Biblio

Software discovery is a key management function to ensure that systems are free of vulnerabilities, comply with licensing requirements, and support advanced search for systems containing given software. Today, software is predominantly discovered through querying package management tools, or using rules that check for file metadata or contents. These approaches are inadequate as not every software is installed through package managers, and agile development practices lead to frequent deployment of software. Other approaches to software discovery use machine learning methods requiring training phase, or require maintaining knowledge bases. Columbus uses the knowledge of the software packaging practices that evolved over time, and uses the information embedded in the file system impression created by a software package to discover it. Columbus is able to discover software in 92% of all official Docker images. Further, Columbus can be used in problem diagnosis and drift detection situations to compare two different systems, or to determine the evolution of a system overtime.

As the use of low-power and low resource embedded devices continues to increase dramatically with the introduction of new Internet of Things (IoT) devices, security techniques are necessary which are compatible with these devices. This research advances the knowledge in the area of cyber security for the IoT through the exploration of a moving target defense to apply for limiting the time attackers may conduct reconnaissance on embedded systems while considering the challenges presented from IoT devices such as resource and performance constraints. We introduce the design and optimizations for a Micro-Moving Target IPv6 Defense including a description of the modes of operation, needed protocols, and use of lightweight hash algorithms. We also detail the testing and validation possibilities including a Cooja simulation configuration, and describe the direction to further enhance and validate the security technique through large scale simulations and hardware testing followed by providing information on other future considerations.

DNA cryptography is one of the promising fields in cryptographic research which emerged with the evolution of DNA computing. In this era, end to end transmission of secure data by ensuring confidentiality and authenticity over the networks is a real challenge. Even though various DNA based cryptographic algorithms exists, they are not secure enough to provide better security as required with today's security requirements. Hence we propose a cryptographic model which will enhance the message security. A new method of round key selection is used, which provides better and enhanced security against intruder's attack. The crucial attraction of this proposed model is providing multi level security of 3 levels with round key selection and message encryption in level 1, 16×16 matrix manipulation using asymmetric key encryption in level 2 and shift operations in level 3. Thus we design a system with multi level encryption without compromising complexity and size of the cipher text.

The study of spin waves (SW) excitation in magnetic devices is one of the most important topics in modern magnetism due to the applications of the information carrier and the signal processing. We experimentally realize a spin-wave generator, capable of frequency modulation, in a magnonic waveguide. The emission of spin waves was produced by the reversal or oscillation of nanoscale magnetic vortex cores in a NiFe disk array. The vortex cores in the disk array were excited by an out of plane radio frequency (rf) magnetic field. The dynamic behaviors of the magnetization of NiFe were studied using a micro-focused Brillouin light scattering spectroscopy (BLS) setup.

Cross-Site Request Forgery (CSRF) attacks are one of the critical threats to web applications. In this paper, we focus on CSRF attacks targeting web sites' authentication and identity management functionalities. We will refer to them collectively as Authentication CSRF (Auth-CSRF in short). We started by collecting several Auth-CSRF attacks reported in the literature, then analyzed their underlying strategies and identified 7 security testing strategies that can help a manual tester uncover vulnerabilities enabling Auth-CSRF. In order to check the effectiveness of our testing strategies and to estimate the incidence of Auth-CSRF, we conducted an experimental analysis considering 300 web sites belonging to 3 different rank ranges of the Alexa global top 1500. The results of our experiments are alarming: out of the 300 web sites we considered, 133 qualified for conducting our experiments and 90 of these suffered from at least one vulnerability enabling Auth-CSRF (i.e. 68%). We further generalized our testing strategies, enhanced them with the knowledge we acquired during our experiments and implemented them as an extension (namely CSRF-checker) to the open-source penetration testing tool OWASP ZAP. With the help of CSRFchecker, we tested 132 additional web sites (again from the Alexa global top 1500) and identified 95 vulnerable ones (i.e. 72%). Our findings include serious vulnerabilities among the web sites of Microsoft, Google, eBay etc. Finally, we responsibly disclosed our findings to the affected vendors.

