Taeho Lee, C. Pappas, A. Perrig, V. Gligor, Yih-Chun Hu
We make a case for packet-replay suppression at the network layer, a concept that has been generally neglected. Our contribution is twofold. First, we demonstrate a new attack, the router-reflection attack, that can be launched using compromised routers. In this attack, a compromised router degrades the connectivity of a remote Internet region just by replaying packets. The attack is feasible even if all packets are attributed to their sources, i.e., source authentication is in place, and our evaluation shows that the threat is pervasive---candidate routers for compromise are in the order of hundreds or thousands. Second, we design an in-network mechanism for replay suppression. We start by showing that designing such a mechanism poses unsolved challenges and simple adaptations of end-to-end solutions are not sufficient. Then, we devise, analyze, and implement a highly efficient protocol that suppresses replayed traffic at the network layer without global time synchronization. Our software-router prototype can saturate a 10 Gbps link using only two CPU cores for packet processing.
{"title":"The Case for In-Network Replay Suppression","authors":"Taeho Lee, C. Pappas, A. Perrig, V. Gligor, Yih-Chun Hu","doi":"10.1145/3052973.3052988","DOIUrl":"https://doi.org/10.1145/3052973.3052988","url":null,"abstract":"We make a case for packet-replay suppression at the network layer, a concept that has been generally neglected. Our contribution is twofold. First, we demonstrate a new attack, the router-reflection attack, that can be launched using compromised routers. In this attack, a compromised router degrades the connectivity of a remote Internet region just by replaying packets. The attack is feasible even if all packets are attributed to their sources, i.e., source authentication is in place, and our evaluation shows that the threat is pervasive---candidate routers for compromise are in the order of hundreds or thousands. Second, we design an in-network mechanism for replay suppression. We start by showing that designing such a mechanism poses unsolved challenges and simple adaptations of end-to-end solutions are not sufficient. Then, we devise, analyze, and implement a highly efficient protocol that suppresses replayed traffic at the network layer without global time synchronization. Our software-router prototype can saturate a 10 Gbps link using only two CPU cores for packet processing.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74053869","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With more than 1.7 million daily users, Tor is a large-scale anonymity network that helps people to protect their identities in the Internet. Tor provides low-latency transmissions that can serve a wide range of applications including web browsing, which renders it an easily accessible tool for a large user base. Unfortunately, its wide adoption makes Tor a valuable target for de-anonymization attacks. Recent work proved that powerful traffic analysis attacks exist which enable an adversary to relate traffic streams in the network and identify users and accessed contents. One open research question in the field of anonymity networks therefore addresses efficient countermeasures to the class of traffic analysis attacks. Defensive techniques must improve the security features of existing networks while still providing an acceptable performance that can maintain the wide acceptance of a system. The proposed work presents an analysis of mixing strategies as a countermeasure to traffic analysis attacks in Tor. First simulation results indicate the security gains and performance impairments of three main mixing strategies.
{"title":"Traffic Analysis Attacks in Anonymity Networks","authors":"K. Kohls, C. Pöpper","doi":"10.1145/3052973.3055159","DOIUrl":"https://doi.org/10.1145/3052973.3055159","url":null,"abstract":"With more than 1.7 million daily users, Tor is a large-scale anonymity network that helps people to protect their identities in the Internet. Tor provides low-latency transmissions that can serve a wide range of applications including web browsing, which renders it an easily accessible tool for a large user base. Unfortunately, its wide adoption makes Tor a valuable target for de-anonymization attacks. Recent work proved that powerful traffic analysis attacks exist which enable an adversary to relate traffic streams in the network and identify users and accessed contents. One open research question in the field of anonymity networks therefore addresses efficient countermeasures to the class of traffic analysis attacks. Defensive techniques must improve the security features of existing networks while still providing an acceptable performance that can maintain the wide acceptance of a system. The proposed work presents an analysis of mixing strategies as a countermeasure to traffic analysis attacks in Tor. First simulation results indicate the security gains and performance impairments of three main mixing strategies.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90885777","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Modern operating systems are equipped with defenses that render legacy code injection attacks inoperable. However, attackers can bypass these defenses by crafting attacks that reuse existing code in a program's memory. One of the most common classes of attacks manipulates memory data used indirectly to execute code, such as function pointers. This is especially prevalent in C++ programs, since tables of function pointers (vtables) are used by all major compilers to support polymorphism. In this paper, we propose VCI, a binary rewriting system that secures C++ binaries against vtable attacks. VCI works directly on stripped binary files. It identifies and reconstructs various C++ semantics from the binary, and constructs a strict CFI policy by resolving and pairing virtual function calls (vcalls) with precise sets of target classes. The policy is enforced by instrumenting checks into the binary at vcall sites. Experimental results on SPEC CPU2006 and Firefox show that VCI is significantly more precise than state-of-the-art binary solutions. Testing against the ground truth from the source-based defense GCC VTV, VCI achieved greater than 60% precision in most cases, accounting for at least 48% to 99% additional reduction in the attack surface compared to the state-of-the-art binary defenses. VCI incurs a 7.79% average runtime overhead which is comparable to the state-of-the-art. In addition, we discuss how VCI defends against real-world attacks, and how it impacts advanced vtable reuse attacks such as COOP.
