Nonce-based Kerberos is a Secure Delegated AKE Protocol

Kerberos is one of the most important cryptographic protocols, first because it is the basisc authentication protocol in Microsoft\u27s Active Directory and shipped with every major operating system, and second because it served as a model for all Single-Sign-On protocols (e.g. SAML, OpenID, MS Cardspace, OpenID Connect). Its security has been confirmed with several Dolev-Yao style proofs, and attacks on certain versions of the protocol have been described. However despite its importance, despite its longevity, and despite the wealth of Dolev-Yao-style security proofs, no reduction based security proof has been published until now. This has two reasons: (1) All widely accepted formal models either deal with two-party protocols, or group key agreement protocols (where all entities have the same role), but not with 3-party protocols where each party has a different role. (2) Kerberos uses timestamps and nonces, and formal security models for timestamps are not well understood up to now. As a step towards a full security proof of Kerberos, we target problem (1) here: We propose a variant of the Kerberos protocol, where nonces are used instead of timestamps. This requires one additional protocol message, but enables a proof in the standard Bellare-Rogaway (BR) model. The key setup and the roles of the different parties are identical to the original Kerberos protocol. For our proof, we only require that the authenticated encryption and the message authentication code (MAC) schemes are secure. Under these assumptions we show that the probability that a client or server process oracle accepts maliciously, and the advantage of an adversary trying to distinguish a real Kerberos session key from a random value, are both negligible. One main idea in the proof is to model the Kerberos server a a public oracle, so that we do not have to consider the security of the connection client--Kerberos. This idea is only applicable to the communication pattern adapted by Kerberos, and not to other 3-party patterns (e.g. EAP protocols)

Practical Secure Logging: Seekable Sequential Key Generators

In computer forensics, log files are indispensable resources that support auditors in identifying and understanding system threats and security breaches. If such logs are recorded locally, i.e., stored on the monitored machine itself, the problem of log authentication arises: if a system intrusion takes place, the intruder might be able to manipulate the log entries and cover her traces. Mechanisms that cryptographically protect collected log messages from manipulation should ideally have two properties: they should be *forward-secure* (the adversary gets no advantage from learning current keys when aiming at forging past log entries), and they should be *seekable* (the auditor can verify the integrity of log entries in any order or access pattern, at virtually no computational cost). We propose a new cryptographic primitive, a *seekable sequential key generator* (SSKG), that combines these two properties and has direct application in secure logging. We rigorously formalize the required security properties and give a provably-secure construction based on the integer factorization problem. We further optimize the scheme in various ways, preparing it for real-world deployment. As a byproduct, we develop the notion of a *shortcut one-way permutation* (SCP), which might be of independent interest. Our work is highly relevant in practice. Indeed, our SSKG implementation has become part of the logging service of the systemd system manager, a core component of many modern commercial Linux-based operating systems

