Biblio

Found 2781 results

Filters: Keyword is resilience  [Clear All Filters]
2020-04-24
Kim, Chang-Woo, Jang, Gang-Heyon, Shin, Kyung-Hun, Jeong, Sang-Sub, You, Dae-Joon, Choi, Jang-Young.  2020.  Electromagnetic Design and Dynamic Characteristics of Permanent Magnet Linear Oscillating Machines Considering Instantaneous Inductance According to Mover Position. IEEE Transactions on Applied Superconductivity. 30:1—5.

Interior permanent magnet (IPM)-type linear oscillating actuators (LOAs) have a higher output power density than typical LOAs. Their mover consists of a permanent magnet (PM) and an iron core, however, this configuration generates significant side forces. The device can malfunction due to eccentricity in the electromagnetic behavior. Thus, here an electromagnetic design was developed to minimize this side force. In addition, dynamic analysis was performed considering the mechanical systems of LOAs. To perform a more accurate analysis, instantaneous inductance was considered according to the mover's position.

2020-04-17
Gorbenko, Anatoliy, Romanovsky, Alexander, Tarasyuk, Olga, Biloborodov, Oleksandr.  2020.  From Analyzing Operating System Vulnerabilities to Designing Multiversion Intrusion-Tolerant Architectures. IEEE Transactions on Reliability. 69:22—39.

This paper analyzes security problems of modern computer systems caused by vulnerabilities in their operating systems (OSs). Our scrutiny of widely used enterprise OSs focuses on their vulnerabilities by examining the statistical data available on how vulnerabilities in these systems are disclosed and eliminated, and by assessing their criticality. This is done by using statistics from both the National Vulnerabilities Database and the Common Vulnerabilities and Exposures System. The specific technical areas the paper covers are the quantitative assessment of forever-day vulnerabilities, estimation of days-of-grey-risk, the analysis of the vulnerabilities severity and their distributions by attack vector and impact on security properties. In addition, the study aims to explore those vulnerabilities that have been found across a diverse range of OSs. This leads us to analyzing how different intrusion-tolerant architectures deploying the OS diversity impact availability, integrity, and confidentiality.

2020-03-09
Perner, Cora, Kinkelin, Holger, Carle, Georg.  2019.  Adaptive Network Management for Safety-Critical Systems. 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). :25–30.
Present networks within safety-critical systems rely on complex and inflexible network configurations. New technologies such as software-defined networking are more dynamic and offer more flexibility, but due care needs to be exercised to ensure that safety and security are not compromised by incorrect configurations. To this end, this paper proposes the use of pre-generated and optimized configuration templates. These provide alternate routes for traffic considering availability, resilience and timing constraints where network components fail due to attacks or faults.To obtain these templates, two heuristics based on Dijkstra's algorithm and an optimization algorithm providing the maximum resilience were investigated. While the configurations obtained through optimization yield appropriate templates, the heuristics investigated are not suitable to obtain configuration templates, since they cannot fulfill all requirements.
2020-05-15
Fan, Renshi, Du, Gaoming, Xu, Pengfei, Li, Zhenmin, Song, Yukun, Zhang, Duoli.  2019.  An Adaptive Routing Scheme Based on Q-learning and Real-time Traffic Monitoring for Network-on-Chip. 2019 IEEE 13th International Conference on Anti-counterfeiting, Security, and Identification (ASID). :244—248.
In the Network on Chip (NoC), performance optimization has always been a research focus. Compared with the static routing scheme, dynamical routing schemes can better reduce the data of packet transmission latency under network congestion. In this paper, we propose a dynamical Q-learning routing approach with real-time monitoring of NoC. Firstly, we design a real-time monitoring scheme and the corresponding circuits to record the status of traffic congestion for NoC. Secondly, we propose a novel method of Q-learning. This method finds an optimal path based on the lowest traffic congestion. Finally, we dynamically redistribute network tasks to increase the packet transmission speed and balance the traffic load. Compared with the C-XY routing and DyXY routing, our method achieved improvement in terms of 25.6%-49.5% and 22.9%-43.8%.
2020-06-01
Laranjeiro, Nuno, Gomez, Camilo, Schiavone, Enrico, Montecchi, Leonardo, Carvalho, Manoel J. M., Lollini, Paolo, Micskei, Zoltán.  2019.  Addressing Verification and Validation Challenges in Future Cyber-Physical Systems. 2019 9th Latin-American Symposium on Dependable Computing (LADC). :1–2.