{"title":"Strict Virtual Call Integrity Checking for C++ Binaries","authors":"Mohamed Elsabagh, D. Fleck, A. Stavrou","doi":"10.1145/3052973.3052976","DOIUrl":"https://doi.org/10.1145/3052973.3052976","url":null,"abstract":"Modern operating systems are equipped with defenses that render legacy code injection attacks inoperable. However, attackers can bypass these defenses by crafting attacks that reuse existing code in a program's memory. One of the most common classes of attacks manipulates memory data used indirectly to execute code, such as function pointers. This is especially prevalent in C++ programs, since tables of function pointers (vtables) are used by all major compilers to support polymorphism. In this paper, we propose VCI, a binary rewriting system that secures C++ binaries against vtable attacks. VCI works directly on stripped binary files. It identifies and reconstructs various C++ semantics from the binary, and constructs a strict CFI policy by resolving and pairing virtual function calls (vcalls) with precise sets of target classes. The policy is enforced by instrumenting checks into the binary at vcall sites. Experimental results on SPEC CPU2006 and Firefox show that VCI is significantly more precise than state-of-the-art binary solutions. Testing against the ground truth from the source-based defense GCC VTV, VCI achieved greater than 60% precision in most cases, accounting for at least 48% to 99% additional reduction in the attack surface compared to the state-of-the-art binary defenses. VCI incurs a 7.79% average runtime overhead which is comparable to the state-of-the-art. In addition, we discuss how VCI defends against real-world attacks, and how it impacts advanced vtable reuse attacks such as COOP.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79192638","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents BRIDEMAID, a framework which exploits an approach static and dynamic for accurate detection of Android malware. The static analysis is based on n-grams matching, whilst the dynamic analysis is based on multi-level monitoring of device, app and user behavior. The framework has been tested against 2794 malicious apps reporting a detection accuracy of 99,7% and a negligible false positive rate, tested on a set of 10k genuine apps.
{"title":"BRIDEMAID: An Hybrid Tool for Accurate Detection of Android Malware","authors":"F. Martinelli, F. Mercaldo, A. Saracino","doi":"10.1145/3052973.3055156","DOIUrl":"https://doi.org/10.1145/3052973.3055156","url":null,"abstract":"This paper presents BRIDEMAID, a framework which exploits an approach static and dynamic for accurate detection of Android malware. The static analysis is based on n-grams matching, whilst the dynamic analysis is based on multi-level monitoring of device, app and user behavior. The framework has been tested against 2794 malicious apps reporting a detection accuracy of 99,7% and a negligible false positive rate, tested on a set of 10k genuine apps.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77676638","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this manuscript, we present a detailed case study about model-based attack detection procedures for Cyber-Physical Systems (CPSs). In particular, using EPANET (a simulation tool for water distribution systems), we simulate a Water Distribution Network (WDN). Using this data and sub-space identification techniques, an input-output Linear Time Invariant (LTI) model for the network is obtained. This model is used to derive a Kalman filter to estimate the evolution of the system dynamics. Then, residual variables are constructed by subtracting data coming from EPANET and the estimates of the Kalman filter. We use these residuals and the Bad-Data and the dynamic Cumulative Sum (CUSUM) change detection procedures for attack detection. Simulation results are presented - considering false data injection and zero-alarm attacks on sensor readings, and attacks on control input - to evaluate the performance of our model-based attack detection schemes. Finally, we derive upper bounds on the estimator-state deviation that zero-alarm attacks can induce.
{"title":"Model-based Attack Detection Scheme for Smart Water Distribution Networks","authors":"Chuadhry Mujeeb Ahmed, C. Murguia, Justin Ruths","doi":"10.1145/3052973.3053011","DOIUrl":"https://doi.org/10.1145/3052973.3053011","url":null,"abstract":"In this manuscript, we present a detailed case study about model-based attack detection procedures for Cyber-Physical Systems (CPSs). In particular, using EPANET (a simulation tool for water distribution systems), we simulate a Water Distribution Network (WDN). Using this data and sub-space identification techniques, an input-output Linear Time Invariant (LTI) model for the network is obtained. This model is used to derive a Kalman filter to estimate the evolution of the system dynamics. Then, residual variables are constructed by subtracting data coming from EPANET and the estimates of the Kalman filter. We use these residuals and the Bad-Data and the dynamic Cumulative Sum (CUSUM) change detection procedures for attack detection. Simulation results are presented - considering false data injection and zero-alarm attacks on sensor readings, and attacks on control input - to evaluate the performance of our model-based attack detection schemes. Finally, we derive upper bounds on the estimator-state deviation that zero-alarm attacks can induce.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81447923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Moving Target Defense(MTD) provides a promising solution to reduce the chance of weakness exposure by constantly changing the target's attack surface. Though lots of MTD technologies have been researched to defend network attacks, there is little systematic study on security assessment of MTD. This paper proposes a novel method to quantify the security of MTD system which based on three factors: Vulnerability Entropy, Attack Entropy and Attenuation Entropy. This assessment model provides a theoretical and practical guidance for building MTD system and improving MTD technology.
{"title":"Quantitative Security Assessment Method based on Entropy for Moving Target Defense","authors":"Duohe Ma, Liming Wang, Cheng Lei, Zhen Xu, Hongqi Zhang, Meng Li","doi":"10.1145/3052973.3055161","DOIUrl":"https://doi.org/10.1145/3052973.3055161","url":null,"abstract":"Moving Target Defense(MTD) provides a promising solution to reduce the chance of weakness exposure by constantly changing the target's attack surface. Though lots of MTD technologies have been researched to defend network attacks, there is little systematic study on security assessment of MTD. This paper proposes a novel method to quantify the security of MTD system which based on three factors: Vulnerability Entropy, Attack Entropy and Attenuation Entropy. This assessment model provides a theoretical and practical guidance for building MTD system and improving MTD technology.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86224726","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Functional encryption is a nice tool that bridges the gap between usability and privacy when providing access to huge databases: while being encrypted, aggregated information is available with a fine-tuned control by the owner of the database who can specify the functions he allows users to compute on the data. Unfortunately, giving access to several functions might leak too much information on the database, since once the decryption capability is given for a specific function, this is for an unlimited number of ciphertexts. In the particular case of the inner-product, if rows or records of the database contain l fields on which one got l independent inner-product capabilities, one can extract all the individual fields. On the other hand, the major applications that make use of inner-products, such as machine-learning, need to compute many of them. This paper deals with a practical trade-off in order to allow the computation of various inner-products, while still protecting the confidentiality of the data. To this aim, we introduce an oblivious helper, that will be required for any decryption-query, in order to control the leakage of information on the database. It should indeed learn just enough information to guarantee the confidentiality of the database, but without endangering the privacy of the queries.
{"title":"Functional Encryption with Oblivious Helper","authors":"Pierre-Alain Dupont, D. Pointcheval","doi":"10.1145/3052973.3052996","DOIUrl":"https://doi.org/10.1145/3052973.3052996","url":null,"abstract":"Functional encryption is a nice tool that bridges the gap between usability and privacy when providing access to huge databases: while being encrypted, aggregated information is available with a fine-tuned control by the owner of the database who can specify the functions he allows users to compute on the data. Unfortunately, giving access to several functions might leak too much information on the database, since once the decryption capability is given for a specific function, this is for an unlimited number of ciphertexts. In the particular case of the inner-product, if rows or records of the database contain l fields on which one got l independent inner-product capabilities, one can extract all the individual fields. On the other hand, the major applications that make use of inner-products, such as machine-learning, need to compute many of them. This paper deals with a practical trade-off in order to allow the computation of various inner-products, while still protecting the confidentiality of the data. To this aim, we introduce an oblivious helper, that will be required for any decryption-query, in order to control the leakage of information on the database. It should indeed learn just enough information to guarantee the confidentiality of the database, but without endangering the privacy of the queries.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91368122","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dennis Felsch, Christian Mainka, Vladislav Mladenov, Jörg Schwenk
Real-time editing tools like Google Docs, Microsoft Office Online, or Etherpad have changed the way of collaboration. Many of these tools are based on Operational Transforms (OT), which guarantee that the views of different clients onto a document remain consistent over time. Usually, documents and operations are exposed to the server in plaintext -- and thus to administrators, governments, and potentially cyber criminals. Therefore, it is highly desirable to work collaboratively on encrypted documents. Previous implementations do not unleash the full potential of this idea: They either require large storage, network, and computation overhead, are not real-time collaborative, or do not take the structure of the document into account. The latter simplifies the approach since only OT algorithms for byte sequences are required, but the resulting ciphertexts are almost four times the size of the corresponding plaintexts. We present SECRET, the first secure, efficient, and collaborative real-time editor. In contrast to all previous works, SECRET is the first tool that (1.) allows the encryption of whole documents or arbitrary sub-parts thereof, (2.) uses a novel combination of tree-based OT with a structure preserving encryption, and (3.) requires only a modern browser without any extra software installation or browser extension. We evaluate our implementation and show that its encryption overhead is three times smaller in comparison to all previous approaches. SECRET can even be used by multiple users in a low-bandwidth scenario. The source code of SECRET is published on GitHub as an open-source project:https://github.com/RUB-NDS/SECRET/
{"title":"SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor","authors":"Dennis Felsch, Christian Mainka, Vladislav Mladenov, Jörg Schwenk","doi":"10.1145/3052973.3052982","DOIUrl":"https://doi.org/10.1145/3052973.3052982","url":null,"abstract":"Real-time editing tools like Google Docs, Microsoft Office Online, or Etherpad have changed the way of collaboration. Many of these tools are based on Operational Transforms (OT), which guarantee that the views of different clients onto a document remain consistent over time. Usually, documents and operations are exposed to the server in plaintext -- and thus to administrators, governments, and potentially cyber criminals. Therefore, it is highly desirable to work collaboratively on encrypted documents. Previous implementations do not unleash the full potential of this idea: They either require large storage, network, and computation overhead, are not real-time collaborative, or do not take the structure of the document into account. The latter simplifies the approach since only OT algorithms for byte sequences are required, but the resulting ciphertexts are almost four times the size of the corresponding plaintexts. We present SECRET, the first secure, efficient, and collaborative real-time editor. In contrast to all previous works, SECRET is the first tool that (1.) allows the encryption of whole documents or arbitrary sub-parts thereof, (2.) uses a novel combination of tree-based OT with a structure preserving encryption, and (3.) requires only a modern browser without any extra software installation or browser extension. We evaluate our implementation and show that its encryption overhead is three times smaller in comparison to all previous approaches. SECRET can even be used by multiple users in a low-bandwidth scenario. The source code of SECRET is published on GitHub as an open-source project:https://github.com/RUB-NDS/SECRET/","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84338738","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Delay-based Internet geolocation techniques are repeatedly positioned as well suited for security-sensitive applications, e.g., location-based access control, and credit-card verification. We present new strategies enabling adversaries to accurately control the forged location. Evaluation showed that using the new strategies, adversaries could misrepresent their true locations by over 15000km, and in some cases within 100km of an intended geographic location. This work significantly improves the adversary's control in misrepresenting its location, directly refuting the appropriateness of current techniques for security-sensitive applications. We finally discuss countermeasures to mitigate such strategies.
{"title":"Accurate Manipulation of Delay-based Internet Geolocation","authors":"A. Abdou, A. Matrawy, P. V. Oorschot","doi":"10.1145/3052973.3052993","DOIUrl":"https://doi.org/10.1145/3052973.3052993","url":null,"abstract":"Delay-based Internet geolocation techniques are repeatedly positioned as well suited for security-sensitive applications, e.g., location-based access control, and credit-card verification. We present new strategies enabling adversaries to accurately control the forged location. Evaluation showed that using the new strategies, adversaries could misrepresent their true locations by over 15000km, and in some cases within 100km of an intended geographic location. This work significantly improves the adversary's control in misrepresenting its location, directly refuting the appropriateness of current techniques for security-sensitive applications. We finally discuss countermeasures to mitigate such strategies.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85610331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Mobile Security 1","authors":"N. Asokan","doi":"10.1145/3248560","DOIUrl":"https://doi.org/10.1145/3248560","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85367302","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: