PapersCut A shortcut to recent security papers

Manipulation Attacks in Local Differential Privacy

Authors: Albert Cheu, Adam Smith, Jonathan Ullman

Abstract: Local differential privacy is a widely studied restriction on distributed algorithms that collect aggregates about sensitive user data, and is now deployed in several large systems. We initiate a systematic study of a fundamental limitation of locally differentially private protocols: they are highly vulnerable to adversarial manipulation. While any algorithm can be manipulated by adversaries who lie about their inputs, we show that any non-interactive locally differentially private protocol can be manipulated to a much greater extent. Namely, when the privacy level is high or the input domain is large, an attacker who controls a small fraction of the users in the protocol can completely obscure the distribution of the users' inputs. We also show that existing protocols differ greatly in their resistance to manipulation, even when they offer the same accuracy guarantee with honest execution. Our results suggest caution when deploying local differential privacy and reinforce the importance of efficient cryptographic techniques for emulating mechanisms from central differential privacy in distributed settings.

Date: 20 Sep 2019

PDF »Main page »


HybCache: Hybrid Side-Channel-Resilient Caches for Trusted Execution Environments

Authors: Ghada Dessouky, Tommaso Frassetto, Ahmad-Reza Sadeghi

Abstract: Modern multi-core processors share cache resources for maximum cache utilization and performance gains. However, this leaves the cache vulnerable to side-channel attacks, where timing differences in shared cache behavior are exploited to infer information on the victim's execution patterns, ultimately leaking private information. The root cause for these attacks is mutually distrusting processes sharing cache entries and accessing them in a deterministic manner. Various defenses against cache side-channel attacks have been proposed. However, they either degrade performance significantly, impose impractical restrictions, or can only defeat certain classes of these attacks. More importantly, they assume that side-channel-resilient caches are required for the entire execution workload and do not allow to selectively enable the mitigation only for the security-critical portion of the workload. We present a generic mechanism for a flexible and soft partitioning of set-associative caches and propose a hybrid cache architecture, called HybCache. HybCache can be configured to selectively apply side-channel-resilient cache behavior only for isolated execution domains, while providing the non-isolated execution with conventional cache behavior, capacity and performance. An isolation domain can include one or more processes, specific portions of code, or a Trusted Execution Environment. We show that, with minimal hardware modifications and kernel support, HybCache can provide side-channel-resilient cache only for isolated execution with a performance overhead of 3.5-5%, while incurring no performance overhead for the remaining execution workload. We provide a simulator-based and hardware implementation of HybCache to evaluate the performance and area overheads, and show how it mitigates typical access-based and contention-based cache attacks.

Comment: Accepted on 18 June 2019 to appear in USENIX Security 2020

Date: 20 Sep 2019

PDF »Main page »


Output-sensitive Information flow analysis

Authors: Cristian Ene, Laurent Mounier, Marie-Laure Potet

Abstract: Constant-time programming is a countermeasure to prevent cache based attacks where programs should not perform memory accesses that depend on secrets. In some cases this policy can be safely relaxed if one can prove that the program does not leak more information than the public outputs of the computation. We propose a novel approach for verifying constant-time programming based on a new information flow property, called output-sensitive noninterference. Noninterference states that a public observer cannot learn anything about the private data. Since real systems need to intentionally declassify some information, this property is too strong in practice. In order to take into account public outputs we proceed as follows: instead of using complex explicit declassification policies, we partition variables in three sets: input, output and leakage variables. Then, we propose a typing system to statically check that leakage variables do not leak more information about the secret inputs than the public normal output. The novelty of our approach is that we track the dependence of leakage variables with respect not only to the initial values of input variables (as in classical approaches for noninterference), but taking also into account the final values of output variables. We adapted this approach to LLVM IR and we developed a prototype to verify LLVM implementations.

