首页 > 最新文献

Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security最新文献

英文 中文
Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives 使用未受保护的原语保护内存加密和身份验证免受侧信道攻击
Thomas Unterluggauer, M. Werner, S. Mangard
Memory encryption is used in many devices to protect memory content from attackers with physical access to a device. However, many current memory encryption schemes can be broken using Differential Power Analysis (DPA). In this work, we present MEAS---the first Memory Encryption and Authentication Scheme providing security against DPA attacks. The scheme combines ideas from fresh re-keying and authentication trees by storing encryption keys in a tree structure to thwart first-order DPA without the need for DPA-protected cryptographic primitives. Therefore, the design strictly limits the use of every key to encrypt at most two different plaintext values. MEAS prevents higher-order DPA without changes to the cipher implementation by using masking of the plaintext values. MEAS is applicable to all kinds of memory, e.g., NVM and RAM, and has memory overhead comparable to existing memory authentication techniques without DPA protection, e.g., 7.3% for a block size fitting standard disk sectors.
许多设备都使用内存加密来保护内存内容,防止攻击者对设备进行物理访问。然而,许多当前的内存加密方案可以使用差分功率分析(DPA)来破解。在这项工作中,我们提出了MEAS——第一个内存加密和身份验证方案,提供针对DPA攻击的安全性。该方案通过将加密密钥存储在树结构中来阻止一阶DPA,而不需要DPA保护的加密原语,从而结合了新密钥和身份验证树的思想。因此,该设计严格限制每个密钥的使用,最多只能加密两个不同的明文值。MEAS通过使用明文值的屏蔽来防止高阶DPA,而无需更改密码实现。MEAS适用于所有类型的内存,例如NVM和RAM,其内存开销与没有DPA保护的现有内存认证技术相当,例如,适合标准磁盘扇区的块大小为7.3%。
{"title":"Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives","authors":"Thomas Unterluggauer, M. Werner, S. Mangard","doi":"10.1145/3052973.3052985","DOIUrl":"https://doi.org/10.1145/3052973.3052985","url":null,"abstract":"Memory encryption is used in many devices to protect memory content from attackers with physical access to a device. However, many current memory encryption schemes can be broken using Differential Power Analysis (DPA). In this work, we present MEAS---the first Memory Encryption and Authentication Scheme providing security against DPA attacks. The scheme combines ideas from fresh re-keying and authentication trees by storing encryption keys in a tree structure to thwart first-order DPA without the need for DPA-protected cryptographic primitives. Therefore, the design strictly limits the use of every key to encrypt at most two different plaintext values. MEAS prevents higher-order DPA without changes to the cipher implementation by using masking of the plaintext values. MEAS is applicable to all kinds of memory, e.g., NVM and RAM, and has memory overhead comparable to existing memory authentication techniques without DPA protection, e.g., 7.3% for a block size fitting standard disk sectors.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"56 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73492489","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Android Database Attacks Revisited Android数据库攻击重见天日
Behnaz Hassanshahi, R. Yap
Many Android apps (applications) employ databases for managing sensitive data, thus, security of their databases is a concern. In this paper, we systematically study attacks targeting databases in benign Android apps. In addition to studying database vulnerabilities accessed from content providers, we define and study a new class of database vulnerabilities. We propose an analysis framework to find such vulnerabilities with a proof-of-concept exploit. Our analysis combines static dataflow analysis, symbolic execution with models for handling complex objects such as URIs and dynamic testing. We evaluate our analysis on popular Android apps, successfully finding many database vulnerabilities. Surprisingly, our analyzer finds new ways to exploit previously reported and fixed vulnerabilities. Finally, we propose a fine-grained protection mechanism extending the manifest to protect against database attacks.
