We gratefully acknowledge support from
the Simons Foundation and member institutions.

Cryptography and Security

New submissions

[ total of 26 entries: 1-26 ]
[ showing up to 1000 entries per page: fewer | more ]

New submissions for Thu, 30 Mar 23

[1]  arXiv:2303.16282 [pdf, other]
Title: ACFA: Secure Runtime Auditing & Guaranteed Device Healing via Active Control Flow Attestation
Subjects: Cryptography and Security (cs.CR)

Low-end embedded devices are increasingly used in various smart applications and spaces. They are implemented under strict cost and energy budgets, using microcontroller units (MCUs) that lack security features available in general-purpose processors. In this context, Remote Attestation (RA) was proposed as an inexpensive security service to enable a verifier (Vrf) to remotely detect illegal modifications to a software binary installed on a low-end prover MCU (Prv). Since attacks that hijack the software's control flow can evade RA, Control Flow Attestation (CFA) augments RA with information about the exact order in which instructions in the binary are executed, enabling detection of control flow attacks. We observe that current CFA architectures can not guarantee that Vrf ever receives control flow reports in case of attacks. In turn, while they support exploit detection, they provide no means to pinpoint the exploit origin. Furthermore, existing CFA requires either binary instrumentation, incurring significant runtime overhead and code size increase, or relatively expensive hardware support, such as hash engines. In addition, current techniques are neither continuous (only meant to attest self-contained operations) nor active (offer no secure means to remotely remediate detected compromises). To jointly address these challenges, we propose ACFA: a hybrid (hardware/software) architecture for Active CFA. ACFA enables continuous monitoring of all control flow transfers in the MCU and does not require binary instrumentation. It also leverages the recently proposed concept of Active Roots-of-Trust to enable secure auditing of vulnerability sources and guaranteed remediation when a compromise is detected. We provide an open-source reference implementation of ACFA on top of a commodity low-end MCU (TI MSP430) and evaluate it to demonstrate its security and cost-effectiveness.

[2]  arXiv:2303.16307 [pdf, other]
Title: Quantitative Measurement of Cyber Resilience: Modeling and Experimentation
Comments: arXiv admin note: text overlap with arXiv:2302.04413, arXiv:2302.07941
Subjects: Cryptography and Security (cs.CR); Dynamical Systems (math.DS)

Cyber resilience is the ability of a system to resist and recover from a cyber attack, thereby restoring the system's functionality. Effective design and development of a cyber resilient system requires experimental methods and tools for quantitative measuring of cyber resilience. This paper describes an experimental method and test bed for obtaining resilience-relevant data as a system (in our case -- a truck) traverses its route, in repeatable, systematic experiments. We model a truck equipped with an autonomous cyber-defense system and which also includes inherent physical resilience features. When attacked by malware, this ensemble of cyber-physical features (i.e., "bonware") strives to resist and recover from the performance degradation caused by the malware's attack. We propose parsimonious mathematical models to aid in quantifying systems' resilience to cyber attacks. Using the models, we identify quantitative characteristics obtainable from experimental data, and show that these characteristics can serve as useful quantitative measures of cyber resilience.

[3]  arXiv:2303.16331 [pdf, other]
Title: Oracle Counterpoint: Relationships between On-chain and Off-chain Market Data
Subjects: Cryptography and Security (cs.CR); Trading and Market Microstructure (q-fin.TR)

We investigate the theoretical and empirical relationships between activity in on-chain markets and pricing in off-chain cryptocurrency markets (e.g., ETH/USD prices). The motivation is to develop methods for proxying off-chain market data using data and computation that is in principle verifiable on-chain and could provide an alternative approach to blockchain price oracles. We explore relationships in PoW mining, PoS validation, block space markets, network decentralization, usage and monetary velocity, and on-chain liquidity pools and AMMs. We select key features from these markets, which we analyze through graphical models, mutual information, and ensemble machine learning models to explore the degree to which off-chain pricing information can be recovered entirely on-chain. We find that a large amount of pricing information is contained in on-chain data, but that it is generally hard to recover precise prices except on short time scales of retraining the model. We discuss how even a noisy trustless data source such as this can be helpful toward minimizing trust requirements of oracle designs.

