Julio Hernandez-Castro

• Professor
• Titular de Universidad at Universidad Politécnica de Madrid

We present in this work an economic analysis of ransomware, with relevant data from Cryptolocker, CryptoWall, TeslaCrypt and other major strands. We include a detailed study of the impact that different price discrimination strategies can have on the success of a ransomware family, examining uniform pricing, optimal price discrimination and bargain...

This article introduces prudent engineering practices and offers recommendations to follow, together with typical mistakes to avoid, when designing new ultralightweight authentication protocols. This work can help, as a sanity check, designers of RFID, NFC and sensor networks based security solutions to improve the security, reliability and longevi...

Steganography is the art and science of concealing information in such a way that only the sender and intended recipient of a message should be aware of its presence. Digital steganography has been used in the past on a variety of media including executable files, audio, text, games and, notably, images. There is increasing research interest toward...

It has now become common for people accused of computer crime to claim that the responsibility lies with malware placed on their machine without their knowledge. This so called Trojan Horse Defence was first used a decade ago. In this article, we undertake a timely retrospective with an in-depth and critical literature review plus a detailed look a...

The double-edged sword of continuous digitization of services and systems opens the door to a myriad of beneficial opportunities, as well as challenging threats. Currently, ransomware is catalogued as the first threat in cybersecurity due to its impact on organizations, critical infrastructure, industry, and society as a whole. Thus, devoting effor...

As the name implies, dark web markets—also commonly known as anonymous markets—have put in place measures for protecting the privacy of its users, both sellers and buyers, as this is a key priority that can attract users worldwide. With the rapid growth of dark web markets, competition among them has become more intense. In this environment, malici...

Web services play an important role in our daily lives. They are used in a wide range of activities, from online banking and shopping to education, entertainment and social interactions. Therefore, it is essential to ensure that they are kept as secure as possible. However – as is the case with any complex software system – creating a sophisticated...

As the name implies, dark web markets – also commonly known as anonymous markets – have put in place measures for protecting the privacy of its users, both sellers and buyers, as this is a key priority that can attract users worldwide. With the rapid growth of dark web markets, competition between them has become more intense. In this environment,...

The financial sector has suffered a groundbreaking transformation with the advent of cryptocurrencies, shifting from centralised to decentralised schemes. Hardware wallets play an essential role in storing cryptocurrencies securely. However, these electronic devices generally have limited resources that open the door to attacks. In this article, we...

The fast pace of blockchain technology and cryptocurrencies’ evolution makes people vulnerable to financial fraud and provides a relatively straightforward monetisation mechanism for cybercriminals, in particular ransomware groups which exploit crypto’s pseudo-anonymity properties. At the same time, regulatory efforts for addressing crimes related...

Consensus algorithms facilitate agreement on and resolution of blockchain functions, such as smart contracts and transactions. Ethereum uses a Proof-of-Stake (PoS) consensus mechanism, which depends on financial incentives to ensure that validators perform certain duties and do not act maliciously. Should a validator attempt to defraud the system,...

Random numbers play a key role in a wide variety of applications, ranging from mathematical simulation to cryptography. Generating random or pseudo-random numbers is not an easy task, especially when hardware, time and energy constraints are considered. In order to assess whether generators behave in a random fashion, there are several statistical...

In this paper we propose a new measure of the sensitivity of a statistical test . This can be applied to any of the common statistical batteries (NIST SP 800-22, Dieharder, TestU01, ENT, all FIPS versions, etc.) We will validate its use with the FIPS 140-2 battery. In addition, we will apply this new measure to other statistical tests, including te...

Ransomware remains one of the most prevalent cyberthreats to individuals and businesses alike. Psychological techniques are often employed by attackers when infecting victims’ devices with ransomware, in an attempt to increase the likelihood of the victims paying the ransom demand. At the same time, cybersecurity researchers are continually putting...

