137 research outputs found

    Attacking Windows Hello for Business: Is It What We Were Promised?

    Get PDF
    Traditional password authentication methods have raised many issues in the past, including insecure practices, so it comes as no surprise that the evolution of authentication should arrive in the form of password-less solutions. This research aims to explore the problems that password authentication and password policies present and aims to deploy Windows Hello for Business (WHFB) on-premises. This includes creating three virtual machines (VMs) and evaluating WHFB as a password-less solution and showing how an attacker with privileged access may retrieve the end user’s domain password from the computer’s memory using Mimikatz and describing the possible results. The conducted research tests are in the form of two attack methods. This was feasible by the creation of three VMs operating in the following way. The first VM will act as a domain controller (DC) and certificate authority server (CA server). The second VM will act as an Active Directory Federation Service (ADFS). The third VM will act as the end-user device. The test findings research summarized that password-less authentication is far more secure than the traditional authentication method; this is evidenced throughout the author’s tests. Within the first test, it was possible to retrieve the password from an enrolled device for WHFB while it was still in the second phase of the deployment. The second test was a brute-force attack on the PIN of WHFB; since WHFB has measures to prevent such attacks, the attack was unsuccessful. However, even though the retrieval of the password was successful, there are several obstacles to achieving this outcome. It was concluded that many organizations still use password authentication as their primary authentication method for accessing devices and applications. Larger organizations such as Microsoft and Google support the adoption of password-less authentication for end-users, and the current usage of password-less authentication shared by both organizations is encouraged. This usually leads organizations to adopt this new solution for their IT infrastructure. This is because it has been used and tested by millions of people and has proven to be safe. This supports the findings of increased usage and the need for password-less authentication by today’s users

    A Low-Energy Security Solution for IoT-Based Smart Farms

    Get PDF
    This work proposes a novel configuration of the Transport Layer Security protocol (TLS), suitable for low energy Internet of Things (IoT), applications. The motivation behind the redesign of TLS is energy consumption minimisation and sustainable farming, as exemplified by an application domain of aquaponic smart farms. The work therefore considers decentralisation of a formerly centralised security model, with a focus on reducing energy consumption for battery powered devices. The research presents a four-part investigation into the security solution, composed of a risk assessment, energy analysis of authentication and data exchange functions, and finally the design and verification of a novel consensus authorisation mechanism. The first investigation considered traditional risk-driven threat assessment, but to include energy reduction, working towards device longevity within a content-oriented framework. Since the aquaponics environments include limited but specific data exchanges, a content-oriented approach produced valuable insights into security and privacy requirements that would later be tested by implementing a variety of mechanisms available on the ESP32. The second and third investigations featured the energy analysis of authentication and data exchange functions respectively, where the results of the risk assessment were implemented to compare the re-configurations of TLS mechanisms and domain content. Results concluded that selective confidentiality and persistent secure sessions between paired devices enabled considerable improvements for energy consumptions, and were a good reflection of the possibilities suggested by the risk assessment. The fourth and final investigation proposed a granular authorisation design to increase the safety of access control that would otherwise be binary in TLS. The motivation was for damage mitigation from inside attacks or network faults. The approach involved an automated, hierarchy-based, decentralised network topology to reduce data duplication whilst still providing robustness beyond the vulnerability of central governance. Formal verification using model-checking indicated a safe design model, using four automated back-ends. The research concludes that lower energy IoT solutions for the smart farm application domain are possible

    TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors

    Get PDF
    Platforms are nowadays typically equipped with trusted execution environments (TEEs), such as Intel SGX or ARM TrustZone. However, recent microarchitectural attacks on TEEs repeatedly broke their confidentiality guarantees, including the leakage of long-term cryptographic secrets. These systems are typically also equipped with a cryptographic coprocessor, such as a TPM or Google Titan. These coprocessors offer a unique set of security features focused on safeguarding cryptographic secrets. Still, despite their simultaneous availability, the integration between these technologies is practically nonexistent, which prevents them from benefitting from each other’s strengths. In this paper, we propose TALUS , a general design and a set of three main requirements for a secure symbiosis between TEEs and cryptographic coprocessors. We implement a proof-of-concept of TALUS based on Intel SGX and a hardware TPM. We show that with TALUS, the long-term secrets used in the SGX life cycle can be moved to the TPM. We demonstrate that our design is robust even in the presence of transient execution attacks, preventing an entire class of attacks due to the reduced attack surface on the shared hardware

    Jornadas Nacionales de InvestigaciĂłn en Ciberseguridad: actas de las VIII Jornadas Nacionales de InvestigaciĂłn en ciberseguridad: Vigo, 21 a 23 de junio de 2023

    Get PDF
    Jornadas Nacionales de InvestigaciĂłn en Ciberseguridad (8ÂŞ. 2023. Vigo)atlanTTicAMTEGA: Axencia para a modernizaciĂłn tecnolĂłxica de GaliciaINCIBE: Instituto Nacional de Cibersegurida

    TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors (Technical Report)

