Categories:

Select all

In Focus

research

Honors

Event

Research

Aug 23rd, 2018
The Effect of Engagement on Private Information

Naama Tzur; Lior Zalmanson; Gal Oestreicher-Singer

  • social sciences
  • social sciences

In this research, we are interested in the dynamic of information disclosure on social media websites. Why do users provide personal information on some website and not on others? What builds up trust at the initial meeting point between a potential user and a website or an application? How does online engagement influence this dynamic?

In accordance with Information Boundary Theory, we propose to examine a trust building dynamics as the following hypotheses outlines:

H1: Website initiated participation influences individual’s perceptions of the website.

H2: Individual’s perceptions of a website influences individual’s information disclosure.

H3: Website initiated participation influences individual’s information disclosure.

Our methodology is a random assignment experiment. Using an online website (“VideoBook”) that was designed for and described in Zalmanson & Oestreicher-Singer (2014), we propose to examine these three main hypotheses. Through a series of experiment, we aim to isolate and better understand the impact of online engagement on information disclosure.

Participants are recruited mostly via Amazon’s “Mechanical Turk”. We ask each of the participants to browse VideoBook while presenting her with pop up notifications that vary in type and amount. At the end of the session the participants are requested to answer a questionnaire and provide personal information. We are able to compare the activity log of different participant and the associated answers and information disclosure level. This enables us to analyze the relation between online behavior and personal perceptions.

So far, we have examined the impact of online engagement on trust, privacy concerns and willingness to disclose information. We have found significant differences in the behavior of individuals who were presented with pop up notification in comparison to those who weren’t in terms of trust and information disclosure, while no significant change has been detected regarding general privacy concerns. Our contribution to the relevant information system privacy research mainly evolves around the relation between online engagement and information privacy.

Research

Aug 23rd, 2018
Do Firms Under-Report Information on Cyber Attacks? Evidence from Capital

Eli Amir; Shai Levi

  • social sciences
  • social sciences

Firms should disclose information on material cyber-attacks. However, because managers have incentives to withhold negative information, and investors cannot independently discover most cyber-attacks, firms may underreport cyber-attacks. Using data on cyber-attacks that were voluntary disclosed by firms and those that were withheld and later discovered by sources outside the firm, we estimate the extent to which firms withhold information on cyber-attacks. Our main hypothesis – firms will withhold information on the more severe cyber-attacks and voluntarily disclose the milder ones We find that withheld cyber-attacks are associated with a decline of approximately 2.6% in equity values in the month they are discovered, and disclosed attacks with a substantially lower decline of 0.6%. The evidence suggests that managers do not disclose negative information below a certain threshold, and withhold information on the more severe attacks. Using the market reactions to withheld and disclosed attacks, we estimate that managers disclose information on cyber-attacks when investors already suspect that in high likelihood (46%) an attack has occurred. Our results suggest there is underreporting of cyber-attacks, and imply that if regulators wish to ensure that information on attacks reaches investors, they should consider tightening mandatory disclosure requirements.

Research

Aug 23rd, 2018
The Deniability Mechanism in the Cyber Age – Its Effect on States'

Gil Baram

  • social sciences
  • social sciences

One of the unique characteristics of cyber attacks is that it is almost impossible to identify the source of the attack and who was behind it: The Attribution Problem. On the other hand, there have been cases when the attacking state was identified and the attack was attributed to it but it denied its involvement and rejected these accusations. This deniability mechanism is the core of this proposed research.

International Relations has not yet examined the deniability mechanism in this respect. The general literature about deniability was focused on the legal aspects and on questions of responsibility and accountability and was largely drawn from the field of intelligence studies. Most of that research focused on the options for leaders, mostly in democratic states, to deny their knowledge about certain covert operations carried out in foreign lands during their tenure. The study will examine the importance of the deniability mechanism in several respects: What is the deniability mechanism; What is its significance in conventional military operations and what are the differences in a cyber attack; What are the factors that lead states to deny some offensive cyber operations but not others; How does the use of the deniability mechanism affects the degree of aggression of states in the international arena.

The underlying assumption of the study is that offensive cyber capabilities allow states greater freedom than before and make it easier for them to use their power in the international arena. The origin of this freedom lies primarily in the possibility of conducting offensive cyber attacks while successfully denying responsibility.

