International Conferences: ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS) 2015, Singapore
SoS Newsletter- Advanced Book Block
 |
International Conferences: ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS) 2015, Singapore |
The 10th annual ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS) held in Singapore, April 14-17, 2015. This year’s conference featured tracks on cyber-physical security and cryptography. The web page for the conference is at: http://icsd.i2r.a-star.edu.sg/asiaccs15/
Chris Y.T. Ma, David K.Y. Yau; “On Information-theoretic Measures for Quantifying Privacy Protection of Time-series Data;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 427-438. Doi: 10.1145/2714576.2714577
Abstract: Privacy protection of time-series data, such as traces of household electricity usage reported by smart meters, is of much practical importance. Solutions are available to improve data privacy by perturbing clear traces to produce noisy versions visible to adversaries, e.g., in battery-based load hiding (BLH) against non-intrusive load monitoring (NILM). A foundational task for research progress in the area is the definition of privacy measures that can truly evaluate the effectiveness of proposed protection methods. It is a difficult problem since resilience against any attack algorithms known to the designer is inconclusive, given that adversaries could discover or indeed already know stronger algorithms for attacks. A more basic measure is information-theoretic in nature, which quantifies the inherent information available for exploitation by an adversary, independent of how the adversary exploits it or indeed any assumed computational limitations of the adversary. In this paper, we analyze information-theoretic measures for privacy protection and apply them to several existing protection methods against NILM. We argue that although these measures abstract away the details of attacks, the kind of information the adversary considers plays a key role in the evaluation, and that a new measure of offline conditional entropy is better suited for evaluating the privacy of perturbed real-world time-series data, compared with other existing measures.
Keywords: conditional entropy, correlated time-series, privacy measure, privacy protection (ID#: 15-5577)
URL: http://doi.acm.org/10.1145/2714576.2714577
Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, Feng Hao; “TouchSignatures: Identification of User Touch Actions based on Mobile Sensors via JavaScript;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 673-673. Doi: 10.1145/2714576.2714650
Abstract: Conforming to the recent W3C specifications (www.w3.org/TR/orientation-event), modern mobile web browsers generally allow JavaScript code in a web page to access motion and orientation sensor data without the user's permission. The associated risks to user privacy are however not considered in W3C specifications. In this work, for the first time, we show how user privacy can be compromised using device motion and orientation sensor data available in-browser, despite the fact that the data rate is 5 to 10 times slower than what is attainable in-app. We examine different browsers on the Android and iOS platforms and study their policies in granting permissions to JavaScript code with respect to access to motion and orientation sensor data and identify multiple vulnerabilities. Based on our findings, we propose TouchSignatures, implementation of an attack in which malicious JavaScript code on an inactive tab listens to such sensor data measurements. Based on these streams, TouchSignatures is able to distinguish the user's touch actions (e.g., tap, scroll, hold, and zoom) on an active tab, allowing the remote website to learn the client-side user activities. Finally, we demonstrate the practicality of this attack by collecting real-world user data and reporting high success rates using our proof-of-concept implementation.
Keywords: classifier, javascript attack, mobile browser, mobile sensors, touch actions, user privacy (ID#: 15-5578 )
URL: http://doi.acm.org/10.1145/2714576.2714650
Zhi-Kai Zhang, Michael Cheng Yi Cho, Shiuhpyng Shieh; “Emerging Security Threats and Countermeasures in IoT;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 1-6. Doi: 10.1145/2714576.2737091
Abstract: IoT (Internet of Things) diversifies the future Internet, and has drawn much attention. As more and more gadgets (i.e. Things) connected to the Internet, the huge amount of data exchanged has reached an unprecedented level. As sensitive and private information exchanged between things, privacy becomes a major concern. Among many important issues, scalability, transparency, and reliability are considered as new challenges that differentiate IoT from the conventional Internet. In this paper, we enumerate the IoT communication scenarios and investigate the threats to the large-scale, unreliable, pervasive computing environment. To cope with these new challenges, the conventional security architecture will be revisited. In particular, various authentication schemes will be evaluated to ensure the confidentiality and integrity of the exchanged data.
