首页 > 最新文献

Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security最新文献

英文 中文
DataShield: Configurable Data Confidentiality and Integrity 数据字段:可配置的数据保密性和完整性
Scott A. Carr, Mathias Payer
Applications written in C/C++ are prone to memory corruption, which allows attackers to extract secrets or gain control of the system. With the rise of strong control-flow hijacking defenses, non-control data attacks have become the dominant threat. As vulnerabilities like HeartBleed have shown, such attacks are equally devastating. Data Confidentiality and Integrity (DCI) is a low-overhead non-control-data protection mechanism for systems software. DCI augments the C/C++ programming languages with an- notations, allowing the programmer to protect selected data types. The DCI compiler and runtime system prevent illegal reads (confidentiality) and writes (integrity) to instances of these types. The programmer selects types that contain security critical information such as passwords, cryptographic keys, or identification tokens. Protecting only this critical data greatly reduces performance overhead relative to complete memory safety. Our prototype implementation of DCI, DataShield, shows the applicability and efficiency of our approach. For SPEC CPU2006, the performance overhead is at most 16.34%. For our case studies, we instrumented mbedTLS, astar, and libquantum to show that our annotation approach is practical. The overhead of our SSL/TLS server is 35.7% with critical data structures protected at all times. Our security evaluation shows DataShield mitigates a recently discovered vulnerability in mbedTLS.
用C/ c++编写的应用程序容易内存损坏,这使得攻击者可以提取秘密或获得对系统的控制。随着强大的控制流劫持防御的兴起,非控制数据攻击已成为主要威胁。正如HeartBleed等漏洞所显示的那样,此类攻击同样具有破坏性。数据机密性和完整性(DCI)是一种用于系统软件的低开销非控制数据保护机制。DCI用符号增强了C/ c++编程语言,允许程序员保护选定的数据类型。DCI编译器和运行时系统防止对这些类型的实例进行非法读(机密性)和写(完整性)。程序员选择包含安全关键信息(如密码、加密密钥或标识令牌)的类型。只保护这些关键数据大大降低了相对于完全内存安全的性能开销。我们的DCI原型实现datasfield显示了我们方法的适用性和效率。对于SPEC CPU2006,性能开销最多为16.34%。在我们的案例研究中,我们使用了mbedTLS、star和libquantum来证明我们的注释方法是实用的。我们的SSL/TLS服务器的开销为35.7%,关键数据结构始终受到保护。我们的安全评估显示,DataShield缓解了最近在mbedTLS中发现的漏洞。
{"title":"DataShield: Configurable Data Confidentiality and Integrity","authors":"Scott A. Carr, Mathias Payer","doi":"10.1145/3052973.3052983","DOIUrl":"https://doi.org/10.1145/3052973.3052983","url":null,"abstract":"Applications written in C/C++ are prone to memory corruption, which allows attackers to extract secrets or gain control of the system. With the rise of strong control-flow hijacking defenses, non-control data attacks have become the dominant threat. As vulnerabilities like HeartBleed have shown, such attacks are equally devastating. Data Confidentiality and Integrity (DCI) is a low-overhead non-control-data protection mechanism for systems software. DCI augments the C/C++ programming languages with an- notations, allowing the programmer to protect selected data types. The DCI compiler and runtime system prevent illegal reads (confidentiality) and writes (integrity) to instances of these types. The programmer selects types that contain security critical information such as passwords, cryptographic keys, or identification tokens. Protecting only this critical data greatly reduces performance overhead relative to complete memory safety. Our prototype implementation of DCI, DataShield, shows the applicability and efficiency of our approach. For SPEC CPU2006, the performance overhead is at most 16.34%. For our case studies, we instrumented mbedTLS, astar, and libquantum to show that our annotation approach is practical. The overhead of our SSL/TLS server is 35.7% with critical data structures protected at all times. Our security evaluation shows DataShield mitigates a recently discovered vulnerability in mbedTLS.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"50 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76607453","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 56
Scaling and Effectiveness of Email Masquerade Attacks: Exploiting Natural Language Generation 电子邮件伪装攻击的规模和有效性:利用自然语言生成
Shahryar Baki, Rakesh M. Verma, Arjun Mukherjee, O. Gnawali
We focus on email-based attacks, a rich field with well-publicized consequences. We show how current Natural Language Generation (NLG) technology allows an attacker to generate masquerade attacks on scale, and study their effectiveness with a within-subjects study. We also gather insights on what parts of an email do users focus on and how users identify attacks in this realm, by planting signals and also by asking them for their reasoning. We find that: (i) 17% of participants could not identify any of the signals that were inserted in emails, and (ii) Participants were unable to perform better than random guessing on these attacks. The insights gathered and the tools and techniques employed could help defenders in: (i) implementing new, customized anti-phishing solutions for Internet users including training next-generation email filters that go beyond vanilla spam filters and capable of addressing masquerade, (ii) more effectively training and upgrading the skills of email users, and (iii) understanding the dynamics of this novel attack and its ability of tricking humans.