Secrecy Constrained Distributed Inference in Wireless Sensor Networks

Comprised of a large number of low-cost, low-power, mobile and miniature sensors, wireless sensor networks are widely employed in many applications, such as environmental monitoring, health-care, and diagnostics of complex systems. In wireless sensor networks, the sensor outputs are transmitted across a wireless communication network to legitimate users such as fusion centers for final decision-making. Because of the wireless links across the network, the data are vulnerable to security breaches. For many applications, the data collected by local sensors are extremely sensitive, and care must be taken to prevent that information from being leaked to any malicious third parties, e.g., eavesdroppers. Eavesdropping is one of the most significant threats to wireless sensor networks, where local sensors are tapped by an eavesdropper in order to intercept information. I considered distributed inference in the presence of a global, greedy and informed eavesdropper who has access to all local node outputs rather than access. My goal is to develop secured distributed systems against eavesdropping attacks using a physical-layer security approach instead of cryptography techniques because of the stringent constraints on sensor networks energy and computational capability. The physical-layer security approach utilizes the characteristics of the physical layer, including transmission channels noises, and the information of the source. Additionally, physical-layer security for distributed inference is scalable due to the low computational complexity. I first investigate secrecy constrained distributed detection under both Neyman-Pearson and Bayesian frameworks. I analyze the asymptotic detection performance and proposed a novel way of analyzing the maximum performance trade-off using Kullback-Leibler divergence ratio between the fusion center and eavesdropper. Under the Neyman-Pearson framework, I show that the eavesdropper\u27s detection performance can be limited such that her decision-making is no better than random guessing; meanwhile, the detection performance at the fusion center is guaranteed at the prespecified level. Similar analyses and proofs are provided under the Bayesian framework, where it was shown that an eavesdropper can be constrained to an error probability level equal to her prior information. Additionally, I derive the asymptotic error exponent and show that asymptotic perfect secrecy and asymptotic perfect detection are possible by increasing the number of sensors under both frameworks if the fusion center has noiseless channels to the sensors. For secrecy constrained distributed estimation, I conducted similar analysis under both a classical setting and Bayesian setting. I derived the maximum achievable secrecy performance and show that under the condition that the eavesdropper has noisy channels and the fusion center has noiseless channels, both asymptotic perfect secrecy and asymptotic perfect estimation can be achieved under a classical setting. Similarly, under a Bayesian setting, I derived the performance trade-off using Fisher information ratio and show that the fusion center outperforms the eavesdropper significantly in the simulation section. Secrecy constrained in distributed inference with Rayleigh fading binary symmetric channel is considered as well. Similarly, I derive the maximum achievable secrecy performance ratio for both detection and estimation. The maximum achievable trade-off turns out to be almost the same in distributed estimation as in distributed detection. This suggests that a universal framework for generally structured inference problems are feasible. Further investigations are needed to justify this conjecture for more general applications

Improving Desktop System Security Using Compartmentalization

abstract: Compartmentalizing access to content, be it websites accessed in a browser or documents and applications accessed outside the browser, is an established method for protecting information integrity [12, 19, 21, 60]. Compartmentalization solutions change the user experience, introduce performance overhead and provide varying degrees of security. Striking a balance between usability and security is not an easy task. If the usability aspects are neglected or sacrificed in favor of more security, the resulting solution would have a hard time being adopted by end-users. The usability is affected by factors including (1) the generality of the solution in supporting various applications, (2) the type of changes required, (3) the performance overhead introduced by the solution, and (4) how much the user experience is preserved. The security is affected by factors including (1) the attack surface of the compartmentalization mechanism, and (2) the security decisions offloaded to the user. This dissertation evaluates existing solutions based on the above factors and presents two novel compartmentalization solutions that are arguably more practical than their existing counterparts. The first solution, called FlexICon, is an attractive alternative in the design space of compartmentalization solutions on the desktop. FlexICon allows for the creation of a large number of containers with small memory footprint and low disk overhead. This is achieved by using lightweight virtualization based on Linux namespaces. FlexICon uses two mechanisms to reduce user mistakes: 1) a trusted file dialog for selecting files for opening and launching it in the appropriate containers, and 2) a secure URL redirection mechanism that detects the user’s intent and opens the URL in the proper container. FlexICon also provides a language to specify the access constraints that should be enforced by various containers. The second solution called Auto-FBI, deals with web-based attacks by creating multiple instances of the browser and providing mechanisms for switching between the browser instances. The prototype implementation for Firefox and Chrome uses system call interposition to control the browser’s network access. Auto-FBI can be ported to other platforms easily due to simple design and the ubiquity of system call interposition methods on all major desktop platforms.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Computer-Aided Writeprint Modelling for Cybercrime Investigations

E-mail has become the most common way to communicate on the Internet, but e-mail security and privacy mechanisms are still lacking. This has proven to be a very valuable characteristic for criminals, who can easily take advantage of e-mail’s various weaknesses to remain anonymous. Consequently, cybercrime investigators need to rely on computer-aided writeprint modelling methods and tools to identify the real author of malicious e- mails with transformed semantic content. In this paper, we propose a customized version of associative classification, a well-known data mining method, as well as a Support Count method, to address the authorship attribution problem. Experimental results on real-life data suggest that our proposed algorithms can achieve good classification accuracy on the e-mail author attribution problem through the use of writeprint modelling

