Secure IT Systems

This book constitutes the refereed proceedings of the 29th International Conference on Secure IT Systems, NordSec 2024, held in Karlstad, Sweden, during November 67, 2024.

The 25 full papers presented in this book were carefully reviewed and selected from 59 submissions. They focus on topics such as: Authentication; Cryptography; Cyber-Physical Systems; Cybersecurity and Policy; LLMs for Security; Formal Verification; Mobile and IoT; Network Security; and Privacy.

Klappentext

NIS2 Directive in Sweden: A Report on the Readiness of Swedish Critical Infrastructure

Inhalt

.- Authentication.

.- Are Swedish Passwords Tougher Than the Rest?.

.- Towards Exploring Cross-Regional and Cross-Platform Differences in Login Throttling.

.- Cryptography.

.- Determining the A5 encryption algorithms used in 2G (GSM) networks.

.- Misbinding Raw Public Keys to Identities in TLS.

.- Small Private Exponent Attacks on Takagi Family Schemes.

.- Cyber-Physical Systems.

.- A Comparison of Deep Learning Approaches for Power-based Side-channel Attacks.

.- Binary-Level Code Injection for Automated Tool Support on the ESP32 Platform.

.- Detecting Cyber and Physical Attacks Against Mobile Robots Using Machine Learning: An Empirical Study.

.- Cybersecurity and Policy.

.- A Gamified Learning Approach for IoT Security Education using Capture-the-Flag Competitions: Architecture and Insights.

.- NIS2 Directive in Sweden: A Report on the Readiness of Swedish Critical Infrastructure.

.- The Cyber Alliance Game: How Alliances Influence Cyber-Warfare.

.- LLMs for Security.

.- Evaluating Large Language Models in Cybersecurity Knowledge with Cisco Certificates.

.- How to Train Your Llama Efficient Grammar-Based Application Fuzzing Using Large Language Models.

.- The Dual-Edged Sword of Large Language Models in Phishing.

.- Formal Verification.

.- Analysing TLS Implementations using Full-Message Symbolic Execution.

.- Formal Verification of Browser Fingerprinting and Mitigation with Inlined Reference Monitors.

.- Mobile & IoT.

.- Beware of the Rabbit Hole A Digital Forensic Case Study of DIY Drones.

.- GOTCHA: Physical Intrusion Detection with Active Acoustic Sensing using a Smart Speaker.

.- Security Analysis of Top-Ranked mHealth Fitness Apps: An Empirical Study.

.- Network Security.

.- CCKex: High Bandwidth Covert Channels over Encrypted Network Traffic.

.- Fingerprinting DNS Resolvers using Query Patterns from QNAME Minimization.

.- Formally Discovering and Reproducing Network Protocols Vulnerabilities.

.- Privacy.

.- Enhancing Noise Estimation for Statistical Disclosure Attacks using the Artificial Bee Colony Algorithm.

.- Left Alone Facing a Difficult Choice: An Expert Analysis of Websites Promoting Selected Privacy-Enhancing Technologies.

.- Optimizing Onionbalance: Improving Scalability and Security for Tor Onion Services.