Why would a state choose to use the strategy of denial? Two possible explanations for this question are offered in this study: first, the state denies the attack to avoid a reaction by the international community. This explanation is based on the foundations of the realist paradigm in international relations that emphasizes the importance of power in the anarchic international system. The second explanation is based on the Audience Costs theory, calming a state will choose to deny the attack in order to make the victim less motivated to respond, reducing domestic pressures on him to retaliate forcefully, and providing the victim more leeway to choose its response, thus also possibly preventing a dangerous escalation.

The study will use the database of Valeriano & Maness (2014) showing cyber attacks between rivals in the years 2001-2011. New relevant data from the years 2012-2015 will be added to this dataset. The study will combine several techniques and methodologies - quantitative and qualitative. First, the deniability mechanism will be evaluated in the cyber context and in the conventional context; Second, a statistical analysis will be made of the factors that may motivate a state to deny its offensive cyber activity to create an applicable model that will allow an evaluation of the reasons states chose to deny their actions and how the attacked state should react. Following this, different types of qualitative tests using the Process Tracing technique will be employed to strengthen the reliability of the results obtained in the previous section, with the aim to present insights and conclusions that could be implemented by decision-makers.

The ultimate purpose of this kind of research is to create a theoretical framework that will allow for a better understanding of how the use of offensive cyber warfare technology affects the relations between states and the lack of visible long-term conventional war.

Research

Aug 23rd, 2018
Detection of Cyber Attacks in Industrial Control Systems by Intrinsic Sensor

Amir Globerson; Matan Gavish (HUJI); Ronen Talmon (Technion)

  • computers
  • computers

Recent years have seen an explosive increase in cyber attacks against industrial control systems (ICS). An additional threat that has received much attention as a result of the recent Stuxnet attack on Iranian nuclear facilities is sensor hijacking. Not only can cyber attackers attempt to gain control over the industrial system, they can also feed false information into the system’s sensors, creating a false impression of nominal system behavior at the control room, and keeping the ongoing attack covert while doing harm.

In the proposed research, we assume the worst-case-scenario in which an attack has already gained control and even hijacked the sensors of a monitored ICS. We propose to develop a last line of cyber defense: an ICS Takeover Detection System (ICS-TDS), aimed to detect a cyber takeover of the monitored ICS, even in the presence of successful sensor hijacking. The detection systems we propose to develop are stand-alone systems that continuously monitor the ICS without interrupting its function. This proposal describes a significant effort in cyber security of ICS, bringing together theory, algorithms and engineering. Specifically, the proposed project brings together fundamental mathematical research in manifold learning and in control theory, fundamental statistical research in high dimensional sensor data analysis, fundamental research in machine learning under adversarial setting, development of practical and efficient algorithms that implement our fundamental results, and software engineering for implementing these algorithms efficiently.

Objective 1 – Fundamentals

  • High-dimensional covariance estimation
  • Intrinsic state estimation with auto-encoders
  • Adversarial Detection
  • Optimal control

 

Objective 2 – Takeover Detection by Intrinsic State Monitoring

Objective 3 – Sensor Hijacking Detection

Objective 4 – ICS-TDS Proof-of-concept and Data Collection

A key component of our proposal is construction of a “toy ICS”, such as a software-controlled power generator, fitted with numerous sensors. This system will allow actual proof-of-concept in the controlled environment of a university lab.

We expect to have visible impact on a number of fields in and around cyber security of ICS; to attract academic interest to a variety of fascinating theoretical questions implied by monitoring of dynamical systems in the presence of adversarial inputs and machine learning in adversarial conditions; and to prove that a low-budget experimental system can drive academic research with a revolutionary short turnover time from theoretical ideas to proof-of-concept implementations.

