In this work, we present a Flow Stealing attack, where a victim’s browser is redirected during a legitimate flow. One scenario is redirecting the victim’s browser as it moves from a store to a payment provider. We discuss two attack vectors. Firstly, browsers have long admitted an attack allowing a malicious web page to detect whether the browser has visited a target web site by using CSS to st...

Causing packet loss due to attacks by malicious nodes is one of the most important problem in MANETs. There are many ways by which packet loss can occur in MANETs such as broken links, transmission errors, no route to the destination and attacks caused by malicious nodes. To determine the exact cause of packet loss in wireless network is a challenging task. In this paper, we have investigated p...

We propose an efficient two-party public key cryptosystem that is secure against adaptive chosen ciphertext attack, based on the hardness of Decision Diffie-Hellman (DDH). Specifically, we show that the two parties together can decrypt ciphertexts, but neither can alone. Our system is based on the Cramer-Shoup cryptosystem. Previous results on efficient threshold cryptosystems secure against ad...

We present the first measurement study of JoinMarket, a growing marketplace for more anonymous transfers in the Bitcoin ecosystem. Our study reveals that this market is funded with multiple thousand bitcoins and generated a turnover of almost 8 million USD over the course of eight months. Assessing the resilience of the market against a wellfunded attacker, we discover that in a typical scenari...

Nowadays, security has become an important issue for network-based applications. The spreading of networks and increasing of their complexity has complicated the task of security analysis, therefore automatic approaches have received more attention recently. This paper proposes a novel and general framework to analyze network vulnerabilities. The vulnerabilities can be modelled as precondition ...

Elliptic curve cryptography is today the prevailing approach to get efficient public-key cryptosystems and digital signatures. Most of elliptic curve signature schemes use a nonce in the computation of each signature and the knowledge of this nonce is sufficient to fully recover the secret key of the scheme. Even a few bits of the nonce over several signatures allow a complete break of the sche...

Mobile Ad Hoc Network (MANET) is a mobile distributed wireless networks. In MANET each node are self capable that support routing functionality in an ad hoc scenario, forwarding of data or exchange of topology information using wireless communications. These characteristic specifies a better scalability of network. But this advantage leads to the scope of security compromising. One of the easy ...

Evaluating the side-channel attacks (SCAs) resilience of a crypto device is important and necessary. The SCAs-secure evaluation criteria includes the information theoretic metric and the security metric. The former metric measures the leakage amount of a crypto device. It should be independent with the evaluator. However, the current metrics, e.g. mutual information (MI), conditional entropy an...

We present the first measurement study of JoinMarket, a growing marketplace for more anonymous transfers in the Bitcoin ecosystem. Our study reveals that this market is funded with multiple thousand bitcoins and generated a turnover of almost 29.5 million USD over the course of 13 months. Assessing the resilience of the market against a well-funded attacker, we discover that in a typical scenar...

Side-channel attacks are a serious threat to security-critical software. OpenSSL is a prime security attack target due to the library’s ubiquitous real world applications, therefore, the history of cache-timing attacks against OpenSSL is varied and rich. The presentation includes a brief history of cache-timing attacks in OpenSSL. To mitigate remote timing and cache-timing attacks, many ubiquit...