therefore capture attackers’ attention. This can be seen in the work of Carroll and Grosu [[59](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] After deciding which deceptive technique to use we need to analyze the patterns attackers perceive and then apply one or more of those techniques to achieve the desired reactions. Deceit is an active manipulation of reality. We argue that reality can be manip- ulated in one of three general ways, as depicted in Fig. [5](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…. We can manufacture reality, alter reality, and/or hide reality. This can be applied to any one of the components we discussed above. --------------------------------------------------------------- [Page 24] 48 M.H. Almeshekah and E.H. Spafford Fig. 5 Creating deceit. (a) Manipulation of reality. (b) Deception can be applied to the nature, existence and/or value of dataIn addition, reality manipulation is not only to be applied to the existence of the data in our systems—it can be applied to two other features of the data. As represented in Fig. [5](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:https…, we can manipulate the reality with respect to the existence of data, nature of the data, and/or value of the data. The existence of the data can be manipulated not only for the present but also when the data has been created. This can be achieved for example with the manipulation of time stamps. With regard to the nature of the data, we can manipulate the size of the data, such as in the example of endless files, when and why the data has been created. The value of the data can also be manipulated. For example, log files are usually considered important data that adversaries try to delete to cover their tracks. Making a file appear as a log file will increase its value from the adversary’s perspective. At this step, it is crucial to specify exactly when the deception process should be activated. It is usually important that legitimate users’ activity should not be hindered by the deceptive components. Optimally, the deception should only be activated in the case of malicious interactions. However, we recognize that this may not always be possible as the lines between legitimate and malicious activities might be blurry. We argue that there are many defensive measures that can apply some deceptive techniques in place of the traditional denial-based defenses that can make these tradeoffs. 4.2.3 Feedback Channels and Risks Deception-based defenses are not a single one-time defensive measure, as is the case with many advanced computer defenses. It is essential to monitor these defenses, and more importantly measure the impact they have on attackers’ perceptions and actions. This is step 5 in the deception framework. We recognize that if an attacker detects that he is being deceived, he can use this to his advantage to make a counter-deception reaction. To successfully monitor such activities we need to clearly identity the deception channels that can and should be used to monitor and measure any adversary’s perceptions and actions. --------------------------------------------------------------- [Page 25] Cyber Security Deception 49In the sixth and final step before implementation and integration, we need to consider that deception may introduce some new risks for which organizations need to account. For example, the fact that adversaries can launch a counter-deception operation is a new risk that needs to be analyzed. In addition, an analysis needs to done on the effects of deception on normal users’ activities. The defender needs to accurately identify potential risks associated with the use of such deceptive components and ensure that residual risks are accepted and well identified.4.3 Implementing and Integrating DeceptionMany deception-based mechanisms are implemented as a separate disjoint com- ponent from real production systems, as in the honeypot example. With the advancement of many detection techniques used by adversaries and malware, attackers can detect whether they are in real system or a “fake” system [[25](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] and then change behavior accordingly, as we discussed earlier in this chapter. A successful deception operation needs to be integrated with the real operation. The honeywords proposal [[24](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] is an example of this tight integration as there is no obvious way to distinguish between a real and a “fake” password.4.4 Monitoring and Evaluating the Use of DeceptionIdentifying and monitoring the feedback channels is critical to the success of any deception operation/component. Hesketh discussed three general categories of signals that can be used to know whether a deception was successful or not [[60](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] 1. The target acts in the wrong time and/or place. 2. The target acts in a way that is wasteful of his resources. 3. The target delays acting or stop acting at all. Defenders need to monitor all the feedback channels identified in step 5 of the framework. We note that there are usually three general outputs from the use of any deceptive components. The adversary might (1) believe it, where the defender usually sees one of the three signs of a successful deception highlighted above, (2) suspect it or (3) disbelieve it. When an attacker suspects that a deceptive component is being used, we should make the decision whether to increase the level of deception or stop the deceptive component to avoid exposure. Often deception can be enhanced by presenting more (and perhaps, true) information that makes the deception story more plausible. This can be included as a feedback loop in the framework. This observation should be analyzed by the defender to review his analysis of the attacker’s biases, (i.e., step 3), and the methodology used to create the deceit (i.e., step 4). Furthermore, the deceiver might employ multiple levels of deception based on the interaction with the attacker during the attack. --------------------------------------------------------------- [Page 26] 50 M.H. Almeshekah and E.H. SpaffordWhen an attacker disbelieves the presented deceit we need to have an active monitoring and a detailed plan of action. This should be part the sixth step of planning in our framework where risks are assessed. In addition, during our discussions with security practitioners many have indicated that some attackers often act aggressively when they realize that they have been deceived. This can be one of the signals that is used during the monitoring stage to measure attackers’ reaction of the deceptive component. In addition, this behavior can be used as one of the biases to be exploited by other deceptive mechanisms that may focus on deceiving the attacker about the system’s damage assessment.Acknowledgements The material in the chapter is derived from [[29](https://webcache.googleusercontent.com/search?q=cache:S_BHqeXHETIJ:http…)] Portions of this work were supported by National Science Foundation Grant EAGER-1548114, by Northrop Grumman Corporation (NGCRC), and by sponsors of the Center for Education and Research in Information Assurance and Security (CERIAS).References1. Verizon, “Threats on the Horizon – The Rise of the Advanced Persistent Threat.” [http://www.](http://www.verizonenterprise.com/DBIR/)[verizonenterprise.com/…. J. J. Yuill, Defensive Computer-Security Deception Operations: Processes, Principles and Techniques. PhD Dissertation, North Carolina State University, 2006. 3. B. Cheswick, “An Evening with Berferd in Which a Cracker is Lured, Endured, and Studied,” in Proceedings of Winter USENIX Conference, (San Francisco), 1992. 4. C. P. Stoll, The Cuckoo’s Egg: Tracing a Spy Through the Maze of Computer Espionage. Doubleday, 1989. 5. E. H. Spafford, “More than Passive Defense.” http://goo.gl/5lwZup, 2011. 6. L. Spitzner, Honeypots: Tracking Hackers. Addison-Wesley Reading, 2003. 7. G. H. Kim and E. H. Spafford, “Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection,” tech. rep., Department of Computer, Purdue University, West Lafayette, IN, 1994. 8. D. Dagon, X. Qin, G. Gu, W. Lee, J. Grizzard, J. Levine, and H. Owen, “Honeystat: Local Worm Detection Using Honeypots,” in Recent Advances in Intrusion Detection, pp. 39–58, Springer, 2004. 9. C. Fiedler, “Secure Your Database by Building HoneyPot Architecture Using a SQL Database Firewall.” http://goo.gl/yr55Cp. 10. C. Mulliner, S. Liebergeld, and M. Lange, “Poster: Honeydroid-Creating a Smartphone Honeypot,” in IEEE Symposium on Security and Privacy, 2011. 11. M. Wählisch, A. Vorbach, C. Keil, J. Schönfelder, T. C. Schmidt, and J. H. Schiller, “Design, Implementation, and Operation of a Mobile Honeypot,” tech. rep., Cornell University Library, 2013. 12. C. Seifert, I. Welch, and P. Komisarczuk, “Honeyc: The Low Interaction Client Honeypot,” Proceedings of the 2007 NZCSRCS, 2007. 13. K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, and A. D. Keromytis, “Detecting Targeted Attacks Using Shadow Honeypots,” in Proceedings of the 14th USENIX Security Symposium, 2005. 14. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, “Inside the Slammer Worm,” IEEE Security & Privacy, vol. 1, no. 4, pp. 33–39, 2003. 15. T. Liston, “LaBrea: “Sticky” Honeypot and IDS.” [http://labrea.sourceforge.net/labrea-info.](http://labrea.sourceforge.net/l…, 2009. --------------------------------------------------------------- [Page 27] Cyber Security Deception 51 16. F. Cohen, “The Deception Toolkit.” http://www.all.net/dtk/, 1998. 17. N. Rowe, E. J. Custy, and B. T. Duong, “Defending Cyberspace with Fake Honeypots,” Journal of Computers, vol. 2, no. 2, pp. 25–36, 2007. 18. T. Holz and F. Raynal, “Detecting Honeypots and Other Suspicious Environments,” in Information Assurance Workshop, pp. 29–36, IEEE, 2005. 19. C. Kreibich and J. Crowcroft, “Honeycomb: Creating Intrusion Detection Signatures Using Honeypots,” ACM SIGCOMM Computer Communication Review, vol. 34, no. 1, pp. 51–56, 2004. 20. D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, “Inferring Internet Denial-of-Service Activity,” ACM Transactions on Computer Systems (TOCS), vol. 24, no. 2, pp.115–139, 2006. 21. L. Spitzner, “Honeytokens: The Other Honeypot.” [http://www.symantec.com/connect/articles/](http://www.symantec.com/connect/…, 2003.22. J. J. Yuill, M. Zappe, D. Denning, and F. Feer, “Honeyfiles: Deceptive Files for Intrusion Detection,” in Information Assurance Workshop, pp. 116–122, IEEE, 2004. 23. M. Bercovitch, M. Renford, L. Hasson, A. Shabtai, L. Rokach, and Y. Elovici, “HoneyGen: An Automated Honeytokens Generator,” in IEEE International Conference on Intelligence and Security Informatics (ISI’11), pp. 131–136, IEEE, 2011. 24. A. Juels and R. L. Rivest, “Honeywords: Making Password-Cracking Detectable,” in Pro- ceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 145–160, ACM, 2013. 25. X. Chen, J. Andersen, Z. M. Mao, M. Bailey, and J. Nazario, “Towards an Understanding of Anti-Virtualization and Anti-Debugging Behavior in Modern Malware,” in IEEE International Conference on Dependable Systems and Networks, pp. 177–186, IEEE, 2008. 26. M. Sourour, B. Adel, and A. Tarek, “Ensuring Security-In-Depth Based on Heterogeneous Network Security Technologies,” International Journal of Information Security, vol. 8, no. 4, pp. 233–246, 2009. 27. K. Heckman, “Active Cyber Network Defense with Denial and Deception.” [http://goo.gl/](http://goo.gl/Typwi4)[Typwi4](http://goo.gl/Typwi4), Mar. 2013.28. R. V. Jones, Reflections on Intelligence. London: William Heinemann Ltd, 1989. 29. M. H. Almeshekah, Using Deception to Enhance Security: A Taxonomy, Model and Novel Uses. PhD thesis, Purdue University, 2015. 30. M. Harkins, “A New Security Architecture to Improve Business Agility,” in Managing Risk and Information Security, pp. 87–102, Springer, 2013. 31. J. Boyd, “The Essence of Winning and Losing.” http://www.danford.net/boyd/essence.htm[,](http://www.danford.net/boyd/esse… 1995. 32. E. M. Hutchins, M. J. Cloppert, and R. M. Amin, “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains,” Leading Issues in Information Warfare & Security Research, vol. 1, p. 80, 2011. 33. K. J. Higgins, “How Lockheed Martin’s ’Kill Chain’ Stopped SecurID Attack.” [http://goo.gl/](http://goo.gl/r9ctmG)[r9ctmG](http://goo.gl/r9ctmG), 2013.34. F. Petitcolas, “La Cryptographie Militaire.” http://goo.gl/e5IOj1[.](http://goo.gl/e5IOj1) 35. K. D. Mitnick and W. L. Simon, The Art of Deception: Controlling the Human Element of Security. Wiley, 2003. 36. P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna, “Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis,” in The 2007 Network and Distributed System Security Symposium (NDSS’07), 2007. 37. A. Barth, C. Jackson, and J. C. Mitchell, “Robust Defenses for Cross-Site Request Forgery,” Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS’08), 2008. 38.O. W. A. S. P. (OWASP), “OWASP Top 10.” [http://owasptop10.googlecode.com/files/](http://owasptop10.googlecode.com/f… Top 10 - 2013.pdf)[OWASPTop10-2013.pdf](http://owasptop10.googlecode.com/files/OWASP Top 10 - 2013.pdf), 2013. --------------------------------------------------------------- [Page 28] 52 M.H. Almeshekah and E.H. Spafford 39. M. H. Almeshekah and E. H. Spafford, “Planning and Integrating Deception into Com- puter Security Defenses,” in New Security Paradigms Workshop (NSPW’14), (Victoria, BC, Canada), 2014. 40. J. B. Bell and B. Whaley, Cheating and Deception. Transaction Publishers New Brunswick, 1991. 41. M. Bennett and E. Waltz, Counterdeception Principles and Applications for National Security. Artech House, 2007. 42. J. R. Thompson, R. Hopf-Wichel, and R. E. Geiselman, “The Cognitive Bases of Intelligence Analysis,” tech. rep., US Army Research Institute for the Behavioral and Social Sciences, 1984. 43. R. Jervis, Deception and Misperception in International Politics. Princeton University Press, 1976. 44. G. Hofstede, G. Hofstede, and M. Minkov, Cultures and Organizations. McGraw-Hill, 3rd ed., 2010. 45. D. Gus and D. Dorner, “Cultural Difference in Dynamic Decision-Making Strategies in a Non-lines, Time-delayed Task,” Cognitive Systems Research, vol. 12, no. 3–4, pp. 365–376, 2011. 46. R. Godson and J. Wirtz, Strategic Denial and Deception. Transaction Publishers, 2002. 47. A. Tversky and D. Kahneman, “Judgment under Uncertainty: Heuristics and Biases.,” Science, vol. 185, pp. 1124–31, Sept. 1974. 48. S. A. Sloman, “The Empirical Case for Two Systems of Reasoning,” Psychological Bulletin, vol. 119, no. 1, pp. 3–22, 1996. 49. A. Tversky and D. Koehler, “Support Theory: A Nonextensional Representation of Subjective Probability.,” Psychological Review, vol. 101, no. 4, p. 547, 1994. 50. A. Tversky and D. Kahneman, “Extensional Versus Intuitive Reasoning: The Conjunction Fallacy in Probability Judgment,” Psychological review, vol. 90, no. 4, pp. 293–315, 1983. 51. L. Zhao and M. Mannan, “Explicit Authentication Response Considered Harmful,” in New Security Paradigms Workshop (NSPW ’13), (New York, New York, USA), pp. 77–86, ACM Press, 2013. 52. R. S. Nickerson, “Confirmation Bias: A Ubiquitous Phenomenon in Many Guises,” Review of General Psychology, vol. 2, pp. 175–220, June 1998. 53. C. Sample, “Applicability of Cultural Markers in Computer Network Attacks,” in 12th European Conference on Information Warfare and Security, (University of Jyvaskyla, Finland), pp. 361–369, 2013. 54. S. B. Murphy, J. T. McDonald, and R. F. Mills, “An Application of Deception in Cyberspace: Operating System Obfuscation,” in Proceedings of the 5th International Conference on Information Warfare and Security (ICIW 2010), pp. 241–249, 2010. 55. W. Wang, J. Bickford, I. Murynets, R. Subbaraman, A. G. Forte, and G. Singaraju, “Detecting Targeted Attacks by Multilayer Deception,” Journal of Cyber Security and Mobility, vol. 2, no. 2, pp. 175–199, 2013. 56. X. Fu, On Traffic Analysis Attacks and Countermeasures. PhD Dissertation, Texas A & M University, 2005. 57. S. A. Hofmeyr, S. Forrest, and A. Somayaji, “Intrusion Detection Using Sequences of System Calls,” Journal of Computer Security, vol. 6, no. 3, pp. 151–180, 1998. 58. F. Cohen and D. Koike, “Misleading Attackers with Deception,” in Proceedings from the 5th annual IEEE SMC Information Assurance Workshop, pp. 30–37, IEEE, 2004. 59. T. E. Carroll and D. Grosu, “A Game Theoretic Investigation of Deception in Network Security,” Security and Communication Networks, vol. 4, no. 10, pp. 1162–1172, 2011. 60. R. Hesketh, Fortitude: The D-Day Deception Campaign. Woodstock, NY: Overlook Hardcover, 2000. --------------------------------------------------------------- [Page 29] http://www.springer.com/978-3-319-32697-9

