1,017 research outputs found
Invisible Pixels Are Dead, Long Live Invisible Pixels!
Privacy has deteriorated in the world wide web ever since the 1990s. The
tracking of browsing habits by different third-parties has been at the center
of this deterioration. Web cookies and so-called web beacons have been the
classical ways to implement third-party tracking. Due to the introduction of
more sophisticated technical tracking solutions and other fundamental
transformations, the use of classical image-based web beacons might be expected
to have lost their appeal. According to a sample of over thirty thousand images
collected from popular websites, this paper shows that such an assumption is a
fallacy: classical 1 x 1 images are still commonly used for third-party
tracking in the contemporary world wide web. While it seems that ad-blockers
are unable to fully block these classical image-based tracking beacons, the
paper further demonstrates that even limited information can be used to
accurately classify the third-party 1 x 1 images from other images. An average
classification accuracy of 0.956 is reached in the empirical experiment. With
these results the paper contributes to the ongoing attempts to better
understand the lack of privacy in the world wide web, and the means by which
the situation might be eventually improved.Comment: Forthcoming in the 17th Workshop on Privacy in the Electronic Society
(WPES 2018), Toronto, AC
Science Hackathons for Cyberphysical System Security Research: Putting CPS testbed platforms to good use
A challenge is to develop cyber-physical system scenarios that reflect the
diversity and complexity of real-life cyber-physical systems in the research
questions that they address. Time-bounded collaborative events, such as
hackathons, jams and sprints, are increasingly used as a means of bringing
groups of individuals together, in order to explore challenges and develop
solutions. This paper describes our experiences, using a science hackathon to
bring individual researchers together, in order to develop a common use-case
implemented on a shared CPS testbed platform that embodies the diversity in
their own security research questions. A qualitative study of the event was
conducted, in order to evaluate the success of the process, with a view to
improving future similar events
InversOS: Efficient Control-Flow Protection for AArch64 Applications with Privilege Inversion
With the increasing popularity of AArch64 processors in general-purpose
computing, securing software running on AArch64 systems against control-flow
hijacking attacks has become a critical part toward secure computation. Shadow
stacks keep shadow copies of function return addresses and, when protected from
illegal modifications and coupled with forward-edge control-flow integrity,
form an effective and proven defense against such attacks. However, AArch64
lacks native support for write-protected shadow stacks, while software
alternatives either incur prohibitive performance overhead or provide weak
security guarantees.
We present InversOS, the first hardware-assisted write-protected shadow
stacks for AArch64 user-space applications, utilizing commonly available
features of AArch64 to achieve efficient intra-address space isolation (called
Privilege Inversion) required to protect shadow stacks. Privilege Inversion
adopts unconventional design choices that run protected applications in the
kernel mode and mark operating system (OS) kernel memory as user-accessible;
InversOS therefore uses a novel combination of OS kernel modifications,
compiler transformations, and another AArch64 feature to ensure the safety of
doing so and to support legacy applications. We show that InversOS is secure by
design, effective against various control-flow hijacking attacks, and
performant on selected benchmarks and applications (incurring overhead of 7.0%
on LMBench, 7.1% on SPEC CPU 2017, and 3.0% on Nginx web server).Comment: 18 pages, 9 figures, 4 table
Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic with Neural Networks
The IoT (Internet of Things) technology has been widely adopted in recent
years and has profoundly changed the people's daily lives. However, in the
meantime, such a fast-growing technology has also introduced new privacy
issues, which need to be better understood and measured. In this work, we look
into how private information can be leaked from network traffic generated in
the smart home network. Although researchers have proposed techniques to infer
IoT device types or user behaviors under clean experiment setup, the
effectiveness of such approaches become questionable in the complex but
realistic network environment, where common techniques like Network Address and
Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic
analysis using traditional methods (e.g., through classical machine-learning
models) is much less effective under those settings, as the features picked
manually are not distinctive any more. In this work, we propose a traffic
analysis framework based on sequence-learning techniques like LSTM and
leveraged the temporal relations between packets for the attack of device
identification. We evaluated it under different environment settings (e.g.,
pure-IoT and noisy environment with multiple non-IoT devices). The results
showed our framework was able to differentiate device types with a high
accuracy. This result suggests IoT network communications pose prominent
challenges to users' privacy, even when they are protected by encryption and
morphed by the network gateway. As such, new privacy protection methods on IoT
traffic need to be developed towards mitigating this new issue