Cyber-physical systems are characterized by strong interactions between their physical and computation parts. The increasing complexity of such systems, now used in numerous application domains (e.g., aeronautics, healthcare), in conjunction with hard to predict surrounding environments or the use of non-traditional middleware and with the presence of non-deterministic or non-explainable software outputs, tend to make traditional Verification and Validation (V&V) techniques ineffective. This paper presents the H2020 ADVANCE project, which aims precisely at addressing the Verification and Validation challenges that the next-generation of cyber-physical systems bring, by exploring techniques, methods and tools for achieving the technical objective of improving the overall efficiency and effectiveness of the V&V process. From a strategic perspective, the goal of the project is to create an international network of expertise on the topic of V&V of cyber-physical systems.
2020-07-03
Adari, Suman Kalyan, Garcia, Washington, Butler, Kevin.  2019.  Adversarial Video Captioning. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). :24—27.
In recent years, developments in the field of computer vision have allowed deep learning-based techniques to surpass human-level performance. However, these advances have also culminated in the advent of adversarial machine learning techniques, capable of launching targeted image captioning attacks that easily fool deep learning models. Although attacks in the image domain are well studied, little work has been done in the video domain. In this paper, we show it is possible to extend prior attacks in the image domain to the video captioning task, without heavily affecting the video's playback quality. We demonstrate our attack against a state-of-the-art video captioning model, by extending a prior image captioning attack known as Show and Fool. To the best of our knowledge, this is the first successful method for targeted attacks against a video captioning model, which is able to inject 'subliminal' perturbations into the video stream, and force the model to output a chosen caption with up to 0.981 cosine similarity, achieving near-perfect similarity to chosen target captions.
2020-04-24
Tuttle, Michael, Wicker, Braden, Poshtan, Majid, Callenes, Joseph.  2019.  Algorithmic Approaches to Characterizing Power Flow Cyber-Attack Vulnerabilities. 2019 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT). :1—5.
As power grid control systems become increasingly automated and distributed, security has become a significant design concern. Systems increasingly expose new avenues, at a variety of levels, for attackers to exploit and enable widespread disruptions and/or surveillance. Much prior work has explored the implications of attack models focused on false data injection at the front-end of the control system (i.e. during state estimation) [1]. Instead, in this paper we focus on characterizing the inherent cyber-attack vulnerabilities with power flow. Power flow (and power flow constraints) are at the core of many applications critical to operation of power grids (e.g. state estimation, economic dispatch, contingency analysis, etc.). We propose two algorithmic approaches for characterizing the vulnerability of buses within power grids to cyber-attacks. Specifically, we focus on measuring the instability of power flow to attacks which manifest as either voltage or power related errors. Our results show that attacks manifesting as voltage errors are an order of magnitude more likely to cause instability than attacks manifesting as power related errors (and 5x more likely for state estimation as compared to power flow).
2020-01-21
Haddouti, Samia El, Ech-Cherif El Kettani, M. Dafir.  2019.  Analysis of Identity Management Systems Using Blockchain Technology. 2019 International Conference on Advanced Communication Technologies and Networking (CommNet). :1–7.
The emergence of Blockchain technology as the biggest innovations of the 21stcentury, has given rise to new concepts of Identity Management to deal with the privacy and security challenges on the one hand, and to enhance the decentralization and user control in transactions on Blockchain infrastructures on the other hand. This paper investigates and gives analysis of the most popular Identity Management Systems using Blockchain: uPort, Sovrin, and ShoCard. It then evaluates them under a set of features of digital identity that characterizes the successful of an Identity Management solution. The result of the comparative analysis is presented in a concise way to allow readers to find out easily which systems satisfy what requirements in order to select the appropriate one to fit into a specific scenario.
2020-03-23
Xuewei, Feng, Dongxia, Wang, Zhechao, Lin.  2019.  An Approach of Code Pointer Hiding Based on a Resilient Area. 2019 Seventh International Conference on Advanced Cloud and Big Data (CBD). :204–209.
Code reuse attacks can bypass the DEP mechanism effectively. Meanwhile, because of the stealthy of the operation, it becomes one of the most intractable threats while securing the information system. Although the security solutions of code randomization and diversity can mitigate the threat at a certain extent, attackers can bypass these solutions due to the high cost and coarsely granularity, and the memory disclosure vulnerability is another magic weapon which can be used by attackers to bypass these solutions. After analyzing the principle of memory disclosure vulnerability, we propose a novel code pointer hiding method based on a resilient area. We expatiate how to create the resilient area and achieve code pointer hiding from four aspects, namely hiding return addresses in data pages, hiding function pointers in data pages, hiding target pointers of instruction JUMP in code pages, and hiding target pointers of instruction CALL in code pages. This method can stop attackers from reading and analyzing pages in memory, which is a critical stage in finding and creating ROP chains while executing a code reuse attack. Lastly, we test the method contrastively, and the results show that the method is feasible and effective while defending against ROP attacks.
2020-04-10
Repetto, M., Carrega, A., Lamanna, G..  2019.  An architecture to manage security services for cloud applications. 2019 4th International Conference on Computing, Communications and Security (ICCCS). :1—8.
The uptake of virtualization and cloud technologies has pushed novel development and operation models for the software, bringing more agility and automation. Unfortunately, cyber-security paradigms have not evolved at the same pace and are not yet able to effectively tackle the progressive disappearing of a sharp security perimeter. In this paper, we describe a novel cyber-security architecture for cloud-based distributed applications and network services. We propose a security orchestrator that controls pervasive, lightweight, and programmable security hooks embedded in the virtual functions that compose the cloud application, pursuing better visibility and more automation in this domain. Our approach improves existing management practice for service orchestration, by decoupling the management of the business logic from that of security. We also describe the current implementation stage for a programmable monitoring, inspection, and enforcement framework, which represents the ground technology for the realization of the whole architecture.
2020-01-21
Rana, Rima, Zaeem, Razieh Nokhbeh, Barber, K. Suzanne.  2019.  An Assessment of Blockchain Identity Solutions: Minimizing Risk and Liability of Authentication. 2019 IEEE/WIC/ACM International Conference on Web Intelligence (WI). :26–33.
Personally Identifiable Information (PII) is often used to perform authentication and acts as a gateway to personal and organizational information. One weak link in the architecture of identity management services is sufficient to cause exposure and risk identity. Recently, we have witnessed a shift in identity management solutions with the growth of blockchain. Blockchain-the decentralized ledger system-provides a unique answer addressing security and privacy with its embedded immutability. In a blockchain-based identity solution, the user is given the control of his/her identity by storing personal information on his/her device and having the choice of identity verification document used later to create blockchain attestations. Yet, the blockchain technology alone is not enough to produce a better identity solution. The user cannot make informed decisions as to which identity verification document to choose if he/she is not presented with tangible guidelines. In the absence of scientifically created practical guidelines, these solutions and the choices they offer may become overwhelming and even defeat the purpose of providing a more secure identity solution.We analyze different PII options given to users for authentication on current blockchain-based solutions. Based on our Identity Ecosystem model, we evaluate these options and their risk and liability of exposure. Powered by real world data of about 6,000 identity theft and fraud stories, our model recommends some authentication choices and discourages others. Our work paves the way for a truly effective identity solution based on blockchain by helping users make informed decisions and motivating blockchain identity solution providers to introduce better options to their users.
2020-02-17
Yin, Mingyong, Wang, Qixu, Cao, Mingsheng.  2019.  An Attack Vector Evaluation Method for Smart City Security Protection. 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). :1–7.
In the network security risk assessment on critical information infrastructure of smart city, to describe attack vectors for predicting possible initial access is a challenging task. In this paper, an attack vector evaluation model based on weakness, path and action is proposed, and the formal representation and quantitative evaluation method are given. This method can support the assessment of attack vectors based on known and unknown weakness through combination of depend conditions. In addition, defense factors are also introduced, an attack vector evaluation model of integrated defense is proposed, and an application example of the model is given. The research work in this paper can provide a reference for the vulnerability assessment of attack vector.
2020-07-06
Xu, Zhiheng, Ng, Daniel Jun Xian, Easwaran, Arvind.  2019.  Automatic Generation of Hierarchical Contracts for Resilience in Cyber-Physical Systems. 2019 IEEE 25th International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA). :1–11.
