ICT Systems Security and Privacy Protection

The SARS-CoV-2 pandemic is a pressing societal issue today. The German government promotes a contact tracing app named Corona-Warn-App (CWA), aiming to change citizens’ health behavior during the pandemic by raising awareness about potential infections and enable infection chain tracking. Technical implementations, citizens’ perceptions, and public debates around apps differ between countries, i.e., in Germany there has been a huge discussion on potential privacy issues of the app.

Thus, we analyze effects of privacy concerns regarding the CWA, perceived CWA benefits, and trust in the German healthcare system to answer why citizens use the CWA. We use a sample with 1,752 actual users and non-users and find support for the privacy calculus theory, i.e., individuals weigh privacy concerns and benefits in their use decision. Thus, citizens’ privacy perceptions about health technologies (e.g., shaped by public debates) are crucial as they can hinder adoption and negatively affect future fights against pandemics.

Highly contextual socio-technical systems demand highly contextual risk models for relevant system properties, including privacy. Many privacy risk models revolve around adverse consequences, i.e., typologies of bad privacy outcomes. The attendant mirror issues of insufficient contextual nuance (too few/general consequences) versus problematic analytical manageability (too many/granular consequences) can be addressed through the development of synthetic consequences as part of privacy engineering risk management. The objective is to categorize the total set of consequences so as to produce a small number of categories that nonetheless manage to capture the full range of meaning of the original consequences. Those categories can then be tailored to better reflect the context of the socio-technical system being analyzed. Relevant theoretical foundations for the construction of synthetic consequences are discussed and a step-by-step methodology for deriving them is described. This methodology is then applied to the example of a smart TV.

Employees are increasingly wearing smart watches for their work duties. While these devices can support employees in their tasks, they can also collect sensitive information like health or location data about them, thus endangering their privacy. Even when collective agreements, allowing employers to collect such data have been signed, we argue that employees should be aware of the data collection and be able to control it. Therefore, we propose different indicators that aim at enhancing employees’ awareness about the current data collection as well as interactions to allow them to stop and resume it according to their preferences. To compare them, we have conducted an online questionnaire-based study with 1,033 participants. The results indicate that our participants wish to have such indicators to raise their awareness and further wish to control the data collection.

The slow adoption rate of machine learning-based methods for novel attack detection by Security Operation Centers (SOC) analysts can be partly explained by their lack of data science expertise and the insufficient explainability of the results provided by these approaches. In this paper, we present an anomaly-based detection method that fuses events coming from heterogeneous sources into sets describing the same phenomenons and relies on a deep auto-encoder model to highlight anomalies and their context. To implicate security analysts and benefit from their expertise, we focus on limiting the need of data science knowledge during the configuration phase. Results on a lab environment, monitored using off-the-shelf tools, show good detection performances on several attack scenarios (F1 score \({\approx }0.9\)), and eases the investigation of anomalies by quickly finding similar anomalies through clustering.

Today’s evolving and inventive attacks allow an adversary to embed tracking identifiers or malicious triggers in ultrasonic sound and covertly transmit them between devices without the users’ knowledge. An adversary can exploit an electronic device by manipulating the microphone, gyroscope or speaker using ultrasonic sound. Almost all types of electronic devices are vulnerable to this type of attack. Indeed, some preventive measures are in place to counter ultrasonic invasion. However, they are primitive and often are not capable of detecting the attacks.

To this end, we propose FOCUS: Frequency based detection of Covert Ultrasonic Signals. In particular, FOCUS displays a low-end, low-cost ultrasonic detection mechanism that can be employed anywhere. We validate FOCUS through two proof-of-concept (PoC) implementations utilizing Raspberry Pi and Arduino based hardware modules, respectively. The results demonstrate that FOCUS can detect ultrasonic sound and alert users of possible ultrasonic invasion.

