2013 ACM SIGSAC Conference on Computer and Communications Security, CCS'13, Berlin, Germany, November 4-8, 2013. ACM 【DBLP Link】
【Paper Link】 【Pages】:1-12
【Authors】: Frederik Armknecht ; Ahmad-Reza Sadeghi ; Steffen Schulz ; Christian Wachsmann
【Abstract】: Software attestation has become a popular and challenging research topic at many established security conferences with an expected strong impact in practice. It aims at verifying the software integrity of (typically) resource-constrained embedded devices. However, for practical reasons, software attestation cannot rely on stored cryptographic secrets or dedicated trusted hardware. Instead, it exploits side-channel information, such as the time that the underlying device needs for a specific computation. As traditional cryptographic solutions and arguments are not applicable, novel approaches for the design and analysis are necessary. This is certainly one of the main reasons why the security goals, properties and underlying assumptions of existing software attestation schemes have been only vaguely discussed so far, limiting the confidence in their security claims. Thus, putting software attestation on a solid ground and having a founded approach for designing secure software attestation schemes is still an important open problem. We provide the first steps towards closing this gap. Our first contribution is a security framework that formally captures security goals, attacker models and various system and design parameters. Moreover, we present a generic software attestation scheme that covers most existing schemes in the literature. Finally, we analyze its security within our framework, yielding sufficient conditions for provably secure software attestation schemes. We expect that such a consolidating work allows for a meaningful security analysis of existing schemes, supports the design of secure software attestation schemes and will inspire new research in this area.
【Keywords】: keyless crypto; security framework; software attestation
【Paper Link】 【Pages】:13-24
【Authors】: Emmanuel Owusu ; Jorge Guajardo ; Jonathan M. McCune ; James Newsome ; Adrian Perrig ; Amit Vasudevan
【Abstract】: We present OASIS, a CPU instruction set extension for externally verifiable initiation, execution, and termination of an isolated execution environment with a trusted computing base consisting solely of the CPU. OASIS leverages the hardware components available on commodity CPUs to achieve a low-cost, low-overhead design.
【Keywords】: instruction set extension; secure remote execution
【Paper Link】 【Pages】:25-36
【Authors】: John Butterworth ; Corey Kallenberg ; Xeno Kovah ; Amy Herzog
【Abstract】: In this paper we look at the implementation of the Core Root of Trust for Measurement (CRTM) from a Dell Latitude E6400 laptop. We describe how the implementation of the CRTM on this system doesn't meet the requirements set forth by either the Trusted Platform Module(TPM)PC client specification or NIST 800-155 guidance. We show how novel tick malware, a 51 byte patch to the CRTM, can replay a forged measurement to the TPM, falsely indicating that the BIOS is pristine. This attack is broadly applicable, because all CRTMs we have seen to date are rooted in mutable firmware. We also show how flea malware can survive attempts to reflash infected firmware with a clean image. To fix the untrustworthy CRTM we ported an open source "TPM-timing-based attestation" implementation from running in the Windows kernel, to running in an OEM's BIOS and SMRAM. This created a new, stronger CRTM that detects tick, flea, and other malware embedded in the BIOS. We call our system "BIOS Chronomancy", and we show that it works in a real vendor BIOS, with all the associated complexity, rather than in a simplified research environment.
【Keywords】: bios; firmware; malware; timing-based attestation; tpm; trusted computing
【Paper Link】 【Pages】:37-48
【Authors】: Liqun Chen ; Jiangtao Li
【Abstract】: Trusted Platform Modules (TPM) are multipurpose hardware chips, which provide support for various cryptographic functions. Flexibility, scalability and high performance are critical features for a TPM. In this paper, we present the new method for implementing digital signatures that has been included in TPM version 2.0. The core part of this method is a single TPM signature primitive, which can be called by different software programmes, in order to implement signature schemes and cryptographic protocols with different security and privacy features. We prove security of the TPM signature primitive under the static Diffie-Hellman assumption and the random oracle model. We demonstrate how to call this TPM signature primitive to implement anonymous signatures (Direct Anonymous Attestation), pseudonym systems (U-Prove), and conventional signatures (the Schnorr signature). To the best of our knowledge, this is the first signature primitive implemented in a limited hardware environment capable of supporting various signature schemes without adding additional hardware complexity compared to a hardware implementation of a conventional signature scheme.
【Keywords】: digital signatures; direct anonymous attestation; tpm
【Paper Link】 【Pages】:49-60
【Authors】: Sascha Fahl ; Marian Harbach ; Henning Perl ; Markus Koetter ; Matthew Smith
【Abstract】: The Secure Sockets Layer (SSL) is widely used to secure data transfers on the Internet. Previous studies have shown that the state of non-browser SSL code is catastrophic across a large variety of desktop applications and libraries as well as a large selection of Android apps, leaving users vulnerable to Man-in-the-Middle attacks (MITMAs). To determine possible causes of SSL problems on all major appified platforms, we extended the analysis to the walled-garden ecosystem of iOS, analyzed software developer forums and conducted interviews with developers of vulnerable apps. Our results show that the root causes are not simply careless developers, but also limitations and issues of the current SSL development paradigm. Based on our findings, we derive a proposal to rethink the handling of SSL in the appified world and present a set of countermeasures to improve the handling of SSL using Android as a blueprint for other platforms. Our countermeasures prevent developers from willfully or accidentally breaking SSL certificate validation, offer support for extended features such as SSL Pinning and different SSL validation infrastructures, and protect users. We evaluated our solution against 13,500 popular Android apps and conducted developer interviews to judge the acceptance of our approach and found that our solution works well for all investigated apps and developers.
【Keywords】: SSL; android; apps; ios; mitma; security
【Paper Link】 【Pages】:61-72
【Authors】: Kevin P. Dyer ; Scott E. Coull ; Thomas Ristenpart ; Thomas Shrimpton
【Abstract】: Deep packet inspection (DPI) technologies provide much-needed visibility and control of network traffic using port-independent protocol identification, where a network flow is labeled with its application-layer protocol based on packet contents. In this paper, we provide the first comprehensive evaluation of a large set of DPI systems from the point of view of protocol misidentification attacks, in which adversaries on the network attempt to force the DPI to mislabel connections. Our approach uses a new cryptographic primitive called format-transforming encryption (FTE), which extends conventional symmetric encryption with the ability to transform the ciphertext into a format of our choosing. We design an FTE-based record layer that can encrypt arbitrary application-layer traffic, and we experimentally show that this forces misidentification for all of the evaluated DPI systems. This set includes a proprietary, enterprise-class DPI system used by large corporations and nation-states. We also show that using FTE as a proxy system incurs no latency overhead and as little as 16\% bandwidth overhead compared to standard SSH tunnels. Finally, we integrate our FTE proxy into the Tor anonymity network and demonstrate that it evades real-world censorship by the Great Firewall of China.
【Keywords】: applied cryptography; censorship circumvention; deep packet inspection; protocol classification; regular expressions
【Paper Link】 【Pages】:73-84
【Authors】: Manuel Egele ; David Brumley ; Yanick Fratantonio ; Christopher Kruegel
【Abstract】: Developers use cryptographic APIs in Android with the intent of securing data such as passwords and personal information on mobile devices. In this paper, we ask whether developers use the cryptographic APIs in a fashion that provides typical cryptographic notions of security, e.g., IND-CPA security. We develop program analysis techniques to automatically check programs on the Google Play marketplace, and find that 10.327 out of 11,748 applications that use cryptographic APIs -- 88% overall -- make at least one mistake. These numbers show that applications do not use cryptographic APIs in a fashion that maximizes overall security. We then suggest specific remediations based on our analysis towards improving overall cryptographic security in Android applications.
【Keywords】: program analysis; software security
【Paper Link】 【Pages】:85-96
【Authors】: Mobin Javed ; Vern Paxson
【Abstract】: In this work we propose a general approach for detecting distributed malicious activity in which individual attack sources each operate in a stealthy, low-profile manner. We base our approach on observing statistically significant changes in a parameter that summarizes aggregate activity, bracketing a distributed attack in time, and then determining which sources present during that interval appear to have coordinated their activity. We apply this approach to the problem of detecting stealthy distributed SSH bruteforcing activity, showing that we can model the process of legitimate users failing to authenticate using a beta-binomial distribution, which enables us to tune a detector that trades off an expected level of false positives versus time-to-detection. Using the detector we study the prevalence of distributed bruteforcing, finding dozens of instances in an extensive 8-year dataset collected from a site with several thousand SSH users. Many of the attacks---some of which last months---would be quite difficult to detect individually. While a number of the attacks reflect indiscriminant global probing, we also find attacks that targeted only the local site, as well as occasional attacks that succeeded.
【Keywords】: brute-forcing; distributed; scanning; ssh
【Paper Link】 【Pages】:97-108
【Authors】: Fanny Lalonde Lévesque ; Jude Nsiempba ; José M. Fernandez ; Sonia Chiasson ; Anil Somayaji
【Abstract】: The success of malicious software (malware) depends upon both technical and human factors. The most security conscious users are vulnerable to zero-day exploits; the best security mechanisms can be circumvented by poor user choices. While there has been significant research addressing the technical aspects of malware attack and defense, there has been much less research reporting on how human behavior interacts with both malware and current malware defenses. In this paper we describe a proof-of-concept field study designed to examine the interactions between users, anti-virus (anti-malware) software, and malware as they occur on deployed systems. The 4-month study, conducted in a fashion similar to the clinical trials used to evaluate medical interventions, involved 50 subjects whose laptops were instrumented to monitor possible infections and gather data on user behavior. Although the population size was limited, this initial study produced some intriguing, non-intuitive insights into the efficacy of current defenses, particularly with regards to the technical sophistication of end users. We assert that this work shows the feasibility and utility of testing security software through long-term field studies with greater ecological validity than can be achieved through other means.
【Keywords】: anti-virus evaluation; clinical trial; field study; malware infection; risk factors; user behavior
【Paper Link】 【Pages】:109-120
【Authors】: Kevin Borgolte ; Christopher Kruegel ; Giovanni Vigna
【Abstract】: Identifying malicious web sites has become a major challenge in today's Internet. Previous work focused on detecting if a web site is malicious by dynamically executing JavaScript in instrumented environments or by rendering web sites in client honeypots. Both techniques bear a significant evaluation overhead, since the analysis can take up to tens of seconds or even minutes per sample. In this paper, we introduce a novel, purely static analysis approach, the Delta-system, that (i) extracts change-related features between two versions of the same website, (ii) uses a machine-learning algorithm to derive a model of web site changes, (iii) detects if a change was malicious or benign, (iv) identifies the underlying infection vector campaign based on clustering, and (iv) generates an identifying signature. We demonstrate the effectiveness of the Delta-system by evaluating it on a dataset of over 26 million pairs of web sites by running next to a web crawler for a period of four months. Over this time span, the Delta-system successfully identified previously unknown infection campaigns. Including a campaign that targeted installations of the Discuz!X Internet forum software, injected infection vectors into these forums, and redirected to an installation of the Cool Exploit Kit.
【Keywords】: clustering; computer security; infection campaigns; infection vector identification; malware detection; trend detection; web dynamics; web-based malware
【Paper Link】 【Pages】:121-132
【Authors】: Yacin Nadji ; Manos Antonakakis ; Roberto Perdisci ; David Dagon ; Wenke Lee
【Abstract】: Devices infected with malicious software typically form botnet armies under the influence of one or more command and control (C&C) servers. The botnet problem reached such levels where federal law enforcement agencies have to step in and take actions against botnets by disrupting (or "taking down") their C&Cs, and thus their illicit operations. Lately, more and more private companies have started to independently take action against botnet armies, primarily focusing on their DNS-based C&Cs. While well-intentioned, their C&C takedown methodology is in most cases ad-hoc, and limited by the breadth of knowledge available around the malware that facilitates the botnet. With this paper, we aim to bring order, measure, and reason to the botnet takedown problem. We propose a takedown analysis and recommendation system, called rza, that allows researchers to perform two tasks: 1) a postmortem analysis of past botnet takedowns, and 2) provide recommendations on how to successfully execute future botnet takedowns. As part of our system evaluation, we perform a postmortem analysis of the recent Kelihos, Zeus and 3322.org takedowns. We show that while some of these takedowns were effective, others did not appear to have a significant long-term impact on the targeted botnet. In addition to the postmortem analysis, we provide takedown recommendation metrics for 45 currently active botnets, where we find that 42 of them can likely be disabled entirely by using a DNS-based takedown strategy only.
【Keywords】: botnet takedowns; takedown analysis; takedown policy
【Paper Link】 【Pages】:133-144
【Authors】: Gianluca Stringhini ; Christopher Kruegel ; Giovanni Vigna
【Abstract】: The web is one of the most popular vectors to spread malware. Attackers lure victims to visit compromised web pages or entice them to click on malicious links. These victims are redirected to sites that exploit their browsers or trick them into installing malicious software using social engineering. In this paper, we tackle the problem of detecting malicious web pages from a novel angle. Instead of looking at particular features of a (malicious) web page, we analyze how a large and diverse set of web browsers reach these pages. That is, we use the browsers of a collection of web users to record their interactions with websites, as well as the redirections they go through to reach their final destinations. We then aggregate the different redirection chains that lead to a specific web page and analyze the characteristics of the resulting redirection graph. As we will show, these characteristics can be used to detect malicious pages. We argue that our approach is less prone to evasion than previous systems, allows us to also detect scam pages that rely on social engineering rather than only those that exploit browser vulnerabilities, and can be implemented efficiently. We developed a system, called SpiderWeb, which implements our proposed approach. We show that this system works well in detecting web pages that deliver malware.
【Keywords】: detection; http redirections; malware
【Paper Link】 【Pages】:145-160
【Authors】: Ari Juels ; Ronald L. Rivest
【Abstract】:
We propose a simple method for improving the security of hashed passwords: the maintenance of additional honeywords'' (false passwords) associated with each user's account. An adversary who steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. The attempted use of a honeyword for login sets off an alarm. An auxiliary server (thehoneychecker'') can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted.
【Keywords】: authentication; chaffing; honeywords; login; password cracking; password hashes; passwords
【Paper Link】 【Pages】:161-172
【Authors】: Sebastian Uellenbeck ; Markus Dürmuth ; Christopher Wolf ; Thorsten Holz
【Abstract】: Graphical passwords were proposed as an alternative to overcome the inherent limitations of text-based passwords, inspired by research that shows that the graphical memory of humans is particularly well developed. A graphical password scheme that has been widely adopted is the Android Unlock Pattern, a special case of the Pass-Go scheme with grid size restricted to 3x3 points and restricted stroke count. In this paper, we study the security of Android unlock patterns. By performing a large-scale user study, we measure actual user choices of patterns instead of theoretical considerations on password spaces. From this data we construct a model based on Markov chains that enables us to quantify the strength of Android unlock patterns. We found empirically that there is a high bias in the pattern selection process, e.g., the upper left corner and three-point long straight lines are very typical selection strategies. Consequently, the entropy of patterns is rather low, and our results indicate that the security offered by the scheme is less than the security of only three digit randomly-assigned PINs for guessing 20% of all passwords (i.e., we estimate a partial guessing entropy G_0.2 of 9.10 bit). Based on these insights, we systematically improve the scheme by finding a small, but still effective change in the pattern layout that makes graphical user logins substantially more secure. By means of another user study, we show that some changes improve the security by more than doubling the space of actually used passwords (i.e., increasing the partial guessing entropy G_0.2 to 10.81 bit).
【Keywords】: android; mobile security; passwords
【Paper Link】 【Pages】:173-186
【Authors】: Michelle L. Mazurek ; Saranga Komanduri ; Timothy Vidas ; Lujo Bauer ; Nicolas Christin ; Lorrie Faith Cranor ; Patrick Gage Kelley ; Richard Shay ; Blase Ur
【Abstract】: Despite considerable research on passwords, empirical studies of password strength have been limited by lack of access to plaintext passwords, small data sets, and password sets specifically collected for a research study or from low-value accounts. Properties of passwords used for high-value accounts thus remain poorly understood. We fill this gap by studying the single-sign-on passwords used by over 25,000 faculty, staff, and students at a research university with a complex password policy. Key aspects of our contributions rest on our (indirect) access to plaintext passwords. We describe our data collection methodology, particularly the many precautions we took to minimize risks to users. We then analyze how guessable the collected passwords would be during an offline attack by subjecting them to a state-of-the-art password cracking algorithm. We discover significant correlations between a number of demographic and behavioral factors and password strength. For example, we find that users associated with the computer science school make passwords more than 1.5 times as strong as those of users associated with the business school. while users associated with computer science make strong ones. In addition, we find that stronger passwords are correlated with a higher rate of errors entering them. We also compare the guessability and other characteristics of the passwords we analyzed to sets previously collected in controlled experiments or leaked from low-value accounts. We find more consistent similarities between the university passwords and passwords collected for research studies under similar composition policies than we do between the university passwords and subsets of passwords leaked from low-value accounts that happen to comply with the same policies.
【Keywords】: authentication; password security; passwords
【Paper Link】 【Pages】:187-198
【Authors】: Georgios Kontaxis ; Elias Athanasopoulos ; Georgios Portokalidis ; Angelos D. Keromytis
【Abstract】: Password-based authentication is the dominant form of access control in web services. Unfortunately, it proves to be more and more inadequate every year. Even if users choose long and complex passwords, vulnerabilities in the way they are managed by a service may leak them to an attacker. Recent incidents in popular services such as LinkedIn and Twitter demonstrate the impact that such an event could have. The use of one-way hash functions to mitigate the problem is countered by the evolution of hardware which enables powerful password-cracking platforms. In this paper we propose SAuth, a protocol which employs authentication synergy among different services. Users wishing to access their account on service S will also have to authenticate for their account on service V, which acts as a vouching party. Both services S and V are regular sites visited by the user everyday (e.g., Twitter, Facebook, Gmail). Should an attacker acquire the password for service S he will be unable to log in unless he also compromises the password for service V and possibly more vouching services. SAuth is an extension and not a replacement of existing authentication methods. It operates one layer above without ties to a specific method, thus enabling different services to employ heterogeneous systems. Finally we employ password decoys to protect users that share a password across services.
【Keywords】: authentication; decoys; password leak; synergy
【Paper Link】 【Pages】:199-210
【Abstract】: Low-level inlined reference monitors weave monitor code into a program for security. To ensure that monitor code cannot be bypassed by branching instructions, some form of control-flow integrity must be guaranteed. Past approaches to protecting monitor code either have high space overhead or do not support separate compilation. We present Monitor Integrity Protection (MIP), a form of coarse-grained control-flow integrity. The key idea of MIP is to arrange instructions in variable-sized chunks and dynamically restrict indirect branches to target only chunk beginnings. We show that this simple idea is effective in protecting monitor code integrity, enjoys low space and execution-time overhead, supports separate compilation, and is largely compatible with an existing compiler toolchain. We also show that MIP enables a separate verifier that completely disassembles a binary and verifies its security. MIP is designed to support inlined reference monitors. As a case study, we have implemented MIP-based Software-based Fault Isolation (SFI) on both x86-32 and x86-64. The evaluation shows that MIP-based SFI has competitive performance with other SFI implementations, while enjoying low space overhead.
【Keywords】: control-flow integrity; inlined reference monitors; separate compilation
【Paper Link】 【Pages】:211-222
【Authors】: Máté Kovács ; Helmut Seidl ; Bernd Finkbeiner
【Abstract】: Information flow properties of programs can be formalized as hyperproperties specifying the relation of multiple executions. In this paper, we therefore introduce a framework for proving 2-hypersafety properties by means of abstract interpretation. The main idea is to apply abstract interpretation on the self-compositions of the control flow graphs of programs. As a result, our method is inherently capable of analyzing relational properties of even dissimilar programs. Constructing self-compositions of control flow graphs is nontrivial. Therefore, we present an algorithm for constructing quality self-compositions driven by a tree distance measure between the abstract syntax trees of subprograms. Finally, we demonstrate the applicability of the approach by proving intricate information flow properties of programs written in a simple language for tree manipulation motivated by the Web Services Business Process Execution Language.
【Keywords】: abstract interpretation; hyperproperties; information flow control; semi-structured data
【Paper Link】 【Pages】:223-234
【Authors】: Mads Dam ; Roberto Guanciale ; Narges Khakpour ; Hamed Nemati ; Oliver Schwarz
【Abstract】: A separation kernel simulates a distributed environment using a single physical machine by executing partitions in isolation and appropriately controlling communication among them. We present a formal verification of information flow security for a simple separation kernel for ARMv7. Previous work on information flow kernel security leaves communication to be handled by model-external means, and cannot be used to draw conclusions when there is explicit interaction between partitions. We propose a different approach where communication between partitions is made explicit and the information flow is analyzed in the presence of such a channel. Limiting the kernel functionality as much as meaningfully possible, we accomplish a detailed analysis and verification of the system, proving its correctness at the level of the ARMv7 assembly. As a sanity check we show how the security condition is reduced to noninterference in the special case where no communication takes place. The verification is done in HOL4 taking the Cambridge model of ARM as basis, transferring verification tasks on the actual assembly code to an adaptation of the BAP binary analysis tool developed at CMU.
