10 research outputs found
A Formulation of the Potential for Communication Condition using C2KA
An integral part of safeguarding systems of communicating agents from covert
channel communication is having the ability to identify when a covert channel
may exist in a given system and which agents are more prone to covert channels
than others. In this paper, we propose a formulation of one of the necessary
conditions for the existence of covert channels: the potential for
communication condition. Then, we discuss when the potential for communication
is preserved after the modification of system agents in a potential
communication path. Our approach is based on the mathematical framework of
Communicating Concurrent Kleene Algebra (C2KA). While existing approaches only
consider the potential for communication via shared environments, the approach
proposed in this paper also considers the potential for communication via
external stimuli.Comment: In Proceedings GandALF 2014, arXiv:1408.556
Investigative Support for Information Confidentiality Part II: Applications in Cryptanalysis and Digital Forensics
AbstractThis is Part II in a two-part series discussing the development of investigative support for information confidentiality. In Part I, we proposed a technique based on relation algebra to detect confidential information leakage via protocol-based covert channels. In this paper, we continue developing investigative support for information confidentiality. We examine the application of the technique for detecting confidential information leakage proposed in Part I in cryptanalysis and digital forensics to highlight its usefulness beyond the scope of covert channel analysis. By way of a short case study, we show the automation of the cryptanalysis application of the technique for detecting confidential information leakage using a prototype tool and a known-plaintext attack
Zephyrus: An information hiding mechanism leveraging Ethereum data fields
Permanent availability makes blockchain technologies a suitable alternative for building a covert channel. Previous works have analysed its feasibility in a particular blockchain technology called Bitcoin. However, Ethereum cryptocurrency is gaining momentum as a means to build distributed apps. The novelty of this paper relies on the use of Ethereum to establish a covert channel considering all transaction fields and smart contracts. No previous work has explored this issue. Thus, a mechanism called Zephyrus, an information hiding mechanism based on steganography, is developed. Moreover, its capacity, cost and stealthiness are assessed both theoretically, and empirically through a prototype implementation that is publicly released. Disregarding the time taken to send the transaction to the blockchain, its retrieval and the mining time, experimental results show that, in the best case, 40 Kbits can be embedded in 0.57 s. for US$ 1.64, and retrieved in 2.8
CovertNet: Circumventing Web Surveillance Using Covert Channels
Senior Project submitted to The Division of Science, Mathematics and Computing of Bard College
FRAMEWORK FOR ANONYMIZED COVERT COMMUNICATIONS: A BLOCKCHAIN-BASED PROOF-OF-CONCEPT
In this dissertation, we present an information hiding approach incorporating anonymity that builds on existing classical steganographic models. Current security definitions are not sufficient to analyze the proposed information hiding approach as steganography offers data privacy by hiding the existence of data, a property that is distinct from confidentiality (data existence is known but access is restricted) and authenticity (data existence is known but manipulation is restricted). Combinations of the latter two properties are common in analyses, such as Authenticated Encryption with Associated Data (AEAD), yet there is a lack of research on combinations with steganography. This dissertation also introduces the security definition of Authenticated Stegotext with Associated Data (ASAD), which captures steganographic properties even when there is contextual information provided alongside the hidden data. We develop a hierarchical framework of ASAD variants, corresponding to different channel demands. We present a real-world steganographic embedding scheme, Authenticated SteGotex with Associated tRansaction Data (ASGARD), that leverages a blockchain-based application as a medium for sending hidden data. We analyze ASGARD in our framework and show that it meets Level-4 ASAD security. Finally, we implement ASGARD on the Ethereum platform as a proof-of-concept and analyze some of the ways an adversary might detect our embedding activity by analyzing historical Ethereum data.Lieutenant, United States NavyApproved for public release. Distribution is unlimited
Cybersecurity applications of Blockchain technologies
With the increase in connectivity, the popularization of cloud services, and the rise
of the Internet of Things (IoT), decentralized approaches for trust management
are gaining momentum. Since blockchain technologies provide a distributed ledger,
they are receiving massive attention from the research community in different application
fields. However, this technology does not provide cybersecurity by itself.
Thus, this thesis first aims to provide a comprehensive review of techniques and
elements that have been proposed to achieve cybersecurity in blockchain-based systems.
The analysis is intended to target area researchers, cybersecurity specialists
and blockchain developers. We present a series of lessons learned as well. One of
them is the rise of Ethereum as one of the most used technologies.
Furthermore, some intrinsic characteristics of the blockchain, like permanent
availability and immutability made it interesting for other ends, namely as covert
channels and malicious purposes.