    Full text link
    Platforms are nowadays typically equipped with tristed execution environments (TEES), such as Intel SGX and ARM TrustZone. However, recent microarchitectural attacks on TEEs repeatedly broke their confidentiality guarantees, including the leakage of long-term cryptographic secrets. These systems are typically also equipped with a cryptographic coprocessor, such as a TPM or Google Titan. These coprocessors offer a unique set of security features focused on safeguarding cryptographic secrets. Still, despite their simultaneous availability, the integration between these technologies is practically nonexistent, which prevents them from benefitting from each other's strengths. In this paper, we propose TALUS, a general design and a set of three main requirements for a secure symbiosis between TEEs and cryptographic coprocessors. We implement a proof-of-concept of TALUS based on Intel SGX and a hardware TPM. We show that with TALUS, the long-term secrets used in the SGX life cycle can be moved to the TPM. We demonstrate that our design is robust even in the presence of transient execution attacks, preventing an entire class of attacks due to the reduced attack surface on the shared hardware.Comment: In proceedings of Financial Cryptography 2023. This is the technical report of the published pape

    Understanding and Measuring Privacy and Security Assertions of Mobile and VR Applications

    Get PDF
    The emergence of the COVID-19 pandemic has catalysed a profound transformation in the way mobile applications are utilised and engaged with by consumers. There has been a noticeable surge in people relying on applications for various purposes such as entertainment, remote work, and daily activities. These services collect large amounts of users’ personal information and use them in many areas, such as in medical and financial systems, but they also pose an unprecedented threat to users’ privacy and security. Many international jurisdictions have enacted privacy laws and regulations to restrict the behaviour of apps and define the obligations of app developers. Although various privacy assertions are required in app stores, such as the permission list and the privacy policies, it is usually difficult for regular users to understand the potential threats the app may pose, let alone identify undesired or malicious application behaviours. In this thesis, I have developed a comprehensive framework to assess the current privacy practices of mobile applications. The framework first establishes a knowledge base (including datasets) to model privacy and security assertions. It then builds a sound evaluation system to analyse the privacy practices of mobile applications. Large-scale privacy evaluations were conducted on different realworld datasets, including privacy policies, contact tracing apps, and children’s apps, with the aim of revealing the risks associated with mobile application privacy. Lastly, a novel approach to applying differential privacy on streamed spatial data in VR applications is proposed. This thesis provides a comprehensive guideline for the mobile software industry and legislators to build a stronger and safer privacy ecosystem.Thesis (Ph.D.) -- University of Adelaide, School of Computer and Mathematical Sciences, 202

    Measuring and characterizing weak RSA keys across PKI ecosystem

    Get PDF
    The insecurities of public-key infrastructure on the Internet have been the focus of research for over a decade. The extensive presence of broken, weak, and vulnerable cryptographic keys has been repeatedly emphasized by many studies. Analyzing the security implications of cryptographic keys' vulnerabilities, several studies noted the presence of public key reuse. While the phenomenon of private key sharing was extensively studied, the prevalence of public key sharing on the Internet remains largely unknown. This work performs a large-scale analysis of public key reuse within the PKI ecosystem. This study investigates the presence and distribution of duplicate X.509 certificates and reused RSA public keys across a large collection containing over 315 million certificates and over 13 million SSH keys collected over several years. This work analyzes the cryptographic weaknesses of duplicate certificates and reused keys and investigates the reasons and sources of reuse. The results reveal that certificate and key sharing are common and persistent. The findings show over 10 million certificates and 17 million public keys are reused across time and shared between the collections. Observations show keys with non-compliant cryptographic elements stay available for an extended period of time. The widespread adoption of Android apps has led to increasing concerns about the reuse of digital certificates. Android app developers frequently depend on digital certificates to sign their applications, and users place their trust in an app when they recognize the owner provided by the same certificate. Although the presence of cryptographic misuse has been acknowledged by several studies, its extent and characteristics are not well understood. This study performs a detailed analysis of code-signing certificate reuse across the Android ecosystem and malware binaries on a collection of over 19 million certificates and over 9 million keys extracted from PE files and Android applications collected over several years. The results reveal that despite the growing nature of the Android ecosystem, the misuse of cryptographic elements is common and persistent. The findings uncover several issues and enable us to provide a series of applicable solutions to the seen security flaws

    Recent Trends on Privacy-Preserving Technologies under Standardization at the IETF

    Full text link
    End-users are concerned about protecting the privacy of their sensitive personal data that are generated while working on information systems. This extends to both the data they actively provide including personal identification in exchange for products and services as well as its related metadata such as unnecessary access to their location. This is when certain privacy-preserving technologies come into a place where Internet Engineering Task Force (IETF) plays a major role in incorporating such technologies at the fundamental level. Thus, this paper offers an overview of the privacy-preserving mechanisms for layer 3 (i.e. IP) and above that are currently under standardization at the IETF. This includes encrypted DNS at layer 5 classified as DNS-over-TLS (DoT), DNS-over-HTTPS (DoH), and DNS-over-QUIC (DoQ) where the underlying technologies like QUIC belong to layer 4. Followed by that, we discuss Privacy Pass Protocol and its application in generating Private Access Tokens and Passkeys to replace passwords for authentication at the application layer (i.e. end-user devices). Lastly, to protect user privacy at the IP level, Private Relays and MASQUE are discussed. This aims to make designers, implementers, and users of the Internet aware of privacy-related design choices.Comment: 9 pages, 5 figures, 1 tabl

