Secure IT Systems

This paper focuses on tracking information flow in the presence of delayed output. We motivate the need to address delayed output in the domains of IoT apps and email marketing. We discuss the threat of privacy leaks via delayed output in code published by malicious app makers on popular IoT app platforms. We discuss the threat of privacy leaks via delayed output in non-malicious code on popular platforms for email-driven marketing. We present security characterizations of projected noninterference and projected weak secrecy to capture information flows in the presence of delayed output in malicious and non-malicious code, respectively. We develop two security type systems: for information flow control in potentially malicious code and for taint tracking in non-malicious code, engaging read and write security types to soundly enforce projected noninterference and projected weak secrecy.

Mobile device tracking has become ever so pervasive in our world of location-based services and prying eyes. While users can somewhat restrict the flow of information towards the services they consciously use, this is not as easily possible for the mobile network they are connected to. Here, they can be tracked with relative ease by whoever controls the access points they connect to, or even by anyone that is able to monitor the air interface. Trends towards smaller cells and dynamic access point ownership within the scope of 5G only exacerbate this issue. In this paper, we present a new mix zone approach, called MixMesh, based on device-to-device communication, intended to hinder mobile network tracking through enabling secure and privacy-friendly pseudonym changes, aligned with the requirements resulting from the aforementioned trends. Our evaluation shows that our MixMesh approach is able to deliver better anonymity at an unchanged level of service quality compared to existing mix zone techniques, all the while being configurable to a desired level of anonymity in order to adapt to different scenarios.

Privacy leak of mobile applications has been a major issue in mobile security, and the prevalent usage of packing technology in mobile applications further complicates the problem and renders many existing analysis tools incapacitated. In this paper, we propose AppLance, a novel lightweight analysis system for Android packed applications without prior unpacking, which can also consider implicit information flow and privacy confusion. Without modifying Android system and the applications, AppLance runs on a mobile device as a dynamic analysis system, subtly evading the impact of various packing methods. Moreover, we build and release a benchmark, which contains 540 Android applications, to evaluate analysis tools aimed at packed applications. We evaluate AppLance on the benchmark and real-world applications, and the experimental results show that the system is effective and can be deployed on real devices with little overhead.

We present two simple backdoors that can be implemented into Maurer’s unified zero-knowledge protocol [22]. Thus, we show that a high level abstraction can replace individual backdoors embedded into protocols for proving knowledge of a discrete logarithm (e.g. the Schnorr and Girault protocols), protocols for proving knowledge of an \(e^{th}\)-root (e.g. the Fiat-Shamir and Guillou-Quisquater protocols), protocols for proving knowledge of a discrete logarithm representation (e.g. the Okamoto protocol) and protocols for proving knowledge of an \(e^{th}\)-root representation.

We present Steady: an end-to-end secure logging system engineered to be simple in terms of design, implementation, and assumptions for real-world use. Steady gets its name from being based on a steady (heart)beat of events from a forward-secure device sent over an untrusted network through untrusted relays to a trusted collector. Properties include optional encryption and compression (with loss of confidentiality but significant gain in goodput), detection of tampering, relays that can function in unidirectional networks (e.g., as part of a data diode), cost-effective use of cloud services for relays, and publicly verifiable proofs of event authenticity. The design is formalized and security proven in the standard model. Our prototype implementation (\(\approx \)2,200 loc) shows reliable goodput of over 1M events/s (\(\approx \)160 MiB/s) for a realistic dataset with commodity hardware for a device on a GigE network using 16 MiB of memory connected to a relay running at Amazon EC2.

We revisit the notion of deniability in quantum key exchange (QKE), a topic that remains largely unexplored. In the only work on this subject by Donald Beaver, it is argued that QKE is not necessarily deniable due to an eavesdropping attack that limits key equivocation. We provide more insight into the nature of this attack and how it extends to other constructions such as QKE obtained from uncloneable encryption. We then adopt the framework for quantum authenticated key exchange, developed by Mosca et al., and extend it to introduce the notion of coercer-deniable QKE, formalized in terms of the indistinguishability of real and fake coercer views. Next, we apply results from a recent work by Arrazola and Scarani on covert quantum communication to establish a connection between covert QKE and deniability. We propose DC-QKE, a simple deniable covert QKE protocol, and prove its deniability via a reduction to the security of covert QKE. Finally, we consider how entanglement distillation can be used to enable information-theoretically deniable protocols for QKE and tasks beyond key exchange.

