The last decade has shown that networked cyber-physical systems (NCPS) are the future of critical infrastructure such as transportation systems and energy production. However, they have introduced an uncharted territory of security vulnerabilities and a wider attack surface, mainly due to network openness and the deeply integrated physical and cyber spaces. On the other hand, relying on manual analysis of intrusion detection alarms might be effective in stopping run-of-the-mill automated probes but remain useless against the growing number of targeted, persistent, and often AI-enabled attacks on large-scale NCPS. Hence, there is a pressing need for new research directions to provide advanced protection. This paper introduces a novel security paradigm for emerging NCPS, namely Autonomous Cyber-Physical Defense (ACPD). We lay out the theoretical foundations and describe the methods for building autonomous and stealthy cyber-physical defense agents that are able to dynamically hunt, detect, and respond to intelligent and sophisticated adversaries in real time without human intervention. By leveraging the power of game theory and multi-agent reinforcement learning, these self-learning agents will be able to deploy complex cyber-physical deception scenarios on the fly, generate optimal and adaptive security policies without prior knowledge of potential threats, and defend themselves against adversarial learning. Nonetheless, serious challenges including trustworthiness, scalability, and transfer learning are yet to be addressed for these autonomous agents to become the next-generation tools of cyber-physical defense.
Authored by Talal Halabi, Mohammad Zulkernine
In 2017, the United States Department of Homeland Security designated elections equipment as critical infrastructure. Poll workers play a crucial role in safeguarding election security and integrity and are responsible for administering an election at the more than 100,000 polling places needed during an election cycle, oftentimes interacting with, and having unsupervised access to, elections equipment. This paper examines the utility of training poll workers to mitigate potential cyber, physical, and insider threats that may emerge during U.S. elections through an analysis of the relationship between poll worker training performance and their individual cybersecurity practices. Specifically, we measure a poll worker’s personal cybersecurity behavior using the Security Behaviors and Intentions Scale (SeBIS) and statistically examine this measure to their performance on three poll worker election security training modules, along with quizzes to assess poll workers' knowledge. The results indicate that a poll worker’s personal security behaviors related to Device Securement, Password Generation, and Proactive Awareness have a positive relationship with poll workers' knowledge of the threats related to election equipment and processes. k-means analysis shows that educated poll workers and those who have strong device security personal behaviors tend to score better on the poll worker training quizzes; Device Securement was also the greatest driver of the relationship between individual security behaviors and poll worker threat knowledge. These findings have implications for election security policies, emphasizing the need for election officials and managers to prioritize Device Securement and Proactive Awareness in poll worker training initiatives to enhance election security.
Authored by Abigail Kassel, Isabella Bloomquist, Natalie Scala, Josh Dehlinger
Nowadays, companies, critical infrastructure and governments face cyber attacks every day ranging from simple denial-of-service and password guessing attacks to complex nationstate attack campaigns, so-called advanced persistent threats (APTs). Defenders employ intrusion detection systems (IDSs) among other tools to detect malicious activity and protect network assets. With the evolution of threats, detection techniques have followed with modern systems usually relying on some form of artificial intelligence (AI) or anomaly detection as part of their defense portfolio. While these systems are able to achieve higher accuracy in detecting APT activity, they cannot provide much context about the attack, as the underlying models are often too complex to interpret. This paper presents an approach to explain single predictions (i. e., detected attacks) of any graphbased anomaly detection systems. By systematically modifying the input graph of an anomaly and observing the output, we leverage a variation of permutation importance to identify parts of the graph that are likely responsible for the detected anomaly. Our approach treats the anomaly detection function as a black box and is thus applicable to any whole-graph explanation problems. Our results on two established datasets for APT detection (StreamSpot \& DARPA TC Engagement Three) indicate that our approach can identify nodes that are likely part of the anomaly. We quantify this through our area under baseline (AuB) metric and show how the AuB is higher for anomalous graphs. Further analysis via the Wilcoxon rank-sum test confirms that these results are statistically significant with a p-value of 0.0041\%.