With the progressive development of network applications and software dependency, we need to discover more advanced methods for protecting our systems. Each industry is equally affected, and regardless of whether we consider the vulnerability of the government or each individual household or company, we have to find a sophisticated and secure way to defend our systems. The starting point is to create a reliable intrusion detection mechanism that will help us to identify the attack at a very early stage; otherwise in the cyber security space the intrusion can affect the system negatively, which can cause enormous consequences and damage the system's privacy, security or financial stability. This paper proposes a concise, and easy to use statistical learning procedure, abbreviated NASCA, which is a four-stage intrusion detection method that can successfully detect unwanted intrusion to our systems. The model is static, but it can be adapted to a dynamic set up.

With the advent of QR readers and mobile phones the use of graphical codes like QR codes and data matrix code has become very popular. Despite the noise like appearance, it has the advantage of high data capacity, damage resistance and fast decoding robustness. The proposed system embeds the image chosen by the user to develop visually appealing QR codes with improved decoding robustness using BCH algorithm. The QR information bits are encoded into luminance value of the input image. The developed Picode can inspire perceptivity in multimedia applications and can ensure data security for instances like online payments. The system is implemented on Matlab and ARM cortex A8.

Rapid advancement in wearable technology has unlocked a tremendous potential of its applications in the medical domain. Among the challenges in making the technology more useful for medical purposes is the lack of confidence in the data thus generated and communicated. Incentives have led to attacks on such systems. We propose a novel lightweight scheme to securely log the data from bodyworn sensing devices by utilizing neighboring devices as witnesses who store the fingerprints of data in Bloom filters to be later used for forensics. Medical data from each sensor is stored at various locations of the system in chronological epoch-level blocks chained together, similar to the blockchain. Besides secure logging, the scheme offers to secure other contextual information such as localization and timestamping. We prove the effectiveness of the scheme through experimental results. We define performance parameters of our scheme and quantify their cost benefit trade-offs through simulation.

The Cloud Computing is a developing IT concept that faces some issues, which are slowing down its evolution and adoption by users across the world. The lack of security has been the main concern. Organizations and entities need to ensure, inter alia, the integrity and confidentiality of their outsourced sensible data within a cloud provider server. Solutions have been examined in order to strengthen security models (strong authentication, encryption and fragmentation before storing, access control policies...). More particularly, data remanence is undoubtedly a major threat. How could we be sure that data are, when is requested, truly and appropriately deleted from remote servers? In this paper, we aim to produce a survey about this interesting subject and to address the problem of residual data in a cloud-computing environment, which is characterized by the use of virtual machines instantiated in remote servers owned by a third party.

Signature extraction is a critical preprocessing step in forensic log analysis because it enables sophisticated analysis techniques to be applied to logs. Currently, most signature extraction frameworks either use rule-based approaches or handcrafted algorithms. Rule-based systems are error-prone and require high maintenance effort. Hand-crafted algorithms use heuristics and tend to work well only for specialized use cases. In this paper we present a novel approach to extract signatures from forensic logs that is based on a neural language model. This language model learns to identify mutable and non-mutable parts in a log message. We use this information to extract signatures. Neural language models have shown to work extremely well for learning complex relationships in natural language text. We experimentally demonstrate that our model can detect which parts are mutable with an accuracy of 86.4%. We also show how extracted signatures can be used for clustering log lines.

Power grid infrastructures have been exposed to several terrorists and cyber attacks from different perspectives and have resulted in critical system failures. Among different attack strategies, simultaneous attack is feasible for the attacker if enough resources are available at the moment. In this paper, vulnerability analysis for simultaneous attack is investigated, using a modified cascading failure simulator with reduced calculation time than the existing methods. A new damage measurement matrix is proposed with the loss of generation power and time to reach the steady-state condition. The combination of attacks that can result in a total blackout in the shortest time are considered as the strongest simultaneous attack for the system from attacker's viewpoint. The proposed approach can be used for general power system test cases. In this paper, we conducted the experiments on W&W 6 bus system and IEEE 30 bus system for demonstration of the result. The modified simulator can automatically find the strongest attack combinations for reaching maximum damage in terms of generation power loss and time to reach black-out.