Authenticated group key exchange (AGKE) represents an essential class of group key exchange (GKE) protocols, which is secure against active attackers. Dynamic AGKE allows for very efficient group membership changes (join, leave, merge and partition, etc.) during protocol executions. In this paper, a security model is developed for generic dynamic AGKE to cover more active attacks than previous similar models (such as leakage of ephemeral secret key, and key compromise impersonation attacks). The proposed model is particularly suitable for generic AGKE in which the GKE protocol is firstly executed in a black-box manner, and then the authentication protocol is executed. We also study the security analysis problems of this class of generic dynamic AGKE protocols with strong security. Based on the proposed model, we study a modular approach to design secure dynamic AGKE via a generic transformation called as a compiler. A new signature-based protocol compiler is proposed for building secure generic dynamic AGKE. Specifically, the compiler takes as input a passively forward secure GKE protocol and a secure signature scheme, and output a secure AGKE protocol without any modification on the GKE protocol.

We present a server-supported, hash-based digital signature scheme. To achieve greater efficiency than current state of the art, we relax the security model somewhat. We postulate a set of design requirements, discuss some approaches and their practicality, and finally reach a forward-secure scheme with only modest trust assumptions, achieved by employing the concepts of authenticated data structures and blockchains. The concepts of blockchain authenticated data structures and the presented blockchain design could have independent value and are worth further research.

The Fiat-Shamir paradigm encompasses many different ways of turning a given identification scheme into a signature scheme. Security proofs pertain sometimes to one variant, sometimes to another. We systematically study three variants that we call the challenge (signature is challenge and response), commit (signature is commitment and response), and transcript (signature is challenge, commitment and response) variants. Our framework captures the variants via transforms that determine the signature scheme as a function of not only the identification scheme and hash function (to cover both standard and random oracle model hashing), but also what we call a signing algorithm, to cover both classical and with-abort signing. We relate the security of the signature schemes produced by these transforms, giving minimal conditions under which uf-security of one transfers to the other. To apply this comprehensively, we formalize linear identification schemes, show that many schemes in the literature are linear, and show that any linear scheme meets our conditions for the signature schemes given by the three transforms to have equivalent uf-security. Our results give a comprehensive picture of the Fiat-Shamir zoo and allow proofs of security in the literature to be transferred automatically from one variant to another.

While IoT is becoming widespread, cyber security of its devices is still a limiting factor where recent attacks (e.g., the Mirai bot-net) underline the need for countermeasures. One commonly-used security mechanism is a Network Intrusion Detection System (NIDS), but the processing need of NIDS has been a significant bottleneck for large dedicated machines, and a show-stopper for resource-constrained IoT devices. However, the topologies of IoT are evolving, adding intermediate nodes between the weak devices on the edges and the powerful cloud in the center. Also, the hardware of the devices is maturing, with new CPU instruction sets, caches as well as co-processors. As an example, modern single board computers, such as the Odroid XU4, come with integrated Graphics Processing Units (GPUs) that support general purpose computing. Even though using all available hardware efficiently is still an open issue, it has the promise to run NIDS more efficiently.

In this work we introduce CLort, an extension to the well-known NIDS Snort that (a) is designed for IoT devices (b) alleviates the burden of pattern matching for intrusion detection by offloading it to the GPU. We thoroughly explain how our design is used as part of the latest release of Snort and suggest various optimizations to enable processing on the GPU. We evaluate CLort in regards to throughput, packet drops in Snort, and power consumption using publicly available traffic traces. CLort achieves up to 52% faster processing throughput than its CPU counterpart. CLort can also analyze up to 12% more packets than its CPU counterpart when sniffing a network. Finally, the experimental evaluation shows that CLort consumes up to 32% less energy than the CPU counterpart, an important consideration for IoT devices.

