BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Awais Rashid

Awais Rashid contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and Securitycs.CYHuman-Computer InteractionSoftware Engineering

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
9works
0followers
4topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

9 published item(s)

preprint2022arXiv

A Taxonomy for Contrasting Industrial Control Systems Asset Discovery Tools

Asset scanning and discovery is the first and foremost step for organizations to understand what assets they have and what to protect. There is currently a plethora of free and commercial asset scanning tools specializing in identifying assets in industrial control systems (ICS). However, there is little information available on their comparative capabilities and how their respective features contrast. Nor is it clear to what depth of scanning these tools can reach and whether they are fit-for-purpose in a scaled industrial network architecture. We provide the first systematic feature comparison of free-to-use asset scanning tools on the basis of an ICS scanning taxonomy that we propose. Based on the taxonomy, we investigate scanning depths reached by the tools' features and validate our investigation through experimentation on Siemens, Schneider Electric, and Allen Bradley devices in a testbed environment.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Automatic User Profiling in Darknet Markets: a Scalability Study

In this study, we investigate the scalability of state-of-the-art user profiling technologies across different online domains. More specifically, this work aims to understand the reliability and limitations of current computational stylometry approaches when these are applied to underground fora in which user populations potentially differ from other online platforms (predominantly male, younger age and greater computer use) and cyber offenders who attempt to hide their identity. Because no ground truth is available and no validated criminal data from historic investigations is available for validation purposes, we have collected new data from clearweb forums that do include user demographics and could be more closely related to underground fora in terms of user population (e.g., tech communities) than commonly used social media benchmark datasets showing a more balanced user population.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Characterising Cybercriminals: A Review

This review provides an overview of current research on the known characteristics and motivations of offenders engaging in cyber-dependent crimes. Due to the shifting dynamics of cybercriminal behaviour, and the availability of prior reviews in 2013, this review focuses on original research conducted from 2012 onwards, although some older studies that were not included in prior reviews are also considered. As a basis for interpretation of results, a limited quality assessment was also carried out on included studies through examination of key indicators.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Understanding motivations and characteristics of financially-motivated cybercriminals

Background: Cyber offences, such as hacking, malware creation and distribution, and online fraud, present a substantial threat to organizations attempting to safeguard their data and information. By understanding the evolving characteristics and motivations of individuals involved in these activities, and the threats that they may pose, cyber security practitioners will be better placed to understand and assess current threats to their systems and the range of socio-technical mitigations that may best reduce these. Aim: The reported work-in-progress aims to explore the extent to which findings from prior academic literature regarding the characteristics and motivations of offenders engaging in financially-motivated, cyber-dependent crime are supported by the contemporary experiences and perspectives of practitioners currently working in the cyber crime field. Method: A targeted, online survey was developed consisting of both closed and open-ended questions relating to current cyber threats and the characteristics and motivations of offenders engaged in these activities. Sixteen practitioners working in law enforcement-related domains in the cyber crime field completed the survey, providing a combination of qualitative and quantitative data for analysis.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

"Do this! Do that!, And nothing will happen" Do specifications lead to securely stored passwords?

Does the act of writing a specification (how the code should behave) for a piece of security sensitive code lead to developers producing more secure code? We asked 138 developers to write a snippet of code to store a password: Half of them were asked to write down a specification of how the code should behave before writing the program, the other half were asked to write the code but without being prompted to write a specification first. We find that explicitly prompting developers to write a specification has a small positive effect on the security of password storage approaches implemented. However, developers often fail to store passwords securely, despite claiming to be confident and knowledgeable in their approaches, and despite considering an appropriate range of threats. We find a need for developer-centered usable mechanisms for telling developers how to store passwords: lists of what they must do are not working.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Technical Report: Gone in 20 Seconds -- Overview of a Password Vulnerability in Siemens HMIs

Siemens produce a range of industrial human machine interface (HMI) screens which allow operators to both view information about and control physical processes. For scenarios where an operator cannot physically access the screen, Siemens provide the SM@rtServer features on HMIs, which when activated provides remote access either through their own Sm@rtClient application, or through third party VNC client software. Through analysing this server, we discovered a lack of protection against brute-force password attacks on basic devices. On advanced devices which include a brute-force protection mechanism, we discovered an attacker strategy that is able to evade the mechanism allowing for unlimited password guess attempts with minimal effect on the guess rate. This vulnerability has been assigned two CVEs - CVE-2020-15786 and CVE-2020-157867. In this report, we provide an overview of this vulnerability, discuss the impact of a successful exploitation and propose mitigations to provide protection against this vulnerability. This report accompanies a demo presented at CPSIoTSec 2020.

0 citations0 reviewsNo code linkedOpen access