More and more Internet traffic is encrypted. While this protects the confidentiality and integrity of communication, it prevents network monitoring systems (NMS) from effectively analyzing the now encrypted payloads. Many enterprise networks have deployed man-in-the-middle (MitM) proxies that intercept TLS connections at the network border to examine packet payloads and to regain visibility. However, TLS interception via MitM proxies often reduces connection security and potentially introduces additional attack vectors.

In this paper, we present a cooperative approach in which endpoints selectively send TLS keys to the NMS for decrypting TLS connections. This enables hosts to control which TLS connections an NMS can decrypt and lets users retain privacy for chosen connections. We implement a prototype based on the Zeek NMS that is able to receive key material from hosts, decrypt TLS connections, and analyze the cleartext. Meanwhile, our patch was merged into Zeek upstream and will be part of Zeek v4.3.0. In our evaluation, we initially compare our approach to MitM proxies and can deduce that it significantly reduces the computational overhead. Furthermore, our experimental results on real-world traffic indicate that our TLS decryption adds a runtime overhead of 2.5 times compared to the analysis of cleartext. Additionally, our results indicate that when buffering traffic for only short amounts of time at the NMS, all keys from the hosts arrive in time to completely decrypt 99,99% of all observed TLS connections.

DNS resolvers perform the essential role of translating domain names into IP addresses. The default DNS resolver offered by an Internet Service Provider (ISP) can be undesirable for a number of reasons such as censorship, lack of malware filtering options and low service quality. In this paper, we propose a novel method for estimating the amount of DNS traffic directed at non-ISP resolvers by using DNS and NetFlow data from an ISP. This method is extended to also estimate the amount of DNS traffic towards resolvers that offer malware filtering or parental control functionality. Finally, we propose a novel method for estimating the amount of DNS traffic at non-ISP resolvers that would have been censored by ISP resolvers. The results of applying these methods on an ISP dataset shows to which extent 3rd party resolvers are chosen by users for either malware filtering or censorship circumvention purposes.

In recent years, intrusion detection system (IDS) based on machine learning (ML) algorithms has developed rapidly. However, ML algorithms are easily attacked by adversarial examples, and many attackers add perturbations to features of malicious traffic to escape ML-based IDSs. Unfortunately, most attack methods add perturbations without sufficient restrictions, generating unpractical adversarial examples. In this paper, we propose RAAM, a restricted adversarial attack model with adding perturbations to traffic features, which escapes ML-based IDSs. RAAM employs the improved loss to enhance the adversarial effect uses regularizer and masking vectors to restrict perturbations. Compared with previous work, RAAM can generate adversarial examples with superior characteristics: regularization, maliciousness and small perturbation. We conduct experiments on the well-known NSL-KDD dataset, and test on nine different ML-based IDSs. Experimental results show that the mean evasion increase rate (EIR) of RAAM is 94.1% in multiple attacks, which is 9.2% higher than the best of related methods, DIGFuPAS. Especially, adversarial examples generated by RAAM have lower perturbations, and the mean distance of perturbations (\(L_{2}\)) is 1.79, which is 0.81 lower than DIGFuPAS. In addition, we retrain IDSs with adversarial examples to improve their robustness. Experimental results show that retrained IDSs not only maintain the ability of detection for original examples, but also are hard to be attacked again.

Tor is a popular anonymity network which achieves its anonymity by constructing paths over three Tor relays, so-called circuits. Multiple streams that correspond to TCP connections can be multiplexed over a single circuit. By default, circuits are used for about ten minutes before switching to new circuits. Once that time limit is reached the circuit cannot be used for any new streams. This time-window is called the maximum circuit dirtiness (MCD). This paper analyzes the consequences of changing the MCD for all clients in the network and provides data on how changing the MCD affects various metrics of the Tor network. Our analysis shows that reducing the MCD to a sane value has almost no impact on the clients. Neither performance nor anonymity of the clients are significantly affected by the MCD. On the relays however halving the default MCD reduces the memory usage by about 20% while maintaining the original throughput and no measurable increase in CPU usage. Raising the MCD shows the opposite effect and increases memory usage. By drastically reducing the MCD, a significant number of extra circuits are created. From a performance point of view, the MCD should be reduced. Building on this work, side effects on specific attacks on Tor should be investigated in future work.

Identifying how a file has been created is often interesting in security. It could be used by both attackers and defenders. Attackers can exploit this information to tune their attacks and defenders can understand how a malicious file has been created after an incident. As malicious PDF files are commonly used by attackers, in this work, we want to identify how a PDF file has been created. This problem is important because PDF files are extremely popular and widely used.

Our approach to detect which software has been used to produce a PDF file is based on the coding style: given patterns that are only created by certain PDF producers. We have analysed the coding style of 900 PDF files produced using 11 PDF producer tools on 3 different Operating Systems. We have obtained a set of 192 rules which can be used to identify 11 PDF producers. We have tested our detection tool on 508836 PDF files published on scientific preprint servers. Our tool can detect certain producers with an accuracy of 100%. Its overall detection is still high (74%).

In digital forensics, classification of file fragments is an important step to complete the file carving process. There exist several approaches to identify the type of file fragments without relying on meta-data. Examples of such approaches are using features like header/footer and N-gram to identify the fragment type. Recently, deep learning models have been successfully used to build classification models to achieve this task. In this paper, we propose a light-weight file fragment classification using depthwise separable convolutional neural network model. We show that our proposed model does not only yield faster inference time, but also provide higher accuracy as compared to the state-of-art convolutional neural network based models. In particular, our model achieves an accuracy of 78.45% on the FFT-75 dataset with 100K parameters and 167M FLOPs, which is 24\(\times \) faster and 4–5\(\times \) smaller than the state-of-the-art classifier in the literature.

The emergence of the Verifiable Credentials recommendation from W3C allows the adoption of credential systems in a much wider range of user-centric applications and use cases. With this shift to user-centric credential systems, Selective Disclosure has been proposed and used to cryptographically secure user privacy. Although much work has been undertaken in creating selective disclosure supporting cryptographic protocols, those schemas are not directly applicable for credentials. Implementations rely on canonicalization algorithms to transform a credential to the necessary data format, which will be used by the cryptographic layer. Those algorithms are often used without the necessary cryptographic and security considerations, leading to insecure implementations. In this work we define three necessary security properties for the canonicalization algorithms. We also propose a mathematical model for JSON credentials, which we use to prove the security of a proposed canonicalization algorithm.

Deduplication is widely used to improve space efficiency in cloud storage. The Updatable block-level Message-Locked Encryption (UMLE) has been proposed to achieve efficient block-level updates for a deduplication system. However, the update design of the current UMLE instantiation adopts a static structure, which does not fit in with real update scenarios. This paper analyzes the File System and Storage Lab (FSL) Homes datasets that are widely used in deduplication research and reveals two interesting properties: i) Updated blocks are more likely to be updated again; ii) Updated blocks are always clustered in files. Based on these properties, we propose and implement an efficient and practical UMLE scheme. Experiments on real-world datasets show that our update algorithm is 24.85% more efficient than its foremost counterpart, increasing the space overhead by \(\le \) 0.39%.

The kernel stack is an important data structure in the kernel. It stores the return address, local variables and a large amount of state information of the kernel and application. Therefore, the kernel stack is often a valuable target for the attackers. More seriously, some types of attacks, which could bypass existing protection mechanisms, such as “return-to-schedule” rootkit, have posed a serious security threat to the security of the kernel stack. Therefore, some defensive approaches have been proposed to protect the integrity of the kernel stack by setting it read-only, however, it does not protect the confidentiality of the key data in the kernel stack. In this paper, we propose a kernel stack protection model for both the confidentiality and integrity without relying on another higher privilege layer. It takes advantage of AES-NI to encrypt the kernel stacks of the threads that are not running, and decrypt the kernel stack of the thread which will be running. In order to improve the security and adaptability, we implement two AES algorithms with different key lengths. The experimental results show that the kernel stack protection model could provide effective protection for the integrity and confidentiality of the kernel stack and do not impose high performance overhead.

