Exploiting code mobility for dynamic binary obfuscation

Software protection aims at protecting the integrity of software applications deployed on un-trusted hosts and being subject to illegal analysis. Within an un-trusted environment a possibly malicious user has complete access to system resources and tools in order to analyze and tamper with the application code. To address this research problem, we propose a novel binary obfuscation approach based on the deployment of an incomplete application whose code arrives from a trusted network entity as a flow of mobile code blocks which are arranged in memory with a different customized memory layout. This paper presents our approach to contrast reverse engineering by defeating static and dynamic analysis, and discusses its effectivenes

Tampering in RFID: A Survey on Risks and Defenses

RFID is a well-known pervasive technology, which provides promising opportunities for the implementation of new services and for the improvement of traditional ones. However, pervasive environments require strong efforts on all the aspects of information security. Notably, RFID passive tags are exposed to attacks, since strict limitations affect the security techniques for this technology. A critical threat for RFIDbased information systems is represented by data tampering, which corresponds to the malicious alteration of data recorded in the tag memory. The aim of this paper is to describe the characteristics and the effects of data tampering in RFID-based information systems, and to survey the approaches proposed by the research community to protect against it. The most important recent studies on privacy and security for RFID-based systems are examined, and the protection given against tampering is evaluated. This paper provides readers with an exhaustive overview on risks and defenses against data tampering, highlighting RFID weak spots and open issues

SGXIO: Generic Trusted I/O Path for Intel SGX

Application security traditionally strongly relies upon security of the underlying operating system. However, operating systems often fall victim to software attacks, compromising security of applications as well. To overcome this dependency, Intel introduced SGX, which allows to protect application code against a subverted or malicious OS by running it in a hardware-protected enclave. However, SGX lacks support for generic trusted I/O paths to protect user input and output between enclaves and I/O devices. This work presents SGXIO, a generic trusted path architecture for SGX, allowing user applications to run securely on top of an untrusted OS, while at the same time supporting trusted paths to generic I/O devices. To achieve this, SGXIO combines the benefits of SGX's easy programming model with traditional hypervisor-based trusted path architectures. Moreover, SGXIO can tweak insecure debug enclaves to behave like secure production enclaves. SGXIO surpasses traditional use cases in cloud computing and makes SGX technology usable for protecting user-centric, local applications against kernel-level keyloggers and likewise. It is compatible to unmodified operating systems and works on a modern commodity notebook out of the box. Hence, SGXIO is particularly promising for the broad x86 community to which SGX is readily available.Comment: To appear in CODASPY'1

Reactive attestation : automatic detection and reaction to software tampering attacks

Anti-tampering is a form of software protection conceived to detect and avoid the execution of tampered programs. tamper detection assesses programs’ integrity with load- or execution-time checks. Avoidance reacts to tampered programs by stopping or rendering them unusable. General purpose reactions (such as halting the execution) stand out like a lighthouse in the code and are quite easy to defeat by an attacker. More sophisticated reactions, which degrade the user experience or the quality of service, are less easy to locate and remove but are too tangled with the program’s business logic, and are thus difficult to automate by a general purpose protection tool. In the present paper, we propose a novel approach to antitampering that (i) fully automatically applies to a target program, (ii) uses Remote Attestation for detection purposes and (iii) adopts a server-side reaction that is difficult to block by an attacker. By means of Client/Server Code Splitting, a crucial part of the program is removed from the client and executed on a remote trusted server in sync with the client. If a client program provides evidences of its integrity, the part moved to the server is executed. Otherwise, a server-side reaction logic may (temporarily or definitely) decide to stop serving it. Therefore, a tampered client application can not continue its execution. We assessed our automatic protection tool on a case study Android application. Experimental results show that all the original and tampered executions are correctly detected, reactions are promptly applied, and execution overhead is on an acceptable level

Security Issues and Challenges for the IoT-based Smart Grid

AbstractInternet of Things (IoT) is the next step evolution of our today Internet, where any physical object/thing having/equipped with computation and communication capabilities could be seamlessly integrated, at different levels, to the Internet. The Smart Grid (SG), which is considered as one of the most critical Infrastructures, is defined as the classical power grid augmented with a large-scale ICT and renewable energy integration, can be seen as one of the largest IoT network. The SG will involve billions of smart objects/things: smart meters, smart appliances, sensors, actuators-cars, etc. in addition to several communication infrastructures whether public (most often) or private. However, security is seen as one of the major factors hampering the rapid and large scale adoption and deployment of both the IoT vision and the Smart Grid.In this paper we investigate the security issues and challenges on the IoT-based SG, and define the major security services that we should consider when dealing with SG securit

Host Card Emulation with Tokenisation: Security Risk Assessment

Host Card Emulation (HCE) is an architecture that provides virtual representation of contactless cards, enabling transactional communication for mobile devices with Near-Field Communication (NFC) support without the need of Secure Element (SE) hardware. Performing the card emulation mainly by software, usually in wallet-like applications which store payment tokens for enabling transactions, creates several risks that need to be properly evaluated in order to be able to materialise a risk-based implementation. This paper describes the HCEt and proposes the identification and assessment of its risks through a survey conducted to specialists in the subject matter, analysing the model from the point of view of a wallet application on a mobile device that stores payment tokens to be able to perform contactless transactions. Despite the increasing complexity and specialisation of software, hardware, and the respective technical cyberattacks we conclude that the human nature remains the easiest to exploit, with greater gains

Resilient networking in wireless sensor networks

This report deals with security in wireless sensor networks (WSNs), especially in network layer. Multiple secure routing protocols have been proposed in the literature. However, they often use the cryptography to secure routing functionalities. The cryptography alone is not enough to defend against multiple attacks due to the node compromise. Therefore, we need more algorithmic solutions. In this report, we focus on the behavior of routing protocols to determine which properties make them more resilient to attacks. Our aim is to find some answers to the following questions. Are there any existing protocols, not designed initially for security, but which already contain some inherently resilient properties against attacks under which some portion of the network nodes is compromised? If yes, which specific behaviors are making these protocols more resilient? We propose in this report an overview of security strategies for WSNs in general, including existing attacks and defensive measures. In this report we focus at the network layer in particular, and an analysis of the behavior of four particular routing protocols is provided to determine their inherent resiliency to insider attacks. The protocols considered are: Dynamic Source Routing (DSR), Gradient-Based Routing (GBR), Greedy Forwarding (GF) and Random Walk Routing (RWR)

Security in Wireless Sensor Networks

Wireless Sensor Networks (WSNs) pose a new challenge to network designers in the area of developing better and secure routing protocols. Many sensor networks have mission-critical tasks, so it is clear that security needs to be taken into account at design time. However, sensor networks are not traditional computing devices, and as a result, existing security models and methods are ill suited. The security issues posed by sensor networks represent a rich field of research problems. Improving network hardware and software may address many of the issues, but others will require new supporting technologies. With the recent surge in the use of sensor networks, for example, in ubiquitous computing and body sensor networks (BSNs) the need for security mechanisms has a more important role. Recently proposed solutions address but a small subset of current sensor network attacks. Also because of the special battery requirements for such networks, normal cryptographic network solutions are irrelevant. New mechanisms need to be developed to address this type of network