Date: 20 Sep 2019

PDF »Main page »


Augmenting Encrypted Search: A Decentralized Service Realization with Enforced Execution

Authors: Shengshan Hu, Chengjun Cai, Qian Wang, Cong Wang, Minghui Li, Zhibo Wang, Dengpan Ye

Abstract: Searchable symmetric encryption (SSE) allows the data owner to outsource an encrypted database to a remote server in a private manner while maintaining the ability for selectively search. So far, most existing solutions focus on an honest-but-curious server, while security designs against a malicious server have not drawn enough attention. A few recent works have attempted to construct verifiable SSE that enables the data owner to verify the integrity of search results. Nevertheless, these verification mechanisms are highly dependent on specific SSE schemes, and fail to support complex queries. A general verification mechanism is desired that can be applied to all SSE schemes. In this work, instead of concentrating on a central server, we explore the potential of the smart contract, an emerging blockchain-based decentralized technology, and construct decentralized SSE schemes where the data owner can receive correct search results with assurance without worrying about potential wrongdoings of a malicious server. We study both public and private blockchain environments and propose two designs with a trade-off between security and efficiency. To better support practical applications, the multi-user setting of SSE is further investigated where the data owner allows authenticated users to search keywords in shared documents. We implement prototypes of our two designs and present experiments and evaluations to demonstrate the practicability of our decentralized SSE schemes.

Date: 20 Sep 2019

PDF »Main page »


Making Code Re-randomization Practical with MARDU

Authors: Christopher Jelesnianski, Jinwoo Yom, Changwoo Min, Yeongjin Jang

Abstract: Defense techniques such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) were the early role models preventing primitive code injection and return-oriented programming (ROP) attacks. Notably, these techniques did so in an elegant and utilitarian manner, keeping performance and scalability in the forefront, making them one of the few widely-adopted defense techniques. As code re-use has evolved in complexity from JIT-ROP, to BROP and data-only attacks, defense techniques seem to have tunneled on defending at all costs, losing-their-way in pragmatic defense design. Some fail to provide comprehensive coverage, being too narrow in scope, while others provide unrealistic overheads leaving users willing to take their chances to maintain performance expectations. We present Mardu, an on-demand system-wide re-randomization technique that improves re-randomization and refocuses efforts to simultaneously embrace key characteristics of defense techniques: security, performance, and scalability. Our code sharing with diversification is achieved by implementing reactive and scalable, rather than continuous or one-time diversification while the use of hardware supported eXecute-only Memory (XoM) and shadow stack prevent memory disclosure; entwining and enabling code sharing further minimizes needed tracking, patching costs, and memory overhead. Mardu's evaluation shows performance and scalability to have low average overhead in both compute-intensive (5.5% on SPEC) and real-world applications (4.4% on NGINX). With this design, Mardu demonstrates that strong and scalable security guarantees are possible to achieve at a practical cost to encourage deployment.

Date: 20 Sep 2019

PDF »Main page »


Kinetic Song Comprehension: Deciphering Personal Listening Habits via Phone Vibrations

Authors: Richard Matovu, Isaac Griswold-Steiner, Abdul Serwadda

Abstract: Music is an expression of our identity, showing a significant correlation with other personal traits, beliefs, and habits. If accessed by a malicious entity, an individual's music listening habits could be used to make critical inferences about the user. In this paper, we showcase an attack in which the vibrations propagated through a user's phone while playing music via its speakers can be used to detect and classify songs. Our attack shows that known songs can be detected with an accuracy of just under 80%, while a corpus of 100 songs can be classified with an accuracy greater than 80%. We investigate such questions under a wide variety of experimental scenarios involving three surfaces and five phone speaker volumes. Although users can mitigate some of the risk by using a phone cover to dampen the vibrations, we show that a sophisticated attacker could adapt the attack to still classify songs with a decent accuracy. This paper demonstrates a new way in which motion sensor data can be leveraged to intrude on user music preferences without their express permission. Whether this information is leveraged for financial gain or political purposes, our research makes a case for why more rigorous methods of protecting user data should be utilized by companies, and if necessary, individuals.

Comment: 25 pages, 14 figures

Date: 19 Sep 2019

PDF »Main page »