The COPA authenticated encryption mode was proved to have a birthday-bound security on integrity, and its instantiation AES-COPA (v1/2) was claimed or conjectured to have a full security on tag guessing. The Marble (v1.0/1.1/1.2) authenticated encryption algorithm was claimed to have a full security on authenticity. Both AES-COPA (v1) and Marble (v1.0) were submitted to the Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) in 2014, and Marble was revised twice (v1.1/1.2) in the first round of CAESAR, and AES-COPA (v1) was tweaked (v2) for the second round of CAESAR. In this paper, we cryptanalyse the basic cases of COPA, AES-COPA and Marble, that process messages of a multiple of the block size long; we present collision-based almost universal forgery attacks on the basic cases of COPA, AES-COPA (v1/2) and Marble (v1.0/1.1/1.2), and show that the basic cases of COPA and AES-COPA have roughly at most a birthday-bound security on tag guessing and the basic case of Marble has roughly at most a birthday-bound security on authenticity. The attacks on COPA and AES-COPA do not violate their birthday-bound security proof on integrity, but the attack on AES-COPA violates its full security claim or conjecture on tag guessing. Therefore, the full security claim or conjecture on tag guessing of AES-COPA and the full security claim on authenticity of Marble are incorrectly far overestimated in the sense of a general understanding of full security of these security notions. Designers should pay attention to these attacks when designing authenticated encryption algorithms with similar structures in the future, and should be careful when claiming the security of an advanced form of a security notion without making a corresponding proof after proving the security of the security notion only under its most fundamental form.

Code reuse detection is a key technique in reverse engineering. However, existing source code similarity comparison techniques are not applicable to binary code. Moreover, compilers have made this problem even more difficult due to the fact that different assembly code and control flow structures can be generated by the compilers even when implementing the same functionality. To address this problem, we present a fuzzy matching approach to compare two functions. We first obtain an initial mapping between basic blocks by leveraging the concept of longest common subsequence on the basic block level and execution path level. We then extend the achieved mapping using neighborhood exploration. To make our approach applicable to large data sets, we designed an effective filtering process using Minhashing. Based on the proposed approach, we implemented a tool named BinSequence and conducted extensive experiments with it. Our results show that given a large assembly code repository with millions of functions, BinSequence is efficient and can attain high quality similarity ranking of assembly functions with an accuracy of above 90%. We also present several practical use cases including patch analysis, malware analysis and bug search.

The Internet of Things (IoT) is transforming the way we live and work by increasing the connectedness of people and things on a scale that was once unimaginable. However, the vulnerabilities in the IoT supply chain have raised serious concerns about the security and trustworthiness of IoT devices and components within them. Testing for device provenance, detection of counterfeit integrated circuits (ICs) and systems, and traceability of IoT devices are challenging issues to address. In this article, we develop a novel radio-frequency identification (RFID)-based system suitable for counterfeit detection, traceability, and authentication in the IoT supply chain called CDTA. CDTA is composed of different types of on-chip sensors and in-system structures that collect necessary information to detect multiple counterfeit IC types (recycled, cloned, etc.), track and trace IoT devices, and verify the overall system authenticity. Central to CDTA is an RFID tag employed as storage and a channel to read the information from different types of chips on the printed circuit board (PCB) in both power-on and power-off scenarios. CDTA sensor data can also be sent to the remote server for authentication via an encrypted Ethernet channel when the IoT device is deployed in the field. A novel board ID generator is implemented by combining outputs of physical unclonable functions (PUFs) embedded in the RFID tag and different chips on the PCB. A light-weight RFID protocol is proposed to enable mutual authentication between RFID readers and tags. We also implement a secure interchip communication on the PCB. Simulations and experimental results using Spartan 3E FPGAs demonstrate the effectiveness of this system. The efficiency of the radio-frequency (RF) communication has also been verified via a PCB prototype with a printed slot antenna.