【Keywords】: formal verification; hypervisor; information flow security; separation kernel
【Paper Link】 【Pages】:235-246
【Authors】: Kangkook Jee ; Vasileios P. Kemerlis ; Angelos D. Keromytis ; Georgios Portokalidis
【Abstract】: Dynamic data flow tracking (DFT) is a technique broadly used in a variety of security applications that, unfortunately, exhibits poor performance, preventing its adoption in production systems. We present ShadowReplica, a new and efficient approach for accelerating DFT and other shadow memory-based analyses, by decoupling analysis from execution and utilizing spare CPU cores to run them in parallel. Our approach enables us to run a heavyweight technique, like dynamic taint analysis (DTA), twice as fast, while concurrently consuming fewer CPU cycles than when applying it in-line. DFT is run in parallel by a second shadow thread that is spawned for each application thread, and the two communicate using a shared data structure. We avoid the problems suffered by previous approaches, by introducing an off-line application analysis phase that utilizes both static and dynamic analysis methodologies to generate optimized code for decoupling execution and implementing DFT, while it also minimizes the amount of information that needs to be communicated between the two threads. Furthermore, we use a lock-free ring buffer structure and an N-way buffering scheme to efficiently exchange data between threads and maintain high cache-hit rates on multi-core CPUs. Our evaluation shows that ShadowReplica is on average ~2.3× faster than in-line DFT (~2.75× slowdown over native execution) when running the SPEC CPU2006 benchmark, while similar speed ups were observed with command-line utilities and popular server software. Astoundingly, ShadowReplica also reduces the CPU cycles used up to 30%.
【Keywords】: information flow tracking; optimization; parallelization; security
【Paper Link】 【Pages】:247-258
【Authors】: Emil Stefanov ; Elaine Shi
【Abstract】: We present a 2-cloud oblivious storage (ORAM) system that achieves 2.6X bandwidth cost between the client and the cloud. Splitting an ORAM across 2 or more non-colluding clouds allows us to reduce the client-cloud bandwidth cost by at least one order of magnitude, shifting the higher-bandwidth communication to in-between the clouds where bandwidth provisioning is abundant. Our approach makes ORAM practical for bandwidth-constrained clients such as home or mobile Internet connections. We provide a full-fledged implementation of our 2-cloud ORAM system, and report results from a real-world deployment over Amazon EC2 and Microsoft Azure.
【Keywords】: multi-cloud; oblivious ram; outsourced storage; privacy
【Paper Link】 【Pages】:259-270
【Authors】: Christian Cachin ; Kristiyan Haralambiev ; Hsu-Chun Hsiao ; Alessandro Sorniotti
【Abstract】: Securely deleting data from storage systems has become difficult today. Most storage space is provided as a virtual resource and traverses many layers between the user and the actual physical storage medium. Operations to properly erase data and wipe out all its traces are typically not foreseen, particularly not in networked and cloud-storage systems. This paper introduces a general cryptographic model for policy-based secure deletion of data in storage systems, whose security relies on the proper erasure of cryptographic keys. Deletion operations are expressed in terms of a policy that describes data destruction through deletion attributes and protection classes. The policy links attributes as specified in deletion operations to the protection class(es) that must be erased accordingly. A cryptographic construction is presented for deletion policies given by directed acyclic graphs; it is built in a modular way from exploiting that secure deletion schemes may be composed with each other. The model and the construction unify and generalize all previous encryption-based techniques for secure deletion. Finally, the paper describes a prototype implementation of a Linux filesystem with policy-based secure deletion.
【Keywords】: filesystem security; secure deletion; security policy
【Paper Link】 【Pages】:271-284
【Authors】: Joel Reardon ; Hubert Ritzdorf ; David A. Basin ; Srdjan Capkun
【Abstract】: Secure deletion is the task of deleting data irrecoverably from a physical medium. In this work, we present a general approach to the design and analysis of secure deletion for persistent storage that relies on encryption and key wrapping. We define a key disclosure graph that models the adversarial knowledge of the history of key generation and wrapping. We introduce a generic update function and prove that it achieves secure deletion of data against a coercive attacker; instances of the update function implement the update behaviour of all arborescent data structures including B-Trees, extendible hash tables, linked lists, and others. We implement a B-Tree instance of our solution. Our implementation is at the block-device layer, allowing any block-based file system to be used on top of it. Using different workloads, we find that the storage and communication overhead required for storing and retrieving B-Tree nodes is small and that this therefore constitutes a viable solution for many applications requiring secure deletion from persistent media.
【Keywords】: b-tree; persistent storage; privacy; secure deletion
【Paper Link】 【Pages】:285-298
【Authors】: Dan Dobre ; Ghassan Karame ; Wenting Li ; Matthias Majuntke ; Neeraj Suri ; Marko Vukolic
【Abstract】:
Existing Byzantine fault tolerant (BFT) storage solutions that achieve strong consistency and high availability, are costly compared to solutions that tolerate simple crashes. This cost is one of the main obstacles in deploying BFT storage in practice. In this paper, we present PoWerStore, a robust and efficient data storage protocol. PoWerStore's robustness comprises tolerating network outages, maximum number of Byzantine storage servers, any number of Byzantine readers and crash-faulty writers, and guaranteeing high availability (wait-freedom) and strong consistency (linearizability) of read/write operations. PoWerStore's efficiency stems from combining lightweight cryptography, erasure coding and metadata write-backs, where readers write-back only metadata to achieve strong consistency. Central to PoWerStore is the concept of Proofs of Writing'' (PoW), a novel data storage technique inspired by commitment schemes. PoW rely on a 2-round write procedure, in which the first round writes the actual data and the second round only serves toprove'' the occurrence of the first round. PoW enable efficient implementations of strongly consistent BFT storage through metadata write-backs and low latency reads. We implemented PoWerStore and show its improved performance when compared to existing robust storage protocols, including protocols that tolerate only crash faults.
【Keywords】: byzantine-fault tolerance; secure distributed storage; strong consistency
【Paper Link】 【Pages】:299-310
【Authors】: Emil Stefanov ; Marten van Dijk ; Elaine Shi ; Christopher W. Fletcher ; Ling Ren ; Xiangyao Yu ; Srinivas Devadas
【Abstract】: We present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme for small client storage known to date. We formally prove that Path ORAM requires log^2 N / log X bandwidth overhead for block size B = X log N. For block sizes bigger than Omega(log^2 N), Path ORAM is asymptotically better than the best known ORAM scheme with small client storage. Due to its practicality, Path ORAM has been adopted in the design of secure processors since its proposal.
【Keywords】: access pattern; oblivious ram; oram; path oram
【Paper Link】 【Pages】:311-324
【Authors】: Martin Maas ; Eric Love ; Emil Stefanov ; Mohit Tiwari ; Elaine Shi ; Krste Asanovic ; John Kubiatowicz ; Dawn Song
【Abstract】: We introduce PHANTOM [1] a new secure processor that obfuscates its memory access trace. To an adversary who can observe the processor's output pins, all memory access traces are computationally indistinguishable (a property known as obliviousness). We achieve obliviousness through a cryptographic construct known as Oblivious RAM or ORAM. We first improve an existing ORAM algorithm and construct an empirical model for its trusted storage requirement. We then present PHANTOM, an oblivious processor whose novel memory controller aggressively exploits DRAM bank parallelism to reduce ORAM access latency and scales well to a large number of memory channels. Finally, we build a complete hardware implementation of PHANTOM on a commercially available FPGA-based server, and through detailed experiments show that PHANTOM is efficient in both area and performance. Accessing 4KB of data from a 1GB ORAM takes 26.2us (13.5us for the data to be available), a 32x slowdown over accessing 4KB from regular memory, while SQLite queries on a population database see 1.2-6x slowdown. PHANTOM is the first demonstration of a practical, oblivious processor and can provide strong confidentiality guarantees when offloading computation to the cloud.
【Keywords】: fpgas; oblivious ram; path oram; secure processors
【Paper Link】 【Pages】:325-336
【Authors】: Elaine Shi ; Emil Stefanov ; Charalampos Papamanthou
【Abstract】: Proofs of Retrievability (PoR), proposed by Juels and Kaliski in 2007, enable a client to store n file blocks with a cloud server so that later the server can prove possession of all the data in a very efficient manner (i.e., with constant computation and bandwidth). Although many efficient PoR schemes for static data have been constructed, only two dynamic PoR schemes exist. The scheme by Stefanov et. al. (ACSAC 2012) uses a large of amount of client storage and has a large audit cost. The scheme by Cash (EUROCRYPT 2013) is mostly of theoretical interest, as it employs Oblivious RAM (ORAM) as a black box, leading to increased practical overhead (e.g., it requires about 300 times more bandwidth than our construction). We propose a dynamic PoR scheme with constant client storage whose bandwidth cost is comparable to a Merkle hash tree, thus being very practical. Our construction outperforms the constructions of Stefanov et. al. and Cash et. al., both in theory and in practice. Specifically, for n outsourced blocks of beta bits each, writing a block requires beta+O(lambdalog n) bandwidth and O(betalog n) server computation (lambda is the security parameter). Audits are also very efficient, requiring beta+O(lambda^2log n) bandwidth. We also show how to make our scheme publicly verifiable, providing the first dynamic PoR scheme with such a property. We finally provide a very efficient implementation of our scheme.
【Keywords】: dynamic proofs of retrievability; erasure code; por
【Paper Link】 【Pages】:337-348
【Authors】: Aaron Johnson ; Chris Wacek ; Rob Jansen ; Micah Sherr ; Paul F. Syverson
【Abstract】: We present the first analysis of the popular Tor anonymity network that indicates the security of typical users against reasonably realistic adversaries in the Tor network or in the underlying Internet. Our results show that Tor users are far more susceptible to compromise than indicated by prior work. Specific contributions of the paper include(1)a model of various typical kinds of users,(2)an adversary model that includes Tor network relays, autonomous systems(ASes), Internet exchange points (IXPs), and groups of IXPs drawn from empirical study,(3) metrics that indicate how secure users are over a period of time,(4) the most accurate topological model to date of ASes and IXPs as they relate to Tor usage and network configuration,(5) a novel realistic Tor path simulator (TorPS), and(6)analyses of security making use of all the above. To show that our approach is useful to explore alternatives and not just Tor as currently deployed, we also analyze a published alternative path selection algorithm, Congestion-Aware Tor. We create an empirical model of Tor congestion, identify novel attack vectors, and show that it too is more vulnerable than previously indicated.
【Keywords】: anonymity; metrics; onion routing
【Paper Link】 【Pages】:349-360
【Authors】: Mashael AlSabah ; Ian Goldberg
【Abstract】: Recently, there have been several research efforts to design a transport layer that meets the security requirements of anonymous communications while maximizing the network performance experienced by users. In this work, we argue that existing proposals suffer from several performance and deployment issues and we introduce PCTCP, a novel anonymous communication transport design for overlay networks that addresses the shortcomings of the previous proposals. In PCTCP, every overlay path, or circuit, is assigned a separate kernel-level TCP connection that is protected by IPsec, the standard security layer for IP. To evaluate our work, we focus on the Tor network, the most popular low-latency anonymity network, which is notorious for its performance problems that can potentially deter its wider adoption and thereby impact its anonymity. Previous research showed that the current transport layer design of Tor, in which several circuits are multiplexed in a single TCP connection between any pair of routers, is a key contributor to Tor's performance issues. We implemented, experimentally evaluated, and confirmed the potential gains provided by PCTCP in an isolated testbed and on the live Tor network. We ascertained that significant performance benefits can be obtained using our approach for web clients, while maintaining the same level of anonymity provided by the network today. Our realistic large-scale experimental evaluation of PCTCP shows improvements of more than 60% for response times and approximately 30% for download times compared to Tor. Finally, PCTCP only requires minimal changes to Tor and is easily deployable, as it does not require all routers on a circuit to upgrade.
【Keywords】: performance improvement; tor; transport design
【Paper Link】 【Pages】:361-372
【Authors】: John Geddes ; Max Schuchard ; Nicholas Hopper
【Abstract】: In response to increasingly sophisticated methods of blocking access to censorship circumvention schemes such as Tor, recently proposed systems such as Skypemorph, FreeWave, and CensorSpoofer have used voice and video conferencing protocols as "cover channels" to hide proxy connections. We demonstrate that even with perfect emulation of the cover channel, these systems can be vulnerable to attacks that detect or disrupt the covert communications while having no effect on legitimate cover traffic. Our attacks stem from differences in the channel requirements for the cover protocols, which are peer-to-peer and loss tolerant, and the covert traffic, which is client-proxy and loss intolerant. These differences represent significant limitations and suggest that such protocols are a poor choice of cover channel for general censorship circumvention schemes.
【Keywords】: anonymity; censorship; censorspoofer; freewave; skypemorph
【Paper Link】 【Pages】:373-386
【Authors】: Christina Brzuska ; Nigel P. Smart ; Bogdan Warinschi ; Gaven J. Watson
【Abstract】: With over 1.6 billion debit and credit cards in use worldwide, the EMV system (a.k.a. "Chip-and-PIN") has become one of the most important deployed cryptographic protocol suites. Recently, the EMV consortium has decided to upgrade the existing RSA based system with a new system relying on Elliptic Curve Cryptography (ECC). One of the central components of the new system is a protocol that enables a card to establish a secure channel with a card reader. In this paper we provide a security analysis of the proposed protocol, we propose minor changes/clarifications to the "Request for Comments" issued in Nov 2012, and demonstrate that the resulting protocol meets the intended security goals. The structure of the protocol is one commonly encountered in practice: first run a key-exchange to establish a shared key (which performs authentication and key confirmation), only then use the channel to exchange application messages. Although common in practice, this structure takes the protocol out of the reach of most standard security models for key-exchange. Unfortunately, the only models that can cope with the above structure suffer from some drawbacks that make them unsuitable for our analysis. Our second contribution is to provide new security models for channel establishment protocols. Our models have a more inclusive syntax, are quite general, deal with a realistic notion of authentication (one-sided authentication as required by EMV), and do not suffer from the drawbacks that we identify in prior models.
【Keywords】: channel establishment; key exchange
【Paper Link】 【Pages】:387-398
【Authors】: Florian Giesen ; Florian Kohlar ; Douglas Stebila
【Abstract】: The Transport Layer Security (TLS) protocol is the most widely used security protocol on the Internet. It supports negotiation of a wide variety of cryptographic primitives through different cipher suites, various modes of client authentication, and additional features such as renegotiation. Despite its widespread use, only recently has the full TLS protocol been proven secure, and only the core cryptographic protocol with no additional features. These additional features have been the cause of several practical attacks on TLS. In 2009, Ray and Dispensa demonstrated how TLS renegotiation allows an attacker to splice together its own session with that of a victim, resulting in a man-in-the-middle attack on TLS-reliant applications such as HTTP. TLS was subsequently patched with two defence mechanisms for protection against this attack. We present the first formal treatment of renegotiation in secure channel establishment protocols. We add optional renegotiation to the authenticated and confidential channel establishment model of Jager et al., an adaptation of the Bellare--Rogaway authenticated key exchange model. We describe the attack of Ray and Dispensa on TLS within our model. We show generically that the proposed fixes for TLS offer good protection against renegotiation attacks, and give a simple new countermeasure that provides renegotiation security for TLS even in the face of stronger adversaries.
【Keywords】: key exchange; renegotiation; security models; transport layer security (tls)
【Paper Link】 【Pages】:399-410
【Authors】: Joseph A. Akinyele ; Matthew Green ; Susan Hohenberger
【Abstract】: Cryptographic design tasks are primarily performed by hand today. Shifting more of this burden to computers could make the design process faster, more accurate and less expensive. In this work, we investigate tools for programmatically altering existing cryptographic constructions to reflect particular design goals. Our techniques enhance both security and efficiency with the assistance of advanced tools including Satisfiability Modulo Theories (SMT) solvers. Specifically, we propose two complementary tools, AutoGroup and AutoStrong. AutoGroup converts a pairing-based encryption or signature scheme written in (simple) symmetric group notation into a specific instantiation in the more efficient, asymmetric setting. Some existing symmetric schemes have hundreds of possible asymmetric translations, and this tool allows the user to optimize the construction according to a variety of metrics, such as ciphertext size, key size or computation time. The AutoStrong tool focuses on the security of digital signature schemes by automatically converting an existentially unforgeable signature scheme into a strongly unforgeable one. The main technical challenge here is to automate the "partitioned" check, which allows a highly-efficient transformation. These tools integrate with and complement the AutoBatch tool (ACM CCS 2012), but also push forward on the complexity of the automation tasks by harnessing the power of SMT solvers. Our experiments demonstrate that the two design tasks studied can be performed automatically in a matter of seconds.
【Keywords】: automation; cryptographic compilers; digital signatures; pairing-based cryptography; public-key encryption
【Paper Link】 【Pages】:411-412
【Authors】: Ravi Sandhu
【Abstract】: I will use the rare opportunity of this keynote talk to give my perspective on the general state and future prospects for cyber security, and the consequences of this perspective with respect to cyber security research and education. The ambiguous status of computer science in modern academia has persisted through the thirty plus years of my career. Does it belong in the College of Science or the College of Engineering? How about the College of Business? Is it worthy of a separate College of its own? I believe this ambiguity is a manifestation of the fundamental difference between computer science relative to traditional sciences and engineering disciplines. The forces of science, engineering and business come together and reconcile in a particularly unique way in computer science, and within computer science cyber security brings additional peculiarities to this reconciliation. My outlook on cyber security is generally optimistic. I believe at the consumer level market and social forces will drive developed societies to a relatively low assurance of security and privacy analogous to the current state of internet security. The large-scale adoption of internet services across diverse global populations is one indicator that the average consumer is reasonably comfortable with the collateral risks. But nothing is automatic, so social organization will be required to compensate for the intrusions of big government and big business which may turn out to be the much bigger problem than big crime. At the same time I share the concern of many senior national security officials and thought leaders on the increasingly grave threat of cyberwar and cyberterrorism. The US Department of Defense has publicly recognized cyberspace as a man-made domain on par with land, sea, air and space within which wars will be conducted and facilitated. Many other nations and militaries are preparing offensive and defensive cyber capabilities. My talk will elaborate on these notions and seek to glean some lessons for cyber security researchers.
【Keywords】: engineering; business; science
【Paper Link】 【Pages】:413-424
【Authors】: Seungwon Shin ; Vinod Yegneswaran ; Phillip A. Porras ; Guofei Gu
【Abstract】: Among the leading reference implementations of the Software Defined Networking (SDN) paradigm is the OpenFlow framework, which decouples the control plane into a centralized application. In this paper, we consider two aspects of OpenFlow that pose security challenges, and we propose two solutions that could address these concerns. The first challenge is the inherent communication bottleneck that arises between the data plane and the control plane, which an adversary could exploit by mounting a "control plane saturation attack" that disrupts network operations. Indeed, even well-mined adversarial models, such as scanning or denial-of-service (DoS) activity, can produce more potent impacts on OpenFlow networks than traditional networks. To address this challenge, we introduce an extension to the OpenFlow data plane called "connection migration", which dramatically reduces the amount of data-to-control-plane interactions that arise during such attacks. The second challenge is that of enabling the control plane to expedite both detection of, and responses to, the changing flow dynamics within the data plane. For this, we introduce "actuating triggers" over the data plane's existing statistics collection services. These triggers are inserted by control layer applications to both register for asynchronous call backs, and insert conditional flow rules that are only activated when a trigger condition is detected within the data plane's statistics module. We present Avant-Guard, an implementation of our two data plane extensions, evaluate the performance impact, and examine its use for developing more scalable and resilient SDN security services.
【Keywords】: control plane saturation attack; openflow; security and resilience; software-defined network (sdn)
【Paper Link】 【Pages】:425-438
【Authors】: W. Michael Petullo ; Xu Zhang ; Jon A. Solworth ; Daniel J. Bernstein ; Tanja Lange
【Abstract】: MinimaLT is a new network protocol that provides ubiquitous encryption for maximal confidentiality, including protecting packet headers. MinimaLT provides server and user authentication, extensive Denial-of-Service protections, privacy-preserving IP mobility, and fast key erasure. We describe the protocol, demonstrate its performance relative to TLS and unencrypted TCP/IP, and analyze its protections, including its resilience against DoS attacks. By exploiting the properties of its cryptographic protections, MinimaLT is able to eliminate three way handshakes and thus create connections faster than unencrypted TCP/IP.