Research

Aug 23rd, 2018
Cybersecurity Theory Development: the Israeli Case in Strategic Context

Lior Tabansky

  • management
  • social sciences
  • management
  • social sciences

The “Israeli cyber-defense” capability is held in high regard. Could we generalize a roadmap to achieve a consistently excellent state of national cybersecurity from this case? However, public discussions on Israeli cybersecurity are usually detached from strategic context, impeding cybersecurity scholarship and policy efforts.  I argue that the common explanations of cybersecurity – e.g. as a by-product of military technology, entrepreneurial skills or innovative ICT sector –  are only manifestations of other variables. Uncovering the links between the Israeli grand-strategy and its cybersecurity policy will improve analytical tools and have policy implications.  The objectives are:

  1. To bridge the knowledge gap by developing an open, fact-based, comprehensive case study of the Israeli cybersecurity policy from the early beginning to date.
  2. To utilize the case study to perform a cross-disciplinary analysis of the Israeli cybersecurity in a grand-strategic context; as opposed to information security, legal, military, technical, regulatory and other narratives.
  3. To advance a deductive attempt to develop a general analytic framework of national cybersecurity, which provides ample room for non-technical as well as non-military aspects.

I have already collected much of the sources on the evolution of Israeli cybersecurity in previous research. As cybersecurity overlaps national security, one expects the application of the rich Security Studies scholarship to cybersecurity. However, to the best of our knowledge such a cross-disciplinary approach has not been attempted in the Israeli case. Similarly, Security Studies scholars have largely neglected the cybersecurity topic in the West. In attempt to bridge this gap I will apply the literature on Israeli Strategy to analyze Israeli cybersecurity policy.

The general argument is that national Grand-Strategy is the under-researched factor impacting cybersecurity strategy and practice. Hypotheses on how have concepts such as qualitative edge, early warning, force multiplier and deterrence on impact Israeli national cybersecurity posture and capability will be formulated more precisely once the case becomes clearer, and subjected to critical tests. The newly applied scholarship from two realms (Israeli Strategy and Security Studies) in this case study provides for a deductive attempt to develop a general theory of national cybersecurity, which provides ample room for non-technical aspects. Theory building from case studies is an increasingly popular and relevant research strategy that forms the basis of influential studies. This qualitative research method enables us to capture the complexity of the object of study. This research case selection is driven by the global high regard of the Israeli cybersecurity. The findings of the case study enable us to uncover drivers, dynamics, stakeholders, conflicts and hurdles in the Israeli cybersecurity policy for further examination of their relative significance towards a new Cybersecurity Theory with enhanced explanatory power.

This research provides cybersecurity debate with the missing context by utilizing knowledge obtained from the Security Studies literature on National Grand-Strategy to analyze cybersecurity. It presents a theoretical-methodological innovation, with a broad generalization potential. Scholars of International Relations, Security Studies, Comparative Strategy, Public Policy, Business Management, Organizational Change, as well as policy circles – will find value in the solid factual foundation of theory building and comparative research provided by this case study of Israeli cybersecurity.

Research

Aug 23rd, 2018
Cyber Threats in Self-Regulating Digital Platforms

Ohad Barzilay; Gal Oestreicher-Singer; Hilah Geva

  • management
  • social sciences
  • management
  • social sciences

Alongside the benefits of allowing computers to regulate systems, some risks arise. Computer algorithms may be susceptible to errors and manipulation. They may overlook corner cases and serendipities that they are not wired to detect, and they lack the “common sense” for “doing the right thing” in situations that are not covered by their cookbooks. Given the pros and cons, information technology stakeholders are facing a dilemma regarding the extent to which they should allow their technology to be intelligent and autonomous. This dilemma is becoming increasingly salient, as computer algorithms have become ubiquitous with the rise of the Internet of Things (IoT) and mobile computing.

In the proposed research, we focus on the economic value of the autonomy level of computer algorithms that regulate digital platforms. The platforms that we study are essentially intermediaries in two-sided markets, facilitating transactions between two parties: buyers and sellers (e.g., eBay); drivers and riders (e.g., Uber); entrepreneurs and their backers (e.g., Kickstarter); etc. In each domain, some platforms are considered more open than others, i.e. it is easier for a seller to put a product on the market; in those open markets, there are fewer criteria that a product must meet to be included, and the approval process is simpler, and usually faster. For example: the Google Play Store is considered more "open" than the Apple Store. The crowdfunding platform IndieGoGo is considered more "open" than its rival Kickstarter. The “openness” of such platforms is a result of the fact that they enable computer algorithms to screen the offerings submitted to them, sometimes without any human involvement, in contrast to other platforms, which rely mainly on human inspection.