Mobile attack approaches can be categorized as Application Based Attacks and Frequency Based Attacks. Application based attacks are reviewed extensively in the literature. However, frequency based attacks to mobile phones are not experimented in detail. In this work, we have experimentally succeeded to attack an Android smartphone using a simple software based radio circuit. We have developed a software “Primary Mobile Hack Builder” to control Android operated cellphone as a distance. The SMS information and pictures in the cellphone can be obtained using this device. On the other hand, after launching a software into targeting cellphone, the camera of the cellphone can be controlled for taking pictures and downloading them into our computers. It was also possible to eavesdropping the conversation.

Factoring is an important financial instrument for SMEs to solve liquidity problems, where the invoice is cashed to avoid late buyer payments. Unfortunately, this business model is risky as it relies on human interaction and involved actors (factors in particular) suffer from information asymmetry. One of the risks involved is 'double-financing': the event that an SME extracts funds from multiple factors. To reduce this asymmetry and increase the scalability of this important instrument, we propose a framework, DecReg, based on blockchain technology. We provide the protocols designed for this framework and present performance analysis. This framework will be deployed in practice as of February 2017 in the Netherlands.

The Web today is a growing universe of pages and applications teeming with interactive content. The security of such applications is of the utmost importance, as exploits can have a devastating impact on personal and economic levels. The number one programming language in Web applications is PHP, powering more than 80% of the top ten million websites. Yet it was not designed with security in mind and, today, bears a patchwork of fixes and inconsistently designed functions with often unexpected and hardly predictable behavior that typically yield a large attack surface. Consequently, it is prone to different types of vulnerabilities, such as SQL Injection or Cross-Site Scripting. In this paper, we present an interprocedural analysis technique for PHP applications based on code property graphs that scales well to large amounts of code and is highly adaptable in its nature. We implement our prototype using the latest features of PHP 7, leverage an efficient graph database to store code property graphs for PHP, and subsequently identify different types of Web application vulnerabilities by means of programmable graph traversals. We show the efficacy and the scalability of our approach by reporting on an analysis of 1,854 popular open-source projects, comprising almost 80 million lines of code.

Cloud systems offer a diversity of security mechanisms with potentially complex configuration options. So far, security engineering has focused on achievable security levels, but not on the costs associated with a specific security mechanism and its configuration. Through a series of experiments with a variety of cloud datastores conducted over the last years, we gained substantial knowledge on how one desired quality like security can have a significant impact on other system qualities like performance. In this paper, we report on select findings related to security-performance trade-offs for three prominent cloud datastores, focusing on data in transit encryption, and propose a simple, structured approach for making trade-off decisions based on factual evidence gained through experimentation. Our approach allows to rationally reason about security trade-offs.

Software-defined networking is considered a promising new paradigm, enabling more reliable and formally verifiable communication networks. However, this paper shows that the separation of the control plane from the data plane, which lies at the heart of Software-Defined Networks (SDNs), introduces a new vulnerability which we call teleportation. An attacker (e.g., a malicious switch in the data plane or a host connected to the network) can use teleportation to transmit information via the control plane and bypass critical network functions in the data plane (e.g., a firewall), and to violate security policies as well as logical and even physical separations. This paper characterizes the design space for teleportation attacks theoretically, and then identifies four different teleportation techniques. We demonstrate and discuss how these techniques can be exploited for different attacks (e.g., exfiltrating confidential data at high rates), and also initiate the discussion of possible countermeasures. Generally, and given today's trend toward more intent-based networking, we believe that our findings are relevant beyond the use cases considered in this paper.

The privacy of information is an increasing concern of software applications users. This concern was caused by attacks to cloud services over the last few years, that have leaked confidential information such as passwords, emails and even private pictures. Once the information is leaked, the users and software applications are powerless to contain the spread of information and its misuse. With databases as a central component of applications that store almost all of their data, they are one of the most common targets of attacks. However, typical deployments of databases do not leverage security mechanisms to stop attacks and do not apply cryptographic schemes to protect data. This issue has been tackled by multiple secure databases that provide trade-offs between security, query capabilities and performance. Despite providing stronger security guarantees, the proposed solutions still entrust their data to a single entity that can be corrupted or hacked. Secret sharing can solve this problem by dividing data in multiple secrets and storing each secret at a different location. The division is done in such a way that if one location is hacked, no information can be leaked. Depending on the protocols used to divide data, functions can be computed over this data through secure protocols that do not disclose information or actually know which values are being calculated. We propose a SQL database prototype capable of offering a trade-off between security and query latency by using a different secure protocol. An evaluation of the protocols is also performed, showing that our most relaxed protocol has an improvement of 5+ on the query latency time over the original protocol.

