Hypnoguard: Protecting Secrets across Sleep-wake Cycles

Attackers can get physical control of a computer in sleep (S3/suspend-to-RAM), if it is lost, stolen, or the owner is being coerced. High-value memory-resident secrets, including disk encryption keys, and private signature/encryption keys for PGP, may be extracted (e.g., via cold-boot or DMA attacks), by physically accessing such a computer. Our goal is to alleviate threats of extracting secrets from a computer in sleep, without relying on an Internet-facing service. We propose Hypnoguard to protect all memory-resident OS/user data across S3 suspensions, by first performing an in-place full memory encryption before entering sleep, and then restoring the plaintext content at wakeup-time through an environment-bound, password-based authentication pro- cess. The memory encryption key is effectively “sealed” in a Trusted Platform Module (TPM) chip with the measurement of the execution environment supported by CPU’s trusted execution mode (e.g., Intel TXT, AMD-V/SVM). Password guessing within Hypnoguard may cause the memory content to be permanently inaccessible, while guessing without Hypnoguard is equivalent to brute-forcing a high- entropy key (due to TPM protection). We achieved full memory encryption/decryption in less than a second on a mainstream computer (Intel i7-4771 CPU with 8GB RAM, taking advantage of multi-core processing and AES-NI), an apparently acceptable delay for sleep-wake transitions. To the best of our knowledge, Hypnoguard provides the first wakeup-time secure environment for authentication and key unlocking, without requiring per-application changes

Fine-grained reasoning about the security and usability trade-off in modern security tools

Defense techniques detect or prevent attacks based on their ability to model the attacks. A balance between security and usability should always be established in any kind of defense technique. Attacks that exploit the weak points in security tools are very powerful and thus can go undetected. One source of those weak points in security tools comes when security is compromised for usability reasons, where if a security tool completely secures a system against attacks the whole system will not be usable because of the large false alarms or the very restricted policies it will create, or if the security tool decides not to secure a system against certain attacks, those attacks will simply and easily succeed. The key contribution of this dissertation is that it digs deeply into modern security tools and reasons about the inherent security and usability trade-offs based on identifying the low-level, contributing factors to known issues. This is accomplished by implementing full systems and then testing those systems in realistic scenarios. The thesis that this dissertation tests is that we can reason about security and usability trade-offs in fine-grained ways by building and testing full systems. Furthermore, this dissertation provides practical solutions and suggestions to reach a good balance between security and usability. We study two modern security tools, Dynamic Information Flow Tracking (DIFT) and Antivirus (AV) software, for their importance and wide usage. DIFT is a powerful technique that is used in various aspects of security systems. It works by tagging certain inputs and propagating the tags along with the inputs in the target system. However, current DIFT systems do not track implicit information flow because if all DIFT propagation rules are directly applied in a conservative way, the target system will be full of tagged data (a problem called overtagging) and thus useless because the tags tell us very little about the actual information flow of the system. So, current DIFT systems drop some security for usability. In this dissertation, we reason about the sources of the overtagging problem and provide practical ways to deal with it, while previous approaches have focused on abstract descriptions of the main causes of the problem based on limited experiments. The second security tool we consider in this dissertation is antivirus (AV) software. AV is a very important tool that protects systems against worms and viruses by scanning data against a database of signatures. Despite its importance and wide usage, AV has received little attention from the security research community. In this dissertation, we examine the AV internals and reason about the possibility of creating timing channel attacks against AV software. The attacker could infer information about the AV based only on the scanning time the AV spends to scan benign inputs. The other aspect of AV this dissertation explores is the low-level AV performance impact on systems. Even though the performance overhead of AV is a well known issue, the exact reasons behind this overhead are not well-studied. In this dissertation, we design a methodology that utilizes Event Tracing for Windows technology (ETW), a technology that accounts for all OS events, to reason about AV performance impact from the OS point of view. We show that the main performance impact of the AV on a task is the longer waiting time the task spends waiting on events

Estudio de mecanismos de autenticación basados en contraseñas visuales en dispositivos móviles Android