Authored by Felix Welter, Florian Wilkens, Mathias Fischer
Vendor cybersecurity risk assessment is of critical importance to smart city infrastructure and sustainability of the autonomous mobility ecosystem. Lack of engagement in cybersecurity policies and process implementation by the tier companies providing hardware or services to OEMs within this ecosystem poses a significant risk to not only the individual companies but to the ecosystem overall. The proposed quantitative method of estimating cybersecurity risk allows vendors to have visibility to the financial risk associated with potential threats and to consequently allocate adequate resources to cybersecurity. It facilitates faster implementation of defense measures and provides a useful tool in the vendor selection process. The paper focuses on cybersecurity risk assessment as a critical part of the overall company mission to create a sustainable structure for maintaining cybersecurity health. Compound cybersecurity risk and impact on company operations as outputs of this quantitative analysis present a unique opportunity to strategically plan and make informed decisions towards acquiring a reputable position in a sustainable ecosystem. This method provides attack trees and assigns a risk factor to each vendor thus offering a competitive advantage and an insight into the supply chain risk map. This is an innovative way to look at vendor cybersecurity posture. Through a selection of unique industry specific parameters and a modular approach, this risk assessment model can be employed as a tool to navigate the supply base and prevent significant financial cost. It generates synergies within the connected vehicle ecosystem leading to a safe and sustainable economy.
Authored by Albena Tzoneva, Galina Momcheva, Borislav Stoyanov
The growth of Electric Vehicles (EVs), coupled with the deployment of large-scale extreme fast charging stations (XFCSs), has increased the attack surface for EV ecosystems. To secure such critical cyber-physical systems (CPSs), it is imperative for the system defenders to perform an in-depth analysis of potential attack vectors, evaluate possible countermeasures, and analyze attack-defense scenarios quantitatively to implement a defense strategy that will provide maximum utilization of their limited resources. Therefore, a systematic framework is essential, relying on modeling tools that security experts are familiar with. In this paper, we propose a comprehensive methodology for enabling the defender to perform a high-level attack surface analysis of an XFCS and determine the defense strategy with the highest utility value. We apply STRIDE threat modeling and attack defense tree (ADT) to enumerate realizable attack paths and identify possible defense measures. We then employ analytic hierarchy process (AHP) as a multi-criteria decisionmaking algorithm to obtain the highest utility strategy for the defender to adopt. The proposed methodology is validated by demonstrating its real-world feasibility through a case study, using sample attack paths for an XFCS.
Authored by Souradeep Bhattacharya, Manimaran Govindarasu, Mansi Girdhar, Junho Hong
In modern conditions, the relevance of the problem of assessing the information security risks for automated systems is increasing. Risk assessment is defined as a complex multi-stage task. Risk assessment requires prompt decision-making for effective information protection. To solve this problem, a method for automating risk assessment based on fuzzy cognitive maps is proposed. A fuzzy cognitive map is a model that can be represented as a directed graph in which concepts and connections between them have own weights. The automation process allows evaluate complex relationships between factors and threats, providing a more comprehensive risk assessment. The application of fuzzy cognitive maps proved to be an effective tool for automation, promptness, and quality in risk assessment.
Authored by Andrey Shaburov, Anna Ozhgibesova, Vsevolod Alekseev
The role of principals of schools facing digital transformation in and for the 21st century is to assure and promote effective use of digital technologies in all aspects of school functioning.
Authored by Valentina Kirinić, Nikolina Hrustek, Renata Mekovec
The increase in the usage of various computing and mobile devices has resulted in implementing large scale ad hoc networks as the user demand is on the rise and companies’ find it difficult to invest more in the IT infrastructure to meet the surging demand. The traditional model of networking enables the mobile devices to face various issues like lower bandwidth, mobility, security and storage et. Hence, in order to meet the overall service requirement and to enhance the overall efficiency of the network, cloud computing was introduced. The implementation of these devices tends to support in every node, it enhances better communication in a better range towards another nodes. There is a critical administration and support devices from everywhere in an effective manner.
Authored by Gowtham S, A. Shenbagharaman, B. Shunmugapriya, Sateesh Nagavarapu, Antonyuk Olga
In this paper, we present a novel statistical approach to assess and model data of water distribution network (WDN) failures which contain only few pieces of information, namely the number of failures in a month. The applied statistical method is known as the circular (directional) statistics. It concerns with angular/cyclical data in degrees or radians. The sample space is typically a circle or a sphere and due to the nature of the circular data, they cannot be analysed with commonly used statistical techniques. Circular data approaches can be adapted to analyse time-of-year data and year cycles. Using the methods of descriptive and inferential statistics for circular data, we show that the WDN failure data show a deviation from the uniform model and cannot be modelled by the parametric models. Therefore, we apply the nonparametric circular kernel density estimates to assess and model the data and predict the expected numbers of failures in the respective months of a year.
