Biblio

Filters: Author is Tan, Cheng  [Clear All Filters]
2021-11-29
Tan, Cheng, Zhang, Lijun, Bao, Liang.  2020.  A Deep Exploration of BitLocker Encryption and Security Analysis. 2020 IEEE 20th International Conference on Communication Technology (ICCT). :1070–1074.
Due to the popularity of Windows system, BitLocker is widely used as a built-in disk encryption tool. As a commercial application, the design of BitLocker has to consider a capability of disaster recovery, which helps a user to recover data stored on encrypted disk when a regular access is not available. In this case, it will inevitably lead to some security risks when using BitLocker. We have a deep exploration of BitLocker encryption mechanism in this paper. We present the decryption method of encrypted VMK in case of system partition encryption and non-system partition encryption, respectively. VMK is the core key in BitLocker, with which the encrypted partition or the entire disk can be further decrypted. As for security analysis on BitLocker, we firstly make a difficulty analysis of brute force cracking on BitLocker keys, and then we analyze a possible threat caused by key theft. Based on this, we propose a few countermeasures about BitLocker usage. Additionally, we give some suggestions about security enhancement of BitLocker encryption.
2020-03-23
Qin, Peng, Tan, Cheng, Zhao, Lei, Cheng, Yueqiang.  2019.  Defending against ROP Attacks with Nearly Zero Overhead. 2019 IEEE Global Communications Conference (GLOBECOM). :1–6.
Return-Oriented Programming (ROP) is a sophisticated exploitation technique that is able to drive target applications to perform arbitrary unintended operations by constructing a gadget chain reusing existing small code sequences (gadgets) collected across the entire code space. In this paper, we propose to address ROP attacks from a different angle-shrinking available code space at runtime. We present ROPStarvation , a generic and transparent ROP countermeasure that defend against all types of ROP attacks with almost zero run-time overhead. ROPStarvation does not aim to completely stop ROP attacks, instead it attempts to significantly increase the bar by decreasing the possibility of launching a successful ROP exploit in reality. Moreover, shrinking available code space at runtime is lightweight that makes ROPStarvation practical for being deployed with high performance requirement. Results show that ROPStarvation successfully reduces the code space of target applications by 85%. With the reduced code segments, ROPStarvation decreases the probability of building a valid ROP gadget chain by 100% and 83% respectively, with the assumptions that whether the adversary knows the vulnerable applications are protected by ROPStarvation . Evaluations on the SPEC CPU2006 benchmark show that ROPStarvation introduces nearly zero (0.2% on average) run-time performance overhead.