Keywords: authentication, communication, iot, privacy, security (ID#: 15-5579)
URL: http://doi.acm.org/10.1145/2714576.2737091
Gokay Saldamli, Richard Chow, Hongxia Jin; “Albatross: A Privacy-Preserving Location Sharing System;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 1-6. Doi: 10.1145/2714576.2714640
Abstract: We describe an architecture and a trial implementation of a privacy-preserving location sharing system called Albatross. The system protects location information from the service provider and yet enables fine-grained location-sharing. One main feature of the system is to protect an individual's social network structure. The pattern of location sharing preferences towards contacts can reveal this structure without any knowledge of the locations themselves. Albatross protects locations sharing preferences through protocol unification and masking. Albatross has been implemented as a standalone solution, but the technology can also be integrated into location-based services to enhance privacy.
Keywords: location privacy, privacy, private location sharing (ID#: 15-5580)
URL: http://doi.acm.org/10.1145/2714576.2714640
Wei-Yen Day, Ninghui Li; “Differentially Private Publishing of High-dimensional Data Using Sensitivity Control;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 451-462. Doi: 10.1145/2714576.2714621
Abstract: In this paper, we present DPSense, an approach to publish statistical information from datasets under differential privacy via sensitivity control. More specifically, we consider the problem of publishing column counts for high-dimensional datasets, such as query logs or the Netflix dataset. The key challenge is that as the sensitivity is high, high-magnitude noises need to be added to satisfy differential privacy. We explore how to effectively performs sensitivity control, i.e., limiting the contribution of each tuple in the dataset. We introduce a novel low-sensitivity quality function that enables one to effectively choose a contribution limit while satisfying differential privacy. Based on DPSense, we further propose an extension to correct the under-estimation bias, which we call DPSense-S. Experimental results show that our proposed approaches advance the state of the art for publishing noisy column counts and for finding the columns with the highest counts. Finally, we give the analysis and discussion for the stability of DPSense and DPSense-S, which benefits from the high correlation between quality function and error, as well as other insights of DPSense, DPSense-S, and existing approaches.
Keywords: differential privacy, high-dimensional data, private data publishing (ID#: 15-5581)
URL: http://doi.acm.org/10.1145/2714576.2714621
Katerina Doka, Mingqiang Xue, Dimitrios Tsoumakos, Panagiotis Karras; “k-Anonymization by Freeform Generalization;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 451-462. Doi: 10.1145/2714576.2714590
Abstract: Syntactic data anonymization strives to (i) ensure that an adversary cannot identify an individual's record from published attributes with high probability, and (ii) provide high data utility. These mutually conflicting goals can be expressed as an optimization problem with privacy as the constraint and utility as the objective function. Conventional research using the k-anonymity model has resorted to publishing data in homogeneous generalized groups. A recently proposed alternative does not create such cliques; instead, it recasts data values in a heterogeneous manner, aiming for higher utility. Nevertheless, such works never defined the problem in the most general terms; thus, the utility gains they achieve are limited. In this paper, we propose a methodology that achieves the full potential of heterogeneity and gains higher utility while providing the same privacy guarantee. We formulate the problem of maximal-utility k-anonymization by freeform generalization as a network flow problem. We develop an optimal solution therefor using Mixed Integer Programming. Given the non-scalability of this solution, we develop an O(k n2) Greedy algorithm that has no time-complexity disadvantage vis-á-vis previous approaches, an O(k n2 log n) enhanced version thereof, and an O(k n3) adaptation of the Hungarian algorithm; these algorithms build a set of k perfect matchings from original to anonymized data, a novel approach to the problem. Moreover, our techniques can resist adversaries who may know the employed algorithms. Our experiments with real-world data verify that our schemes achieve near-optimal utility (with gains of up to 41%), while they can exploit parallelism and data partitioning, gaining an efficiency advantage over simpler methods.