With the growing scale of Cyber-Physical Systems (CPSs), it is challenging to maintain their stability under all operating conditions. How to reduce the downtime and locate the failures becomes a core issue in system design. In this paper, we employ a hierarchical contract-based resilience framework to guarantee the stability of CPS. In this framework, we use Assume Guarantee (A-G) contracts to monitor the non-functional properties of individual components (e.g., power and latency), and hierarchically compose such contracts to deduce information about faults at the system level. The hierarchical contracts enable rapid fault detection in large-scale CPS. However, due to the vast number of components in CPS, manually designing numerous contracts and the hierarchy becomes challenging. To address this issue, we propose a technique to automatically decompose a root contract into multiple lower-level contracts depending on I/O dependencies between components. We then formulate a multi-objective optimization problem to search the optimal parameters of each lower-level contract. This enables automatic contract refinement taking into consideration the communication overhead between components. Finally, we use a case study from the manufacturing domain to experimentally demonstrate the benefits of the proposed framework.
2020-05-15
Wang, Jian, Guo, Shize, Chen, Zhe, Zhang, Tao.  2019.  A Benchmark Suite of Hardware Trojans for On-Chip Networks. IEEE Access. 7:102002—102009.
As recently studied, network-on-chip (NoC) suffers growing threats from hardware trojans (HTs), leading to performance degradation or information leakage when it provides communication service in many/multi-core systems. Therefore, defense techniques against NoC HTs experience rapid development in recent years. However, to the best of our knowledge, there are few standard benchmarks developed for the defense techniques evaluation. To address this issue, in this paper, we design a suite of benchmarks which involves multiple NoCs with different HTs, so that researchers can compare various HT defense methods fairly by making use of them. We first briefly introduce the features of target NoC and its infected modules in our benchmarks, and then, detail the design of our NoC HTs in a one-by-one manner. Finally, we evaluate our benchmarks through extensive simulations and report the circuit cost of NoC HTs in terms of area and power consumption, as well as their effects on NoC performance. Besides, comprehensive experiments, including functional testing and side channel analysis are performed to assess the stealthiness of our HTs.
2020-07-30
Shayan, Mohammed, Bhattacharjee, Sukanta, Song, Yong-Ak, Chakrabarty, Krishnendu, Karri, Ramesh.  2019.  Can Multi-Layer Microfluidic Design Methods Aid Bio-Intellectual Property Protection? 2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design (IOLTS). :151—154.
Researchers develop bioassays by rigorously experimenting in the lab. This involves significant fiscal and skilled person-hour investment. A competitor can reverse engineer a bioassay implementation by imaging or taking a video of a biochip when in use. Thus, there is a need to protect the intellectual property (IP) rights of the bioassay developer. We introduce a novel 3D multilayer-based obfuscation to protect a biochip against reverse engineering.
2020-04-06
Ito, Keita, Masuda, Yoshihiro, Okamoto, Eiji.  2019.  A Chaos MIMO-Based Polar Concatenation Code for Secure Channel Coding. 2019 International Conference on Information Networking (ICOIN). :262—267.
For secure and high-quality wireless transmission, we propose a chaos multiple-input multiple-output (C-MIMO) transmission scheme, in which physical layer security and a channel coding effect with a coding rate of 1 are obtained by chaotic MIMO block modulation. In previous studies, we introduced a log-likelihood ratio (LLR) to C-MIMO to exploit LLR-based outer channel coding and turbo decoding, and obtained further coding gain. However, we only studied the concatenation of turbo code, low-density parity check (LDPC) code, and convolutional code which were relatively high-complexity or weak codes; thus, outer code having further low-complexity and strong error correction ability were expected. In particular, a transmission system with short and good code is required for control signaling, such as in 5G networks. Therefore, in this paper, we propose a polar code concatenation to C-MIMO, and introduce soft successive decoding (SCAD) and soft successive cancellation list decoding (SSCLD) as LLR-based turbo decoding for polar code. We numerically evaluate the bit error rate performance of the proposed scheme, and compare it to the conventional LDPC-concatenated transmission.
2020-01-21
Bin Ahmad, Maaz, Asif, Muhammad, Saad, Afshan, Wahab, Abdul.  2019.  Cloud Computing: A Paradigm of More Insider Threats. 2019 4th International Conference on Information Systems Engineering (ICISE). :103–108.