In this paper we describe the implementation and detection of a network covert channel based on TCP retransmissions. For the detection, we implemented and evaluated two statistical detection measures that were originally designed for inter-arrival time-based covert channels, namely the \(\epsilon \)-similarity and the compressibility. The \(\varepsilon \)-similarity originally measures the similarity of two timing distributions. The compressibility indicates the presence of a covert channel by measuring the compression ratio of a textual representation of concatenated inter-arrival times. We modified both approaches so that they can be applied to the detection of retransmission-based covert channels, i.e. we performed a so-called countermeasure variation.

Our initial results indicate that the \(\varepsilon \)-similarity can be considered a promising detection method for retransmission-based covert channels while the compressibility itself provides insufficient results but could potentially be used as a classification feature.

The work of Computer Network Defense conducted, for instance, in Security Operations Centers and by Computer Security Incident Teams, is dependent not alone on technology, but also on people. Understanding how people experience these environments is an essential component toward achieving optimal functioning. This paper describes a qualitative research study on the human experience of working in these environments. Using Grounded Theory, a psychological understanding of the experience is developed. Results suggest that positive and negative aspects of the work are either amenable or not amenable to change. Areas of tension are identified, and posited as the focus for improving experience. For this purpose, psychological theories of Social Identity Theory, Relational Dialectics, and Cognitive Dissonance, provide a way of understanding and interpreting these components of Computer Network Defence work, and can be used to assess the experience of staff.

New network security techniques and strategies, such as Moving Target Defense (MTD), with promising narratives and concepts emerge on a regular basis. From a practical point of view, some of the most essential questions in judging a new defense technique are: What kind of attacks—and under which conditions—can be prevented? How does it compare to the state-of-the-art? Are there scenarios in which this technique poses a risk? Answering these questions is often difficult and no common framework for evaluating new techniques exists today.

In this paper we present an early operational version of such a practical evaluation framework that is able to incorporate static and dynamic defenses alike. The main idea is to model realistic networks and attacks with a high level of detail, integrate different defenses into this model, and measure their contribution to security in a given scenario with the help of simulation. To show the validity of our approach we use a small but realistic enterprise network as a case study in which we incorporate different realizations of the MTD technique VM migration. The quantitative results of the simulation based on attacker revenue reveal that VM migration actually has a negative impact on security. Using the log files containing the individual attack steps of the simulation, a qualitative analysis is performed to understand the reason. This combination of quantitative and qualitative analysis options is one of the main benefits of using attack simulation as an evaluation tool.

Secure Shell (SSH) is a preferred target for attacks, as it is frequently used with password-based authentication, and weak passwords can be easily exploited using brute-force attacks. To learn more about adversaries, we can use a honeypot that provides information about attack and exploitation methods. The problem of current honeypot implementations is that attackers can easily detect that they are interacting with a honeypot and stop their activities immediately. Moreover, there is no freely available high-interaction SSH honeypot that provides in-depth tracing of attacks.

Cloud computing can be defined as a model for providing on-demand access to a shared pool of configurable computing resources. In this paper we address the specification and consistency management of authorization policies in Multi-Cloud environments, where an organization may need services from more than one Cloud providers, for instance to avoid vendor lock-in. We have proposed a formal Event-Calculus based model to aggregate authorization policies from multiple Cloud providers. We have also identified and categorized the policy conflicts and proposed Event-Calculus models to reason about them. We have applied our approach on policies from AWS, GCP and Microsoft Azure. Further, we have provided tool support and detailed performance evaluation results.

Cybercrime is on the rise and it’s widely believed that an appropriate cyber hygiene is essential to secure our digital lives. The expression “cyber hygiene” appears in conversations, conferences, scientific articles, legal texts, governmental publications and commercial websites. However, what cyber hygiene is, what is appropriate or optimal cyber hygiene, or what is really meant by this expression and related practices—that is often varying and even somewhat contradicting. We review and analyze selected academic papers, government and corporate publications with the focus on implicit and explicit definitions of what cyber hygiene means to the authors. We also draw parallels and contrast the expression in cyber security context and terminology (cyber awareness, behavior and culture). We present a conceptual analysis and propose a definition to assist in achieving a universal understanding and approach to cyber hygiene. This work is intended to stimulate a clarifying discussion of what appropriate “cyber hygiene” is, how it should be defined and positioned in the wider cyber security context in order to help changing the human behavior for achieving a more secure connected world.