1 0

Deciphering: Voynich Manuscript Codex MS408
by grarpamp 24 Jan '19

24 Jan '19

1 0

Forensic Science
by grarpamp 24 Jan '19

24 Jan '19

https://www.edmondsun.com/news/business/uco-forensic-science-institute-rece… The University of Central Oklahoma W. Roger Webb Forensic Science Institute (FSI), home to the largest forensic science education program in the country, is now the only university in North America with three accredited undergraduate forensic science programs. The three newly accredited programs are Bachelor of Science degrees in forensic molecular biology, forensic chemistry and digital forensics. UCO joins Eastern Kentucky University as the first two universities in the nation to receive accreditation for an undergraduate digital forensics program.

1 0

Implications of the Fourth Industrial Revolution
by grarpamp 24 Jan '19

24 Jan '19

http://star-tides.net/sites/default/files/documents/files/Natnl%20Sec%20Imp… · 4th just beginning: fuse technologies "blur lines between physical, digital and biological spheres" 4 th Industrial Revolution (4 th IR) · Key distinctions between 3rd & 4th revolutions: Velocity of change, scope, and systems-wide impact · Massively disruptive, and accelerating · Transforming management, as well as production and distribution · Can provide very important collective benefits to society, but also negatively affect many individuals Loss of jobs and pace of social change Machine learning and artificial intelligence

1 0

PTSD “a sign you have a conscience and a heart… a sign you love and you care” - [PEACE]
by Zenaan Harkness 24 Jan '19

24 Jan '19

>From the “embrace your inner stress cadet” department: PTSD: The Price You Pay For Survival https://www.zerohedge.com/news/2019-01-23/ptsd-price-you-pay-survival Something a lot of people forget when they think about survival is what happens after you’ve survived. When you get through something terrible, there’s always a price you must pay for your survival. You won’t get through it unscathed. Oftentimes, that price is Post-Traumatic Stress Disorder or PTSD. This is a very real condition triggered by experiencing or witnessing a horrifying event or series of events. You can learn more about PTSD here on the VA website. Once called “shell shock” or “battle fatigue syndrome” it can affect more than just soldiers. You can’t survive something awful and expect to live unscathed. PTSD isn’t a symptom of weakness. It’s a sign that you have a conscience and a heart. It’s a sign that you love and you care. It’s part of being a survivor, and that’s why all of us are here – we want to survive. In this article, Selco shares his deeply personal experience with PTSD. …

2 1

Overlay Networks: Research Improvements and Attacks [was: planetlab butterfly relays]
by grarpamp 24 Jan '19

24 Jan '19

On 1/23/19, nusenu <nusenu-lists(a)riseup.net> wrote: > thanks for adding tor relays. > If you are using them for research purposes please ensure > you follow the safety guidelines: > https://research.torproject.org/safetyboard.html > https://medium.com/@nusenu/some-tor-relays-you-might-want-to-avoid-5901597a… > https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays > | Up | Ext | JoinTime | Nickname | Version | IP | > AS | CC | ORp | Dirp | OS | > Contact | eFamMembers | FP | > https://twitter.com/nusenu_ > https://mastodon.social/@nusenu As many know, many guidelines regarding the stronger distributed encrypted overlay and messaging networks out there are naturally voluntary, and research and attacks are often generally unenforceable and or undetectable when undertaken by qualified adversaries. Many parties [publicly] subscribe to such guidelines, many [silently] don't. That's the nature [and one of the risks] of such networks, indeed of any network. Such adversaries exist and are highly active and capable. Know your adversary. Strengthen your designs to match and best them. As to the nodes, they're all planet-lab.net hosts, planetlab has at least two known tor slices "okstate_tor" and "uml_ZhenLing", some public research outputs [or not] of which might be listed below... https://www.cs.uml.edu/~xinwenfu/paper/TorCellSize_ICC11_Fu.pdf https://www.cs.uml.edu/~xinwenfu/paper/TorWard14_Fu.pdf http://cse.seu.edu.cn/PersonalPage/zhenling/publications_files/infocom2014_… http://cse.seu.edu.cn/PersonalPage/zhenling/publications_files/infocom2013_… http://cse.seu.edu.cn/PersonalPage/zhenling/publications_files/infocom2012_… https://news.okstate.edu/articles/communications/2015/tedx-returns-oklahoma… https://www.youtube.com/watch?v=9QsjkJcUznA MEMEX Christopher White ‎Jiangmin yu, Eric Chan-Tin: Realistic Cover Traffic to Mitigate Website Fingerprinting Attacks DOI: 10.1109/ICDCS.2018.00175 Conference: 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS) Identifying Webbrowsers in Encrypted Communications DOI: 10.1145/2665943.2665968 Revisiting Circuit Clogging Attacks on Tor DOI: 10.1109/ARES.2013.17 Conference: Availability, Reliability and Security (ARES), 2013 Eighth International Conference on https://chantin.cs.luc.edu/~chantin/ARES2013.pdf Application Of Data Analytics - Case Studies https://shareok.org/bitstream/handle/11244/54637/Yu_okstate_0664D_15098.pdf

1 3

Cryptocurrency: Most Cited Blockchain Forensic Analysis Publications
by grarpamp 24 Jan '19