A Formal Approach to Combining Prospective and Retrospective Security

The major goal of this dissertation is to enhance software security by provably correct enforcement of in-depth policies. In-depth security policies allude to heterogeneous specification of security strategies that are required to be followed before and after sensitive operations. Prospective security is the enforcement of security, or detection of security violations before the execution of sensitive operations, e.g., in authorization, authentication and information flow. Retrospective security refers to security checks after the execution of sensitive operations, which is accomplished through accountability and deterrence. Retrospective security frameworks are built upon auditing in order to provide sufficient evidence to hold users accountable for their actions and potentially support other remediation actions. Correctness and efficiency of audit logs play significant roles in reaching the accountability goals that are required by retrospective, and consequently, in-depth security policies. This dissertation addresses correct audit logging in a formal framework. Leveraging retrospective controls beside the existing prospective measures enhances security in numerous applications. This dissertation focuses on two major application spaces for in-depth enforcement. The first is to enhance prospective security through surveillance and accountability. For example, authorization mechanisms could be improved by guaranteed retrospective checks in environments where there is a high cost of access denial, e.g., healthcare systems. The second application space is the amelioration of potentially flawed prospective measures through retrospective checks. For instance, erroneous implementations of input sanitization methods expose vulnerabilities in taint analysis tools that enforce direct flow of data integrity policies. In this regard, we propose an in-depth enforcement framework to mitigate such problems. We also propose a general semantic notion of explicit flow of information integrity in a high-level language with sanitization. This dissertation studies the ways by which prospective and retrospective security could be enforced uniformly in a provably correct manner to handle security challenges in legacy systems. Provable correctness of our results relies on the formal Programming Languages-based approach that we have taken in order to provide software security assurance. Moreover, this dissertation includes the implementation of such in-depth enforcement mechanisms for a medical records web application

Exploiting tactics, techniques, and procedures for malware detection

There has been a meteoric rise in the use of malware to perpetrate cybercrime and more generally, serve the interests of malicious actors. As a result, malware has evolved both in terms of its sheer variety and sophistication. There is hence a need for developing effective malware detection systems to counter this surge. Typically, most such systems nowadays are purely data-driven - they utilise Machine Learning (ML) based approaches which rely on large volumes of data, to spot patterns, detect anomalies, and thus detect malware. In this thesis, we propose a methodology for malware detection on networks that combines human domain knowledge with conventional malware detection approaches to more effectively identify, reason about, and be resilient to malware. Specifically, we use domain knowledge in the form of the Tactics, Techniques, and Procedures (TTPs) described in the MITRE ATT\&CK ontology of adversarial behaviour to build Network Intrusion Detection Systems (NIDS). Through the course of our research, we design and evaluate the first such NIDS that can effectively exploit TTPs for the purpose of malware detection. We then attempt to expand the scope of usability of these TTPs to systems other than our specialised NIDS, and develop a methodology that lets any generic ML-based NIDS exploit these TTPs as model features. We further expand and generalise our approach by modelling it as a multi-label classification problem, which enables us to: (i) detect malware more precisely on the basis of individual TTPs, and (ii) identify the malicious usage of uncommon or rarely-used TTPs. Throughout all our experiments, we rigorously evaluate all our systems on several metrics using large datasets of real-world malware and benign samples. We empirically demonstrate the usefulness of TTPs in the malware detection process, the benefits of a TTP-based approach in reasoning about malware and responding to various challenging conditions, and the overall robustness of our systems to adversarial attack. As a consequence, we establish and improve the state-of-the-art when it comes to detecting network-based malware using TTP-based information. This thesis overall represents a step forward in building automated systems that combine purely-data driven approaches with human expertise in the field of malware analysis