Keywords: anonymization, freeform generalization, privacy (ID#: 15-5582)
URL: http://doi.acm.org/10.1145/2714576.2714590
Anirban Basu, Juan Camilo Corena, Jaideep Vaidya, Jon Crowcroft, Shinsaku Kiyomoto, Yung Shin Van Der Sype, Yutaka Miyake; “Practical Private One-way Anonymous Message Routing;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 665-665. Doi: 10.1145/2714576.2714641
Abstract: Opinions from people can either be biased or reflect low participation due to legitimate concerns about privacy and anonymity. To alleviate those concerns, the identity of a message sender should be disassociated from the message while the contents of the actual message should be hidden from any relaying nodes. We propose a novel message routing scheme based on probabilistic forwarding that guarantees message privacy and sender anonymity through additively homomorphic public-key encryption. Our scheme is applicable to anonymous surveys and microblogging.
Keywords: anonymity, privacy, routing (ID#: 15-5583)
URL: http://doi.acm.org/10.1145/2714576.2714641
Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, Berk Sunar; “Lucky 13 Strikes Back;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 85-96. Doi: 10.1145/2714576.2714625
Abstract: In this work we show how the Lucky 13 attack can be resurrected in the cloud by gaining access to a virtual machine co-located with the target. Our version of the attack exploits distinguishable cache access times enabled by VM deduplication to detect dummy function calls that only happen in case of an incorrectly CBC-padded TLS packet. Thereby, we gain back a new covert channel not considered in the original paper that enables the Lucky 13 attack. In fact, the new side channel is significantly more accurate, thus yielding a much more effective attack. We briefly survey prominent cryptographic libraries for this vulnerability. The attack currently succeeds to compromise PolarSSL, GnuTLS and CyaSSL on deduplication enabled platforms while the Lucky 13 patches in OpenSSL, Mozilla NSS and MatrixSSL are immune to this vulnerability. We conclude that, any program that follows secret data dependent execution flow is exploitable by side-channel attacks as shown in (but not limited to) our version of the Lucky 13 attack.
Keywords: cross-vm attacks, deduplication, lucky 13 attack, virtualization (ID#: 15-5584)
URL: http://doi.acm.org/10.1145/2714576.2714625
Ahmad-Reza Sadeghi, Lucas Davi, Per Larsen; “Securing Legacy Software against Real-World Code-Reuse Exploits: Utopia, Alchemy, or Possible Future?;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 55-61. Doi: 10.1145/2714576.2737090
Abstract: Exploitation of memory-corruption vulnerabilities in widely-used software has been a threat for over two decades and no end seems to be in sight. Since performance and backwards compatibility trump security concerns, popular programs such as web browsers, servers, and office suites still contain large amounts of untrusted legacy code written in error-prone languages such as C and C++. At the same time, modern exploits are evolving quickly and routinely incorporate sophisticated techniques such as code reuse and memory disclosure. As a result, they bypass all widely deployed countermeasures including data execution prevention (DEP) and code randomization such as address space layout randomization (ASLR). The good news is that the security community has recently introduced several promising prototype defenses that offer a more principled response to modern exploits. Even though these solutions have improved substantially over time, they are not perfect and weaknesses that allow bypasses are continually being discovered. Moreover, it remains to be seen whether these prototype defenses can be matured and integrated into operating systems, compilers, and other systems software. This paper provides a brief overview of current state-of-the-art exploitation and defense techniques against run-time exploits and elaborates on innovative research prototypes that may one day stem the tide of sophisticated exploits. We also provide a brief analysis and categorization of existing defensive techniques and ongoing work in the areas of code randomization and control-flow integrity, and cover both hardware and software-based solutions.