Authored by Kamila Hasilová, David Vališ
The growth of Electric Vehicles (EVs), coupled with the deployment of large-scale extreme fast charging stations (XFCSs), has increased the attack surface for EV ecosystems. To secure such critical cyber-physical systems (CPSs), it is imperative for the system defenders to perform an in-depth analysis of potential attack vectors, evaluate possible countermeasures, and analyze attack-defense scenarios quantitatively to implement a defense strategy that will provide maximum utilization of their limited resources. Therefore, a systematic framework is essential, relying on modeling tools that security experts are familiar with. In this paper, we propose a comprehensive methodology for enabling the defender to perform a high-level attack surface analysis of an XFCS and determine the defense strategy with the highest utility value. We apply STRIDE threat modeling and attack defense tree (ADT) to enumerate realizable attack paths and identify possible defense measures. We then employ analytic hierarchy process (AHP) as a multi-criteria decisionmaking algorithm to obtain the highest utility strategy for the defender to adopt. The proposed methodology is validated by demonstrating its real-world feasibility through a case study, using sample attack paths for an XFCS.
Authored by Souradeep Bhattacharya, Manimaran Govindarasu, Mansi Girdhar, Junho Hong
With technological advances, Cyber-Physical Systems (CPS), specifically critical infrastructures, have become strongly connected. Their exposure to cyber adversaries is higher than ever. The number of cyber-attacks perpetrated against critical infrastructure is growing in number and sophistication. The protection of such complex systems became of paramount importance. Resilience applied to critical infrastructures aims at protecting these vital systems from cyber-attacks and making them continue to deliver a certain level of performance, even when attacks occur. In this work, we explore new advances related to cyber-resilience applied to CPSs. We also explore the use of a metric to quantify the resilience of critical infrastructures. As a use case, we consider a water treatment system.
Authored by Romain Dagnas, Michel Barbeau, Maxime Boutin, Joaquin Garcia-Alfaro, Reda Yaich
Modern day cyber-infrastructures are critically dependent on each other to provide essential services. Current frameworks typically focus on the risk analysis of an isolated infrastructure. Evaluation of potential disruptions taking the heterogeneous cyber-infrastructures is vital to note the cascading disruption vectors and determine the appropriate interventions to limit the damaging impact. This paper presents a cyber-security risk assessment framework for the interconnected cyberinfrastructures. Our methodology is designed to be comprehensive in terms of accommodating accidental incidents and malicious cyber threats. Technically, we model the functional dependencies between the different architectures using reliability block diagrams (RBDs). RBDs are convenient, yet powerful graphical diagrams, which succinctly describe the functional dependence between the system components. The analysis begins by selecting a service from the many services that are outputted by the synchronized operation of the architectures whose disruption is deemed critical. For this service, we design an attack fault tree (AFT). AFT is a recent graphical formalism that combines the two popular formalisms of attack trees and fault trees. We quantify the attack-fault tree and compute the risk metrics – the probability of a disruption and the damaging impact. For this purpose, we utilize the open source ADTool. We show the efficacy of our framework with an example outage incident.
Authored by Rajesh Kumar
In this paper, a quantitative analysis method is proposed to calculate the risks from cyber-attacks focused on the domain of data security in the financial sector. Cybersecurity risks have increased in organizations due to the process of digital transformation they are going through, reflecting in a notorious way in the financial sector, where a considerable percentage of the attacks carried out on the various industries are concentrated. In this sense, risk assessment becomes a critical point for their proper management and, in particular, for organizations to have a risk analysis method that allows them to make cost-effective decisions. The proposed method integrates a layered architecture, a list of attacks to be prioritized, and a loss taxonomy to streamline risk analysis over the data security domain including: encryption, masking, deletion, and resiliency. The layered architecture considers: presentation layer, business logic layer, and data management layer. The method was validated and tested by 6 financial companies in Lima, Peru. The preliminary results identified the applicability of the proposed method collected through surveys of experts from the 6 entities surveyed, obtaining 85.7\% who consider that the proposed three-layer architecture contains the assets considered critical.
Authored by Alberto Alegria, Jorge Loayza, Arnaldo Montoya, Jimmy Armas-Aguirre
For modern industrial automation and control systems (IACS), it is a cybersecurity risk that provokes the most growing anxiety among other potential hazards. In order to manage the risk efficiently, a risk assessment is necessary. A standard CIA approach explores the confidentiality, integrity, and availability properties of assets. However, for IACS dealing with critical infrastructures, it is more crucial to investigate separately the availability part of the risk. Moreover, not assets but functions are particularly important. One of the major problems arising during the assessment is how to assign values for the availability property of IACS functions. For establishing the CIA values, techniques related to confidentiality and integrity seem to be quite evident and make just a minor issue to develop and employ. However, methods for assessing the availability property happen to be not obvious and not widely used. The article presents a metric helpful for the availability valuation. Inherently constructed to be applicable particularly to functions, not to assets, the metric will be found especially effective for IACS. Essentially based on delay as a measure, the metric is proved to be conformant to the IEC 62443 series availability interpretation and the general requirements for the cybersecurity metrics. For the metric to be accurately calculated, the availability reference model, dependency theory, and a theory of deterministic queuing systems Network calculus are proposed to be utilized. Applying Network calculus to the metric calculation, the article reveals that this problem can be reduced to the problem of obtaining sets of service curves.
Authored by A.A. Baybulatov, V.G. Promyslov
Cyber physical system (CPS) Critical infrastructures (CIs) like the power and energy systems are increasingly becoming vulnerable to cyber attacks. Mitigating cyber risks in CIs is one of the key objectives of the design and maintenance of these systems. These CPS CIs commonly use legacy devices for remote monitoring and control where complete upgrades are uneconomical and infeasible. Therefore, risk assessment plays an important role in systematically enumerating and selectively securing vulnerable or high-risk assets through optimal investments in the cybersecurity of the CPS CIs. In this paper, we propose a CPS CI security framework and software tool, CySec Game, to be used by the CI industry and academic researchers to assess cyber risks and to optimally allocate cybersecurity investments to mitigate the risks. This framework uses attack tree, attackdefense tree, and game theory algorithms to identify high-risk targets and suggest optimal investments to mitigate the identified risks. We evaluate the efficacy of the framework using the tool by implementing a smart grid case study that shows accurate analysis and feasible implementation of the framework and the tool in this CPS CI environment.
Authored by Burhan Hyder, Harrison Majerus, Hayden Sellars, Jonathan Greazel, Joseph Strobel, Nicholas Battani, Stefan Peng, Manimaran Govindarasu
The growth of Electric Vehicles (EVs), coupled with the deployment of large-scale extreme fast charging stations (XFCSs), has increased the attack surface for EV ecosystems. To secure such critical cyber-physical systems (CPSs), it is imperative for the system defenders to perform an in-depth analysis of potential attack vectors, evaluate possible countermeasures, and analyze attack-defense scenarios quantitatively to implement a defense strategy that will provide maximum utilization of their limited resources. Therefore, a systematic framework is essential, relying on modeling tools that security experts are familiar with. In this paper, we propose a comprehensive methodology for enabling the defender to perform a high-level attack surface analysis of an XFCS and determine the defense strategy with the highest utility value. We apply STRIDE threat modeling and attack defense tree (ADT) to enumerate realizable attack paths and identify possible defense measures. We then employ analytic hierarchy process (AHP) as a multi-criteria decisionmaking algorithm to obtain the highest utility strategy for the defender to adopt. The proposed methodology is validated by demonstrating its real-world feasibility through a case study, using sample attack paths for an XFCS.
Authored by Souradeep Bhattacharya, Manimaran Govindarasu, Mansi Girdhar, Junho Hong
The security concerns surrounding the 2016 and 2020 United States Presidential Elections have underscored the critical importance of election security, prompting a renewed emphasis on preventing, detecting, and mitigating emerging threats associated with election infrastructure. With their pivotal role as the first line of defense on Election Day, poll workers bear the responsibility of identifying and thwarting any potential threats that may arise. Moreover, they possess unsupervised access to the U.S. critical infrastructure elections equipment at polling places and are entrusted with administering the election processes at their local precincts. However, despite their crucial role, poll workers receive minimal, if any, specific training on security threats prior to elections. To address this gap, this research investigates poll worker threat awareness through developing, piloting, and empirically evaluating online training modules aimed at teaching poll workers to identify and mitigate potential cyber, physical, and insider threats that may arise prior to, and on, Election Day. Through statistical analysis of a pre-post-test study involving eligible and current poll workers, this research demonstrates the effectiveness of these training modules to significantly enhance poll workers' understanding of cyber, physical, and insider threats associated with the processes of three critical areas in voting: electronic pollbooks, the scanning unit, and provisional voting. The implications of this work emphasize the need for resources for election officials and managers to provide effective and comprehensive poll worker training and, thus, ensure the security and integrity of U.S. election processes.
Authored by
The growth of Electric Vehicles (EVs), coupled with the deployment of large-scale extreme fast charging stations (XFCSs), has increased the attack surface for EV ecosystems. To secure such critical cyber-physical systems (CPSs), it is imperative for the system defenders to perform an in-depth analysis of potential attack vectors, evaluate possible countermeasures, and analyze attack-defense scenarios quantitatively to implement a defense strategy that will provide maximum utilization of their limited resources. Therefore, a systematic framework is essential, relying on modeling tools that security experts are familiar with. In this paper, we propose a comprehensive methodology for enabling the defender to perform a high-level attack surface analysis of an XFCS and determine the defense strategy with the highest utility value. We apply STRIDE threat modeling and attack defense tree (ADT) to enumerate realizable attack paths and identify possible defense measures. We then employ analytic hierarchy process (AHP) as a multi-criteria decisionmaking algorithm to obtain the highest utility strategy for the defender to adopt. The proposed methodology is validated by demonstrating its real-world feasibility through a case study, using sample attack paths for an XFCS.
Authored by Souradeep Bhattacharya, Manimaran Govindarasu, Mansi Girdhar, Junho Hong
The last decade has shown that networked cyberphysical systems (NCPS) are the future of critical infrastructure such as transportation systems and energy production. However, they have introduced an uncharted territory of security vulnerabilities and a wider attack surface, mainly due to network openness and the deeply integrated physical and cyber spaces. On the other hand, relying on manual analysis of intrusion detection alarms might be effective in stopping run-of-the-mill automated probes but remain useless against the growing number of targeted, persistent, and often AI-enabled attacks on large-scale NCPS. Hence, there is a pressing need for new research directions to provide advanced protection. This paper introduces a novel security paradigm for emerging NCPS, namely Autonomous CyberPhysical Defense (ACPD). We lay out the theoretical foundations and describe the methods for building autonomous and stealthy cyber-physical defense agents that are able to dynamically hunt, detect, and respond to intelligent and sophisticated adversaries in real time without human intervention. By leveraging the power of game theory and multi-agent reinforcement learning, these selflearning agents will be able to deploy complex cyber-physical deception scenarios on the fly, generate optimal and adaptive security policies without prior knowledge of potential threats, and defend themselves against adversarial learning. Nonetheless, serious challenges including trustworthiness, scalability, and transfer learning are yet to be addressed for these autonomous agents to become the next-generation tools of cyber-physical defense.
Authored by Talal Halabi, Mohammad Zulkernine
Vulnerability Detection 2022 - The power industrial control system is an important part of the national critical Information infrastructure. Its security is related to the national strategic security and has become an important target of cyber attacks. In order to solve the problem that the vulnerability detection technology of power industrial control system cannot meet the requirement of non-destructive, this paper proposes an industrial control vulnerability analysis technology combined with dynamic and static analysis technology. On this basis, an industrial control non-destructive vulnerability detection system is designed, and a simulation verification platform is built to verify the effectiveness of the industrial control non-destructive vulnerability detection system. These provide technical support for the safety protection research of the power industrial control system.
Authored by Zhenwan Zou, Jun Yin, Ling Yang, Cheng Luo, Jiaxuan Fei
MANET Attack Detection - One of the most essential self-configuring and independent wireless networks is the MANET. MANET employs a large number of intermediate nodes to exchange information without the need for any centralized infrastructure. However, some nodes act in a selfish manner, utilizing the network's resources solely for their own benefit and refusing to share with the surrounding nodes. Mobile ad hoc network security is a critical factor that is widely accepted. Selfish nodes are the primary problem of MANET. In a MANET, nodes that are only interested in themselves do not involve in the process of packet forwarding. A node can be identified as selfish or malicious due to some misbehavior reasons. Selfishness on the part of network nodes may be a factor in the low delivery ratio of packets and data loss. A high end-to-end delay is caused by node failure in a MANET network. To study the selfish node attack, a malicious selfish node is put into the network, and a trust-based algorithm for the selfish node attack is also suggested. In order to discover a solution to this issue, we have developed an algorithm called SNRM for the detection of selfish nodes. The routing protocol used in this paper for analysis is AODV. Using a simulation tool, PDR and end-to-end delay are evaluated and compared.