Todo sistema de seguridad de la información debe cumplir con una serie de requisitos mínimos de confidencialidad, integridad y disponibilidad para que pueda considerarse realmente seguro y fiable. Ahora bien, en el estado actual de las Tecnologías de la Información y de la Comunicación también es necesario implantar sistemas de control de accesos a los recursos compartidos a través de sistemas distribuidos. En este sentido a los requerimientos básicos hemos de añadir los objetivos de autenticación y autorización. Por otro lado, una máxima fundamental en el despliegue de cualquier tecnología es el grado de aceptación por parte de sus potenciales receptores. Así, en el campo específico de los Sistemas de Gestión de Seguridad de la Información no hay cabida para esquemas que promuevan la consecución de objetivos de seguridad a costa de dificultar su implementación y/o uso. En este trabajo el foco central vendrá determinado por el estudio de sistemas de autenticación que, consecuentemente, traten de conciliar el objetivo de seguridad de validación de identidades digitales con la fácil adopción por parte de desarrolladores y usuarios finales. En efecto, los métodos de autenticación en protocolos de comunicación se pueden medir por dos factores: la usabilidad y la seguridad. En algunos casos cuando se intenta implementar un sistema de autenticación usable se vuelve poco seguro y en otros casos que se intenta implementar un sistema de autenticación seguro convirtiéndolo en poco usable. El diseño de estos sistemas de autenticación debe ser robusto ya que es un componente crítico de los sistemas de seguridad. La mayoría de los sistemas de autenticación utilizan un sistema basado en contraseñas alfanuméricas y en la mayoría de estos casos es el propio usuario quien, por usabilidad, elige su contraseña. Esta posibilidad que se da al usuario para elegir la contraseña puede ser una debilidad, ya que las contraseñas más utilizadas en estos casos son fechas de cumpleaños o nombres de familiares o amigos. Nuestra propuesta para mantener la seguridad y a la vez tener una alta usabilidad pasa por cambiar las contraseñas alfanuméricas por contraseñas visuales. Las contraseñas visuales ofrecen una serie de ventajas frente a las contraseñas alfanuméricas que las hacen más seguras y usables. A lo largo de este trabajo se pone de relieve el conjunto de ventajas, así como las limitaciones de esquemas de autenticación basados en las denominadas contraseñas visuales. Las contraseñas visuales determinan una interacción con el usuario mediada por una o varias imágenes. La autenticación del usuario viene codificada mediante la selección por parte del mismo de una serie de elementos o propiedades de una o varias imágenes. Dada la modalidad de la interacción usuario-imágenes parece recomendable trabajar con interfaces que agilicen la captura de entradas de usuario. Éste es el caso de las pantallas táctiles, la interfaz usuario-máquina cuya popularidad se ha visto favorecido por la reducción de costes de producción y cuya hegemonía en las interfaces de usuario se ha fraguado debido a su inclusión en la telefonía móvil. En este Trabajo Fin de Grado, por ello, se estudiarán los sistemas de identificación de usuarios arriba señalados tomando como marco de implementación los teléfonos inteligentes. De modo más concreto, se trabajará con dispositivos móviles con sistema operativo Android, siendo la razón fundamental de esta elección la popularidad de dichos dispositivos y la facilidad de desarrollo de nuevas aplicaciones frente a otras alternativas.Secure and reliable information systems are designed to preserve confidentiality, integrity and availability. In addition, in the current state of Information and Communication Technologies it is also necessary to develop access control systems to manage shared resources in distributed systems. Consequently, we have to enlarge the original set of requirements by means of the authentication and authorization commitments. On the other hand, a fundamental target in the deployment of any technology is the degree of acceptance by its potential users. In Information Security Management Systems there is no place for schemes obtaining security by hindering its implementation and / or use. In this work the focus will be determined by the study of authentication systems that enable an adequate tradeoff between secure digital identities management and easy-to-deploy/easy-to use implementations. In fact, the authentication methods in communication protocols can be measured by two factors: usability and security. In some case when trying to implement a usable authentication system it becomes insecure an in other cases when trying to implement a secure authentication it becomes unusable. The design of these authentication systems has to be robust, because it is a critical component of security systems. Most of the authentication systems use a system based on alphanumeric passwords and in most of these cases is the user who chooses her/his password. This user capacity to choose the password can be a weakness, as the most frequently used password in these cases are birthdays acquaintance names. Our approach to keep security while to have a high usability depends on changing the alphanumeric passwords for graphical passwords. Graphical passwords offer a number of advantages over alphanumeric passwords that make them more secure and usable. Along this work we highlight the set of advantages and limitations of authentication schemes based on the so-called graphical passwords. Graphical passwords are built upon an image-based human-machine interface. User authentication is codified by the user selection on a given set of elements or properties of one or several images. Taken into account the modality of the user-image interaction, it is necessary to choose human-machine interfaces that make easy to capture and process the related user input. This target is achieved through touch-screens and their user-machine interfaces, whose popularity sustained by the decrements of production costs, and its incorporation as main user-machine interface in mobile devices. This being the use, in this project we study in detail authentication procedures in the context of smartphones. More specifically, we will work with mobile devices with Android operating system, being the main reason for this choice the popularity of these devices and their ease of development of new applications over other alternatives

Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion

382 p.Libro ElectrónicoEach of us has been in the computing field for more than 40 years. The book is the product of a lifetime of observing and participating in the changes it has brought. Each of us has been both a teacher and a learner in the field. This book emerged from a general education course we have taught at Harvard, but it is not a textbook. We wrote this book to share what wisdom we have with as many people as we can reach. We try to paint a big picture, with dozens of illuminating anecdotes as the brushstrokes. We aim to entertain you at the same time as we provoke your thinking.Preface Chapter 1 Digital Explosion Why Is It Happening, and What Is at Stake? The Explosion of Bits, and Everything Else The Koans of Bits Good and Ill, Promise and Peril Chapter 2 Naked in the Sunlight Privacy Lost, Privacy Abandoned 1984 Is Here, and We Like It Footprints and Fingerprints Why We Lost Our Privacy, or Gave It Away Little Brother Is Watching Big Brother, Abroad and in the U.S. Technology Change and Lifestyle Change Beyond Privacy Chapter 3 Ghosts in the Machine Secrets and Surprises of Electronic Documents What You See Is Not What the Computer Knows Representation, Reality, and Illusion Hiding Information in Images The Scary Secrets of Old Disks Chapter 4 Needles in the Haystack Google and Other Brokers in the Bits Bazaar Found After Seventy Years The Library and the Bazaar The Fall of Hierarchy It Matters How It Works Who Pays, and for What? Search Is Power You Searched for WHAT? Tracking Searches Regulating or Replacing the Brokers Chapter 5 Secret Bits How Codes Became Unbreakable Encryption in the Hands of Terrorists, and Everyone Else Historical Cryptography Lessons for the Internet Age Secrecy Changes Forever Cryptography for Everyone Cryptography Unsettled Chapter 6 Balance Toppled Who Owns the Bits? Automated Crimes—Automated Justice NET Act Makes Sharing a Crime The Peer-to-Peer Upheaval Sharing Goes Decentralized Authorized Use Only Forbidden Technology Copyright Koyaanisqatsi: Life Out of Balance The Limits of Property Chapter 7 You Can’t Say That on the Internet Guarding the Frontiers of Digital Expression Do You Know Where Your Child Is on the Web Tonight? Metaphors for Something Unlike Anything Else Publisher or Distributor? Neither Liberty nor Security The Nastiest Place on Earth The Most Participatory Form of Mass Speech Protecting Good Samaritans—and a Few Bad Ones Laws of Unintended Consequences Can the Internet Be Like a Magazine Store? Let Your Fingers Do the Stalking Like an Annoying Telephone Call? Digital Protection, Digital Censorship—and Self-Censorship Chapter 8 Bits in the Air Old Metaphors, New Technologies, and Free Speech Censoring the President How Broadcasting Became Regulated The Path to Spectrum Deregulation What Does the Future Hold for Radio? Conclusion After the Explosion Bits Lighting Up the World A Few Bits in Conclusion Appendix The Internet as System and Spirit The Internet as a Communication System The Internet Spirit Endnotes Inde