Keywords: control-flow integrity, fine-grained randomization, software exploitation (ID#: 15-5585)
URL: http://doi.acm.org/10.1145/2714576.2737090
Hua Deng, Qianhong Wu, Bo Qin, Willy Susilo, Joseph Liu, Wenchang Shi; “Asymmetric Cross-cryptosystem Re-encryption Applicable to Efficient and Secure Mobile Access to Outsourced Data;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 393-404. Doi: 10.1145/2714576.2714632
Abstract: With the increasing development of pervasive computing and wireless bandwidth communication, more mobile devices are used to access sensitive data stored in remote servers. In such applications, a practical issue emerges such as how to exploit the sufficient resource of a server so that the file owners can enforce fine-grained access control over the remotely stored files, while enable resource-limited mobile devices to easily access the protected data, especially if the storage server maintained by a third party is untrusted. This challenge mainly arises from the asymmetric capacity among the participants, i.e., the capacity limited mobile devices and the resource abundant server (and file owners equipped with fixed computers). To meet the security requirements in mobile access to sensitive data, we propose a new encryption paradigm, referred to as asymmetric cross-cryptosystem re-encryption (ACCRE) by leveraging the asymmetric capacity of the participants. In ACCRE, relatively light-weight identity-based encryption (IBE) is deployed in mobile devices, while resource-consuming but versatile identity-based broadcast encryption (IBBE) is deployed in servers and fixed computers of the file owners. The core of ACCRE is a novel ciphertext conversion mechanism that allows an authorized proxy to convert a complicated IBBE ciphertext into a simple IBE ciphertext affordable to mobile devices, without leaking any sensitive information to the proxy. Following this paradigm, we propose an efficient ACCRE scheme with its security formally reduced to the security of the underlying IBE and IBBE schemes. Thorough theoretical analyses and extensive experiments confirm that the scheme takes very small cost for mobile devices to access encrypted data and is practical to secure mobile computing applications.
Keywords: data security, identity-based broadcast encryption, identity-based encryption, proxy re-encryption (ID#: 15-5586)
URL: http://doi.acm.org/10.1145/2714576.2714632
Fengwei Zhang, Kevin Leach, Haining Wang, Angelos Stavrou; “TrustLogin: Securing Password-Login on Commodity Operating Systems;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 333-344. Doi: 10.1145/2714576.2714614
Abstract: With the increasing prevalence of Web 2.0 and cloud computing, password-based logins play an increasingly important role on user-end systems. We use passwords to authenticate ourselves to countless applications and services. However, login credentials can be easily stolen by attackers. In this paper, we present a framework, TrustLogin, to secure password-based logins on commodity operating systems. TrustLogin leverages System Management Mode to protect the login credentials from malware even when OS is compromised. TrustLogin does not modify any system software in either client or server and is transparent to users, applications, and servers. We conduct two study cases of the framework on legacy and secure applications, and the experimental results demonstrate that TrustLogin is able to protect login credentials from real-world keyloggers on Windows and Linux platforms. TrustLogin is robust against spoofing attacks. Moreover, the experimental results also show TrustLogin introduces a low overhead with the tested applications.
Keywords: keyloggers, login password, system management mode (ID#: 15-5587)
URL: http://doi.acm.org/10.1145/2714576.2714614
Haoyu Ma, Kangjie Lu, Xinjie Ma, Haining Zhang, Chunfu Jia, Debin Gao; “Software Watermarking using Return-Oriented Programming;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 369-380. Doi: 10.1145/2714576.2714582
Abstract: We propose a novel dynamic software watermarking design based on Return-Oriented Programming (ROP). Our design formats watermarking code into well-crafted data arrangements that look like normal data but could be triggered to execute. Once triggered, the pre-constructed ROP execution will recover the hidden watermark message. The proposed ROP-based watermarking technique is more stealthy and resilient over existing techniques since the watermarking code is allocated dynamically into data region and therefore out of reach of attacks based on code analysis. Evaluations show that our design not only achieves satisfying stealth and resilience, but also causes significantly lower overhead to the watermarked program.
Keywords: code obfuscation, return-oriented programming, reverse engineering, software watermarking (ID#: 15-5588)
URL: http://doi.acm.org/10.1145/2714576.2714582
Chung Hwan Kim, Sungjin Park, Junghwan Rhee, Jong-Jin Won, Taisook Han, Dongyan Xu; “CAFE: A Virtualization-Based Approach to Protecting Sensitive Cloud Application Logic Confidentiality;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 651-656. Doi: 10.1145/2714576.2714594
Abstract: Cloud application marketplaces of modern cloud infrastructures offer a new software deployment model, integrated with the cloud environment in its configuration and policies. However, similar to traditional software distribution which has been suffering from software piracy and reverse engineering, cloud marketplaces face the same challenges that can deter the success of the evolving ecosystem of cloud software. We present a novel system named CAFE for cloud infrastructures where sensitive software logic can be executed with high secrecy protected from any piracy or reverse engineering attempts in a virtual machine even when its operating system kernel is compromised. The key mechanism is the end-to-end framework for the execution of applications, which consists of the secure encryption and distribution of confidential application binary files, and the runtime techniques to load, decrypt, and protect the program logic by isolating them from tenant virtual machines based on hypervisor-level techniques. We evaluate applications in several software categories which are commonly offered in cloud marketplaces showing that strong confidential execution can be provided with only marginal changes (around 100-220 lines of code) and minimal performance overhead.