Insider threats are one of the most challenging issues in the world of computer networks. Now a day, most of the companies are relying on cloud services to get scalable data services and to reduce cost. The inclusion of cloud environment has spread the canvas for insider threats because cloud service providers are also there in addition to the organization that outsourced for cloud services. In this paper, multiple existing approaches to handle the insider threats in cloud environment have been investigated and analyzed thoroughly. The comparison of these techniques depicts which better approaches in the paradigm of cloud computing exist.
2020-04-03
Kuznetsov, Alexandr, Kiian, Anastasiia, Gorbenko, Yurii, Smirnov, Oleksii, Cherep, Oleksandr, Bexhter, Liliia.  2019.  Code-based Pseudorandom Generator for the Post-Quantum Period. 2019 IEEE International Conference on Advanced Trends in Information Theory (ATIT). :204—209.
This paper focuses on research of a provably secure code-based pseudorandom sequence generators whose cryptanalysis problem equals to syndrome decoding (belonging to the NP-complex class). It was found that generated sequences of such well-known Fischer-Stern code-based generator don’t have a maximum period, the actual period is much lower than expected. In our work, we have created a new generator scheme. It retains all advantages of the Fisher-Stern algorithm and provides pseudorandom sequences which are formed with maximum period. Also comparative analysis of proposed generator and popular generators was conducted.
2019-08-05
Ahmad, F., Adnane, A., KURUGOLLU, F., Hussain, R..  2019.  A Comparative Analysis of Trust Models for Safety Applications in IoT-Enabled Vehicular Networks. 2019 Wireless Days (WD). :1-8.
Vehicular Ad-hoc NETwork (VANET) is a vital transportation technology that facilitates the vehicles to share sensitive information (such as steep-curve warnings and black ice on the road) with each other and with the surrounding infrastructure in real-time to avoid accidents and enable comfortable driving experience.To achieve these goals, VANET requires a secure environment for authentic, reliable and trusted information dissemination among the network entities. However, VANET is prone to different attacks resulting in the dissemination of compromised/false information among network nodes. One way to manage a secure and trusted network is to introduce trust among the vehicular nodes. To this end, various Trust Models (TMs) are developed for VANET and can be broadly categorized into three classes, Entity-oriented Trust Models (ETM), Data oriented Trust Models (DTM) and Hybrid Trust Models (HTM). These TMs evaluate trust based on the received information (data), the vehicle (entity) or both through different mechanisms. In this paper, we present a comparative study of the three TMs. Furthermore, we evaluate these TMs against the different trust, security and quality-of-service related benchmarks. Simulation results revealed that all these TMs have deficiencies in terms of end-to-end delays, event detection probabilities and false positive rates. This study can be used as a guideline for researchers to design new efficient and effective TMs for VANET.
2019-12-17
Li, Ming, Hawrylak, Peter, Hale, John.  2019.  Concurrency Strategies for Attack Graph Generation. 2019 2nd International Conference on Data Intelligence and Security (ICDIS). :174-179.
The network attack graph is a powerful tool for analyzing network security, but the generation of a large-scale graph is non-trivial. The main challenge is from the explosion of network state space, which greatly increases time and storage costs. In this paper, three parallel algorithms are proposed to generate scalable attack graphs. An OpenMP-based programming implementation is used to test their performance. Compared with the serial algorithm, the best performance from the proposed algorithms provides a 10X speedup.
2020-04-17
Szabo, Roland, Gontean, Aurel.  2019.  The Creation Process of a Secure and Private Mobile Web Browser with no Ads and no Popups. 2019 IEEE 25th International Symposium for Design and Technology in Electronic Packaging (SIITME). :232—235.
The aim of this work is to create a new style web browser. The other web browsers can have safety issues and have many ads and popups. The other web browsers can fill up cache with the logging of big history of visited web pages. This app is a light-weight web browser which is both secure and private with no ads and no popups, just the plain Internet shown in full screen. The app does not store all user data, so the navigation of webpages is done in incognito mode. The app was made to open any new HTML5 web page in a secure and private mode with big focus on loading speed of the web pages.
2020-04-03
Šišejković, Dominik, Merchant, Farhad, Leupers, Rainer, Ascheid, Gerd, Kiefer, Volker.  2019.  A Critical Evaluation of the Paradigm Shift in the Design of Logic Encryption Algorithms. 2019 International Symposium on VLSI Design, Automation and Test (VLSI-DAT). :1—4.