24 Jan '19

https://blockchainlibrary.org/2017/11/most-cited-blockchain-forensic-analys… https://steemit.com/@blockchainlib/ Most Cited Blockchain Forensic Analysis Publications Last updated November 4th, 2017. “Trust among strangers in Internet transactions: Empirical analysis of eBay’s reputation system“. P Resnick, R Zeckhauser. 2002. emeraldinsight.com The Economics of the Internet and …. 2072 cites. “Bitcoin and beyond: A technical survey on decentralized digital currencies“. F Tschorsch, B Scheuermann. 2016. ieeexplore.ieee.org IEEE Communications Surveys …. 80 cites. “Protocols for secure electronic commerce“. MH Sherif. 2016. books.google.com . 70 cites. “Cutting the gordian knot: A look under the hood of ransomware attacks“. A Kharraz, W Robertson, D Balzarotti, L Bilge…. 2015. Springer … on Detection of …. 57 cites. “Bitiodine: Extracting intelligence from the bitcoin network“. M Spagnuolo, F Maggi, S Zanero. 2014. Springer International Conference on Financial …. 52 cites. “Virtual currencies; Bitcoin & what now after Liberty Reserve, Silk Road, and Mt. Gox?“. LJ Trautman. 2014. papers.ssrn.com . 49 cites. “Mobile security technology“. US Patent 9,014,661. 2015. Google Patents. 48 cites. “Beyond Bitcoin: Issues in Regulating Blockchain Tranactions“. TI Kiviat. 2015. HeinOnline Duke LJ. 41 cites. “A learned representation for artistic style“. V Dumoulin, J Shlens, M Kudlur, A Behboodi…. 2016. arxiv.org arXiv preprint arXiv …. 40 cites. “Corporate governance and blockchains“. D Yermack. 2017. academic.oup.com Review of Finance. 40 cites. “Information management systems on construction projects: case reviews“. N Craig, J Sommerville. 2006. emeraldinsight.com Records Management Journal. 37 cites. “What will be the next records management orthodoxy?“. J Lappin. 2010. emeraldinsight.com Records Management Journal. 37 cites. “Bitcoin: under the hood“. A Zohar. 2015. dl.acm.org Communications of the ACM. 28 cites. “Keeping authorities” honest or bust” with decentralized witness cosigning“. E Syta, I Tamas, D Visher, DI Wolinsky…. 2016. ieeexplore.ieee.org Security and Privacy …. 26 cites. “Recordkeeping informatics: re-figuring a discipline in crisis with a single minded approach“. F Upward, B Reed, G Oliver…. 2013. emeraldinsight.com Records Management …. 25 cites. “Medrec: Using blockchain for medical data access and permission management“. A Azaria, A Ekblaw, T Vieira…. 2016. ieeexplore.ieee.org Open and Big Data (OBD …. 24 cites. “Near zero Bitcoin transaction fees cannot last forever“. K Kaskaloglu. 2014. sdiwc.net … Conference on Digital Security and Forensics …. 23 cites. “Trends, tips, tolls: A longitudinal study of Bitcoin transaction fees“. M Möser, R Böhme. 2015. Springer … Conference on Financial Cryptography and Data …. 23 cites. “Daemon“. D Suarez. 2017. books.google.com . 16 cites. “Development of RMJ: A mirror of the development of the profession and discipline of records management“. J McLeod, C Hare. 2010. emeraldinsight.com Records Management Journal. 16 cites. “Security protocols and evidence: Where many payment systems fail“. SJ Murdoch, R Anderson. 2014. Springer … on Financial Cryptography and Data Security. 16 cites. “A survey of P2P Network security“. L Washbourne. 2015. arxiv.org arXiv preprint arXiv:1504.01358. 15 cites. “Blockchains and Bitcoin: Regulatory responses to cryptocurrencies“. A Guadamuz, C Marsden. 2015. papers.ssrn.com . 15 cites. “New Private Monies: A Bit-Part Player?“. K Dowd. 2014. papers.ssrn.com . 14 cites. “Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage“. Y Yu, MH Au, G Ateniese, X Huang…. 2017. ieeexplore.ieee.org … Forensics and …. 13 cites. “Security and privacy in decentralized energy trading through multi-signatures, blockchain and anonymous messaging streams“. NZ Aitzhan, D Svetinovic. 2016. ieeexplore.ieee.org IEEE Transactions on Dependable …. 13 cites. “On the security of key extraction from measuring physical quantities“. M Edman, A Kiayias, Q Tang…. 2016. ieeexplore.ieee.org … on Information Forensics …. 12 cites. “Diplomatics of born digital documents–considering documentary form in a digital environment“. C Rogers. 2015. emeraldinsight.com Records Management Journal. 11 cites. “Listening to whispers of ripple: Linking wallets and deanonymizing transactions in the ripple network“. P Moreno-Sanchez, MB Zafar, A Kate. 2016. degruyter.com Proceedings on Privacy …. 11 cites. “On the properties of non-media digital watermarking: a review of state of the art techniques“. AS Panah, R Van Schyndel, T Sellis, E Bertino. 2016. ieeexplore.ieee.org IEEE Access. 11 cites. “Reverse Engineering and Security Evaluation of Commercial Tags for RFID-Based IoT Applications“. TM Fernández-Caramés, P Fraga-Lamas…. 2016. mdpi.com Sensors. 11 cites. “A trustless privacy-preserving reputation system“. A Schaub, R Bazin, O Hasan, L Brunie. 2016. Springer IFIP International Information …. 10 cites. “Cyberspace and cybersecurity“. G Kostopoulos. 2017. books.google.com . 10 cites. “Electronic Currency: The Potential Risks to National Security and Methods to Minimize Them“. GN Vovchenko, NE Tishchenko, VT Epifanova…. 2017. ersj.eu European Research …. 9 cites. “Tackling the wicked problem of ERM: using the Cynefin framework as a lens“. S Childs, J McLeod. 2013. emeraldinsight.com Records Management Journal. 9 cites. “Virtual Currencies: Bitcoin & What Now after Liberty Reserve, Silk Road, and Mt. Gox“. L Trautman. 2013. HeinOnline Rich. JL & Tech.. 9 cites. “Bitcoin and the uniform commercial code“. JL Schroeder. 2015. HeinOnline U. Miami Bus. L. Rev.. 8 cites. “BitIodine: extracting intelligence from the Bitcoin network“. M Spagnuolo. 2013. politesi.polimi.it . 8 cites. “Cryptocurrency-Based Law“. M Abramaowicz. 2016. HeinOnline Ariz. L. Rev.. 8 cites. “P2P Mixing and Unlinkable Bitcoin Transactions.“. T Ruffing, P Moreno-Sanchez…. 2016. pdfs.semanticscholar.org IACR Cryptology ePrint …. 8 cites. “Sovereign money: Beyond reserve banking“. J Huber. 2016. books.google.com . 8 cites. “A Case Study for Blockchain in Healthcare:“MedRec” prototype for electronic health records and medical research data“. A Ekblaw, A Azaria, JD Halamka…. 2016. healthit.gov … of IEEE Open & Big Data …. 7 cites. “A dangerous trend of cybercrime: ransomware growing challenge“. DPB Pathak, YM Nanded. 2016. ijarcet.org … Journal of Advanced Research in Computer …. 7 cites. “A Novel Multi-Focus Image Fusion Method Based on Stochastic Coordinate Coding and Local Density Peaks Clustering“. Z Zhu, G Qi, Y Chai, Y Chen. 2016. mdpi.com Future Internet. 7 cites. “A Wearable Revolution: Is the smartwatch the next small big thing?“. M Kracheel, W Bronzi, H Kazemi. 2014. publications.uni.lu IT ONE Magazine 2014. 7 cites. “Cryptocurrencies: The Next Generation of Terrorist Financing?“. AE Brill, L Keene. 2014. papers.ssrn.com . 7 cites. “The Unreasonable Effectiveness of Address Clustering“. M Harrigan, C Fretter. 2016. ieeexplore.ieee.org … Cloud and Big Data Computing, Internet …. 7 cites. “An Empirical Analysis of Linkability in the Monero Blockchain“. A Miller, M Möser, K Lee, A Narayanan. 2017. arxiv.org arXiv preprint arXiv:1704.04299. 6 cites. “Apple Pay, Bitcoin, and Consumers: The ABCs of Future Public Payments Law“. ME Burge. 2015. papers.ssrn.com . 6 cites. “Behind closed doors: measurement and analysis of CryptoLocker ransoms in Bitcoin“. K Liao, Z Zhao, A Doupé, GJ Ahn. 2016. ieeexplore.ieee.org Electronic Crime Research …. 6 cites. “Blockchain-Based Database to Ensure Data Integrity in Cloud Computing Environments.“. E Gaetani, L Aniello, R Baldoni, F Lombardi…. 2017. ceur-ws.org ITASEC. 6 cites. “Cryptocurrencies and business ethics“. C Dierksmeier, P Seele. 2016. Springer Journal of Business Ethics. 6 cites. “Cryptocurrency: how bitcoin and digital money are challenging the global economic order“. P Vigna, MJ Casey. 2015. Random House . 6 cites. “International accounting standards and accounting quality in code-law countries: The case of Egypt“. IES Ebaid. 2016. emeraldinsight.com Journal of Financial Regulation and Compliance. 6 cites. “Privacy preserving Internet of Things: From privacy techniques to a blueprint architecture and efficient implementation“. PP Jayaraman, X Yang, A Yavari…. 2017. Elsevier Future Generation …. 6 cites. “Bitcoin block withholding attack: Analysis and mitigation“. S Bag, S Ruj, K Sakurai. 2017. ieeexplore.ieee.org … on Information Forensics and …. 5 cites. “Bitcoin-based fair payments for outsourcing computations of fog devices“. H Huang, X Chen, Q Wu, X Huang, J Shen. 2018. Elsevier Future Generation Computer …. 5 cites. “Entering the matrix: the challenge of regulating Radical Leveling Technologies“. JJ Snow. 2015. calhoun.nps.edu . 5 cites. “Music on the blockchain“. M O’Dair, Z Beaven, D Neilson, R Osborne, P Pacifico. 2016. eprints.mdx.ac.uk . 5 cites. “Provchain: A blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability“. X Liang, S Shetty, D Tosh, C Kamhoua…. 2017. dl.acm.org Proceedings of the 17th …. 5 cites. “The implications of economic cybercrime for policing“. M Levi, A Doig, R Gundur, D Wall, ML Williams. 2016. orca.cf.ac.uk . 5 cites. “Tomorrow’s Inheritance: The Frontiers of Estate Planning Formalism“. D Horton. 2017. HeinOnline BCL Rev.. 5 cites. ““Justice delayed is justice denied” Records management and the travesty of justice in South Africa“. M Ngoepe, S Makhubela. 2015. emeraldinsight.com Records Management Journal. 4 cites. “A New Framework for a Novel Lattice: 3D Printers, DNA Fabricators, and the Perils in Regulating the Raw Materials of the Next Era of Revolution, Renaissance, and …“. P Jensen-Haxel. 2015. HeinOnline Wake Forest JL & Pol’y. 4 cites. “Optimizing Governed Blockchains for Financial Process Authentications“. LN Lundbaek, AC D’Iddio, M Huth. 2016. arxiv.org arXiv preprint arXiv:1612.00407. 4 cites. “Security of Electronic Payment Systems: A Comprehensive Survey“. S Solat. 2017. arxiv.org arXiv preprint arXiv:1701.04556. 4 cites. “The Decision to Produce Altcoins: Miners’ Arbitrage in Cryptocurrency Markets“. A Hayes. 2015. papers.ssrn.com Browser Download This Paper. 4 cites. “Towards automated threat intelligence fusion“. A Modi, Z Sun, A Panwar, T Khairnar…. 2016. ieeexplore.ieee.org … (CIC), 2016 IEEE …. 4 cites. “A review of existing and emerging digital technologies to combat the global trade in fake medicines“. TK Mackey, G Nayyar. 2017. Taylor & Francis Expert Opinion on Drug Safety. 3 cites. “A Survey on Security and Privacy Issues of Bitcoin“. M Conti, C Lal, S Ruj. 2017. arxiv.org arXiv preprint arXiv:1706.00916. 3 cites. “A Traceability Analysis of Monero’s Blockchain.“. A Kumar, C Fischer, S Tople, P Saxena. 2017. eprint.iacr.org IACR Cryptology ePrint …. 3 cites. “Decentralizing authorities into scalable strongest-link cothorities“. E Syta, I Tamas, D Visher…. 2015. pdfs.semanticscholar.org CoRR, abs …. 3 cites. “Electronic Voting Service Using Block-Chain“. K Lee, JI James, TG Ejeta…. 2016. search.proquest.com … Journal of Digital Forensics …. 3 cites. “Investment funds, shadow banking and systemic risk“. E Bengtsson. 2016. emeraldinsight.com Journal of Financial Regulation and Compliance. 3 cites. “Money“. J Huber. 2017. Springer Sovereign Money. 3 cites. “Radical Technologies: The Design of Everyday Life“. A Greenfield. 2017. books.google.com . 3 cites. “Security implications of blockchain cloud with analysis of block withholding attack“. DK Tosh, S Shetty, X Liang, CA Kamhoua…. 2017. dl.acm.org Proceedings of the 17th …. 3 cites. “The Board’s Responsibility for Crisis Governance“. LJ Trautman. 2016. HeinOnline Hastings Bus. LJ. 3 cites. “The Scandal of Money: Why Wall Street Recovers But the Economy Never Does“. G Gilder. 2016. books.google.com . 3 cites. “The use of crypto-currencies in funding violent jihad“. ASM Irwin, ASM Irwin, G Milad…. 2016. emeraldinsight.com Journal of Money …. 3 cites. “The WPA-Lancet Psychiatry Commission on the Future of psychiatry“. D Bhugra, A Tasman, S Pathare, S Priebe, S Smith…. 2017. Elsevier The Lancet …. 3 cites. “Using crime data in academic research: issues of comparability and integrity“. A Ludwig, M Marshall. 2015. emeraldinsight.com Records Management Journal. 3 cites. “Why Won’t Johnny Encrypt?“. H Orman. 2015. ieeexplore.ieee.org IEEE Internet Computing. 3 cites. “A Decentralized Anonymity-Preserving Reputation System with Constant-time Score Retrieval.“. R Bazin, A Schaub, O Hasan…. 2016. pdfs.semanticscholar.org IACR Cryptology ePrint …. 2 cites. “A Probabilistic Nanopayment Scheme for Golem“. P Bylica, L Glen, P Janiuk, A Skrzypcaz, A Zawlocki. 2015. golemproject.net . 2 cites. “Analysis of the Cryptocurrency Marketplace“. A Heid. 2013. hackmiami.org Retrieved February. 2 cites. “BBDS: Blockchain-Based Data Sharing for Electronic Medical Records in Cloud Environments“. Q Xia, EB Sifah, A Smahi, S Amofa, X Zhang. 2017. mdpi.com Information. 2 cites. “Cyber Guerilla“. J Van Haaster, R Gevers, M Sprengers. 2016. books.google.com . 2 cites. “Cybersecurity problems in a typical hospital (and probably in all of them)“. H Thimbleby. 2017. cronfa.swan.ac.uk . 2 cites. “Developing a comprehensive information security framework for mHealth: a detailed analysis“. N Vithanwattana, G Mapp, C George. 2017. Springer Journal of Reliable Intelligent …. 2 cites. “Digital Forensics: Threatscape and Best Practices“. J Sammons. 2015. books.google.com . 2 cites. “Knowledge discovery from within: An examination of records management and electronic records management syllabi“. DC Force, DC Force, J Zhang…. 2016. emeraldinsight.com Records Management …. 