【Keywords】: authentication; encryption; network security; protocol
【Paper Link】 【Pages】:439-450
【Authors】: Rui Tan ; Varun Badrinath Krishna ; David K. Y. Yau ; Zbigniew Kalbarczyk
【Abstract】: Modern information and communication technologies used by smart grids are subject to cybersecurity threats. This paper studies the impact of integrity attacks on real-time pricing (RTP), a key feature of smart grids that uses such technologies to improve system efficiency. Recent studies have shown that RTP creates a closed loop formed by the mutually dependent real-time price signals and price-taking demand. Such a closed loop can be exploited by an adversary whose objective is to destabilize the pricing system. Specifically, small malicious modifications to the price signals can be iteratively amplified by the closed loop, causing inefficiency and even severe failures such as blackouts. This paper adopts a control-theoretic approach to deriving the fundamental conditions of RTP stability under two broad classes of integrity attacks, namely, the scaling and delay attacks. We show that the RTP system is at risk of being destabilized only if the adversary can compromise the price signals advertised to smart meters by reducing their values in the scaling attack, or by providing old prices to over half of all consumers in the delay attack. The results provide useful guidelines for system operators to analyze the impact of various attack parameters on system stability, so that they may take adequate measures to secure RTP systems.
【Keywords】: cyber security; real-time pricing; smart grid; stability
【Paper Link】 【Pages】:451-462
【Authors】: Muhammad Qasim Ali ; Ehab Al-Shaer
【Abstract】: Smart grid deployment initiatives have been witnessed in the past recent years. Smart grids provide bi-directional communication between meters and headend system through Advanced Metering Infrastructure (AMI). Recent studies highlight the threats targeting AMI. Despite the need of tailored Intrusion Detection Systems (IDS) for the smart grid, very limited progress has been made in this area. Unlike traditional networks, smart grid has its own unique challenges, such as limited computational power devices and potentially high deployment cost, that restrict the deployment options of intrusion detectors. We show that smart grid exhibits deterministic and predictable behavior that can be accurately modeled to develop intrusion detection system. In this paper, we show that AMI behavior can be modeled using event logs collected at smart collectors, which in turn can be verified using the specifications invariant generated from the configurations of the AMI devices. Event logs are modeled using fourth order Markov Chain and specifications are written in Linear Temporal Logic (LTL). The approach provides robustness against evasion and mimicry attacks, however, we discuss that it still can be evaded to a certain extent. We validate our approach on a real-world dataset of thousands of meters collected at the AMI of a leading utility provider.
【Keywords】: advanced metering infrastructure; intrusion detection systems; smart grid
【Paper Link】 【Pages】:463-474
【Authors】: Yannis Rouselakis ; Brent Waters
【Abstract】:
We propose two large universe Attribute-Based Encryption constructions. In a large universe ABE system any string can be used as an attribute and attributes need not be enumerated at system setup. Our first construction establishes a novel large universe Ciphertext-Policy ABE scheme on prime order bilinear groups, while the second achieves a significant efficiency improvement over the large universe Key-Policy ABE system of Lewko-Waters and Lewko. Both schemes are selectively secure in the standard model under two q-type'' assumptions similar to ones used in prior works. Our work brings backprogram and cancel'' techniques to this problem and aims in providing practical large universe ABE implementations. To showcase the efficiency improvements over prior constructions, we provide implementations and benchmarks of our schemes in Charm; a programming environment for rapid prototyping of cryptographic primitives. We compare them to implementations of the only three published constructions that offer unbounded ABE in the standard model.
【Keywords】: attribute-based encryption; charm; ciphertext-policy; key-policy; large universe; q-type assumptions; unbounded
【Paper Link】 【Pages】:475-486
【Authors】: Zhen Liu ; Zhenfu Cao ; Duncan S. Wong
【Abstract】: In the context of Ciphertext-Policy Attribute-Based Encryption (CP-ABE), if a decryption device associated with an attribute set S_D appears on eBay, and is alleged to be able to decrypt any ciphertexts with policies satisfied by S_D, no one including the CP-ABE authorities can identify the malicious user(s) who build such a decryption device using their key(s). This has been known as a major practicality concern in CP-ABE applications, for example, providing fine-grained access control on encrypted data. Due to the nature of CP-ABE, users get decryption keys from authorities associated with attribute sets. If there exists two or more users with attribute sets being the supersets of S_D, existing CP-ABE schemes cannot distinguish which user is the malicious one who builds and sells such a decryption device. In this paper, we extend the notion of CP-ABE to support Blackbox Traceability and propose a concrete scheme which is able to identify a user whose key has been used in building a decryption device from multiple users whose keys associated with the attribute sets which are all the supersets of S_D. The scheme is efficient with sub-linear overhead and when compared with the very recent (non-traceable) CP-ABE scheme due to Lewko and Waters in Crypto 2012, we can consider this new scheme as an extension with the property of fully collusion-resistant blackbox traceability added, i.e. an adversary can access an arbitrary number of keys when building a decryption device while the new tracing algorithm can still identify at least one particular key which must have been used for building the underlying decryption device. We show that this new scheme is secure against adaptive adversaries in the standard model, and is highly expressive by supporting any monotonic access structures. Its additional traceability property is also proven against adaptive adversaries in the standard model. As of independent interest, in this paper, we also consider another scenario which we call it "found-in-the-wild". In this scenario, a decryption device is found, for example, from a black market, and reported to an authority (e.g. a law enforcement agency). The decryption device is found to be able to decrypt ciphertexts with certain policy, say A, while the associated attribute set S_D is missing. In this found-in-the-wild scenario, we show that the Blackbox Traceable CP-ABE scheme proposed in this paper can still be able to find the malicious users whose keys have been used for building the decryption device, and our scheme can achieve selective traceability in the standard model under this scenario.
【Keywords】: attribute-based encryption; blackbox traceability
【Paper Link】 【Pages】:487-498
【Authors】: Junyuan Zeng ; Yangchun Fu ; Kenneth A. Miller ; Zhiqiang Lin ; Xiangyu Zhang ; Dongyan Xu
【Abstract】: With the wide existence of binary code, it is desirable to reuse it in many security applications, such as malware analysis and software patching. While prior approaches have shown that binary code can be extracted and reused, they are often based on static analysis and face challenges when coping with obfuscated binaries. This paper introduces trace-oriented programming (TOP), a general framework for generating new software from existing binary code by elevating the low-level binary code to C code with templates and inlined assembly. Different from existing work, TOP gains benefits from dynamic analysis such as resilience against obfuscation and avoidance of points-to analysis. Thus, TOP can be used for malware analysis, especially for malware function analysis and identification. We have implemented a proof-of-concept of TOP and our evaluation results with a range of benign and malicious software indicate that TOP is able to reconstruct source code from binary execution traces in malware analysis and identification, and binary function transplanting.
【Keywords】: binary code reuse; dynamic decompilation; taint analysis; trace-oriented programming
【Paper Link】 【Pages】:499-510
【Authors】: Fabian Yamaguchi ; Christian Wressnegger ; Hugo Gascon ; Konrad Rieck
【Abstract】: Uncovering security vulnerabilities in software is a key for operating secure systems. Unfortunately, only some security flaws can be detected automatically and the vast majority of vulnerabilities is still identified by tedious auditing of source code. In this paper, we strive to improve this situation by accelerating the process of manual auditing. We introduce Chucky, a method to expose missing checks in source code. Many vulnerabilities result from insufficient input validation and thus omitted or false checks provide valuable clues for finding security flaws. Our method proceeds by statically tainting source code and identifying anomalous or missing conditions linked to security-critical objects.In an empirical evaluation with five popular open-source projects, Chucky is able to accurately identify artificial and real missing checks, which ultimately enables us to uncover 12 previously unknown vulnerabilities in two of the projects (Pidgin and LibTIFF).
【Keywords】: anomaly detection; static analysis; vulnerabilities
【Paper Link】 【Pages】:511-522
【Authors】: Maverick Woo ; Sang Kil Cha ; Samantha Gottlieb ; David Brumley
【Abstract】: Black-box mutational fuzzing is a simple yet effective technique to find bugs in software. Given a set of program-seed pairs, we ask how to schedule the fuzzings of these pairs in order to maximize the number of unique bugs found at any point in time. We develop an analytic framework using a mathematical model of black-box mutational fuzzing and use it to evaluate 26 existing and new randomized online scheduling algorithms. Our experiments show that one of our new scheduling algorithms outperforms the multi-armed bandit algorithm in the current version of the CERT Basic Fuzzing Framework (BFF) by finding 1.5x more unique bugs in the same amount of time.
【Keywords】: fuzz configuration scheduling; software security
【Paper Link】 【Pages】:523-534
【Authors】: Abhi Shelat ; Chih-Hao Shen
【Abstract】: Almost all existing protocols for secure two-party computation require a specific hardness assumption, such as DDH, discrete logarithm, or a random oracle, even after assuming oracle access to the oblivious transfer functionality for their correctness and/or efficiency. We propose and implement a Yao-based protocol that is secure against malicious adversaries and enjoys the following benefits: it requires the minimal hardness assumption, i.e., OTs; it uses 10 rounds of communication plus OT rounds; it has the optimal overhead complexity (for an approach that uses the circuit-level cut-and-choose technique); and it is embarrassingly parallelizable in the sense that each circuit can be processed in a pipelined manner, and all circuits can be processed in parallel. To achieve these properties, we describe novel solutions for the three main obstacles for achieving security against malicious adversaries in a cut-and-choose garbled-circuit protocol. We propose an efficient proof to establish the generator's output authenticity; we suggest the use of an auxiliary circuit that computes a hash to ensure the generator's input consistency; and we advance the performance of Pinkas and Lindell's state-of-the-art approach for handling the selective failure attack. Not only does our protocol require weaker cryptographic assumptions, but our implementation of this protocol also demonstrates a several factor improvement over the best prior work which relies on specific number-theoretic assumptions. Thus, we show that performance does not require specific algebraic assumptions.
【Keywords】: cut-and-choose; malicious model; the yao protocol
【Paper Link】 【Pages】:535-548
【Authors】: Gilad Asharov ; Yehuda Lindell ; Thomas Schneider ; Michael Zohner
【Abstract】: Protocols for secure computation enable parties to compute a joint function on their private inputs without revealing anything but the result. A foundation for secure computation is oblivious transfer (OT), which traditionally requires expensive public key cryptography. A more efficient way to perform many OTs is to extend a small number of base OTs using OT extensions based on symmetric cryptography. In this work we present optimizations and efficient implementations of OT and OT extensions in the semi-honest model. We propose a novel OT protocol with security in the standard model and improve OT extensions with respect to communication complexity, computation complexity, and scalability. We also provide specific optimizations of OT extensions that are tailored to the secure computation protocols of Yao and Goldreich-Micali-Wigderson and reduce the communication complexity even further. We experimentally verify the efficiency gains of our protocols and optimizations. By applying our implementation to current secure computation frameworks, we can securely compute a Levenshtein distance circuit with 1.29 billion AND gates at a rate of 1.2 million AND gates per second. Moreover, we demonstrate the importance of correctly implementing OT within secure computation protocols by presenting an attack on the FastGC framework.
【Keywords】: oblivious transfer extensions; secure computation; semi-honest adversaries
【Paper Link】 【Pages】:549-560
【Authors】: Marcel Keller ; Peter Scholl ; Nigel P. Smart
【Abstract】: We present a runtime environment for executing secure programs via a multi-party computation protocol in the preprocessing model. The runtime environment is general and allows arbitrary reactive computations to be performed. A particularly novel aspect is that it automatically determines the minimum number of rounds needed for a computation, given a specific instruction sequence, and it then uses this to minimize the overall cost of the computation. Various experiments are reported on, on various non-trivial functionalities. We show how, by utilizing the ability of modern processors to execute multiple threads at a time, one can obtain various tradeoffs between latency and throughput
【Keywords】: multi-party computation
【Paper Link】 【Pages】:561-572
【Authors】: Andrew K. Hirsch ; Michael R. Clarkson
【Abstract】: A formal belief semantics for authorization logics is given. The belief semantics is proved to subsume a standard Kripke semantics. The belief semantics yields a direct representation of principals' beliefs, without resorting to the technical machinery used in Kripke semantics. A proof system is given for the logic; that system is proved sound with respect to the belief and Kripke semantics. The soundness proofs are mechanized in Coq.
【Keywords】: authorization logic; cdd; nal
【Paper Link】 【Pages】:573-584
【Authors】: Bruno Blanchet ; Miriam Paiola
【Abstract】: We present a novel automatic technique for proving secrecy and authentication properties for security protocols that manipulate lists of unbounded length, for an unbounded number of sessions. This result is achieved by extending the Horn clause approach of the automatic protocol verifier ProVerif. We extend the Horn clauses to be able to represent lists of unbounded length. We adapt the resolution algorithm to handle the new class of Horn clauses, and prove the soundness of this new algorithm. We have implemented our algorithm and successfully tested it on several protocol examples, including XML protocols coming from web services.
【Keywords】: horn clauses; lists; resolution; security protocols; verification; web services
【Paper Link】 【Pages】:585-598
【Authors】: Philip W. L. Fong ; Pooya Mehregan ; Ram Krishnan
【Abstract】: Users of an online community are willing to share resources because they can expect reasonable behaviour from other members of the community. Such expectations are known as social contracts. In this work, we study the specification and enforcement of social contracts in a computer mediated collaboration environment. Specifically, we examine social contracts that contain both relationship- and history-based elements. A series of policy languages, all based on modal and temporal logics, with increasing expressiveness, have been proposed to express social contracts. Reference monitors are designed to correctly and efficiently enforce the specified policies. A technique called "relational abstraction" is employed to reduce the reference monitor into a purely relationship-based protection system, that is, what is commonly known as a social network system.
【Keywords】: history-based access control; hybrid logic; online community; policy language; reference monitor; relationship-based access control; social contract; temporal logic
【Paper Link】 【Pages】:599-610
【Authors】: Abdul Serwadda ; Vir V. Phoha
【Abstract】: Touch-based verification --- the use of touch gestures (e.g., swiping, zooming, etc.) to authenticate users of touch screen devices --- has recently been widely evaluated for its potential to serve as a second layer of defense to the PIN lock mechanism. In all performance evaluations of touch-based authentication systems however, researchers have assumed naive (zero-effort) forgeries in which the attacker makes no effort to mimic a given gesture pattern. In this paper we demonstrate that a simple "Lego" robot driven by input gleaned from general population swiping statistics can generate forgeries that achieve alarmingly high penetration rates against touch-based authentication systems. Using the best classification algorithms in touch-based authentication, we rigorously explore the effect of the attack, finding that it increases the Equal Error Rates of the classifiers by between 339% and 1004% depending on parameters such as the failure-to-enroll threshold and the type of touch stroke generated by the robot. The paper calls into question the zero-effort impostor testing approach used to benchmark the performance of touch-based authentication systems.
【Keywords】: attack; authentication; biometrics; robot; touch gestures
【Paper Link】 【Pages】:611-622
【Authors】: Yuan Zhang ; Min Yang ; Bingquan Xu ; Zhemin Yang ; Guofei Gu ; Peng Ning ; Xiaoyang Sean Wang ; Binyu Zang
【Abstract】: Android platform adopts permissions to protect sensitive resources from untrusted apps. However, after permissions are granted by users at install time, apps could use these permissions (sensitive resources) with no further restrictions. Thus, recent years have witnessed the explosion of undesirable behaviors in Android apps. An important part in the defense is the accurate analysis of Android apps. However, traditional syscall-based analysis techniques are not well-suited for Android, because they could not capture critical interactions between the application and the Android system. This paper presents VetDroid, a dynamic analysis platform for reconstructing sensitive behaviors in Android apps from a novel permission use perspective. VetDroid features a systematic framework to effectively construct permission use behaviors, i.e., how applications use permissions to access (sensitive) system resources, and how these acquired permission-sensitive resources are further utilized by the application. With permission use behaviors, security analysts can easily examine the internal sensitive behaviors of an app. Using real-world Android malware, we show that VetDroid can clearly reconstruct fine-grained malicious behaviors to ease malware analysis. We further apply VetDroid to 1,249 top free apps in Google Play. VetDroid can assist in finding more information leaks than TaintDroid, a state-of-the-art technique. In addition, we show how we can use VetDroid to analyze fine-grained causes of information leaks that TaintDroid cannot reveal. Finally, we show that VetDroid can help identify subtle vulnerabilities in some (top free) applications otherwise hard to detect.
【Keywords】: android behavior representation}; android security; permission use analysis; vetting undesirable behaviors
【Paper Link】 【Pages】:623-634
【Authors】: Lei Wu ; Michael C. Grace ; Yajin Zhou ; Chiachih Wu ; Xuxian Jiang
【Abstract】: The smartphone market has grown explosively in recent years, as more and more consumers are attracted to the sensor-studded multipurpose devices. Android is particularly ascendant; as an open platform, smartphone manufacturers are free to extend and modify it, allowing them to differentiate themselves from their competitors. However, vendor customizations will inherently impact overall Android security and such impact is still largely unknown. In this paper, we analyze ten representative stock Android images from five popular smartphone vendors (with two models from each vendor). Our goal is to assess the extent of security issues that may be introduced from vendor customizations and further determine how the situation is evolving over time. In particular, we take a three-stage process: First, given a smartphone's stock image, we perform provenance analysis to classify each app in the image into three categories: apps originating from the AOSP, apps customized or written by the vendor, and third-party apps that are simply bundled into the stock image. Such provenance analysis allows for proper attribution of detected security issues in the examined Android images. Second, we analyze permission usages of pre-loaded apps to identify overprivileged ones that unnecessarily request more Android permissions than they actually use. Finally, in vulnerability analysis, we detect buggy pre-loaded apps that can be exploited to mount permission re-delegation attacks or leak private information. Our evaluation results are worrisome: vendor customizations are significant on stock Android devices and on the whole responsible for the bulk of the security problems we detected in each device. Specifically, our results show that on average 85.78% of all pre-loaded apps in examined stock images are overprivileged with a majority of them directly from vendor customizations. In addition, 64.71% to 85.00% of vulnerabilities we detected in examined images from every vendor (except for Sony) arose from vendor customizations. In general, this pattern held over time -- newer smartphones, we found, are not necessarily more secure than older ones.
【Keywords】: android; customization; provenance; static analysis
【Paper Link】 【Pages】:635-646
【Authors】: Rui Wang ; Luyi Xing ; XiaoFeng Wang ; Shuo Chen
【Abstract】: With the progress in mobile computing, web services are increasingly delivered to their users through mobile apps, instead of web browsers. However, unlike the browser, which enforces origin-based security policies to mediate the interactions between the web content from different sources, today's mobile OSes do not have a comparable security mechanism to control the cross-origin communications between apps, as well as those between an app and the web. As a result, a mobile user's sensitive web resources could be exposed to the harms from a malicious origin. In this paper, we report the first systematic study on this mobile cross-origin risk. Our study inspects the main cross-origin channels on Android and iOS, including intent, scheme and web-accessing utility classes, and further analyzes the ways popular web services (e.g., Facebook, Dropbox, etc.) and their apps utilize those channels to serve other apps. The research shows that lack of origin-based protection opens the door to a wide spectrum of cross-origin attacks. These attacks are unique to mobile platforms, and their consequences are serious: for example, using carefully designed techniques for mobile cross-site scripting and request forgery, an unauthorized party can obtain a mobile user's Facebook/Dropbox authentication credentials and record her text input. We report our findings to related software vendors, who all acknowledged their importance. To address this threat, we designed an origin-based protection mechanism, called Morbs, for mobile OSes. Morbs labels every message with its origin information, lets developers easily specify security policies, and enforce the policies on the mobile channels based on origins. Our evaluation demonstrates the effectiveness of our new technique in defeating unauthorized origin crossing, its efficiency and the convenience for the developers to use such protection.
【Keywords】: android; ios; mobile platform; same-origin policy
【Paper Link】 【Pages】:647-658
【Authors】: Yevgeniy Dodis ; David Pointcheval ; Sylvain Ruhault ; Damien Vergnaud ; Daniel Wichs
【Abstract】: A pseudo-random number generator (PRNG) is a deterministic algorithm that produces numbers whose distribution is indistinguishable from uniform. A formal security model for PRNGs with input was proposed in 2005 by Barak and Halevi (BH). This model involves an internal state that is refreshed with a (potentially biased) external random source, and a cryptographic function that outputs random numbers from the continually internal state. In this work we extend the BH model to also include a new security property capturing how it should accumulate the entropy of the input data into the internal state after state compromise. This property states that a good PRNG should be able to eventually recover from compromise even if the entropy is injected into the system at a very slow pace, and expresses the real-life expected behavior of existing PRNG designs. Unfortunately, we show that neither the model nor the specific PRNG construction proposed by BH meet this new property, despite meeting a weaker robustness notion introduced by BH. From a practical side, we give a precise assessment of the Linux PRNGs, /dev/random and /dev/urandom. In particular, we show attacks proving that these PRNGs are not robust according to our definition, due to vulnerabilities in their entropy estimator and their internal mixing function. Finally, we propose a simple PRNG construction that is provably robust in our new and stronger adversarial model and we show that it is more efficient than the Linux PRNGs. We therefore recommend to use this construction whenever a PRNG with input is used for cryptography.
