Zoekresultaten

Bitcoin 2.0: Maatschappelijke implicaties

In dit artikel worden de mogelijke gevolgen belicht van de introductie van nieuwe en bestaande toepassingen van Bitcoin-technologie. De transnationale, decentrale en gedistribueerde peer-to-peer-structuur van de Bitcoin-technologie en van nieuwe toepassingen hiervan, hebben de potentie om bestaande sociale relaties en instituties te ontregelen. Het krachtenveld waarin maatschappelijke actoren staan kan hierdoor uit balans worden gebracht. De meest radicale van deze nieuwe technologieën is Ethereum. Met name het concept van de Digital Autonomous Organisation (DOA) heeft mogelijkerwijs verregaande consequenties. Ethereum is een ‘contract validating and enforcing system’, een gedistribueerd systeem dat een platform biedt voor autonome computerprogramma’s die in staat zijn om zelfstandig overeenkomsten met rechtspersonen en andere DOA’s aan te gaan en te ontbinden. Ik richt mij op de mogelijkheden van deze toepassingen als nieuwe platformen voor International Financial (Cyber) Crime.

De aard en aanpak van georganiseerde cybercrime

What was the network?

CLEMENS APPRICH, DAPHNE DRAGONA, GEERT LOVINK, AND FLORIANWÜST - CONVERSATION MODERATED BY KRISTOFFER GANSINGOn August 6, 2019, the curatorial advisors of the transmediale 2020 exhibition, ‘The Eternal Network’, gathered at the festival’s offices in Berlin for a conversation on the status of network culture and theory today. Starting from the question ‘What was the network?’, the conversation explored the multiple trajectories of networks within cybernetics, art and philosophy, also taking the limits of networks into account. This included a reconsideration of the role of alternative and critical networks in today’s widespread digitalization, with its data-centric platform economy and the techno-cultural changes wrought by artificial intelligence.

Essential requirements for securing consumer IoT devices

Embedded connected computers are installed in homes in increasing numbers in the form of consumer IoT devices. These devices are often insufficiently protected against cyberattacks. In this research report, we propose several security requirements for consumer IoT devices. These requirements are suitable for enforcement through legislation and will significantly improve consumer IoT cybersecurity when implemented.This research report, commissioned by the Dutch Radiocommunications Agency, describes a threat model and significant security problems, derived from literature research. These assisted in evaluating more than 400 security measures, after which the top measures were summarised into eight essential security requirements. These requirements are easy to implement, easy to test, unambiguous, and greatly improve the cybersecurity of the products. We recommend standardisation agencies to make these requirements mandatory for all consumer IoT devices.

Effectiveness of CTF education: Measuring the learning outcomes of Jeopardy CTF’s

Adversarial thinking is essential when dealing with cyber incidents and for finding security vulnerabilities. Capture the Flag (CTF) competitions are used all around the world to stimulate adversarial thinking. Jeopardy-style CTFs, given their challenge-and-answer based nature, are used more and more in cybersecurity education as a fun and engaging way to inspire students. Just like traditional written exams, Jeopardy-style CTFs can be used as summative assessment. Did a student provide the correct answer, yes or no. Did the participant in the CTF competition solve the challenge, yes or no. This research project provides a framework for measuring the learning outcomes of a Jeopardy-style CTF and applies this framework to two CTF events as case studies. During these case studies, participants were tested on their knowledge and skills in the field of cybersecurity and queried on their attitude towards CTF education. Results show that the main difference between traditional written exam and a Jeopardy-style CTF is the way in which questions a re formulated. CTF education is stated to be challenging and fun because questions are formulated as puzzles that need to be solved in a gamified and competitive environment. Just like traditional written exams, no additional insight into why the participant thinks the correct answer is the correct answer has been observed or if the participant really did learn anything new by participating. Given that the main difference between a traditional written exam and a Jeopardy-style CTF is the way in which questions are formulated, learning outcomes can be measured in the same way. We can ask ourselves how many participants solved which challenge and to which measurable statements about “knowledge, skill and attitude” in the field of cybersecurity each challenge is related. However, when mapping the descriptions of the quiz-questions and challenges from the two CTF events as case studies to the NICE framework on Knowledge, Skills and Abilities in cybersecurity, the NICE framework did not provide us with detailed measurable statements that could be used in education. Where the descriptions of the quiz-questions and challenges were specific, the learning outcomes of the NICE framework are only formulated in a quite general matter. Finally, some evidence for Csíkszentmihályi’s theory of Flow has been observed. Following the theory of Flow, a person can become fully immersed in performing a task, also known as “being in the zone” if the “challenge level” of the task is in line with the person’s “skill level”. The persons mental state towards a task will be different depending on the challenge level of the task and required skill level for completing it. Results show that participants state that some challenges were difficult and fun, where other challenges were easy and boring. As a result of this9 project, a guide / checklist is provided for those intending to use CTF in education.

Detection of Botnet Command and Control Traffic by the Identification of Untrusted Destinations

We present a novel anomaly-based detection approach capable of detecting botnet Command and Control traffic in an enterprise network by estimating the trustworthiness of the traffic destinations. A traffic flow is classified as anomalous if its destination identifier does not origin from: human input, prior traffic from a trusted destination, or a defined set of legitimate applications. This allows for real-time detection of diverse types of Command and Control traffic. The detection approach and its accuracy are evaluated by experiments in a controlled environment.