2 cites. “Peer-to-peer law, built on Bitcoin“. MB Abramowicz. 2015. scholarship.law.gwu.edu . 2 cites. “Publics and counterpublics on the front page of the internet: The cultural practices, technological affordances, hybrid economics and politics of reddit’s public …“. NJ Springer. 2015. search.proquest.com . 2 cites. “Real-time digital signatures for time-critical networks“. AA Yavuz, A Mudgerikar, A Singla…. 2017. ieeexplore.ieee.org … Forensics and …. 2 cites. “Research Ideas for Artificial Intelligence in Auditing: The Formalization of Audit and Workforce Supplementation“. H Issa, T Sun, MA Vasarhelyi. 2016. aaajournals.org Journal of Emerging Technologies …. 2 cites. “Rich Credentials for Remote Identity Proofing“. K Lewison, F Corella. 2016. pomcor.com . 2 cites. “Scaling SPADE to “Big Provenance”“. A Gehani, H Kazmi, H Irshad. 2016. usenix.org … of the 8th USENIX Conference on Theory …. 2 cites. “Scoping: Exploring a collective R&D process for entrepreneurs, microenterprises, and SMEs“. S COULSON, M WOODS. 2016. discovery.dundee.ac.uk the Proceedings of the 20th DMI …. 2 cites. “Silicon to syringe: Cryptomarkets and disruptive innovation in opioid supply chains“. M Gilbert, N Dasgupta. 2017. Elsevier International Journal of Drug Policy. 2 cites. “Social Palimpsests–Clouding the Lens of the Personal Panopticon“. N SHADBOLT. 2014. books.google.com … Yearbook 2014: Social Networks and Social …. 2 cites. “Strong Federations: An Interoperable Blockchain Solution to Centralized Third Party Risks“. J Dilley, A Poelstra, J Wilkins, M Piekarska…. 2016. arxiv.org arXiv preprint arXiv …. 2 cites. “Sustainability of bitcoin and blockchains“. H Vranken. 2017. Elsevier Current Opinion in Environmental Sustainability. 2 cites. “Systems and methods for executing cryptographically secure transactions using voice and natural language processing“. MS Meadows. 2015. Google Patents US Patent App. 14/668,882. 2 cites. “The Alpha Engine: Designing an Automated Trading Algorithm“. A Golub, J Glattfelder, RB Olsen. 2017. papers.ssrn.com . 2 cites. “The Anthropocene, resilience and post-colonial computation“. D McQuillan. 2017. Taylor & Francis Resilience. 2 cites. “the Deep Web“. V Ciancaglini, M Balduzzi, R McArdle, M Rösler. 2015. trendmicro.nl Trend Micro. 2 cites. “The economics of crypto-democracy“. DWE Allen, C Berg, AM Lane, J Potts. 2017. papers.ssrn.com . 2 cites. “Towards self-sovereign identity using blockchain technology“. DS Baars. 2016. essay.utwente.nl . 2 cites. “Trust Implications of DDoS Protection in Online Elections“. C Culnane, M Eldridge, A Essex, V Teague. 2017. Springer … Joint Conference on …. 2 cites. “Virtual currencies and the implications for US anti-money laundering regulations“. BA Pamplin. 2014. search.proquest.com . 2 cites. “What happened to global banking after the crisis?“. D Schoenmaker, D Schoenmaker. 2017. emeraldinsight.com Journal of Financial …. 2 cites. “A forensic look at Bitcoin cryptocurrency“. MD Doran. 2014. search.proquest.com . 1 cites. “An Analysis of Attacks on Blockchain Consensus“. G Bissias, BN Levine, AP Ozisik…. 2016. arxiv.org arXiv preprint arXiv …. 1 cites. “An Efficient E2E Verifiable E-voting System without Setup Assumptions“. A Kiayias, T Zacharias, B Zhang. 2017. ieeexplore.ieee.org IEEE Security & Privacy. 1 cites. “An Introduction to the Blockchain and Its Implications for Libraries and Medicine“. MB Hoy. 2017. Taylor & Francis Medical Reference Services Quarterly. 1 cites. “Anonymity Properties of the Bitcoin P2P Network“. G Fanti, P Viswanath. 2017. arxiv.org arXiv preprint arXiv:1703.08761. 1 cites. “As technology goes democratic, nations lose military control“. B FitzGerald, J Parziale. 2017. Taylor & Francis Bulletin of the Atomic Scientists. 1 cites. “Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks“. C Wressnegger, K Freeman, F Yamaguchi…. 2017. dl.acm.org … of the 2017 ACM on Asia …. 1 cites. “Autonomous Weapon Systems and Strategic Stability“. J Altmann, F Sauer. 2017. iiss.tandfonline.com Survival. 1 cites. “BITCOIN COMO ALTERNATIVA TRANSVERSAL DE INTERCAMBIO MONETARIO EN LA ECONOMÍA DIGITAL“. ZJP Cárdenas, MAV Avellaneda…. 2015. revistas.udistrital.edu.co Redes de …. 1 cites. “Bitcoin, the Law and Emerging Public Policy: Towards a 21st Century Regulatory Scheme“. GM Karch. 2014. HeinOnline Fla. A & M UL Rev.. 1 cites. “Bitcoin: Perils of an Unregulated Global P2P Currency (Transcript of Discussion)“. ST Ali. 2015. Springer Cambridge International Workshop on Security …. 1 cites. “BitIodine: Extracting Intelligence from the Bitcoin Network“. F Maggi, S Zanero, M Spagnuolo. 2014. . 1 cites. “Cloud as a Service: Understanding the Service Innovation Ecosystem“. E Castro-Leon, R Harmon. 2016. books.google.com . 1 cites. “Conflict of Laws Cross to Public International Laws: The Conflicting Models in the Conceptualisation of Disability Rights Under International Humanitarian Law and …“. I Mugabi. 2015. papers.ssrn.com . 1 cites. “Cyberinsurance Value Generator or Cost Burden?“. SK Ishaq, C CISA. 2016. isaca.org . 1 cites. “Data Analytics and Big Data: Opportunity or Threat for the Accounting Profession?“. G Richins, A Stapleton, TC Stratopoulos, C Wong. 2016. papers.ssrn.com . 1 cites. “Dealer, Hacker, Lawyer, Spy. Modern Techniques and Legal Boundaries of Counter-cybercrime Operations“. K Bojarski. 2015. academia.edu The European Review of Organised Crime. 1 cites. “Digital diplomatics and forensics: going forward on a global basis“. FB Cohen. 2015. emeraldinsight.com Records Management Journal. 1 cites. “Digital diplomatics and measurement of electronic public data qualities: What lessons should be learned?“. B Makhlouf Shabou. 2015. emeraldinsight.com Records Management Journal. 1 cites. “Digital Preservation: From Possible to Practical“. G Dingwall. 2017. books.google.com Currents of Archival Thinking. 1 cites. “Disrupting Agents, Distributing Agency“. CHP Zuckerman. 2017. books.google.com Distributed Agency. 1 cites. “How companies achieve balance between technology enabled innovation and cyber-security“. NNN Nelson. 2016. dspace.mit.edu . 1 cites. “Incentivizing blockchain forks via whale transactions“. K Liao, J Katz. 2017. cs.umd.edu Bitcoin Workshop. 1 cites. “Information Security and Privacy“. JK Liu, R Steinfeld. 2007. Springer . 1 cites. “Macroprudential policy–closing the financial stability gap“. S Fahr, S Fahr, J Fell, J Fell. 2017. emeraldinsight.com Journal of Financial Regulation …. 1 cites. “MeDShare: Trust-Less Medical Data Sharing Among Cloud Service Providers via Blockchain“. Q Xia, EB Sifah, KO Asamoah, J Gao, X Du…. 2017. ieeexplore.ieee.org IEEE …. 1 cites. “MOBILE SECURITY TECHNOLOGY“. C Decharms. 2016. freepatentsonline.com US Patent 20,160,192,166. 1 cites. “NPP: A New Privacy-Aware Public Auditing Scheme for Cloud Data Sharing with Group Users“. A Fu, S Yu, Y Zhang, H Wang…. 2017. ieeexplore.ieee.org IEEE Transactions on Big …. 1 cites. “Object-oriented diplomatics: Using archival diplomatics in software application development to support authenticity of digital records“. A Jansen. 2015. emeraldinsight.com Records Management Journal. 1 cites. “P2P Mixing and Unlinkable P2P Transactions“. P Moreno-Sanchez, T Ruffing, A Kate. 2016. pdfs.semanticscholar.org Draft, June. 1 cites. “Personal Archive Service System using Blockchain Technology: Case Study, Promising and Challenging“. Z Chen, Y Zhu. 2017. ieeexplore.ieee.org AI & Mobile Services (AIMS), 2017 IEEE …. 1 cites. “Preserving the Archival Bond in Distributed Ledgers: A Data Model and Syntax“. VL Lemieux, M Sporny. 2017. dl.acm.org … of the 26th International Conference on World …. 1 cites. “Privacy-preserving smart grid tariff decisions with blockchain-based smart contracts“. F Knirsch, A Unterweger, G Eibl, D Engel. 2018. Springer Sustainable Cloud and Energy …. 1 cites. “Proof of Stake Blockchain: Performance and Scalability for Groupware Communications“. J Spasovski, P Eklund. 2017. researchgate.net Proceedings of the International …. 1 cites. “Revisiting the effect of regulation, supervision and risk on banking performance: Evidence from European banks based on PSTR model“. H Rachdi, F Ben Bouheni. 2016. emeraldinsight.com Journal of Financial Regulation and …. 1 cites. “Securing Claim Data via Block-Chains for a Peer to Peer Platform“. W Slavin. 2016. Google Patents US Patent App. 15/004,702. 1 cites. “Security for 4G and 5G cellular networks: A survey of existing authentication and privacy-preserving schemes“. MA Ferrag, L Maglaras, A Argyriou…. 2017. arxiv.org arXiv preprint arXiv …. 1 cites. “Short selling and the development of anti-shorting laws in the UK“. A Mohamad. 2016. emeraldinsight.com Journal of Financial Regulation and Compliance. 1 cites. “Software independence revisited“. RL Rivest, M Virza. 2017. people.csail.mit.edu … -World Electronic Voting: Design, Analysis …. 1 cites. “Solving Modern Crime in Financial Markets: Analytics and Case Studies“. MC Frunza. 2015. books.google.com . 1 cites. “System and method for data management structure using auditable delta records in a distributed environment“. S Grefen, A Jaehde, D Mackie. 2016. Google Patents US Patent App. 15/367,873. 1 cites. “The 21st Century Case for Gold: A New Information Theory of Money“. G Gilder. 2016. thescienceexperience.org . 1 cites. “The Adoption Process of Cryptocurrencies-Identifying factors that influence the adoption of cryptocurrencies from a multiple stakeholder perspective“. HF Spenkelink. 2014. essay.utwente.nl . 1 cites. “The Challenge of Bitcoin Pseudo-Anonymity to Computer Forensics“. EJ Imwinkelried, J Luu. 2015. papers.ssrn.com . 1 cites. “The crowdjury, a crowdsourced justice system for the collaboration era“. F Ast, A Sewrjugin. 2015. weusecoins.com . 1 cites. “The measurement and regulation of shadow banking in Ireland“. J Stewart, J Stewart, C Doyle…. 2017. emeraldinsight.com Journal of Financial …. 1 cites. “The New Market Manipulation“. TCW Lin. 2016. HeinOnline Emory LJ. 1 cites. “The Tao of open source intelligence“. S Bertram. 2015. books.google.com . 1 cites. “Time intervals as a Behavioral Biometric“. JV Monaco. 2015. researchgate.net . 1 cites. “Towards an internet of trust: issues and solutions for identification and authentication in the internet of things“. M Signorini. 2015. tdx.cat . 1 cites. “Tracking digital footprints: anonymity within the bitcoin system“. P Reynolds, P Reynolds, ASM Irwin…. 2017. emeraldinsight.com Journal of Money …. 1 cites. “Uncoupling the relationship between corruption and money laundering crimes“. N Mugarura. 2016. emeraldinsight.com Journal of Financial Regulation and Compliance. 1 cites. “Virtual Currencies and Fundamental Rights“. C Rueckert. 2016. papers.ssrn.com Browser Download This Paper. 1 cites. “Visualization and Data Provenance Trends in Decision Support for Cybersecurity“. J Garae, RKL Ko. 2017. Springer Data Analytics and Decision Support for Cybersecurity. 1 cites. “When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies“. S Goldfeder, H Kalodner, D Reisman…. 2017. arxiv.org arXiv preprint arXiv …. 1 cites. “Точки экономического и инновационного роста: модель организации эффективного функционирования региона“. ДД Буркальцева. 2017. cyberleninka.ru МИР (Модернизация. Инновации. Развитие). 1 cites. ““SMART” CONTRACT MARKETS: TRADING DERIVATIVES CONTRACTS ON THE BLOCKCHAIN“. TI KIVIAT. 2015. pdfs.semanticscholar.org . 0 cites. “11th USENIX Symposium on Networked Systems Design and Implementation“. S IX. 2016. enigma.usenix.org . 0 cites. “12 Social media’s impact on intellectual property rights“. D Collopy. 2017. books.google.com Handbook of Research on Counterfeiting and Illicit …. 0 cites. “3TH1CS: A reinvention of ethics in the digital age?“. P Otto, E Gräf. 2017. iRights Media . 0 cites. “4.25 Chromatic index/edge coloring“. M Lewenstein, S Pettie…. 2017. vesta.informatik.rwth-aachen.de … and Hardness in …. 0 cites. “4-D COMMON OPERATIONAL PICTURE (COP) FOR MISSION ASSURANCE (4D COP) Task Order 0001: Air Force Research Laboratory (AFRL) Autonomy …“. PH Jones, KM Dye. 2016. dtic.mil . 0 cites. “4-D printing (four-dimensional printing)“. A Rajey. 0. tngconsultores.com. 0 cites. “A Bibliography of O’Reilly & Associates and O’Reilly Media. Inc. Publishers“. NHF Beebe. 2017. 155.101.98.136 . 0 cites. “A blockchain future to Internet of Things security: A position paper“. M Banerjee, J Lee, KKR Choo. 2017. Elsevier Digital Communications and Networks. 0 cites. “A Block-Chain Implemented Voting System“. F Caiazzo, M Chow. 2016. cs.tufts.edu . 0 cites. “A Comprehensive Insight towards Research Direction in Information Propagation“. N Kayarvizhy. 0. researchgate.net. 0 cites. “A conceptual framework for the Basel accords-based regulation“. J Mohammed Ahmed. 2016. emeraldinsight.com Journal of Financial Regulation and …. 0 cites. “A Cross-Sectional Overview of Cryptoasset Governance and Implications for Investors“. N Carter. 0. coinmetrics.io. 0 cites. “A Distributed Public Key Infrastructure for the Web Backed by a Blockchain“. B Fredriksson. 2017. diva-portal.org . 0 cites. “A Distributed X. 509 Public Key Infrastructure Backed by a Blockchain“. B Fredriksson. 2017. helix.stormhub.org . 0 cites. “A GRAPH-BASED INVESTIGATION OF BITCOIN TRANSACTIONS“. C Zhao, Y Guan. 2015. Springer IFIP International Conference on Digital Forensics. 0 cites. “A novel method to authenticate in website using CAPTCHA‐based validation“. SK Krishnamoorthy…. 2016. Wiley Online Library Security and …. 0 cites. “A platform for end-to-end mobile application infrastructure analytics using system log correlation“. V Ramakrishna, N Rajput…. 2017. ieeexplore.ieee.org IBM Journal of …. 