PapersCut A shortcut to recent security papers

Fraud Proofs: Maximising Light Client Security and Scaling Blockchains with Dishonest Majorities

Authors: Mustafa Al-Bassam, Alberto Sonnino, Vitalik Buterin

Abstract: Light clients, also known as Simple Payment Verification (SPV) clients, are nodes which only download a small portion of the data in a blockchain, and use indirect means to verify that a given chain is valid. Typically, instead of validating block data, they assume that the chain favoured by the blockchain's consensus algorithm only contains valid blocks, and that the majority of block producers are honest. By allowing such clients to receive fraud proofs generated by fully validating nodes that show that a block violates the protocol rules, and combining this with probabilistic sampling techniques to verify that all of the data in a block actually is available to be downloaded, we can eliminate the honest-majority assumption, and instead make much weaker assumptions about a minimum number of honest nodes that rebroadcast data. Fraud and data availability proofs are key to enabling on-chain scaling of blockchains (e.g. via sharding or bigger blocks) while maintaining a strong assurance that on-chain data is available and valid. We present, implement, and evaluate a novel fraud and data availability proof system.

Date: 24 Sep 2018

PDF »Main page »


SPX: Preserving End-to-End Security for Edge Computing

Authors: Ketan Bhardwaj, Ming-Wei Shih, Ada Gavrilovska, Taesoo Kim, Chengyu Song

Abstract: Beyond point solutions, the vision of edge computing is to enable web services to deploy their edge functions in a multi-tenant infrastructure present at the edge of mobile networks. However, edge functions can be rendered useless because of one critical issue: Web services are delivered over end-to-end encrypted connections, so edge functions cannot operate on encrypted traffic without compromising security or degrading performance. Any solution to this problem must interoperate with existing protocols like TLS, as well as with new emerging security protocols for client and IoT devices. The edge functions must remain invisible to client-side endpoints but may require explicit control from their service-side web services. Finally, a solution must operate within overhead margins which do not obviate the benefits of the edge. To address this problem, this paper presents SPX - a solution for edge-ready and end-to-end secure protocol extensions, which can efficiently maintain end-to-edge-to-end ($E^3$) security semantics. Using our SPX prototype, we allow edge functions to operate on encrypted traffic, while ensuring that security semantics of secure protocols still hold. SPX uses Intel SGX to bind the communication channel with remote attestation and to provide a solution that not only defends against potential attacks but also results in low performance overheads, and neither mandates any changes on the end-user side nor breaks interoperability with existing protocols.

Comment: 12 pages, 19 figures

Date: 24 Sep 2018

PDF »Main page »


SOS - Securing Open Skies

Authors: Savio Sciancalepore, Roberto Di Pietro

Abstract: Automatic Dependent Surveillance - Broadcast (ADS-B) is the next generation communication technology selected for allowing commercial and military aircraft to deliver flight information to both ground base stations and other airplanes. Today, it is already on-board of 80% of commercial aircraft, and it will become mandatory by the 2020 in the US and the EU. ADS-B has been designed without any security consideration --- messages are delivered wirelessly in clear text and they are not authenticated. In this paper we propose Securing Open Skies (SOS), a lightweight and standard-compliant framework for securing ADS-B technology wireless communications. SOS leverages the well-known \muTESLA protocol, and includes some modifications necessary to deal with the severe bandwidth constraints of the ADS-B communication technology. In addition, SOS is resilient against message injection attacks, by recurring to majority voting techniques applied on central community servers. Overall, SOS emerges as a lightweight security solution, with a limited bandwidth overhead, that does not require any modification to the hardware already deployed. Further, SOS is standard compliant and able to reject active adversaries aiming at disrupting the correct functioning of the communication system. Finally, comparisons against state-of-the-art solutions do show the superior quality and viability of our solution.

Date: 24 Sep 2018

PDF »Main page »


Fast Geometrically-Perturbed Adversarial Faces

Authors: Ali Dabouei, Sobhan Soleymani, Jeremy Dawson, Nasser M. Nasrabadi

Abstract: The state-of-the-art performance of deep learning algorithms has led to a considerable increase in the utilization of machine learning in security-sensitive and critical applications. However, it has recently been shown that a small and carefully crafted perturbation in the input space can completely fool a deep model. In this study, we explore the extent to which face recognition systems are vulnerable to geometrically-perturbed adversarial faces. We propose a fast landmark manipulation method for generating adversarial faces, which is approximately 200 times faster than the previous geometric attacks and obtains 99.86% success rate on the state-of-the-art face recognition models. To further force the generated samples to be natural, we introduce a second attack constrained on the semantic structure of the face which has the half speed of the first attack with the success rate of 99.96%. Both attacks are extremely robust against the state-of-the-art defense methods with the success rate of equal or greater than 53.59%.

Date: 24 Sep 2018

PDF »Main page »


On The Utility of Conditional Generation Based Mutual Information for Characterizing Adversarial Subspaces

Authors: Chia-Yi Hsu, Pei-Hsuan Lu, Pin-Yu Chen, Chia-Mu Yu

Abstract: Recent studies have found that deep learning systems are vulnerable to adversarial examples; e.g., visually unrecognizable adversarial images can easily be crafted to result in misclassification. The robustness of neural networks has been studied extensively in the context of adversary detection, which compares a metric that exhibits strong discriminate power between natural and adversarial examples. In this paper, we propose to characterize the adversarial subspaces through the lens of mutual information (MI) approximated by conditional generation methods. We use MI as an information-theoretic metric to strengthen existing defenses and improve the performance of adversary detection. Experimental results on MagNet defense demonstrate that our proposed MI detector can strengthen its robustness against powerful adversarial attacks.

Comment: Accepted to IEEE GlobalSIP 2018

Date: 24 Sep 2018

PDF »Main page »


The Struggle is Real: Analyzing Ground Truth Data of TLS (Mis-)Configurations

Authors: Christian Tiefenau, Emanuel von Zezschwitz

Abstract: As of today, TLS is the most commonly used protocol to protect communication content. To provide good security, it is of central importance, that administrators know how to configure their services correctly. For this purpose, services like, e.g., Qualys SSL Server Test can be leveraged to test the correctness of a given web server configuration. We analyzed the utilization of this service over a period of 2.5 months and found two major usage-patterns. In addition, there is a relation between the number of test-runs and the resulting quality (i.e., security) of a TLS configuration.

Comment: Poster presented at the 14th Symposium on Usable Privacy and Security (SOUPS 2018)

Date: 24 Sep 2018

PDF »Main page »


Pointing in the Right Direction - Securing Memory Accesses in a Faulty World

Authors: Robert Schilling, Mario Werner, Pascal Nasahl, Stefan Mangard

Abstract: Reading and writing memory are, besides computation, the most common operations a processor performs. The correctness of these operations is therefore essential for the proper execution of any program. However, as soon as fault attacks are considered, assuming that the hardware performs its memory operations as instructed is not valid anymore. In particular, attackers may induce faults with the goal of reading or writing incorrectly addressed memory, which can have various critical safety and security implications. In this work, we present a solution to this problem and propose a new method for protecting every memory access inside a program against address tampering. The countermeasure comprises two building blocks. First, every pointer inside the program is redundantly encoded using a multi-residue error detection code. The redundancy information is stored in the unused upper bits of the pointer with zero overhead in terms of storage. Second, load and store instructions are extended to link data with the corresponding encoded address from the pointer. Wrong memory accesses subsequently infect the data value allowing the software to detect the error. For evaluation purposes, we implemented our countermeasure into a RISC-V processor, tested it on a FPGA development board, and evaluated the induced overhead. Furthermore, a LLVM-based C compiler has been modified to automatically encode all data pointers, to perform encoded pointer arithmetic, and to emit the extended load/store instructions with linking support. Our evaluations show that the countermeasure induces an average overhead of 10% in terms of code size and 7% regarding runtime, which makes it suitable for practical adoption.

Comment: Accepted at ACSAC 2018

Date: 24 Sep 2018

PDF »Main page »


The Sorry State of TLS Security in Enterprise Interception Appliances

Authors: Louis Waked, Mohammad Mannan, Amr Youssef

Abstract: Network traffic inspection, including TLS traffic, in enterprise environments is widely practiced. Reasons for doing so are primarily related to improving enterprise security (e.g., malware detection) and meeting legal requirements. To analyze TLS-encrypted data, network appliances implement a Man-in-the-Middle TLS proxy, by acting as the intended web server to a requesting client (e.g., a browser), and acting as the client to the outside web server. As such, the TLS proxy must implement both a TLS client and a server, and handle a large amount of traffic, preferably, in real-time. However, as protocol and implementation layer vulnerabilities in TLS/HTTPS are quite frequent, these proxies must be, at least, as secure as a modern, up-to-date web browser, and a properly configured web server. As opposed to client-end TLS proxies (e.g., as in several anti-virus products), the proxies in network appliances may serve hundreds to thousands of clients, and any vulnerability in their TLS implementations can significantly downgrade enterprise security. To analyze TLS security of network appliances, we develop a comprehensive framework, by combining and extending tests from existing work on client-end and network-based interception studies. We analyze thirteen representative network appliances over a period of more than a year (including versions before and after notifying affected vendors, a total of 17 versions), and uncover several security issues. For instance, we found that four appliances perform no certificate validation at all, three use pre-generated certificates, and eleven accept certificates signed using MD5, exposing their clients to MITM attacks. Our goal is to highlight the risks introduced by widely-used TLS proxies in enterprise and government environments, potentially affecting many systems hosting security, privacy, and financially sensitive data.

Date: 24 Sep 2018

PDF »Main page »


Insufficient properties of image encryption algorithms

Authors: Martin Stanek

Abstract: We analyze the security of recently proposed image encryption scheme [1]. We show that the scheme is insecure and the methods used to evaluate its security are insufficient. By designing the Deliberately Weak Cipher, a completely vulnerable cipher with good statistical properties, we illustrate our main point -- a solid analysis cannot be replaced by some selected set of statistical properties.

Comment: 6 pages

Date: 23 Sep 2018

PDF »Main page »


Comparing Video Based Shoulder Surfing with Live Simulation

Authors: Adam J. Aviv, Flynn Wolf, Ravi Kuber

Abstract: We analyze the claims that video recreations of shoulder surfing attacks offer a suitable alternative and a baseline, as compared to evaluation in a live setting. We recreated a subset of the factors of a prior video-simulation experiment conducted by Aviv et al. (ACSAC 2017), and model the same scenario using live participants ($n=36$) instead (i.e., the victim and attacker were both present). The live experiment confirmed that for Android's graphical patterns video simulation is consistent with the live setting for attacker success rates. However, both 4- and 6-digit PINs demonstrate statistically significant differences in attacker performance, with live attackers performing as much 1.9x better than in the video simulation. The security benefits gained from removing feedback lines in Android's graphical patterns are also greatly diminished in the live setting, particularly under multiple attacker observations, but overall, the data suggests that video recreations can provide a suitable baseline measure for attacker success rate. However, we caution that researchers should consider that these baselines may greatly underestimate the threat of an attacker in live settings.

Comment: This article appears in the 2018 Annual Computer Security Applications Conference. https://doi.org/10.1145/3274694.3274702

Date: 23 Sep 2018

PDF »Main page »


Loading ...