[4]  arXiv:2303.16353 [pdf]
Title: FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch Tracking
Subjects: Cryptography and Security (cs.CR)

We present the design, implementation, and evaluation of FineIBT: a CFI enforcement mechanism that improves the precision of hardware-assisted CFI solutions, like Intel IBT and ARM BTI, by instrumenting program code to reduce the valid/allowed targets of indirect forward-edge transfers. We study the design of FineIBT on the x86-64 architecture, and implement and evaluate it on Linux and the LLVM toolchain. We designed FineIBT's instrumentation to be compact, and incur low runtime and memory overheads, and generic, so as to support a plethora of different CFI policies. Our prototype implementation incurs negligible runtime slowdowns ($\approx$0%-1.94% in SPEC CPU2017 and $\approx$0%-1.92% in real-world applications) outperforming Clang-CFI. Lastly, we investigate the effectiveness/security and compatibility of FineIBT using the ConFIRM CFI benchmarking suite, demonstrating that our nimble instrumentation provides complete coverage in the presence of modern software features, while supporting a wide range of CFI policies (coarse- vs. fine- vs. finer-grain) with the same, predictable performance.

[5]  arXiv:2303.16463 [pdf, other]
Title: Remote attestation of SEV-SNP confidential VMs using e-vTPMs
Comments: 12 pages, 4 figures
Subjects: Cryptography and Security (cs.CR); Operating Systems (cs.OS)

Departing from "your data is safe with us" model where the cloud infrastructure is trusted, cloud tenants are shifting towards a model in which the cloud provider is not part of the trust domain. Both silicon and cloud vendors are trying to address this shift by introducing confidential computing - an umbrella term that provides mechanisms for protecting the data in-use through encryption below the hardware boundary of the CPU, e.g., Intel Software Guard Extensions (SGX), AMD secure encrypted virtualization (SEV), Intel trust domain extensions (TDX), etc.
In this work, we design and implement a virtual trusted platform module (vTPM) that virtualizes the hardware root-of-trust without requiring to trust the cloud provider. To ensure the security of a vTPM in a provider-controlled environment, we leverage unique isolation properties of the SEV-SNP hardware and a novel approach to ephemeral TPM state management. Specifically, we develop a stateless ephemeral vTPM that supports remote attestation without persistent state. This allows us to pair each confidential VM with a private instance of a vTPM that is completely isolated from the provider-controlled environment and other VMs. We built our prototype entirely on open-source components - Qemu, Linux, and Keylime. Though our work is AMD-specific, a similar approach could be used to build remote attestation protocol on other trusted execution environments (TEE).

[6]  arXiv:2303.16499 [pdf, other]
Title: Assessing the Impact of Mobile Attackers on RPL-based Internet of Things
Comments: 11 pages,3 figures, Journal
Subjects: Cryptography and Security (cs.CR)

The Internet of Things (IoT) is becoming ubiquitous in our daily life. IoT networks that are made up of devices low power, low memory, and low computing capability appears in many applications such as healthcare, home, agriculture. IPv6 Routing Protocol for Low Power and Lossy Network (RPL) has become a standardized routing protocol for such low-power and lossy networks in IoT. RPL establishes the best routes between devices according to the requirements of the application, which is achieved by the Objective Function (OF). Even though some security mechanisms are defined for external attackers in its RFC, RPL is vulnerable to attacks coming from inside. Moreover, the same attacks could has different impacts on networks with different OFs. Therefore, an analysis of such attacks becomes important in order to develop suitable security solutions for RPL. This study analyze RPL-specific attacks on networks using RPL's default OFs, namely Objective Function Zero (OF0) and the Minimum Rank with Hysteresis Objective Function (MRHOF). Moreover, mobile attackers could affect more nodes in a network due to their mobility. While the security solutions proposed in the literature assume that the network is static, this study takes into account mobile attackers.

