We gratefully acknowledge support from
the Simons Foundation and member institutions.

Cryptography and Security

New submissions

[ total of 16 entries: 1-16 ]
[ showing up to 2000 entries per page: fewer | more ]

New submissions for Wed, 8 Jul 20

[1]  arXiv:2007.03302 [pdf, ps, other]
Title: VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching
Comments: Published in Annual Computer Security Applications Conference (ACSAC'19)
Subjects: Cryptography and Security (cs.CR)

Polymorphism and inheritance make C++ suitable for writing complex software, but significantly increase the attack surface because the implementation relies on virtual function tables (vtables). These vtables contain function pointers that attackers can potentially hijack and in practice, vtable hijacking is one of the most important attack vector for C++ binaries.
In this paper, we present VTable Pointer Separation (VPS), a practical binary-level defense against vtable hijacking in C++ applications. Unlike previous binary-level defenses, which rely on unsound static analyses to match classes to virtual callsites, VPS achieves a more accurate protection by restricting virtual callsites to validly created objects. More specifically, VPS ensures that virtual callsites can only use objects created at valid object construction sites, and only if those objects can reach the callsite. Moreover, VPS explicitly prevents false positives (falsely identified virtual callsites) from breaking the binary, an issue existing work does not handle correctly or at all. We evaluate the prototype implementation of VPS on a diverse set of complex, real-world applications (MongoDB, MySQL server, Node.js, SPEC CPU2017/CPU2006), showing that our approach protects on average 97.8% of all virtual callsites in SPEC CPU2006 and 97.4% in SPEC CPU2017 (all C++ benchmarks), with a moderate performance overhead of 11% and 9% geomean, respectively. Furthermore, our evaluation reveals 86 false negatives in VTV, a popular source-based defense which is part of GCC.

[2]  arXiv:2007.03330 [pdf, other]
Title: Optimal Witnessing of Healthcare IoT Data Using Blockchain Logging Contract
Comments: 12 pages, 12 figures
Subjects: Cryptography and Security (cs.CR)

Verification of data generated by wearable sensors is increasingly becoming of concern to health service providers and insurance companies. There is a need for a verification framework that various authorities can request a verification service for the local network data of a target IoT device. In this paper, we leverage blockchain as a distributed platform to realize an on-demand verification scheme. This allows authorities to automatically transact with connected devices for witnessing services. A public request is made for witness statements on the data of a target IoT that is transmitted on its local network, and subsequently, devices (in close vicinity of the target IoT) offer witnessing service.
Our contributions are threefold: (1) We develop a system architecture based on blockchain and smart contract that enables authorities to dynamically avail a verification service for data of a subject device from a distributed set of witnesses which are willing to provide (in a privacy-preserving manner) their local wireless measurement in exchange of monetary return; (2) We then develop a method to optimally select witnesses in such a way that the verification error is minimized subject to monetary cost constraints; (3) Lastly, we evaluate the efficacy of our scheme using real Wi-Fi session traces collected from a five-storeyed building with more than thirty access points, representative of a hospital. According to the current pricing schedule of the Ethereum public blockchain, our scheme enables healthcare authorities to verify data transmitted from a typical wearable device with the verification error of the order 0.01% at cost of less than two dollars for one-hour witnessing service.

[3]  arXiv:2007.03486 [pdf, other]
Title: Composite Metrics for Network Security Analysis
Comments: 23 pages journal
Journal-ref: Software Networking, 2018(1), 137-160
Subjects: Cryptography and Security (cs.CR)

Security metrics present the security level of a system or a network in both qualitative and quantitative ways. In general, security metrics are used to assess the security level of a system and to achieve security goals. There are a lot of security metrics for security analysis, but there is no systematic classification of security metrics that are based on network reachability information. To address this, we propose a systematic classification of existing security metrics based on network reachability information. Mainly, we classify the security metrics into host-based and network-based metrics. The host-based metrics are classified into metrics ``without probability" and "with probability", while the network-based metrics are classified into "path-based" and "non-path based". Finally, we present and describe an approach to develop composite security metrics and it's calculations using a Hierarchical Attack Representation Model (HARM) via an example network. Our novel classification of security metrics provides a new methodology to assess the security of a system.

[4]  arXiv:2007.03505 [pdf, other]
Title: On the Efficiency of Decentralized File Storage for Personal Information Management Systems
Comments: To appear in the Proceedings of the 25th IEEE Symposium on Computers and Communications (ISCC 2020)
Subjects: Cryptography and Security (cs.CR); Distributed, Parallel, and Cluster Computing (cs.DC); Information Retrieval (cs.IR); Networking and Internet Architecture (cs.NI); Performance (cs.PF)

This paper presents an architecture, based on Distributed Ledger Technologies (DLTs) and Decentralized File Storage (DFS) systems, to support the use of Personal Information Management Systems (PIMS). DLT and DFS are used to manage data sensed by mobile users equipped with devices with sensing capability. DLTs guarantee the immutability, traceability and verifiability of references to personal data, that are stored in DFS. In fact, the inclusion of data digests in the DLT makes it possible to obtain an unalterable reference and a tamper-proof log, while remaining compliant with the regulations on personal data, i.e. GDPR. We provide an experimental evaluation on the feasibility of the use of DFS. Three different scenarios have been studied: i) a proprietary IPFS approach with a dedicated node interfacing with the data producers, ii) a public IPFS service and iii) Sia Skynet. Results show that through proper configuration of the system infrastructure, it is viable to build a decentralized Personal Data Storage (PDS).

[5]  arXiv:2007.03531 [pdf, other]
Title: Economically Viable Randomness
Subjects: Cryptography and Security (cs.CR); Computer Science and Game Theory (cs.GT)

We study the problem of providing blockchain applications with \emph{economically viable randomness} (EVR), namely, randomness that has significant economic consequences. Applications of EVR include blockchain-based lotteries and gambling. An EVR source guarantees (i) secrecy, assuring that the random bits are kept secret until some predefined condition indicates that they are safe to reveal (e.g., the lottery's ticket sale closes), and (ii) robustness, guaranteeing that the random bits are published once the condition holds. We formalize the EVR problem and solve it on top of an Ethereum-like blockchain abstraction, which supports smart contracts and a transferable native coin. Randomness is generated via a distributed open commit-reveal scheme by game-theoretic agents who strive to maximize their coin holdings. Note that in an economic setting, such agents might profit from breaking secrecy or robustness, and may engage in side agreements (via smart contracts) to this end. Our solution creates an incentive structure that counters such attacks. We prove that following the protocol gives rise to a stable state, called Coalition-Proof Nash Equilibrium, from which no coalition comprised of a subset of the players can agree to deviate. In this stable state, robustness and secrecy are satisfied. Finally, we implement our EVR source over Ethereum.

[6]  arXiv:2007.03548 [pdf, other]
Title: Breaking and Fixing Destructive Code Read Defenses
Comments: Published in 33rd Annual Computer Security Applications Conference (ACSAC'17)
Subjects: Cryptography and Security (cs.CR)

Just-in-time return-oriented programming (JIT-ROP) is a powerful memory corruption attack that bypasses various forms of code randomization. Execute-only memory (XOM) can potentially prevent these attacks, but requires source code. In contrast, destructive code reads (DCR) provide a trade-off between security and legacy compatibility. The common belief is that DCR provides strong protection if combined with a high-entropy code randomization.
The contribution of this paper is twofold: first, we demonstrate that DCR can be bypassed regardless of the underlying code randomization scheme. To this end, we show novel, generic attacks that infer the code layout for highly randomized program code. Second, we present the design and implementation of BGDX (Byte-Granular DCR and XOM), a novel mitigation technique that protects legacy binaries against code inference attacks. BGDX enforces memory permissions on a byte-granular level allowing us to combine DCR and XOM for legacy, off-the-shelf binaries. Our evaluation shows that BGDX is not only effective, but highly efficient, imposing only a geometric mean performance overhead of 3.95% on SPEC.

[7]  arXiv:2007.03549 [pdf, other]
Title: An Exploratory Analysis of Microcode as a Building Block for System Defenses
Comments: Published in ACM SIGSAC Conference on Computer and Communications Security (CCS'18)
Subjects: Cryptography and Security (cs.CR)

Microcode is an abstraction layer used by modern x86 processors that interprets user-visible CISC instructions to hardware-internal RISC instructions. The capability to update x86 microcode enables a vendor to modify CPU behavior in-field, and thus patch erroneous microarchitectural processes or even implement new features. Most prominently, the recent Spectre and Meltdown vulnerabilities were mitigated by Intel via microcode updates. Unfortunately, microcode is proprietary and closed source, and there is little publicly available information on its inner workings.
In this paper, we present new reverse engineering results that extend and complement the public knowledge of proprietary microcode. Based on these novel insights, we show how modern system defenses and tools can be realized in microcode on a commercial, off-the-shelf AMD x86 CPU. We demonstrate how well-established system security defenses such as timing attack mitigations, hardware-assisted address sanitization, and instruction set randomization can be realized in microcode. We also present a proof-of-concept implementation of a microcode-assisted instrumentation framework. Finally, we show how a secure microcode update mechanism and enclave functionality can be implemented in microcode to realize a small trusted execution environment. All microcode programs and the whole infrastructure needed to reproduce and extend our results are publicly available.