我们关注的是基于电子邮件的攻击,这是一个内容丰富且后果广为人知的领域。我们展示了当前的自然语言生成(NLG)技术如何允许攻击者大规模生成假面攻击,并通过主题内研究研究其有效性。我们还收集了用户关注电子邮件的哪些部分的见解,以及用户如何通过植入信号并询问他们的推理来识别这一领域的攻击。我们发现:(i) 17%的参与者无法识别电子邮件中插入的任何信号,(ii)参与者无法在这些攻击中表现得比随机猜测更好。收集到的见解以及使用的工具和技术可以帮助防御者:(i)为互联网用户实施新的,定制的反网络钓鱼解决方案,包括培训下一代电子邮件过滤器,超越普通的垃圾邮件过滤器,能够解决假面具,(ii)更有效地培训和提升电子邮件用户的技能,以及(iii)了解这种新型攻击的动态及其欺骗人类的能力。
{"title":"Scaling and Effectiveness of Email Masquerade Attacks: Exploiting Natural Language Generation","authors":"Shahryar Baki, Rakesh M. Verma, Arjun Mukherjee, O. Gnawali","doi":"10.1145/3052973.3053037","DOIUrl":"https://doi.org/10.1145/3052973.3053037","url":null,"abstract":"We focus on email-based attacks, a rich field with well-publicized consequences. We show how current Natural Language Generation (NLG) technology allows an attacker to generate masquerade attacks on scale, and study their effectiveness with a within-subjects study. We also gather insights on what parts of an email do users focus on and how users identify attacks in this realm, by planting signals and also by asking them for their reasoning. We find that: (i) 17% of participants could not identify any of the signals that were inserted in emails, and (ii) Participants were unable to perform better than random guessing on these attacks. The insights gathered and the tools and techniques employed could help defenders in: (i) implementing new, customized anti-phishing solutions for Internet users including training next-generation email filters that go beyond vanilla spam filters and capable of addressing masquerade, (ii) more effectively training and upgrading the skills of email users, and (iii) understanding the dynamics of this novel attack and its ability of tricking humans.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"322 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77989106","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
Secure Wallet-Assisted Offline Bitcoin Payments with Double-Spender Revocation 安全钱包辅助离线比特币支付与双支付撤销
A. Dmitrienko, D. Noack, M. Yung
Bitcoin seems to be the most successful cryptocurrency so far given the growing real life deployment and popularity. While Bitcoin requires clients to be online to perform transactions and a certain amount of time to verify them, there are many real life scenarios that demand for offline and immediate payments (e.g., mobile ticketing, vending machines, etc). However, offline payments in Bitcoin raise non-trivial security challenges, as the payee has no means to verify the received coins without having access to the Bitcoin network. Moreover, even online immediate payments are shown to be vulnerable to double-spending attacks. In this paper, we propose the first solution for Bitcoin payments, which enables secure payments with Bitcoin in offline settings and in scenarios where payments need to be immediately accepted. Our approach relies on an offline wallet and deploys several novel security mechanisms to prevent double-spending and to verify the coin validity in offline setting. These mechanisms achieve probabilistic security to guarantee that the attack probability is lower than the desired threshold. We provide a security and risk analysis as well as model security parameters for various adversaries. We further eliminate remaining risks by detection of misbehaving wallets and their revocation. We implemented our solution for mobile Android clients and instantiated an offline wallet using a microSD security card. Our implementation demonstrates that smooth integration over a very prevalent platform (Android) is possible, and that offline and online payments can practically co-exist. We also discuss alternative deployment approach for the offline wallet which does not leverage secure hardware, but instead relies on a deposit system managed by the Bitcoin network.
考虑到比特币在现实生活中的应用和普及程度,它似乎是迄今为止最成功的加密货币。虽然比特币要求客户在线执行交易,并需要一定的时间来验证交易,但现实生活中有许多场景需要离线和即时支付(例如,移动票务,自动售货机等)。然而,比特币的离线支付带来了不小的安全挑战,因为收款人在没有访问比特币网络的情况下无法验证收到的比特币。此外,即使是在线即时支付也容易受到双重支付攻击。在本文中,我们提出了比特币支付的第一个解决方案,该解决方案可以在离线设置和需要立即接受支付的场景中使用比特币进行安全支付。我们的方法依赖于一个离线钱包,并部署了几种新的安全机制来防止双重支出,并验证离线设置下的硬币有效性。这些机制实现了概率安全,保证攻击概率低于期望的阈值。我们提供了安全和风险分析,并为各种对手建立了安全参数模型。我们通过检测行为不端的钱包并撤销它们,进一步消除剩余的风险。我们为移动Android客户端实现了我们的解决方案,并使用microSD安全卡实例化了一个离线钱包。我们的实现表明,在一个非常流行的平台(Android)上顺利集成是可能的,并且离线和在线支付实际上可以共存。我们还讨论了离线钱包的替代部署方法,该方法不利用安全硬件,而是依赖于由比特币网络管理的存款系统。
{"title":"Secure Wallet-Assisted Offline Bitcoin Payments with Double-Spender Revocation","authors":"A. Dmitrienko, D. Noack, M. Yung","doi":"10.1145/3052973.3052980","DOIUrl":"https://doi.org/10.1145/3052973.3052980","url":null,"abstract":"Bitcoin seems to be the most successful cryptocurrency so far given the growing real life deployment and popularity. While Bitcoin requires clients to be online to perform transactions and a certain amount of time to verify them, there are many real life scenarios that demand for offline and immediate payments (e.g., mobile ticketing, vending machines, etc). However, offline payments in Bitcoin raise non-trivial security challenges, as the payee has no means to verify the received coins without having access to the Bitcoin network. Moreover, even online immediate payments are shown to be vulnerable to double-spending attacks. In this paper, we propose the first solution for Bitcoin payments, which enables secure payments with Bitcoin in offline settings and in scenarios where payments need to be immediately accepted. Our approach relies on an offline wallet and deploys several novel security mechanisms to prevent double-spending and to verify the coin validity in offline setting. These mechanisms achieve probabilistic security to guarantee that the attack probability is lower than the desired threshold. We provide a security and risk analysis as well as model security parameters for various adversaries. We further eliminate remaining risks by detection of misbehaving wallets and their revocation. We implemented our solution for mobile Android clients and instantiated an offline wallet using a microSD security card. Our implementation demonstrates that smooth integration over a very prevalent platform (Android) is possible, and that offline and online payments can practically co-exist. We also discuss alternative deployment approach for the offline wallet which does not leverage secure hardware, but instead relies on a deposit system managed by the Bitcoin network.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"2015 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73732725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 31
Session details: Privacy 会话详细信息:隐私
Cong Wang
{"title":"Session details: Privacy","authors":"Cong Wang","doi":"10.1145/3248558","DOIUrl":"https://doi.org/10.1145/3248558","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"18 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75337121","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing 使用基于模型的测试发现Wi-Fi握手中的逻辑漏洞
M. Vanhoef, Domien Schepers, F. Piessens
We use model-based testing techniques to detect logical vulnerabilities in implementations of the Wi-Fi handshake. This reveals new fingerprinting techniques, multiple downgrade attacks, and Denial of Service (DoS) vulnerabilities. Stations use the Wi-Fi handshake to securely connect with wireless networks. In this handshake, mutually supported capabilities are determined, and fresh pairwise keys are negotiated. As a result, a proper implementation of the Wi-Fi handshake is essential in protecting all subsequent traffic. To detect the presence of erroneous behaviour, we propose a model-based technique that generates a set of representative test cases. These tests cover all states of the Wi-Fi handshake, and explore various edge cases in each state. We then treat the implementation under test as a black box, and execute all generated tests. Determining whether a failed test introduces a security weakness is done manually. We tested 12 implementations using this approach, and discovered irregularities in all of them. Our findings include fingerprinting mechanisms, DoS attacks, and downgrade attacks where an adversary can force usage of the insecure WPA-TKIP cipher. Finally, we explain how one of our downgrade attacks highlights incorrect claims made in the 802.11 standard.
我们使用基于模型的测试技术来检测Wi-Fi握手实现中的逻辑漏洞。这揭示了新的指纹识别技术、多种降级攻击和拒绝服务(DoS)漏洞。电台使用Wi-Fi握手来安全地与无线网络连接。在此握手中,确定相互支持的功能,并协商新的成对密钥。因此,正确实现Wi-Fi握手对于保护所有后续流量至关重要。为了检测错误行为的存在,我们提出了一种基于模型的技术,该技术生成一组代表性的测试用例。这些测试涵盖了Wi-Fi握手的所有状态,并探索了每种状态下的各种边缘情况。然后我们将测试下的实现视为黑盒,并执行所有生成的测试。确定失败的测试是否会引入安全漏洞是手动完成的。我们使用这种方法测试了12个实现,并在所有这些实现中发现了异常。我们的发现包括指纹识别机制、DoS攻击和降级攻击,攻击者可以强制使用不安全的WPA-TKIP密码。最后,我们解释我们的降级攻击之一是如何突出802.11标准中不正确的声明的。
{"title":"Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing","authors":"M. Vanhoef, Domien Schepers, F. Piessens","doi":"10.1145/3052973.3053008","DOIUrl":"https://doi.org/10.1145/3052973.3053008","url":null,"abstract":"We use model-based testing techniques to detect logical vulnerabilities in implementations of the Wi-Fi handshake. This reveals new fingerprinting techniques, multiple downgrade attacks, and Denial of Service (DoS) vulnerabilities. Stations use the Wi-Fi handshake to securely connect with wireless networks. In this handshake, mutually supported capabilities are determined, and fresh pairwise keys are negotiated. As a result, a proper implementation of the Wi-Fi handshake is essential in protecting all subsequent traffic. To detect the presence of erroneous behaviour, we propose a model-based technique that generates a set of representative test cases. These tests cover all states of the Wi-Fi handshake, and explore various edge cases in each state. We then treat the implementation under test as a black box, and execute all generated tests. Determining whether a failed test introduces a security weakness is done manually. We tested 12 implementations using this approach, and discovered irregularities in all of them. Our findings include fingerprinting mechanisms, DoS attacks, and downgrade attacks where an adversary can force usage of the insecure WPA-TKIP cipher. Finally, we explain how one of our downgrade attacks highlights incorrect claims made in the 802.11 standard.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"99 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74990567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
An Attack Against Message Authentication in the ERTMS Train to Trackside Communication Protocols ERTMS列车到轨侧通信协议中的消息认证攻击
Tom Chothia, M. Ordean, Joeri de Ruiter, Richard J. Thomas
This paper presents the results of a cryptographic analysis of the protocols used by the European Rail Traffic Management System (ERTMS). A stack of three protocols secures the communication between trains and trackside equipment; encrypted radio communication is provided by the GSM-R protocol, on top of this the EuroRadio protocol provides authentication for a train control application-level protocol. We present an attack which exploits weaknesses in all three protocols: GSM-R has the same well known weaknesses as the GSM protocol, and we present a new collision attack against the EuroRadio protocol. Combined with design weaknesses in the application-level protocol, these vulnerabilities allow an attacker, who observes a MAC collision, to forge train control messages. We demonstrate this attack with a proof of concept using train control messages we have generated ourselves. Currently, ERTMS is only used to send small amounts of data for short sessions, therefore this attack does not present an immediate danger. However, if EuroRadio was to be used to transfer larger amounts of data trains would become vulnerable to this attack. Additionally, we calculate that, under reasonable assumptions, an attacker who could monitor all backend control centres in a country the size of the UK for 45 days would have a 1% chance of being able to take control of a train.
本文介绍了对欧洲铁路交通管理系统(ERTMS)使用的协议进行加密分析的结果。由三种协议组成的堆栈保证了列车和轨道旁设备之间的通信;加密无线电通信由GSM-R协议提供,在此基础上,EuroRadio协议为列车控制应用级协议提供认证。我们提出了一种利用这三种协议弱点的攻击:GSM- r具有与GSM协议相同的众所周知的弱点,我们提出了一种针对EuroRadio协议的新的碰撞攻击。结合应用程序级协议中的设计缺陷,这些漏洞允许攻击者在观察到MAC冲突后伪造列车控制消息。我们通过使用我们自己生成的列车控制消息的概念验证来演示这种攻击。目前,ERTMS仅用于在短会话中发送少量数据,因此这种攻击不会立即造成危险。然而,如果EuroRadio被用来传输更大量的数据,列车将变得容易受到这种攻击。此外,我们计算出,在合理的假设下,一个攻击者可以监控英国大小的国家的所有后端控制中心45天,将有1%的机会能够控制一列火车。
{"title":"An Attack Against Message Authentication in the ERTMS Train to Trackside Communication Protocols","authors":"Tom Chothia, M. Ordean, Joeri de Ruiter, Richard J. Thomas","doi":"10.1145/3052973.3053027","DOIUrl":"https://doi.org/10.1145/3052973.3053027","url":null,"abstract":"This paper presents the results of a cryptographic analysis of the protocols used by the European Rail Traffic Management System (ERTMS). A stack of three protocols secures the communication between trains and trackside equipment; encrypted radio communication is provided by the GSM-R protocol, on top of this the EuroRadio protocol provides authentication for a train control application-level protocol. We present an attack which exploits weaknesses in all three protocols: GSM-R has the same well known weaknesses as the GSM protocol, and we present a new collision attack against the EuroRadio protocol. Combined with design weaknesses in the application-level protocol, these vulnerabilities allow an attacker, who observes a MAC collision, to forge train control messages. We demonstrate this attack with a proof of concept using train control messages we have generated ourselves. Currently, ERTMS is only used to send small amounts of data for short sessions, therefore this attack does not present an immediate danger. However, if EuroRadio was to be used to transfer larger amounts of data trains would become vulnerable to this attack. Additionally, we calculate that, under reasonable assumptions, an attacker who could monitor all backend control centres in a country the size of the UK for 45 days would have a 1% chance of being able to take control of a train.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"50 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90757536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Understanding Human-Chosen PINs: Characteristics, Distribution and Security 理解人为选择的pin:特征,分布和安全性
Ding Wang, Qianchen Gu, Xinyi Huang, Ping Wang
Personal Identification Numbers (PINs) are ubiquitously used in embedded computing systems where user input interfaces are constrained. Yet, little attention has been paid to this important kind of authentication credentials, especially for 6-digit PINs which dominate in Asian countries and are gaining popularity worldwide. Unsurprisingly, many fundamental questions (e.g., what's the distribution that human-chosen PINs follow?) remain as intact as about fifty years ago when they first arose. In this work, we conduct a systematic investigation into the characteristics, distribution and security of both 4-digit PINs and 6-digit PINs that are chosen by English users and Chinese users. Particularly, we, for the first time, perform a comprehensive comparison of the PIN characteristics and security between these two distinct user groups. Our results show that there are great differences in PIN choices between these two groups of users, a small number of popular patterns prevail in both groups, and surprisingly, over 50% of every PIN datasets can be accounted for by just the top 5%~8% most popular PINs. What's disturbing is the observation that, as online guessing is a much more serious threat than offline guessing in the current PIN-based systems, longer PINs only attain marginally improved security: human-chosen 4-digit PINs can offer about 6.6 bits of security against online guessing and 8.4 bits of security against offline guessing, and this figure for 6-digit PINs is 7.2 bits and 13.2 bits, respectively. We, for the first time, reveal that Zipf's law is likely to exist in PINs. Despite distinct language/cultural backgrounds, both user groups choose PINs with almost the same Zipf distribution function, and such Zipf PIN-distribution from one source (about which we may know little information) can be well predicted by real-world attackers by running Markov-Chains with PINs from another known source. Our Zipf theory would have foundational implications for analyzing PIN-based protocols and for designing PIN creation policies, while our security measurements provide guidance for bank agencies and financial authorities that are planning to conduct PIN migration from 4-digits to 6-digits.
个人识别号码(pin)在用户输入界面受限的嵌入式计算系统中被广泛使用。然而,很少有人关注这种重要的身份验证凭证,特别是在亚洲国家占主导地位并在全球范围内越来越受欢迎的6位数pin。不出所料,许多基本问题(例如,人类选择的pin遵循什么分布?)与大约50年前它们首次出现时一样完好无损。在这项工作中,我们对英语用户和中文用户选择的4位pin和6位pin的特征、分布和安全性进行了系统的调查。特别是,我们首次对这两个不同用户组之间的PIN特征和安全性进行了全面的比较。我们的研究结果表明,这两组用户在PIN选择上存在很大差异,少数流行的模式在两组中都占主导地位,令人惊讶的是,每个PIN数据集的50%以上都可以由前5%~8%的最受欢迎的PIN所占。令人不安的是,在当前基于pin的系统中,由于在线猜测比离线猜测更严重,较长的pin只能略微提高安全性:人为选择的4位pin可以提供大约6.6位的安全性来防止在线猜测,8.4位的安全性来防止离线猜测,而6位pin的这个数字分别是7.2位和13.2位。我们首次揭示了齐夫定律可能存在于pin中。尽管语言/文化背景不同,两个用户组都选择具有几乎相同Zipf分布函数的pin,并且这种来自一个来源的Zipf pin分布(我们可能知之甚少)可以被现实世界的攻击者通过使用来自另一个已知来源的pin运行马尔可夫链来很好地预测。我们的Zipf理论将对分析基于PIN的协议和设计PIN创建策略具有基础意义,而我们的安全措施为计划进行PIN从4位数字迁移到6位数字的银行机构和金融当局提供指导。
{"title":"Understanding Human-Chosen PINs: Characteristics, Distribution and Security","authors":"Ding Wang, Qianchen Gu, Xinyi Huang, Ping Wang","doi":"10.1145/3052973.3053031","DOIUrl":"https://doi.org/10.1145/3052973.3053031","url":null,"abstract":"Personal Identification Numbers (PINs) are ubiquitously used in embedded computing systems where user input interfaces are constrained. Yet, little attention has been paid to this important kind of authentication credentials, especially for 6-digit PINs which dominate in Asian countries and are gaining popularity worldwide. Unsurprisingly, many fundamental questions (e.g., what's the distribution that human-chosen PINs follow?) remain as intact as about fifty years ago when they first arose. In this work, we conduct a systematic investigation into the characteristics, distribution and security of both 4-digit PINs and 6-digit PINs that are chosen by English users and Chinese users. Particularly, we, for the first time, perform a comprehensive comparison of the PIN characteristics and security between these two distinct user groups. Our results show that there are great differences in PIN choices between these two groups of users, a small number of popular patterns prevail in both groups, and surprisingly, over 50% of every PIN datasets can be accounted for by just the top 5%~8% most popular PINs. What's disturbing is the observation that, as online guessing is a much more serious threat than offline guessing in the current PIN-based systems, longer PINs only attain marginally improved security: human-chosen 4-digit PINs can offer about 6.6 bits of security against online guessing and 8.4 bits of security against offline guessing, and this figure for 6-digit PINs is 7.2 bits and 13.2 bits, respectively. We, for the first time, reveal that Zipf's law is likely to exist in PINs. Despite distinct language/cultural backgrounds, both user groups choose PINs with almost the same Zipf distribution function, and such Zipf PIN-distribution from one source (about which we may know little information) can be well predicted by real-world attackers by running Markov-Chains with PINs from another known source. Our Zipf theory would have foundational implications for analyzing PIN-based protocols and for designing PIN creation policies, while our security measurements provide guidance for bank agencies and financial authorities that are planning to conduct PIN migration from 4-digits to 6-digits.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"145 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76873162","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 55
On the Detection of Kernel-Level Rootkits Using Hardware Performance Counters 利用硬件性能计数器检测内核级rootkit
Baljit Singh, Dmitry Evtyushkin, J. Elwell, Ryan D. Riley, I. Cervesato
Recent work has investigated the use of hardware performance counters (HPCs) for the detection of malware running on a system. These works gather traces of HPCs for a variety of applications (both malicious and non-malicious) and then apply machine learning to train a detector to distinguish between benign applications and malware. In this work, we provide a more comprehensive analysis of the applicability of using machine learning and HPCs for a specific subset of malware: kernel rootkits. We design five synthetic rootkits, each providing a single piece of rootkit functionality, and execute each while collecting HPC traces of its impact on a specific benchmark application. We then apply machine learning feature selection techniques in order to determine the most relevant HPCs for the detection of these rootkits. We identify 16 HPCs that are useful for the detection of hooking based roots, and also find that rootkits employing direct kernel object manipulation (DKOM) do not significantly impact HPCs. We then use these synthetic rootkit traces to train a detection system capable of detecting new rootkits it has not seen previously with an accuracy of over 99%. Our results indicate that HPCs have the potential to be an effective tool for rootkit detection, even against new rootkits not previously seen by the detector.
最近的工作研究了使用硬件性能计数器(hpc)来检测系统上运行的恶意软件。这些工作收集各种应用程序(包括恶意和非恶意)的hpc痕迹,然后应用机器学习来训练检测器来区分良性应用程序和恶意软件。在这项工作中,我们对使用机器学习和hpc的特定恶意软件子集的适用性进行了更全面的分析:内核rootkits。我们设计了五个综合rootkit,每个都提供一个单一的rootkit功能,并在执行每个rootkit的同时收集其对特定基准应用程序的影响的HPC跟踪。然后,我们应用机器学习特征选择技术,以确定最相关的hpc检测这些rootkit。我们确定了16个对基于钩子的根的检测有用的hpc,并且还发现使用直接内核对象操作(DKOM)的rootkit不会显著影响hpc。然后,我们使用这些合成的rootkit痕迹来训练一个检测系统,该系统能够检测以前未见过的新rootkit,准确率超过99%。我们的研究结果表明,hpc有可能成为一种有效的rootkit检测工具,即使是针对以前未被检测器发现的新rootkit。
{"title":"On the Detection of Kernel-Level Rootkits Using Hardware Performance Counters","authors":"Baljit Singh, Dmitry Evtyushkin, J. Elwell, Ryan D. Riley, I. Cervesato","doi":"10.1145/3052973.3052999","DOIUrl":"https://doi.org/10.1145/3052973.3052999","url":null,"abstract":"Recent work has investigated the use of hardware performance counters (HPCs) for the detection of malware running on a system. These works gather traces of HPCs for a variety of applications (both malicious and non-malicious) and then apply machine learning to train a detector to distinguish between benign applications and malware. In this work, we provide a more comprehensive analysis of the applicability of using machine learning and HPCs for a specific subset of malware: kernel rootkits. We design five synthetic rootkits, each providing a single piece of rootkit functionality, and execute each while collecting HPC traces of its impact on a specific benchmark application. We then apply machine learning feature selection techniques in order to determine the most relevant HPCs for the detection of these rootkits. We identify 16 HPCs that are useful for the detection of hooking based roots, and also find that rootkits employing direct kernel object manipulation (DKOM) do not significantly impact HPCs. We then use these synthetic rootkit traces to train a detection system capable of detecting new rootkits it has not seen previously with an accuracy of over 99%. Our results indicate that HPCs have the potential to be an effective tool for rootkit detection, even against new rootkits not previously seen by the detector.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"92 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85846874","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 81
Session details: Embedded Systems Security 2 会议详情:嵌入式系统安全
M. Maniatakos
{"title":"Session details: Embedded Systems Security 2","authors":"M. Maniatakos","doi":"10.1145/3248563","DOIUrl":"https://doi.org/10.1145/3248563","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"22 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82822062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Using Program Analysis to Synthesize Sensor Spoofing Attacks 应用程序分析综合传感器欺骗攻击
I. Pustogarov, T. Ristenpart, Vitaly Shmatikov
In a sensor spoofing attack, an adversary modifies the physical environment in a certain way so as to force an embedded system into unwanted or unintended behaviors. This usually requires a thorough understanding of the system's control logic. The conventional methods for discovering this logic are manual code inspection and experimentation. In this paper, we design a directed, compositional symbolic execution framework that targets software for the popular MSP430 family of microcontrollers. Using our framework, an analyst can generate traces of sensor readings that will drive an MSP430-based embedded system to a chosen point in its code. As a case study, we use our system to generate spoofed wireless signals used as sensor inputs into AllSee, a recently proposed low-cost gesture recognition system. We then experimentally confirm that AllSee recognizes our adversarially synthesized signals as "gestures."
在传感器欺骗攻击中,攻击者以某种方式修改物理环境,从而迫使嵌入式系统产生不想要的或意想不到的行为。这通常需要对系统的控制逻辑有透彻的理解。发现这种逻辑的传统方法是手工代码检查和实验。在本文中,我们为流行的MSP430系列微控制器设计了一个定向的、组合的符号执行框架。使用我们的框架,分析人员可以生成传感器读数的跟踪,将基于msp430的嵌入式系统驱动到其代码中的选定点。作为一个案例研究,我们使用我们的系统生成欺骗无线信号,作为传感器输入AllSee,一个最近提出的低成本手势识别系统。然后,我们通过实验证实,AllSee将我们的对抗合成信号识别为“手势”。
{"title":"Using Program Analysis to Synthesize Sensor Spoofing Attacks","authors":"I. Pustogarov, T. Ristenpart, Vitaly Shmatikov","doi":"10.1145/3052973.3053038","DOIUrl":"https://doi.org/10.1145/3052973.3053038","url":null,"abstract":"In a sensor spoofing attack, an adversary modifies the physical environment in a certain way so as to force an embedded system into unwanted or unintended behaviors. This usually requires a thorough understanding of the system's control logic. The conventional methods for discovering this logic are manual code inspection and experimentation. In this paper, we design a directed, compositional symbolic execution framework that targets software for the popular MSP430 family of microcontrollers. Using our framework, an analyst can generate traces of sensor readings that will drive an MSP430-based embedded system to a chosen point in its code. As a case study, we use our system to generate spoofed wireless signals used as sensor inputs into AllSee, a recently proposed low-cost gesture recognition system. We then experimentally confirm that AllSee recognizes our adversarially synthesized signals as \"gestures.\"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"36 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86727403","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
期刊
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1