On the one hand, the use of blockchains by malwares has not been characterized
yet. Therefore, this thesis also analyzes the current state of the art in this area. One
of the lessons learned is that covert communications have received little attention.
On the other hand, although previous works have analyzed the feasibility of
covert channels in a particular blockchain technology called Bitcoin, no previous
work has explored the use of Ethereum to establish a covert channel considering all
transaction fields and smart contracts.
To foster further defence-oriented research, two novel mechanisms are presented
on this thesis. First, Zephyrus takes advantage of all Ethereum fields and smartcontract
bytecode. Second, Smart-Zephyrus is built to complement Zephyrus by
leveraging smart contracts written in Solidity. We also assess the mechanisms feasibility
and cost. Our experiments show that Zephyrus, in the best case, can embed
40 Kbits in 0.57 s. for US 1.82 per bit), the provided stealthiness might be worth the price for attackers. Furthermore,
these two mechanisms can be combined to increase capacity and reduce
costs.Debido al aumento de la conectividad, la popularización de los servicios en la nube
y el auge del Internet de las cosas (IoT), los enfoques descentralizados para la
gestión de la confianza están cobrando impulso. Dado que las tecnologÃas de cadena
de bloques (blockchain) proporcionan un archivo distribuido, están recibiendo
una atención masiva por parte de la comunidad investigadora en diferentes campos
de aplicación. Sin embargo, esta tecnologÃa no proporciona ciberseguridad por sÃ
misma. Por lo tanto, esta tesis tiene como primer objetivo proporcionar una revisión
exhaustiva de las técnicas y elementos que se han propuesto para lograr la ciberseguridad
en los sistemas basados en blockchain. Este análisis está dirigido a investigadores
del área, especialistas en ciberseguridad y desarrolladores de blockchain. A
su vez, se presentan una serie de lecciones aprendidas, siendo una de ellas el auge
de Ethereum como una de las tecnologÃas más utilizadas.
Asimismo, algunas caracterÃsticas intrÃnsecas de la blockchain, como la disponibilidad
permanente y la inmutabilidad, la hacen interesante para otros fines, concretamente
como canal encubierto y con fines maliciosos.
Por una parte, aún no se ha caracterizado el uso de la blockchain por parte
de malwares. Por ello, esta tesis también analiza el actual estado del arte en este
ámbito. Una de las lecciones aprendidas al analizar los datos es que las comunicaciones
encubiertas han recibido poca atención.
Por otro lado, aunque trabajos anteriores han analizado la viabilidad de los
canales encubiertos en una tecnologÃa blockchain concreta llamada Bitcoin, ningún
trabajo anterior ha explorado el uso de Ethereum para establecer un canal encubierto
considerando todos los campos de transacción y contratos inteligentes.
Con el objetivo de fomentar una mayor investigación orientada a la defensa,
en esta tesis se presentan dos mecanismos novedosos. En primer lugar, Zephyrus
aprovecha todos los campos de Ethereum y el bytecode de los contratos inteligentes.
En segundo lugar, Smart-Zephyrus complementa Zephyrus aprovechando los contratos inteligentes escritos en Solidity. Se evalúa, también, la viabilidad y el coste
de ambos mecanismos. Los resultados muestran que Zephyrus, en el mejor de los
casos, puede ocultar 40 Kbits en 0,57 s. por 1,64 US$, y recuperarlos en 2,8 s.