Undermining User Privacy on Mobile Devices Using AI
Over the past years, literature has shown that attacks exploiting the
microarchitecture of modern processors pose a serious threat to the privacy of
mobile phone users. This is because applications leave distinct footprints in
the processor, which can be used by malware to infer user activities. In this
work, we show that these inference attacks are considerably more practical when
combined with advanced AI techniques. In particular, we focus on profiling the
activity in the last-level cache (LLC) of ARM processors. We employ a simple
Prime+Probe based monitoring technique to obtain cache traces, which we
classify with Deep Learning methods including Convolutional Neural Networks. We
demonstrate our approach on an off-the-shelf Android phone by launching a
successful attack from an unprivileged, zeropermission App in well under a
minute. The App thereby detects running applications with an accuracy of 98%
and reveals opened websites and streaming videos by monitoring the LLC for at
most 6 seconds. This is possible, since Deep Learning compensates measurement
disturbances stemming from the inherently noisy LLC monitoring and unfavorable
cache characteristics such as random line replacement policies. In summary, our
results show that thanks to advanced AI techniques, inference attacks are
becoming alarmingly easy to implement and execute in practice. This once more
calls for countermeasures that confine microarchitectural leakage and protect
mobile phone applications, especially those valuing the privacy of their users
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth
Illicit crypto-mining leverages resources stolen from victims to mine
cryptocurrencies on behalf of criminals. While recent works have analyzed one
side of this threat, i.e.: web-browser cryptojacking, only commercial reports
have partially covered binary-based crypto-mining malware. In this paper, we
conduct the largest measurement of crypto-mining malware to date, analyzing
approximately 4.5 million malware samples (1.2 million malicious miners), over
a period of twelve years from 2007 to 2019. Our analysis pipeline applies both
static and dynamic analysis to extract information from the samples, such as
wallet identifiers and mining pools. Together with OSINT data, this information
is used to group samples into campaigns. We then analyze publicly-available
payments sent to the wallets from mining-pools as a reward for mining, and
estimate profits for the different campaigns. All this together is is done in a
fully automated fashion, which enables us to leverage measurement-based
findings of illicit crypto-mining at scale. Our profit analysis reveals
campaigns with multi-million earnings, associating over 4.4% of Monero with
illicit mining. We analyze the infrastructure related with the different
campaigns, showing that a high proportion of this ecosystem is supported by
underground economies such as Pay-Per-Install services. We also uncover novel
techniques that allow criminals to run successful campaigns.Comment: A shorter version of this paper appears in the Proceedings of 19th
ACM Internet Measurement Conference (IMC 2019). This is the full versio
Narwhal and Tusk: A DAG-based Mempool and Efficient BFT Consensus
We propose separating the task of reliable transaction dissemination from
transaction ordering, to enable high-performance Byzantine fault-tolerant
quorum-based consensus. We design and evaluate a mempool protocol, Narwhal,
specializing in high-throughput reliable dissemination and storage of causal
histories of transactions. Narwhal tolerates an asynchronous network and
maintains high performance despite failures. Narwhal is designed to easily
scale-out using multiple workers at each validator, and we demonstrate that
there is no foreseeable limit to the throughput we can achieve. Composing
Narwhal with a partially synchronous consensus protocol (Narwhal-HotStuff)
yields significantly better throughput even in the presence of faults or
intermittent loss of liveness due to asynchrony. However, loss of liveness can
result in higher latency. To achieve overall good performance when faults occur
we design Tusk, a zero-message overhead asynchronous consensus protocol, to
work with Narwhal. We demonstrate its high performance under a variety of
configurations and faults. As a summary of results, on a WAN, Narwhal-Hotstuff
achieves over 130,000 tx/sec at less than 2-sec latency compared with 1,800
tx/sec at 1-sec latency for Hotstuff. Additional workers increase throughput
linearly to 600,000 tx/sec without any latency increase. Tusk achieves 160,000
tx/sec with about 3 seconds latency. Under faults, both protocols maintain high
throughput, but Narwhal-HotStuff suffers from increased latency
A brief tour of formally secure compilation
Modern programming languages provide helpful high-level abstractions and mechanisms (e.g. types, module, automatic memory management) that enforce good programming practices and are crucial when writing correct and secure code. However, the security guarantees provided by such abstractions are not preserved when a compiler translates a source program into object code. Formally secure compilation is an emerging research field concerned with the design and the implementation of compilers that preserve source-level security properties at the object level. This paper presents a short guided tour of the relevant literature on secure compilation. Our goal is to help newcomers to grasp the basic concepts of this field and, for this reason, we rephrase and present the most relevant results in the literature in a common setting
- …