Crypto-test-lab for security validation of ECC co-processor test infrastructure

© 20xx IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting /republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other worksElliptic Curve Cryptography (ECC) is a technology for public-key cryptography that is becoming increasingly popular because it provides greater speed and implementation compactness than other public-key technologies. Calculations, however, may not be executed by software, since it would be so time consuming, thus an ECC co-processor is commonly included to accelerate the speed. Test infrastructure in crypto co-processors is often avoided because it poses serious security holes against adversaries. However, ECC co-processors include complex modules for which only functional test methodologies are unsuitable, because they would take an unacceptably long time during the production test. Therefore, some internal test infrastructure is always included to permit the application of structural test techniques. Designing a secure test infrastructure is quite a complex task that relies on the designer's experience and on trial & error iterations over a series of different types of attacks. Most of the severe attacks cannot be simulated because of the demanding computational effort and the lack of proper attack models. Therefore, prototypes are prepared using FPGAs. In this paper, a Crypto-Test-Lab is presented that includes an ECC co-processor with flexible test infrastructure. Its purpose is to facilitate the design and validation of secure strategies for testing in this type of co-processor.Postprint (author's final draft

DSTC: DNS-based Strict TLS Configurations

Most TLS clients such as modern web browsers enforce coarse-grained TLS security configurations. They support legacy versions of the protocol that have known design weaknesses, and weak ciphersuites that provide fewer security guarantees (e.g. non Forward-Secrecy), mainly to provide backward compatibility. This opens doors to downgrade attacks, as is the case of the POODLE attack [18], which exploits the client's silent fallback to downgrade the protocol version to exploit the legacy version's flaws. To achieve a better balance between security and backward compatibility, we propose a DNS-based mechanism that enables TLS servers to advertise their support for the latest version of the protocol and strong ciphersuites (that provide Forward-Secrecy and Authenticated-Encryption simultaneously). This enables clients to consider prior knowledge about the servers' TLS configurations to enforce a fine-grained TLS configurations policy. That is, the client enforces strict TLS configurations for connections going to the advertising servers, while enforcing default configurations for the rest of the connections. We implement and evaluate the proposed mechanism and show that it is feasible, and incurs minimal overhead. Furthermore, we conduct a TLS scan for the top 10,000 most visited websites globally, and show that most of the websites can benefit from our mechanism

Can Emergency Physicians Perform Carotid Artery Point-of-Care Ultrasound to Detect Stenosis in Patients with TIA and Stroke? A Pilot Study

Introduction: Patients with severe, symptomatic carotid stenosis can have their subsequent stroke risk reduced by surgical intervention if performed soon after a transient ischemic attack (TIA) or stroke. Patients presenting to an emergency department (ED) without computed tomography angiography (CTA) with TIA/stroke, may require transfer to another hospital for imaging to rule out carotid artery stenosis. The objective of this study was to determine the test characteristics of carotid artery point-of-care ultrasound (POCUS) in detecting greater than 50% stenosis in patients presenting with TIA/stroke.Methods: We conducted a prospective cohort study on a convenience sample of adult patients presenting to a comprehensive stroke centre with TIA or stroke between June–October 2017. Carotid POCUS was performed. Primary outcome measure, stenosis ≥ 50%, was determined by the final radiology report of CTA. A blinded POCUS expert separately reviewed the archived carotid POCUS scans. We calculated sensitivity and specificity for stenosis ≥ 50%.Results: We conducted POCUS on 75 patients, of which 70 were included in our analyses. Of those 70, 14.3% were diagnosed with greater than 50% stenosis. Carotid POCUS performed as follows: sensitivity 70.0% (95% confidence interval [CI], 34.8%-93.3%); specificity 86.7% (95% CI, 75.4%-94.1%); positive likelihood ratio (LR +) 5.3 (95% CI, 1.2-9.3); negative likelihood ratio (LR -) 0.4 (95% CI, 0.0-0.7). The inter-rater reliability between POCUS performer interpretation and expert interpretation had moderate agreement (k = 0.68). Scans took a mean 6.2 ± 2.2 minutes to complete.Conclusion: Carotid POCUS has low to moderate association with CTA for detection of carotid artery stenosis ≥ 50%. Further research and investigation is needed prior to widespread use of carotid POCUS in patients with acute cerebral ischemia. Additionally, external validity is likely affected by availability of training, maintenance of competency, and experience in more rural centres

InternalBlue - Bluetooth Binary Patching and Experimentation Framework

Bluetooth is one of the most established technologies for short range digital wireless data transmission. With the advent of wearables and the Internet of Things (IoT), Bluetooth has again gained importance, which makes security research and protocol optimizations imperative. Surprisingly, there is a lack of openly available tools and experimental platforms to scrutinize Bluetooth. In particular, system aspects and close to hardware protocol layers are mostly uncovered. We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread in off-the-shelf devices. Thus, we offer deep insights into the internal architecture of a popular commercial family of Bluetooth controllers used in smartphones, wearables, and IoT platforms. Reverse engineered functions can then be altered with our InternalBlue Python framework---outperforming evaluation kits, which are limited to documented and vendor-defined functions. The modified Bluetooth stack remains fully functional and high-performance. Hence, it provides a portable low-cost research platform. InternalBlue is a versatile framework and we demonstrate its abilities by implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we discover a novel critical security issue affecting a large selection of Broadcom chipsets that allows executing code within the attacked Bluetooth firmware. We further show how to use our framework to fix bugs in chipsets out of vendor support and how to add new security features to Bluetooth firmware

SCADA System Testbed for Cybersecurity Research Using Machine Learning Approach

This paper presents the development of a Supervisory Control and Data Acquisition (SCADA) system testbed used for cybersecurity research. The testbed consists of a water storage tank's control system, which is a stage in the process of water treatment and distribution. Sophisticated cyber-attacks were conducted against the testbed. During the attacks, the network traffic was captured, and features were extracted from the traffic to build a dataset for training and testing different machine learning algorithms. Five traditional machine learning algorithms were trained to detect the attacks: Random Forest, Decision Tree, Logistic Regression, Naive Bayes and KNN. Then, the trained machine learning models were built and deployed in the network, where new tests were made using online network traffic. The performance obtained during the training and testing of the machine learning models was compared to the performance obtained during the online deployment of these models in the network. The results show the efficiency of the machine learning models in detecting the attacks in real time. The testbed provides a good understanding of the effects and consequences of attacks on real SCADA environmentsComment: E-Preprin