Keywords: cloud computing marketplace, code confidentiality protection, secure execution environment (ID#: 15-5589)
URL: http://doi.acm.org/10.1145/2714576.2714594
Enrico Bacis, Simone Mutti, Stefano Paraboschi; “AppPolicyModules: Mandatory Access Control for Third-Party Apps;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 309-320. Doi: 10.1145/2714576.2714626
Abstract: Android has recently introduced the support for Mandatory Access Control, which extends previous security services relying on the Android Permission Framework and on the kernel-level Discretionary Access Control. This extension has been obtained with the use of SELinux and its adaptation to Android (SEAndroid). Currently, the use of the MAC model is limited to the protection of system resources. All the apps that are installed by users fall in a single undifferentiated domain, untrusted_app. We propose an extension of the architecture that permits to associate with each app a dedicated MAC policy, contained in a dedicated appPolicyModule, in order to protect app resources even from malware with root privileges. A crucial difference with respect to the support for policy modules already available in some SELinux implementations is the need to constrain the policies in order to guarantee that an app policy is not able to manipulate the system policy. We present the security requirements that have to be satisfied by the support for modules and show that our solution satisfies these requirements. The support for appPolicyModules can also be the basis for the automatic generation of policies, with a stricter enforcement of Android permissions. A prototype has been implemented and experimental results show a minimal performance overhead for app installation and runtime.
Keywords: administrative policies, android, app security, mandatory access control, policy modularity, selinux (ID#: 15-5590)
URL: http://doi.acm.org/10.1145/2714576.2714626
Jongho Won, Seung-Hyun Seo, Elisa Bertino; “A Secure Communication Protocol for Drones and Smart Objects;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 249-260. Doi: 10.1145/2714576.2714616
Abstract: In many envisioned drone-based applications, drones will communicate with many different smart objects, such as sensors and embedded devices. Securing such communications requires an effective and efficient encryption key establishment protocol. However, the design of such a protocol must take into account constrained resources of smart objects and the mobility of drones. In this paper, a secure communication protocol between drones and smart objects is presented. To support the required security functions, such as authenticated key agreement, non-repudiation, and user revocation, we propose an efficient Certificateless Signcryption Tag Key Encapsulation Mechanism (eCLSC-TKEM). eCLSC-TKEM reduces the time required to establish a shared key between a drone and a smart object by minimizing the computational overhead at the smart object. Also, our protocol improves drone's efficiency by utilizing dual channels which allows many smart objects to concurrently execute eCLSC-TKEM. We evaluate our protocol on commercially available devices, namely AR.Drone2.0 and TelosB, by using a parking management testbed. Our experimental results show that our protocol is much more efficient than other protocols.