【Keywords】: /dev/random; entropy; randomness; security models
【Paper Link】 【Pages】:659-668
【Authors】: Soo Hyeon Kim ; Daewan Han ; Dong Hoon Lee
【Abstract】: OpenSSL is the most widely used library for SSL/TLS on the Android platform. The security of OpenSSL depends greatly on the unpredictability of its Pseudo Random Number Generator (PRNG). In this paper, we reveal the vulnerability of the OpenSSL PRNG on the Android. We first analyze the architecture of the OpenSSL specific to Android, and the overall operation process of the PRNG from initialization until the session key is generated. Owing to the nature of Android, the Dalvik Virtual Machine in Zygote initializes the states of OpenSSL PRNG early upon booting, and SSL applications copy the PRNG states of Zygote when they start. Therefore, the applications that use OpenSSL generate random data from the same initial states, which is potential problem that may seriously affect the security of Android applications. Next, we investigate the possibility of recovering the initial states of the OpenSSL PRNG. To do so, we should predict the nine external entropy sources of the PRNG. However, we show that these sources can be obtained in practice if the device is fixed. For example, the complexity of the attack was O(2^{32+t}) in our smartphone, where t is the bit complexity for estimating the system boot time. In our experiments, we were able to restore the PRNG states in 74 out of 100 cases. Assuming that we knew the boot time, i.e., t=0, the average time required to restore was 35 min on a PC with four cores (eight threads). Finally, we show that it is possible to recover the PreMasterSecret of the first SSL session with O(2^{58}) computations using the restored PRNG states, if the application is implemented by utilizing org.webkit package and a key exchange scheme is RSA. It shows that the vulnerability of OpenSSL PRNG can be a real threat to the security of Android.
【Keywords】: android; entropy; openssl; pseudo random number generator; ssl/tls
【Paper Link】 【Pages】:669-684
【Authors】: Aggelos Kiayias ; Stavros Papadopoulos ; Nikos Triandopoulos ; Thomas Zacharias
【Abstract】: We put forth the problem of delegating the evaluation of a pseudorandom function (PRF) to an untrusted proxy and introduce a novel cryptographic primitive called delegatable pseudorandom functions, or DPRFs for short: A DPRF enables a proxy to evaluate a pseudorandom function on a strict subset of its domain using a trapdoor derived from the DPRF secret key. The trapdoor is constructed with respect to a certain policy predicate that determines the subset of input values which the proxy is allowed to compute. The main challenge in constructing DPRFs is to achieve bandwidth efficiency (which mandates that the trapdoor is smaller than the precomputed sequence of the PRF values conforming to the predicate), while maintaining the pseudorandomness of unknown values against an attacker that adaptively controls the proxy. A DPRF may be optionally equipped with an additional property we call policy privacy, where any two delegation predicates remain indistinguishable in the view of a DPRF-querying proxy: achieving this raises new design challenges as policy privacy and bandwidth efficiency are seemingly conflicting goals. For the important class of policy predicates described as (1-dimensional) ranges, we devise two DPRF constructions and rigorously prove their security. Built upon the well-known tree-based GGM PRF family, our constructions are generic and feature only logarithmic delegation size in the number of values conforming to the policy predicate. At only a constant-factor efficiency reduction, we show that our second construction is also policy private. Finally, we describe that their new security and efficiency properties render our DPRF schemes particularly useful in numerous security applications, including RFID, symmetric searchable encryption, and broadcast encryption.
【Keywords】: authentication; broadcast encryption; delegation of computation; pseudorandom functions; rfids; searchable encryption
【Paper Link】 【Pages】:685-696
【Authors】: Henry Corrigan-Gibbs ; Wendy Mu ; Dan Boneh ; Bryan Ford
【Abstract】: The security of any cryptosystem relies on the secrecy of the system's secret keys. Yet, recent experimental work demonstrates that tens of thousands of devices on the Internet use RSA and DSA secrets drawn from a small pool of candidate values. As a result, an adversary can derive the device's secret keys without breaking the underlying cryptosystem. We introduce a new threat model, under which there is a systemic solution to such randomness flaws. In our model, when a device generates a cryptographic key, it incorporates some random values from an "entropy authority" into its cryptographic secrets and then proves to the authority, using zero-knowledge-proof techniques, that it performed this operation correctly. By presenting an entropy-authority-signed public key certificate to a third party (like a certificate authority or SSH client), the device can demonstrate that its public key incorporates randomness from the authority and is therefore drawn from a large pool of candidate values. Where possible, our protocol protects against eavesdroppers, entropy authority misbehavior, and devices attempting to discredit the entropy authority. To demonstrate the practicality of our protocol, we have implemented and evaluated its performance on a commodity wireless home router. When running on a home router, our protocol incurs a $1.7\times$ slowdown over conventional RSA key generation and it incurs a $3.6\times$ slowdown over conventional EC-DSA key generation.
【Keywords】: cryptography; dsa; entropy; entropy authority; key generation; randomness; rsa
【Paper Link】 【Pages】:697-708
【Authors】: Adam Waksman ; Matthew Suozzo ; Simha Sethumadhavan
【Abstract】: Hardware design today bears similarities to software design. Often vendors buy and integrate code acquired from third-party organizations into their designs, especially in embedded/system-on-chip designs. Currently, there is no way to determine if third-party designs have built-in backdoors that can compromise security after deployment. The key observation we use to approach this problem is that hardware backdoors incorporate logic that is nearly-unused, i.e. stealthy. The wires used in stealthy backdoor circuits almost never influence the outputs of those circuits. Typically, they do so only when triggered using external inputs from an attacker. In this paper, we present FANCI, a tool that flags suspicious wires, in a design, which have the potential to be malicious. FANCI uses scalable, approximate, boolean functional analysis to detect these wires. Our examination of the TrustHub hardware backdoor benchmark suite shows that FANCI is able to flag all suspicious paths in the benchmarks that are associated with backdoors. Unlike prior work in the area, FANCI is not hindered by incomplete test suite coverage and thus is able to operate in practice without false negatives. Furthermore, FANCI reports low false positive rates: less than 1% of wires are reported as suspicious in most cases. All TrustHub designs were analyzed in a day or less. We also analyze a backdoor-free out-of-order microprocessor core to demonstrate applicability beyond benchmarks.
【Keywords】: backdoors; functional analysis; hardware; intellectual property; security
【Paper Link】 【Pages】:709-720
【Authors】: Jeyavijayan Rajendran ; Michael Sam ; Ozgur Sinanoglu ; Ramesh Karri
【Abstract】: Camouflaging is a layout-level technique that hampers an attacker from reverse engineering by introducing, in one embodiment, dummy contacts into the layout. By using a mix of real and dummy contacts, one can camouflage a standard cell whose functionality can be one of many. If an attacker cannot resolve the functionality of a camouflaged gate, he/she will extract an incorrect netlist. In this paper, we analyze the feasibility of identifying the functionality of camouflaged gates. We also propose techniques to make the dummy contact-based IC camouflaging technique resilient to reverse engineering. Furthermore, we judiciously select gates to camouflage by using techniques which ensure that the outputs of the extracted netlist are controllably corrupted. The techniques leverage IC testing principles such as justification and sensitization. The proposed techniques are evaluated using ISCAS benchmark circuits and OpenSparc T1 microprocessor controllers.
【Keywords】: ic camouflaging; ic reverse engineering; ip piracy; ip protection
【Paper Link】 【Pages】:721-732
【Authors】: Albert Kwon ; Udit Dhawan ; Jonathan M. Smith ; Thomas F. Knight Jr. ; André DeHon
【Abstract】: Referencing outside the bounds of an array or buffer is a common source of bugs and security vulnerabilities in today's software. We can enforce spatial safety and eliminate these violations by inseparably associating bounds with every pointer (fat pointer) and checking these bounds on every memory access. By further adding hardware-managed tags to the pointer, we make them unforgeable. This, in turn, allows the pointers to be used as capabilities to facilitate fine-grained access control and fast security domain crossing. Dedicated checking hardware runs in parallel with the processor's normal datapath so that the checks do not slow down processor operation (0% runtime overhead). To achieve the safety of fat pointers without increasing program state, we compactly encode approximate base and bound pointers along with exact address pointers for a 46b address space into one 64-bit word with a worst-case memory overhead of 3%. We develop gate-level implementations of the logic for updating and validating these compact fat pointers and show that the hardware requirements are low and the critical paths for common operations are smaller than processor ALU operations. Specifically, we show that the fat-pointer check and update operations can run in a 4 ns clock cycle on a Virtex 6 (40nm) implementation while only using 1100 6-LUTs or about the area of a double-precision, floating-point adder.
【Keywords】: capabilities; fat pointer; memory safety; processor; security; spatial confinement
【Paper Link】 【Pages】:733-744
【Authors】: Clemens Helfmeier ; Dmitry Nedospasov ; Christopher Tarnovsky ; Jan Starbug Krissler ; Christian Boit ; Jean-Pierre Seifert
【Abstract】: As the surplus market of failure analysis equipment continues to grow, the cost of performing invasive IC analysis continues to diminish. Hardware vendors in high-security applications utilize security by obscurity to implement layers of protection on their devices. High-security applications must assume that the attacker is skillful, well-equipped and well-funded. Modern security ICs are designed to make readout of decrypted data and changes to security configuration of the device impossible. Countermeasures such as meshes and attack sensors thwart many state of the art attacks. Because of the perceived difficulty and lack of publicly known attacks, the IC backside has largely been ignored by the security community. However, the backside is currently the weakest link in modern ICs because no devices currently on the market are protected against fully-invasive attacks through the IC backside. Fully-invasive backside attacks circumvent all known countermeasures utilized by modern implementations. In this work, we demonstrate the first two practical fully-invasive attacks against the IC backside. Our first attack is fully-invasive backside microprobing. Using this attack we were able to capture decrypted data directly from the data bus of the target IC's CPU core. We also present a fully invasive backside circuit edit. With this attack we were able to set security and configuration fuses of the device to arbitrary values.
【Keywords】: backside; integrated circuit attack
【Paper Link】 【Pages】:753-764
【Authors】: Jonas Magazinius ; Billy K. Rios ; Andrei Sabelfeld
【Abstract】: In a heterogeneous system like the web, information is exchanged between components in versatile formats. A new breed of attacks is on the rise that exploit the mismatch between the expected and provided content. This paper focuses on the root cause of a large class of attacks: polyglots. A polyglot is a program that is valid in multiple programming languages. Polyglots allow multiple interpretation of the content, providing a new space of attack vectors. We characterize what constitutes a dangerous format in the web setting and identify particularly dangerous formats, with PDF as the prime example. We demonstrate that polyglot-based attacks on the web open up for insecure communication across Internet origins. The paper presents novel attack vectors that infiltrate the trusted origin by syntax injection across multiple languages and by content smuggling of malicious payload that appears formatted as benign content. The attacks lead to both cross-domain leakage and cross-site request forgery. We perform a systematic study of PDF-based injection and content smuggling attacks. We evaluate the current practice in client/server content filtering and PDF readers for polyglot-based attacks, and report on vulnerabilities in the top 100 Alexa web sites. We identify five web sites to be vulnerable to syntax injection attacks. Further, we have found two major enterprise cloud storage services to be susceptible to content smuggling attacks. Our recommendations for protective measures on server side, in browsers, and in content interpreters (in particular, PDF readers) show how to mitigate the attacks.
【Keywords】: cross-domain; injection; polyglot; web security
【Paper Link】 【Pages】:765-776
【Authors】: Vacha Dave ; Saikat Guha ; Yin Zhang
【Abstract】: Click-spam in online advertising, where unethical publishers use malware or trick users into clicking ads, siphons off hundreds of millions of advertiser dollars meant to support free websites and apps. Ad networks today, sadly, rely primarily on security through obscurity to defend against click-spam. In this paper, we present Viceroi, a principled approach to catching click-spam in search ad networks. It is designed based on the intuition that click-spam is a profit-making business that needs to deliver higher return on investment (ROI) for click-spammers than other (ethical) business models to offset the risk of getting caught. Viceroi operates at the ad network where it has visibility into all ad clicks. Working with a large real-world ad network, we find that the simple-yet-general Viceroi approach catches over six very different classes of click-spam attacks (e.g., malware-driven, search-hijacking, arbitrage) without any tuning knobs.
【Keywords】: click-fraud; click-spam; invalid clicks; traffic quality
【Paper Link】 【Pages】:777-788
【Authors】: Mario Heiderich ; Jörg Schwenk ; Tilman Frosch ; Jonas Magazinius ; Edward Z. Yang
【Abstract】: Back in 2007, Hasegawa discovered a novel Cross-Site Scripting (XSS) vector based on the mistreatment of the backtick character in a single browser implementation. This initially looked like an implementation error that could easily be fixed. Instead, as this paper shows, it was the first example of a new class of XSS vectors, the class of mutation-based XSS (mXSS) vectors, which may occur in innerHTML and related properties. mXSS affects all three major browser families: IE, Firefox, and Chrome. We were able to place stored mXSS vectors in high-profile applications like Yahoo! Mail, Rediff Mail, OpenExchange, Zimbra, Roundcube, and several commercial products. mXSS vectors bypassed widely deployed server-side XSS protection techniques (like HTML Purifier, kses, htmlLawed, Blueprint and Google Caja), client-side filters (XSS Auditor, IE XSS Filter), Web Application Firewall (WAF) systems, as well as Intrusion Detection and Intrusion Prevention Systems (IDS/IPS). We describe a scenario in which seemingly immune entities are being rendered prone to an attack based on the behavior of an involved party, in our case the browser. Moreover, it proves very difficult to mitigate these attacks: In browser implementations, mXSS is closely related to performance enhancements applied to the HTML code before rendering; in server side filters, strict filter rules would break many web applications since the mXSS vectors presented in this paper are harmless when sent to the browser. This paper introduces and discusses a set of seven different subclasses of mXSS attacks, among which only one was previously known. The work evaluates the attack surface, showcases examples of vulnerable high-profile applications, and provides a set of practicable and low-overhead solutions to defend against these kinds of attacks.
【Keywords】: browser security; cross-site scripting; innerhtml; mutation-based xss; mxss; unauthorized access; web security
【Paper Link】 【Pages】:789-800
【Authors】: Changyu Dong ; Liqun Chen ; Zikai Wen
【Abstract】: Large scale data processing brings new challenges to the design of privacy-preserving protocols: how to meet the increasing requirements of speed and throughput of modern applications, and how to scale up smoothly when data being protected is big. Efficiency and scalability become critical criteria for privacy preserving protocols in the age of Big Data. In this paper, we present a new Private Set Intersection (PSI) protocol that is extremely efficient and highly scalable compared with existing protocols. The protocol is based on a novel approach that we call oblivious Bloom intersection. It has linear complexity and relies mostly on efficient symmetric key operations. It has high scalability due to the fact that most operations can be parallelized easily. The protocol has two versions: a basic protocol and an enhanced protocol, the security of the two variants is analyzed and proved in the semi-honest model and the malicious model respectively. A prototype of the basic protocol has been built. We report the result of performance evaluation and compare it against the two previously fastest PSI protocols. Our protocol is orders of magnitude faster than these two protocols. To compute the intersection of two million-element sets, our protocol needs only 41 seconds (80-bit security) and 339 seconds (256-bit security) on moderate hardware in parallel mode.
【Keywords】: bloom filters; private set intersection
【Paper Link】 【Pages】:801-812
【Authors】: Valeria Nikolaenko ; Stratis Ioannidis ; Udi Weinsberg ; Marc Joye ; Nina Taft ; Dan Boneh
【Abstract】: Recommender systems typically require users to reveal their ratings to a recommender service, which subsequently uses them to provide relevant recommendations. Revealing ratings has been shown to make users susceptible to a broad set of inference attacks, allowing the recommender to learn private user attributes, such as gender, age, etc. In this work, we show that a recommender can profile items without ever learning the ratings users provide, or even which items they have rated. We show this by designing a system that performs matrix factorization, a popular method used in a variety of modern recommendation systems, through a cryptographic technique known as garbled circuits. Our design uses oblivious sorting networks in a novel way to leverage sparsity in the data. This yields an efficient implementation, whose running time is O(Mlog^2M) in the number of ratings M. Crucially, our design is also highly parallelizable, giving a linear speedup with the number of available processors. We further fully implement our system, and demonstrate that even on commodity hardware with 16 cores, our privacy-preserving implementation can factorize a matrix with 10K ratings within a few hours.
【Keywords】: garbled circuits; matrix factorization; multi party computation; privacy; recommender systems
【Paper Link】 【Pages】:813-826
【Authors】: Yihua Zhang ; Aaron Steele ; Marina Blanton
【Abstract】: Secure computation on private data has been an active area of research for many years and has received a renewed interest with the emergence of cloud computing. In recent years, substantial progress has been made with respect to the efficiency of the available techniques and several implementations have appeared. The available tools, however, lacked a convenient mechanism for implementing a general-purpose}program in a secure computation framework suitable for execution in not fully trusted environments. This work fulfills this gap and describes a system, called PICCO, for converting a program written in an extension of C into its distributed secure implementation and running it in a distributed environment. The C extension preserves all current features of the programming language and allows variables to be marked as private and be used in general-purpose computation. Secure distributed implementation of compiled programs is based on linear secret sharing, achieving efficiency and information-theoretical security. Our experiments also indicate that many programs can be evaluated very efficiently on private data using PICCO.
【Keywords】: compiler; general-purpose computation; linear secret sharing; parallel execution; secure computation outsourcing; secure multi-party computation; source-to-source translator
【Paper Link】 【Pages】:827-838
【Authors】: Yinqian Zhang ; Michael K. Reiter
【Abstract】: This paper presents the design, implementation and evaluation of a system called Düppel that enables a tenant virtual machine to defend itself from cache-based side-channel attacks in public clouds. Düppel includes defenses for time-shared caches such as per-core L1 and L2 caches. Experiments in the lab and on public clouds show that Düppel effectively obfuscates timing signals available to an attacker VM via these caches and incurs modest performance overheads (at most 7% and usually much less) in the common case of no side-channel attacks. Moreover, Düppel requires no changes to hypervisors or support from cloud operators.
【Keywords】: cache-based side channel; cross-vm side channel; side-channel attack
【Paper Link】 【Pages】:839-850
【Authors】: Brendan Dolan-Gavitt ; Tim Leek ; Josh Hodosh ; Wenke Lee
【Abstract】: The ability to introspect into the behavior of software at runtime is crucial for many security-related tasks, such as virtual machine-based intrusion detection and low-artifact malware analysis. Although some progress has been made in this task by automatically creating programs that can passively retrieve kernel-level information, two key challenges remain. First, it is currently difficult to extract useful information from user-level applications, such as web browsers. Second, discovering points within the OS and applications to hook for active monitoring is still an entirely manual process. In this paper we propose a set of techniques to mine the memory accesses made by an operating system and its applications to locate useful places to deploy active monitoring, which we call tap points. We demonstrate the efficacy of our techniques by finding tap points for useful introspection tasks such as finding SSL keys and monitoring web browser activity on five different operating systems (Windows 7, Linux, FreeBSD, Minix and Haiku) and two processor architectures (ARM and x86).
【Keywords】: active monitoring; introspection; reverse engineering
【Paper Link】 【Pages】:851-862
【Authors】: Felix Schuster ; Thorsten Holz
【Abstract】: Backdoors in software systems probably exist since the very first access control mechanisms were implemented and they are a well-known security problem. Despite a wave of public discoveries of such backdoors over the last few years, this threat has only rarely been tackled so far. In this paper, we present an approach to reduce the attack surface for this kind of attacks and we strive for an automated identification and elimination of backdoors in binary applications. We limit our focus on the examination of server applications within a client-server model. At the core, we apply variations of the delta debugging technique and introduce several novel heuristics for the identification of those regions in binary application that backdoors are typically installed in (i.e., authentication and command processing functions). We demonstrate the practical feasibility of our approach on several real-world backdoors found in modified versions of the popular software tools ProFTPD and OpenSSH. Furthermore, we evaluate our implementation not only on common instruction set architectures such as x86-64, but also on commercial off-the-shelf embedded devices powered by a MIPS32 processor.
【Keywords】: binary analysis; dynamic analysis; software backdoors
【Paper Link】 【Pages】:863-874
【Authors】: Michael Backes ; Dario Fiore ; Raphael M. Reischuk
【Abstract】: We address the problem in which a client stores a large amount of data with an untrusted server in such a way that, at any moment, the client can ask the server to compute a function on some portion of its outsourced data. In this scenario, the client must be able to efficiently verify the correctness of the result despite no longer knowing the inputs of the delegated computation, it must be able to keep adding elements to its remote storage, and it does not have to fix in advance (i.e., at data outsourcing time) the functions that it will delegate. Even more ambitiously, clients should be able to verify in time independent of the input-size -- a very appealing property for computations over huge amounts of data. In this work we propose novel cryptographic techniques that solve the above problem for the class of computations of quadratic polynomials over a large number of variables. This class covers a wide range of significant arithmetic computations -- notably, many important statistics. To confirm the efficiency of our solution, we show encouraging performance results, e.g., correctness proofs have size below 1 kB and are verifiable by clients in less than 10 milliseconds.