TLS is crucial to network security, but TLS-related APIs have been repeatedly shown to be misused. While existing usable security research focuses on cryptographic primitives, the specifics of TLS interfaces seem to be under-researched. We thus set out to investigate the usability of TLS-related APIs in multiple libraries with a focus on identifying the specifics of TLS. We conducted a three-fold exploratory study with altogether 60 graduate students comparing the APIs of three popular security libraries in establishing TLS connections: OpenSSL, GnuTLS, and mbed TLS. We qualitatively analyzed submitted reports commenting on API usability and tested created source code. User satisfaction emerged as an interesting, potentially under-researched theme as all APIs received both positive and negative reviews. Abstraction level, error handling, entity naming, and documentation emerged as the most salient usability themes. Regarding functionality, checking for revoked certificates was especially complicated and other basic security checks seemed not easy as well. In summary, although there were conflicting opinions on both the interface and documentation of the libraries, several usability issues were shared among participants, forming a target for closer inspection and subsequent improvement.

Usability of antivirus (AV) tools has not received much attention yet. We conducted a laboratory study with 34 German students to investigate how they experience notifications and interventions of their AV when a threat is detected. During the study, a specifically designed harmless file triggered AV on participants’ laptops. Out of 34 participants, 19 users noticed AV messages, and 8 of them understood that the message communicated threat detection concerning a specific file. Moreover, only 6 users understood that this file was removed by the AV tool. Additionally, most participants were distracted by Windows OS messages that were unintelligible to them. We investigate reasons for incomprehension in our sample, and give recommendations for improved user interaction design of AV tools.

With the increasing digitisation, more and more of our activities leave digital traces. This is especially true for our work life. Data protection regulations demand the consideration of employees’ right to privacy and that the recorded data is necessary and proportionate for the intended purpose. Prior work indicates that standard software commonly used in workplace environments records user activities in excessive detail. A major part of this are timestamps, whose temporal contextualisation facilitates monitoring. Applying data minimisation on timestamps is however dependent on an understanding of their necessity. We provide large-scale real-world evidence of user demand for timestamp precision. We analysed over 20 000 Git configuration files published on GitHub with regard to date-related customisation in output and filtering, and found that a large proportion of users choose customisations with lower or adaptive precision: almost 90% of chosen output formats for subcommand aliases use reduced or adaptive precision and about 75% of date filters use day precision or less. We believe that this is evidence for the viability of timestamp minimisation. We evaluate possible privacy gains and functionality losses and present a tool to reduce Git dates.

Proof of work (PoW) is a widely adopted distributed consensus protocol which enables cryptocurrency transaction processing without a trusted third party. The miners are financially incentivized to participate in the PoW consensus protocol, and PoW relies on the underlying peer-to-peer (P2P) networking for receiving and transmitting the transactions and the up-to-date blocks (which are the inputs for the PoW consensus protocol). We study the rational miner strategy but control an orthogonal parameter from those in the previous blockchain research, which has studied the control of the mining power or the timing of the block submissions (e.g., selfish mining or block withholding). More specifically, we study greedy networking, in which a miner node increases its connectivity beyond the default protocol to expedite the deliveries of blocks and transactions for an unfair mining advantage. While greedy networking has been actively studied in the general P2P networking, it has not been systematically studied in cryptocurrency and blockchain despite the alleged real-world instances by the Bitcoin community. We build an analytical framework for greedy networking and study how the networking control impacts the cryptocurrency application to quantify the benefits and costs of the networking control. To demonstrate the use of our framework, we implement a greedy networking prototype based on an active Bitcoin node connected to the Mainnet while simulating different miner capabilities by varying the computing backend of the miner. In contrast to the previous belief in blockchain and cryptocurrency, we discover that the optimal number of connections is bounded (limiting the greedy behavior) and depends on the hash computing capability of the miner.

Hyperledger Fabric (HLF) is an open-source platform for deploying enterprise-level permissioned blockchains where users from multiple organizations can participate. Preventing unauthorized access to resources in such blockchains is of critical importance. Towards addressing this requirement, HLF supports different access control models. However, support for Attribute-Based Access Control (ABAC) in the current version of HLF is not comprehensive enough to address various requirements that arise when multiple organizations interact in an enterprise setting. To address those shortcomings, in this paper, we develop and present methods for providing full ABAC functionality in Hyperledger Fabric. Performance evaluation under different network configurations using the Hyperledger Caliper benchmarking tool shows that the proposed approach is quite efficient in practice.

Detecting code clones is essential for many security tasks, e.g., vulnerability detection, malware analysis, legacy software patching. In many of these security scenarios, source code is not available, leaving binary code analysis as the only option. Yet, evaluation of binary code is often exacerbated by the wide use of obfuscation. In this work, we propose an approach for obfuscation-resistant fine-grained detection of code clones in Android apps at the bytecode level. To mitigate inherent constraints of static analysis and to achieve obfuscation resistance, we partially simulate the execution of Android code, and abstract the resulting execution traces. We validate our approach’s ability to detect different types of code clones on a set of 20 injected clones and explore its resistance against obfuscation on a set of 1085 obfuscated apps.

Built-in and computer-connected web cameras can be hacked with malware that aim in activating the camera without setting on the green led indicator (in systems that support this feature). A simple countermeasure to at least preserve the user privacy, until the security incident is contained, is to cover the camera up when not in use. One could also argue that there is a sense of security when an application (e.g. zoom, WebEx, Skype) is using the web camera and the light is on. The user trusts that there is one-to-one relationship between the web-camera (and its light indicator) and an application. In this paper, we tackle this common misperception by demonstrating that the aforementioned relationship could be one-to-many, allowing many applications accessing the web camera stream simultaneously, posing a serious privacy threat that could go undetected.

Thanks to the convenience and the increasing functionalities, mobile devices especially smartphones are becoming an essential electronic device in people’s daily lives. Users can take the smartphone for online shopping and payment, as well as chatting with friends. However, with more private and sensitive information stored on such devices, how to secure the phone data becomes an open challenge. To protect a smartphone from unauthorized access, a direct and intuitive approach is to deploy an unlock mechanism, which requires users to input a correct pattern and unlock the phone. In the literature, combining behavioral biometrics can further enhance the security of unlock mechanisms, e.g., Android unlock patterns. In this work, we develop Double-X, a double-cross-based unlock scheme that requires users to unlock the phone by inputting two cross shapes on the selected dots. To authenticate the user, Double-X has to check the selected dots and the behavioral features when drawing the cross shapes. To examine the scheme performance, we perform two user studies with 80 participants with several typical supervised algorithms. The results indicate that participants can achieve a good success rate (e.g., 95%) under our scheme compared with two similar schemes.

Private Information Retrieval (PIR) allows a user to privately retrieve any item from a database such that the server(s) holding the database cannot learn any information about the user’s choice. Most existing PIR protocols focus on minimizing the communication cost for retrieving one bit from the database, in an honest-but-curious server model. Dishonest servers were studied in an ad-hoc fashion including the robust PIR and verifiable PIR for cheater identification, where the former further guarantees error correction but only works when the number of dishonest servers are bounded and the latter works for any number of dishonest servers but has to rely on the intractability assumption of certain computational hard problems and a tag published by the honest data owner. We initiate a systematic study of the fundamental problem of cheating detection for PIR (cd-PIR). We first show a theoretic result that rules out the possibility of information-theoretically secure cd-PIR against arbitrary number of cheaters (even allowing the data owner to publish a tag and lifting cheater identification), which justifies our study of computational cd-PIR. On the positive side, we show that computational cd-PIR against arbitrary number of cheaters can be achieved much more efficiently than all previous constructions and with weaker cryptography hardness assumptions. In particular, we obtain efficient cheating detection for PIR with more than one server that resists quantum algorithm for the first time.

Trusted Execution Environment (TEE) technology like ARM TrustZone allows protecting confidential data using cryptographic keys that are bound to a specific TEE and device. However, there are good reasons to allow relocating such data from a TEE to another TEE in another device, often in a non-interactive (offline) and anonymous manner. We propose the Trusted Relocation Extension (TRX), a TrustZone-based trusted storage service enabling backup/recovery and sharing of data between TEEs in different devices. TRX works offline, without previous key exchange, and ensures the anonymity of the sender and the receiver. We present an implementation of TRX compatible with OP-TEE and its evaluation with Raspberry Pi 3 B+ devices.

Structured Encryption (STE), introduced by Chase and Kamara (ASIACRYPT 2010), enables to perform efficient private queries over an encrypted data structure. Very recently, Kamara and Moataz (EUROCRYPT 2019) formalized the notion of volume-hiding STE to mitigate the volume attack, and presented the first concrete volume-hiding encrypted multi-map (EMM) scheme with densest subgraph transform, which can ensure that the volume of values associated with the queried key is hidden to the adversary. To achieve better performance, Patel et al. (CCS 2019) designed a volume-hiding EMM scheme from cuckoo hash dubbed dprfMM. However, we observe that all the existing volume-hiding EMMs focus only on queries over a single key. Although the state-of-the-art conjunctive queries scheme OXT (CRYPTO 2013) can achieve sub-linear search complexity for conjunctive queries, it reveals the real volumes of the queried keys. Therefore, it is desirable to explore the volume-hiding encrypted multi-maps supporting conjunctive queries. In this paper, we initiate the study of volume-hiding EMM supporting conjunctive queries. We present, to our best knowledge, the first volume-hiding conjunctive EMM scheme OXTMM. Compared with the state-of-the-art volume-hiding single-key EMM scheme dprfMM, our proposed OXTMM can guarantee that the real volume of each key is hidden while supporting efficient conjunctive queries, the query communication overhead is \(2\ell \) encrypted key/value pairs together with a succinct data structure Bloom filter, where \(\ell \) is the maximum volume of all keys. In addition, we prove the security of our proposed OXTMM and give a thorough efficiency analysis between our proposal and the existing constructions. Finally we implement OXTMM and compare it with the most efficient scheme \(\textsf {OXT}\). Experiments result demonstrates that OXTMM can achieve volume-hiding conjunctive queries with a moderate efficiency loss.

Large-scale dark web marketplaces have been around for more than a decade. So far, academic research has mainly focused on drug and hacking-related offers. However, data markets remain understudied, especially given their volatile nature and distinct characteristics based on shifting iterations. In this paper, we perform a large-scale study on dark web data markets. We first characterize data markets by using an innovative theoretical legal taxonomy based on the Council of Europe’s Cybercrime Convention and its implementation in Dutch law. The recent Covid-19 pandemic showed that cybercrime has become more prevalent with the increase of digitalization in society. In this context, important questions arise regarding how cybercrime harms are determined, measured, and prioritized. We propose a determination of harm based on criminal law qualifications and sanctions. We also address the empirical question of what the economic activity on data markets looks like nowadays by performing a comprehensive measurement of digital goods based on an original dataset scraped from twelve marketplaces consisting of approximately 28,000 offers from 642 vendors. The resulting analysis combines insights from the theoretical legal framework and the results of the measurement study. To our knowledge, this is the first study to combine these two elements systematically.

UAF (use-after-free) is one of the most severe program vulnerabilities, caused by dangling pointers. Existing vulnerability mitigation approaches either attempt to block possible exploitation without fixing the root cause problem, or identify and remove dangling pointers with huge runtime overhead. In this paper, we present SDPN (Static Dangling Pointer Nullification) to defeat use-after-free vulnerability by eliminating dangling pointers filtered in multiple stages during compilation time. We implement a prototype of SDPN and evaluate it using real-world CVE vulnerabilities, and the results show that SDPN can effectively protect programs from use-after-free vulnerability. We also test SDPN using SPEC 2006 and the experimental results demonstrate that the time overhead introduced by SDPN is almost negligible, i.e., <1%.