Keywords: certificateless signcryption, drone communications (ID#: 15-5591)
URL: http://doi.acm.org/10.1145/2714576.2714616
Heqing Huang, Kai Chen, Chuangang Ren, Peng Liu, Sencun Zhu, Dinghao Wu; “Towards Discovering and Understanding Unexpected Hazards in Tailoring Antivirus Software for Android;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 7-18. Doi: 10.1145/2714576.2714589
Abstract: In its latest comparison of Android Virus Detectors (AVDs), the independent lab AV-TEST reports that they have around 95% malware detection rate. This only indicates that current AVDs on Android have good malware signature databases. When the AVDs are deployed on the fast-evolving mobile system, their effectiveness should also be measured on their runtime behavior. Therefore, we perform a comprehensive analysis on the design of top 30 AVDs tailored for Android. Our new understanding of the AVDs' design leads us to discover the hazards in adopting AVD solutions for Android, including hazards in malware scan (malScan) mechanisms and the engine update (engineUpdate). First, the malScan mechanisms of all the analyzed AVDs lack comprehensive and continuous scan coverage. To measure the seriousness of the identified hazards, we implement targeted evasions at certain time (e.g., end of the scan) and locations (certain folders) and find that the evasions can work even under the assumption that the AVDs are equipped with "complete" virus definition files. Second, we discover that, during the engineUpdate, the Android system surprisingly nullifies all types of protections of the AVDs and renders the system for a period of high risk. We confirmed the presence of this vulnerable program logic in all versions of Google Android source code and other vendor customized system images. Since AVDs have about 650-1070 million downloads on the Google store, we immediately reported these hazards to AVD vendors across 16 countries. Google also confirmed our discovered hazard in the engineUpdate procedure, so feature enhancements might be included in later versions. Our research sheds the light on the importance of taking the secure and preventive design strategies for AVD or other mission critical apps for fast-evolving mobile-systems.
Keywords: anti-malware, malware, mobile, vulnerability measurement (ID#: 15-5592)
URL: http://doi.acm.org/10.1145/2714576.2714589
Nitin Chiluka, Nazareno Andrade, Johan Pouwelse, Henk Sips; “Social Networks Meet Distributed Systems: Towards a Robust Sybil Defense under Churn;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 507-518. Doi: 10.1145/2714576.2714606
Abstract: This paper examines the impact of heavy churn on the robustness of decentralized social network-based Sybil defense (SNSD) schemes. Our analysis reveals that (i) heavy churn disintegrates the social overlay network that is fundamental to these schemes into multiple disconnected components, resulting in poor network connectivity, and (ii) a naive solution that adds links from each node to all its 2-hop neighbors improves network connectivity but comes at a significant cost of poor attack resilience of these schemes. We propose a new design point in the trade-off between network connectivity and attack resilience of SNSD schemes, where each node adds links to only a selective few of all its 2-hop neighbors based on a minimum expansion contribution (MinEC) heuristic. Extensive evaluation through simulations shows that our approach fares as good as the naive 2-hop solution in terms of network connectivity, while making little compromise on the attack resilience. Moreover, our approach preserves the fast-mixing property that is fundamental to many SNSD schemes even at high levels of churn. This result suggests that existing and potential future SNSD schemes relying on this property can incorporate our approach into their designs with minimal changes.
Keywords: churn, social overlay network, sybil attack (ID#: 15-5593)
URL: http://doi.acm.org/10.1145/2714576.2714606
Marco Caselli, Emmanuele Zambon, Frank Kargl; “Sequence-aware Intrusion Detection in Industrial Control Systems;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 13-24. Doi: 10.1145/2732198.2732200
Abstract: Nowadays, several threats endanger cyber-physical systems. Among these systems, industrial control systems (ICS) operating on critical infrastructures have been proven to be an attractive target for attackers. The case of Stuxnet has not only showed that ICSs are vulnerable to cyber-attacks, but also that some of these attacks rely on understanding the processes beyond the employed systems and using such knowledge to maximize the damage. This concept is commonly known as "semantic attack". Our paper discusses a specific type of semantic attack involving "sequences of events". Common network intrusion detection systems (NIDS) generally search for single, unusual or "not permitted" operations. In our case, rather than a malicious event, we show how a specific series of "permitted" operations can elude standard intrusion detection systems and still damage an infrastructure. Moreover, we present a possible approach to the development of a sequence-aware intrusion detection system (S-IDS). We propose a S-IDS reference architecture and we discuss all the steps through its implementations. Finally, we test the S-IDS on real ICS traffic samples captured from a water treatment and purification facility.