【Keywords】: amortized closed-form efficient prf; cloudcomputing; homomorphic macs; secure data outsourcing; verifiable delegation of computation
【Paper Link】 【Pages】:875-888
【Authors】: Stanislaw Jarecki ; Charanjit S. Jutla ; Hugo Krawczyk ; Marcel-Catalin Rosu ; Michael Steiner
【Abstract】: In the setting of searchable symmetric encryption (SSE), a data owner D outsources a database (or document/file collection) to a remote server E in encrypted form such that D can later search the collection at E while hiding information about the database and queries from E. Leakage to E is to be confined to well-defined forms of data-access and query patterns while preventing disclosure of explicit data and query plaintext values. Recently, Cash et al. presented a protocol, OXT, which can run arbitrary boolean queries in the SSE setting and which is remarkably efficient even for very large databases. In this paper we investigate a richer setting in which the data owner D outsources its data to a server E but D is now interested to allow clients (third parties) to search the database such that clients learn the information D authorizes them to learn but nothing else while E still does not learn about the data or queried values as in the basic SSE setting. Furthermore, motivated by a wide range of applications, we extend this model and requirements to a setting where, similarly to private information retrieval, the client's queried values need to be hidden also from the data owner D even though the latter still needs to authorize the query. Finally, we consider the scenario in which authorization can be enforced by the data owner D without D learning the policy, a setting that arises in court-issued search warrants. We extend the OXT protocol of Cash et al. to support arbitrary boolean queries in all of the above models while withstanding adversarial non-colluding servers (D and E) and arbitrarily malicious clients, and while preserving the remarkable performance of the protocol.
【Keywords】: cryptography; private information retrieval; search on encrypted data; searchable symmetric encryption
【Paper Link】 【Pages】:889-900
【Authors】: Ninghui Li ; Wahbeh H. Qardaji ; Dong Su ; Yi Wu ; Weining Yang
【Abstract】: We introduce a novel privacy framework that we call Membership Privacy. The framework includes positive membership privacy, which prevents the adversary from significantly increasing its ability to conclude that an entity is in the input dataset, and negative membership privacy, which prevents leaking of non-membership. These notions are parameterized by a family of distributions that captures the adversary's prior knowledge. The power and flexibility of the proposed framework lies in the ability to choose different distribution families to instantiate membership privacy. Many privacy notions in the literature are equivalent to membership privacy with interesting distribution families, including differential privacy, differential identifiability, and differential privacy under sampling. Casting these notions into the framework leads to deeper understanding of the strengthes and weaknesses of these notions, as well as their relationships to each other. The framework also provides a principled approach to developing new privacy notions under which better utility can be achieved than what is possible under differential privacy.
【Keywords】: differential privacy; membership privacy; privacy notions
【Paper Link】 【Pages】:901-914
【Authors】: Miguel E. Andrés ; Nicolás Emilio Bordenabe ; Konstantinos Chatzikokolakis ; Catuscia Palamidessi
【Abstract】: The growing popularity of location-based systems, allowing unknown/untrusted servers to easily collect huge amounts of information regarding users' location, has recently started raising serious privacy concerns. In this paper we introduce geoind, a formal notion of privacy for location-based systems that protects the user's exact location, while allowing approximate information -- typically needed to obtain a certain desired service -- to be released. This privacy definition formalizes the intuitive notion of protecting the user's location within a radius $r$ with a level of privacy that depends on r, and corresponds to a generalized version of the well-known concept of differential privacy. Furthermore, we present a mechanism for achieving geoind by adding controlled random noise to the user's location. We describe how to use our mechanism to enhance LBS applications with geo-indistinguishability guarantees without compromising the quality of the application results. Finally, we compare state-of-the-art mechanisms from the literature with ours. It turns out that, among all mechanisms independent of the prior, our mechanism offers the best privacy guarantees.
【Keywords】: differential privacy; location obfuscation; location privacy; location-based services; planar laplace distribution
【Paper Link】 【Pages】:915-928
【Authors】: Tamara Denning ; Adam Lerner ; Adam Shostack ; Tadayoshi Kohno
【Abstract】: We scoped, designed, produced, and evaluated the effectiveness of a recreational tabletop card game created to raise awareness of and alter perceptions regarding-computer security. We discuss our process, the challenges that arose, and the decisions we made to address those challenges. As of May 2013, we have shipped approximately 800 free copies to 150 educators. We analyze and report on feedback from 22 of these educators about their experiences using Control-Alt-Hack with over 450 students in classroom and non-classroom contexts. The responses from the 14 educators who reported on their use of the game in a classroom context variously indicated that: their students' awareness of computer security as a complex and interesting field was increased (11/14); they would use the game again in their classroom (10/14); and they would recommend the game to others (13/14). Of note, 2 of the 14 classroom educators reported that they would not have otherwise covered the material. Additionally, we present results from user studies with 11 individuals and find that their responses indicate that 8 of the 11 had an increased awareness of computer security or a changed perception; furthermore, all of our intended goals are touched upon in their responses.
【Keywords】: card game; computer science education; computer security and privacy; computer security education; game; outreach; privacy; security; security awareness; security education; security outreach; tabletop games; tabletop security
【Paper Link】 【Pages】:929-940
【Authors】: Michael Weiner ; Maurice Massar ; Erik Tews ; Dennis Giese ; Wolfgang Wieser
【Abstract】: Electronic locking systems are rather new products in the physical access control market. In contrast to mechanical locking systems, they provide several convenient features such as more flexible access rights management, the possibility to revoke physical keys and the claim that electronic keys cannot be cloned as easily as their mechanical counterparts. While for some electronic locks, mechanical flaws have been found, only a few publications analyzed the cryptographic security of electronic locking systems. In this paper, we analyzed the electronic security of an electronic locking system which is still widely deployed in the field. We reverse-engineered the radio protocol and cryptographic primitives used in the system. While we consider the system concepts to be well-designed, we discovered some implementation flaws that allow the extraction of a system-wide master secret with a brute force attack or by performing a Differential Power Analysis attack to any electronic key. In addition, we discovered a weakness in the Random Number Generator that allows opening a door without breaking cryptography under certain circumstances. We suggest administrative and technical countermeasures against all proposed attacks. Finally, we give an examination of electronic lock security standards and recommend changes to one widely used standard that can help to improve the security of newly developed products.
【Keywords】: cryptography; des; embedded security; locking system; physical security; power analysis; prng; side-channel attack
【Paper Link】 【Pages】:941-942
【Authors】: Mikko Hypponen
【Abstract】:
【Keywords】: monitoring; privacy; surveillance
【Paper Link】 【Pages】:943-954
【Authors】: Aggelos Kiayias ; Qiang Tang
【Abstract】: How is it possible to prevent the sharing of cryptographic functions? This question appears to be fundamentally hard to address since in this setting the owner of the key is the adversary: she wishes to share a program or device that (potentially only partly) implements her main cryptographic functionality. Given that she possesses the cryptographic key, it is impossible for her to be prevented from writing code or building a device that uses that key. She may though be deterred from doing so. We introduce leakage-deterring public-key cryptosystems to address this problem. Such primitives have the feature of enabling the embedding of owner-specific private data into the owner's public-key so that given access to any (even partially functional) implementation of the primitive, the recovery of the data can be facilitated. We formalize the notion of leakage-deterring in the context of encryption, signature, and identification and we provide efficient generic constructions that facilitate the recoverability of the hidden data while retaining privacy as long as no sharing takes place.
【Keywords】: key management; leakage-deterring; public-key cryptography; self-enforcement
【Paper Link】 【Pages】:955-966
【Authors】: Marek Jawurek ; Florian Kerschbaum ; Claudio Orlandi
【Abstract】: Zero-knowledge protocols are one of the fundamental concepts in modern cryptography and have countless applications. However, after more than 30 years from their introduction, there are only very few languages (essentially those with a group structure) for which we can construct zero-knowledge protocols that are efficient enough to be used in practice. In this paper we address the problem of how to construct efficient zero-knowledge protocols for generic languages and we propose a protocol based on Yao's garbled circuit technique. The motivation for our work is that in many cryptographic applications it is useful to be able to prove efficiently statements of the form e.g., "I know x s.t.y = SHA-256(x)" for a common input y (or other "unstructured" languages), but no efficient protocols for this task are currently known. It is clear that zero-knowledge is a subset of secure two-party computation (i.e., any protocol for generic secure computation can be used to do zero-knowledge). The main contribution of this paper is to construct an efficient protocol for the special case of secure two-party computation where only one party has input (like in the zero-knowledge case). The protocol achieves active security and is essentially only twice as slow as the passive secure version of Yao's garbled circuit protocol. This is a great improvement with respect to the cut-n-choose technique to make Yao's protocol actively secure, where the complexity grows linearly with the security parameter.
【Keywords】: efficiency; garbled circuits; zero-knowledge proof
【Paper Link】 【Pages】:967-980
【Authors】: Daniel J. Bernstein ; Mike Hamburg ; Anna Krasnova ; Tanja Lange
【Abstract】: Censorship-circumvention tools are in an arms race against censors. The censors study all traffic passing into and out of their controlled sphere, and try to disable censorship-circumvention tools without completely shutting down the Internet. Tools aim to shape their traffic patterns to match unblocked programs, so that simple traffic profiling cannot identify the tools within a reasonable number of traces; the censors respond by deploying firewalls with increasingly sophisticated deep-packet inspection. Cryptography hides patterns in user data but does not evade censorship if the censor can recognize patterns in the cryptography itself. In particular, elliptic-curve cryptography often transmits points on known elliptic curves, and those points are easily distinguishable from uniform random strings of bits. This paper introduces high-security high-speed elliptic-curve systems in which elliptic-curve points are encoded so as to be indistinguishable from uniform random strings. At a lower level, this paper introduces a new bijection between strings and about half of all curve points; this bijection is applicable to every odd-characteristic elliptic curve with a point of order 2, except for curves of $j$-invariant 1728. This paper also presents guidelines to construct, and two examples of, secure curves suitable for these encodings.
【Keywords】: censorship circumvention; elliptic curves; injective maps
【Paper Link】 【Pages】:981-992
【Authors】: Antonis Papadogiannakis ; Laertis Loutsis ; Vassilis Papaefstathiou ; Sotiris Ioannidis
【Abstract】: Code injection attacks continue to pose a threat to today's computing systems, as they exploit software vulnerabilities to inject and execute arbitrary, malicious code. Instruction Set Randomization (ISR) is able to protect a system against remote machine code injection attacks by randomizing the instruction set of each process. This way, the attacker will inject invalid code that will fail to execute on the randomized processor. However, all the existing implementations of ISR are based on emulators and binary instrumentation tools that (i) incur a significant runtime performance overhead, (ii) limit the ease of deployment of ISR, (iii) cannot protect the underlying operating system kernel, and (iv) are vulnerable to evasion attempts trying to bypass ISR protection. To address these issues we propose ASIST: an architecture with hardware and operating system support for ISR. We present the design and implementation of ASIST by modifying and mapping a SPARC processor onto an FPGA board and running our modified Linux kernel to support the new features. The operating system loads the randomization key of each running process into a newly defined register, and the modified processor decodes the process's instructions with this key before execution. Moreover, ASIST protects the system against attacks that exploit kernel vulnerabilities to run arbitrary code with elevated privileges, by using a separate randomization key for the operating system. We show that ASIST transparently protects all applications and the operating system kernel from machine code injection attacks with less than 1.5% runtime overhead, while only requiring 0.7% additional hardware.
【Keywords】: architectural support; code injection attacks; hardware support; instruction set randomization; performance; security
【Paper Link】 【Pages】:993-1004
【Authors】: Andrei Homescu ; Stefan Brunthaler ; Per Larsen ; Michael Franz
【Abstract】: Just-in-time compilers (JITs) are here to stay. Unfortunately, they also provide new capabilities to cyber attackers, namely the ability to supply input programs (in languages such as JavaScript) that will then be compiled to executable code. Once this code is placed and marked as executable, it can then be leveraged by the attacker. Randomization techniques such as constant blinding raise the cost to the attacker, but they significantly add to the burden of implementing a JIT. There are a great many JITs in use today, but not even all of the most commonly used ones randomize their outputs. We present librando, the first comprehensive technique to harden JIT compilers in a completely generic manner by randomizing their output transparently ex post facto. We implement this approach as a system-wide service that can simultaneously harden multiple running JITs. It hooks into the memory protections of the target OS and randomizes newly generated code on the fly when marked as executable. In order to provide "black box" JIT hardening, librando needs to be extremely conservative. For example, it completely preserves the contents of the calling stack, presenting each JIT with the illusion that it is executing its own generated code. Yet in spite of the heavy lifting that librando performs behind the scenes, the performance impact is surprisingly low. For Java (HotSpot), we measured slowdowns by a factor of 1.15x, and for compute-intensive JavaScript (V8) benchmarks, a slowdown of 3.5x. For many applications, this overhead is low enough to be practical for general use today.
【Keywords】: binary rewriting; code reuse attacks; diversification; jit compilers; jit spraying; randomization; return-oriented programming; security
【Paper Link】 【Pages】:1005-1016
【Authors】: Kyu Hyung Lee ; Xiangyu Zhang ; Dongyan Xu
【Abstract】: System-level audit logs capture the interactions between applications and the runtime environment. They are highly valuable for forensic analysis that aims to identify the root cause of an attack, which may occur long ago, or to determine the ramifications of an attack for recovery from it. A key challenge of audit log-based forensics in practice is the sheer size of the log files generated, which could grow at a rate of Gigabytes per day. In this paper, we propose LogGC, an audit logging system with garbage collection (GC) capability. We identify and overcome the unique challenges of garbage collection in the context of computer forensic analysis, which makes LogGC different from traditional memory GC techniques. We also develop techniques that instrument user applications at a small number of selected places to emit additional system events so that we can substantially reduce the false dependences between system events to improve GC effectiveness. Our results show that LogGC can reduce audit log size by 14 times for regular user systems and 37 times for server systems, without affecting the accuracy of forensic analysis.
【Keywords】: attack provenance; audit log; garbage collection; reverse engineering
【Paper Link】 【Pages】:1017-1028
【Authors】: Xiao-yong Zhou ; Soteris Demetriou ; Dongjing He ; Muhammad Naveed ; Xiaorui Pan ; XiaoFeng Wang ; Carl A. Gunter ; Klara Nahrstedt
【Abstract】: The design of Android is based on a set of unprotected shared resources, including those inherited from Linux (e.g., Linux public directories). However, the dramatic development in Android applications (app for short) makes available a large amount of public background information (e.g., social networks, public online services), which can potentially turn such originally harmless resource sharing into serious privacy breaches. In this paper, we report our work on this important yet understudied problem. We discovered three unexpected channels of information leaks on Android: per-app data-usage statistics, ARP information, and speaker status (on or off). By monitoring these channels, an app without any permission may acquire sensitive information such as smartphone user's identity, the disease condition she is interested in, her geo-locations and her driving route, from top-of-the-line Android apps. Furthermore, we show that using existing and new techniques, this zero-permission app can both determine when its target (a particular application) is running and send out collected data stealthily to a remote adversary. These findings call into question the soundness of the design assumptions on shared resources, and demand effective solutions. To this end, we present a mitigation mechanism for achieving a delicate balance between utility and privacy of such resources.
【Keywords】: information leaks; mobile security; privacy
【Paper Link】 【Pages】:1029-1042
【Authors】: Adwait Nadkarni ; William Enck
【Abstract】: Modern OSes such as Android, iOS, and Windows 8 have changed the way consumers interact with computing devices. Tasks are often completed by stringing together a collection of purpose-specific user applications (e.g., a barcode reader, a social networking app, a document viewer). As users direct this workflow between applications, it is difficult to predict the consequence of each step. Poor selection may result in accidental information disclosure when the target application unknowingly uses cloud services. This paper presents Aquifer as a policy framework and system for preventing accidental information disclosure in modern operating systems. In Aquifer, application developers define secrecy restrictions that protect the entire user interface workflow defining the user task. In doing so, Aquifer provides protection beyond simple permission checks and allows applications to retain control of data even after it is shared.
【Keywords】: access control; information flow control; os security
【Paper Link】 【Pages】:1043-1054
【Authors】: Zhemin Yang ; Min Yang ; Yuan Zhang ; Guofei Gu ; Peng Ning ; Xiaoyang Sean Wang
【Abstract】: Android phones often carry personal information, attracting malicious developers to embed code in Android applications to steal sensitive data. With known techniques in the literature, one may easily determine if sensitive data is being transmitted out of an Android phone. However, transmission of sensitive data in itself does not necessarily indicate privacy leakage; a better indicator may be whether the transmission is by user intention or not. When transmission is not intended by the user, it is more likely a privacy leakage. The problem is how to determine if transmission is user intended. As a first solution in this space, we present a new analysis framework called AppIntent. For each data transmission, AppIntent can efficiently provide a sequence of GUI manipulations corresponding to the sequence of events that lead to the data transmission, thus helping an analyst to determine if the data transmission is user intended or not. The basic idea is to use symbolic execution to generate the aforementioned event sequence, but straightforward symbolic execution proves to be too time-consuming to be practical. A major innovation in AppIntent is to leverage the unique Android execution model to reduce the search space without sacrificing code coverage. We also present an evaluation of AppIntent with a set of 750 malicious apps, as well as 1,000 top free apps from Google Play. The results show that AppIntent can effectively help separate the apps that truly leak user privacy from those that do not.
【Keywords】: android security; privacy leakage detection; symbolic execution
【Paper Link】 【Pages】:1055-1062
【Authors】: Robert Kotcher ; Yutong Pei ; Pranjal Jumde ; Collin Jackson
【Abstract】: Timing attacks rely on systems taking varying amounts of time to process different input values. This is usually the result of either conditional branching in code or differences in input size. Using CSS default filters, we have discovered a variety of timing attacks that work in multiple browsers and devices. The first attack exploits differences in time taken to render various DOM trees. This knowledge can be used to determine boolean values such as whether or not a user has an account with a particular website. Second, we introduce pixel stealing. Pixel stealing attacks can be used to sniff user history and read text tokens.
【Keywords】: css-filters; css-shaders; opengl es; privacy; timing attacks
【Paper Link】 【Pages】:1063-1074
【Authors】: Yi Xu ; Jared Heinly ; Andrew M. White ; Fabian Monrose ; Jan-Michael Frahm
【Abstract】: Of late, threats enabled by the ubiquitous use of mobile devices have drawn much interest from the research community. However, prior threats all suffer from a similar, and profound, weakness - namely the requirement that the adversary is either within visual range of the victim (e.g., to ensure that the pop-out events in reflections in the victim's sunglasses can be discerned) or is close enough to the target to avoid the use of expensive telescopes. In this paper, we broaden the scope of the attacks by relaxing these requirements and show that breaches of privacy are possible even when the adversary is around a corner. The approach we take overcomes challenges posed by low image resolution by extending computer vision methods to operate on small, high-noise, images. Moreover, our work is applicable to all types of keyboards because of a novel application of fingertip motion analysis for key-press detection. In doing so, we are also able to exploit reflections in the eyeball of the user or even repeated reflections (i.e., a reflection of a reflection of the mobile device in the eyeball of the user). Our empirical results show that we can perform these attacks with high accuracy, and can do so in scenarios that aptly demonstrate the realism of this threat.
【Keywords】: compromising emanations; mobile devices
【Paper Link】 【Pages】:1075-1086
【Authors】: Haichang Gao ; Wei Wang ; Jiao Qi ; Xuqin Wang ; Xiyang Liu ; Jeff Yan
【Abstract】: CAPTCHA is now a standard security technology for differentiating between computers and humans, and the most widely deployed schemes are text-based. While many text schemes have been broken, hollow CAPTCHAs have emerged as one of the latest designs, and they have been deployed by major companies such as Yahoo!, Tencent, Sina, China Mobile and Baidu. A main feature of such schemes is to use contour lines to form connected hollow characters with the aim of improving security and usability simultaneously, as it is hard for standard techniques to segment and recognize such connected characters, which are however easy to human eyes. In this paper, we provide the first analysis of hollow CAPTCHAs' robustness. We show that with a simple but novel attack, we can successfully break a whole family of hollow CAPTCHAs, including those deployed by all the major companies. While our attack casts serious doubt on the viability of current designs, we offer lessons and guidelines for designing better hollow CAPTCHAs.
【Keywords】: captcha; convolutional neural network; graph search; security
【Paper Link】 【Pages】:1087-1098
【Authors】: Foteini Baldimtsi ; Anna Lysyanskaya
【Abstract】: We define and propose an efficient and provably secure construction of blind signatures with attributes. Prior notions of blind signatures did not yield themselves to the construction of anonymous credential systems, not even if we drop the unlinkability requirement of anonymous credentials. Our new notion in contrast is a convenient building block for anonymous credential systems. The construction we propose is efficient: it requires just a few exponentiations in a prime-order group in which the decisional Diffie-Hellman problem is hard. Thus, for the first time, we give a provably secure construction of anonymous credentials that can work in the elliptic group setting without bilinear pairings and is based on the DDH assumption. In contrast, prior provably secure constructions were based on the RSA group or on groups with pairings, which made them prohibitively inefficient for mobile devices, RFIDs and smartcards. The only prior efficient construction that could work in such elliptic curve groups, due to Brands, does not have a proof of security.
