137 research outputs found
Attacking Windows Hello for Business: Is It What We Were Promised?
Traditional password authentication methods have raised many issues in the past, including insecure practices, so it comes as no surprise that the evolution of authentication should arrive in the form of password-less solutions. This research aims to explore the problems that password authentication and password policies present and aims to deploy Windows Hello for Business (WHFB) on-premises. This includes creating three virtual machines (VMs) and evaluating WHFB as a password-less solution and showing how an attacker with privileged access may retrieve the end user’s domain password from the computer’s memory using Mimikatz and describing the possible results. The conducted research tests are in the form of two attack methods. This was feasible by the creation of three VMs operating in the following way. The first VM will act as a domain controller (DC) and certificate authority server (CA server). The second VM will act as an Active Directory Federation Service (ADFS). The third VM will act as the end-user device. The test findings research summarized that password-less authentication is far more secure than the traditional authentication method; this is evidenced throughout the author’s tests. Within the first test, it was possible to retrieve the password from an enrolled device for WHFB while it was still in the second phase of the deployment. The second test was a brute-force attack on the PIN of WHFB; since WHFB has measures to prevent such attacks, the attack was unsuccessful. However, even though the retrieval of the password was successful, there are several obstacles to achieving this outcome. It was concluded that many organizations still use password authentication as their primary authentication method for accessing devices and applications. Larger organizations such as Microsoft and Google support the adoption of password-less authentication for end-users, and the current usage of password-less authentication shared by both organizations is encouraged. This usually leads organizations to adopt this new solution for their IT infrastructure. This is because it has been used and tested by millions of people and has proven to be safe. This supports the findings of increased usage and the need for password-less authentication by today’s users
A Low-Energy Security Solution for IoT-Based Smart Farms
This work proposes a novel configuration of the Transport Layer Security protocol (TLS),
suitable for low energy Internet of Things (IoT), applications. The motivation behind
the redesign of TLS is energy consumption minimisation and sustainable farming, as
exemplified by an application domain of aquaponic smart farms. The work therefore considers
decentralisation of a formerly centralised security model, with a focus on reducing energy
consumption for battery powered devices. The research presents a four-part investigation
into the security solution, composed of a risk assessment, energy analysis of authentication
and data exchange functions, and finally the design and verification of a novel consensus
authorisation mechanism. The first investigation considered traditional risk-driven threat
assessment, but to include energy reduction, working towards device longevity within a
content-oriented framework. Since the aquaponics environments include limited but specific
data exchanges, a content-oriented approach produced valuable insights into security and
privacy requirements that would later be tested by implementing a variety of mechanisms
available on the ESP32.
The second and third investigations featured the energy analysis of authentication
and data exchange functions respectively, where the results of the risk assessment were
implemented to compare the re-configurations of TLS mechanisms and domain content.
Results concluded that selective confidentiality and persistent secure sessions between paired
devices enabled considerable improvements for energy consumptions, and were a good
reflection of the possibilities suggested by the risk assessment.
The fourth and final investigation proposed a granular authorisation design to increase
the safety of access control that would otherwise be binary in TLS. The motivation was
for damage mitigation from inside attacks or network faults. The approach involved an
automated, hierarchy-based, decentralised network topology to reduce data duplication whilst
still providing robustness beyond the vulnerability of central governance. Formal verification
using model-checking indicated a safe design model, using four automated back-ends.
The research concludes that lower energy IoT solutions for the smart farm application
domain are possible
TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors
Platforms are nowadays typically equipped with trusted execution environments (TEEs), such as Intel SGX or ARM TrustZone. However, recent microarchitectural attacks on TEEs repeatedly broke their confidentiality guarantees, including the leakage of long-term cryptographic secrets. These systems are typically also equipped with a cryptographic coprocessor, such as a TPM or Google Titan. These coprocessors offer a unique set of security features focused on safeguarding cryptographic secrets. Still, despite their simultaneous availability, the integration between these technologies is practically nonexistent, which prevents them from benefitting from each other’s strengths.