Industry is continuously developing, deploying, and maintaining e-services to transform traditional offerings. While protection of traditional services is well understood, their digital transformation often is vulnerable to known and new attacks. These vulnerabilities open the door for fraudsters to exploit the weaknesses of the new systems and associated services, causing losses of billions of dollars for global economy. This development is caused by the ease of developing new offerings, and the difficulty of performing thorough risk assessment during their design and development. Traditional risk assessment methodologies need to be enhanced to include threat scenarios faced by e-services, and to enable them to match the short development timeframes and to inform the decision-making process. In this paper we present a fraud risk estimation approach addresses these requirements. Based on a list of threat scenarios, our approach calculates the potential risk using pre-computed risk factors, and visualises the analysis result for an informed decision making. In doing so, our approach increases visibility and awareness of fraud risks, and reduces the time spent to calculate potential risks at the design level and throughout development. Together, these properties make our fraud risk estimation approach ideally suited for constantly applied, iterative risk analysis.

A political, economic, socio-cultural, technological, environment and legal (PESTEL) analysis is a framework or tool used to analyse and monitor the macro-environmental factors that have an impact on an organisation. The results identify threats and weaknesses which are used in a strengths, weaknesses, opportunities and threats (SWOT) analysis. In this paper the PESTEL framework was utilized to categorize hacktivism motivations for attack campaigns against certain companies, governments or industries. Our study is based on empirical evidence: of thirty-three hacktivism attack campaigns in manifesto level. Then, the targets of these campaigns were analysed and studied accordingly. As a result, we claim that connecting cyberattacks to motivations permits organizations to determine their external cyberattack risks, allowing them to perform more accurate risk-modeling.

Modern society is becoming increasingly reliant on secure computer systems. Predicting which vulnerabilities are more likely to be exploited by malicious actors is therefore an important task to help prevent cyber attacks. Researchers have tried making such predictions using machine learning. However, recent research has shown that the evaluation of such models require special sampling of training and test sets, and that previous models would have had limited utility in real world settings. This study further develops the results of recent research through the use of their sampling technique for evaluation in combination with a novel data model. Moreover, contrary to recent research, we find that using open web data can help in making better predictions about exploits, and that zero-day exploits are detrimental to the predictive powers of the model. Finally, we discovered that the initial days of vulnerability information is sufficient to make the best possible model. Given our findings, we suggest that more research should be devoted to develop refined techniques for building predictive models for exploits. Gaining more knowledge in this domain would not only help preventing cyber attacks but could yield fruitful insights in the nature of exploit development.

Android is the platform most targeted by attackers. While security solutions have improved against such attacks on one side, attackers introduce new variants of existing malware by employing new strategies to evade them on another side. One of the most effective evasion techniques widely used is updating malicious code at runtime. In this study, an up-to-date dataset of such update attacks called UpDroid is introduced and then analyzed. This dataset consists of 2,479 samples belonging to 21 malware families, of which most have been discovered in just the last few years. While this dataset gives an overview of recent malware, it will also be useful for researchers working on dynamic analysis. Furthermore, in this study, a new classification algorithm based on both static and dynamic features is introduced in order to group such malware into families.

In recent years, cybersecurity management has gained considerable attention due to a rising number and also increasing severity of cyberattacks in particular targeted at critical infrastructures of countries. Especially rapid digitization holds many vulnerabilities that can be easily exploited if not managed appropriately. Consequently, the European Union (EU) has enacted its first directive on cybersecurity. It is based on the Cybersecurity Framework by the US National Institute of Standards and Technology (NIST) and requires critical infrastructure organizations to regularly monitor and report their cybersecurity efforts. We investigated whether the academic body of knowledge in the area of cybersecurity metrics and controls has covered the constituent NIST functions, and also whether NIST shows any noticeable gaps in relation to literature. Our analysis revealed interesting results in both directions, pointing to imbalances in the academic discourse and underrepresented areas in the NIST framework. In terms of the former, we argue that future research should engage more into detecting, responding and recovering from incidents. Regarding the latter, NIST could also benefit from extending into a number of identified topic areas, for example, natural disasters, monetary aspects, and organizational climate.