0 cites. “A proposal to improve the authentication process in m-health environments“. FD Guillén-Gámez, I García-Magariño…. 2017. ieeexplore.ieee.org IEEE …. 0 cites. “A restful e-health interoperability platform: case of Nairobi County health facilities“. DK Rono. 2016. su-plus.strathmore.edu . 0 cites. “A Scalable and Lightweight Grouping Proof Protocol for Internet of Things Applications“. S Rostampour, N Bagheri, M Hosseinzadeh…. 2017. Springer The Journal of …. 0 cites. “A study of Bitcoin as a currency for email-based micro-transactions“. B Eriksson. 2016. diva-portal.org . 0 cites. “A Survey on FinTech“. K Gai, M Qiu, X Sun. 2017. Elsevier Journal of Network and Computer Applications. 0 cites. “A Text-Independent Speaker Authentication System for Mobile Devices“. F Thullier, B Bouchard, BAJ Menelas. 2017. mdpi.com Cryptography. 0 cites. “Adaptation 12 strategies of cybercriminals to interventions from public and private sectors“. F Jansen, J van Lenthe. 2016. books.google.com Cybercrime Through an Interdisciplinary …. 0 cites. “Advance Program“. P MobiApps, E SNAMS, ABA SITA. 2016. ficloud.org . 0 cites. “Advances in Digital Forensics XIII: 13th IFIP WG 11.9 International Conference, Orlando, FL, USA, January 30-February 1, 2017, Revised Selected Papers“. G Peterson, S Shenoi. 2017. books.google.com . 0 cites. “Advances in Internetworking, Data & Web Technologies: The 5th International Conference on Emerging Internetworking, Data & Web Technologies (EIDWT …“. L Barolli, M Zhang, XA Wang. 2017. books.google.com . 0 cites. “Algorithmic governance: Developing a research agenda through the power of collective intelligence“. J Danaher, MJ Hogan, C Noone…. 2017. journals.sagepub.com Big Data & …. 0 cites. “Alumni US“. JP Mitrovic. 2010. alumnius.net The Center for Leadership Studies Network at the …. 0 cites. “Amazon Cloud Journal“. PR Newswire. 0. amazon.ulitzer.com. 0 cites. “American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road“. N Bilton. 2017. books.google.com . 0 cites. “American Kingpin: The Epic Hunt for the Criminal Mastermind behind the Silk Road Drugs Empire“. N Bilton. 2017. Random House . 0 cites. “An Analysis of Energy and Hardware Impacts on the Bitcoin Mining Network“. J LEE, Y KIM. 0. jakehlee.com. 0 cites. “An approach for initiating interventions for bank recovery“. CAE Goodhart, CAE Goodhart…. 2017. emeraldinsight.com Journal of Financial …. 0 cites. “An Exploratory Analysis of the Security Risks of the Internet of Things in Finance“. K Markantonakis. 2017. books.google.com Trust, Privacy and Security in Digital Business …. 0 cites. “An Exploratory Analysis of the Security Risks of the Internet of Things in Finance“. C Shepherd, FAP Petitcolas, RN Akram…. 2017. Springer … Conference on Trust …. 0 cites. “An Innovative Merger of Academe and Corporation: A Non-Thesis Distance Computing Masters’ Degree with IBM Open Badging Technologies“. RF Roggio, K Shaik. 2017. search.proquest.com International Conference on Computer …. 0 cites. “Analysis of Bitcoin Transaction Flows to Reveal Usage and Geographic Patterns“. SP Bissessar. 2013. nicolascourtois.com The New York Times. 0 cites. “Analysis of Present Day Election Processes Vis-À-Vis Elections Through Blockchain Technology“. K Hegadekatti. 2017. papers.ssrn.com . 0 cites. “Analysis of the impact of technological advances on financial institutions“. MJ Michalow. 2016. search.proquest.com . 0 cites. “and the Chair of the Applied Economics Department at the Sapir Academic College. His main areas of interest are innovation and high-tech policy, economic growth …“. R Bar-El. 2017. emeraldinsight.com Human Capital and Assets in the Networked World. 0 cites. “Arbitrage and International Trade and Finance“. K Doshi. 2017. qrius.com Science. 0 cites. “Artificial Intelligence and Blockchains in financial services. Potential applications, challenges, and risks“. A Shet Shirodkar. 2017. content.grin.com . 0 cites. “Artificial Intelligence–Fact or Fiction“. KVN Rajesh, KVN Ramesh. 2012. csi-india.org Computing NaNo. 0 cites. “Authenticated Data Redaction with Fine-Grained Control“. J Ma, J Liu, X Huang, Y Xiang…. 2017. ieeexplore.ieee.org IEEE Transactions on …. 0 cites. “Authorization by Documents“. H Sato. 2017. jstage.jst.go.jp Journal of Information Processing. 0 cites. “Automated Workflow Scheduling in Self-Adaptive Clouds: Concepts, Algorithms and Methods“. G Kousalya, P Balakrishnan, CP Raj. 2017. Springer . 0 cites. “Automating the accounts payable process“. M Heusser. 0. tngconsultores.com. 0 cites. “Automating the accounts payable process“. M Heusser. 0. tngconsultores.com. 0 cites. “Backchanneling Quantum Bit (Qubit)’Shuffling’: Quantum Bit (Qubit)’Shuffling’as Added Security by Slipstreaming Q-Morse“. J Ronczka. 2016. ieeexplore.ieee.org Computer Science and Engineering (APWC on …. 0 cites. “Bare Feet Pat The Earth: Hardships, Future And Legislations For The Salt Pan Workers In Kutch“. K Doshi. 2017. qrius.com Science. 0 cites. “Big Data Analytics: Opportunity or Threat for the Accounting Profession?“. G Richins, A Stapleton, TC Stratopoulos…. 2017. aaajournals.org Journal of Information …. 0 cites. “Big Data on Ulitzer“. M Walker, K Irwin. 0. bigdata.ulitzer.com. 0 cites. “Big Data Orchestration as a Service Network“. C Esposito, A Castiglione…. 2017. ieeexplore.ieee.org IEEE Communications …. 0 cites. “Bioengineering and biocrime“. V Sutton. 2017. books.google.com The Routledge Handbook of Technology, Crime and …. 0 cites. “Bitcoin as an investment asset: The added value of bitcoin in a global market portfolio“. S Klabbers. 2017. theses.ubn.ru.nl . 0 cites. “Bitcoin forensics: a tutorial“. D Neilson, S Hara, I Mitchell. 2017. Springer … Conference on Global Security, Safety, and …. 0 cites. “Bitcoin regulations and investigations: A proposal for US policies“. JP Fawcett. 2017. search.proquest.com . 0 cites. “Bitcoin: Between Digital Currency and Financial Commodity“. ML Perugini, C Maioli. 2014. papers.ssrn.com . 0 cites. “Bitcoin: Pyramid-scheme Wildfire, New Online Payment Medium, or Future Alternative Currency?“. H Vozak. 0. dspace.cuni.cz. 0 cites. “BITCOIN-BANKING AND TECHNOLOGICAL CHALLENGES“. G Kunjadić. 0. . 0 cites. “BitIodine: Extracting Intelligence from the Bitcoin Network“. D NECSTLab. 2014. books.google.com Financial Cryptography and Data Security: 18th …. 0 cites. “BLOCK CHAIN BASED DATA LOGGING AND INTEGRITY MANAGEMENT SYSTEM FOR CLOUD FORENSICS“. JH Park, JY Park, EN Huh. 0. pdfs.semanticscholar.org. 0 cites. “Blockchain and Distributed Ledgers as Trusted Recordkeeping Systems“. VL Lemieux. 0. researchgate.net. 0 cites. “Blockchain as an Audit-Able Communication Channel“. S Suzuki, J Murai. 2017. ieeexplore.ieee.org Computer Software and Applications …. 0 cites. “Blockchain as an enabler for public mHealth solutions in South Africa“. M WEISS, A BOTHA, M HERSELMAN, G LOOTS. 0. researchgate.net. 0 cites. “Blockchain entrepreneurship opportunity in the practices of the unbanked“. GJ Larios-Hernández. 2017. Elsevier Business Horizons. 0 cites. “Blockchain Explorer: An Analytical Process and Investigation Environment for Bitcoin“. H Kuzuno, C Karam. 0. ieeexplore.ieee.org. 0 cites. “Blockchain for smart grid resilience: Exchanging distributed energy at speed, scale and security“. M Mylrea, SNG Gourisetti. 2017. ieeexplore.ieee.org Resilience Week (RWS), 2017. 0 cites. “Blockchain for the people: Blockchain technology as the basis for a secure and reliable e-voting system“. M Kovic. 2017. osf.io . 0 cites. “Blockchain or not blockchain, that is the question of the insurance and other sectors“. F Lamberti, V Gatteschi, C Demartini…. 2017. ieeexplore.ieee.org IT …. 0 cites. “Blockchain Security in Cloud Computing: Use Cases, Challenges, and Solutions“. JH Park, JH Park. 2017. mdpi.com Symmetry. 0 cites. “Blockchain: Emergent Industry Adoption and Implications for Accounting“. J Kokina, R Mancha…. 2017. aaajournals.org Journal of Emerging …. 0 cites. “Blockchain: Vision and Challenges“. G Caglar, YS Hanay. 2016. internetinitiative.ieee.org Newsletter. 0 cites. “Blocks and Chains: Introduction to Bitcoin, Cryptocurrencies, and Their Consensus Mechanisms“. A Judmayer, N Stifter, K Krombholz…. 2017. morganclaypool.com Synthesis Lectures on …. 0 cites. “BlockSci: Design and applications of a blockchain analysis platform“. H Kalodner, S Goldfeder, A Chator, M Möser…. 2017. arxiv.org arXiv preprint arXiv …. 0 cites. “Bobbies on the net: a police workforce for the digital age“. A Hitchcock, R Holmes, E Sundorph. 2017. reform.uk . 0 cites. “Breaking Data as a Service News“. PR Newswire. 0. daas.ulitzer.com. 0 cites. “Breaking van Gogh: Saint-Rémy, Forgery, and the $95 Million Fake at the Met“. JO Grundvig. 2016. books.google.com . 0 cites. “Buying Votes in the 21st Century: The Potential Use of Bitcoins and Blockchain Technology in Electronic Voting Reform“. B Bogucki. 2017. HeinOnline Asper Rev. Int’l Bus. & Trade L.. 0 cites. “by System Administrator-Wednesday, 10 July 2013, 7: 26 PM“. H o Milestones. 0. tngconsultores.com. 0 cites. “by System Administrator-Wednesday, 10 July 2013, 7: 26 PM“. H o Milestones. 0. tngconsultores.com. 0 cites. “Call for Participants“. JPY Regular, FT Student. 0. jstage.jst.go.jp. 0 cites. “Career Summary“. BM David. 0. bmdavid.com. 0 cites. “CEOs in Technology“. FDA First. 0. ceo.ulitzer.com. 0 cites. “CHANGE HISTORY“. S Martín. 0. truessec.eu. 0 cites. “Changing the Practice of Law Leadership“. K Grady. 0. seytlines.com. 0 cites. “Changing the rules of the game: How can law enforcement deter criminals by increasing the risks of conducting cybercrime?“. P Amann, A Klayn, G Mounier. 2017. ingentaconnect.com Cyber Security: A Peer …. 0 cites. “Characterization of Counterfeit and Substandard Medicines Using Capillary Electrophoresis“. JSS Rudaz. 2016. chromatographyonline.com . 0 cites. “Child abuse materials as digital goods: Why we should fear new commercial forms“. KV Acar. 2017. econstor.eu . 0 cites. “Chuncan Deng, Cheng Yang, Fangyong Xiao, Dajie Suolang and Wenshan She. Accurate Recognition and Extraction of Massive Device Monitoring Signals Based …“. AR Arban Uka, O Tahan, R Hawchar, F Matar. 0. ieeexplore.ieee.org Algorithms. 0 cites. “Cloud as a Service“. E Castro-Leon, R Harmon. 0. Springer. 0 cites. “Cloud Computing as a Service“. E Castro-Leon, R Harmon. 2016. Springer Cloud as a Service. 0 cites. “Cloud Storage: Background and Related Work“. J Reardon. 2016. Springer Secure Data Deletion. 0 cites. “Command Disaggregation Attack and Mitigation in Industrial Internet of Things“. P Xun, PD Zhu, YF Hu, PS Cui, Y Zhang. 2017. mdpi.com Sensors. 0 cites. “Cómo funciona blockchain: Una explicación infográfica“. E McLaughlin. 0. tngconsultores.com. 0 cites. “Computer Security–ESORICS 2017: 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11-15, 2017, Proceedings“. SN Foley, D Gollmann, E Snekkenes. 2017. books.google.com . 0 cites. “CONNECTING MULTIPLE DEVICES WITH BLOCKCHAIN IN THE INTERNET OF THINGS“. JJ Karst, G Brodar. 0. courses.cs.ut.ee. 0 cites. “Conspiracy Theories and Their Investigator (s), Matthew RX Dentith“. MRX Dentith. 0. social-epistemology.com. 0 cites. “Constructing Narrative in the Contemporary Music Industries“. K Barr. 2017. joebennett.net Presented at IASPM. 0 cites. “Contemplating human-centred security & privacy research: Suggesting future directions“. K Renaud, S Flowerday. 2017. Elsevier Journal of Information Security and Applications. 0 cites. “Contributions to Content Placement, Load-balancing and Caching: System Design and Security“. C Neumann. 2016. hal.inria.fr . 0 cites. “Controlling Cyberspace“. D Lewis. 2017. qrius.com History. 0 cites. “Critical analysis and comparison of data protection techniques for genomics data sets“. D Naro. 2016. upcommons.upc.edu . 0 cites. “CrowdBC: A Blockchain-based Decentralized Framework for Crowdsourcing“. M Li, J Weng, A Yang, W Lu, Y Zhang, L Hou, J Liu. 0. eprint.iacr.org. 0 cites. “Cryptocurrency the new money laundering problem for banking, law enforcement, and the legal system“. T Jacquez. 2016. search.proquest.com . 0 cites. “Cryptographic Key Management in Delay Tolerant Networks: A Survey“. SA Menesidou, V Katos, G Kambourakis. 2017. mdpi.com Future Internet. 0 cites. “Cryptography“. B Buchanan. 2017. books.google.com . 0 cites. “Current State Survey and Future Opportunities for Trust and Security in Green Cloud Computing“. A Haouari, Z Mostapha, S Yassir. 2018. igi-global.com Cloud Computing Technologies for …. 0 cites. “Cyberspace Safety and Security: 9th International Symposium, CSS 2017, Xi’an China, October 23–25, 2017, Proceedings“. S Wen, W Wu, A Castiglione. 2017. books.google.com . 0 cites. “Cyber-und Computerkriminalität: Prüfung doloser Handlungen“. A Sowa. 2017. Springer Management der Informationssicherheit. 0 cites. “Cyrilic encryption based image Steganography algorithm“. V Shah. 2017. irjet.net . 0 cites. “D4. 1 Findings on economic modelling of malware as business model“. D Hurley-Smith. 0. . 0 cites. “Damon Liwanu McCoy“. CAD Grunwald, D Sicker. 0. pdfs.semanticscholar.org. 0 cites. “Darknet Forensics“. D Rathod. 0. ijettcs.org future. 0 cites. “Data and the City“. R Kitchin, TP Lauriault, G McArdle. 2017. books.google.com . 0 cites. “Data provenance assurance in the cloud using blockchain“. S Shetty, V Red, C Kamhoua, K Kwiat…. 2017. spiedigitallibrary.org … in Sensors and …. 0 cites. “Decentralized enforcement of document lifecycle constraints“. S Hallé, R Khoury, Q Betti, A El-Hokayem, Y Falcone. 2017. Elsevier Information Systems. 0 cites. “DECIPHERING CRYPTOCURRENCY: SHINING A LIGHT ON THE DEEP DARK WEB“. C DiPiero. 2017. litigation-essentials.lexisnexis.com U. Ill. L. Rev.. 0 cites. “Deep web: Challenges of catching the cyber criminal“. N Williamson. 2014. search.proquest.com . 0 cites. “Defence Against Terrorism Review-DATR“. A Richards. 0. researchgate.net. 0 cites. “Defining cybercrime based on roles of data processing systems“. X Li. 2016. search.informit.com.au Pandora’s Box. 0 cites. “Deliverable D5. 2.1-Conception Exploitation plan“. P Meyer, M Weinrich, S Custic, D Tofan, W Tremmel…. 0. acdc-project.eu. 0 cites. “De-SAG: On the De-anonymization of Structure-Attribute Graph Data“. S Ji, T Wang, J Chen, W Li, P Mittal…. 2017. ieeexplore.ieee.org IEEE Transactions on …. 0 cites. “Developing an adaptive Risk-based access control model for the Internet of Things“. HF Atlam, A Alenezi, RJ Walters, GB Wills, J Daniel. 2017. researchgate.net . 0 cites. “Development of Secure and Reliable Techniques for Data Communication“. A Mileva, P RM Inácio, S Bouyuklieva, N Stojkovic…. 2017. eprints.ugd.edu.mk . 0 cites. “Deviating From the Cybercriminal Script: Exploring Tools of Anonymity (Mis) Used by Carders on Cryptomarkets“. GJ van Hardeveld, C Webber…. 2017. journals.sagepub.com American Behavioral …. 0 cites. “Digital Currencies: Unlocking the Secrets of Crypto-Currencies“. D Peterson. 2017. books.google.com . 0 cites. “Digital Currency: Risks, Rewards and Investigative Techniques“. P Kraus. 2017. search.proquest.com . 0 cites. “Digital Forensic Implications of Collusion Attacks on the Lightning Network“. D Piatkivskyi, S Axelsson, M Nowostawski. 2017. Springer … on Digital Forensics. 0 cites. “Digital forensics: The smart person’s guide“. D Patterson. 0. tngconsultores.com. 0 cites. “Digital forensics: The smart person’s guide“. D Patterson. 0. tngconsultores.com. 0 cites. “Digital image integrity–a survey of protection and verification techniques“. P Korus. 2017. Elsevier Digital Signal Processing. 0 cites. “Digital Watermarking of Non-media data stream (applications)“. A Soltani Panah. 2017. researchbank.rmit.edu.au . 0 cites. “Digital Witness and Privacy in IoT: Anonymous Witnessing Approach“. A Nieto, R Rios, J Lopez. 2017. ieeexplore.ieee.org Trustcom/BigDataSE/ICESS, 2017 …. 0 cites. “Digitaler Tatort, Sicherung und Verfolgung digitaler Spuren“. D Pawlaszczyk. 2017. Springer Forensik in der digitalen Welt: Moderne Methoden der …. 0 cites. “Distributed Configuration, Authorization and Management in the Cloud-Based Internet of Things“. M Henze, B Wolters, R Matzutt…. 2017. ieeexplore.ieee.org … /ICESS, 2017 IEEE. 0 cites. “Do vouchers make a difference? A study of vouchers for improving organizational capabilities in firms“. E Magro. 2016. delegia.com EU-SPRI CONFERENCE LUND 2016. 0 cites. “Don’t Dirty Green!“. R Suryaprakash. 2017. qrius.com Science. 0 cites. “ED TECH TRENDS TO WATCH“. HOWABR LED. 0. pdf.101com.com. 0 cites. “Efficient private subset computation“. J Dou, L Gong, S Li, L Ma. 2016. Wiley Online Library Security and Communication …. 0 cites. “Electronic finance–recent developments“. K Dandapani, K Dandapani. 2017. emeraldinsight.com Managerial Finance. 0 cites. “Emergence of Fintech and cybersecurity in a global financial centre: Strategic approach by a regulator“. AW Ng, AW Ng, BKB Kwok…. 2017. emeraldinsight.com Journal of Financial …. 0 cites. “Encyclopedia of Cyber Warfare“. PJ Springer. 2017. books.google.com . 0 cites. “Energy-Efficient Distance-Bounding with Residual Charge Computation“. Y Zhuang, A Yang, GP Hancke…. 2017. ieeexplore.ieee.org IEEE Transactions on …. 0 cites. “Enhancing Breeder Document Long-Term Security Using Blockchain Technology“. N Buchmann, C Rathgeb, H Baier…. 2017. ieeexplore.ieee.org … ), 2017 IEEE 41st …. 0 cites. “Enhancing National Cybersecurity: The Current and Future States of Cybersecurity in the Digital Economy“. T Patterson, E Liebig, R Sapp, B Searcy, D Desai…. 0. nist.gov. 0 cites. “Establishing Governance for Hybrid Cloud and the Internet of Things“. M Wolfe. 2016. books.google.com Handbook of Research on End-to-End Cloud …. 0 cites. “Europe and MENA Cooperation Advances in Information and Communication Technologies“. Á Rocha, M Serrhini, C Felgueiras. 2017. Springer . 0 cites. “Evolution of bitcoin and security risk in bitcoin wallets“. PK Kaushal, A Bagga, R Sobti. 2017. ieeexplore.ieee.org … and Electronics (Comptelix) …. 0 cites. “Examining the forensic artifacts produced by use of bitcoin currency“. LD Jones. 2014. search.proquest.com . 0 cites. “Exploring the Essence of Records Management, Engaging with Experts: Proceedings“. R Barry. 2007. emeraldinsight.com Records Management Journal. 0 cites. “FBI DIRECTOR COMEY NOT QUALIFIED TO DECIDE ON HILLARY EMAILGATE-REWROTE LAW“. U CONFLICT, HISM CLINTON. 0. fbcoverup.com. 0 cites. “FDA News“. PR Newswire. 0. fda.ulitzer.com. 0 cites. “Financial Stability Governance Today: A Job Half Done“. A Large. 0. group30.org. 0 cites. “Forenzní analýza sítě Bitcoin“. PBT DROZDA, V VESELÝ. 2016. itspy.cz . 0 cites. “Four tips for effective software testing“. RF Goldsmith. 0. tngconsultores.com. 0 cites. “From show on blog page“. S Milan, E Treré. 0. data-activism.net. 0 cites. “From SMOG to Fog: A security perspective“. R Rios, R Roman, JA Onieva…. 2017. ieeexplore.ieee.org Fog and Mobile Edge …. 0 cites. “GI-Dagstuhl Seminar 16353 on Aware Machine to Machine Communication“. M Arumaithurai, S Sigg, X Wang. 0. dagstuhl.de. 0 cites. “Governing eMoney: On Bitcoin & Global Governance“. DAL Pope, R Marlin-Bennett. 2016. academia.edu . 0 cites. “Government Activities to Detect, Deter and Disrupt Threats Enumerating from the Dark Web“. NV Denic. 2017. dtic.mil . 0 cites. “Government News“. A This. 0. gov.ulitzer.com. 0 cites. “Graph Analytics for Real-Time Scoring of Cross-Channel Transactional Fraud“. I Molloy, S Chari, U Finkler, M Wiggerman…. 2016. Springer … Conference on Financial …. 0 cites. “Graph Analytics for Real-Time Scoring of Cross-Channel Transactional Fraud“. C Jonker, T Habeck, Y Park, F Jordens…. 0. books.google.com … Cryptography and Data …. 0 cites. “Graph-based forensic investigation of Bitcoin transactions“. C Zhao. 2014. lib.dr.iastate.edu . 0 cites. “Heritage. exe. The current state and future of Norwegian software preservation-mapping the challenges of preserving locally executable digital artifacts and the …“. TB Madsen. 2016. dspace.uib.no . 0 cites. “Himachal Pradesh, growing to prosper“. PS Vyas. 2017. qrius.com Science. 0 cites. “Hitching Healthcare to the Chain: An Introduction to Blockchain Technology in the Healthcare Sector“. MA Engelhardt. 2017. timreview.ca Technology Innovation Management Review. 0 cites. “How Sensitive Is Genetic Data?“. M Sariyar, S Suhr, I Schlünder. 2017. online.liebertpub.com Biopreservation and …. 0 cites. “HPCC-SmartCity-DSS 2016“. X Ling, J Yang, D Wang, J Chen, L Li. 0. ieeexplore.ieee.org. 0 cites. “Human Capital and Assets in the Networked World“. M Russ. 2017. emeraldinsight.com . 0 cites. “ICIOT 2017“. M Hossain, R Hasan. 0. ieeexplore.ieee.org. 0 cites. “Identifying and analyzing digital payment flows regarding illegal purposes on the Internet: I samarbete med CGI och Finanskoalitionen“. C Berggren, J Asplund. 2016. diva-portal.org . 0 cites. “IEEE CCEM 2016 Program Details“. P Chelliah, A Mangalvedkar. 0. ieeexplore.ieee.org. 0 cites. “II. Cyber-OC in the Netherlands“. G Odinot, MA Verhoeven, RLD Pool…. 0. researchgate.net Cyber-OC–Scope and …. 0 cites. “Impact of Technology Innovation: A Study on Cloud Risk Mitigation“. N Suresh, M Gupta. 2017. books.google.com Information Technology Risk Management …. 0 cites. “Incentive Compatibility of Pay Per Last N Shares in Bitcoin Mining Pools“. Y Zolotavkin, J García, C Rudolph. 2017. Springer … on Decision and Game Theory for …. 0 cites. “Indian export competitiveness and performance: A long story“. A Kulkarni. 2017. qrius.com Science. 0 cites. “Indiana Journal of Law and Social Equality“. M Selmi. 2014. scholarship.law.gwu.edu . 0 cites. “Information Security and Privacy: 21st Australasian Conference, ACISP 2016, Melbourne, VIC, Australia, July 4-6, 2016, Proceedings“. JK Liu, R Steinfeld. 2016. books.google.com . 0 cites. “Infrastructure 2.0 Journal“. M Kim, DS Meliksetian, C Malone. 0. infrastructure20.ulitzer.com. 0 cites. “Intellectual Property in Silicon Valley“. PR Newswire. 0. ip.ulitzer.com. 0 cites. “Internet Voting Using Zcash“. P Tarasov, H Tewari. 0. allquantor.at. 0 cites. “Introduzione Agli Smart Contract (Introduction to Smart Contract)“. ML Perugini, P Dal Checco. 2015. papers.ssrn.com . 0 cites. “Investigation of Cryptocurrency Wallets on iOS and Android Mobile Devices for Potential Forensic Artifacts“. A Montanez. 2014. marshall.edu . 0 cites. “IoT based smart home: Security challenges, security requirements and solutions“. W Ali, G Dustgeer, M Awais…. 2017. ieeexplore.ieee.org … and Computing (ICAC) …. 0 cites. “iPad on Ulitzer“. PR Newswire. 0. ipad.ulitzer.com. 0 cites. “Islamic State of Iraq and Syria Revenue Sources and Countermeasures With a Specific Look at Cryptocurrency Use“. DM Haines. 2017. search.proquest.com . 0 cites. “It’s the Cyber Crime and Its Sponsors (Not My Cyber-Security), Stupid“. D Lawrence, F Townsend, T Murphy, D Garrie…. 2016. HeinOnline JL & Cyber …. 0 cites. “JOnline: Dealing With Computer Fraud“. C Filip Van Hallewijn, A CISM. 0. m.isaca.org. 0 cites. “JOURNAL OF LAW AND CYBER WARFARE“. S Comment. 0. jlcw.org. 0 cites. “Juridische beroepen in de toekomst“. MJ ter Voert, M Beenakkers. 0. researchgate.net. 0 cites. “Komparace právních podmínek užití kryptoměn ve Švýcarsku, Spojených státech amerických a Japonsku“. A Yakimenka. 2017. dspace.cuni.cz . 0 cites. “LAWNEWS“. J Ting-Edwards. 0. c-justice.com. 0 cites. “LE TRAFIC ILLICITE DE TABAC SUR LES CRYPTOMARCHÉS“. D Décary-Hétu, V Mousseau, I Rguioui. 2017. daviddhetu.openum.ca . 0 cites. “Learning Python for Forensics“. P Miller, C Bryce. 2016. books.google.com . 0 cites. “Legal Risks of Owning Cryptocurrencies“. K Low, EGS Teo. 2016. papers.ssrn.com . 0 cites. “LegalTech on the Rise: Technology Changes Legal Work Behaviours, But Does Not Replace Its Profession“. MM Bues, E Matthaei. 2017. Springer Liquid Legal. 0 cites. “Long term data storage using peer-to-peer technology“. PN Meessen, A de Vries. 2017. ru.nl . 0 cites. “Managing electronic records across organizational boundaries: The experience of the Belgian federal government in automating investigation processes“. L Maroye, L Maroye, S van Hooland…. 2017. emeraldinsight.com Records …. 0 cites. “Matrix Accounting Illustrated: Contribution Margin“. M Hughes. 2016. Wiley Online Library Journal of Corporate Accounting & Finance. 0 cites. “MedRec: blockchain for medical data access, permission management and trend analysis“. AC Ekblaw. 2017. dspace.mit.edu . 0 cites. “Memory Forensics and Bitcoin mining malware“. P Dimotikalis. 2016. repository.ihu.edu.gr . 0 cites. “Mentoring in Cyber Education: Capture-the-Flag Exercises to Promote Good Cyber Hygiene in Disadvantaged Populations“. R Thomson. 0. westpoint.edu. 0 cites. “Method and apparatus for protecting digital photos from alteration“. N Powers, TM Fortuna, P Kocsis. 2016. Google Patents US Patent App. 15/260,074. 0 cites. “MMTC Communications-Frontiers“. A Costanzo, V Loscrì, S Costanzo. 0. mmc.committees.comsoc.org. 0 cites. “Mobile security technology“. US Patent App. 14/476,629. 2014. Google Patents. 0 cites. “Mobile security technology“. US Patent App. 14/686,069. 2015. Google Patents. 0 cites. “Money for Nothing and Bits for Free: The Geographies of Bitcoin“. A Pel. 2015. tspace.library.utoronto.ca . 0 cites. “MỘT SỐ GIẢI PHÁP VỀ PHÁT TRIỂN NGUỒN NHÂN LỰC CÔNG NGHỆ THÔNG TIN TẠI VIỆT NAM.“. G Trần Thu. 2017. data.uet.vnu.edu.vn . 0 cites. “Moving One Step Ahead of the 90’s Job Options“. RN Ahsan, A Chatterjee. 2017. qrius.com Science. 0 cites. “Neuerwerbungen im Dezember 2016“. A von Fürstenberg, CP Müller…. 2016. ub.uni-heidelberg.de Ann Arbor: University of …. 0 cites. “NIZKCTF: A Non-Interactive Zero-Knowledge Capture the Flag Platform“. P Matias, P Barbosa, T Cardoso, D Mariano…. 2017. arxiv.org arXiv preprint arXiv …. 0 cites. “NUS Hackers“. IHA Git. 0. nushackers.org. 0 cites. “O novo eo atual na Arquivística internacional: a desmaterialização, a interoperabilidade, a organização eo uso da informação em evidência (2011-2016)“. MC Freitas, CG Silva. 2016. bad.pt Actas do Encontro Nacional de Arquivos Municipais. 0 cites. “Online Anonymization Relating to Cyber Attacks“. J Cornwell. 2017. search.proquest.com . 0 cites. “Organised Cybercrime in the Netherlands“. G Odinot, MA Verhoeven, RLD Pool, CJ de Poot. 0. wodc.nl. 0 cites. “OSC Staff Notice 33-748-Annual Summary Report for Dealers, Advisers and Investment Fund Managers“. Ontario Securities Commission. 2017. osc.gov.on.ca Update. 0 cites. “Overview and Comparison of P2P File Synchronization and Storage Solutions“. J Fröhlich, S Ruesch. 2015. csg.uzh.ch Communication Systems VIII. 0 cites. “Peer-to-Peer Location-Based Services based on Blockchain and Web Technologies“. G Brambilla. 2017. dspace-unipr.cineca.it . 0 cites. “Periyar Journal of Research in Business and Development Studies“. S Chhabra, N Gangwar, AB Singhal, F Fatima…. 0. pmccdelhi.com. 0 cites. “Periyar Journal of Research in Business and Development Studies“. S Singh. 0. pmccdelhi.com. 0 cites. “Personal control of privacy and data: Estonian experience“. J Priisalu, R Ottis. 2017. Springer Health and Technology. 0 cites. “Pharmaceutical News on Ulitzer“. PR Newswire. 0. pharmaceuticals.ulitzer.com. 0 cites. “Pluralism and Economics Today: Understanding the ISIPE Rebellion“. A Baksy. 2017. qrius.com Science. 0 cites. “Policing af kryptomarkeder“. J Demant, R Munksgaard. 2017. justitsministeriet.dk . 0 cites. “Predictive Computing and Information Security“. PK Gupta, V Tyagi, SK Singh. 2017. Springer . 0 cites. “Predictive Computing and Information Security: A Technical Review“. PK Gupta, V Tyagi, SK Singh. 2017. Springer Predictive Computing and Information …. 0 cites. “Privacy in the Smart City–Applications, Technologies, Challenges and Solutions“. D Eckhoff, I Wagner. 2017. ieeexplore.ieee.org IEEE Communications Surveys & …. 0 cites. “Privacy Verification Chains for IoT“. N Foukia, D Billard, E Solana. 2017. Springer International Conference on Network and …. 0 cites. “Privacy‐preserving smart data storage for financial industry in cloud computing“. M Qiu, K Gai, H Zhao, M Liu. 0. Wiley Online Library Concurrency and Computation: Practice …. 0 cites. “Process memory investigation of the Bitcoin Clients Electrum and Bitcoin Core“. L van der Horst, KKR Choo, NA Le-Khac. 2017. ieeexplore.ieee.org IEEE Access. 0 cites. “Prof J Maiti Head, I&SE“. PP Chakrabarti, IIT Director. 0. iem.iitkgp.ernet.in. 0 cites. “Protecting Data Privacy in the Presence of Data Provenance“. P Kianmajd. 2017. search.proquest.com . 0 cites. “Provenance threat modeling“. O Hambolu, L Yu, J Oakley, RR Brooks…. 2016. ieeexplore.ieee.org Privacy, Security and …. 0 cites. “Public Evidence from Secret Ballots“. J Benaloh, M Bernhard, JA Halderman…. 2017. arxiv.org arXiv preprint arXiv …. 0 cites. “Quick Start“. MTWT Friday. 2016. wp.df.uba.ar . 0 cites. “Ransomware 7 and cryptocurrency“. GJ Ahn, A Doupe, Z Zhao, K Liao. 2016. books.google.com Cybercrime Through an …. 0 cites. “Rarity trading legacy protection and digital convergence platform“. MM Saigh, X Zhang. 2016. Google Patents US Patent App. 15/072,911. 0 cites. “Rational mining on bitcoin“. S Pachal. 2017. library.isical.ac.in . 0 cites. “Rational Whistle Blower Prototypes Buch 1 Grundlagen, Ergebnisse und Literatur“. G Förster. 2016. integrity-art.de . 0 cites. “Read The Manual“. M Faou, JI Boutin. 2017. welivesecurity.com . 0 cites. “RECALIBRATING LAW ENFORCEMENT TO KEEP PACE WITH NEW TECHNOLOGIES AND FORMS OF CRIME“. MM Oberoi. 0. idsa.in SECURING CYBERSPACE. 0 cites. “Recent Trends in Information and Communication Technology: Proceedings of the 2nd International Conference of Reliable Information and Communication …“. F Saeed, N Gazem, S Patnaik, ASS Balaid…. 2017. books.google.com . 0 cites. “Recognition of Traffic Sign Based on Bag-of-Words and Artificial Neural Network“. KT Islam, RG Raj, G Mujtaba. 2017. mdpi.com Symmetry. 0 cites. “Reflections on the REST architectural style and principled design of the modern web architecture (impact paper award)“. RT Fielding, RN Taylor, JR Erenkrantz…. 2017. dl.acm.org Proceedings of the …. 0 cites. “Reflections upon periclitations in privacy: perspectives from Rwanda’s digital transformation“. JP Nsengimana. 2017. Springer Health and Technology. 0 cites. “Regulation based switching system for electronic message routing“. J Crabtree, A Sellers, J Uchiyama. 2017. Google Patents US Patent App. 15/489,716. 0 cites. “Report from GI-Dagstuhl Seminar 16394: Software Performance Engineering in the DevOps World“. A van Hoorn, P Jamshidi, P Leitner, I Weber. 2017. arxiv.org arXiv preprint arXiv …. 0 cites. “Report of the second expert group meeting on opportunities and risks associated with the advent of digital currency in the Caribbean“. NU CEPAL. 2015. repositorio.cepal.org . 0 cites. “Requisitos y soluciones de privacidad para la testificacion digital“. A Nieto, R Rios. 0. nics.uma.es. 0 cites. “Research Challenges in Financial Data Modeling and Analysis“. L Alexander, SR Das, Z Ives, HV Jagadish…. 2017. online.liebertpub.com Big …. 0 cites. “Research Specialties“. T MOORE. 2016. tylermoore.ens.utulsa.edu Computing. 0 cites. “Retrofit Device And Method Of Retrofitting A Flow Meter“. D Mackie, S Grefen, CJ Boelter…. 2017. Google Patents US Patent App. 15 …. 0 cites. “REXIT: What It Brings to Light About Term Length“. B Pratap. 2017. qrius.com Science. 0 cites. “Schöne neue Verbraucherwelt?“. C Bala, W Schuldzinski. 0. projekte.meine-verbraucherzentrale …. 0 cites. “Searchain: Blockchain-based private keyword search in decentralized storage“. P Jiang, F Guo, K Liang, J Lai, Q Wen. 2017. Elsevier Future Generation Computer …. 0 cites. “Section 75 and credit cards: misconceived interpretation?“. J Mukwiri. 2005. emeraldinsight.com Journal of Financial Regulation and Compliance. 0 cites. “Secure lightweight context-driven data logging for bodyworn sensing devices“. M Siddiqi, ST All, V Sivaraman. 2017. ieeexplore.ieee.org … Forensic and Security (ISDFS) …. 0 cites. “Securing Fog Computing for Internet of Things Applications: Challenges and Solutions“. J Ni, K Zhang, X Lin, X Shen. 2017. ieeexplore.ieee.org IEEE Communications Surveys & …. 0 cites. “Securing the Assets of Decentralized Applications using Financial Derivatives}}“. G Bissias, BN Levine, N Kapadia, AP Ozisik…. 0. people.cs.umass.edu Elsevier Child Abuse …. 0 cites. “Security Enhancement of Digital Watermarking“. MA Nematollahi, C Vorakulpipat, HG Rosales. 2017. Springer Digital Watermarking. 0 cites. “Security Hands-On-Training–Part 6–Final“. L Rocha, I Handling. 0. countuponsecurity.com. 0 cites. “SEEKING PAPERS ON COMPUTATIONAL SOCIAL SYSTEMS“. SD Computing, S Computing. 0. ieeexplore.ieee.org. 0 cites. “Self-reported Verifiable Reputation with Rater Privacy“. R Bazin, A Schaub, O Hasan, L Brunie. 2017. Springer IFIP International Conference on …. 0 cites. “Share and Share Alike: The challenges from social media for Intellectual Property Rights“. D Collopy. 2017. uhra.herts.ac.uk . 0 cites. “Small scale denial of service attacks“. V Bukač. 0. is.muni.cz. 0 cites. “Smart Contracts: A Preliminary Evaluation“. ML Perugini, P Dal Checco. 2015. papers.ssrn.com . 0 cites. “Snap forensics: a tradeoff between ephemeral intelligence and persistent evidence collection“. Y Yu, T Tun. 2017. oro.open.ac.uk . 0 cites. “Social, Cultural, and Behavioral Modeling“. D Lee, YR Lin, N Osgood, R Thomson. 0. Springer. 0 cites. “Social, Cultural, and Behavioral Modeling: 10th International Conference, SBP-BRiMS 2017, Washington, DC, USA, July 5-8, 2017, Proceedings“. D Lee, N Osgood, YR Lin, R Thomson. 2017. books.google.com . 0 cites. “Sparse Encoded Matrix based Steganography algorithm“. V Shah. 2017. irjet.net . 0 cites. “Sticky policies approach within cloud computing“. G Spyra, WJ Buchanan, E Ekonomou. 2017. Elsevier Computers & Security. 0 cites. “Students Link Brains to Fire Video Game Cannon“. J DORRIER. 0. losnuevosguerreros.org. 0 cites. “Studi atas Pemanfaatan Blockchain bagi Internet of Things (IoT)“. L Arief, TA Sundara. 2017. jurnal.iaii.or.id Jurnal RESTI (Rekayasa Sistem dan Teknologi …. 0 cites. “Supporting users to take informed decisions on privacy settings of personal devices“. I Torre, OR Sanchez, F Koceva, G Adorni. 2017. Springer Personal and Ubiquitous …. 0 cites. “Systemic banking crises: completing the enhanced policy responses“. O Frecaut, O Frecaut. 2017. emeraldinsight.com Journal of Financial Regulation and …. 0 cites. “Tails Linux Operating System: Remaining Anonymous with the Assistance of an Incognito System in Times of High Surveillance“. M Dawson, JA Cárdenas-Haro. 2017. igi-global.com … and the Internet of Things (IJHIoT). 0 cites. “Tamper-Resistant Mobile Health Using Blockchain Technology“. D Ichikawa, M Kashiyama, T Ueno. 2017. ncbi.nlm.nih.gov JMIR mHealth and uHealth. 0 cites. “TCCN Newsletter“. M Yannuzzi, R Milito, R Serral-Gracià, D Montero…. 0. cn.committees.comsoc.org. 0 cites. “Technologien, Forschungsfragen und Anwendungen“. J Schütte, G Fridgen, W Prinz, T Rose, NU FIT…. 0. aisec.fraunhofer.de. 0 cites. “TERRORIST USE OF VIRTUAL CURRENCIES“. ZK Goldman, E Maruyama, E Rosenberg, E Saravalle…. 2017. caict.ac.cn . 0 cites. “The Bitcoin Guidebook: How to Obtain, Invest, and Spend the World’s First Decentralized Cryptocurrency“. I DeMartino. 2016. books.google.com . 0 cites. “The Cyber Triad“. B Thijssen. 2016. researchgate.net . 0 cites. “The Establishment of Bitcoin“. P Hesch. 2017. dspace.allegheny.edu . 0 cites. “The Evolving Cloud“. J Weinman. 2017. ieeexplore.ieee.org IEEE Cloud Computing. 0 cites. “The global village and it’s back-breaking terrain“. JD Ostry. 2017. qrius.com Science. 0 cites. “The illicit drug trade on the dark net: Analysing the need for a new EU Framework“. Y Hassan. 2017. openaccess.leidenuniv.nl . 0 cites. “The impact of Self-Generated Images in online pornography“. A Monaghan. 2017. eprints.mdx.ac.uk . 0 cites. “The Missing Account of Progressive Corporate Criminal Law“. WS Laufer. 2017. papers.ssrn.com . 0 cites. “The New Bio-Citizen: How the Democratization of Genomics Will Transform Our Lives from Epidemics Management to the Internet of Living Things“. E Pauwels. 0. wilsoncenter.org. 0 cites. “The Nuts and Bolts of Micropayments: A Survey“. ST Ali, D Clarke, P McCorry. 2017. arxiv.org arXiv preprint arXiv:1710.02964. 0 cites. “The Programmable Economy: Envisaging an Entire Planned Economic System as a Single Computer Through Blockchain Networks“. K Hegadekatti, Y SG. 2017. papers.ssrn.com . 0 cites. “The Tor browser: A forensic investigation study“. K Keller. 2016. search.proquest.com . 0 cites. “Threshold Single Password Authentication“. D İşler, A Küpçü. 2017. Springer … Management, Cryptocurrencies and Blockchain …. 0 cites. “Towards a leaner, smarter public-sector workforce.“. A Hitchcock, K Laycock, E Sundorph. 2017. reform.uk . 0 cites. “Towards an accountable software-defined networking architecture“. BE Ujcich, A Miller, A Bates…. 2017. ieeexplore.ieee.org … (NetSoft), 2017 IEEE …. 0 cites. “Towards Efficient and Secure Encrypted Databases: Extending Message-Locked Encryption in Three-Party Model“. Y Ishihara, T Fujiwara. 2017. books.google.com … Blockchain Technology: ESORICS 2017 …. 0 cites. “Towards Efficient and Secure Encrypted Databases: Extending Message-Locked Encryption in Three-Party Model“. Y Furuta, N Yanai, M Karasaki, K Eguchi…. 2017. Springer … and Blockchain …. 0 cites. “TOWARDS ENHANCING SECURITY IN CLOUD STORAGE ENVIRONMENTS“. D Wilson. 2016. jscholarship.library.jhu.edu . 0 cites. “Trifling and Gambling with Virtual Money“. JT Holden. 2017. papers.ssrn.com . 0 cites. “Trumpeting in the New Era of a Lean Technology-Driven Financial System“. V Rule. 0. financialintergroup.com. 0 cites. “Trust Management in Fog Computing“. TS Dybedokken. 2017. brage.bibsys.no . 0 cites. “Turkish Riviera, the Turquoise Coast“. PR Newswire. 0. turkishriviera.ulitzer.com. 0 cites. “Typologies in Canadian Securities Fraud: An Impact Assessment on Investor Protection, Money Laundering and the Financing of Terrorism (AML/CFT), and Risk …“. R Ranjan. 2015. papers.ssrn.com . 0 cites. “Understanding Digital Crime, Trust, and Control in Blockchain Technologies“. JB Walton, G Dhillon. 2017. aisel.aisnet.org . 0 cites. “Unlocking Innovations and Competitive Advantage of State Bank of India“. B Jha, A Gulati, S Goyal, S Vig. 2017. strategiesinemergingmarkets.com . 0 cites. “Use of Bitcoin in Online Travel Product Shopping: The European Perspective“. D Leung, A Dickinger. 2017. Springer … and Communication Technologies in Tourism 2017. 0 cites. “Using Blockchain for Research Transparency“. K Opoku-Agyemang. 2017. osf.io . 0 cites. “Using blockchain for scientific transparency“. KA Opoku-Agyemang. 2017. papers.ssrn.com . 0 cites. “Using Markov Models and Statistics to Learn, Extract, Fuse, and Detect Patterns in Raw Data“. RR Brooks, L Yu, Y Fu, G Cordone, J Oakley…. 2017. arxiv.org arXiv preprint arXiv …. 0 cites. “Using the Blockchain to Secure Provenance Meta-Data (A CCoE Webinar Presentation)“. RR Brooks, A Skjellum. 2017. scholarworks.iu.edu . 0 cites. “Using Tor in cybersecurity investigations“. J Flanagan. 2015. search.proquest.com . 0 cites. “Vers la sécurité mobile: caractérisation des attaques et contremesures“. Y Le Traon, JY Marion, F Massacci, S Limet…. 0. tel.archives-ouvertes.fr. 0 cites. “Vers la sécurité mobile: caractérisation des attaques et contremesures“. JF Lalande. 2016. hal-univ-orleans.archives-ouvertes.fr . 0 cites. “Video Integrity through Blockchain Technology“. A Hemlin Billström, F Huss. 2017. diva-portal.org . 0 cites. “Welcome Message“. M Koscina, D Caragata, N Abdoun, S El Assady…. 0. ieeexplore.ieee.org. 0 cites. “What Are They Really Up To? Activist Social Scientists Backpedal on Conspiracy Theory Agenda, Kurtis Hagen“. L Basham. 0. social-epistemology.com. 0 cites. “WHAT MAKES A CURRENCY?–THE BITCOIN PHENOMENON“. EE LEWIS. 0. researchgate.net. 0 cites. “Why Fintech Could Lead to More Financial Crime“. C Harrington. 2017. CFA Institute CFA Institute Magazine. 0 cites. “Will Donald trump Hillary’s Climb to the Top of the Everest?“. A Kulkarni. 2017. qrius.com Science. 0 cites. “Will Organizations Emerge as “Hybrid Intelligences” from the Digital Transformation?“. W Leodolter. 2017. Springer … Transformation Shaping the Subconscious Minds of …. 0 cites. “Words to go: Data center design standards bodies“. W Enterprises. 0. tngconsultores.com. 0 cites. “Zeng Chong, Huang Song, Yang Yongming“. X Yang, D Ogawa, N Dai, TTG Hoang, X Wang, X Zhou…. 0. ieeexplore.ieee.org. 0 cites. “Zwischen Online-Streife und Online-(Raster-) Fahndung–Ein Beitrag zur Verarbeitung öffentlich zugänglicher Daten im Ermittlungsverfahren“. C Rückert. 2017. degruyter.com Zeitschrift für die gesamte Strafrechtswissenschaft. 0 cites. “比特币与法定数字货币“. 秦波. 2017. jcr.cacrnet.org.cn 密码学报. 0 cites.

