Foundations and Practice of Security

Decentralized online social networks (DOSNs) have adopted quite coarse-grained policies for sharing messages with friends of friends (i.e., resharing). They either forbid it completely or allow resharing of messages only without any possibility to constrain their subsequent distribution. In this article, we present a novel enforcement mechanism for securing resharing in DOSNs by relationship-based access control and user-determined privacy policies. Our mechanism supports resharing and offers users control over their messages after resharing. Moreover, it addresses the fact that DOSNs are run by multiple providers and honors users’ choices of which providers they trust. We clarify how our mechanism can be effectively implemented by a prototype for the DOSN Diaspora*. Our experimental evaluation shows that controlling privacy with our prototype causes only a rather small performance overhead.

This paper deals with the maintenance of PKI certificates for Attribute Based Access Control (ABAC). We show, that the current standard has several problems in different revocation and delegation processes. This may lead to a security hole allowing usage of ABAC certificates, when it was revoked or transferred. As a solution we suggest architecture changes, that allow to perform revocation and transfer checks in such cases, based on extensions of the validation process of the ABAC certificates. We also discuss some privacy and performance challenges that are raised as a result of our proposal.

This paper presents a formal analysis of FIDO, a protocol developed by the FIDO Alliance project, and which aims to provide either a passwordless experience or an extra security layer for user authentication over the Internet. We model the protocol using the applied pi-calculus and run our analysis using ProVerif. Our analysis shows that ignoring some optional steps of the standard could lead to the implementation of a flawed authentication process. On the contrary, we prove that these steps are sufficient to ensure the expected security properties.

Although an active area of research for years, formal verification has still not yet reached widespread deployment. We outline the steps needed to move from low-assurance cryptography, as given by libraries such as OpenSSL, to high assurance cryptography in deployment. In detail, we outline the need for a suite of high-assurance cryptographic software with per-microarchitecture optimizations that maintain competitive speeds with existing hand-optimized assembly and the bundling of these cryptographic primitives in a new API that prevents common developer mistakes. A new unified API with both formally verified primitives and an easy-to-use interface is needed to replace OpenSSL in future security-critical applications.

We present the view that the method of multi-level access control, often considered confined in the theory of mandatory access control, is in fact necessary for data secrecy (i.e. confidentiality) and privacy. This is consequence of a result in directed graph theory showing that there is a partial order of components in any data flow graph. Then, given the data flow graph of any access control system, it is in principle possible to determine which multi-level access control system it implements. On the other hand, given any desired data flow graph, it is possible to assign subjects and data objects to its different levels and thus implement a multi-level access control system for secrecy and privacy. As a consequence, we propose that the well-established lattice model of secure information flow be replaced by a model based on partial orders of components. Applications to Internet of Things and Cloud contexts are briefly mentioned.

In the context of security, risk analyzes are widely recognized as essential. However, such analyzes need to be replayed frequently to take into account new vulnerabilities, new protections, etc. As exploits can now easily be found on internet, allowing a wide range of possible intruders with various capacities, motivations and resources. In particular in the case of industrial control systems (also called SCADA) that interact with the physical world, any breach can lead to disasters for humans and the environment. Alongside of classical security properties such as secrecy or authentication, SCADA must ensure safety properties relative to the industrial process they control. In this paper, we propose an approach to assess the security of industrial systems. This approach aims to find applicative attacks taking into account various parameters such as the behavior of the process, the safety properties that must be ensured. We also model the possible positions and capacities of attackers allowing a precise control of these attackers. We instrument our approach using the well known model-checker UPPAAL, we apply it on a case study and show how variations of properties, network topologies, and attacker models can drastically change the obtained results.

The advent of massive and highly heterogeneous information systems poses major challenges to professionals responsible for IT security. The huge amount of monitoring data currently being generated means that no human being or group of human beings can cope with their analysis. Furthermore, fully automated tools still lack the ability to track the associated events in a fine-grained and reliable way. Here, we propose the HuMa framework for detailed and reliable analysis of large amounts of data for security purposes. HuMa uses a multi-analysis approach to study complex security events in a large set of logs. It is organized around three layers: the event layer, the context and attack pattern layer, and the assessment layer. We describe the framework components and the set of complementary algorithms for security assessment. We also provide an evaluation of the contribution of the context and attack pattern layer to security investigation.

Runtime enforcement is an effective method to ensure the compliance of program with user-defined security policies. In this paper we show how the stream event processor tool BeepBeep can be used to monitor the security properties of Java programs. The proposed approach relies on AspectJ to generate a trace capturing the program’s runtime behavior. This trace is then processed by BeepBeep, a complex event processing tool that allows complex data-driven policies to be stated and verified with ease. Depending on the result returned by BeepBeep, AspectJ can then be used to halt the execution or take other corrective action. The proposed method offers multiple advantages, notable flexibility in devising and stating expressive user-defined security policies.

802.15.4 security protects against the replay, injection, and eavesdropping of 802.15.4 frames. A core concept of 802.15.4 security is the use of frame counters for both nonce generation and anti-replay protection. While being functional, frame counters (i) cause an increased energy consumption as they incur a per-frame overhead of 4 bytes and (ii) only provide sequential freshness. The Last Bits (LB) optimization does reduce the per-frame overhead of frame counters, yet at the cost of an increased RAM consumption and occasional energy- and time-consuming resynchronization actions. Alternatively, the timeslotted channel hopping (TSCH) media access control (MAC) protocol of 802.15.4 avoids the drawbacks of frame counters by replacing them with timeslot indices, but findings of Yang et al. question the security of TSCH in general. In this paper, we assume the use of ContikiMAC, which is a popular asynchronous MAC protocol for 802.15.4 networks. Under this assumption, we propose an Intra-Layer Optimization for 802.15.4 Security (ILOS), which intertwines 802.15.4 security and ContikiMAC. In effect, ILOS reduces the security-related per-frame overhead even more than the LB optimization, as well as achieves strong freshness. Furthermore, unlike the LB optimization, ILOS neither incurs an increased RAM consumption nor requires resynchronization actions. Beyond that, ILOS integrates with and advances other security supplements to ContikiMAC. We implemented ILOS using OpenMotes and the Contiki operating system.