Smart-Zephyrus, por su parte, es capaz de ocultar un secreto de 4 Kb en 41 s. Si
bien es cierto que es caro (alrededor de 1,82 dólares por bit), el sigilo proporcionado
podrÃa valer la pena para los atacantes. Además, estos dos mecanismos pueden
combinarse para aumentar la capacidad y reducir los costesPrograma de Doctorado en Ciencia y TecnologÃa Informática por la Universidad Carlos III de MadridPresidente: José Manuel Estévez Tapiador.- Secretario: Jorge Blasco AlÃs.- Vocal: Luis Hernández Encina
Processor Microarchitecture Security
As computer systems grow more and more complicated, various optimizations can unintentionally introduce security vulnerabilities in these systems. The vulnerabilities can lead to user information and data being compromised or stolen. In particular, the ending of both Moore\u27s law and Dennard scaling motivate the design of more exotic microarchitectural optimizations to extract more performance -- further exacerbating the security vulnerabilities. The performance optimizations often focus on sharing or re-using of hardware components within a processor, between different users or programs. Because of the sharing of the hardware, unintentional information leakage channels, through the shared components, can be created. Microarchitectural attacks, such as the high-profile Spectre and Meltdown attacks or the cache covert channels that they leverage, have demonstrated major vulnerabilities of modern computer architectures due to the microarchitectural~optimizations. Key components of processor microarchitectures are processor caches used for achieving high memory bandwidth and low latency for frequently accessed data. With frequently accessed data being brought and stored in caches, memory latency can be significantly reduced when data is fetched from the cache, as opposed to being fetched from the main memory. With limited processor chip area, however, the cache size cannot be very large. Thus, modern processors adopt a cache hierarchy with multiple levels of caches, where the cache close to processor is faster but smaller, and the cache far from processor is slower but larger. This leads to a fundamental property of modern processors: {\em the latency of accessing data in different cache levels and in main memory is different}. As a result, the timing of memory operations when fetching data from different cache levels, e.g., the timing of fetching data from closest-to-processor L1 cache vs. from main memory, can reveal secret-dependent information if attacker is able to observe the timing of these accesses and correlate them to the operation of the victim\u27s code. Further, due to limited size of the caches, memory accesses by a victim may displace attacker\u27s data from the cache, and with knowledge, or reverse-engineering, of the cache architecture, the attacker can learn some information about victim\u27s data based on the modifications to the state of the cache -- which can be observed by the timing~measurements. Caches are not only structures in the processor that can suffer from security vulnerabilities. As an essential mechanism to achieving high performance, cache-like structures are used pervasively in various processor components, such as the translation lookaside buffer (TLB) and processor frontend. Consequently, the vulnerabilities due to timing differences of accessing data in caches or cache-like structures affect many components of the~processor. The main goal of this dissertation is the {\em design of high performance and secure computer architectures}. Since the sophisticated hardware components such as caches, TLBs, value predictors, and processor frontend are critical to ensure high performance, realizing this goal requires developing fundamental techniques to guarantee security in the presence of timing differences of different processor operations. Furthermore, effective defence mechanisms can be only developed after developing a formal and systematic understanding of all the possible attacks that timing side-channels can lead to. To realize the research goals, the main main contributions of this dissertation~are: \begin{itemize}[noitemsep] \item Design and evaluation of a novel three-step cache timing model to understand theoretical vulnerabilities in caches \item Development of a benchmark suite that can test if processor caches or secure cache designs are vulnerable to certain theoretical vulnerabilities. \item Development of a timing vulnerability model to test TLBs and design of hardware defenses for the TLBs to address newly found vulnerabilities. \item Analysis of value predictor attacks and design of defenses for value predictors. \item Evaluation of vulnerabilities in processor frontends based on timing differences in the operation of the frontends. \item Development of a design-time security verification framework for secure processor architectures, using information flow tracking methods. \end{itemize} \newpage This dissertation combines the theoretical modeling and practical benchmarking analysis to help evaluate susceptibility of different architectures and microarchitectures to timing attacks on caches, TLBs, value predictors and processor frontend. Although cache timing side-channel attacks have been studied for more than a decade, there is no evidence that the previously-known attacks exhaustively cover all possible attacks. One of the initial research directions covered by this dissertation was to develop a model for cache timing attacks, which can help lead towards discovering all possible cache timing attacks. The proposed three-step cache timing vulnerability model provides a means to enumerate all possible interactions between the victim and attacker who are sharing a cache-like structure, producing the complete set of theoretical timing vulnerabilities. This dissertation also covers new theoretical cache timing attacks that are unknown prior to being found by the model. To make the advances in security not only theoretical, this dissertation also covers design of a benchmarking suite that runs on commodity processors and helps evaluate their cache\u27s susceptibility to attacks, as well as can run on simulators to test potential or future cache designs. As the dissertation later demonstrates, the three-step timing vulnerability model can be naturally applied to any cache-like structures such as TLBs, and the dissertation encompasses a three-step model for TLBs, uncovering of theoretical new TLB attacks, and proposals for defenses. Building on success of analyzing caches and TLBs for new timing attacks, this dissertation then discusses follow-on research on evaluation and uncovering of new timing vulnerabilities in processor frontends. Since security analysis should be applied not just to existing processor microarchitectural features, the dissertation further analyzes possible future features such as value predictors. Although not currently in use, value predictors are actively being researched and proposed for addition into future microarchitectures. This dissertation shows, however, that they are vulnerable to attacks. Lastly, based on findings of the security issues with existing and proposed processor features, this dissertation explores how to better design secure processors from ground up, and presents a design-time security verification framework for secure processor architectures, using information flow tracking methods