Keywords: cyber-physical system, intrusion detection system, semantic attack, sequence attack (ID#: 15-5594)
URL: http://doi.acm.org/10.1145/2732198.2732200
Dinesha Ranathunga, Matthew Roughan, Phil Kernick, Nick Falkner, Hung Nguyen; “Identifying the Missing Aspects of the ANSI/ISA Best Practices for Security Policy;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 13-24. Doi: 10.1145/2732198.2732201
Abstract: Firewall configuration is a critical activity for the Supervisory Control and Data Acquisition (SCADA) networks that control power stations, water distribution, factory automation, etc. The American National Standards Institute (ANSI) provides specifications for the best practices in developing high-level security policy [1]. However, firewalls continue to be configured manually, a common but error prone process. Automation can make designing firewall configurations more reliable and their deployment increasingly cost-effective. ANSI best practices lack specification in several key aspects needed to allow a firewall to be automatically configured. In this paper we discuss the missing aspects of the existing best practice specifications and propose solutions. We then apply our corrected best practice specifications to real SCADA firewall configurations and evaluate their usefulness for high-level automated specification of firewalls.
Keywords: firewall auto-configuration, scada network security, security policy, zone-conduit model (ID#: 15-5595)
URL: http://doi.acm.org/10.1145/2732198.2732201
Ning Zhang, Kun Sun, Wenjing Lou, Y. Thomas Hou, Sushil Jajodia; “Now You See Me: Hide and Seek in Physical Address Space;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 321-331. Doi: 10.1145/2714576.2714600
Abstract: With the growing complexity of computing systems, memory based forensic techniques are becoming instrumental in digital investigations. Digital forensic examiners can unravel what happened on a system by acquiring and inspecting in-memory data. Meanwhile, attackers have developed numerous anti-forensic mechanisms to defeat existing memory forensic techniques by manipulation of system software such as OS kernel. To counter anti-forensic techniques, some recent researches suggest that memory acquisition process can be trusted if the acquisition module has not been tampered with and all the operations are performed without relying on any untrusted software including the operating system. However, in this paper, we show that it is possible for malware to bypass the current state-of-art trusted memory acquisition module by manipulating the physical address space layout, which is shared between physical memory and I/O devices on x86 platforms. This fundamental design on x86 platform enables an attacker to build an OS agnostic anti-forensic system. Base on this finding, we propose Hidden in I/O Space (HIveS) which manipulates CPU registers to alter such physical address layout. The system uses a novel I/O Shadowing technique to lock a memory region named HIveS memory into I/O address space, so all operation requests to the HIveS memory will be redirected to the I/O bus instead of the memory controller. To access the HIveS memory, the attacker unlocks the memory by mapping it back into the memory address space. Two novel techniques, Blackbox Write and TLB Camouflage, are developed to further protect the unlocked HIveS memory against memory forensics while allowing attackers to access it. A HIveS prototype is built and tested against a set of memory acquisition tools for both Windows and Linux running on x86 platform. Lastly, we propose potential countermeasures to detect and mitigate HIveS.
Keywords: digital forensics, memory acquisition, rootkits, system security (ID#: 15-5596)
URL: http://doi.acm.org/10.1145/2714576.2714600
Tsz Hon Yuen, Cong Zhang, Sherman S.M. Chow, Siu Ming Yiu; “Related Randomness Attacks for Public Key Cryptosystems;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 215-223. Doi: 10.1145/2714576.2714622
Abstract: We initiate the study of related randomness attack in the face of a number of practical attacks in public key cryptography, ranges from active attacks like fault-injection, to passive attacks like software (mis)implementation on choosing random numbers. Our new definitions cover the well-known related-key attacks (RKA) where secret keys are related, and a number of new attacks, namely, related encryption randomness attacks, related signing randomness attacks, and related public key attacks. We provide generic constructions for security against these attacks, which are efficiently built upon normal encryption and signature schemes, leveraging RKA-secure pseudorandom function and generator.
Keywords: identity-based encryption, public key encryption, related-key attack, related-randomness attack, signatures (ID#: 15-5597)
URL: http://doi.acm.org/10.1145/2714576.2714622
David Nuñez, Isaac Agudo, Javier Lopez; “NTRUReEncrypt: An Efficient Proxy Re-Encryption Scheme Based on NTRU;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 179-189. Doi: 10.1145/2714576.2714585
Abstract: The use of alternative foundations for constructing more secure and efficient cryptographic schemes is a topic worth exploring. In the case of proxy re-encryption, the vast majority of schemes are based on number theoretic problems such as the discrete logarithm. In this paper we present NTRUReEncrypt, a new bidirectional and multihop proxy re-encryption scheme based on NTRU, a widely known lattice-based cryptosystem. We provide two versions of our scheme: the first one is based on the conventional NTRU encryption scheme and, although it lacks a security proof, remains as efficient as its predecessor; the second one is based on a variant of NTRU proposed by Stehlé and Steinfeld, which is proven CPA-secure under the hardness of the Ring-LWE problem. To the best of our knowledge, our proposals are the first proxy re-encryption schemes to be based on the NTRU primitive. In addition, we provide experimental results to show the efficiency of our proposal, as well as a comparison with previous proxy re-encryption schemes, which confirms that our first scheme outperforms the rest by an order of magnitude.
Keywords: lattice-based cryptography, ntru, proxy re-encryption (ID#: 15-5598)
URL: http://doi.acm.org/10.1145/2714576.2714585
Chris Y.T. Ma, David K.Y. Yau; “On Information-theoretic Measures for Quantifying Privacy Protection of Time-series Data;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 427-438. Doi: 10.1145/2714576.2714577
Abstract: Privacy protection of time-series data, such as traces of household electricity usage reported by smart meters, is of much practical importance. Solutions are available to improve data privacy by perturbing clear traces to produce noisy versions visible to adversaries, e.g., in battery-based load hiding (BLH) against non-intrusive load monitoring (NILM). A foundational task for research progress in the area is the definition of privacy measures that can truly evaluate the effectiveness of proposed protection methods. It is a difficult problem since resilience against any attack algorithms known to the designer is inconclusive, given that adversaries could discover or indeed already know stronger algorithms for attacks. A more basic measure is information-theoretic in nature, which quantifies the inherent information available for exploitation by an adversary, independent of how the adversary exploits it or indeed any assumed computational limitations of the adversary. In this paper, we analyze information-theoretic measures for privacy protection and apply them to several existing protection methods against NILM. We argue that although these measures abstract away the details of attacks, the kind of information the adversary considers plays a key role in the evaluation, and that a new measure of offline conditional entropy is better suited for evaluating the privacy of perturbed real-world time-series data, compared with other existing measures.
Keywords: conditional entropy, correlated time-series, privacy measure, privacy protection (ID#: 15-5599)
URL: http://doi.acm.org/10.1145/2714576.2714577
Min Zheng, Hui Xue, Yulong Zhang, Tao Wei, John C.S. Lui; “Enpublic Apps: Security Threats Using iOS Enterprise and Developer Certificates;” ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, April 2015, Pages 463-474. Doi: 10.1145/2714576.2714593
Abstract: Compared with Android, the conventional wisdom is that iOS is more secure. However, both jailbroken and non-jailbroken iOS devices have number of vulnerabilities. For iOS, apps need to interact with the underlying system using Application Programming Interfaces (APIs). Some of these APIs remain undocumented and Apple forbids apps in App Store from using them. These APIs, also known as "private APIs", provide powerful features to developers and yet they may have serious security consequences if misused. Furthermore, apps which use private APIs can bypass the App Store and use the "Apple's Enterprise/Developer Certificates" for distribution. This poses a significant threat to the iOS ecosystem. So far, there is no formal study to understand these apps and how private APIs are being encapsulated. We call these iOS apps which distribute to the public using enterprise certificates as "enpublic" apps. In this paper, we present the design and implementation of iAnalytics, which can automatically analyze "enpublic" apps' private API usages and vulnerabilities. Using iAnalytics, we crawled and analyzed 1,408 enpublic iOS apps. We discovered that: 844 (60%) out of the 1408 apps do use private APIs, 14 (1%) apps contain URL scheme vulnerabilities, 901 (64%) enpublic apps transport sensitive information through unencrypted channel or store the information in plaintext on the phone. In addition, we summarized 25 private APIs which are crucial and security sensitive on iOS 6/7/8, and we have filed one CVE (Common Vulnerabilities and Exposures) for iOS devices.
Keywords: enterprise certificate, ios, private apis (ID#: 15-5600)
URL: http://doi.acm.org/10.1145/2714576.2714593
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.