We are assisting at an evolution in the ecosystem of cryptoware —the malware that encrypts files and makes them unavailable unless the victim pays up. New variants are taking the place once dominated by older versions; incident reports suggest that forthcoming ransomware will be more sophisticated, disruptive, and targeted. Can we anticipate how such future generations of ransomware will work in order to start planning on how to stop them? We argue that among them there will be some which will try to defeat current anti-ransomware; thus, we can speculate over their working principle by studying the weak points in the strategies that seven of the most advanced anti-ransomware are currently implementing. We support our speculations with experiments, proving at the same time that those weak points are in fact vulnerabilities and that the future ransomware that we have imagined can be effective.

Even if a software is proven sound and secure, an attacker can still insert vulnerabilities with fault attacks. In this paper, we propose HAPEI, an Instruction Set Randomization scheme to guarantee Program Execution Integrity even in the presence of hardware fault injection. In particular, we propose a new solution to the multi-predecessors problem. This scheme is then implemented as a hardened CHIP-8 virtual machine, able to ensure program execution integrity, to prove the viability and to explore the limits of HAPEI.

Instruction Set Randomization (ISR) prevents code injection by randomizing the instruction encoding used by programs, thus preventing an attacker from preparing a payload that can be injected in a victim. In this paper we show that code-reuse attacks can be used to circumvent existing ISR techniques and we demonstrate these attacks on an ARMv7 CPU that has been extended with ISR support. To counter this treat, we propose a new ISR that does not have the same vulnerabilities as the existing solutions, imposes moderate decryption cost, does not require additional memory per instruction, and affords efficient random access to the encrypted code. These properties enable efficient hardware implementation of our solution. In order to evaluate our proposal, we implement the new ISR in a hardware simulator and we compare its overhead with respect to existing ISR.

It has become common practice to formally verify the correctness of information-flow analyses wrt. noninterference-like properties. An orthogonal problem is to ensure the correctness of implementations of such analyses. In this article, we propose the benchmark suite IFSpec, which provides sample programs for checking that an information-flow analyzer correctly classifies them as secure or insecure. Our focus is on the Java and Android platforms, and IFSpec supports Java source code, Java bytecode, and Dalvik bytecode. IFSpec is structured into categories that address multiple types of information leakage. We employ IFSpec to validate and compare four information-flow analyzers: Cassandra, Joana, JoDroid, and KeY. IFSpec is based on RIFL, the RS\(^3\) Information-Flow Specification Language, and is open to extensions.

As the number of smartphone users has increased, so has the popularity of dating apps such as Tinder, Hinge, Grindr and Bumbler. At the same time, however, many users have growing privacy concerns about these applications disclosing their sensitive and private information to other service providers and/or strangers. This is particularly exacerbated due to the nature of dating apps requiring access to users’ personal contents such as chat messages, photos, video clips and locations. In this paper, we present an analysis of security and privacy issues in popular dating apps on Android. We carefully analyze the possibility of software vulnerabilities on the five most popular dating apps on Android through network traffic analyses and reverse engineering techniques for each dating app. Our experiment results demonstrate that user credential data can be stolen from all five applications; three apps may lead to the disclosure of user profiles, and one app may lead to the disclosure of chat messages.

Secure software development represents a fundamental part of ‘security by design’ which in turn is a prerequisite for ‘privacy by design’ in the terminology of GDPR (General Data Protection Regulation). To follow and adhere to the principles of privacy by design and security by design during software development is a legal requirement throughout Europe with the introduction of GDPR in 2018. Secure software development is typically based on specific methods that software-design teams apply to discover and solve security threats and thereby to improve the security of systems in general. This paper describes Threat Poker as a team-based method to be exercised during agile software development for assessing both security risk and privacy risk, and for evaluating the effort needed to remove corresponding vulnerabilities in the developed software.