Detecting malicious logins as graph anomalies

Authors: Brian A. Powell

Abstract: Authenticated lateral movement via compromised accounts is a common adversarial maneuver that is challenging to discover with signature- or rules-based intrusion detection systems. In this work a behavior-based approach to detecting malicious logins to novel systems indicative of lateral movement is presented, in which a user's historical login activity is used to build a model of putative "normal" behavior. This historical login activity is represented as a collection of daily login graphs, which encode authentications among accessed systems. Each system, or graph vertex, is described by a set of graph centrality measures that characterize it and the local topology of its login graph. The unsupervised technique of non-negative matrix factorization is then applied to this set of features to assign each vertex to a role that summarizes how the system participates in logins. The reconstruction error quantifying how well each vertex fits into its role is then computed, and the statistics of this error can be used to identify outlier vertices that correspond to systems involved in unusual logins. We test this technique with a small cohort of privileged accounts using real login data from an operational enterprise network. The ability of the method to identify malicious logins among normal activity is tested with simulated graphs of login activity representative of adversarial lateral movement. We find that the method is generally successful at detecting a broad range of lateral movement for each user, with false positive rates significantly lower than those resulting from alerts based solely on login novelty.

Comment: 10 pages, 8 figures

Date: 19 Sep 2019

PDF »Main page »


A New Method for Geometric Interpretation of Elliptic Curve Discrete Logarithm Problem

Authors: Daniele Di Tullio, Ankan Pal

Abstract: In this paper, we intend to study the geometric meaning of the discrete logarithm problem defined over an Elliptic Curve. The key idea is to reduce the Elliptic Curve Discrete Logarithm Problem (EC-DLP) into a system of equations. These equations arise from the interesection of quadric hypersurfaces in an affine space of lower dimension. In cryptography, this interpretation can be used to design attacks on EC-DLP. Presently, the best known attack algorithm having a sub-exponential time complexity is through the implementation of Summation Polynomials and Weil Descent. It is expected that the proposed geometric interpretation can result in faster reduction of the problem into a system of equations. These overdetermined system of equations are hard to solve. We have used F4 (Faugere) algorithms and got results for primes less than 500,000. Quantum Algorithms can expedite the process of solving these over-determined system of equations. In the absence of fast algorithms for computing summation polynomials, we expect that this could be an alternative. We do not claim that the proposed algorithm would be faster than Shor's algorithm for breaking EC-DLP but this interpretation could be a candidate as an alternative to the 'summation polynomial attack' in the post-quantum era.

Date: 19 Sep 2019

PDF »Main page »


Adversarial Vulnerability Bounds for Gaussian Process Classification

Authors: Michael Thomas Smith, Kathrin Grosse, Michael Backes, Mauricio A Alvarez

Abstract: Machine learning (ML) classification is increasingly used in safety-critical systems. Protecting ML classifiers from adversarial examples is crucial. We propose that the main threat is that of an attacker perturbing a confidently classified input to produce a confident misclassification. To protect against this we devise an adversarial bound (AB) for a Gaussian process classifier, that holds for the entire input domain, bounding the potential for any future adversarial method to cause such misclassification. This is a formal guarantee of robustness, not just an empirically derived result. We investigate how to configure the classifier to maximise the bound, including the use of a sparse approximation, leading to the method producing a practical, useful and provably robust classifier, which we test using a variety of datasets.

Comment: 10 pages + 2 pages references + 7 pages of supplementary. 12 figures. Submitted to AAAI

Date: 19 Sep 2019

PDF »Main page »


Biometric Face Presentation Attack Detection with Multi-Channel Convolutional Neural Network

Authors: Anjith George, Zohreh Mostaani, David Geissenbuhler, Olegs Nikisins, Andre Anjos, Sebastien Marcel

Abstract: Face recognition is a mainstream biometric authentication method. However, vulnerability to presentation attacks (a.k.a spoofing) limits its usability in unsupervised applications. Even though there are many methods available for tackling presentation attacks (PA), most of them fail to detect sophisticated attacks such as silicone masks. As the quality of presentation attack instruments improves over time, achieving reliable PA detection with visual spectra alone remains very challenging. We argue that analysis in multiple channels might help to address this issue. In this context, we propose a multi-channel Convolutional Neural Network based approach for presentation attack detection (PAD). We also introduce the new Wide Multi-Channel presentation Attack (WMCA) database for face PAD which contains a wide variety of 2D and 3D presentation attacks for both impersonation and obfuscation attacks. Data from different channels such as color, depth, near-infrared and thermal are available to advance the research in face PAD. The proposed method was compared with feature-based approaches and found to outperform the baselines achieving an ACER of 0.3% on the introduced dataset. The database and the software to reproduce the results are made available publicly.

Comment: 16 pages

Date: 19 Sep 2019

PDF »Main page »


Loading ...