29,806 research outputs found
USBcat - Towards an Intrusion Surveillance Toolset
This paper identifies an intrusion surveillance framework which provides an
analyst with the ability to investigate and monitor cyber-attacks in a covert
manner. Where cyber-attacks are perpetrated for the purposes of espionage the
ability to understand an adversary's techniques and objectives are an important
element in network and computer security. With the appropriate toolset,
security investigators would be permitted to perform both live and stealthy
counter-intelligence operations by observing the behaviour and communications
of the intruder. Subsequently a more complete picture of the attacker's
identity, objectives, capabilities, and infiltration could be formulated than
is possible with present technologies. This research focused on developing an
extensible framework to permit the covert investigation of malware.
Additionally, a Universal Serial Bus (USB) Mass Storage Device (MSD) based
covert channel was designed to enable remote command and control of the
framework. The work was validated through the design, implementation and
testing of a toolset.Comment: In Proceedings AIDP 2014, arXiv:1410.322
A Covert Data Transport Protocol
Both enterprise and national firewalls filter network connections. For data
forensics and botnet removal applications, it is important to establish the
information source. In this paper, we describe a data transport layer which
allows a client to transfer encrypted data that provides no discernible
information regarding the data source. We use a domain generation algorithm
(DGA) to encode AES encrypted data into domain names that current tools are
unable to reliably differentiate from valid domain names. The domain names are
registered using (free) dynamic DNS services. The data transmission format is
not vulnerable to Deep Packet Inspection (DPI).Comment: 8 pages, 10 figures, conferenc
A Novel Side-Channel in Real-Time Schedulers
We demonstrate the presence of a novel scheduler side-channel in preemptive,
fixed-priority real-time systems (RTS); examples of such systems can be found
in automotive systems, avionic systems, power plants and industrial control
systems among others. This side-channel can leak important timing information
such as the future arrival times of real-time tasks.This information can then
be used to launch devastating attacks, two of which are demonstrated here (on
real hardware platforms). Note that it is not easy to capture this timing
information due to runtime variations in the schedules, the presence of
multiple other tasks in the system and the typical constraints (e.g.,
deadlines) in the design of RTS. Our ScheduLeak algorithms demonstrate how to
effectively exploit this side-channel. A complete implementation is presented
on real operating systems (in Real-time Linux and FreeRTOS). Timing information
leaked by ScheduLeak can significantly aid other, more advanced, attacks in
better accomplishing their goals
Revisiting Deniability in Quantum Key Exchange via Covert Communication and Entanglement Distillation
We revisit the notion of deniability in quantum key exchange (QKE), a topic
that remains largely unexplored. In the only work on this subject by Donald
Beaver, it is argued that QKE is not necessarily deniable due to an
eavesdropping attack that limits key equivocation. We provide more insight into
the nature of this attack and how it extends to other constructions such as QKE
obtained from uncloneable encryption. We then adopt the framework for quantum
authenticated key exchange, developed by Mosca et al., and extend it to
introduce the notion of coercer-deniable QKE, formalized in terms of the
indistinguishability of real and fake coercer views. Next, we apply results
from a recent work by Arrazola and Scarani on covert quantum communication to
establish a connection between covert QKE and deniability. We propose DC-QKE, a
simple deniable covert QKE protocol, and prove its deniability via a reduction
to the security of covert QKE. Finally, we consider how entanglement
distillation can be used to enable information-theoretically deniable protocols
for QKE and tasks beyond key exchange.Comment: 16 pages, published in the proceedings of NordSec 201
- …