Blockchain-Driven Secure and Transparent Audit Logs

In enterprise business applications, large volumes of data are generated daily, encoding business logic and transactions. Those applications are governed by various compliance requirements, making it essential to provide audit logs to store, track, and attribute data changes. In traditional audit log systems, logs are collected and stored in a centralized medium, making them prone to various forms of attacks and manipulations, including physical access and remote vulnerability exploitation attacks, and eventually allowing for unauthorized data modification, threatening the guarantees of audit logs. Moreover, such systems, and given their centralized nature, are characterized by a single point of failure. To harden the security of audit logs in enterprise business applications, in this work we explore the design space of blockchain-driven secure and transparent audit logs. We highlight the possibility of ensuring stronger security and functional properties by a generic blockchain system for audit logs, realize this generic design through BlockAudit, which addresses both security and functional requirements, optimize BlockAudit through multi-layered design in BlockTrail, and explore the design space further by assessing the functional and security properties the consensus algorithms through comprehensive evaluations. The first component of this work is BlockAudit, a design blueprint that enumerates structural, functional, and security requirements for blockchain-based audit logs. BlockAudit uses a consensus-driven approach to replicate audit logs across multiple application peers to prevent the single-point-of-failure. BlockAudit also uses the Practical Byzantine Fault Tolerance (PBFT) protocol to achieve consensus over the state of the audit log data. We evaluate the performance of BlockAudit using event-driven simulations, abstracted from IBM Hyperledger. Through the performance evaluation of BlockAudit, we pinpoint a need for high scalability and high throughput. We achieve those requirements by exploring various design optimizations to the flat structure of BlockAudit inspired by real-world application characteristics. Namely, enterprise business applications often operate across non-overlapping geographical hierarchies including cities, counties, states, and federations. Leveraging that, we applied a similar transformation to BlockAudit to fragment the flat blockchain system into layers of codependent hierarchies, capable of processing transactions in parallel. Our hierarchical design, called BlockTrail, reduced the storage and search complexity for blockchains substantially while increasing the throughput and scalability of the audit log system. We prototyped BlockTrail on a custom-built blockchain simulator and analyzed its performance under varying transactions and network sizes demonstrating its advantages over BlockAudit. A recurring limitation in both BlockAudit and BlockTrail is the use of the PBFT consensus protocol, which has high complexity and low scalability features. Moreover, the performance of our proposed designs was only evaluated in computer simulations, which sidestepped the complexities of the real-world blockchain system. To address those shortcomings, we created a generic cloud-based blockchain testbed capable of executing five well-known consensus algorithms including Proof-of-Work, Proof-of-Stake, Proof-of-Elapsed Time, Clique, and PBFT. For each consensus protocol, we instrumented our auditing system with various benchmarks to measure the latency, throughput, and scalability, highlighting the trade-off between the different protocols

Routing in heterogeneous wireless ad hoc networks

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Civil and Environmental Engineering, 2008.Includes bibliographical references (p. 135-146).Wireless ad hoc networks are used in several applications ranging from infrastructure monitoring to providing Internet connectivity to remote locations. A common assumption about these networks is that the devices that form the network are homogeneous in their capabilities. However in reality, the networks can be heterogeneous in the capabilities of the devices. The main contribution of this thesis is the identification of issues for efficient communication in heterogeneous networks and the proposed solutions to these issues. The first part of the thesis deals with the issues of unambiguous classification of devices and device identification in ad hoc networks. A taxonomical approach is developed, which allows devices with wide range of capabilities to be classified on the basis of their functionality. Once classified, devices are characterized on the basis of different attributes. An IPv6 identification scheme and two routing services based on this scheme that allow object-object communication are developed. The identification scheme is extended to a multi-addressing scheme for wireless ad hoc networks. These two issues and the developed solutions are applicable to a broad range of heterogeneous networks. The second part of the thesis deals with heterogeneous networks consisting of omnidirectional and directional antennas. A new MAC protocol for directional antennas, request-to-pause-directional-MAC (RTP-DMAC) protocol is developed that solves the deafness issue, which is common in networks with directional antennas. Three new routing metrics, which are extensions to the expected number of transmissions (ETX) metric are developed. The first metric, ETX1, reduces the route length by increasing the transmission power. The routing and MAC layers assume the presence of bidirectional links for their proper operation. However networks with omnidirectional and directional antennas have unidirectional links. The other two metrics, unidirectional-ETX (U-ETX) and unidirectional-ETX1 (U-ETX1), increase the transmission power of the directional nodes so that the unidirectional links appear as bidirectional links at the MAC and the routing layers. The performance of these metrics in different scenarios is evaluated.by Sivaram M.S.L. Cheekiralla.Ph.D