While the clean slate approach proposed by Software Defined Networking (SDN) promises radical changes in the stagnant state of network management, SDN innovation has not gone beyond the intra-domain level. For the inter-domain ecosystem to benefit from the advantages of SDN, Internet Exchange Points (IXPs) are the ideal place: a central interconnection hub through which a large share of the Internet can be affected. In this demo, we showcase the ENDEAVOUR platform: a new software defined exchange approach readily deployable in commercial IXPs. We demonstrate here our implementations of traffic engineering and Distributed Denial of Service mitigation, as well as how member networks cash in on the advanced SDN-features of ENDEAVOUR, typically not available in legacy networks.

Matrix multiplication computation (MMC) is a common scientific and engineering computational task. But such computation involves enormous computing resources for large matrices, which is burdensome for the resource-limited clients. Cloud computing enables computational resource-limited clients to economically outsource such problems to the cloud server. However, outsourcing matrix multiplication to the cloud brings great security concerns and challenges since the matrices and their products often usually contains sensitive information. In a previous work, Lei et al. [1] proposed an algorithm for secure outsourcing MMC by using permutation matrix and the authors argued that it can achieve data privacy. In this paper, we first review the design of Lei's scheme and find a security vulnerability in their algorithm that it reveals the number of zero element in the input matrix to cloud server. Then we present a new verifiable, efficient, and privacy preserving algorithm for outsourcing MMC, which can protect the number privacy of zero elements in original matrices. Our algorithm builds on a series of carefully-designed pseudorandom matrices and well-designed privacy-preserving matrix transformation. Security analysis shows that our algorithm is practically-secure, and offers a higher level of privacy protection than the state-of-the-art algorithm.

Autonomous vehicles must communicate with each other effectively and securely to make robust decisions. However, today's Internet falls short in supporting efficient data delivery and strong data security, especially in a mobile ad-hoc environment. Named Data Networking (NDN), a new data-centric Internet architecture, provides a better foundation for secure data sharing among autonomous vehicles. We examine two potential threats, false data dissemination and vehicle tracking, in an NDN-based autonomous vehicular network. To detect false data, we propose a four-level hierarchical trust model and the associated naming scheme for vehicular data authentication. Moreover, we address vehicle tracking concerns using a pseudonym scheme to anonymize vehicle names and certificate issuing proxies to further protect vehicle identity. Finally, we implemented and evaluated our AutoNDN application on Raspberry Pi-based mini cars in a wireless environment.

In recent years, the emerging Internet-of-Things (IoT) has led to rising concerns about the security of networked embedded devices. In this work, we propose the SIPHON architecture–-a Scalable high-Interaction Honeypot platform for IoT devices. Our architecture leverages IoT devices that are physically at one location and are connected to the Internet through so-called $\backslash$emph\wormholes\ distributed around the world. The resulting architecture allows exposing few physical devices over a large number of geographically distributed IP addresses. We demonstrate the proposed architecture in a large scale experiment with 39 wormhole instances in 16 cities in 9 countries. Based on this setup, five physical IP cameras, one NVR and one IP printer are presented as 85 real IoT devices on the Internet, attracting a daily traffic of 700MB for a period of two months. A preliminary analysis of the collected traffic indicates that devices in some cities attracted significantly more traffic than others (ranging from 600 000 incoming TCP connections for the most popular destination to less than 50 000 for the least popular). We recorded over 400 brute-force login attempts to the web-interface of our devices using a total of 1826 distinct credentials, from which 11 attempts were successful. Moreover, we noted login attempts to Telnet and SSH ports some of which used credentials found in the recently disclosed Mirai malware.