[7]  arXiv:2303.16552 [pdf, other]
Title: Visual Content Privacy Protection: A Survey
Comments: 24 pages, 13 figures
Subjects: Cryptography and Security (cs.CR)

Vision is the most important sense for people, and it is also one of the main ways of cognition. As a result, people tend to utilize visual content to capture and share their life experiences, which greatly facilitates the transfer of information. Meanwhile, it also increases the risk of privacy violations, e.g., an image or video can reveal different kinds of privacy-sensitive information. Researchers have been working continuously to develop targeted privacy protection solutions, and there are several surveys to summarize them from certain perspectives. However, these surveys are either problem-driven, scenario-specific, or technology-specific, making it difficult for them to summarize the existing solutions in a macroscopic way. In this survey, a framework that encompasses various concerns and solutions for visual privacy is proposed, which allows for a macro understanding of privacy concerns from a comprehensive level. It is based on the fact that privacy concerns have corresponding adversaries, and divides privacy protection into three categories, based on computer vision (CV) adversary, based on human vision (HV) adversary, and based on CV \& HV adversary. For each category, we analyze the characteristics of the main approaches to privacy protection, and then systematically review representative solutions. Open challenges and future directions for visual privacy protection are also discussed.

[8]  arXiv:2303.16554 [pdf, other]
Title: Cyber Security aboard Micro Aerial Vehicles: An OpenTitan-based Visual Communication Use Case
Subjects: Cryptography and Security (cs.CR); Systems and Control (eess.SY)

Autonomous Micro Aerial Vehicles (MAVs), with a form factor of 10cm in diameter, are an emerging technology thanks to the broad applicability enabled by their onboard intelligence. However, these platforms are strongly limited in the onboard power envelope for processing, i.e., less than a few hundred mW, which confines the onboard processors to the class of simple microcontroller units (MCUs). These MCUs lack advanced security features opening the way to a wide range of cyber security vulnerabilities, from the communication between agents of the same fleet to the onboard execution of malicious code. This work presents an open source System on Chip (SoC) design that integrates a 64 bit Linux capable host processor accelerated by an 8 core 32 bit parallel programmable accelerator. The heterogeneous system architecture is coupled with a security enclave based on an open source OpenTitan root of trust. To demonstrate our design, we propose a use case where OpenTitan detects a security breach on the SoC aboard the MAV and drives its exclusive GPIOs to start a LED blinking routine. This procedure embodies an unconventional visual communication between two palm sized MAVs: the receiver MAV classifies the LED state of the sender (on or off) with an onboard convolutional neural network running on the parallel accelerator. Then, it reconstructs a high-level message in 1.3s, 2.3 times faster than current commercial solutions.

[9]  arXiv:2303.16561 [pdf, other]
Title: Exploring placement of intrusion detection systems in rpl-based internet of things
Comments: 15 pages, 5 figures, research article
Subjects: Cryptography and Security (cs.CR)

Intrusion detection is an indispensable part of RPL security due to its nature opening to attacks from insider attackers. While there are a good deal of studies that analyze different types of attack and propose intrusion detection systems based on various techniques that are proposed in the literature, how to place such intrusion detection systems on RPL topology is not investigated. This is the main contribution of this study, and three intrusion detection architectures based on central and distributed placement of intrusion detection nodes are analyzed rigorously against different types of attacks and attackers at various locations in the RPL topology and evaluated from different aspects including their effectiveness, cost, and security.

[10]  arXiv:2303.16688 [pdf, other]
Title: Model Checking Access Control Policies: A Case Study using Google Cloud IAM
Subjects: Cryptography and Security (cs.CR)

Authoring access control policies is challenging and prone to misconfigurations. Access control policies must be conflict-free. Hence, administrators should identify discrepancies between policy specifications and their intended function to avoid violating security principles. This paper aims to demonstrate how to formally verify access control policies. Model checking is used to verify access control properties against policies supported by an access control model. The authors consider Google's Cloud Identity and Access Management (IAM) as a case study and follow NIST's guidelines to verify access control policies automatically. Automated verification using model checking can serve as a valuable tool and assist administrators in assessing the correctness of access control policies. This enables checking violations against security principles and performing security assessments of policies for compliance purposes. The authors demonstrate how to define Google's IAM underlying role-based access control (RBAC) model, specify its supported policies, and formally verify a set of properties through three examples.

