The Huawei and Snowden Questions

This open access book answers two central questions: firstly, is it at all possible to verify electronic equipment procured from untrusted vendors? Secondly, can I build trust into my products in such a way that I support verification by untrusting customers? In separate chapters the book takes readers through the state of the art in fields of computer science that can shed light on these questions. In a concluding chapter it discusses realistic ways forward. In discussions on cyber security, there is a tacit assumption that the manufacturer of equipment will collaborate with the user of the equipment to stop third-party wrongdoers. The Snowden files and recent deliberations on the use of Chinese equipment in the critical infrastructures of western countries have changed this. The discourse in both cases revolves around what malevolent manufacturers can do to harm their own customers, and the importance of the matter is on par with questions of national security. This book is of great interest to ICT and security professionals who need a clear understanding of the two questions posed in the subtitle, and to decision-makers in industry, national bodies and nation states

SECURITY AND PRIVACY ASPECTS OF MOBILE PLATFORMS AND APPLICATIONS

Mobile smart devices (such as smartphones and tablets) emerged to dominant computing platforms for end-users. The capabilities of these convenient mini-computers seem nearly boundless: They feature compelling computing power and storage resources, new interfaces such as Near Field Communication (NFC) and Bluetooth Low Energy (BLE), connectivity to cloud services, as well as a vast number and variety of apps. By installing these apps, users can turn a mobile device into a music player, a gaming console, a navigation system, a business assistant, and more. In addition, the current trend of increased screen sizes make these devices reasonable replacements for traditional (mobile) computing platforms such as laptops. On the other hand, mobile platforms process and store the extensive amount of sensitive information about their users, ranging from the user’s location data to credentials for online banking and enterprise Virtual Private Networks (VPNs). This raises many security and privacy concerns and makes mobile platforms attractive targets for attackers. The rapid increase in number, variety and sophistication of attacks demonstrate that the protection mechanisms offered by mobile systems today are insufficient and improvements are necessary in order to make mobile devices capable of withstanding modern security and privacy threats. This dissertation focuses on various aspects of security and privacy of mobile platforms. In particular, it consists of three parts: (i) advanced attacks on mobile platforms and countermeasures; (ii) online authentication security for mobile systems, and (iii) secure mobile applications and services. Specifically, the first part of the dissertation concentrates on advanced attacks on mobile platforms, such as code re-use attacks that hijack execution flow of benign apps without injecting malicious code, and application-level privilege escalation attacks that allow malicious or compromised apps to gain more privileges than were initially granted. In this context, we develop new advanced code re-use attack techniques that can bypass deployed protection mechanisms (e.g., Address Space Layout Randomization (ASLR)) and cannot be detected by any of the existing security tools (e.g., return address checkers). Further, we investigate the problem of application-level privilege escalation attacks on mobile platforms like Android, study and classify them, develop proof of concept exploits and propose countermeasures against these attacks. Our countermeasures can mitigate all types of application-level privilege escalation attacks, in contrast to alternative solutions proposed in literature. In the second part of the dissertation we investigate online authentication schemes frequently utilized by mobile users, such as the most common web authentication based upon the user’s passwords and the recently widespread mobile 2-factor authentication (2FA) which extends the password-based approach with a secondary authenticator sent to a user’s mobile device or generated on it (e.g, a One-time Password (OTP) or Transaction Authentication Number (TAN)). In this context we demonstrate various weaknesses of mobile 2FA schemes deployed for login verification by global Internet service providers (such as Google, Dropbox, Twitter, and Facebook) and by a popular Google Authenticator app. These weaknesses allow an attacker to impersonate legitimate users even if their mobile device with the secondary authenticator is not compromised. We then go one step further and develop a general attack method for bypassing mobile 2FA schemes. Our method relies on a cross-platform infection (mobile-to-PC or PC-to-mobile) as a first step in order to compromise the Personal Computer (PC) and a mobile device of the same user. We develop proof-of-concept prototypes for a cross-platform infection and show how an attacker can bypass various instantiations of mobile 2FA schemes once both devices, PC and the mobile platform, are infected. We then deliver proof-of-concept attack implementations that bypass online banking solutions based on SMS-based TANs and visual cryptograms, as well as login verification schemes deployed by various Internet service providers. Finally, we propose a wallet-based secure solution for password-based authentication which requires no secondary authenticator, and yet provides better security guaranties than, e.g., mobile 2FA schemes. The third part of the dissertation concerns design and development of security sensitive mobile applications and services. In particular, our first application allows mobile users to replace usual keys (for doors, cars, garages, etc.) with their mobile devices. It uses electronic access tokens which are generated by the central key server and then downloaded into mobile devices for user authentication. Our solution protects access tokens in transit (e.g., while they are downloaded on the mobile device) and when they are stored and processed on the mobile platform. The unique feature of our solution is offline delegation: Users can delegate (a portion of) their access rights to other users without accessing the key server. Further, our solution is efficient even when used with constraint communication interfaces like NFC. The second application we developed is devoted to resource sharing among mobile users in ad-hoc mobile networks. It enables users to, e.g., exchange files and text messages, or share their tethering connection. Our solution addresses security threats specific to resource sharing and features the required security mechanisms (e.g., access control of resources, pseudonymity for users, and accountability for resource use). One of the key features of our solution is a privacy-preserving access control of resources based on FoF Finder (FoFF) service, which provides a user-friendly means to configure access control based upon information from social networks (e.g., friendship information) while preserving user privacy (e.g., not revealing their social network identifiers). The results presented in this dissertation were included in several peer-reviewed publications and extended technical reports. Some of these publications had significant impact on follow up research. For example, our publications on new forms of code re-use attacks motivated researchers to develop more advanced forms of ASLR and to re-consider the idea of using Control-Flow Integrity (CFI). Further, our work on application-level privilege escalation attacks was followed by many other publications addressing this problem. Moreover, our access control solution using mobile devices as access tokens demonstrated significant practical impact: in 2013 it was chosen as a highlight of CeBIT – the world’s largest international computer expo, and was then deployed by a large enterprise to be used by tens of thousands of company employees and millions of customers