Actas de la XIII Reunión Española sobre Criptología y Seguridad de la Información RECSI XIII : Alicante, 2-5 de septiembre de 2014

Si tuviéramos que elegir un conjunto de palabras clave para definir la sociedad actual, sin duda el término información sería uno de los más representativos. Vivimos en un mundo caracterizado por un continuo flujo de información en el que las Tecnologías de la Información y Comunicación (TIC) y las Redes Sociales desempeñan un papel relevante. En la Sociedad de la Información se generan gran variedad de datos en formato digital, siendo la protección de los mismos frente a accesos y usos no autorizados el objetivo principal de lo que conocemos como Seguridad de la Información. Si bien la Criptología es una herramienta tecnológica básica, dedicada al desarrollo y análisis de sistemas y protocolos que garanticen la seguridad de los datos, el espectro de tecnologías que intervienen en la protección de la información es amplio y abarca diferentes disciplinas. Una de las características de esta ciencia es su rápida y constante evolución, motivada en parte por los continuos avances que se producen en el terreno de la computación, especialmente en las últimas décadas. Sistemas, protocolos y herramientas en general considerados seguros en la actualidad dejarán de serlo en un futuro más o menos cercano, lo que hace imprescindible el desarrollo de nuevas herramientas que garanticen, de forma eficiente, los necesarios niveles de seguridad. La Reunión Española sobre Criptología y Seguridad de la Información (RECSI) es el congreso científico español de referencia en el ámbito de la Criptología y la Seguridad en las TIC, en el que se dan cita periódicamente los principales investigadores españoles y de otras nacionalidades en esta disciplina, con el fin de compartir los resultados más recientes de su investigación. Del 2 al 5 de septiembre de 2014 se celebrará la decimotercera edición en la ciudad de Alicante, organizada por el grupo de Criptología y Seguridad Computacional de la Universidad de Alicante. Las anteriores ediciones tuvieron lugar en Palma de Mallorca (1991), Madrid (1992), Barcelona (1994), Valladolid (1996), Torremolinos (1998), Santa Cruz de Tenerife (2000), Oviedo (2002), Leganés (2004), Barcelona (2006), Salamanca (2008), Tarragona (2010) y San Sebastián (2012)

Efficient Collection and Processing of Cyber Threat Intelligence from Partner Feeds

Sharing of threat intelligence between organizations and companies in the cyber security industry is a crucial part of proactive defense against security threats. Even though some standardization efforts exist, most publishers of cyber security feeds use their own approach and provide data in varying formats, schemata, compression algorithms, through differing APIs etc. This makes every feed unique and complicates their automated collection and processing.Furthermore, the published data may contain a lot of irrelevant records, such as duplicates or data about very exotic files or websites, which are not useful. In this work, we present Feed Automation, a cloud-based system for fully automatic collection and processing of cyber threat intelligence from a variety of online feeds. The system provides two means for reduction of noise in the data: a smart deduplication service based on a sliding window technique, which is able to remove just the duplicates with no important changes in the metadata; and efficient rules, easily configurable by the malware analysts, to remove records, which are not useful for us. Additionally, we propose a filtering solution based on machine learning, which is able to predict how useful a record is for our backend systems based on historic data. We demonstrate how this system can help to unify the feed collection, processing, and data noise reduction into one automated system, speeding up development, simplifying maintenance, and reducing the load for the backend systems

Defensa en profundidad en sistemas de control de accesos mediante autenticación continua