许多Android应用程序(应用程序)使用数据库来管理敏感数据,因此,数据库的安全性是一个问题。在本文中,我们系统地研究了针对良性Android应用程序中数据库的攻击。除了研究从内容提供者访问的数据库漏洞外,我们还定义和研究了一类新的数据库漏洞。我们提出了一个分析框架,通过概念验证漏洞来发现此类漏洞。我们的分析结合了静态数据流分析、符号执行以及处理复杂对象(如uri)和动态测试的模型。我们对流行的Android应用程序进行了分析,成功发现了许多数据库漏洞。令人惊讶的是,我们的分析器发现了利用先前报告和修复的漏洞的新方法。最后,我们提出了一种细粒度的保护机制,扩展清单以防止数据库攻击。
{"title":"Android Database Attacks Revisited","authors":"Behnaz Hassanshahi, R. Yap","doi":"10.1145/3052973.3052994","DOIUrl":"https://doi.org/10.1145/3052973.3052994","url":null,"abstract":"Many Android apps (applications) employ databases for managing sensitive data, thus, security of their databases is a concern. In this paper, we systematically study attacks targeting databases in benign Android apps. In addition to studying database vulnerabilities accessed from content providers, we define and study a new class of database vulnerabilities. We propose an analysis framework to find such vulnerabilities with a proof-of-concept exploit. Our analysis combines static dataflow analysis, symbolic execution with models for handling complex objects such as URIs and dynamic testing. We evaluate our analysis on popular Android apps, successfully finding many database vulnerabilities. Surprisingly, our analyzer finds new ways to exploit previously reported and fixed vulnerabilities. Finally, we propose a fine-grained protection mechanism extending the manifest to protect against database attacks.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"13 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81889087","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Memory Safety for Embedded Devices with nesCheck 使用nesCheck的嵌入式设备的内存安全性
Daniele Midi, Mathias Payer, E. Bertino
Applications for TinyOS, a popular operating system for embedded systems and wireless sensor networks, are written in nesC, a C dialect prone to the same type and memory safety vulnerabilities as C. While availability and integrity are critical requirements, the distributed and concurrent nature of such applications, combined with the intrinsic unsafety of the language, makes those security goals hard to achieve. Traditional memory safety techniques cannot be applied, due to the strict platform constraints and hardware differences of embedded systems. We design nesCheck, an approach that combines static analysis and dynamic checking to automatically enforce memory safety on nesC programs without requiring source modifications. nesCheck analyzes the source code, identifies the minimal conservative set of vulnerable pointers, finds static memory bugs, and instruments the code with the required dynamic runtime checks. Our prototype extends the existing TinyOS compiler toolchain with LLVM-based passes. Our evaluation shows that nesCheck effectively and efficiently enforces memory protection, catching all memory errors with an overhead of 0.84% on energy, 5.3% on code size, up to 8.4% on performance, and 16.7% on RAM.
TinyOS是一种流行的嵌入式系统和无线传感器网络操作系统,它的应用程序是用nesC编写的,nesC是一种C语言,容易出现与C相同的类型和内存安全漏洞。尽管可用性和完整性是关键要求,但这种应用程序的分布式和并发性,再加上语言本身的不安全性,使得这些安全目标很难实现。由于嵌入式系统严格的平台约束和硬件差异,传统的内存安全技术无法应用。我们设计了nesCheck,这是一种结合了静态分析和动态检查的方法,可以在不需要修改源代码的情况下自动执行nesC程序的内存安全。nesCheck分析源代码,识别最小保守的易受攻击的指针集,发现静态内存错误,并使用所需的动态运行时检查来检测代码。我们的原型扩展了现有的TinyOS编译器工具链,使用基于llvm的通道。我们的评估表明,nesCheck有效地执行内存保护,捕获所有内存错误,能耗为0.84%,代码大小为5.3%,性能为8.4%,RAM为16.7%。
{"title":"Memory Safety for Embedded Devices with nesCheck","authors":"Daniele Midi, Mathias Payer, E. Bertino","doi":"10.1145/3052973.3053014","DOIUrl":"https://doi.org/10.1145/3052973.3053014","url":null,"abstract":"Applications for TinyOS, a popular operating system for embedded systems and wireless sensor networks, are written in nesC, a C dialect prone to the same type and memory safety vulnerabilities as C. While availability and integrity are critical requirements, the distributed and concurrent nature of such applications, combined with the intrinsic unsafety of the language, makes