1 0

Cryptocurrency: Exchange ATM LBC... - Not Money So No License Needed says US State PA
by grarpamp 23 Jan '19

23 Jan '19

https://blockmanity.com/news/pennsylvania-declares-cryptocurrency-exchanges… https://www.coindesk.com/pennsylvania-rules-that-crypto-exchanges-are-not-m… https://www.dobs.pa.gov/Documents/Securities%20Resources/MTA%20Guidance%20f… https://www.reddit.com/r/CryptoCurrency/comments/aizrd0/pennsylvania_declar…

2 1

Eustace Conway: “you are not handcuffed to your culture. You can return to the woods” [PEACE]
by Zenaan Harkness 23 Jan '19

23 Jan '19

Most have prolly seen this due to having TV, but if u ain't (and for those who don't have the box), you might enjoy, Eustace Conway is not like any man you know. He’s got perfect vision, perfect balance, perfect reflexes, and travels through life with perfect equanimity. He is smart and fearless and believes he can do anything he sets his mind to—like saving America https://www.gq.com/story/elizabeth-gilbert-gq-february-1998-last-american-m… http://turtleislandpreserve.org/about/eustace https://en.wikipedia.org/wiki/Eustace_Conway http://www.history.com/shows/mountain-men/cast/eustace-conway https://heightline.com/eustace-conway-married/

1 1

Hello World [For Brazilian Cipherpunks]
by Rodrigo Ferreira 23 Jan '19

23 Jan '19

Hello World. How are you? I would like to share with you The Cipherpunk<https://thecipherpunk.github.io/index.html>. A new digital library that brings together works by several authors. Some difficult to find, others not so much, but the main goal is to have everything in one place. To date, there are dozens of ebooks on anarcho-capitalism and crypto-coins. In the future, we intend to include works related to programming, digital security and artificial intelligence. In fact these future ebooks are already selected and stored, it remains only to add them to the site. Users may also order other works in any language, as specified on the downloads page. We will look for the work requested and will let you know when it is available. Moreover, we hope this is a useful tool. Thank you for your attention. The Cipherpunk

1 0

Jump to page: