Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security最新文献
Physical Unclonable Functions (PUFs) are physical systems whose responses to input stimuli (i.e., challenges) are easy to measure but difficult to clone. The unclonability property is due to the accepted hardness of replicating the multitude of uncontrollable manufacturing characteristics and makes PUFs useful in solving problems such as authentication, software protection/licensing, and certified execution.� In this abstract, we claim that any multi-core computer is usable as a timing-PUF and can be measured via simple benchmarking tools (i.e., no specialized hardware required). We investigate several characterstics of standard off-the-shelf computers and present initial experimental results justifying our claim. Additionally, we argue that PUFs which are intrinsically involved in computations over sensitive data are preferable to peripheral device PUFs -- especially for intellectual property protection and continuous device authentication.
{"title":"Poster: making the case for intrinsic personal physical unclonable functions (IP-PUFs)","authors":"Rishab Nithyanand, R. Sion, J. Solis","doi":"10.1145/2046707.2093503","DOIUrl":"https://doi.org/10.1145/2046707.2093503","url":null,"abstract":"Physical Unclonable Functions (PUFs) are physical systems whose responses to input stimuli (i.e., challenges) are easy to measure but difficult to clone. The unclonability property is due to the accepted hardness of replicating the multitude of uncontrollable manufacturing characteristics and makes PUFs useful in solving problems such as authentication, software protection/licensing, and certified execution.\u0000 In this abstract, we claim that any multi-core computer is usable as a timing-PUF and can be measured via simple benchmarking tools (i.e., no specialized hardware required). We investigate several characterstics of standard off-the-shelf computers and present initial experimental results justifying our claim. Additionally, we argue that PUFs which are intrinsically involved in computations over sensitive data are preferable to peripheral device PUFs -- especially for intellectual property protection and continuous device authentication.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"19 1","pages":"825-828"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85318891","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Florian Adamsky, Hassan Khan, M. Rajarajan, S. A. Khayam, Rudolf Jäger
BitTorrent protocol incentivizes sharing through its choking algorithm. BitTorrent choking algorithm creates clusters of leechers with similar upload capacity to achieve higher overall transfer rates. We show that a malicious peer can exploit BitTorrent's choking algorithm to reduce the upload utilization of high bandwidth leechers. We use a testbed comprising of 24 nodes to provide experimental evidence of a distributed attack in which the malicious peers increase the download time for high bandwidth leechers by up to 16% and increases average download time of the swarm by up to 15% by using distributed and loosely-coupled malicious peers which comprise only 4.7% of the swarm. The countermeasures of this attack are a part of our ongoing research work.
{"title":"Poster: Destabilizing BitTorrent's clusters to attack high bandwidth leechers","authors":"Florian Adamsky, Hassan Khan, M. Rajarajan, S. A. Khayam, Rudolf Jäger","doi":"10.1145/2046707.2093478","DOIUrl":"https://doi.org/10.1145/2046707.2093478","url":null,"abstract":"BitTorrent protocol incentivizes sharing through its choking algorithm. BitTorrent choking algorithm creates clusters of leechers with similar upload capacity to achieve higher overall transfer rates. We show that a malicious peer can exploit BitTorrent's choking algorithm to reduce the upload utilization of high bandwidth leechers. We use a testbed comprising of 24 nodes to provide experimental evidence of a distributed attack in which the malicious peers increase the download time for high bandwidth leechers by up to 16% and increases average download time of the swarm by up to 15% by using distributed and loosely-coupled malicious peers which comprise only 4.7% of the swarm. The countermeasures of this attack are a part of our ongoing research work.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"1 1","pages":"725-728"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90430794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Systems of Systems (SoS) are dynamic, distributed coalitions of autonomous and heterogeneous systems that collaborate to achieve a common goal. While offering several advantages in terms of scalability and flexibility, the SoS paradigm has a strong impact on system interoperability and on the security requirements of collaborating parties. In this demo we present a prototype implementation of POLIPO, a security framework that combines context-aware access control with trust management and ontology-based services to protect information in SoS.
{"title":"Poster: protecting information in systems of systems","authors":"Daniel Trivellato, Nicola Zannone, S. Etalle","doi":"10.1145/2046707.2093513","DOIUrl":"https://doi.org/10.1145/2046707.2093513","url":null,"abstract":"Systems of Systems (SoS) are dynamic, distributed coalitions of autonomous and heterogeneous systems that collaborate to achieve a common goal. While offering several advantages in terms of scalability and flexibility, the SoS paradigm has a strong impact on system interoperability and on the security requirements of collaborating parties. In this demo we present a prototype implementation of POLIPO, a security framework that combines context-aware access control with trust management and ontology-based services to protect information in SoS.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"26 1","pages":"865-868"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89735048","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recent research demonstrates that malware can infect peripherals' firmware in a typical x86 computer system, e.g., by exploiting vulnerabilities in the firmware itself or in the firmware update tools. Verifying the integrity of peripherals' firmware is thus an important challenge. We propose software-only attestation protocols to verify the integrity of peripherals' firmware, and show that they can detect all known software-based attacks. We implement our scheme using a Netgear GA620 network adapter in an x86 PC, and evaluate our system with known attacks.
{"title":"VIPER: verifying the integrity of PERipherals' firmware","authors":"Yanlin Li, Jonathan M. McCune, A. Perrig","doi":"10.1145/2046707.2046711","DOIUrl":"https://doi.org/10.1145/2046707.2046711","url":null,"abstract":"Recent research demonstrates that malware can infect peripherals' firmware in a typical x86 computer system, e.g., by exploiting vulnerabilities in the firmware itself or in the firmware update tools. Verifying the integrity of peripherals' firmware is thus an important challenge. We propose software-only attestation protocols to verify the integrity of peripherals' firmware, and show that they can detect all known software-based attacks. We implement our scheme using a Netgear GA620 network adapter in an x86 PC, and evaluate our system with known attacks.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"16 1","pages":"3-16"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74758256","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In response to needs of disk encryption standardization bodies, we provide the first tweakable ciphers that are proven to securely encipher their own keys. We provide both a narrowblock design StE and a wideblock design EtE. Our proofs assume only standard PRP-CCA security of the underlying tweakable ciphers.
{"title":"Ciphers that securely encipher their own keys","authors":"M. Bellare, David Cash, S. Keelveedhi","doi":"10.1145/2046707.2046757","DOIUrl":"https://doi.org/10.1145/2046707.2046757","url":null,"abstract":"In response to needs of disk encryption standardization bodies, we provide the first tweakable ciphers that are proven to securely encipher their own keys. We provide both a narrowblock design StE and a wideblock design EtE. Our proofs assume only standard PRP-CCA security of the underlying tweakable ciphers.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"38 1","pages":"423-432"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77643023","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we propose a new unsupervised approach for identifying suspicious access to sensitive relational data. In the proposed method, a tree-like model encapsulates the characteristics of the result-set (i.e., data) that the user normally access within each possible context. During the detection phase, result-sets are examined against the induced model and a similarity score is derived.
{"title":"Poster: applying unsupervised context-based analysis for detecting unauthorized data disclosure","authors":"Ma'ayan Gafny, A. Shabtai, L. Rokach, Y. Elovici","doi":"10.1145/2046707.2093488","DOIUrl":"https://doi.org/10.1145/2046707.2093488","url":null,"abstract":"In this paper, we propose a new unsupervised approach for identifying suspicious access to sensitive relational data. In the proposed method, a tree-like model encapsulates the characteristics of the result-set (i.e., data) that the user normally access within each possible context. During the detection phase, result-sets are examined against the induced model and a similarity score is derived.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"69 1","pages":"765-768"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79142195","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Currently, none of the existing online social networks (OSNs) enables its users to make new friends without revealing their private information. This leaves the users in a vulnerable position when searching for new friends. We propose a solution which enables a user to compute her profile similarity with another user in a privacy-preserving way. Our solution is designed for a realistic OSN environment, where a pair of users is unlikely to be online at the same time.
{"title":"Poster: privacy-preserving profile similarity computation in online social networks","authors":"Arjan Jeckmans, Qiang Tang, P. Hartel","doi":"10.1145/2046707.2093495","DOIUrl":"https://doi.org/10.1145/2046707.2093495","url":null,"abstract":"Currently, none of the existing online social networks (OSNs) enables its users to make new friends without revealing their private information. This leaves the users in a vulnerable position when searching for new friends. We propose a solution which enables a user to compute her profile similarity with another user in a privacy-preserving way. Our solution is designed for a realistic OSN environment, where a pair of users is unlikely to be online at the same time.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"1 1","pages":"793-796"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82731443","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wireless link signature is a physical layer authentication mechanism, which uses the multi-path effect between a transmitter and a receiver to provide authentication of wireless signals. We identify a new attack, called mimicry attack, against the wireless link signature scheme in [7]. It is assumed in the past that an attacker cannot "spoof" an arbitrary link signature and that the attacker will not have the same link signature at the receiver unless it is at exactly the same location as the legitimate transmitter. However, we show that an attacker can forge an arbitrary link signature as long as it knows the legitimate signal at the receiver's location, and the attacker does not have to be at exactly the same location as the legitimate transmitter in order to forge its link signature.
{"title":"Poster: mimicry attacks against wireless link signature","authors":"Yao Liu, P. Ning","doi":"10.1145/2046707.2093497","DOIUrl":"https://doi.org/10.1145/2046707.2093497","url":null,"abstract":"Wireless link signature is a physical layer authentication mechanism, which uses the multi-path effect between a transmitter and a receiver to provide authentication of wireless signals. We identify a new attack, called mimicry attack, against the wireless link signature scheme in [7]. It is assumed in the past that an attacker cannot \"spoof\" an arbitrary link signature and that the attacker will not have the same link signature at the receiver unless it is at exactly the same location as the legitimate transmitter. However, we show that an attacker can forge an arbitrary link signature as long as it knows the legitimate signal at the receiver's location, and the attacker does not have to be at exactly the same location as the legitimate transmitter in order to forge its link signature.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"180 1","pages":"801-804"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83009854","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We propose CL-PRE, a certificateless proxy re-encryption scheme for data sharing with cloud. In CL-PRE, a data owner encrypts shared data in cloud with an encryption key, which is further encrypted and transformed by cloud, and then distributed to legitimate recipients for access control. Uniquely, the cloud-based transformation leverages re-encryption keys derived from private key of data owner and public keys of receipts, and eliminates the key escrow problem with identity based cryptography and the need of certificate. While preserving data and key privacy from semi-trusted cloud, CL-PRE maximumly leverages cloud resources to reduce the computing and communication cost for data owner. We implement CL-PRE and evaluate its security and performance.
{"title":"Poster: a certificateless proxy re-encryption scheme for cloud-based data sharing","authors":"Xiaoxin Wu, Lei Xu, Xinwen Zhang","doi":"10.1145/2046707.2093514","DOIUrl":"https://doi.org/10.1145/2046707.2093514","url":null,"abstract":"We propose CL-PRE, a certificateless proxy re-encryption scheme for data sharing with cloud. In CL-PRE, a data owner encrypts shared data in cloud with an encryption key, which is further encrypted and transformed by cloud, and then distributed to legitimate recipients for access control. Uniquely, the cloud-based transformation leverages re-encryption keys derived from private key of data owner and public keys of receipts, and eliminates the key escrow problem with identity based cryptography and the need of certificate. While preserving data and key privacy from semi-trusted cloud, CL-PRE maximumly leverages cloud resources to reduce the computing and communication cost for data owner. We implement CL-PRE and evaluate its security and performance.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"1 1","pages":"869-872"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81662513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Aaron Johnson, P. Syverson, Roger Dingledine, Nick Mathewson
We introduce a novel model of routing security that incorporates the ordinarily overlooked variations in trust that users have for different parts of the network. We focus on anonymous communication, and in particular onion routing, although we expect the approach to apply more broadly.� This paper provides two main contributions. First, we present a novel model to consider the various security concerns for route selection in anonymity networks when users vary their trust over parts of the network. Second, to show the usefulness of our model, we present as an example a new algorithm to select paths in onion routing. We analyze its effectiveness against deanonymization and other information leaks, and particularly how it fares in our model versus existing algorithms, which do not consider trust. In contrast to those, we find that our trust-based routing strategy can protect anonymity against an adversary capable of attacking a significant fraction of the network.
{"title":"Trust-based anonymous communication: adversary models and routing algorithms","authors":"Aaron Johnson, P. Syverson, Roger Dingledine, Nick Mathewson","doi":"10.1145/2046707.2046729","DOIUrl":"https://doi.org/10.1145/2046707.2046729","url":null,"abstract":"We introduce a novel model of routing security that incorporates the ordinarily overlooked variations in trust that users have for different parts of the network. We focus on anonymous communication, and in particular onion routing, although we expect the approach to apply more broadly.\u0000 This paper provides two main contributions. First, we present a novel model to consider the various security concerns for route selection in anonymity networks when users vary their trust over parts of the network. Second, to show the usefulness of our model, we present as an example a new algorithm to select paths in onion routing. We analyze its effectiveness against deanonymization and other information leaks, and particularly how it fares in our model versus existing algorithms, which do not consider trust. In contrast to those, we find that our trust-based routing strategy can protect anonymity against an adversary capable of attacking a significant fraction of the network.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"10 1","pages":"175-186"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85316839","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: