Information Security Technology for Applications

The presentation is about the design of the backbone of the Estonian governmental information systems - X-Road. The system is already ten years old and has proven to be useful and reliable. The presentation describes the vision of the system, the requirements analysis process and the technical design decisions. The vision was to create a web-services based unified access to all governmental registries. The requirements analysis was guided by the existing legislation and organizational setup of the government. The technical design was pragmatic and based on some unorthodox solutions.

Estonia was the first country in the world to introduce Internet Voting pan-nationally in binding elections in 2005. Although Internet Voting is only one of many ways of voting in Estonia, the number of voters has grown exponentially. The short paper explores the topic of Internet Voting based on the six-year experience of the pioneer country Estonia. The factors of success in the process include for example the relative small size of the country and the positive experiences with previous government e-services. The role of a secure online authentication token — ID-card — would also be crucial in implementing the idea of remote voting in an uncontrolled environment.

Voter’s right to change the I-vote with another I-vote or with paper-ballot and the supremacy of the paper ballot serve as main strongholds against vote buying and other infringements of the principle of free elections.

Possible future developments and expansion of technical platforms will be addressed.

The capability that a server can hide its location while offering various kinds of services to its clients is called hidden services or location-hiding. Almost previous low-latency anonymous communication systems such as Tor, MorphMix, etc. that can be used to implement hidden services are vulnerable against end-to-end traffic analysis attack. In this paper, we introduce a novel architecture for implementing hidden services which is robust against end-to-end traffic analysis attack. Moreover, our scheme is more robust against various traffic analysis attacks than previous low-latency anonymous communication architectures.

The techniques of tracking users through their web browsers have greatly evolved since the birth of the World Wide Web, posing an increasingly significant privacy risk. An important branch of these methods, called fingerprinting, is getting more and more attention, because it does not rely on client-side information storage, in contrast to cookie-like techniques. In this paper, we propose a new, browser-independent fingerprinting method. We have tested it on a data set of almost a thousand records, collected through a publicly accessible test website. We have shown that a part of the IP address, the availability of a specific font set, the time zone, and the screen resolution are enough to uniquely identify most users of the five most popular web browsers, and that user agent strings are fairly effective but fragile identifiers of a browser instance.

Hardware security is an essential tool in the prevention of cloning, theft of service and tampering. This security is often based on cryptographic primitives, which use a key that is securely stored somewhere in the hardware. The strength of the security is therefore dependent upon the effort required from an attacker to compromise this key. Since the tools used to carry out attacks on hardware have increased significantly over the years, the protection provided by simply storing a key in memory has decreased to a minimum. In order to protect devices against attacks on their keys, Hardware Intrinsic Security (HIS) can be used. One of the best known types of HIS primitives are Physically Unclonable Functions (PUFs). PUFs are primitives that extract secrets from physical characteristics of integrated circuits (ICs) and can be used, amongst others, in secure key storage implementations. This paper describes the results of our study on two important types of intrinsic PUFs, based on SRAM and D flip-flops. Both memory types present a specific start-up pattern (when powered up), which can be used as a PUF. For secure practical applications, a PUF should possess enough reliability for a single device and enough randomness between different devices. In this paper, a general test framework is proposed for measuring this reliability and randomness of both PUF types. Based on this framework, tests have been performed on PUFs in 65nm ICs and results are presented and compared between PUF types. From these results it can be concluded that SRAMs are slightly outperforming D flip-flop memories when it comes to usage for PUF implementations.

The capabilities of the modern smartphones make them the obvious platform for novel mobile applications. The open architectures, however, also create new vulnerabilities. Measures for prevention, detection, and reaction need to be explored with the peculiarities that resource-constrained devices impose. Smartphones, in addition to cellular broadband network capabilities, include WiFi interfaces that can even be deployed to set up a mobile ad hoc network (MANET). While intrusion detection in MANETs is typically evaluated with network simulators, we argue that it is important to implement and test the solutions in real devices to evaluate their resource footprint. This paper presents a modular implementation of an anomaly detection and mitigation mechanism on top of a dissemination protocol for intermittently-connected MANETs. The overhead of the security solution is evaluated in a small testbed based on three Android-based handsets and a laptop. The study shows the feasibility of the statistics-based anomaly detection regime, having low CPU usage, little added latency, and acceptable memory footprint.

In this paper, we introduce the notion of mental voting booths, i.e., a building block for voting schemes that provides remote voters with similar protection as that offered by physical voting booths, essentially protecting them from over-the-shoulder coercion attacks (shoulder-surfing). We introduce a framework to model voting booths and formulate a property of the modelled booths that is sufficient to ensure over-the-shoulder coercion resistance. Next, we propose an example of mental booth that is simple enough to be used by any voter without prior training and show that an execution of the remote booth in the presence of the adversary is equivalent to that execution in his absence (e.g., inside a physical booth). The only cost lies in the use of an untappable channel in order to transmit a piece of information before the voting phase. Mental booths also allow for the voter to safely delegate his own voice to an untrusted person while still being able to verify that the untrusted person followed his instructions while voting.

Protecting personal privacy is going to be a prime concern for the deployment of ubiquitous computing systems in the real world. That becomes serious especially when a user receives user centric services from a service provider by offering personal information, because the service can be of a higher quality if the user provides more personal information despite the increase of privacy violation risk. Therefore, this paper proposes a privacy protection method that realizes avoidance of unwanted information disclosure by controlling disclosable attributes according to the results from monitoring two elements: user background information of the provider and user community status. The monitoring is done before disclosing individual attributes corresponding to the privacy policy (i.e., the required anonymity level) by each user. The validity of the proposed methods was confirmed by a desk model.

A well-established truth regarding password authentication is that easily remembered passwords are weak. This study demonstrates that this is not necessarily true. Users can be encouraged to design strong passwords, using elements associated with a given service, together with a personal factor. Regulatory bodies and information security experts are often asked the question: “what is a good password?” We claim that this is not the right question; it should be: “how can one design multiple passwords that are strong and memorable at the same time?” This paper presents guidelines for password design that combine a Personal Factor with an element associated to the login site. Analysis of the passwords generated by a group of volunteers and their ability to recall multiple passwords at later moments in time show that one can actually achieve good memorability of strong and unique passwords.

The work presented in this paper introduces the concept of On-line Interactive (OI) privacy feature which is defined as any on-line interactive tool, component or user-interface that creates privacy awareness and supports users in understanding their on-line privacy risks. These features have been developed as an interactive social translucence map that discloses the flow of personal information, a privacy enquiry for a direct chat about users’ privacy concerns and a discussion forum presenting users’ privacy concerns using their language in an interactive FAQ format. The paper presents an evaluation of a prototype of this set of embedded OI privacy features. The field study presented evaluates the prototype’s usability and its effect on users’ privacy awareness, understanding and attitude. 100 participants took part in the study and were drawn from groups of experienced and less experienced users. Both quantitative and qualitative data collection methods were used. Findings suggest that OI privacy features increase users’ privacy awareness and encourage users to find out more about the uses of their personal data. However, users’ ICT skills and Internet experience significantly influence whether a feature is favoured or otherwise. In general, it is concluded that privacy features are very much welcomed and necessary to empower users to manage their privacy concerns but some groups need to be further supported by social and institutional privacy management processes.

A previous study showed how a monitor can be inlined into a potentially untrusted program, producing an instrumented version of this program which provably respects the desired security policy. That study extended previous approaches to the same problem in that it allowed non-safety properties to be monitored, and did not incur any runtime overhead. However, the algorithm itself runs in time \(\mathcal{O}(2^{m\cdot n})\), where n is the size of the original program and m that of the property being monitored, and the resulting instrumented program is increased in the order of \(\mathcal{O}(m\cdot n)\). These algorithmic factors limit the usefulness of the approach in practice. In this paper, we suggest several optimizations which reduce the algorithm’s run time and the size of the resulting instrumented code. Using these optimizations, the monitor inlining can run in time \(\mathcal{O}(v + e)\) where v and e are respectively the size and number of transitions present in the synchronous product of the original program and the property. Furthermore, we show how the size of the instrumented program can be minimized.

Several statistics on the factors of attacks’ proliferation revealed the scarce deployment of entity authentication mechanisms being one of the most important. Particularly, providing seamless mobile re-authentication service for real-time inter-domain handover procedures is still an open issue. This paper is focused on the re-authentication architecture and mechanisms design, aiming to low latency re-authentication services for roaming WLAN or WiMAX terminals. Authentication architecture is specified to integrate the proposed mechanisms and a novel generic key material concept is defined in addition to the current state-of-the-art. An identity-based key material derivation method is developed, relying on the multiplicative group associativity property and the intractable underlying RSA problem. Then, the required cryptographic properties are evaluated. A simple generic key material pre-distribution mechanism is proposed and the related local re-authentication protocol. Eventually, the validation of the security properties of the re-authentication protocol, as well as the functional correctness validation of the re-authentication service is performed.