Authored by R. Sarumathi, V. Jayalakshmi
Intrusion Intolerance - Compound threats involving cyberattacks that are targeted in the aftermath of a natural disaster pose an important emerging threat for critical infrastructure. We introduce a novel compound threat model and data-centric framework for evaluating the resilience of power grid SCADA systems to such threats. We present a case study of a compound threat involving a hurricane and follow-on cyberattack on Oahu Hawaii and analyze the ability of existing SCADA architectures to withstand this threat model. We show that no existing architecture fully addresses this threat model, and demonstrate the importance of considering compound threats in planning system deployments.
Authored by Sahiti Bommareddy, Benjamin Gilby, Maher Khan, Imes Chiu, Mathaios Panteli, John van de Lindt, Linton Wells, Yair Amir, Amy Babay
Industrial Control Systems - The power industrial control system is an important part of the national critical Information infrastructure. Its security is related to the national strategic security and has become an important target of cyber attacks. In order to solve the problem that the vulnerability detection technology of power industrial control system cannot meet the requirement of non-destructive, this paper proposes an industrial control vulnerability analysis technology combined with dynamic and static analysis technology. On this basis, an industrial control non-destructive vulnerability detection system is designed, and a simulation verification platform is built to verify the effectiveness of the industrial control non-destructive vulnerability detection system. These provide technical support for the safety protection research of the power industrial control system.
Authored by Zhenwan Zou, Jun Yin, Ling Yang, Cheng Luo, Jiaxuan Fei
Security and privacy are one of crucial factor in the area of information technology and iys applications. Ad-hoc network is a type of non-infrastructure wireless network that is more prone to be attacked and abused due to its properties. Deploying the ad-hoc network in vehicular environment needs the additional security consideration to prevent the attacks that can cause the serious harms like accidents, crashes and fatality of living being lives. In this paper we have explored analysis and requirements of the security solution for the ad hoc network under the vehicular environment. Different categories of threats, their risks are evaluated and then various issues related to deploying the security solutions are addressed by mentioning the proper security technologies and tools.
Authored by Shailaja Salagrama, Yuva Boyapati, Vimal Bibhu
Payment is an essential part of e-commerce. Merchants usually rely on third-parties, so-called payment processors, who take care of transferring the payment from the customer to the merchant. How a payment processor interacts with the customer and the merchant varies a lot. Each payment processor typically invents its own protocol that has to be integrated into the merchant’s application and provides the user with a new, potentially unknown and confusing user experience.Pushed by major companies, including Apple, Google, Master-card, and Visa, the W3C is currently developing a new set of standards to unify the online checkout process and “streamline the user’s payment experience”. The main idea is to integrate payment as a native functionality into web browsers, referred to as the Web Payment APIs. While this new checkout process will indeed be simple and convenient from an end-user perspective, the technical realization requires rather significant changes to browsers.Many major browsers, such as Chrome, Firefox, Edge, Safari, and Opera, already implement these new standards, and many payment processors, such as Google Pay, Apple Pay, or Stripe, support the use of Web Payment APIs for payments. The ecosystem is constantly growing, meaning that the Web Payment APIs will likely be used by millions of people worldwide.So far, there has been no in-depth security analysis of these new standards. In this paper, we present the first such analysis of the Web Payment APIs standards, a rigorous formal analysis. It is based on the Web Infrastructure Model (WIM), the most comprehensive model of the web infrastructure to date, which, among others, we extend to integrate the new payment functionality into the generic browser model.Our analysis reveals two new critical vulnerabilities that allow a malicious merchant to over-charge an unsuspecting customer. We have verified our attacks using the Chrome implementation and reported these problems to the W3C as well as the Chrome developers, who have acknowledged these problems. Moreover, we propose fixes to the standard, which by now have been adopted by the W3C and Chrome, and prove that the fixed Web Payment APIs indeed satisfy strong security properties.
Authored by Quoc Do, Pedram Hosseyni, Ralf Küsters, Guido Schmitz, Nils Wenzler, Tim Würtele