those security goals hard to achieve. Traditional memory safety techniques cannot be applied, due to the strict platform constraints and hardware differences of embedded systems. We design nesCheck, an approach that combines static analysis and dynamic checking to automatically enforce memory safety on nesC programs without requiring source modifications. nesCheck analyzes the source code, identifies the minimal conservative set of vulnerable pointers, finds static memory bugs, and instruments the code with the required dynamic runtime checks. Our prototype extends the existing TinyOS compiler toolchain with LLVM-based passes. Our evaluation shows that nesCheck effectively and efficiently enforces memory protection, catching all memory errors with an overhead of 0.84% on energy, 5.3% on code size, up to 8.4% on performance, and 16.7% on RAM.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"201 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76987489","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
SGX-Log: Securing System Logs With SGX SGX- log:使用SGX保护系统日志
Vishal M. Karande, Erick Bauman, Zhiqiang Lin, L. Khan
System logs are the greatest forensics assets that capture how an operating system or a program behaves. System logs are often the next immediate attack target once a system is compromised, and it is thus paramount to protect them. This paper introduces SGX-Log, a new logging system that ensures the integrity and confidentiality of log data. The key idea is to redesign a logging system by leveraging a recent hardware extension, called Intel SGX, which provides a secure enclave with sealing and unsealing primitives to protect program code and data in both memory and disk from being modified in an unauthorized manner even from high privilege code. We have implemented SGX-Log atop the recent Ubuntu 14.04 for secure logging using real SGX hardware. Our evaluation shows that SGX-Log introduces no observable performance overhead to the programs that generate the log requests, and it also imposes very small overhead to the log daemons.
系统日志是捕获操作系统或程序行为的最重要的取证资产。一旦系统被破坏,系统日志通常是下一个直接攻击目标,因此保护它们是至关重要的。SGX-Log是一种新型的测井系统,能够保证测井数据的完整性和保密性。关键思想是通过利用最近的硬件扩展(称为Intel SGX)重新设计日志系统,该扩展提供了一个安全的封装,其中包含密封和解密封原语,以保护内存和磁盘中的程序代码和数据不被以未经授权的方式修改,即使是来自高权限代码。我们在最近的Ubuntu 14.04上实现了SGX- log,使用真正的SGX硬件进行安全日志记录。我们的评估表明,SGX-Log没有给生成日志请求的程序带来可观察到的性能开销,而且它给日志守护进程带来的开销也非常小。
{"title":"SGX-Log: Securing System Logs With SGX","authors":"Vishal M. Karande, Erick Bauman, Zhiqiang Lin, L. Khan","doi":"10.1145/3052973.3053034","DOIUrl":"https://doi.org/10.1145/3052973.3053034","url":null,"abstract":"System logs are the greatest forensics assets that capture how an operating system or a program behaves. System logs are often the next immediate attack target once a system is compromised, and it is thus paramount to protect them. This paper introduces SGX-Log, a new logging system that ensures the integrity and confidentiality of log data. The key idea is to redesign a logging system by leveraging a recent hardware extension, called Intel SGX, which provides a secure enclave with sealing and unsealing primitives to protect program code and data in both memory and disk from being modified in an unauthorized manner even from high privilege code. We have implemented SGX-Log atop the recent Ubuntu 14.04 for secure logging using real SGX hardware. Our evaluation shows that SGX-Log introduces no observable performance overhead to the programs that generate the log requests, and it also imposes very small overhead to the log daemons.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"91 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77155195","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 97
What You See is Not What You Get: Leakage-Resilient Password Entry Schemes for Smart Glasses 你所看到的不是你得到的:智能眼镜的防泄漏密码输入方案
Yan Li, Yao Cheng, Yingjiu Li, R. Deng
