Visible to the public Biblio

Filters: Keyword is malicious modification  [Clear All Filters]
2022-01-31
Varshney, Gaurav, Shah, Naman.  2021.  A DNS Security Policy for Timely Detection of Malicious Modification on Webpages. 2021 28th International Conference on Telecommunications (ICT). :1—5.
End users consider the data available through web as unmodified. Even when the web is secured by HTTPS, the data can be tampered in numerous tactical ways reducing trust on the integrity of data at the clients' end. One of the ways in which the web pages can be modified is via client side browser extensions. The extensions can transparently modify the web pages at client's end and can include new data to the web pages with minimal permissions. Clever modifications can be addition of a fake news or a fake advertisement or a link to a phishing website. We have identified through experimentation that such attacks are possible and have potential for serious damages. To prevent and detect such modifications we present a novel domain expressiveness based approach that uses DNS (Domain Name System) TXT records to express the Hash of important web pages that gets verified by the browsers to detect/thwart any modifications to the contents that are launched via client side malicious browser extensions or via cross site scripting. Initial experimentation suggest that the technique has potential to be used and deployed.
2020-09-21
Vasile, Mario, Groza, Bogdan.  2019.  DeMetrA - Decentralized Metering with user Anonymity and layered privacy on Blockchain. 2019 23rd International Conference on System Theory, Control and Computing (ICSTCC). :560–565.
Wear and tear are essential in establishing the market value of an asset. From shutter counters on DSLRs to odometers inside cars, specific counters, that encode the degree of wear, exist on most products. But malicious modification of the information that they report was always a concern. Our work explores a solution to this problem by using the blockchain technology, a layered encoding of product attributes and identity-based cryptography. Merging such technologies is essential since blockchains facilitate the construction of a distributed database that is resilient to adversarial modifications, while identity-based signatures set room for a more convenient way to check the correctness of the reported values based on the name of the product and pseudonym of the owner alone. Nonetheless, we reinforce security by using ownership cards deployed around NFC tokens. Since odometer fraud is still a major practical concern, we discuss a practical scenario centered on vehicles, but the framework can be easily extended to many other assets.
2019-02-13
Dessouky, G., Abera, T., Ibrahim, A., Sadeghi, A..  2018.  LiteHAX: Lightweight Hardware-Assisted Attestation of Program Execution. 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). :1–8.

Unlike traditional processors, embedded Internet of Things (IoT) devices lack resources to incorporate protection against modern sophisticated attacks resulting in critical consequences. Remote attestation (RA) is a security service to establish trust in the integrity of a remote device. While conventional RA is static and limited to detecting malicious modification to software binaries at load-time, recent research has made progress towards runtime attestation, such as attesting the control flow of an executing program. However, existing control-flow attestation schemes are inefficient and vulnerable to sophisticated data-oriented programming (DOP) attacks subvert these schemes and keep the control flow of the code intact. In this paper, we present LiteHAX, an efficient hardware-assisted remote attestation scheme for RISC-based embedded devices that enables detecting both control-flow attacks as well as DOP attacks. LiteHAX continuously tracks both the control-flow and data-flow events of a program executing on a remote device and reports them to a trusted verifying party. We implemented and evaluated LiteHAX on a RISC-V System-on-Chip (SoC) and show that it has minimal performance and area overhead.

2017-10-27
Temkin, Kyle J., Summerville, Douglas H..  2016.  An Algorithmic Method for the Implantation of Detection-Resistant Covert Hardware Trojans. Proceedings of the 11th Annual Cyber and Information Security Research Conference. :4:1–4:8.
This work presents a new class of Covert Hardware Trojan Horses (Covert HTHs), which can be algorithmically implanted with no change to their host circuit's functional behavior and without the need for additional unrelated logic. As a result, Covert HTHs are invulnerable to functional detection methods. This work also proposes a formal methodology for implantation of Covert HTHs, which allows covert hardware to be embedded in any sufficiently-sized synchronous circuit. Synthesis results indicate that covert implantation results in nearly a 75% reduction in integrated circuit area used by the HTH. Furthermore, the covert implantation causes no increase in the host circuit's delay and, compared to the effect of an overtly implanted HTH on its host, the covert implantation results in a significantly lower dynamic and leakage power. These significant reductions in area, delay and power make a covertly implanted HTH highly resistant to existing non-functional detection methods.
2015-05-06
Tsoutsos, N.G., Maniatakos, M..  2014.  Fabrication Attacks: Zero-Overhead Malicious Modifications Enabling Modern Microprocessor Privilege Escalation. Emerging Topics in Computing, IEEE Transactions on. 2:81-93.

The wide deployment of general purpose and embedded microprocessors has emphasized the need for defenses against cyber-attacks. Due to the globalized supply chain, however, there are several stages where a processor can be maliciously modified. The most promising stage, and the hardest during which to inject the hardware trojan, is the fabrication stage. As modern microprocessor chips are characterized by very dense, billion-transistor designs, such attacks must be very carefully crafted. In this paper, we demonstrate zero overhead malicious modifications on both high-performance and embedded microprocessors. These hardware trojans enable privilege escalation through execution of an instruction stream that excites the necessary conditions to make the modification appear. The minimal footprint, however, comes at the cost of a small window of attack opportunities. Experimental results show that malicious users can gain escalated privileges within a few million clock cycles. In addition, no system crashes were reported during normal operation, rendering the modifications transparent to the end user.