【Keywords】: anonymous credentials; attributes; blind signatures; lightweight devices; private identity management
【Paper Link】 【Pages】:1099-1112
【Authors】: Masoud Rostami ; Ari Juels ; Farinaz Koushanfar
【Abstract】: We present Heart-to-Heart (H2H), a system to authenticate external medical device controllers and programmers to Implantable Medical Devices (IMDs). IMDs, which include pacemakers and cardiac defibrillators, are therapeutic medical devices partially or wholly embedded in the human body. They often have built-in radio communication to facilitate non-invasive reprogramming and data readout. Many IMDs, though, lack well designed authentication protocols, exposing patients to over-the-air attack and physical harm. H2H makes use of ECG (heartbeat data) as an authentication mechanism, ensuring access only by a medical instrument in physical contact with an IMD-bearing patient. Based on statistical analysis of real-world data, we propose and analyze new techniques for extracting time-varying randomness from ECG signals for use in H2H. We introduce a novel cryptographic device pairing protocol that uses this randomness to protect against attacks by active adversaries, while meeting the practical challenges of lightweight implementation and noise tolerance in ECG readings. Finally, we describe an end-to-end implementation in an ARM-Cortex M-3 microcontroller that demonstrates the practicality of H2H in current IMD hardware. Previous schemes have had goals much like those of H2H, but with serious limitations making them unfit for deployment---such as naively designed cryptographic pairing protocols (some of them recently broken). In addition to its novel analysis and use of ECG entropy, H2H is the first physiologically-based IMD device pairing protocol with a rigorous adversarial model and protocol analysis.
【Keywords】: imd security; implantable medical devices; security protocols
【Paper Link】 【Pages】:1113-1128
【Authors】: Andrew Chi-Chih Yao ; Yunlei Zhao
【Abstract】: Cryptographic algorithm standards play an important role both to the practice of information security and to cryptography theory research. Among them, the KEA and OPACITY (KEA/OPACITY, in short) protocols, and the MQV and HMQV ((H)MQV, in short) protocols, are a family of implicitly authenticated Diffie-Hellman key-exchange (IA-DHKE) protocols that are among the most efficient authenticated key-exchange protocols known and are widely standardized. In this work, from some new design insights, we develop a new family of practical IA-DHKE protocols, referred to as OAKE (standing for "optimal authenticated key-exchange" in brief). We show that the OAKE protocol family combines, in essence, the advantages of both (H)MQV and KEA/OPACITY, while saving from or alleviating the disadvantages of them both.
【Keywords】: authentication; key exchange; standards
【Paper Link】 【Pages】:1129-1140
【Authors】: Gunes Acar ; Marc Juárez ; Nick Nikiforakis ; Claudia Díaz ; Seda F. Gürses ; Frank Piessens ; Bart Preneel
【Abstract】: In the modern web, the browser has emerged as the vehicle of choice, which users are to trust, customize, and use, to access a wealth of information and online services. However, recent studies show that the browser can also be used to invisibly fingerprint the user: a practice that may have serious privacy and security implications. In this paper, we report on the design, implementation and deployment of FPDetective, a framework for the detection and analysis of web-based fingerprinters. Instead of relying on information about known fingerprinters or third-party-tracking blacklists, FPDetective focuses on the detection of the fingerprinting itself. By applying our framework with a focus on font detection practices, we were able to conduct a large scale analysis of the million most popular websites of the Internet, and discovered that the adoption of fingerprinting is much higher than previous studies had estimated. Moreover, we analyze two countermeasures that have been proposed to defend against fingerprinting and find weaknesses in them that might be exploited to bypass their protection. Finally, based on our findings, we discuss the current understanding of fingerprinting and how it is related to Personally Identifiable Information, showing that there needs to be a change in the way users, companies and legislators engage with fingerprinting.
【Keywords】: device fingerprinting; dynamic analysis; flash; javascript; privacy; tracking; web security
【Paper Link】 【Pages】:1141-1152
【Authors】: Mathias Humbert ; Erman Ayday ; Jean-Pierre Hubaux ; Amalio Telenti
【Abstract】: The rapid progress in human-genome sequencing is leading to a high availability of genomic data. This data is notoriously very sensitive and stable in time. It is also highly correlated among relatives. A growing number of genomes are becoming accessible online (e.g., because of leakage, or after their posting on genome-sharing websites). What are then the implications for kin genomic privacy? We formalize the problem and detail an efficient reconstruction attack based on graphical models and belief propagation. With this approach, an attacker can infer the genomes of the relatives of an individual whose genome is observed, relying notably on Mendel's Laws and statistical relationships between the nucleotides (on the DNA sequence). Then, to quantify the level of genomic privacy as a result of the proposed inference attack, we discuss possible definitions of genomic privacy metrics. Genomic data reveals Mendelian diseases and the likelihood of developing degenerative diseases such as Alzheimer's. We also introduce the quantification of health privacy, specifically the measure of how well the predisposition to a disease is concealed from an attacker. We evaluate our approach on actual genomic data from a pedigree and show the threat extent by combining data gathered from a genome-sharing website and from an online social network.
【Keywords】: genomic privacy; inference algorithms; kinship; metrics
【Paper Link】 【Pages】:1153-1166
【Authors】: David Isaac Wolinsky ; Ewa Syta ; Bryan Ford
【Abstract】: Some anonymity schemes might in principle protect users from pervasive network surveillance--but only if all messages are independent and unlinkable. Users in practice often need pseudonymity--sending messages intentionally linkable to each other but not to the sender--but pseudonymity in dynamic networks exposes users to intersection attacks. We present Buddies, the first systematic design for intersection attack resistance in practical anonymity systems. Buddies groups users dynamically into buddy sets, controlling message transmission to make buddies within a set behaviorally indistinguishable under traffic analysis. To manage the inevitable tradeoffs between anonymity guarantees and communication responsiveness, Buddies enables users to select independent attack mitigation policies for each pseudonym. Using trace-based simulations and a working prototype, we find that Buddies can guarantee non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for both short-lived and long-lived pseudonyms.
【Keywords】: anonymity; disclosure; intersection; pseudonymity
【Paper Link】 【Pages】:1167-1180
【Authors】: Alexander Moshchuk ; Helen J. Wang ; Yunxin Liu
【Abstract】: Modern client platforms, such as iOS, Android, Windows Phone, and Windows 8, have progressed from a per-user isolation policy, where users are isolated but a user's applications run in the same isolation container, to an application isolation policy, where different applications are isolated from one another. However, this is not enough because mutually distrusting content can interfere with one another inside a single application. For example, an attacker-crafted image may compromise a photo editor application and steal other images processed by the editor. In this paper, we advocate a content-based principal model in which the OS treats content owners as its principals and isolates content of different owners from one another. Our key contribution is to generalize the content-based principal model from web browsers, namely, the same-origin policy, into an isolation policy that is suitable for all applications. The key challenge we faced is to support flexible isolation granularities while remaining compatible with the web. In this paper, we present the design, implementation, and evaluation of our prototype system that tackles this challenge.
【Keywords】: isolation; same-origin policy; web browsers
【Paper Link】 【Pages】:1181-1192
【Authors】: Sooel Son ; Kathryn S. McKinley ; Vitaly Shmatikov
【Abstract】: Code injection attacks continue to plague applications that incorporate user input into executable programs. For example, SQL injection vulnerabilities rank fourth among all bugs reported in CVE, yet all previously proposed methods for detecting SQL injection attacks suffer from false positives and false negatives. This paper describes the design and implementation of DIGLOSSIA, a new tool that precisely and efficiently detects code injection attacks on server-side Web applications generating SQL and NoSQL queries. The main problems in detecting injected code are (1) recognizing code in the generated query, and (2) determining which parts of the query are tainted by user input. To recognize code, DIGLOSSIA relies on the precise definition due to Ray and Ligatti. To identify tainted characters, DIGLOSSIA dynamically maps all application-generated characters to shadow characters that do not occur in user input and computes shadow values for all input-dependent strings. Any original characters in a shadow value are thus exactly the taint from user input. Our key technical innovation is dual parsing. To detect injected code in a generated query, DIGLOSSIA parses the query in tandem with its shadow and checks that (1) the two parse trees are syntactically isomorphic, and (2) all code in the shadow query is in shadow characters and, therefore, originated from the application itself, as opposed to user input. We demonstrate that DIGLOSSIA accurately detects both SQL and NoSQL code injection attacks while avoiding the false positives and false negatives of prior methods. By recasting the problem of detecting injected code as a string propagation and parsing problem, we gain substantial improvements in efficiency and precision over prior work. Our approach does not require any changes to the databases, Web servers, or Web browsers, adds virtually unnoticeable performance overhead, and is deployable today.
【Keywords】: code injection; dynamic analysis; nosql injection; sql injection; taint tracking; web application security
【Paper Link】 【Pages】:1193-1204
【Authors】: Sebastian Lekies ; Ben Stock ; Martin Johns
【Abstract】: In recent years, the Web witnessed a move towards sophis- ticated client-side functionality. This shift caused a signifi- cant increase in complexity of deployed JavaScript code and thus, a proportional growth in potential client-side vulnera- bilities, with DOM-based Cross-site Scripting being a high impact representative of such security issues. In this paper, we present a fully automated system to detect and validate DOM-based XSS vulnerabilities, consisting of a taint-aware JavaScript engine and corresponding DOM implementation as well as a context-sensitive exploit generation approach. Using these components, we conducted a large-scale analysis of the Alexa top 5000. In this study, we identified 6167 unique vulnerabilities distributed over 480 domains, show- ing that 9,6% of the examined sites carry at least one DOM- based XSS problem.
【Keywords】: dom-based xss; exploit generation; taint tracking; vulnerability detection
【Paper Link】 【Pages】:1205-1216
【Authors】: Adam Doupé ; Weidong Cui ; Mariusz H. Jakubowski ; Marcus Peinado ; Christopher Kruegel ; Giovanni Vigna
【Abstract】: Web applications are constantly under attack. They are popular, typically accessible from anywhere on the Internet, and they can be abused as malware delivery systems. Cross-site scripting flaws are one of the most common types of vulnerabilities that are leveraged to compromise a web application and its users. A large set of cross-site scripting vulnerabilities originates from the browser's confusion between data and code. That is, untrusted data input to the web application is sent to the clients' browser, where it is then interpreted as code and executed. While new applications can be designed with code and data separated from the start, legacy web applications do not have that luxury. This paper presents a novel approach to securing legacy web applications by automatically and statically rewriting an application so that the code and data are clearly separated in its web pages. This transformation protects the application and its users from a large range of server-side cross-site scripting attacks. Moreover, the code and data separation can be efficiently enforced at run time via the Content Security Policy enforcement mechanism available in modern browsers. We implemented our approach in a tool, called deDacota, that operates on binary ASP.NET applications. We demonstrate on six real-world applications that our tool is able to automatically separate code and data, while keeping the application's semantics unchanged.
【Keywords】: code and data separation; content security policy; cross-site scripting; csp; xss
【Paper Link】 【Pages】:1217-1230
【Authors】: José Bacelar Almeida ; Manuel Barbosa ; Gilles Barthe ; François Dupressoir
【Abstract】: We present a computer-aided framework for proving concrete security bounds for cryptographic machine code implementations. The front-end of the framework is an interactive verification tool that extends the EasyCrypt framework to reason about relational properties of C-like programs extended with idealised probabilistic operations in the style of code-based security proofs. The framework also incorporates an extension of the CompCert certified compiler to support trusted libraries providing complex arithmetic calculations or instantiating idealized components such as sampling operations. This certified compiler allows us to carry to executable code the security guarantees established at the high-level, and is also instrumented to detect when compilation may interfere with side-channel countermeasures deployed in source code. We demonstrate the applicability of the framework by applying it to the RSA-OAEP encryption scheme, as standardized in PKCS#1 v2.1. The outcome is a rigorous analysis of the advantage of an adversary to break the security of assembly implementations of the algorithms specified by the standard. The example also provides two contributions of independent interest: it bridges the gap between computer-assisted security proofs and real-world cryptographic implementations as described by standards such as PKCS,and demonstrates the use of the CompCert certified compiler in the context of cryptographic software development.
【Keywords】: formal methods
【Paper Link】 【Pages】:1231-1246
【Authors】: Gergei Bana ; Koji Hasebe ; Mitsuhiro Okada
【Abstract】: Recently, Bana and Comon-Lundh introduced the notion of computationally complete symbolic attacker to deliver unconditional computational soundness to symbolic protocol verification. First we explain the relationship between their technique and Fitting's embedding of classical logic into S4. Then, based on predicates for "key usability", we provide an axiomatic system in their framework to handle secure encryption when keys are allowed to be sent. We examine both IND-CCA2 and KDM-CCA2 encryptions, both symmetric and asymmetric situations. For unforgeability, we consider INT-CTXT encryptions. This technique does not require the usual limitations of computational soundness such as the absence of dynamic corruption, the absence of key-cycles or unambiguous parsing of bit strings. In particular, if a key-cycle possibly corrupts CCA2 encryption, our technique delivers an attack. If it does not endanger security, the security proof goes through. We illustrate how our notions can be applied in protocol proofs.
【Keywords】: computational soundness; security protocols
【Paper Link】 【Pages】:1247-1260
【Authors】: Gilles Barthe ; Juan Manuel Crespo ; Benjamin Grégoire ; César Kunz ; Yassine Lakhnech ; Benedikt Schmidt ; Santiago Zanella Béguelin
【Abstract】: Computer-aided verification provides effective means of analyzing the security of cryptographic primitives. However, it has remained a challenge to achieve fully automated analyses yielding guarantees that hold against computational (rather than symbolic) attacks. This paper meets this challenge for public-key encryption schemes built from trapdoor permutations and hash functions. Using a novel combination of techniques from computational and symbolic cryptography, we present proof systems for analyzing the chosen-plaintext and chosen-ciphertext security of such schemes in the random oracle model. Building on these proof systems, we develop a toolset that bundles together fully automated proof and attack finding algorithms. We use this toolset to build a comprehensive database of encryption schemes that records attacks against insecure schemes, and proofs with concrete bounds for secure ones.
【Keywords】: attack finding; automated proofs; provable security; public-key encryption; static equivalence
【Paper Link】 【Pages】:1261-1272
【Authors】: Florian Böhl ; Véronique Cortier ; Bogdan Warinschi
【Abstract】: Most computational soundness theorems deal with a limited number of primitives, thereby limiting their applicability. The notion of deduction soundness of Cortier and Warinschi (CCS'11) aims to facilitate soundness theorems for richer frameworks via composition results: deduction soundness can be extended, generically, with asymmetric encryption and public data structures. Unfortunately, that paper also hints at rather serious limitations regarding further composition results: composability with digital signatures seems to be precluded. In this paper we provide techniques for bypassing the perceived limitations of deduction soundness and demonstrate that it enjoys vastly improved composition properties. More precisely, we show that a deduction sound implementation can be modularly extended with all of the five basic cryptographic primitives (symmetric/asymmetric encryption, message authentication codes, digital signatures, and hash functions). We thus obtain the first soundness framework that allows for the joint use of multiple instances of all of the basic primitives. In addition, we show how to overcome an important restriction of the bare deduction soundness framework which forbids sending encrypted secret keys. In turn, this prevents its use for the analysis of a large class of interesting protocols (e.g.~key exchange protocols). We allow for more liberal uses of keys as long as they are hidden in a sense that we also define. All primitives typically used to send secret data (symmetric/asymmetric encryption) satisfy our requirement which we also show to be preserved under composition.
【Keywords】: composability; computational soundness
【Paper Link】 【Pages】:1273-1284
【Authors】: Kelsey Cairns ; Thoshitha T. Gamage ; Carl Hauser
【Abstract】: This paper presents a new hash chain traversal strategy which improves performance of hash chain based one-time authentication schemes. This work is motivated by the need for efficient message authentication in low-latency multicast systems. Proposed solutions such as TV-OTS rely on hash chain generated values for keys, achieving reliable security by using only a small subset of generated values from each chain. However, protocols using hash chains are limited by the rate at which a hash chain traversal is able to supply keys. The new algorithm uses the same structure as Fractal Hash Traversal, but eliminates redundant operations incurred when used with applications such as TV-OTS. Performance is measured in terms of savings and is proportional to the chain-distance between consecutively retrieved values. For a distance of delta, we achieve Theta(delta_2(delta)) savings, which is shown analytically and supported by empirical tests.
【Keywords】: data authentication; hash chain; key management; key retrieval; one-time signature; time validation; traversal
【Paper Link】 【Pages】:1285-1296
【Authors】: Sumeet Bajaj ; Radu Sion
【Abstract】: Ensuring complete irrecoverability of deleted data is difficult to achieve in modern systems. Simply overwriting data or deploying encryption with ephemeral keys is not sufficient. The mere (previous) existence of deleted records impacts the current system state implicitly at all layers. This can be used as an oracle to derive information about the past existence of deleted records. Yet there is hope. If all system layers would exhibit history independence, such implicit history-related oracles would disappear. However, achieving history independence efficiently is hard due to the fact that current systems are designed to heavily benefit from (data and time) locality at all layers through heavy caching, and existing history independent data structures completely destroy locality. In this work we devise a way to achieve history independence while preserving locality (and thus be practical). We then design, implement and experimentally evaluate the first history independent file system (HIFS). HIFS guarantees secure deletion by providing full history independence across both file system and disk layers of the storage stack. It preserves data locality, and provides tunable efficiency knobs to suit different application history-sensitive scenarios.
【Keywords】: file system; history independence; secure deletion
【Paper Link】 【Pages】:1297-1310
【Authors】: Shruti Tople ; Shweta Shinde ; Zhaofeng Chen ; Prateek Saxena
【Abstract】: Web servers are vulnerable to a large class of attacks which can allow network attacker to steal sensitive web content. In this work, we investigate the feasibility of a web server architecture, wherein the vulnerable server VM runs on a trusted cloud. All sensitive web content is made available to the vulnerable server VM in encrypted form, thereby limiting the effectiveness of data-stealing attacks through server VM compromise. In this context, the main challenge is to allow the legitimate functionality of the untrusted server VM to work. As a step towards this goal, we develop a tool called AutoCrypt, which transforms a subset of existing C functionality in the web stack to operate on encrypted sensitive content. We show that such a transformation is feasible for several standard Unix utilities available in a typical LAMP stack, with no developer effort. Key to achieving this expressiveness over encrypted data, is our scheme to combine and convert between partially-homomorphic encryption (PHE) schemes using a small TCB in the trusted cloud hypervisor. We show that x86 code transformed with AutoCrypt achieves performance that is significantly better than its alternatives (downloading to a trusted client, or using fully-homomorphic encryption).
【Keywords】: homomorphic encryption; type system; web security
【Paper Link】 【Pages】:1311-1324
【Authors】: Xinshu Dong ; Zhaofeng Chen ; Hossein Siadati ; Shruti Tople ; Prateek Saxena ; Zhenkai Liang
【Abstract】: Web browsers isolate web origins, but do not provide direct abstractions to isolate sensitive data and control computation over it within the same origin. As a result, guaranteeing security of sensitive web content requires trusting all code in the browser and client-side applications to be vulnerability-free. In this paper, we propose a new abstraction, called Crypton, which supports intra-origin control over sensitive data throughout its life cycle. To securely enforce the semantics of Cryptons, we develop a standalone component called Crypton-Kernel, which extensively leverages the functionality of existing web browsers without relying on their large TCB. Our evaluation demonstrates that the Crypton abstraction supported by the Crypton-Kernel is widely applicable to popular real-world applications with millions of users, including webmail, chat, blog applications, and Alexa Top 50 websites, with low performance overhead.
【Keywords】: browser security; data protection; web security
【Paper Link】 【Pages】:1325-1328
【Authors】: Florian Kerschbaum ; Patrick Grofig ; Isabelle Hang ; Martin Härterich ; Mathias Kohler ; Andreas Schaad ; Axel Schröpfer ; Walter Tighzert
【Abstract】: Recent databases are implemented as in-memory column-stores. Adjustable encryption offers a solution to encrypted database processing in the cloud. We show that the two technologies play well together by providing an analysis and prototype results that demonstrate the impact of mechanisms at the database side (dictionaries and their compression) and cryptographic mechanisms at the adjustable encryption side (order-preserving, homomorphic, deterministic and probabilistic encryption).
【Keywords】: column store; database outsourcing; encryption; in-memory
【Paper Link】 【Pages】:1329-1332
【Authors】: Xihui Chen ; Carlo Harpes ; Gabriele Lenzini ; Miguel Martins ; Sjouke Mauw ; Jun Pang
【Abstract】: Through real-life experiments, it has been proved that spoofing is a practical threat to applications using the free civil service provided by Global Navigation Satellite Systems (GNSS). In this paper, we demonstrate a prototype that can verify the integrity of GNSS civil signals. By integrity we intuitively mean that civil signals originate from a GNSS satellite without having been artificially interfered with. Our prototype provides interfaces that can incorporate existing spoofing detection methods whose results are then combined into an overall evaluation of the signal's integrity, which we call integrity level. Considering the various security requirements from different applications, integrity levels can be calculated in many ways determined by their users. We also present an application scenario that deploys our prototype and offers a public central service -- localisation assurance certification. Through experiments, we successfully show that our prototype is not only effective but also efficient in practice.