Smart glasses are becoming popular for users to access various services such as email. To protect these services, password-based user authentication is widely used. Unfortunately, the password-based user authentication has inherent vulnerability against password leakage. Many efforts have been put on designing leakage-resilient password entry schemes on PCs and mobile phones with traditional input equipment including keyboards and touch screens. However, such traditional input equipment is not available on smart glasses. Existing password entry on smart glasses relies on additional PCs or mobile devices. Such solutions force users to switch between different systems, which causes interrupted experience and may lower the practicability and usability of smart glasses. In this paper, we propose a series of leakage-resilient password entry schemes on stand-alone smart glasses, which are gTapper, gRotator, and gTalker. These schemes ensure no leakage in password entry by breaking the correlation between the underlying password and the interaction observable to adversaries. They are practical in the sense that they only require a touch pad, a gyroscope, and a microphone which are commonly available on smart glasses. The usability of the proposed schemes is evaluated by user study under various test conditions which are common in users' daily usage. The results of our user study reveal that the proposed schemes are easy-to-use so that users enter their passwords within moderate time, at high accuracy, and in various situations.
智能眼镜正变得越来越流行,用户可以使用各种服务,如电子邮件。为了保护这些服务,基于密码的用户身份验证被广泛使用。不幸的是,基于密码的用户身份验证存在密码泄露的固有漏洞。很多人都在努力为pc和手机设计防泄漏密码输入方案,这些设备包括键盘和触摸屏等传统输入设备。然而,这种传统的输入设备在智能眼镜上是不可用的。智能眼镜上现有的密码输入依赖于额外的pc或移动设备。这样的解决方案迫使用户在不同的系统之间切换,导致体验中断,可能降低智能眼镜的实用性和可用性。在本文中,我们提出了一系列独立智能眼镜上的防泄漏密码输入方案,它们是gTapper, gRotator和gTalker。这些方案通过打破底层密码与攻击者可观察到的交互之间的相关性来确保密码输入不泄露。它们在某种意义上是实用的,因为它们只需要一个触摸板、一个陀螺仪和一个智能眼镜上常见的麦克风。在用户日常使用中常见的各种测试条件下,通过用户研究来评估所提出方案的可用性。我们的用户研究结果表明,所提出的方案易于使用,因此用户可以在适当的时间内以高精度输入密码,并且可以在各种情况下输入密码。
{"title":"What You See is Not What You Get: Leakage-Resilient Password Entry Schemes for Smart Glasses","authors":"Yan Li, Yao Cheng, Yingjiu Li, R. Deng","doi":"10.1145/3052973.3053042","DOIUrl":"https://doi.org/10.1145/3052973.3053042","url":null,"abstract":"Smart glasses are becoming popular for users to access various services such as email. To protect these services, password-based user authentication is widely used. Unfortunately, the password-based user authentication has inherent vulnerability against password leakage. Many efforts have been put on designing leakage-resilient password entry schemes on PCs and mobile phones with traditional input equipment including keyboards and touch screens. However, such traditional input equipment is not available on smart glasses. Existing password entry on smart glasses relies on additional PCs or mobile devices. Such solutions force users to switch between different systems, which causes interrupted experience and may lower the practicability and usability of smart glasses. In this paper, we propose a series of leakage-resilient password entry schemes on stand-alone smart glasses, which are gTapper, gRotator, and gTalker. These schemes ensure no leakage in password entry by breaking the correlation between the underlying password and the interaction observable to adversaries. They are practical in the sense that they only require a touch pad, a gyroscope, and a microphone which are commonly available on smart glasses. The usability of the proposed schemes is evaluated by user study under various test conditions which are common in users' daily usage. The results of our user study reveal that the proposed schemes are easy-to-use so that users enter their passwords within moderate time, at high accuracy, and in various situations.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85543393","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
On the Robustness of RSA-OAEP Encryption and RSA-PSS Signatures Against (Malicious) Randomness Failures RSA-OAEP加密和RSA-PSS签名对(恶意)随机失效的鲁棒性研究
Jacob C. N. Schuldt, Kazumasa Shinagawa
It has recently become apparent that both accidental and maliciously caused randomness failures pose a real and serious threat to the security of cryptographic primitives, and in response, researchers have begone the development of primitives that provide robustness against these. In this paper, however, we focus on standardized, widely available primitives. Specifically, we analyze the RSA-OAEP encryption scheme and RSA-PSS signature schemes, specified in PKCS #1, using the related randomness security notion introduced by Paterson et al. (PKC 2014) and its extension to signature schemes. We show that, under the RSA and Φ-hiding assumptions, RSA-OAEP encryption is related randomness secure for a large class of related randomness functions in the random oracle model, as long as the recipient is honest, and remains secure even when additionally considering malicious recipients, as long as the related randomness functions does not allow the malicious recipients to efficiently compute the randomness used for the honest recipient. We furthermore show that, under the RSA assumption, the RSA-PSS signature scheme is secure for any class of related randomness functions, although with a non-tight security reduction. However, under additional, albeit somewhat restrictive assumptions on the related randomness functions and the adversary, a tight reduction can be recovered. Our results provides some reassurance regarding the use of RSA-OAEP and RSA-PSS in environments where randomness failures might be a concern. Lastly, we note that, unlike RSA-OAEP and RSA-PSS, several other schemes, including RSA-KEM, part of ISO 18033-2, and DHIES, part of IEEE P1363a, are not secure under simple repeated randomness attacks.
最近很明显,意外和恶意引起的随机故障对加密原语的安全性构成了真实而严重的威胁,作为回应,研究人员已经开始开发提供抗这些故障的鲁棒性的原语。然而,在本文中,我们关注的是标准化的、广泛可用的原语。具体来说,我们使用Paterson等人(PKC 2014)引入的相关随机安全概念及其对签名方案的扩展,分析pkcs# 1中指定的RSA-OAEP加密方案和RSA-PSS签名方案。我们表明,在RSA和Φ-hiding假设下,RSA- oaep加密对于随机oracle模型中的一大类相关随机函数是相关随机安全的,只要收件人是诚实的,并且即使在额外考虑恶意收件人时也保持安全,只要相关随机函数不允许恶意收件人有效地计算用于诚实收件人的随机性。我们进一步证明,在RSA假设下,RSA- pss签名方案对于任何一类相关的随机函数都是安全的,尽管具有非严格的安全性降低。然而,在对相关随机函数和对手的额外(尽管有些限制性)假设下,可以恢复严格的缩减。我们的结果为RSA-OAEP和RSA-PSS在可能关注随机故障的环境中的使用提供了一些保证。最后,我们注意到,与RSA-OAEP和RSA-PSS不同,其他一些方案,包括ISO 18033-2的一部分RSA-KEM和IEEE P1363a的一部分DHIES,在简单的重复随机性攻击下并不安全。
{"title":"On the Robustness of RSA-OAEP Encryption and RSA-PSS Signatures Against (Malicious) Randomness Failures","authors":"Jacob C. N. Schuldt, Kazumasa Shinagawa","doi":"10.1145/3052973.3053040","DOIUrl":"https://doi.org/10.1145/3052973.3053040","url":null,"abstract":"It has recently become apparent that both accidental and maliciously caused randomness failures pose a real and serious threat to the security of cryptographic primitives, and in response, researchers have begone the development of primitives that provide robustness against these. In this paper, however, we focus on standardized, widely available primitives. Specifically, we analyze the RSA-OAEP encryption scheme and RSA-PSS signature schemes, specified in PKCS #1, using the related randomness security notion introduced by Paterson et al. (PKC 2014) and its extension to signature schemes. We show that, under the RSA and Φ-hiding assumptions, RSA-OAEP encryption is related randomness secure for a large class of related randomness functions in the random oracle model, as long as the recipient is honest, and remains secure even when additionally considering malicious recipients, as long as the related randomness functions does not allow the malicious recipients to efficiently compute the randomness used for the honest recipient. We furthermore show that, under the RSA assumption, the RSA-PSS signature scheme is secure for any class of related randomness functions, although with a non-tight security reduction. However, under additional, albeit somewhat restrictive assumptions on the related randomness functions and the adversary, a tight reduction can be recovered. Our results provides some reassurance regarding the use of RSA-OAEP and RSA-PSS in environments where randomness failures might be a concern. Lastly, we note that, unlike RSA-OAEP and RSA-PSS, several other schemes, including RSA-KEM, part of ISO 18033-2, and DHIES, part of IEEE P1363a, are not secure under simple repeated randomness attacks.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"2012 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82618845","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Session details: Cloud Security 会话详细信息:云安全
D. Gollmann
{"title":"Session details: Cloud Security","authors":"D. Gollmann","doi":"10.1145/3248552","DOIUrl":"https://doi.org/10.1145/3248552","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"50 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89077012","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
DroidPill: Pwn Your Daily-Use Apps DroidPill:管理你的日常应用程序
Chaoting Xuan, Gong Chen, E. Stuntebeck
Nowadays, attacking and defending Android apps has be- come an arms race between black hats and white hats. In this paper, we explore a new hacking technique called the App Confusion Attack, which allows hackers to take full control of benign apps and their resources without device root- ing or privilege escalation. Conceptually, an App Confusion Attack hijacks the launching process of each benign app, and forces it to run in a virtual execution context controlled by hackers, instead of the native one provided by the Android Application Framework. This attack is furtive but lethal. When a user clicks on a benign app, the malicious alternative can be loaded and executed with an indistinguishable user interface. As a result, hackers can manipulate the communication between the benign app and the OS, including kernel and system services, and manipulate the code and data at will. To address this issue, we build DroidPill, a framework for malware creation that employs the app virtualization technique and the design flaws in Android to achieve such attacks with free apps. Our evaluation results and case studies show that DroidPill is practical and effective. Lastly, we conclude this work with several possible countermeasures to the App Confusion Attack.
如今,攻击和防御Android应用程序已经成为黑帽和白帽之间的军备竞赛。在本文中,我们探索了一种称为应用混淆攻击的新黑客技术,该技术允许黑客完全控制良性应用及其资源,而无需设备根或权限升级。从概念上讲,应用混淆攻击劫持了每个良性应用的启动过程,并迫使其在黑客控制的虚拟执行环境中运行,而不是由Android应用程序框架提供的本地环境。这种攻击隐蔽而致命。当用户点击一个良性应用程序时,恶意的替代程序就会被加载,并在一个无法区分的用户界面上执行。因此,黑客可以操纵良性应用程序与操作系统之间的通信,包括内核和系统服务,并随意操纵代码和数据。为了解决这个问题,我们构建了DroidPill,这是一个恶意软件创建框架,它利用应用程序虚拟化技术和Android的设计缺陷来实现免费应用程序的攻击。我们的评估结果和案例研究表明,DroidPill是实用有效的。最后,我们总结了针对应用程序混淆攻击的几种可能对策。
{"title":"DroidPill: Pwn Your Daily-Use Apps","authors":"Chaoting Xuan, Gong Chen, E. Stuntebeck","doi":"10.1145/3052973.3052986","DOIUrl":"https://doi.org/10.1145/3052973.3052986","url":null,"abstract":"Nowadays, attacking and defending Android apps has be- come an arms race between black hats and white hats. In this paper, we explore a new hacking technique called the App Confusion Attack, which allows hackers to take full control of benign apps and their resources without device root- ing or privilege escalation. Conceptually, an App Confusion Attack hijacks the launching process of each benign app, and forces it to run in a virtual execution context controlled by hackers, instead of the native one provided by the Android Application Framework. This attack is furtive but lethal. When a user clicks on a benign app, the malicious alternative can be loaded and executed with an indistinguishable user interface. As a result, hackers can manipulate the communication between the benign app and the OS, including kernel and system services, and manipulate the code and data at will. To address this issue, we build DroidPill, a framework for malware creation that employs the app virtualization technique and the design flaws in Android to achieve such attacks with free apps. Our evaluation results and case studies show that DroidPill is practical and effective. Lastly, we conclude this work with several possible countermeasures to the App Confusion Attack.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"110 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80554573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Session details: Password & Auth 2 会话详细信息:密码和授权
G. Tsudik
{"title":"Session details: Password & Auth 2","authors":"G. Tsudik","doi":"10.1145/3248555","DOIUrl":"https://doi.org/10.1145/3248555","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"16 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76647569","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Heterogeneous Rainbow Table Widths Provide Faster Cryptanalyses 异构彩虹表宽度提供更快的密码分析
Gildas Avoine, Xavier Carpent
Cryptanalytic time-memory trade-offs are techniques introduced by Hellman in 1980 to speed up exhaustive searches. Oechslin improved the original version with the introduction of rainbow tables in 2003. It is worth noting that this variant is nowadays used world-wide by security experts, notably to break passwords, and a key assumption is that rainbow tables are of equal width. We demonstrate in this paper that rainbow tables are underexploited due to this assumption never being challenged. We stress that the optimal width of each rainbow table should be individually -- although not independently -- calculated. So it goes for the memory allocated to each table. We also stress that visiting sequentially the rainbow tables is no longer optimal when considering tables with heterogeneous widths. We provide an algorithm to calculate the optimal configuration and a decision function to visit the tables. Our technique performs very well: it makes any TMTO based on rainbow tables 40% faster than its classical version.
密码分析的时间-记忆权衡是赫尔曼在1980年提出的加速穷举搜索的技术。Oechslin在2003年改进了最初的版本,引入了彩虹表。值得注意的是,这种变体如今被安全专家在全球范围内使用,尤其是用于破解密码,一个关键的假设是彩虹表的宽度是相等的。我们在本文中证明,由于这个假设从未受到挑战,彩虹表未被充分利用。我们强调,每个彩虹表的最佳宽度应该单独计算,尽管不是独立计算。所以它会占用分配给每个表的内存。我们还强调,当考虑具有异构宽度的表时,顺序访问彩虹表不再是最佳的。我们提供了计算最优配置的算法和访问表的决策函数。我们的技术性能非常好:它使任何基于彩虹表的TMTO比其经典版本快40%。
{"title":"Heterogeneous Rainbow Table Widths Provide Faster Cryptanalyses","authors":"Gildas Avoine, Xavier Carpent","doi":"10.1145/3052973.3053030","DOIUrl":"https://doi.org/10.1145/3052973.3053030","url":null,"abstract":"Cryptanalytic time-memory trade-offs are techniques introduced by Hellman in 1980 to speed up exhaustive searches. Oechslin improved the original version with the introduction of rainbow tables in 2003. It is worth noting that this variant is nowadays used world-wide by security experts, notably to break passwords, and a key assumption is that rainbow tables are of equal width. We demonstrate in this paper that rainbow tables are underexploited due to this assumption never being challenged. We stress that the optimal width of each rainbow table should be individually -- although not independently -- calculated. So it goes for the memory allocated to each table. We also stress that visiting sequentially the rainbow tables is no longer optimal when considering tables with heterogeneous widths. We provide an algorithm to calculate the optimal configuration and a decision function to visit the tables. Our technique performs very well: it makes any TMTO based on rainbow tables 40% faster than its classical version.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"10 2 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78332585","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
期刊
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1