    Cryptographic Protocols for Privacy Enhancing Technologies: From Privacy Preserving Human Attestation to Internet Voting

    Get PDF
    Desire of privacy is oftentimes associated with the intention to hide certain aspects of our thoughts or actions due to some illicit activity. This is a narrow understanding of privacy, and a marginal fragment of the motivations for undertaking an action with a desired level of privacy. The right for not being subject to arbitrary interference of our privacy is part of the universal declaration of human rights (Article 12) and, above that, a requisite for our freedom. Developing as a person freely, which results in the development of society, requires actions to be done without a watchful eye. While the awareness of privacy in the context of modern technologies is not widely spread, it is clearly understood, as can be seen in the context of elections, that in order to make a free choice one needs to maintain its privacy. So why demand privacy when electing our government, but not when selecting our daily interests, books we read, sites we browse, or persons we encounter? It is popular belief that the data that we expose of ourselves would not be exploited if one is a law-abiding citizen. No further from the truth, as this data is used daily for commercial purposes: users’ data has value. To make matters worse, data has also been used for political purposes without the user’s consent or knowledge. However, the benefits that data can bring to individuals seem endless and a solution of not using this data at all seems extremist. Legislative efforts have tried, in the past years, to provide mechanisms for users to decide what is done with their data and define a framework where companies can use user data, but always under the consent of the latter. However, these attempts take time to take track, and have unfortunately not been very successful since their introduction. In this thesis we explore the possibility of constructing cryptographic protocols to provide a technical, rather than legislative, solution to the privacy problem. In particular we focus on two aspects of society: browsing and internet voting. These two events shape our lives in one way or another, and require high levels of privacy to provide a safe environment for humans to act upon them freely. However, these two problems have opposite solutions. On the one hand, elections are a well established event in society that has been around for millennia, and privacy and accountability are well rooted requirements for such events. This might be the reason why its digitalisation is something which is falling behind with respect to other acts of our society (banking, shopping, reading, etc). On the other hand, browsing is a recently introduced action, but that has quickly taken track given the amount of possibilities that it opens with such ease. We now have access to whatever we can imagine (except for voting) at the distance of a click. However, the data that we generate while browsing is extremely sensitive, and most of it is disclosed to third parties under the claims of making the user experience better (targeted recommendations, ads or bot-detection). Chapter 1 motivates why resolving such a problem is necessary for the progress of digital society. It then introduces the problem that this thesis aims to resolve, together with the methodology. In Chapter 2 we introduce some technical concepts used throughout the thesis. Similarly, we expose the state-of-the-art and its limitations. In Chapter 3 we focus on a mechanism to provide private browsing. In particular, we focus on how we can provide a safer, and more private way, for human attestation. Determining whether a user is a human or a bot is important for the survival of an online world. However, the existing mechanisms are either invasive or pose a burden to the user. We present a solution that is based on a machine learning model to distinguish between humans and bots that uses natural events of normal browsing (such as touch the screen of a phone) to make its prediction. To ensure that no private data leaves the user’s device, we evaluate such a model in the device rather than sending the data over the wire. To provide insurance that the expected model has been evaluated, the user’s device generates a cryptographic proof. However this opens an important question. Can we achieve a high level of accuracy without resulting in a noneffective battery consumption? We provide a positive answer to this question in this work, and show that a privacy-preserving solution can be achieved while maintaining the accuracy high and the user’s performance overhead low. In Chapter 4 we focus on the problem of internet voting. Internet voting means voting remotely, and therefore in an uncontrolled environment. This means that anyone can be voting under the supervision of a coercer, which makes the main goal of the protocols presented to be that of coercionresistance. We need to build a protocol that allows a voter to escape the act of coercion. We present two proposals with the main goal of providing a usable, and scalable coercion resistant protocol. They both have different trade-offs. On the one hand we provide a coercion resistance mechanism that results in linear filtering, but that provides a slightly weaker notion of coercion-resistance. Secondly, we present a mechanism with a slightly higher complexity (poly-logarithmic) but that instead provides a stronger notion of coercion resistance. Both solutions are based on a same idea: allowing the voter to cast several votes (such that only the last one is counted) in a way that cannot be determined by a coercer. Finally, in Chapter 5, we conclude the thesis, and expose how our results push one step further the state-of-the-art. We concisely expose our contributions, and describe clearly what are the next steps to follow. The results presented in this work argue against the two main claims against privacy preserving solutions: either that privacy is not practical or that higher levels of privacy result in lower levels of security.Programa de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de MadridPresidente: Agustín Martín Muñoz.- Secretario: José María de Fuentes García-Romero de Tejada.- Vocal: Alberto Peinado Domíngue
    • …
    corecore