[11]  arXiv:2303.16690 [pdf, ps, other]
Title: Graph Neural Networks for Hardware Vulnerability Analysis -- Can you Trust your GNN?
Comments: Will be presented at 2023 IEEE VLSI Test Symposium (VTS)
Subjects: Cryptography and Security (cs.CR)

The participation of third-party entities in the globalized semiconductor supply chain introduces potential security vulnerabilities, such as intellectual property piracy and hardware Trojan (HT) insertion. Graph neural networks (GNNs) have been employed to address various hardware security threats, owing to their superior performance on graph-structured data, such as circuits. However, GNNs are also susceptible to attacks. This work examines the use of GNNs for detecting hardware threats like HTs and their vulnerability to attacks. We present BadGNN, a backdoor attack on GNNs that can hide HTs and evade detection with a 100% success rate through minor circuit perturbations. Our findings highlight the need for further investigation into the security and robustness of GNNs before they can be safely used in security-critical applications.

Cross-lists for Thu, 30 Mar 23

[12]  arXiv:2303.16366 (cross-list from cs.IT) [pdf, ps, other]
Title: HerA Scheme: Secure Distributed Matrix Multiplication via Hermitian Codes
Subjects: Information Theory (cs.IT); Cryptography and Security (cs.CR); Distributed, Parallel, and Cluster Computing (cs.DC); Algebraic Geometry (math.AG)

We consider the problem of secure distributed matrix multiplication (SDMM), where a user has two matrices and wishes to compute their product with the help of $N$ honest but curious servers under the security constraint that any information about either $A$ or $B$ is not leaked to any server. This paper presents anew scheme that considers the inner product partition for matrices $A$ and $B$. Our central technique relies on encoding matrices $A$ and $B$ in a Hermitian Code and its dual code, respectively. We present the Hermitian Algebraic (HerA) scheme, which employs Hermitian Codes and characterizes the partitioning and security capacities given entries of matrices belonging to a finite field with $q^2$ elements. We showcase this scheme performs the secure distributed matrix multiplication in a significantly smaller finite field than the existing results in the literature.

[13]  arXiv:2303.16372 (cross-list from cs.LG) [pdf, other]
Title: Non-Asymptotic Lower Bounds For Training Data Reconstruction
Comments: 19 Pages, 2 Figures
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR); Machine Learning (stat.ML)

We investigate semantic guarantees of private learning algorithms for their resilience to training Data Reconstruction Attacks (DRAs) by informed adversaries. To this end, we derive non-asymptotic minimax lower bounds on the adversary's reconstruction error against learners that satisfy differential privacy (DP) and metric differential privacy (mDP). Furthermore, we demonstrate that our lower bound analysis for the latter also covers the high dimensional regime, wherein, the input data dimensionality may be larger than the adversary's query budget. Motivated by the theoretical improvements conferred by metric DP, we extend the privacy analysis of popular deep learning algorithms such as DP-SGD and Projected Noisy SGD to cover the broader notion of metric differential privacy.

[14]  arXiv:2303.16528 (cross-list from cs.CL) [pdf, other]
Title: Building a Knowledge Graph of Distributed Ledger Technologies
Comments: URI: this https URL
Subjects: Computation and Language (cs.CL); Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR)

Distributed ledger systems have become more prominent and successful in recent years, with a focus on blockchains and cryptocurrency. This has led to various misunderstandings about both the technology itself and its capabilities, as in many cases blockchain and cryptocurrency is used synonymously and other applications are often overlooked. Therefore, as a whole, the view of distributed ledger technology beyond blockchains and cryptocurrencies is very limited. Existing vocabularies and ontologies often focus on single aspects of the technology, or in some cases even just on one product. This potentially leads to other types of distributed ledgers and their possible use cases being neglected. In this paper, we present a knowledge graph and an ontology for distributed ledger technologies, which includes security considerations to model aspects such as threats and vulnerabilities, application domains, as well as relevant standards and regulations. Such a knowledge graph improves the overall understanding of distributed ledgers, reveals their strengths, and supports the work of security personnel, i.e. analysts and system architects. We discuss potential uses and follow semantic web best practices to evaluate and publish the ontology and knowledge graph.