Secure portable execution and storage environments: A capability to improve security for remote working

Remote working is a practice that provides economic benefits to both the employing organisation and the individual. However, evidence suggests that organisations implementing remote working have limited appreciation of the security risks, particularly those impacting upon the confidentiality and integrity of information and also on the integrity and availability of the remote worker’s computing environment. Other research suggests that an organisation that does appreciate these risks may veto remote working, resulting in a loss of economic benefits. With the implementation of high speed broadband, remote working is forecast to grow and therefore it is appropriate that improved approaches to managing security risks are researched. This research explores the use of secure portable execution and storage environments (secure PESEs) to improve information security for the remote work categories of telework, and mobile and deployed working. This thesis with publication makes an original contribution to improving remote work information security through the development of a body of knowledge (consisting of design models and design instantiations) and the assertion of a nascent design theory. The research was conducted using design science research (DSR), a paradigm where the research philosophies are grounded in design and construction. Following an assessment of both the remote work information security issues and threats, and preparation of a set of functional requirements, a secure PESE concept was defined. The concept is represented by a set of attributes that encompass the security properties of preserving the confidentiality, integrity and availability of the computing environment and data. A computing environment that conforms to the concept is considered to be a secure PESE, the implementation of which consists of a highly portable device utilising secure storage and an up-loadable (on to a PC) secure execution environment. The secure storage and execution environment combine to address the information security risks in the remote work location. A research gap was identified as no existing ‘secure PESE like’ device fully conformed to the concept, enabling a research problem and objectives to be defined. Novel secure storage and execution environments were developed and used to construct a secure PESE suitable for commercial remote work and a high assurance secure PESE suitable for security critical remote work. The commercial secure PESE was trialled with an existing telework team looking to improve security and the high assurance secure PESE was trialled within an organisation that had previously vetoed remote working due to the sensitivity of the data it processed. An evaluation of the research findings found that the objectives had been satisfied. Using DSR evaluation frameworks it was determined that the body of knowledge had improved an area of study with sufficient evidence generated to assert a nascent design theory for secure PESEs. The thesis highlights the limitations of the research while opportunities for future work are also identified. This thesis presents ten published papers coupled with additional doctoral research (that was not published) which postulates the research argument that ‘secure PESEs can be used to manage information security risks within the remote work environment’

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Crossing the Line: Censorship, Borders, and the Queer Poetics of Disclosure in English-Canadian Writing, 1967-2000