【Keywords】: gnss signal; signal integrity; spoofing
【Paper Link】 【Pages】:1333-1336
【Authors】: Anthony Van Herrewege ; André Schaller ; Stefan Katzenbeisser ; Ingrid Verbauwhede
【Abstract】: Research on Physically Unclonable Functions (PUFs) has become very popular in recent years. However, all PUFs researched so far require either ASICs, FPGAs or a microcontroller with external components. Our research focuses on identifying PUFs in commercial off-the-shelf devices, e.g. microcontrollers. We show that PUFs exist in several off-theshelf products, which can be used for security applications. We present measurement results on the PUF behavior of five of the most popular microcontrollers today: ARM Cortex A,ARM Cortex-M,Atmel AVR, Microchip PIC16 and Texas Instruments MSP430. Based on these measurements, we can calculate whether these chips can be considered for applications requiring strong cryptography. As a result of these findings, we present a secure bootloader for the ARM Cortex-A9 platform based on a PUF inherent to the device, requiring no external components. Furthermore, instead of discarding the randomness in PUF responses, we utilize this to create strong seeds for pseudo-random number generators (PRNGs). The existence of a secure RNG is at the heart of virtually every cryptographic protocol, yet very often overlooked. We present the implementation of a strongly seeded PRNG for the ARM Cortex-M family, again requiring no external components.
【Keywords】: physically unclonable functions; pseudo-random number generation; secure boot
【Paper Link】 【Pages】:1337-1340
【Authors】: Prabhakaran Kasinathan ; Gianfranco Costamagna ; Hussein Khaleel ; Claudio Pastrone ; Maurizio A. Spirito
【Abstract】: The Internet of Things (IoT) is an emerging paradigm where smart objects are seamlessly connected to the overall Internet and can potentially cooperate to achieve common objectives such as supporting innovative home automation services. With reference to such a scenario, this paper presents an Intrusion Detection System (IDS) framework for IoT empowered by IPv6 over low-power personal area network (6LoWPAN) devices. In fact, 6LoWPAN is an interesting protocol supporting the realization of IoT in a resource constrained environment. 6LoWPAN devices are vulnerable to attacks inherited from both the wireless sensor networks and the Internet protocols. The proposed IDS framework which includes a monitoring system and a detection engine has been integrated into the network framework developed within the EU FP7 project `ebbits'. A penetration testing (PenTest) system had been used to evaluate the performance of the implemented IDS framework. Preliminary tests revealed that the proposed framework represents a promising solution for ensuring better security in 6LoWPANs.
【Keywords】: 6lowpan security; denial-of-service attacks; internet of things (iot); intrusion detection system
【Paper Link】 【Pages】:1341-1344
【Authors】: Raphael M. Reischuk ; Florian Schröder ; Johannes Gehrke
【Abstract】: We propose a demonstration of SAFE with some of its newest security features. SAFE is a framework for modern Web application development with automated state consistency, enforced security at various levels, and design for Web personalization and extensibility. With the emerging complexity in (extensible) data-driven Web application development, in particular in terms of consistent data management with multiple clients (many Facebook users), ownership preservation (various Facebook user items with individual intellectual property), and data privacy (sensitive Facebook user data), we believe a demo of a comprehensive data-centric and secure Web application framework with declarative specifications for many modern Web features will be of considerable interest to the security community. In particular, we think it is interesting to see a demonstration of how fast and how intuitive the secure customization of a true multi-tier Web application can be.
【Keywords】: access control; extensibility; web security
【Paper Link】 【Pages】:1345-1348
【Authors】: Yury Zhauniarovich ; Olga Gadyatskaya ; Bruno Crispo
【Abstract】: In the Android ecosystem, the process of verifying the integrity of downloaded apps is left to the user. Different from other systems, e.g., Apple App Store, Google does not provide any certified vetting process for the Android apps. This choice has a lot of advantages but it is also the open door to possible attacks as the recent one shown by Bluebox. To address this issue, this demo presents how to enable the deployment of application certification service, we called TruStore, for the Android platform. In our approach, the TruStore client enabled on the end-user device ensures that only the applications, which have been certified by the TruStore server, are installed on the user smartphone. We envisage trusted markets (TruStore servers, which can be, e.g., corporate application markets) that guarantee security by enabling an application vetting process. The TruStore infrastructure maintains the open nature of the Android ecosystem and requires minor modifications to Android stack. Moreover, it is backward-compatible and transparent for developers, and does not change the application management process on a device.
【Keywords】: android; application markets; trusted installation
【Paper Link】 【Pages】:1349-1350
【Authors】: Enrique Argones-Rúa ; Francisco Javier García Salomón ; Luis Pérez-Freire
【Abstract】: A successful deployment of biometric-based recognition systems in real-life applications depends on crucial issues such as data security and privacy, which have to be specifically addressed. Besides, cryptographic key protection can represent the main weakness of a secured transmission. In this demonstration a system for encryption and digital signature of generic digital documents (SAES, standing for Signature-based Assymetric Encryption System) is presented, where cryptographic keys are protected by the hand-written signature of the user. Furthermore, a demonstration of a the handwritten online signature verification system (SVS) based on non-protected templates will also be performed.
【Keywords】: cryptobiometrics; handwritten signature verification; hidden markov models
【Paper Link】 【Pages】:1351-1354
【Authors】: Manish Shukla ; Purushotam G. Radadia ; Shirish Subhash Karande ; Sachin Lodha
【Abstract】: Phone based card payments utilize inband DTMF signaling to convey data. Since the DTMF signals are audible to a human ear, a call operator is in position to carry out a privacy attack. We investigate real-time techniques that can obfuscate the 'digit' values without deteriorating the voice quality. Furthermore, we consider a setting where the privacy solution is being provided by a third party which does not have the benefit of open interfaces to the communication application. Our experiments reveal the efficacy of binary interception to 'inject' the signal filtering. Meanwhile, we observe that several DTMF suppression techniques that have been proposed in literature can leave a residue that is sufficient for de-anonymizing the digit value. In light of these observations, we argue in favor of more modest privacy guarantees, which can be achieved by suppressing only the higher frequency. We show that margin crossings and peak variances can be used for fast pre-filtering of audio to detect the presence of a tone, thus reducing the computational needs.
【Keywords】: dtmf; hot patching; privacy
【Paper Link】 【Pages】:1355-1358
【Authors】: Stephan Neuhaus ; Gabriela Gheorghe
【Abstract】: Many security job ads mention that security certificates are regarded as assets, giving the candidate an advantage. For some high-profile jobs, certification may even be required.No matter where one stands on the subject of certification, the assumption is that the imparted knowledge is at least factually correct. We examine the cryptography section in the Common Body of Knowledge (CBK) underlying the most sought-after certification, the CISSP, issued by the International Information Systems Security Certification Consortium, Inc., or "ISC^2". We find many mistakes, some positively dangerous: people who believe what they read there will build systems that are less secure than they would have built if they had looked to, say, Wikipedia instead. They include: a confusion of encryption and authentication; an unconditional recommendation of RC4 for key sizes over 128 bits; a belief that block ciphers are inherently stronger than stream ciphers; and many more. These mistakes are elementary and appear in the third edition of the CBK, indicating that two preceding editing cycles were not enough to remove them. This shows that no one knows or cares that the material is wrong. This poses dilemmas for graduates and companies. Graduates can either obtain a CISSP despite the factual inaccuracies, thereby surrendering at least part of their professional integrity; or they can try to tough it out, thereby lowering their chances of getting a high-profile security job. Companies must either keep using the CISSP, knowing that they have been taught some dangerous nonsense, or find another way to assess a candidate's security knowledge.
【Keywords】: cryptography; security certification
【Paper Link】 【Pages】:1359-1362
【Authors】: Gabriela Gheorghe ; Stephan Neuhaus
【Abstract】: Using personal mobile devices for work gave rise to a trend called "bring your own device", or BYOD. BYOD brings a productivity boost for employees, but also headaches for employers: on the one hand, the business has a legitimate interest in monitoring the device, in order to prevent security breaches by employees; but on the other hand, employees have a reasonable expectation of privacy when they use their devices for private functions. This poster presents our project called Privacy-Preserving Accountability for peRsonal Devices (PriPARD, pronounced "prepared"). PriPARD addresses the tension described above by designing and evaluating concrete privacy mechanisms for mobile devices used in a corporate environment. Instead of imposing a "privacy firewall" between users and the Internet, in PriPARD the aim is protecting user privacy within the corporate network and non-disclosure outside this network. PriPARD's vision is to gather practical experience with the tradeoffs between monitoring and privacy needs, to help both mobile device users and managers of corporate networks.
【Keywords】: accountability; byod; mobile devices; policies; privacy
【Paper Link】 【Pages】:1363-1366
【Authors】: Michael Brenner ; Matthew Smith
【Abstract】: Efficient homomorphic encryption enables the construction of an encrypted computer system. Previous work has shown how this can be achieved using only arithmetic representations of simple demultiplexer circuits. This poster extends the results by introducing a caching mechanism for oblivious memory access, by far the most time-consuming building block of a recently proposed sample machine architecture. The construction allows to significantly accelerate homomorphically encrypted machine operation while still preserving obliviousness of memory access, control unit operation and functional components.
【Keywords】: homomorphic encryption; implementation; oblivious memory access
【Paper Link】 【Pages】:1367-1370
【Authors】: Leon Reznik ; Elisa Bertino
【Abstract】: Data quality (DQ) is essential to achieve data trustworthiness, as it assures that data is free of errors, complete, and consistent. This paper proposes an approach to evaluate DQ in multichannel sensor networks and systems with heterogeneous data sources. The approach integrates various DQ indicators ranging from traditional data accuracy metrics to network security and business performance measures. It demonstrates the advantage of including security metrics into the DQ evaluation for the design optimization of data fusion procedures and even the whole data collection and communication systems. The DQ metrics composition and calculus are discussed. However, the major attention is paid to the analysis of the relationship between conventional data accuracy metrics and network security indicators.
【Keywords】: computer security evaluation; data accuracy; data fusion.; data quality
【Paper Link】 【Pages】:1371-1374
【Authors】: Cuong Xuan Nguyen ; Hung-Hsuan Huang ; Kyoji Kawagoe
【Abstract】: In this paper, we propose a new graphical password using object-based image ranking, called OBIR, which enables appropriate images to be presented to users during authentication. Research on graphical password is being conducted and receiving more and more public attention due to its potential of being an alternative for textual password. However, the main problem of graphical password is its vulnerability to shoulder surfing attacks, especially on mobile devices where the login password is easily visible in public. In order to overcome this issue, we propose a novel graphical password using image ranking method based on the objects in the image itself. The higher the ranking of an image is, the more appropriate it is to be user's selection without exposing too much information of the password to the shoulder-surfer. Upon our experiments, it is obtained that our image ranking method is effective in filtering appropriate pass-image that even if it is selected in public, the password is safe and therefore resistant to shoulder surfing.
【Keywords】: graphics; images; password; scoring
【Paper Link】 【Pages】:1375-1378
【Authors】: Hao Zhang ; Danfeng (Daphne) Yao ; Naren Ramakrishnan
【Abstract】: This paper addresses the problem of reasoning about relations between network packets on a host or in a network. Our analysis approach is to discover the causal relations among network packets, and use the relational structure of network events to identify anomalous activities that cannot be attributed to a legitimate cause. The key insight that motivates our traffic-analysis approach is that higher-order information such as the underlying relations of events is useful for human experts' cognition and decision making. We design a new pairing method that produces special pairwise features, so that the discovery problem can be efficiently solved with existing binary classification methods. Preliminary experiments involving real world HTTP and DNS traffic show promising evidence of the accuracy of inferring the network traffic relations using our semantic-aware approach.
【Keywords】: anomaly detection; classification; network security
【Paper Link】 【Pages】:1379-1382
【Authors】: Eitan Menahem ; Asaf Shabtai ; Adi Levhar
【Abstract】: In order to evade detection by anti-virus software, malware writers use techniques, such as polymorphism, metamorphism and code re-writing. The result is that such malware contain a much larger fraction of "new" code, compared to benign programs, which tend to maximize code reuse. In this research we study this interesting property and show that by performing "archaeological" analysis of functions residing within binary files (i.e., estimating the functions` creation date), a new set of informative features can be derived. We show that these features provide a good indication for the existence of malicious code within binary files. Preliminary experiments of the proposed temporal function-based features with a set of over 12,000 files indicates that the proposed set of features can be useful for the detection of malicious files (accuracy of over 90% and AUC of 0.96).
【Keywords】: machine learning; malware detection; static analysis
【Paper Link】 【Pages】:1383-1386
【Authors】: Sebastian Biedermann ; Stefan Katzenbeisser
【Abstract】: In this poster, we present TrustDraw, a transparent security extension for the cloud which combines Virtual Machine Introspection (VMI) and Trusted Computing (TC). TrustDraw provides secure storage of critical data like keys or passwords and allows to temporarily insert this data into a running virtual machine (VM) if required. TrustDraw improves security by allowing access to the critical data only if certain previously defined conditions are met. This way, the stealing of critical data by bypassing access permissions based on successfully executed attacks can be mitigated. TrustDraw runs isolated and transparent. No software modifications are required on a target VM. We evaluated an implementation of TrustDraw in a realistic scenario in which it only caused an acceptable run-time delay.
【Keywords】: cloud security; virtual machine introspection
【Paper Link】 【Pages】:1387-1390
【Authors】: Sheharbano Khattak ; Zaafar Ahmed ; Affan A. Syed ; Syed Ali Khayam
【Abstract】:
【Keywords】: botnet; correlation; network security
【Paper Link】 【Pages】:1391-1394
【Authors】: Jeton Bacaj ; Leon Reznik
【Abstract】: This paper presents a feasibility study of novel attack detection mechanisms in wireless sensor networks (WSN) based on detecting anomalies and changes in sensor signals and data values. Typical WSN attacks are considered in the empirical study of various attack detection techniques utilizing features based on sensor signal strength and other WSN technological parameters and using machine learning classification techniques such as clustering, rule learners, and neural networks. For the attack detection implementation the study employed WSN built from Sun kits available on the market and extended Sensor Network Anomaly Detection System (SNADS) framework of methods and tools.
【Keywords】: anomaly intrusion detection; wireless sensor networks
【Paper Link】 【Pages】:1395-1398
【Authors】: Martin Schramm ; Karl Leidl ; Andreas Grzemba ; Nicolai Kuntze
【Abstract】: Nowadays embedded systems in many application areas such as automotive, medical and industrial automation are designed with well-defined hardware and software components which are not meant to be exposed for user modifications. Adding or removing components to/from such systems is not permitted and sometimes not even possible since the systems often have to be up and running in a 24/7 manner. However due to the well-known nature of these types of embedded platform configuration the effort an attacker has to invest usually is reduced. The proposed publication presents a defense in depth strategy for application specific embedded devices by combining hardware-based security enhancements of modern processors with hardware security modules.
【Keywords】: arm trustzone; chain of trust; hab; i.mx6; tnc; tpm
【Paper Link】 【Pages】:1399-1402
【Authors】: Tomer Ashur ; Orr Dunkelman
【Abstract】: This work presents an attack on the privacy of some voting systems. We show that by combining information from several sources, some of it publicly available, and some of it can be easily collected ad-hoc, an adversary can greatly reduce the size of a voter's anonymity set. In many cases the obtained information is sufficient to deduce the content of a vote (or approximate a small set of possible values). As a test case, we present this attack in the context of the Israeli general parliamentary elections. Simulations we ran show that we can successfully determine the value of about 50% of the votes after observing three election systems.
【Keywords】: intersection attack; israel's elections; privacy; voting
【Paper Link】 【Pages】:1403-1406
【Authors】: Orr Dunkelman ; Margarita Osadchy ; Mahmood Sharif
【Abstract】: Biometric authentication is more secure than using regular passwords, as biometrics cannot be "forgotten" and contain high entropy. Thus, many constructions rely on biometric features for authentication, and use them as a source for "good" cryptographic keys. At the same time, biometric systems carry with them many privacy concerns. We describe a proof-of-concept (PoC) which transforms facial attributes from a single image into keys in a consistent, discriminative, and privacy-aware manner. The outcome is a user-specific string that cannot be guessed, and it reveals no information concerning the users of the system, even when the system's secrets are revealed.
【Keywords】: biometric credentials; face recognition; privacy-preserving
【Paper Link】 【Pages】:1407-1410
【Authors】: Bilal Shebaro ; Di Jin ; Elisa Bertino
【Abstract】: Several fingerprinting techniques for computer browsers have been proposed to make it possible to link together different browser sessions and possibly tie them to a user identity. As most of these techniques depend on static browser characteristics and user-installed plugins, the resulting fingerprints are not suitable for mobile browsers because of the similarity of browser characteristics on similar mobile device products in spite of the differences in software and hardware. Moreover, mobile devices are shipped with pre-installed plugins that cannot be modified, which limits browser uniqueness. Therefore, we propose a dynamic mobile browser fingerprinting technique that records the browser's behavior and execution characteristics by running background customized browser scripts. Our dynamic technique is based on the use of Javascript, HTML5, Flash, and other scripts that are used to generate performance signatures of mobile browsers to detect the browser used, the operating system version, and device type. Our browser detection technique compares the active browser session signature with existing signatures through three detection methods: (1) Euclidean Distance, (2) Cosine Similarity, and (3) Voting System. In this paper we compare the detection rates of these methods and their accuracy in determining the mobile browser in use.
【Keywords】: browser fingerprinting signatures; browser script engines; cosine similarity; euclidean distance
【Paper Link】 【Pages】:1411-1414
【Authors】: Wenming Zhou ; Yuqing Zhang ; Xuefeng Liu
【Abstract】: The Android provides a permission-based security model to restrict the operations that each application can perform; however, it has been shown to be vulnerable to privilege escalation attacks. Applications can cooperate to perform operations that forbidden to perform separately which may lead to privacy leakage. In this poster, we present the design of a new policy-centered security framework against the application-level privilege escalation attacks. Different from previous policy-centered schemes, the communication content is also considered into the inspection besides the permissions. Specially, we allow the privacy information selectively to be passed in the middleware and deploy a mandatory access control at the kernel based on the dynamical taint tracking. Test results show that it can prevent known confused deputy attacks and is also flexible to prevent the unknowns; furthermore it can reduce the false positives of preventing colluding attacks compared to the previous work.
【Keywords】: privacy protection; privilege escalation attacks; taint tracking
【Paper Link】 【Pages】:1415-1418
【Authors】: Meilof Veeningen ; Mayla Brusò ; Jerry den Hartog ; Nicola Zannone
【Abstract】: Systems dealing with personal information are legally required to satisfy the principle of data minimisation. Privacy-enhancing protocols use cryptographic primitives to minimise the amount of personal information exposed by communication. However, the complexity of these primitives and their interplay makes it hard for non-cryptography experts to understand the privacy implications of their use. In this paper, we present TRIPLEX, a framework for the analysis of data minimisation in privacy-enhancing protocols.
【Keywords】: coalition graphs; data minimisation; detectability; linkability
【Paper Link】 【Pages】:1419-1420
【Authors】: Daniil M. Utin ; Roger Khazan ; Joshua Kramer ; Michael Vai ; David Whelihan
【Abstract】: In this poster, we describe a one-size-fits-many Intellectual Property (IP) core which integrates advanced key management technology and streaming encryption into a single component to protect data in-transit.
【Keywords】: cryptographic component; cryptography; cyber security; fpga; hardware ip core; high-assurance data protection; identity management; key management; key management protocol; self-contained encryption
【Paper Link】 【Pages】:1421-1424
【Authors】: Qixu Liu ; Yuqing Zhang ; Huan Yang
【Abstract】: Flash objects are widely embedded in web pages, supporting Rich Internet Applications using ActionScript. However, according to our survey, many Flash objects are seriously exposed to Cross-site Scripting vulnerabilities as they are usually coded without proper sanitization of their inputs. This becomes a potential danger for cyber users. In this paper, we analyze XSS in online Flash and present an engine FXD (Flash XSS Detector) for automatically scrambling Flash files in web pages and checking whether or not they are vulnerable to XSS. We call vulnerable ActionScript functions "key functions" and divide them into four categories by its functionality. The usability of FXD is further evaluated by disposing it in real-world websites. Our results reveal that at least 48 Flash applications in 18% of Alexa top 100 sites on the web are vulnerable to XSS. Each of these vulnerable Flash objects has been verified and confirmed of their XSS flaws. Finally, we discuss a new trend of Flash XSS, nowadays it is mainly caused by combination of key functions in different categories.