[15]  arXiv:2303.16633 (cross-list from cs.LG) [pdf, other]
Title: Targeted Adversarial Attacks on Wind Power Forecasts
Comments: 20 pages, including appendix, 12 figures
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR)

In recent years, researchers proposed a variety of deep learning models for wind power forecasting. These models predict the wind power generation of wind farms or entire regions more accurately than traditional machine learning algorithms or physical models. However, latest research has shown that deep learning models can often be manipulated by adversarial attacks. Since wind power forecasts are essential for the stability of modern power systems, it is important to protect them from this threat. In this work, we investigate the vulnerability of two different forecasting models to targeted, semitargeted, and untargeted adversarial attacks. We consider a Long Short-Term Memory (LSTM) network for predicting the power generation of a wind farm and a Convolutional Neural Network (CNN) for forecasting the wind power generation throughout Germany. Moreover, we propose the Total Adversarial Robustness Score (TARS), an evaluation metric for quantifying the robustness of regression models to targeted and semi-targeted adversarial attacks. It assesses the impact of attacks on the model's performance, as well as the extent to which the attacker's goal was achieved, by assigning a score between 0 (very vulnerable) and 1 (very robust). In our experiments, the LSTM forecasting model was fairly robust and achieved a TARS value of over 0.81 for all adversarial attacks investigated. The CNN forecasting model only achieved TARS values below 0.06 when trained ordinarily, and was thus very vulnerable. Yet, its robustness could be significantly improved by adversarial training, which always resulted in a TARS above 0.46.

[16]  arXiv:2303.16668 (cross-list from cs.LG) [pdf, other]
Title: A Byzantine-Resilient Aggregation Scheme for Federated Learning via Matrix Autoregression on Client Updates
Subjects: Machine Learning (cs.LG); Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR); Machine Learning (stat.ML)

In this work, we propose FLANDERS, a novel federated learning (FL) aggregation scheme robust to Byzantine attacks. FLANDERS considers the local model updates sent by clients at each FL round as a matrix-valued time series. Then, it identifies malicious clients as outliers of this time series by comparing actual observations with those estimated by a matrix autoregressive forecasting model. Experiments conducted on several datasets under different FL settings demonstrate that FLANDERS matches the robustness of the most powerful baselines against Byzantine clients. Furthermore, FLANDERS remains highly effective even under extremely severe attack scenarios, as opposed to existing defense strategies.

[17]  arXiv:2303.16704 (cross-list from cs.LG) [pdf, other]
Title: TraVaG: Differentially Private Trace Variant Generation Using GANs
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR)

Process mining is rapidly growing in the industry. Consequently, privacy concerns regarding sensitive and private information included in event data, used by process mining algorithms, are becoming increasingly relevant. State-of-the-art research mainly focuses on providing privacy guarantees, e.g., differential privacy, for trace variants that are used by the main process mining techniques, e.g., process discovery. However, privacy preservation techniques for releasing trace variants still do not fulfill all the requirements of industry-scale usage. Moreover, providing privacy guarantees when there exists a high rate of infrequent trace variants is still a challenge. In this paper, we introduce TraVaG as a new approach for releasing differentially private trace variants based on \text{Generative Adversarial Networks} (GANs) that provides industry-scale benefits and enhances the level of privacy guarantees when there exists a high ratio of infrequent variants. Moreover, TraVaG overcomes shortcomings of conventional privacy preservation techniques such as bounding the length of variants and introducing fake variants. Experimental results on real-life event data show that our approach outperforms state-of-the-art techniques in terms of privacy guarantees, plain data utility preservation, and result utility preservation.

[18]  arXiv:2303.16729 (cross-list from cs.IT) [pdf, ps, other]
Title: Binary self-orthogonal codes which meet the Griesmer bound or have optimal minimum distances
Comments: Submitted 20 January, 2023
Subjects: Information Theory (cs.IT); Cryptography and Security (cs.CR)

The purpose of this paper is two-fold. First, we characterize the existence of binary self-orthogonal codes meeting the Griesmer bound by employing Solomon-Stiffler codes and some related residual codes. Second, using such a characterization, we determine the exact value of $d_{so}(n,7)$ except for five special cases and the exact value of $d_{so}(n,8)$ except for 41 special cases, where $d_{so}(n,k)$ denotes the largest minimum distance among all binary self-orthogonal $[n, k]$ codes. Currently, the exact value of $d_{so}(n,k)$ $(k \le 6)$ was determined by Shi et al. (2022). In addition, we develop a general method to prove the nonexistence of some binary self-orthogonal codes by considering the residual code of a binary self-orthogonal code.