Since Confederation enshrined Canada Customs’ mandate to seize “indecent and immoral” material, the nation’s borders have served as discursive sites of sexual censorship for the LGBTTQ lives and literatures that cross the line. While the Supreme Court’s decision in Little Sisters v. Canada (2000) upheld the agency’s power to exclude obscenity, the Court found Customs discriminatory in their preemptive seizures of LGBTTQ material. Extrapolating from this case of the state’s failure to sufficiently ‘read’ queer sex at the border, this dissertation moves beyond studies of how obscenity law regulates literary content to posit that LGBTTQ authors innovate aesthetics in response to a complex network of explicit and implicit forms of censorship. The numerous inter- and intra-national border crossings represented by queer writing in Canada correspond with sexual expressions that challenge the Charter’s “reasonable limits,” remaking the discursive boundaries of free speech in Canada. Informed by a range of literary critics, queer theorists, sociologists, and legal scholars, the dissertation examines compositional strategies that appropriate and exceed the practice of censorship in order to theorize what I call a “queer poetics of disclosure.” Chapter One revisits Scott Symons’ pre-liberation novel Place d’Armes (1967) alongside the era’s divergent nationalisms and the imminent decriminalization of homosexuality in 1969. Symons re-maps Montreal in text and illustration and produces metafictional boundaries that challenge subjective definitions of obscenity. Chapter Two considers Contract with the World (1980) by the American-Canadian novelist Jane Rule. Rule’s developing style of multivalent narration, coinciding with her anti-censorship advocacy, articulates an ambivalent, or borderline, model of sexual citizenship. Chapter Three concerns Daphne Marlatt and Betsy Warland’s long-poem Double Negative (1988), an experimental narrative of their Australian travels. Marlatt and Warland’s erotic, language-mediated poetics evade both censure and the individualism of free speech discourse by questioning the limits of lyric expression. Chapter Four examines Gregory Scofield’s lyric silences in poetry that asserts a gay Métis subjectivity. Focusing on Native Canadiana (1996), this chapter revisits anxieties of blood and border crossings during the HIV/AIDS crisis in order to draw out the implications of settler-colonial sexual censorship just before the Supreme Court’s ruling in 2000

La projection d'usage des TICs : la composition de fictions axiomatiques au service de la recherche technologique

Innovation is today a major and strategic asset for organisations that compete in a hypercompetitive world (D'Avenir & Gunther, 1994). They are trying to face these new challenges, by using a diversity of “expert systems” typical of our « advanced modernity » (Giddens, 1990). Amongst those, boosting R&D activities is major inputs that demand the use of different expertises. Speculative researches for innovation are one of them. They take place in the “Fuzzy Front End” of innovation, a place where the construction of the social reality of invention is made : its usage, or to be more precise, its projection. Our thesis examines these knowledge-producing technologies and tries to make understable the policies at work, the performance of embedded collectives on the innovation itself, and on themselves, and the arrangements made during this process. Our work in the Grenoble industrial area and collaboration with the CEA-LETI helped us to propose an understanding of these projections as compositions of axiomatic fictions for technological research. Analysing the concept of usage, we highlight its careers and the mutation of associated practices. Interrogating one form of projection, the scenario, we show the links that lie between fiction and perfomativity. By leaning on the project mutating components, we demonstrate the axiomatic character of the projection, understood as a form of answer made to a social demand that comes from different places, and whose necessity of actionnable knowledge is solved by composing with moving data.L'« hypercompétitivité » (D'Avenir & Gunther, 1994) qui caractérise notre environnement économique contemporain fait de l'innovation une préoccupation stratégique pour les organisations. Celles-ci tentent de répondre à cette injonction par le recours à une multitude de « systèmes experts », caractéristique de la « modernité avancée » (Giddens, 1990). Parmi ceux-ci, la stimulation des activités de R&D est reconnue comme une contribution majeure qui nécessite l'utilisation croissante de champs d'expertises variés. C'est dans ce contexte que les sciences sociales sont mobilisées comme forme d'expertise contributives des « recherches spéculatives pour l'innovation » (Stewart & Claeys, 2009). Ces recherches interviennent en amont de processus d'innovation, en un lieu nommé « Fuzzy Front End » (Smith & Reinertsen, 1995), lieu dans lequel se forge la construction de la réalité sociale de l'invention : son usage ou plutôt sa projection. Notre thèse s'interroge sur ces technologies de production de connaissances que sont les projections d'usage et ambitionne de rendre intelligibles les politiques qu'elles mettent en oeuvre, la performance des collectifs mobilisés sur les recherches et sur eux-mêmes ainsi que les arrangements déployés par les acteurs durant ces processus. Notre immersion dans le tissu industriel grenoblois, et en particulier dans l'environnement du CEA-LETI, nous a permis de proposer une lecture des projections d'usage comme des compositions de fictions axiomatiques au service de la recherche technologique. En scrutant le concept d'usage, nous mettons en lumière les carrières empruntées par celui-ci et les mutations des pratiques associées. En interrogeant l'une des formes de la projection d'usage, le scénario, nous mettons en évidence les liens entre performativité et recours à la fiction. En interrogeant les mutations des composantes du projet, nous démontrons le caractère axiomatique des projections, en tant que forme de réponse à une demande sociale qui émane de plusieurs endroits et dont l'exigence de production de savoirs actionnables nécessite de composer avec des données en mouvement

Against remediation

No description supplie