【Keywords】: actionscript; adobe flash; cross-site scripting; web security
【Paper Link】 【Pages】:1425-1428
【Authors】: Martina Lindorfer ; Matthias Neumayr ; Juan Caballero ; Christian Platzer
【Abstract】: In this ongoing work we perform the first systematic investigation of cross-platform (X-platform) malware. As a first step, this paper presents an exploration into existing X-platform malware families and X-platform vulnerabilities used to distribute them. Our exploration shows that X-platform malware uses a wealth of methods to achieve portability. It also shows that exploits for X-platform vulnerabilities are X-platform indeed and readily available in commercial exploit kits, making them an inexpensive distribution vector for X-platform malware.
【Keywords】: cross-platform software; malware; vulnerabilities
【Paper Link】 【Pages】:1429-1432
【Authors】: Anthony Roberts ; Richard McClatchey ; Saad Liaquat ; Nigel Edwards ; Mike Wray
【Abstract】: In recent years, malware has grown extremely rapidly in complexity and rates of system infection. Current generation anti-virus and anti-malware software provides system protection through the use of locally installed monitoring agents, which are dependent upon vendor generated signature and heuristic based rules. However, because these monitoring agents are installed within the systems they are trying to protect, they themselves are potential targets of attack by malware. Pathogen overcomes this issue by using a real-time system monitoring and analysis framework that utilises Virtual Machine introspection (VMI) to allow the monitoring of a system without the need for any locally installed agents. One of the main research problems in VMI is how to parse and interpret the memory of an executing system from outside of that system. Pathogen's contribution is a lightweight introspection framework that bridges the semantic gap.
【Keywords】: introspection; malware; monitoring; security
【Paper Link】 【Pages】:1433-1436
【Authors】: Giang T. K. Nguyen ; Xun Gong ; Anupam Das ; Nikita Borisov
【Abstract】: Tor is a widely used network for anonymous communication. Its users frequently experience large communication delays, due to the high user-to-relay ratio, the bandwidth-intensive BitTorrent transfers of a small fraction of the user base, and the inherent latencies from routing traffic through multiple relay hops scattered around the world. These delays significantly degrade the user experience of web browsing, a dominant use of Tor. Improving web browsing performance of Tor has been a subject of much research. Targeting the network and transport layers, prior work includes proposals to throttle bandwidth-intensive connections or to prioritize interactive traffic such as web browsing. We attack the problem at the application layer, noting that a typical web page consists of multiple resources, each of which requires a one-round-trip HTTP request-response cycle to load in the browser. Thus, for a page with many resources, these round trips are a major contributor to the page load time. We investigate PnP (for Prefetch-and-Push), where the Tor exit prefetches resources of the web page a client is visiting and pushes them to the client. Our experiments show a significant reduction in page load times as well as higher client's privacy from web page fingerprinting by a local attacker.
【Keywords】: fingerprinting; latency; prefetch; tor; web
【Paper Link】 【Pages】:1437-1440
【Authors】: Dan Li ; Chaoge Liu ; Xu Cui ; Xiang Cui
【Abstract】: The Web Proxy Auto-Discovery (WPAD) protocol is always used to locate a URL of a configuration file through DHCP, DNS or some other discovery methods. WPAD is a very convenience way for the management of network administrator. However, in the meantime, it may lead to a potential compromise to our LANs. In this poster, we propose a novel attack method based on WPAD protocol which can be used by attacker to intercept traffic, sniff and propagate malwares in LAN.
【Keywords】: malware propagation; sniffer; wpad
【Paper Link】 【Pages】:1441-1444
【Authors】: Ashar Javed
【Abstract】: In this paper, we investigate the footprints of third-party tracking on the mobile web. The survey of 100 popular mobile versions of web applications indicates that third-party tracking is also prevalent on mobile web. The results show that 62 sites are tracking users' activities on mobile web and Google Analytics is the most widespread tracker on mobile web. We believe that this study will help raise awareness about the tracking situation on the mobile web side.
【Keywords】: mobile-web; survey; third-party tracking
【Paper Link】 【Pages】:1445-1448
【Authors】: Wasim Ahmad Bhat ; S. M. K. Quadri
【Abstract】: Nowadays security systems have become highly sophisticated. However, breaches are inevitable. Nevertheless, post-breach analysis is performed to assess the severity of the breach and to trace the intruder's actions. This paper proposes drWatson, a layered file system that in case of an illegitimate file system access provides data for post-breach analysis to assess the severity of the breach and to trace the intruder's actions. drWatson, when mounted on top of any concrete file system, works by logging all the operations along with their date time stamps targeted to the below mounted file system.
【Keywords】: dr. watson; file system; post-breach analysis; security breach
【Paper Link】 【Pages】:1449-1452
【Authors】: Martin Husák ; Martin Vizváry
【Abstract】: We present the observation of distributed denial-of-service attacks that use reflection of the flooding traffic off reflectors. This type of attack was used in massive attacks against internet infrastructure of Czech Republic in March, 2013. Apart from common hosts in the network, honeypots were abused as the reflectors. It caused the false positive incident detection and helped attackers. Honeypots, which are by default set to accept any incoming network connection, unintentionally amplified the effect of reflection. We present an analysis of the attack from the point of view of honeypots and show the risks of having honeypots respond to any incoming traffic. We also discuss the possibilities of attack detection and mitigation and present lessons learned from handling the attack. We point out a lack of communication and data sharing during the observed attack.
【Keywords】: communication; data sharing; ddos attack; honeypot; mitigation; reflection
【Paper Link】 【Pages】:1453-1456
【Authors】: Benjamin Güldenring ; Volker Roth
【Abstract】: The design of modern desktop operating systems is based on the assumption that a single user controls input and output devices at a time. This is also the case for access control, where applications inherit the privileges from the user that started them. This is not sufficient for multi-user collaboration on Single Display Groupware (SDG) or tabletop systems. For these we suggest a more fine-grained access control method based on the user that is interacting with an application. In our ongoing work of building a multi-user multitouch system we developed a technique we call event backtracking that exploits the asynchronous behavior of modern desktop applications on the Mac OS X platform. Event backtracking follows the execution of a program and tags threads with user IDs taken from the input events of users. This information is subsequently used to dynamically restrict applications' access rights. Our implementation works within applications as well as across application borders, transparent to the applications themselves.
【Keywords】: multi-touch; single display groupware
【Paper Link】 【Pages】:1457-1460
【Authors】: Zhaofeng Chen ; Xinshu Dong ; Prateek Saxena ; Zhenkai Liang
【Abstract】: Modern web applications store sensitive data on their servers. Such data is prone to theft resulting from exploits against vulnerabilities in the server software stacks. In this work, we propose a new architecture for web servers, called CryptServer, in which we pre-determine and fix a small amount of application code that can compute over sensitive data. By encrypting sensitive data before making it available to the rest of untrusted application code, CryptServer provides strong defense against all malicious code that an attacker may run in the server software stack. As a step towards making this approach practical, we develop an assistance tool to identify the portion of server-side logic that requires computation over sensitive data. Our preliminary results show that the size of such logic is small in six popular web applications we study. To the extent of our evaluation, converting these applications to a CryptServer architecture requires modest developer effort.
【Keywords】: data protection; server security; web security
【Paper Link】 【Pages】:1461-1464
【Authors】: Tim Ruffing ; Jonas Schneider ; Aniket Kate
【Abstract】: The use of public-key steganography has been proposed for several censorship-resistance systems. However, distribution of the employed public keys presents an availability, scalability, and security challenge in many of these. To mitigate this problem, we introduce the notion of identity-based steganography. In particular, we define identity-based steganographic tagging (IBST), which allows a sender to produce a steganographic tag for a recipient's identity such that the tag can only be recognized by the intended recipient using her (identity-based) private key. We instantiate our definition by an efficient IBST scheme, provably secure under the bilinear decisional Diffie-Hellman assumption. We find IBST to be particularly useful when the censors are able to impede distribution of cryptographic keys or break forward security by compromising system agents. As two representative applications of IBST to censorship resistance systems, we first present an efficient and dynamic solution for the key distribution problem in Collage and second, we demonstrate that IBST can improve the scalability of Message in a Bottle.
【Keywords】: censorship resistance; collage; identity-based cryptography; key distribution; message in a bottle; steganography
【Paper Link】 【Pages】:1465-1468
【Authors】: Parisa Haghani ; Saman A. Zonouz
【Abstract】: Trustworthy operation of safety-critical infrastructures necessitates efficient solutions that satisfy both realtimeness and security requirements simultaneously. We present Sechduler, a formally verifiable security-aware operating system scheduler that dynamically makes sure that system computational resources are allocated to individual waiting tasks in an optimal order such that, if feasible, neither realtime nor security requirements of the system are violated. Additionally, if not both of the requirements can be satisfied simultaneously, Sechduler makes use of easy-to-define linear temporal logic-based policies as well as automatically generated Buchi automaton-based monitors, compiled as loadable kernel modules, to enforce which requirements should get the priority. Our experimental results show that Sechduler can adaptively enforce the system-wide logic-based temporal policies within the kernel and with minimal performance overhead of 3 % on average to guarantee high level of combined security and realtimeness simultaneously.
【Keywords】: real-time security
【Paper Link】 【Pages】:1469-1472
【Authors】: Sana Maqsood ; Sonia Chiasson ; Audrey Girouard
【Abstract】: Flexible display devices allow users to interact with the device by deforming the surface of the display to trigger a command. When these devices become mainstream, for example as smart phones, e-readers, or tablets, they will require a means of authenticating legitimate users. In this poster, we present an authentication scheme for flexible display devices, its implementation on a flexible display prototype and an ongoing user study evaluating the usability and security of our system.
【Keywords】: authentication; flexible displays; usable security
【Paper Link】 【Pages】:1473-1476
【Authors】: Ayesha Binte Ashfaq ; Muhammad Qasim Ali ; Ehab Al-Shaer ; Syed Ali Khayam
【Abstract】: The inherent design of anomaly detection systems (ADSs) make them highly susceptible to evasion attacks and hence their wide-spread commercial deployment has not been witnessed. There are two main reasons for this: 1) ADSs incur high false positives; 2) Are highly susceptible to evasion attacks (false negatives). While efforts have been made to minimize false positives, evasion is still an open problem. We argue that ADSs design is inherently flawed since it relies on the ADS's detection logic and feature space which is trivial to estimate. In information security e.g. cryptographic algorithms (such as DES), security is inherently dependent upon the key and not the algorithm, which makes these systems very robust by rendering evasion computationally infeasible. We believe there is a need to redesign the anomaly detection systems similar to cryptographic systems. We propose to randomize the feature space of an ADS such that it acts as a cryptographic key for the ADS and hence this randomized feature space is used by the ADS logic for detection of anomalies. This would make the evasion of the ADS computationally infeasible for the attacker.
【Keywords】: evasion; intrusion detection systems
【Paper Link】 【Pages】:1477-1478
【Authors】: Sara Foresti
【Abstract】: The evolution of the Information and Communication Technology (ICT) has radically changed our lives, making information available from anywhere at any time through different kinds of devices. The advantage of the growing availability of computational power and connectivity resources at low prices is the easiness of collecting, sharing, processing, and accessing information. This advantage however does not come for free as it introduces unprecedented privacy risks. The attention toward these problems is growing every day and the need for privacy-aware policies, regulations, and techniques has been widely recognized. WPES is a yearly forum, this year at its 12th edition, that brings together researchers and practitioners interested in discussing the privacy issues characterizing our global and interconnected society.
【Keywords】: electronic society; privacy; workshop
【Paper Link】 【Pages】:1479-1480
【Authors】: Frederik Armknecht ; Jean-Pierre Seifert
【Abstract】: Cyber physical systems (CPS) feature a tight combination of and coordination between the system's computational and physical elements. A current NIST report estimates that "by the end of the decade, embedded networking and computing components are projected to account for more than half of the value share in diverse sectors, including automotive, consumer electronics, avionics and aerospace, manufacturing, telecommunications, intelligent buildings, and health and medical equipment" and further conjectures that "future applications of CPS are more transformative than the IT revolution of the past three decades". While the increasing proliferation of embedded systems in general and CPS in particular provide a variety of new possibilities, new risks and challenges emerge. Due to the strong interdisciplinary character, advancement in CPS requires a new systems science that encompasses both physical and computational aspects. The scope of the Workshop on Trustworthy Embedded Devices (TrustED) is security of embedded devices in general with focus on cyber physical systems and their environments. TrustED 2013 is a continuation of previous workshops in this series, which were held in conjunction with ESORICS 2011 and IEEE Security & Privacy 2012 (see http://trusted.trust.cased.de for details). The goal of this workshop is to bring together experts from academia and research institutes, industry, and government in the field of security and privacy in cyber physical systems.
【Keywords】: cryptography; embedded devices; security; trusted
【Paper Link】 【Pages】:1481-1482
【Authors】: Arslan Munir ; Farinaz Koushanfar ; Hervé Seudie ; Ahmad-Reza Sadeghi
【Abstract】: The next generation of automobiles (also known as CyberVehicles) will increasingly incorporate electronic control units in novel automotive control applications. Recent work has demonstrated vulnerability of modern automotive control systems to security attacks that directly impact CyberVehicles' physical safety and dependability. The First International Academic Workshop on Security, Privacy and Dependability for CyberVehicles (CyCAR'13) focuses on security and privacy topics in CyberVehicles that are within the scope of ACM Conference on Computer and Communications Security (CCS). Specifically, the workshop targets issues related to security and privacy issues in computerized, complex, and connected modern vehicles as well as their complex supply chains. This workshop offers an opportunity to trigger the transfer of the accumulated knowledge by the ACM CCS community to the car industry while taking into account typical automotive constraints such as interoperability, reliability, dependability, quality, resource constraints and/or complex supply chain.
【Keywords】: automotive; cybervehicles; dependability; embedded systems; privacy; security
【Paper Link】 【Pages】:1483-1484
【Authors】: Blaine Nelson ; Christos Dimitrakakis ; Elaine Shi
【Abstract】: The Workshop on Artificial Intelligence and Security (AISec) focuses on the theory and application of Artificial Intelligence (AI) and machine learning in adversarial settings such as security and privacy applications and conversely, the security and privacy implications arising through the use of large-scale AI methods. The workshop serves as the premier venue for this particular fusion of application, algorithms, and theory and continues to attract submissions from a diverse set of researchers, who address newly arising problems within this ever growing field. AISec provides a forum for researchers within the security, privacy, AI, and learning communities to discuss the role that intelligent technologies play in security and privacy applications and to present the unique needs of these problems to the AI and learning communities.
【Keywords】: artificial intelligence; computer privacy; computer security; machine learning; secure learning
【Paper Link】 【Pages】:1485-1486
【Authors】: Martin Franz ; Andreas Holzer ; Rupak Majumdar ; Bryan Parno ; Helmut Veith
【Abstract】: The Workshop on Language Support for Privacy-Enhancing Technologies (PETShop'13) aims at bringing together researchers from the areas of security, programming languages, compiler construction, and program verification to exchange ideas and research results to improve the practicality of state of the art cryptographic privacy-enhancing technologies.
【Keywords】: compiler construction; programming languages; secure multi-party computations; verification; zero-knowledge protocols
【Paper Link】 【Pages】:1487-1488
【Authors】: Ari Juels ; Bryan Parno
【Abstract】: The Cloud Computing Security Workshop (CCSW) focuses on the security challenges and opportunities raised by cloud computing. The ``cloud'' is a general term for aggregation of computing resources within an extensive, elastic environment typically marked by a high degree of resource virtualization and sharing among tenants. As a multi-faceted trend, cloud computing creates many and varied security and privacy requirements at the intersection of a broad range of disciplines. The goal of the workshop is to elucidate the security and privacy problems raised by cloud computing and foster understanding of the connection between research and practice in this vibrant and transformative area.
【Keywords】: cloud computing; computer privacy; computer security
【Paper Link】 【Pages】:1489-1490
【Authors】: Adrienne Porter Felt ; N. Asokan
【Abstract】: Security and privacy in smartphones and mobile devices is an emerging area which has received significant attention from the research community during the past few years. The SPSM workshop was created to bring together these researchers and practitioners. Following the success of the two previous editions, we present this third edition of the workshop which has attracted significantly more submissions and benefited from the expertise of an expanded international program committee.
【Keywords】: malware; mobile devices; privacy; security; smartphones
【Paper Link】 【Pages】:1491-1492
【Authors】: Klaus Kursawe ; Benessa Defend
【Abstract】: The Smart Energy Grid Security (SEGS) Workshop aims to foster innovative research and discussion about smart energy grid security and privacy challenges, issues, approaches, and solutions. SEGS publications offer perspectives from both academia and industry, and present novel research on theoretical and practical aspects of smart grid security and privacy, including design, analysis, experimentation, and fielded systems. SEGS also includes presentations from other communities, such as law, economics, and HCI, that present these communities' perspectives on technological issues. The scope of the workshop encompasses all aspects of the smart grid, including distribution, transmission, generation, metering, e-mobility, and integration of distributed energy resources.
【Keywords】: critical infrastructure; data protection; privacy; security; smart grid
【Paper Link】 【Pages】:1493-1494
【Authors】: Thomas Groß ; Marit Hansen
【Abstract】: The Workshop Digital Identity Management has evolved during the last decade as one of the most interesting events on identity management issues. Starting from a community with a background mainly in computer science, it has developed towards an interdisciplinary workshop where a lively interactive community discusses identity topics from technical, sociological, economical, legal, psychological and many more angles. The goal of this workshop is to share the latest findings, identify key challenges, inspire debates, and foster collaboration between industries and academia towards interoperable identity service infrastructures.
【Keywords】: eid; identity; identity management; privacy; security
【Paper Link】 【Pages】:1495-1496
【Authors】: Christof Paar
【Abstract】: Through the prevalence of interconnected embedded systems, the vision of pervasive computing has become reality over the last few years. More recently, this evolutionary development has become better known as the Internet of Things. As part of this development, embedded security has become an increasingly important issue in a multitude of applications. Examples include the Stuxnet virus, which has allegedly delayed the Iranian nuclear program, killer applications in the consumer area like iTunes or Amazon's Kindle (the business models of which rely on IP protection) and even medical implants like pace makers and insulin pumps that allow remote configuration. These examples show the destructive and constructive aspects of modern embedded security. In this tutorial we will address both the constructive and "penetration testing" aspect of embedded security. In the area of destructive embedded security implementation attacks, also known as physical attacks, are of crucial importance. Whereas a network-borne attacker usually can't exploit the physical environment of an application, embedded devices often allow this. For instance, an attacker can monitor the power or timing behavior of a device. Also she can force the device to malfunction, e.g., through power spikes, and deduct information from faulty outputs. Many systems which are otherwise secure become vulnerable against implementation attacks. In this talk, we will focus on side-channel attacks, or SCA, which form arguably the most powerful method among physical attacks. After developing the mechanics of DPA (differential power analysis), we will look at recent case studies in which real-world implementation were broken using SCA. This includes successful attacks against contactless smart cards and FPGAs. With respect to constructive aspects of embedded security, we will look at the field of lightweight cryptography. The goal here is to provide security at the lowest possible "cost", e.g., measured in power consumption, code size or chip area. Over the last six years or so, this has become a very active area within symmetric cryptography. Very recently, even NSA released two lightweight ciphers, SIMON and SPECK. We will look at the motiviation for such ciphers, e.g., for passive RFID tags or anti-counterfeiting applications. We will then introduce several lightweight constructions and will compare them with AES.
【Keywords】: embedded security; implementation attacks; internet of things; security
【Paper Link】 【Pages】:1497-1498
【Authors】: Jan-Erik Ekberg ; Kari Kostiainen ; N. Asokan
【Abstract】: A trusted execution environment (TEE) is a secure processing environment that is isolated from the normal processing environment where the device operating system and applications run. The first mobile phones with hardware-based TEEs appeared almost a decade ago, and today almost every smartphone and tablet contains a TEE like ARM TrustZone. Despite such a large-scale deployment, the use of TEE functionality has been limited for developers. With emerging standardization this situation is about to change. In this tutorial, we explain the security features provided by mobile TEEs and describe On-board Credentials (ObC) system that enables third-party TEE development. We discuss ongoing TEE standardization activities, including the recent Global Platform standards and the Trusted Platform Module (TPM) 2.0 specification, and identify open problems for the near future of mobile hardware security.
【Keywords】: mobile devices; trusted execution environments
【Paper Link】 【Pages】:1499-1502
【Authors】: Eric Bodden
【Abstract】: Novel types of malware on mobile devices have raised researchers interest in implementing static and dynamic techniques for detecting and mitigating malicious behavior of mobile applications. In this hands-on tutorial we will demonstrate and explain different techniques for instrumenting Android applications using the Aspect Bench Compiler (abc) and the program analysis and transformation tool Soot. Through high-level abstractions such as AspectJ aspects and Tracematches, abc supports a declarative style of instrumentation that lends itself to the rapid prototyping of at least simple instrumentation schemes. Soot supports instrumentation in an imperative style, which requires more work but allows more fine-grained control. Both abc and Soot are inter operable, as they instrument the same intermediate program representation. Furthermore, as we show, both can be easily integrated with static program analyses that can be used to specialize instrumentation schemes based on additional information extracted from the static structure of the instrumented app.
【Keywords】: android; dynamic analysis; instrumentation; runtime enforcement