# PapersCutA shortcut to recent security papers

### Arxiv

#### LinBFT: Linear-Communication Byzantine Fault Tolerance for Public Blockchains

Authors: Yin Yang

Abstract: This paper presents LinBFT, a novel Byzantine fault tolerance (BFT) protocol for blockchain systems that achieves amortized O(n) communication volume per block under reasonable conditions (where n is the number of participants), while satisfying determinist guarantees on safety and liveness. This significantly improves previous results, which either incurs quadratic communication complexity, or only satisfies safety in a probabilistic sense. LinBFT is based on the popular PBFT protocol, and cuts down its $O(n^4)$ complexity with three tricks, each by $O(n)$: linear view change, threshold signatures, and verifiable random functions. All three are known, i.e., the solutions are right in front of our eyes, and yet LinBFT is the first $O(n)$ solution with deterministic security guarantees. Further, LinBFT also addresses issues that are specific to permission-less, public blockchain systems, such as anonymous participants without a public-key infrastructure, proof-of-stake with slashing, rotating leader, and a dynamic participant set. In addition, LinBFT contains no proof-of-work module, reaches consensus for every block, and tolerates changing honesty of the participants for different blocks.

Date: 5 Jul 2018

#### A New Look at the Refund Mechanism in the Bitcoin Payment Protocol

Authors: Sepideh Avizheh, Reihaneh Safavi-Naini, Siamak F. Shahandashti

Abstract: BIP70 is the Bitcoin payment protocol for communication between a merchant and a pseudonymous customer. McCorry et al. (FC~2016) showed that BIP70 is prone to refund attacks and proposed a fix that requires the customer to sign their refund request. They argued that this minimal change will provide resistance against refund attacks. In this paper, we point out the drawbacks of McCorry et al.'s fix and propose a new approach for protection against refund attacks using the Bitcoin multi-signature mechanism. Our solution does not rely on merchants storing refund requests, and unlike the previous solution, allows updating refund addresses through email. We discuss the security of our proposed method and compare it with the previous solution. We also propose a novel application of our refund mechanism in providing anonymity for payments between a payer and payee in which merchants act as mixing servers. We finally discuss how to combine the above two mechanisms in a single payment protocol to have an anonymous payment protocol secure against refund attacks.

Comment: 22 pages, 6 figures, This paper has been accepted to Financial Cryptography and Data Security 2018

Date: 4 Jul 2018

#### On the Incomparability of Cache Algorithms in Terms of Timing Leakage

Authors: Pablo Cañones, Boris Köpf, Jan Reineke

Abstract: Modern computer architectures rely on caches to reduce the latency gap between the CPU and main memory. While indispensable for performance, caches pose a serious threat to security because they leak information about memory access patterns of programs via execution time. In this paper, we present a novel approach for reasoning about the security of cache algorithms with respect to timing leaks. The basis of our approach is the notion of leak competitiveness, which compares the leakage of two cache algorithms on every possible program. Based on this notion, we prove the following two results: First, we show that leak competitiveness is symmetric in the cache algorithms. This implies that no cache algorithm dominates another in terms of leakage via a program's total execution time. This is in contrast to performance, where it is known that such dominance relationships exist. Second, when restricted to caches with finite control, the leak-competitiveness relationship between two cache algorithms is either asymptotically linear or constant. No other shapes are possible.

Date: 3 Jul 2018

#### Design of a New Stream Cipher: PARS

Authors: Mohammadreza Ashouri

Abstract: In this paper, a new stream cipher is designed as a clock-controlled one but with a new mechanism of altering steps based on system theory in such a way that the structures used in it are resistant to conventional attacks. Our proposed algorithm (PARS) uses the main key with the length of 256 bits and a 32-bit message key. The most important criteria considered in designing the PARS are resistance to known attacks, maximum period, high linear complexity, and good statistical properties, so the output keystream is very similar to the perfectly random sequences and resistant to conventional attacks such as correlation attacks, algebraic attack, divide & conquer attack and time-memory tradeoff attack. The base structure of the PARS is a clock-controlled combination generator with memory and we obtained all the features according to design criteria with this structure. PARS can be used in many applications, especially for financial cryptography due to its proper security features.

Date: 3 Jul 2018

#### RUMA: On the Analysis of Defenses based on Misaligned Accesses

Authors: Daehee Jang, Jongwhan Kim, Minjoon Park, Yunjong Jung, Minsu Kim, Hojoon Lee, Brent Byunghoon Kang

Abstract: The adoption of randomness against heap layout has rendered a good portion of heap vulnerabilities unexploitable. However, some remnants of vulnerabilities are still exploitable even under the randomized heap layout. According to our analysis, such heap exploits often require pointer-width allocation granularity to inject fake pointers. To address such problem, we explore the efficacy of adopting byte-level (unaligned or misaligned) allocation granularity as part of the heap exploit defenses since the pointer-spraying attack techniques are increasing. Heap randomization, in general, has been a well-trodden area. However, the efficacy of byte granularity randomization has never been fully explored as it involves unaligned heap memory access which degrades performance and raises compatibility issues. In this paper, we discuss byte-granularity heap randomization; and conduct comprehensive analysis in three folds: (i) security mitigation effectiveness, (ii) performance impact, and (iii) compatibility with existing applications. Moreover, we designed a new heap allocator (RUMA) considering the analysis results. Security discussion is based on case studies using 20 publicly disclosed heap vulnerabilities. Performance and compatibility analysis are based on cycle-level microbenchmark, SPEC2006, Coreutils, Nginx, and ChakraCore.

Comment: 12 pages

Date: 3 Jul 2018

#### Securing Input Data of Deep Learning Inference Systems via Partitioned Enclave Execution

Authors: Zhongshu Gu, Heqing Huang, Jialong Zhang, Dong Su, Ankita Lamba, Dimitrios Pendarakis, Ian Molloy

Abstract: Deep learning systems have been widely deployed as backend engines of artificial intelligence (AI) services for their approaching-human performance in cognitive tasks. However, end users always have some concerns about the confidentiality of their provisioned input data, even for those reputable AI service providers. Accidental disclosures of sensitive user data might unexpectedly happen due to security breaches, exploited vulnerabilities, neglect, or insiders. In this paper, we systematically investigate the potential information exposure in deep learning based AI inference systems. Based on our observation, we develop DeepEnclave, a privacy-enhancing system to mitigate sensitive information disclosure in deep learning inference pipelines. The key innovation is to partition deep learning models and leverage secure enclave techniques on cloud infrastructures to cryptographically protect the confidentiality and integrity of user inputs. We formulate the information exposure problem as a reconstruction privacy attack and quantify the adversary's capabilities with different attack strategies. Our comprehensive security analysis and performance measurement can act as a guideline for end users to determine their principle of partitioning deep neural networks, thus to achieve maximum privacy guarantee with acceptable performance overhead.

Comment: 14 pages, 11 figures

Date: 3 Jul 2018

#### BesFS: Mechanized Proof of an Iago-Safe Filesystem for Enclaves

Authors: Shweta Shinde, Shengyi Wang, Pinghai Yuan, Aquinas Hobor, Abhik Roychoudhury, Prateek Saxena

Abstract: New trusted computing primitives such as Intel SGX have shown the feasibility of running user-level applications in enclaves on a commodity trusted processor without trusting a large OS. However, the OS can compromise the integrity of the applications via the system call interface by tampering the return values. This class of attacks (commonly referred to as Iago attacks) have been shown to be powerful enough to execute arbitrary logic in enclave programs. To this end, we present BesFS -- a formal and provably Iago-safe API specification for the filesystem subset of the POSIX interface. We prove 118 lemmas and 2 key theorems in 3676 lines of CoQ proof scripts, which directly proves safety properties of BesFS implementation. BesFS API is expressive enough to support 17 real applications we test, and this principled approach eliminates several bugs. BesFS integrates into existing SGX-enabled applications with minimal impact to TCB (less than 750 LOC), and it can serve as concrete test oracle for other hand-coded Iago-safety checks.

Date: 2 Jul 2018

#### Intrusion Detection Systems for Networked Unmanned Aerial Vehicles: A Survey

Authors: Gaurav Choudhary, Vishal Sharma, Ilsun You, Kangbin Yim, Ing-Ray Chen, Jin-Hee Cho

Abstract: Unmanned Aerial Vehicles (UAV)-based civilian or military applications become more critical to serving civilian and/or military missions. The significantly increased attention on UAV applications also has led to security concerns particularly in the context of networked UAVs. Networked UAVs are vulnerable to malicious attacks over open-air radio space and accordingly, intrusion detection systems (IDSs) have been naturally derived to deal with the vulnerabilities and/or attacks. In this paper, we briefly survey the state-of-the-art IDS mechanisms that deal with vulnerabilities and attacks under networked UAV environments. In particular, we classify the existing IDS mechanisms according to information gathering sources, deployment strategies, detection methods, detection states, IDS acknowledgment, and intrusion types. We conclude this paper with research challenges, insights, and future research directions to propose a networked UAV-IDS system which meets required standards of effectiveness and efficiency in terms of the goals of both security and performance.

Comment: 6 pages, 2 figures

Date: 2 Jul 2018

#### Practical Cryptographic Data Integrity Protection with Full Disk Encryption Extended Version

Authors: Milan Broz, Mikulas Patocka, Vashek Matyas

Abstract: Full Disk Encryption (FDE) has become a widely used security feature. Although FDE can provide confidentiality, it generally does not provide cryptographic data integrity protection. We introduce an algorithm-agnostic solution that provides both data integrity and confidentiality protection at the disk sector layer. Our open-source solution is intended for drives without any special hardware extensions and is based on per-sector metadata fields implemented in software. Our implementation has been included in the Linux kernel since the version 4.12. This is extended version of our article that appears in IFIP SEC 2018 conference proceedings.

Date: 1 Jul 2018

#### A Predictable Incentive Mechanism for TrueBit

Authors: Julia Koch, Christian Reitwiessner

Abstract: TrueBit is a protocol that uses interactive verification to allow a resource-constrained computation environment like a blockchain to perform much larger computations than usual in a trusted way. As long as a single honest participant is present to verify the computation, an invalid computation cannot get accepted. In TrueBit, the presence of such a verifier is incentivised by randomly injected forced errors. Additionally, in order to counter sybil attacks, the reward for finding an error drops off exponentially with the number of challengers. The main drawback of this mechanism is that it makes it very hard to predict whether participation will be profitable or not. To even out the rewards, we propose to randomly select multiple solvers from a pool and evenly share the fees among them, while still allowing outside challengers. Furthermore, a proof of independent execution will make it harder to establish computation pools which share computation results.

Date: 29 Jun 2018

Loading ...