Most proposals in the anomaly detection field focus exclusively on the detection stage, specially in the recent deep learning approaches. While providing highly accurate predictions, these models often lack transparency, acting as "black boxes". This criticism has grown to the point that explanation is now considered very relevant in terms of accep...

A distributed consensus algorithm is at the core of what makes cryptocurrencies a decentralised ledger; they are the tools that facilitate the agreement between millions of users worldwide on what the playing rules are going to be, as well as the punishments and rewards for (dis)obeying them. The first cryptocurrency, Bitcoin, popularised proof-of-...

One of the fundamental aspects when working with batteries of statistic tests is that they should be as efficient as possible, i.e. that they should check the properties and do so in a reasonable computational time. This assumes that there are no tests that are checking the same properties, i.e. that they are not correlated. One of the most commonl...

Due to steady improvements in defensive systems, malware developers are turning their attention to mechanisms for cloaking attacks as long as possible. A recent trend exploits techniques like Invoke-PSImage, which allows embedding a malicious script within an innocent-looking image, for example, to smuggle data into compromised devices. To address...

This work presents an analysis of the existing dependencies between the tests of the FIPS 140-2 battery. Two main analytical approaches are utilized, the first being a study of correlations through the Pearson’s correlation coefficient that detects linear dependencies, and the second one being a novel application of the mutual information measure t...

Featured Application The ENT battery presents vulnerabilities that will be shown in this work. The scope of this work is important because, in the light of the results obtained, the design of the battery tests should be reconsidered for its more effective use. Abstract Randomness testing is a key tool to analyse the quality of true (physical) rand...

Purpose Ransomware is a relatively new form of financial extortion that is proving a major cyber-security threat to individuals and organisations. This study aims to investigate factors that may influence an individual's willingness to engage in a ransom payment. Design/methodology/approach This study ran a large survey ( n = 1,798) on a represent...

This chapter provides a general overview of AI methods used to support the design of cryptographic primitives and protocols. After giving a brief introduction to the basic concepts underlying the field of cryptography, we review the most researched use cases concerning the use of AI techniques and models to design cryptographic primitives, focusing...

The increasing dominance of Android smartphones for everyday communication and data processing makes long-term stealthy malware an even more dangerous threat. Recent malware campaigns like Flubot demonstrate that by employing stealthy malware techniques even at minimal capacity, malware is highly effective in making its way to millions of devices w...

The security of financial apps on smartphones is threatened by a class of advanced and persistent malware that can bypass all existing security measures. Strong cryptography and trusted on-chip hardware modules are powerless against sophisticated attacks that supplant device owners through device input record/replay functionality, effectively hijac...

Ransomware (malware that threatens to lock or publish victims’ assets unless a ransom is paid) has become a serious security threat, targeting individual users, companies and even governments, causing significant damage, disruption and cost. Instances of ransomware have also been observed stealing private data and blackmailing their victims. Worryi...

Ransomware is a type of malicious software that locks out its victim from accessing functionality or data on their device, typically by encrypting files. To regain access, victims would typically need to make a ransom payment. Victims get notified that their device has been infected through a ransom note (splash screen) displayed on their device. R...

Ransomware is a type of malware that locks out its victim’s access to their device or data – typically by encrypting files – and demands payment in exchange of restoring access. To fight the increasing threat posed by ransomware, security researchers and practitioners have developed decryption tools. These tools aim to help victims in recovering th...

A crucial technical challenge for cybercriminals is to keep control over the potentially millions of infected devices that build up their botnets, without compromising the robustness of their attacks. A single, fixed C&C server, for example, can be trivially detected either by binary or traffic analysis and immediately sink-holed or taken-down by s...

Digital investigations of stealthy attacks on Android devices pose particular challenges to incident responders. Whereas consequential late detection demands accurate and comprehensive forensic timelines to reconstruct all malicious activities, reduced forensic footprints with minimal malware involvement, such as when Living-Off-the-Land (LOtL) tac...

Attackers regularly target Android phones and come up with new ways to bypass detection mechanisms to achieve long-term stealth on a victim’s phone. One way attackers do this is by leveraging critical benign app functionality to carry out specific attacks. In this paper, we present a novel generalised framework, JIT-MF ( Just-in-time Memory Forensi...

The Internet of Things (IoT) is a rapidly growing collection of “smart” devices capable of communicating over the Internet. Being connected to the Internet brings new features and convenience, but it also poses new security threats, such as IoT malware. IoT malware has shown similar growth, making IoT devices highly vulnerable to remote compromise....

This chapter focuses on the testing and certification of Random Number Generators (RNG). Statistical testing is required to identify whether sequences produced by RNG demonstrate non-random characteristics. These can include structures within their output, repetition of sequences, and any other form of predictability. Certification of computer secu...

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and softwa...

The frequent use of basic statistical techniques to detect ransomware is a popular and intuitive strategy; statistical tests can be used to identify randomness, which in turn can indicate the presence of encryption and, by extension, a ransomware attack. However, common file formats such as images and compressed data can look random from the perspe...

Android accessibility features include a robust set of tools allowing developers to create apps for assisting people with disabilities. Unfortunately, this useful set of tools can also be abused and turned into an attack vector, providing malware with the ability to interact and read content from third-party apps. In this work, we are the first to...

Internet of Things (IoT) devices are used in many facets of modern life, from smart homes to smart cities, including Internet-enabled healthcare systems and industrial control systems. The prevalence and ubiquity of IoT devices makes them extremely attractive targets for malicious actors, in particular for taking control of vulnerable devices and d...

A crucial technical challenge for cybercriminals is to keep control over the potentially millions of infected devices that build up their botnets, without compromising the robustness of their attacks. A single, fixed C&C server, for example, can be trivially detected either by binary or traffic analysis and immediately sink-holed or taken-down by s...

Random numbers are essential for cryptography and scientific simulation. Generating truly random numbers for cryptography can be a slow and expensive process. Quantum physics offers a variety of promising solutions to this challenge, proposing sources of entropy that may be genuinely unpredictable, based on the inherent randomness of certain physic...

Random number generation is critical to many applications. Gaming, gambling, and particularly cryptography all require random numbers that are uniform and unpredictable. For testing whether supposedly random sources feature particular characteristics commonly found in random sequences, batteries of statistical tests are used. These are fundamental...

Finding optimal adversarial dynamics between defenders and attackers in large network systems is a complex problem one can approach from several perspectives. The results obtained are often not satisfactory since they either concentrate on only one party or run very simplified scenarios that are hard to correlate with realistic settings. To truly f...

We present in this work an economic analysis of ransomware, a relatively new form of cyber-enabled extortion. We look at how the illegal gains of the criminals will depend on the strategies they use, examining uniform pricing and price discrimination. We also explore the welfare costs to society of such strategies. In addition, we present the resul...

Ransomware is a type of malware which restricts access to a victim’s computing resources and demands a ransom in order to restore access. This is a continually growing and costly threat across the globe, therefore efforts have been made both in academia and industry to develop techniques that can help to detect and recover from ransomware attacks....

Ransomware is a type of malware that encrypts files and demands a ransom from victims. It can be viewed as a form of kidnapping in which the criminal takes control of the victim’s files with the objective of financial gain. In this article, we review and develop the game theoretic literature on kidnapping in order to gain insight on ransomware. The...

Quantum phenomena offer a very attractive entropy source for random number generation, harnessing inherently chaotic observable events. In this work, we present the analysis of a popular commercial QRNG range, ID Quantique's Quantis 16M, 4M and USB modules. Previous analyses are extended significantly, by including novel analyses using Ent, Alphabi...

In the last few years, the world has witnessed a ground-breaking growth in the use of digital images and their applications in the modern society. In addition, image editing applications have downplayed the modification of digital photos and this compromises the authenticity and veracity of a digital image. These applications allow for tampering th...

Android malware is increasing in spread and complexity. Advanced obfuscation, emulation detection, delayed payload activation or dynamic code loading are some of the techniques employed by current malware to hinder the use of reverse engineering techniques and anti-malware tools. This growing complexity is particularly noticeable in the evolution o...

Existence of mobile devices with high performance cameras and powerful image processing applications eases the alteration of digital images for malicious purposes. This work presents a new approach to detect digital image tamper detection technique based on CFA artifacts arising from the differences in the distribution of acquired and interpolated...

This paper tries to tackle the modern challenge of practical steganalysis over large data by presenting a novel approach whose aim is to perform with perfect accuracy and in a completely automatic manner. The objective is to detect changes introduced by the steganographic process in those data objects, including signatures related to the tools bein...

Appendix I. Example of Classification using a Naive Bayes Model. (PDF)

Appendix II. Experimental Validation. (PDF)

This work reports the first in-depth analysis of the DESFire EV1’s EAL4+ certified TRNG and raises some difficult questions regarding the certification of non-deterministic random number generators. We start by analysing the quality of the purportedly true random number generator (TRNG) on the DESFire EV1 card. Clear and consistent biases are ident...

This work briefly examines some of the most relevant Bitcoin Laundry Services, commonly known as tumblers or mixers, and studies their main features to try to answer some fundamental questions including their security, popularity, transaction volume, and generated revenue. Our research aims to inform both legitimate users and Law Enforcement about...

The limited computational capabilities of low-cost RFID cards may induce security weaknesses stemming from concessions made in hardware. In particular, RFID cards with weak pseudo-random number generators (PRNGs) can leak secret information. Current generation RFID cards, such as the Mifare DESFire EV1, improve on the cryptographic and random numbe...

Bycatch and illegal wildlife trade on the dark web - Volume 51 Issue 3 - David L Roberts, Julio Hernandez-Castro

Recent advances in Deep Learning (DL) allow for solving complex AI problems that used to be considered very hard. While this progress has advanced many fields, it is considered to be bad news for CAPTCHAs (Completely Automated Public Turing tests to tell Computers and Humans Apart), the security of which rests on the hardness of some learning probl...

Recent advances in face recognition technology render face-based authentication very attractive due to the high accuracy and ease of use. However, the increased use of biometrics (such as faces) triggered a lot of research on the protection biometric data in the fields of computer security and cryptography. Unfortunately, most of the face-based sys...

We present in this work an economic analysis of ransomware, with relevant data from Cryptolocker, CryptoWall, TeslaCrypt and other major strands. We include a detailed study of the impact that different price discrimination strategies can have on the success of a ransomware family, examining uniform pricing, optimal price discrimination and bargain...

This paper presents a security analysis of the manual override feature of the Noke smart lock. We have focused our investigation on the Noke because it is one of the most popular smart locks available on the market, and it was explicitly mentioned in Defcon'16 as one of the only three smart locks that were robust against a variety of new attacks. T...

Currently the number of cameras embedded in mobile devices is growing at an unprecedented rate. Additionally, the quality and performance of these mobile cameras is steadily improving, and is closing in on that of classical digital cameras. This scenario makes the forensic analysis of images taken with mobile cameras increasingly important and nece...

The limited computational capabilities of low-cost RFID cards may induce security weaknesses stemming from concessions made in hardware. In particular, RFID cards with weak pseudo-random number generators (PRNGs) can leak secret information. Current generation RFID cards, such as the Mifare DESFire EV1, improve on the cryptographic and random numbe...

The increased diffusion of digital images generated by mobile devices trough social networks, personal and professional communications, etc. is self-evident. This creates potential problems because some of these images may be used as supporting evidence for different criminal cases. In this paper, algorithms are proposed based on sensor noise and w...

The rise of the Internet as a trade platform has resulted in a shift in the illegal wildlife trade. As a result of increased scrutiny that illegal wildlife trade is receiving, there are concerns that the online trade will move onto the darkweb. In this preliminary study, we provide a baseline of illegal wildlife trade on the darkweb. We downloaded...