As automated screening processes are more efficient than human-driven ones, they are likely to generate greater numbers of approved submissions (e.g., mobile applications or crowdfunding campaigns). This, in turn, may result in one of two contradictory scenarios: On the one hand, the platform’s users may find the variety of offerings on the automated (“open”) platform more attractive than the more limited set of options on the “closed” platform. On the other hand, the greater variety may come at the expense of maintaining the quality of the offerings. Algorithms approve products according to whether they meet some threshold criteria. Unlike a human, an algorithm might overlook defects that are not covered by its predetermined list of criteria, and therefore might approve products that are of low innate quality.

We draw on and add to two streams of literature: First, the work on two-sided markets and peer economy platform and, second, the literature on information flow on digital platforms.

Research

Aug 23rd, 2018
Cyber Security Technology Foresight

Tal Soffer

  • management
  • social sciences
  • management
  • social sciences

The research questions of the study are:

  1. What are the main cyber threats that industrial control systems face today? 
  2. Which technologies and methods are being used at present to secure industrial control systems from cyber attacks?
  3. What are the main cyber threats that industrial control systems will face in the next 10-15 years?
  4. Which emerging and future technologies will be used to secure industrial control systems in the next 10-15 years?

The main goal of the study is to derive the current cyber security technology status from the analysis of popular standards such as NERC-CIP. Based on this mapping, a foresight process will be carried out in order to assess future directions and emerging technologies in cyber security. The process will include horizon scanning, analysis of key technologies and drivers, scenarios development, expert surveys and recommendations.

The expected outcomes of the project:

  1. State of the art cyber security standards
  2. Horizon scanning of trends and megatrends that are relevant to cyber security
  3. Analysis of future and emerging technologies that are important to cyber security
  4. The most important drivers impacting the cyber security industry
  5. Expert survey to assess and determine the most promising emerging technologies including their impact and time to market
  6. Recommendations for cyber security R&D policy
  7. Peer reviewed paper including the results of the projects

Research

Aug 23rd, 2018
Threat intelligence sharing between cybersecurity vendors: Network, dyadic, and
  • management
  • social sciences
  • management
  • social sciences

The world is facing the continuous challenge of fighting cyber threats from offenders motivated by cybercrime, cyberwarfare, and cyberterrorism. When engaging a target, attackers have many asymmetric characteristics that work to their benefit. A notable example is the use of knowledge sharing between attackers to establish technological and time-to-market advantages, while in many cases the defenders operate in silos.

 

Technology and culture allow sharing between people and organizations, from social networks, through collaborative code writing, to crowdsourcing in the cybersecurity space. One of the emerging implementations of this trend is the sharing of real-time actionable information referred to as Cyber Threat Intelligence (CTI).

 

Although there are many deployments of threat intelligence sharing across different sectors, the relationships formed between cybersecurity vendors have an interesting attribute. Since the shared information is closely related to the core business of the firms, it presents a unique challenge of combining collaboration with competition, which has been referred to as coopetition.

 

This research aims to improve the understanding of threat intelligence sharing between cybersecurity vendors through an empirical study of the organizational characteristics, the dyadic relationships, and the network structure of the formed ecosystem. The insights provided are increasingly relevant given the growing trend of CTI sharing and the evolving number of vendor relationships. Some of the questions asked and answered in this article are: What insights can be derived from the network structure properties of the formed ecosystem? What are the characteristics of the established relationships and how do they reflect on the industry? Are there any properties common to sharing firms or associations between sharing behaviors and real-world market success?

 

The paper considers the three theoretical constructs of network structure, coopetition, and information sharing, viewed from the three complementary perspectives of industry, relationship, and firm, respectively. The study analyzes a uniquely collected and coded dataset of vendors and their announced threat-sharing relationships utilizing a deductive reasoning top-down approach, which is used to extract hypotheses from existing literature theories and match data-driven observations based on network (graph) theory and statistics against them. The findings are discussed in the context of the researched domain and transformed into conclusions.

Research

Aug 23rd, 2018
Cyber Jihad Taxonomy: Qualitative Analysis of the Behavior of Jihadi Members on

Udi Sommer; Gahl Silverman (Bar-Ilan University)​

  • management
  • social sciences
  • management
  • social sciences

In an era of a global war against Islamic extremist terrorism, a major element has become the increasing presence of terrorist groups online. ‘Cyber Jihad’ that has proliferated, simultaneously with the significant growth of social networking sites, has become an enormous challenge and ushered in a new and terrifying era (that includes most recently the attacks in Paris, Brussels, Orlando and Nice).

