TY - JOUR A1 - Oosthoek, Kris A1 - Dörr, Christian T1 - Cyber security threats to bitcoin exchanges BT - adversary exploitation and laundering techniques JF - IEEE transactions on network and service management : a publication of the IEEE N2 - Bitcoin is gaining traction as an alternative store of value. Its market capitalization transcends all other cryptocurrencies in the market. But its high monetary value also makes it an attractive target to cyber criminal actors. Hacking campaigns usually target an ecosystem's weakest points. In Bitcoin, the exchange platforms are one of them. Each exchange breach is a threat not only to direct victims, but to the credibility of Bitcoin's entire ecosystem. Based on an extensive analysis of 36 breaches of Bitcoin exchanges, we show the attack patterns used to exploit Bitcoin exchange platforms using an industry standard for reporting intelligence on cyber security breaches. Based on this we are able to provide an overview of the most common attack vectors, showing that all except three hacks were possible due to relatively lax security. We show that while the security regimen of Bitcoin exchanges is subpar compared to other financial service providers, the use of stolen credentials, which does not require any hacking, is decreasing. We also show that the amount of BTC taken during a breach is decreasing, as well as the exchanges that terminate after being breached. Furthermore we show that overall security posture has improved, but still has major flaws. To discover adversarial methods post-breach, we have analyzed two cases of BTC laundering. Through this analysis we provide insight into how exchange platforms with lax cyber security even further increase the intermediary risk introduced by them into the Bitcoin ecosystem. KW - Bitcoin KW - Computer crime KW - Cryptography KW - Ecosystems KW - Currencies KW - Industries KW - Vocabulary KW - cryptocurrency exchanges KW - cyber KW - security KW - cyber threat intelligence KW - attacks KW - vulnerabilities KW - forensics Y1 - 2021 U6 - https://doi.org/10.1109/TNSM.2020.3046145 SN - 1932-4537 VL - 18 IS - 2 SP - 1616 EP - 1628 PB - IEEE CY - New York ER - TY - BOOK A1 - Neuhaus, Christian A1 - Polze, Andreas A1 - Chowdhuryy, Mohammad M. R. T1 - Survey on healthcare IT systems : standards, regulations and security N2 - IT systems for healthcare are a complex and exciting field. One the one hand, there is a vast number of improvements and work alleviations that computers can bring to everyday healthcare. Some ways of treatment, diagnoses and organisational tasks were even made possible by computer usage in the first place. On the other hand, there are many factors that encumber computer usage and make development of IT systems for healthcare a challenging, sometimes even frustrating task. These factors are not solely technology-related, but just as well social or economical conditions. This report describes some of the idiosyncrasies of IT systems in the healthcare domain, with a special focus on legal regulations, standards and security. N2 - IT Systeme für Medizin und Gesundheitswesen sind ein komplexes und spannendes Feld. Auf der einen Seite stehen eine Vielzahl an Verbesserungen und Arbeitserleichterungen, die Computer zum medizinischen Alltag beitragen können. Einige Behandlungen, Diagnoseverfahren und organisatorische Aufgaben wurden durch Computer überhaupt erst möglich. Auf der anderen Seite gibt es eine Vielzahl an Fakturen, die Computerbenutzung im Gesundheitswesen erschweren und ihre Entwicklung zu einer herausfordernden, sogar frustrierenden Aufgabe machen können. Diese Faktoren sind nicht ausschließlich technischer Natur, sondern auch auf soziale und ökonomische Gegebenheiten zurückzuführen. Dieser Report beschreibt einige Besondenderheiten von IT Systemen im Gesundheitswesen, mit speziellem Fokus auf gesetzliche Rahmenbedingungen, Standards und Sicherheit. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 45 KW - EPA KW - Elektronische Patientenakte KW - Sicherheit KW - Privacy KW - Standards KW - Gesetze KW - EHR KW - electronic health record KW - security KW - privacy KW - standards KW - law Y1 - 2011 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus-51463 SN - 978-3-86956-128-8 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - BOOK ED - Neuhaus, Christian ED - Polze, Andreas T1 - Cloud security mechanisms N2 - Cloud computing has brought great benefits in cost and flexibility for provisioning services. The greatest challenge of cloud computing remains however the question of security. The current standard tools in access control mechanisms and cryptography can only partly solve the security challenges of cloud infrastructures. In the recent years of research in security and cryptography, novel mechanisms, protocols and algorithms have emerged that offer new ways to create secure services atop cloud infrastructures. This report provides introductions to a selection of security mechanisms that were part of the "Cloud Security Mechanisms" seminar in summer term 2013 at HPI. N2 - Cloud Computing hat deutliche Kostenersparnisse und verbesserte Flexibilität bei der Bereitstellung von Computer-Diensten ermöglicht. Allerdings bleiben Sicherheitsbedenken die größte Herausforderung bei der Nutzung von Cloud-Diensten. Die etablierten Mechanismen für Zugriffskontrolle und Verschlüsselungstechnik können die Herausforderungen und Probleme der Sicherheit von Cloud-Infrastrukturen nur teilweise lösen. In den letzten Jahren hat die Forschung jedoch neue Mechanismen, Protokolle und Algorithmen hervorgebracht, welche neue Möglichkeiten eröffnen die Sicherheit von Cloud-Anwendungen zu erhöhen. Dieser technische Bericht bietet Einführungen zu einigen dieser Mechanismen, welche im Seminar "Cloud Security Mechanisms" im Sommersemester 2013 am HPI behandelt wurden. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 87 KW - Cloud KW - Sicherheit KW - Privacy KW - Datenvertraulichkeit KW - Threshold Cryptography KW - Bitcoin KW - Homomorphe Verschlüsselung KW - Differential Privacy KW - cloud KW - security KW - privacy KW - confidentiality KW - threshold cryptography KW - bitcoin KW - homomorphic encryption KW - differential privacy Y1 - 2014 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus-68168 SN - 978-3-86956-281-0 SN - 1613-5652 SN - 2191-1665 IS - 87 PB - Universitätsverlag Potsdam CY - Potsdam ER -