[19]  arXiv:2303.16861 (cross-list from cs.LG) [pdf, other]
Title: Beyond Empirical Risk Minimization: Local Structure Preserving Regularization for Improving Adversarial Robustness
Comments: 13 pages, 4 figures
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR); Computer Vision and Pattern Recognition (cs.CV)

It is broadly known that deep neural networks are susceptible to being fooled by adversarial examples with perturbations imperceptible by humans. Various defenses have been proposed to improve adversarial robustness, among which adversarial training methods are most effective. However, most of these methods treat the training samples independently and demand a tremendous amount of samples to train a robust network, while ignoring the latent structural information among these samples. In this work, we propose a novel Local Structure Preserving (LSP) regularization, which aims to preserve the local structure of the input space in the learned embedding space. In this manner, the attacking effect of adversarial samples lying in the vicinity of clean samples can be alleviated. We show strong empirical evidence that with or without adversarial training, our method consistently improves the performance of adversarial robustness on several image classification datasets compared to the baselines and some state-of-the-art approaches, thus providing promising direction for future research.

Replacements for Thu, 30 Mar 23

[20]  arXiv:2201.10838 (replaced) [pdf, other]
Title: Privacy-Preserving Logistic Regression Training with A Faster Gradient Variant
Authors: John Chiang
Comments: The basic work of this paper, $\texttt{quadratic gradient}$ and the enhanced full batch NAG, was nearly finished in September 2019. The initial version of this paper was written in April 2020, rejected by ICANN 2020. The enhanced mini-batch NAG was introduced into this paper in September 2020 and later rejected by a special issue on the journal FGCS 2020
Subjects: Cryptography and Security (cs.CR); Machine Learning (cs.LG)
[21]  arXiv:2201.12577 (replaced) [pdf, other]
Title: Volley Revolver: A Novel Matrix-Encoding Method for Privacy-Preserving Neural Networks (Inference)
Authors: John Chiang
Comments: The encoding method we proposed in this work, $\texttt{Volley Revolver}$, is particularly tailored for privacy-preserving neural networks. There is a good chance that it can be used to assist the private neural networks training, in which case for the backpropagation algorithm of the fully-connected layer the first matrix $A$ is revolved while the second matrix $B$ is settled to be still
Subjects: Cryptography and Security (cs.CR); Computer Vision and Pattern Recognition (cs.CV)
[22]  arXiv:2206.01121 (replaced) [pdf, other]
Title: The Loop of the Rings: A Fully Decentralized Cooperative System (The Concept)
Authors: Arash Vaezi
Subjects: Cryptography and Security (cs.CR)
[23]  arXiv:2303.09279 (replaced) [pdf, other]
Title: Privacy-Preserving Video Conferencing via Thermal-Generative Images
Comments: Accepted for publication at IEEE International Conference on Robotics and Automation (ICRA) 2023
Subjects: Cryptography and Security (cs.CR); Multimedia (cs.MM)
[24]  arXiv:2303.14416 (replaced) [src]
Title: Blockchain Technology for Preventing Counterfeit in Health Insurance
Comments: I uploaded the wrong paper, which has been already published in 2021 international Conference on Information Technology (ICIT)
Subjects: Cryptography and Security (cs.CR)
[25]  arXiv:2006.13726 (replaced) [pdf, other]
Title: Imbalanced Gradients: A Subtle Cause of Overestimated Adversarial Robustness
Comments: To appear in Machine Learning
Subjects: Computer Vision and Pattern Recognition (cs.CV); Cryptography and Security (cs.CR); Machine Learning (cs.LG)
[26]  arXiv:2211.13123 (replaced) [pdf, other]
Title: Motif-aware temporal GCN for fraud detection in signed cryptocurrency trust networks
Subjects: Machine Learning (cs.LG); Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR); Trading and Market Microstructure (q-fin.TR)
[ total of 26 entries: 1-26 ]
[ showing up to 1000 entries per page: fewer | more ]

Disable MathJax (What is MathJax?)

Links to: arXiv, form interface, find, cs, recent, 2303, contact, help  (Access key information)