In statistical classification work, one method of speeding up the process is to use only a small percentage of the total parameter set available. In this paper, we apply this technique both to the classification of malware and the identification of malware from a set combined with cleanware. In order to demonstrate the usefulness of our method, we use the same sets of malware and cleanware as in an earlier paper. Using the statistical technique Information Gain (IG), we reduce the set of features used in the experiment from 7,605 to just over 1,000. The best accuracy obtained in the former paper using 7,605 features is 97.3% for malware versus cleanware detection and 97.4% for malware family classification; on the reduced feature set, we obtain a (best) accuracy of 94.6% on the malware versus cleanware test and 94.5% on the malware classification test. An interesting feature of the new tests presented here is the reduction in false negative rates by a factor of about 1/3 when compared with the results of the earlier paper. In addition, the speed with which our tests run is reduced by a factor of approximately 3/5 from the times posted for the original paper. The small loss in accuracy and improved false negative rate along with significant improvement in speed indicate that feature reduction should be further pursued as a tool to prevent algorithms from becoming intractable due to too much data.

The majority of malware seen on Android has a top-down approach often targeting application programming interfaces (API) of the financially rewarding telephony and short message service (SMS). In this paper we present a proof of concept of compromising an Android based smartphone by targeting the underlying Linux kernel.

We adopt an unorthodox bottom-up approach on modifying the operating system to allow an application to re-route the Android debug bridge (ADB) daemon onto a wireless link. We support our research using case scenarios to show how information can be extracted and inserted into the smartphone without the knowledge of the user. We discuss how the Android build environment can be changed to harness functionality from secured operations. We also discuss how an application can be designed to function with minimum resources, be hidden and perform operations without user consent or interaction. We also provide an overview of how a rooted Android operating system can be misused.

In-network data aggregation in Wireless Sensor Networks (WSNs) provides efficient bandwidth utilization and energy-efficient computing. Supporting efficient in-network data aggregation while preserving the privacy of the data of individual sensor nodes has emerged as an important requirement in numerous WSN applications. For privacy-preserving data aggregation in WSNs, He et al. (INFOCOM 2007) have proposed a Cluster-based Private Data Aggregation (CPDA) that uses a clustering protocol and a well-known key distribution scheme for computing an additive aggregation function in a privacy-preserving manner. In spite of the wide popularity of CPDA, it has been observed that the protocol is not secure and it is also possible to enhance its efficiency. In this paper, we first identify a security vulnerability in the existing CPDA scheme, wherein we show how a malicious participant node can launch an attack on the privacy protocol so as to get access to the private data of its neighboring sensor nodes. Next it is shown how the existing CPDA scheme can be made more efficient by suitable modification of the protocol. Further, suitable modifications in the existing protocol have been proposed so as to plug the vulnerability of the protocol.

We present disjunction category (DC) labels, a new label format for enforcing information flow in the presence of mutually distrusting parties. DC labels can be ordered to form a lattice, based on propositional logic implication and conjunctive normal form. We introduce and prove soundness of decentralized privileges that are used in declassifying data, in addition to providing a notion of privilege-hierarchy. Our model is simpler than previous decentralized information flow control (DIFC) systems and does not rely on a centralized principal hierarchy. Additionally, DC labels can be used to enforce information flow both statically and dynamically. To demonstrate their use, we describe two Haskell implementations, a library used to perform dynamic label checks, compatible with existing DIFC systems, and a prototype library that enforces information flow statically, by leveraging the Haskell type checker.

This paper presents a solution for visualization control aimed at public displays used in a hospital setting. The solution controls what is displayed on a screen based on its location and the current time of day. In addition it makes risk/benefit trade-offs based on the quality and newness of the information, as well as its sensitivity and its importance for intended users. The solution can be realized by utilizing an existing publish/subscribe middleware solution.

In this paper, we answer the question whether binary extension field or prime-field based processors doing multi-precision arithmetic are better in the terms of area, speed, power, and energy. This is done by implementing and optimizing two distinct custom-made 16-bit processor designs and comparing our solutions on different abstraction levels: finite-field arithmetic, elliptic-curve operations, and on protocol level by implementing the Elliptic Curve Digital Signature Algorithm (ECDSA). On the one hand, our \(\mathbb{F}_{2^{m}}\) based processor outperforms the \(\mathbb{F}_p\) based processor by 19.7% in area, 69.6% in runtime, 15.9% in power, and 74.4% in energy when performing a point multiplication. On the other hand, our \(\mathbb{F}_p\) based processor (11.6kGE, 41.4,μW, 1,313kCycles, and 54.3μJ) improves the state-of-the-art in \(\mathbb{F}_{p_{192}}\) ECC hardware implementations regarding area, power, and energy results. After extending the designs for ECDSA (signature generation and verification), the area and power-consumption advantages of the \(\mathbb{F}_{2^{m}}\) based processor vanish, but it still is 1.5-2.8 times better in terms of energy and runtime.