The globalization of the integrated circuit supply chain has given rise to major security concerns ranging from intellectual property piracy to hardware Trojans. Logic encryption is a promising solution to tackle these threats. Recently, a Boolean satisfiability attack capable of unlocking existing logic encryption techniques was introduced. This attack initiated a paradigm shift in the design of logic encryption algorithms. However, recent approaches have been strongly focusing on low-cost countermeasures that unfortunately lead to low functional and structural corruption. In this paper, we show that a simple approach can offer provable security and more than 99% corruption if a higher area overhead is accepted. Our results strongly suggest that future proposals should consider higher overheads or more realistic circuit sizes for the evaluation of modern logic encryption algorithms.
2019-10-02
Zhang, Y., Eisele, S., Dubey, A., Laszka, A., Srivastava, A. K..  2019.  Cyber-Physical Simulation Platform for Security Assessment of Transactive Energy Systems. 2019 7th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES). :1–6.
Transactive energy systems (TES) are emerging as a transformative solution for the problems that distribution system operators face due to an increase in the use of distributed energy resources and rapid growth in scalability of managing active distribution system (ADS). On the one hand, these changes pose a decentralized power system control problem, requiring strategic control to maintain reliability and resiliency for the community and for the utility. On the other hand, they require robust financial markets while allowing participation from diverse prosumers. To support the computing and flexibility requirements of TES while preserving privacy and security, distributed software platforms are required. In this paper, we enable the study and analysis of security concerns by developing Transactive Energy Security Simulation Testbed (TESST), a TES testbed for simulating various cyber attacks. In this work, the testbed is used for TES simulation with centralized clearing market, highlighting weaknesses in a centralized system. Additionally, we present a blockchain enabled decentralized market solution supported by distributed computing for TES, which on one hand can alleviate some of the problems that we identify, but on the other hand, may introduce newer issues. Future study of these differing paradigms is necessary and will continue as we develop our security simulation testbed.
2020-03-18
Schwab, Stephen, Kline, Erik.  2019.  Cybersecurity Experimentation at Program Scale: Guidelines and Principles for Future Testbeds. 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :94–102.
Cybersecurity Experimentation is often viewed narrowly in terms of a single technology or experiment. This paper reviews the experimentation life-cycle for two large scale research efforts that span multiple technologies. We identify salient aspects of each cybersecurity program, and capture guidelines based on eight years of experience. Extrapolating, we identify four principles for building future experimental infrastructure: 1) Reduce the cognitive burden on experimenters when designing and operating experiments. 2) Allow experimenters to encode their goals and constraints. 3) Provide flexibility in experimental design. 4) Provide multifaceted guidance to help experimenters produce high-quality experiments. By following these principles, future cybersecurity testbeds can enable significantly higher-quality experiments.
2020-04-17
Mueller, Tobias, Klotzsche, Daniel, Herrmann, Dominik, Federrath, Hannes.  2019.  Dangers and Prevalence of Unprotected Web Fonts. 2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM). :1—5.
Most Web sites rely on resources hosted by third parties such as CDNs. Third parties may be compromised or coerced into misbehaving, e.g. delivering a malicious script or stylesheet. Unexpected changes to resources hosted by third parties can be detected with the Subresource Integrity (SRI) mechanism. The focus of SRI is on scripts and stylesheets. Web fonts cannot be secured with that mechanism under all circumstances. The first contribution of this paper is to evaluates the potential for attacks using malicious fonts. With an instrumented browser we find that (1) more than 95% of the top 50,000 Web sites of the Tranco top list rely on resources hosted by third parties and that (2) only a small fraction employs SRI. Moreover, we find that more than 60% of the sites in our sample use fonts hosted by third parties, most of which are being served by Google. The second contribution of the paper is a proof of concept of a malicious font as well as a tool for automatically generating such a font, which targets security-conscious users who are used to verifying cryptographic fingerprints. Software vendors publish such fingerprints along with their software packages to allow users to verify their integrity. Due to incomplete SRI support for Web fonts, a third party could force a browser to load our malicious font. The font targets a particular cryptographic fingerprint and renders it as a desired different fingerprint. This allows attackers to fool users into believing that they download a genuine software package although they are actually downloading a maliciously modified version. Finally, we propose countermeasures that could be deployed to protect the integrity of Web fonts.