Previous studies in this field, applied quantitative approaches to developing an algorithm or to draw a global map of connections between distinct terrorist organizations. However, existing work largely disregarded the aspect of individual extremist Muslims, their behavior, activity patterns and thus the jihad subculture they form online, which provides the infrastructure for terrorist activity.

The proposed study will use a holistic qualitative approach, assisted by a mixed methods analysis software (NVivo11), to apply a two-stage inquiry in order to: (1) identify the characteristics of a potential Jihadi terrorist; (2) identify the taxonomy of the discourse between Jihadi members; and (3) create a categorization of posts and replies that exhibit or inspire an implied preliminary jihadi terrorists’ behavior. The analytic leverage will then allow us to zoom in on the individual level and to draw a multilayered picture of cyber jihad subculture and the basis it sets for broader online terrorist activity.

Objectives of the Proposed Project

What are the characteristics of a potential Jihadi extremist as reflected in SNS discourse? This study has three main goals:

  1. To identify the characteristics of a potential Jihadi terrorist;
  2. To identify the taxonomy of the discourse between Jihadi members on SNS; and,
  3. To create a categorization of posts and replies that exhibit or inspire an implied preliminary jihadi terrorist behavior.

Methodology

This study will zoom in on the individual level and make a multilayered picture of cyber jihad subculture. We will employ a mixed methods analysis software (NVivo11), using a two stage inquiry to analyze posts and related replies. At the first stage, we will focus on a selected sample of posts and replies that contain Jihadi discourse through text, audio and video, in English and possibly in Arabic. Classification, discourse, conversation and semiotic analysis will be applied to study each post and related replies independently. At the second stage, Lexical Identifier Mapping, based on content analysis methodology, will be applied to group relevant posts and related replies based on content similarity.

Research

Aug 23rd, 2018
Crime and IoT
  • computers
  • computers

Capabilities that were considered 'science fiction' a mere few years ago, become usable in the hands of individual criminals and crime organizations in the present. It is therefore vital to consider future possible cyber-crimes in advance, even before they become feasible. Internet of Things (IoT) will have a large impact on our lives by tapping into information sources about our day-to-day doings, and providing common items with the basic intelligence needed to impact our lives in turn. While the potential benefits are great, there is also a vast and fertile ground for using the IoT to enact novel crimes – from burglary to fraud to identity theft and other types of crime. We suggest developing a better understanding of the security measures and regulations needed to combat the new criminals and crimes, by studying the possibilities the IoT holds for criminal acts, conducting expert surveys to estimate timelines for the feasibility of certain crimes, developing high damage-potential scenarios for future crimes, and providing the regulators with policy advice on how to prepare for said crimes. The Israeli Police Department of Strategic Planning has agreed to act as a stakeholder and to collaborate in this research.

Research Plan

Literature review about the IoT and the security of smart cities.

Obtaining parameters and values for potential crimes: using brainstorming workshops and expert surveys, we will identify the many different parameters and values of future possible crimes. Parameters could include the identity of the criminal (and the values for that parameter could be individual or crime organization, for example), the type of crime (the values for which will include murder, burglary, rape, etc.), technologies used to enact the crimes, the earliest date for feasible use, etc.

Cross-linking the values: the links between certain values will be identified with the help of experts, so that we can understand which technologies can best be used for which types of crimes, and how technologies can be used together to create crimes with a higher damage-potential.

Identifying high-damage potential combinations of values: high-damage potential combinations of values will be identified, using an algorithmic customized approach (General Temporal Morphological Analysis).

Scenario development: scenarios will be developed for each high-damage potential combination of values.

Policy generation: the scenarios will be presented in a workshop, and policy and strategy advice will be obtained from the participants regarding the ways in which the regulator and the police can become better prepared to those scenarios.

Final report: the full results of the research, including the identified parameters and values related to future crimes, their potential combinations, the selected scenarios and policy advice, will be published in a final report that will be submitted to all the relevant governmental offices, law-enforcement bodies and international organizations that deal with similar issues.

NEWS

What are you interested in?

All topics
computers
management
nano
social sciences
Tel Aviv University, P.O. Box 39040, Tel Aviv 6997801, Israel
UI/UX Basch_Interactive