[8]  arXiv:2007.03550 [pdf, ps, other]
Title: Detile: Fine-Grained Information Leak Detection in Script Engines
Subjects: Cryptography and Security (cs.CR)

Memory disclosure attacks play an important role in the exploitation of memory corruption vulnerabilities. By analyzing recent research, we observe that bypasses of defensive solutions that enforce control-flow integrity or attempt to detect return-oriented programming require memory disclosure attacks as a fundamental first step. However, research lags behind in detecting such information leaks.
In this paper, we tackle this problem and present a system for fine-grained, automated detection of memory disclosure attacks against scripting engines. The basic insight is as follows: scripting languages, such as JavaScript in web browsers, are strictly sandboxed. They must not provide any insights about the memory layout in their contexts. In fact, any such information potentially represents an ongoing memory disclosure attack. Hence, to detect information leaks, our system creates a clone of the scripting engine process with a re-randomized memory layout. The clone is instrumented to be synchronized with the original process. Any inconsistency in the script contexts of both processes appears when a memory disclosure was conducted to leak information about the memory layout. Based on this detection approach, we have designed and implemented Detile (\underline{det}ection of \underline{i}nformation \underline{le}aks), a prototype for the JavaScript engine in Microsoft's Internet Explorer 10/11 on Windows 8.0/8.1. An empirical evaluation shows that our tool can successfully detect memory disclosure attacks even against this proprietary software.

[9]  arXiv:2007.03602 [pdf, other]
Title: WLCG Authorisation from X.509 to Tokens
Comments: 8 pages, 3 figures, to appear in the proceedings of CHEP 2019
Subjects: Cryptography and Security (cs.CR); Distributed, Parallel, and Cluster Computing (cs.DC)

The WLCG Authorisation Working Group was formed in July 2017 with the objective to understand and meet the needs of a future-looking Authentication and Authorisation Infrastructure (AAI) for WLCG experiments. Much has changed since the early 2000s when X.509 certificates presented the most suitable choice for authorisation within the grid; progress in token based authorisation and identity federation has provided an interesting alternative with notable advantages in usability and compatibility with external (commercial) partners. The need for interoperability in this new model is paramount as infrastructures and research communities become increasingly interdependent. Over the past two years, the working group has made significant steps towards identifying a system to meet the technical needs highlighted by the community during staged requirements gathering activities. Enhancement work has been possible thanks to externally funded projects, allowing existing AAI solutions to be adapted to our needs. A cornerstone of the infrastructure is the reliance on a common token schema in line with evolving standards and best practices, allowing for maximum compatibility and easy cooperation with peer infrastructures and services. We present the work of the group and an analysis of the anticipated changes in authorisation model by moving from X.509 to token based authorisation. A concrete example of token integration in Rucio is presented.

[10]  arXiv:2007.03651 [pdf, other]
Title: Towards Systematically Deriving Defence Mechanisms from Functional Requirements of Cyber-Physical Systems
Comments: Accepted by the ACM Cyber-Physical System Security Workshop (CPSS 2020)
Subjects: Cryptography and Security (cs.CR)

The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated the development of different attack detection mechanisms, such as those that monitor for violations of invariants, i.e. properties that always hold in normal operation. Given the complexity of CPSs, several existing approaches focus on deriving invariants automatically from data logs, but these can miss possible system behaviours if they are not represented in that data. Furthermore, resolving any design flaws identified in this process is costly, as the CPS is already built. In this position paper, we propose a systematic method for deriving invariants before a CPS is built by analysing its functional requirements. Our method, inspired by the axiomatic design methodology for systems, iteratively analyses dependencies in the design to construct equations and process graphs that model the invariant relationships between CPS components. As a preliminary study, we applied it to the design of a water treatment plant testbed, implementing checkers for two invariants by using decision trees, and finding that they could detect some examples of attacks on the testbed with high accuracy and without false positives. Finally, we explore how developing our method further could lead to more robust CPSs and reduced costs by identifying design weaknesses before systems are implemented.

Replacements for Wed, 8 Jul 20

[11]  arXiv:2002.03488 (replaced) [pdf, other]
Title: Security and Privacy in IoT Using Machine Learning and Blockchain: Threats & Countermeasures
Comments: 35 pages, ACM CSUR Journal
Subjects: Cryptography and Security (cs.CR); Machine Learning (cs.LG)
[12]  arXiv:2002.07088 (replaced) [pdf, other]
Title: Robust Physical Hard-Label Attacks on Deep Learning Visual Classification
Subjects: Cryptography and Security (cs.CR); Computer Vision and Pattern Recognition (cs.CV); Machine Learning (cs.LG)
[13]  arXiv:2006.08513 (replaced) [pdf, other]
Title: Flood & Loot: A Systemic Attack On The Lightning Network
Subjects: Cryptography and Security (cs.CR)
[14]  arXiv:2006.14109 (replaced) [pdf, other]
Title: Scalable Data Classification for Security and Privacy
Subjects: Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI); Computers and Society (cs.CY)
[15]  arXiv:1909.01783 (replaced) [pdf, ps, other]
Title: Oracle Efficient Private Non-Convex Optimization
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR); Machine Learning (stat.ML)
[16]  arXiv:2007.02393 (replaced) [pdf, other]
Title: Deep Convolutional Neural Network for Identifying Seam-Carving Forgery
Subjects: Multimedia (cs.MM); Cryptography and Security (cs.CR); Computer Vision and Pattern Recognition (cs.CV)
[ total of 16 entries: 1-16 ]
[ showing up to 2000 entries per page: fewer | more ]

Disable MathJax (What is MathJax?)

Links to: arXiv, form interface, find, cs, recent, 2007, contact, help  (Access key information)