422 research outputs found
Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic with Neural Networks
The IoT (Internet of Things) technology has been widely adopted in recent
years and has profoundly changed the people's daily lives. However, in the
meantime, such a fast-growing technology has also introduced new privacy
issues, which need to be better understood and measured. In this work, we look
into how private information can be leaked from network traffic generated in
the smart home network. Although researchers have proposed techniques to infer
IoT device types or user behaviors under clean experiment setup, the
effectiveness of such approaches become questionable in the complex but
realistic network environment, where common techniques like Network Address and
Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic
analysis using traditional methods (e.g., through classical machine-learning
models) is much less effective under those settings, as the features picked
manually are not distinctive any more. In this work, we propose a traffic
analysis framework based on sequence-learning techniques like LSTM and
leveraged the temporal relations between packets for the attack of device
identification. We evaluated it under different environment settings (e.g.,
pure-IoT and noisy environment with multiple non-IoT devices). The results
showed our framework was able to differentiate device types with a high
accuracy. This result suggests IoT network communications pose prominent
challenges to users' privacy, even when they are protected by encryption and
morphed by the network gateway. As such, new privacy protection methods on IoT
traffic need to be developed towards mitigating this new issue
What is Meant by Permissionless Blockchains?
The term permissionless has established itself within the context of blockchain and distributed ledger research to characterize protocols and systems that exhibit similar properties to Bitcoin. However, the notion of what is meant by permissionlessness is often vague or left implicit within the various literature, rendering it imprecise and hard to compare. We hereby shed light onto this topic by revising research that either incorporates or defines the term permissionless and systematically expose the properties and characteristics that its utilization intends to capture. Based on this review, we highlight current shortcomings and blind spots within the available definitions. In particular, the ability to freely perform transactions between users is often not adequately incorporated and different actor roles are left unspecified. Furthermore, the topics of privacy and governance appear to be largely overlooked
Short Paper: Blockcheck the Typechain
Recent efforts have sought to design new smart contract programming languages that make writing blockchain programs safer. But programs on the blockchain are beholden only to the safety properties enforced by the blockchain itself: even the strictest language-only properties can be rendered moot on a language-oblivious blockchain due to inter-contract interactions. Consequently, while safer languages are a necessity, fully realizing their benefits necessitates a language-aware redesign of the blockchain itself. To this end, we propose that the blockchain be viewed as a typechain: a chain of typed programs-not arbitrary blocks-that are included iff they typecheck against the existing chain. Reaching consensus, or blockchecking, validates typechecking in a byzantine fault-tolerant manner. Safety properties traditionally enforced by a runtime are instead enforced by a type system with the aim of statically capturing smart contract correctness. To provide a robust level of safety, we contend that a typechain must minimally guarantee (1) asset linearity and liveness, (2) physical resource availability, including CPU and memory, (3) exceptionless execution, or no early termination, (4) protocol conformance, or adherence to some state machine, and (5) inter-contract safety, including reentrancy safety. Despite their exacting nature, typechains are extensible, allowing for rich libraries that extend the set of verified properties. We expand on typechain properties and present examples of real-world bugs they prevent
Turning Federated Learning Systems Into Covert Channels
Federated learning (FL) goes beyond traditional, centralized machine learning
by distributing model training among a large collection of edge clients. These
clients cooperatively train a global, e.g., cloud-hosted, model without
disclosing their local, private training data. The global model is then shared
among all the participants which use it for local predictions. In this paper,
we put forward a novel attacker model aiming at turning FL systems into covert
channels to implement a stealth communication infrastructure. The main
intuition is that, during federated training, a malicious sender can poison the
global model by submitting purposely crafted examples. Although the effect of
the model poisoning is negligible to other participants, and does not alter the
overall model performance, it can be observed by a malicious receiver and used
to transmit a single bit
Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings
Short Message Service (SMS) remains one of the most popular communication
channels since its introduction in 2G cellular networks. In this paper, we
demonstrate that merely receiving silent SMS messages regularly opens a
stealthy side-channel that allows other regular network users to infer the
whereabouts of the SMS recipient. The core idea is that receiving an SMS
inevitably generates Delivery Reports whose reception bestows a timing attack
vector at the sender. We conducted experiments across various countries,
operators, and devices to show that an attacker can deduce the location of an
SMS recipient by analyzing timing measurements from typical receiver locations.
Our results show that, after training an ML model, the SMS sender can
accurately determine multiple locations of the recipient. For example, our
model achieves up to 96% accuracy for locations across different countries, and
86% for two locations within Belgium. Due to the way cellular networks are
designed, it is difficult to prevent Delivery Reports from being returned to
the originator making it challenging to thwart this covert attack without
making fundamental changes to the network architecture
- …