La seguridad de los sistemas de información depende, en gran medida, de que el proceso de control de accesos funcione correctamente. Pero, en los modelos clásicos, la identidad del operador sólo se autentica en momentos puntuales. Tras décadas de implantación de dispositivos móviles en la sociedad [2], se encuentran presentes en prácticamente todos los procesos de negocio, pero estos activos sufren de debilidades en la gestión de su seguridad: no se ubican en perímetros de red bien definidos y bastionables, son más susceptibles de ser robados, etc.; y en un modelo clásico de control de accesos, una vez iniciada la sesión, careceríamos de medidas para combatir estas amenazas. Activar el proceso de autenticación periódicamente sería molesto y contraproducente, pero mediante biometría conductual (i.e., caracterizando la identidad de un usuario por cómo se comporta con el sistema), sí podría implementarse un sistema que validase la identidad del operador sin interferir en su sesión de trabajo: un sistema de autenticación continua. En esta tesis se aborda cómo la autenticación continua puede ayudar a mitigar los riesgos comentados, convirtiéndose en una tecnología diferenciadora al implantar medidas de defensa en profundidad en los sistemas de control de accesos. Al no existir un criterio claro para definir la autenticación continua, en primer lugar se ha desarrollado un estudio sistemático de la literatura, que permite caracterizar este área de investigación. En el segundo artículo se plantea un caso de uso, donde se refuerza la seguridad de un sistema distribuido aplicando principios de la autenticación continua; evidenciando al mismo tiempo las carencias de los sistemas dinámicos, y acotando la definición de autenticación continua. Finalmente, se estudia, experimentalmente, el rendimiento de 7 algoritmos supervisados de clasificación en el ámbito de la autenticación continua. Este estudio, junto con los resultados previos, sirve de soporte a la toma de decisiones en la implantación de la autenticación continua. Fija una base homogénea de conocimiento, que permite comparar las particularidades de estos algoritmos en el procesado de datos de biometría conductual, y discute su utilidad en función de los requisitos del sistema de control de accesos. Esta tesis evidencia que el uso de autenticación continua contribuye a la defensa en profundidad de los sistemas de control de accesos, especialmente, aunque exclusivamente, a la de aquellos con un operador cuya sesión de trabajo debe ser autenticada

A complex situation in data recovery

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.The research considers an unusual situation in data recovery. Data recovery is the process of recovering data from recording media that is not accessible by normal means. Providing that the data has not been overwritten or the recording medium physically damaged, this is usually a relatively simple process of either repairing the file system so that the file(s) may be accessed as usual or finding the data on the medium and copying it directly from the medium into normal file(s). The data in this recovery situation is recorded by specialist call centre recording equipment and is stored on the recording medium in a proprietary format whereby simultaneous conversations are multiplexed together and can only be accessed by using associated metadata records. The value of the recorded data may be very high especially in the financial sector where it may be considered a legal audit of business transactions. When a failure occurs and data needs to be recovered, both the data and metadata information must be recreated before a single call can be replayed. A key component to accessing this information is the location metadata that identifies the location of the required components on the medium. If the metadata is corrupted, incomplete or wrong then a repair cannot proceed until it is corrected. This research focuses on the problem of verifying this location metadata. Initially it was believed that only a small set of errors would exist and work centred on detecting these errors by presenting the information to engineers in an at-a-glance image. When the extent of the possible errors was realised, an attempt was made to deduce location metadata by exploring the content of the recorded medium. Although successful in one instance, the process was not able to distinguish between current and previous uses. Eventually insights gained from exploration of the recording application's source code, permitted an intelligent trial and error process which deduced the underlying medium apportioning formula. It was then possible to incorporate this formula into the heuristics, generating the at-a-glance image, to create an artefact that could verify the location metadata for any given repair. After discovering the formula, the research returned to the media exploration and the produced disk fingerprinting technique. The disk fingerprinting technique gave valuable insights into error states in call centre recording and provided a new way of seeing the contents of a hard drive. This research provided the following contributions: 1. It has provided a means by which the recording systems' location metadata can be verified and repaired. 2. As a result of this verification, greater automation of the recovery process is now possible before the need for human verification is required. 3. The disk fingerprinting process. This has already given insights into the recording system's problems and is able to provide a new way of seeing the contents of recording media