Searchable encryption allows users to execute encrypted queries over encrypted databases. Several encryption schemes have been proposed in the literature but they leak sensitive information that could lead to inference attacks. We propose ObliviousDB, a searchable encryption scheme for an outsourced database that limits information leakage. Moreover, our scheme allows users to execute SQL-like queries on encrypted data and efficiently supports multi-user access without requiring key sharing. We have implemented ObliviousDB and show its practical efficiency.

Ethereum is a major blockchain-based platform for smart contracts – Turing complete programs that are executed in a decentralized network and usually manipulate digital units of value. A peer-to-peer network of mutually distrusting nodes maintains a common view of the global state and executes code upon request. The stated is stored in a blockchain secured by a proof-of-work consensus mechanism similar to that in Bitcoin. The core value proposition of Ethereum is a full-featured programming language suitable for implementing complex business logic.

Decentralized applications without a trusted third party are appealing in areas like crowdfunding, financial services, identity management, and gambling. Smart contracts are a challenging research topic that spans over areas ranging from cryptography, consensus algorithms, and programming languages to governance, finance, and law.

This paper summarizes the state of knowledge in this field. We provide a technical overview of Ethereum, outline open challenges, and review proposed solutions. We also mention alternative smart contract blockchains.

In contrast to classical signature schemes, such as RSA or ECDSA signatures, the lattice-based signature scheme ring-TESLA is expected to be resistant even against quantum adversaries. Due to a recent key recovery from a lattice-based implementation, it becomes clear that cache side channels are a serious threat for lattice-based implementations. In this article, we analyze an existing implementation of ring-TESLA against cache side channels. To reduce the effort for manual code inspection, we selectively employ automated program analysis. The leakage bounds we compute with program analysis are sound overapproximations of cache-side-channel leakage. We detect four cache-side-channel vulnerabilities in the implementation of ring-TESLA. Since two vulnerabilities occur in implementations of techniques common to lattice-based schemes, they are also interesting beyond ring-TESLA. Finally, we show how the detected vulnerabilities can be mitigated effectively.

Mobile ransomware is on the rise and effective defense from it is of utmost importance to guarantee security of mobile users’ data. Current solutions provided by antimalware vendors are signature-based and thus ineffective in removing ransomware and restoring the infected devices and files. Also, current state-of-the art literature offers very few solutions to effectively detecting and blocking mobile ransomware. Starting from these considerations, we propose a hybrid method able to effectively counter ransomware. The proposed method first examines applications to be used on a device prior to their installation (static approach) and then observes their behavior at runtime and identifies if the system is under attack (dynamic approach). To detect ransomware, the static detection method uses the frequency of opcodes while the dynamic detection method considers CPU usage, memory usage, network usage and system call statistics. We evaluate the performance of our hybrid detection method on a dataset that contains both ransomware and legitimate applications. Additionally, we evaluate the performance of the static and dynamic stand-alone methods for comparison. Our results show that although both static and dynamic detection methods perform well in detecting ransomware, their combination in a form of a hybrid method performs best, being able to detect ransomware with 100% precision and having a false positive rate of less than 4%.

Deception systems have produced promising results in protecting networks from recent attack campaigns. Their development and operation, however, is regulated by technical and legal circumstances. There are several aspects to be considered when operating a deception system, such as privacy, entrapment and liability. In addition to these general aspects, domain specific law that, for example, applies to research or government, needs to be accounted for. In this work German and European law was investigated with respect to deception systems focusing on the aspects listed above and others. The findings are applied to the design, operation of a Honeypot, as well as the generation and publication of information. We found that it is not forbidden to use deception systems in general but several facets have to be considered in the technical implementation.

The paper presents a new defense against adversarial attacks for deep neural networks. We demonstrate the effectiveness of our approach against the popular adversarial image generation method DeepFool. Our approach uses Wald’s Sequential Probability Ratio Test to sufficiently sample a carefully chosen neighborhood around an input image to determine the correct label of the image. On a benchmark of 50,000 randomly chosen adversarial images generated by DeepFool we demonstrate that our method \(\mathcal {SATYA}\) is able to recover the correct labels for 95.76% of the images for CaffeNet and 97.43% of the correct label for GoogLeNet.

We propose a mitigation model that evaluates individual and combined countermeasures against multi-step cyber-attack scenarios. The goal is to anticipate the actions of an attacker that wants to disrupt a given system (e.g., an information system). The process is driven by an attack graph formalism, enforced with a stateful return on response investment metric that optimally evaluates, ranks and selects appropriate countermeasures to handle ongoing and potential attacks.

Many systems provide anonymity for their users, and most of these systems work on the separation between the users’ identity and the final destination. The level of anonymity these services provide is affected by several factors, some of which are related to the design of the anonymity service itself. Others are related to how the system is used or the user’s application/purpose in using the anonymity service. In this paper we: (i) propose five factors that aim to measure anonymity level from the user’s perspective; (ii) evaluate these factors for three anonymity services, namely Tor, JonDonym, and I2P as case studies; and (iii) present a mechanism to evaluate anonymity services based on the proposed factors and measure their levels of anonymity.