In this paper, we propose TALUS , a general design and a set of three main requirements for a secure symbiosis between TEEs and cryptographic coprocessors. We implement a proof-of-concept of TALUS based on Intel SGX and a hardware TPM. We show that with TALUS, the long-term secrets used in the SGX life cycle can be moved to the TPM. We demonstrate that our design is robust even in the presence of transient execution attacks, preventing an entire class of attacks due to the reduced attack surface on the shared hardware
Jornadas Nacionales de InvestigaciĂłn en Ciberseguridad: actas de las VIII Jornadas Nacionales de InvestigaciĂłn en ciberseguridad: Vigo, 21 a 23 de junio de 2023
Jornadas Nacionales de InvestigaciĂłn en Ciberseguridad (8ÂŞ. 2023. Vigo)atlanTTicAMTEGA: Axencia para a modernizaciĂłn tecnolĂłxica de GaliciaINCIBE: Instituto Nacional de Cibersegurida
TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors (Technical Report)
Platforms are nowadays typically equipped with tristed execution environments
(TEES), such as Intel SGX and ARM TrustZone. However, recent microarchitectural
attacks on TEEs repeatedly broke their confidentiality guarantees, including
the leakage of long-term cryptographic secrets. These systems are typically
also equipped with a cryptographic coprocessor, such as a TPM or Google Titan.
These coprocessors offer a unique set of security features focused on
safeguarding cryptographic secrets. Still, despite their simultaneous
availability, the integration between these technologies is practically
nonexistent, which prevents them from benefitting from each other's strengths.
In this paper, we propose TALUS, a general design and a set of three main
requirements for a secure symbiosis between TEEs and cryptographic
coprocessors. We implement a proof-of-concept of TALUS based on Intel SGX and a
hardware TPM. We show that with TALUS, the long-term secrets used in the SGX
life cycle can be moved to the TPM. We demonstrate that our design is robust
even in the presence of transient execution attacks, preventing an entire class
of attacks due to the reduced attack surface on the shared hardware.Comment: In proceedings of Financial Cryptography 2023. This is the technical
report of the published pape
Understanding and Measuring Privacy and Security Assertions of Mobile and VR Applications
The emergence of the COVID-19 pandemic has catalysed a profound transformation in the way mobile applications are utilised and engaged with by consumers. There has been a noticeable surge in people relying on applications for various purposes such as entertainment, remote work, and daily activities. These services collect large amounts of users’ personal information and use them in many areas, such as in medical and financial systems, but they also pose an unprecedented threat to users’ privacy and security. Many international jurisdictions have enacted privacy laws and regulations to restrict the behaviour of apps and define the obligations of app developers. Although various privacy assertions are required in app stores, such as the permission list and the privacy policies, it is usually difficult for regular users to understand the potential threats the app may pose, let alone identify undesired or malicious application behaviours. In this thesis, I have developed a comprehensive framework to assess the current privacy practices of mobile applications. The framework first establishes a knowledge base (including datasets) to model privacy and security assertions. It then builds a sound evaluation system to analyse the privacy practices of mobile applications. Large-scale privacy evaluations were conducted on different realworld datasets, including privacy policies, contact tracing apps, and children’s apps, with the aim of revealing the risks associated with mobile application privacy. Lastly, a novel approach to applying differential privacy on streamed spatial data in VR applications is proposed. This thesis provides a comprehensive guideline for the mobile software industry and legislators to build a stronger and safer privacy ecosystem.Thesis (Ph.D.) -- University of Adelaide, School of Computer and Mathematical Sciences, 202
Measuring and characterizing weak RSA keys across PKI ecosystem
The insecurities of public-key infrastructure on the Internet have been the focus of research for over a decade. The extensive presence of broken, weak, and vulnerable cryptographic keys has been repeatedly emphasized by many studies. Analyzing the security implications of cryptographic keys' vulnerabilities, several studies noted the presence of public key reuse. While the phenomenon of private key sharing was extensively studied, the prevalence of public key sharing on the Internet remains largely unknown. This work performs a large-scale analysis of public key reuse within the PKI ecosystem. This study investigates the presence and distribution of duplicate X.509 certificates and reused RSA public keys across a large collection containing over 315 million certificates and over 13 million SSH keys collected over several years. This work analyzes the cryptographic weaknesses of duplicate certificates and reused keys and investigates the reasons and sources of reuse. The results reveal that certificate and key sharing are common and persistent. The findings show over 10 million certificates and 17 million public keys are reused across time and shared between the collections. Observations show keys with non-compliant cryptographic elements stay available for an extended period of time.
The widespread adoption of Android apps has led to increasing concerns about the reuse of digital certificates. Android app developers frequently depend on digital certificates to sign their applications, and users place their trust in an app when they recognize the owner provided by the same certificate. Although the presence of cryptographic misuse has been acknowledged by several studies, its extent and characteristics are not well understood. This study performs a detailed analysis of code-signing certificate reuse across the Android ecosystem and malware binaries on a collection of over 19 million certificates and over 9 million keys extracted from PE files and Android applications collected over several years. The results reveal that despite the growing nature of the Android ecosystem, the misuse of cryptographic elements is common and persistent. The findings uncover several issues and enable us to provide a series of applicable solutions to the seen security flaws
Recent Trends on Privacy-Preserving Technologies under Standardization at the IETF
End-users are concerned about protecting the privacy of their sensitive
personal data that are generated while working on information systems. This
extends to both the data they actively provide including personal
identification in exchange for products and services as well as its related
metadata such as unnecessary access to their location. This is when certain
privacy-preserving technologies come into a place where Internet Engineering
Task Force (IETF) plays a major role in incorporating such technologies at the
fundamental level. Thus, this paper offers an overview of the
privacy-preserving mechanisms for layer 3 (i.e. IP) and above that are
currently under standardization at the IETF. This includes encrypted DNS at
layer 5 classified as DNS-over-TLS (DoT), DNS-over-HTTPS (DoH), and
DNS-over-QUIC (DoQ) where the underlying technologies like QUIC belong to layer
4. Followed by that, we discuss Privacy Pass Protocol and its application in
generating Private Access Tokens and Passkeys to replace passwords for
authentication at the application layer (i.e. end-user devices). Lastly, to
protect user privacy at the IP level, Private Relays and MASQUE are discussed.
This aims to make designers, implementers, and users of the Internet aware of
privacy-related design choices.Comment: 9 pages, 5 figures, 1 tabl
Recommended from our members
New Container Architectures for Mobile, Drone, and Cloud Computing
Containers are increasingly used across many different types of computing to isolate and control apps while efficiently sharing computing resources. By using lightweight operating system virtualization, they can provide apps with a virtual computing abstraction while imposing minimal hardware requirements and a small footprint. My thesis is that new container architectures can provide additional functionality, better resource utilization, and stronger security for mobile, drone, and cloud computing. To demonstrate this, we introduce three new container architectures that enable new mobile app migration functionality, a new notion of virtual drones and efficient utilization of drone hardware, and stronger security for cloud computing by protecting containers against untrusted operating systems.
First, we introduce Flux to support multi-surface apps, apps that seamlessly run across multiple user devices, through app migration. Flux introduces two key mechanisms to overcome device heterogeneity and residual dependencies associated with app migration to enable app migration. Selective Record/Adaptive Replay to record just those device-agnostic app calls that lead to the generation of app-specific device-dependent state in services and replay them on the target. Checkpoint/Restore in Android (CRIA) to transition an app into a state in which device-specific information the app contains can be safely discarded before checkpointing and restoring the app within a containerized environment on the new device.
Second, we introduce AnDrone, a drone-as-a-service solution that makes drones accessible in the cloud. AnDrone provides a drone virtualization architecture to leverage the fact that computational costs are cheap compared to the operational and energy costs of putting a drone in the air. This enables multiple virtual drones to run simultaneously on the same physical drone at very little additional cost. To enable multiple virtual drones to run in an isolated and secure manner, each virtual drone runs its own containerized operating system instance. AnDrone introduces a new device container architecture, providing virtual drones with secure access to a full range of drone hardware devices, including sensors such as cameras and geofenced flight control.
Finally, we introduce BlackBox, a new container architecture that provides fine-grain protection of application data confidentiality and integrity without the need to trust the operating system. BlackBox introduces a container security monitor, a small trusted computing base that creates separate and independent physical address spaces for each container, such that there is no direct information flow from container to operating system or other container physical address spaces. Containerized apps do not need to be modified, can still make full use of operating system services via system calls, yet their CPU and memory state are isolated and protected from other containers and the operating system
Cryptographic Protocols for Privacy Enhancing Technologies: From Privacy Preserving Human Attestation to Internet Voting
Desire of privacy is oftentimes associated with the intention to hide certain
aspects of our thoughts or actions due to some illicit activity. This is a
narrow understanding of privacy, and a marginal fragment of the motivations
for undertaking an action with a desired level of privacy. The right for not
being subject to arbitrary interference of our privacy is part of the universal
declaration of human rights (Article 12) and, above that, a requisite for
our freedom. Developing as a person freely, which results in the development
of society, requires actions to be done without a watchful eye. While
the awareness of privacy in the context of modern technologies is not widely
spread, it is clearly understood, as can be seen in the context of elections,
that in order to make a free choice one needs to maintain its privacy. So
why demand privacy when electing our government, but not when selecting
our daily interests, books we read, sites we browse, or persons we encounter?
It is popular belief that the data that we expose of ourselves would not be
exploited if one is a law-abiding citizen. No further from the truth, as this
data is used daily for commercial purposes: users’ data has value. To make
matters worse, data has also been used for political purposes without the
user’s consent or knowledge. However, the benefits that data can bring to
individuals seem endless and a solution of not using this data at all seems
extremist. Legislative efforts have tried, in the past years, to provide mechanisms
for users to decide what is done with their data and define a framework
where companies can use user data, but always under the consent of the latter.
However, these attempts take time to take track, and have unfortunately
not been very successful since their introduction.
In this thesis we explore the possibility of constructing cryptographic protocols
to provide a technical, rather than legislative, solution to the privacy
problem. In particular we focus on two aspects of society: browsing and
internet voting. These two events shape our lives in one way or another, and
require high levels of privacy to provide a safe environment for humans to
act upon them freely. However, these two problems have opposite solutions.
On the one hand, elections are a well established event in society that has
been around for millennia, and privacy and accountability are well rooted
requirements for such events. This might be the reason why its digitalisation
is something which is falling behind with respect to other acts of our society
(banking, shopping, reading, etc). On the other hand, browsing is a recently
introduced action, but that has quickly taken track given the amount of possibilities
that it opens with such ease. We now have access to whatever we
can imagine (except for voting) at the distance of a click. However, the data
that we generate while browsing is extremely sensitive, and most of it is disclosed to third parties under the claims of making the user experience better
(targeted recommendations, ads or bot-detection).
Chapter 1 motivates why resolving such a problem is necessary for the
progress of digital society. It then introduces the problem that this thesis
aims to resolve, together with the methodology. In Chapter 2 we introduce
some technical concepts used throughout the thesis. Similarly, we expose the
state-of-the-art and its limitations.
In Chapter 3 we focus on a mechanism to provide private browsing. In
particular, we focus on how we can provide a safer, and more private way, for
human attestation. Determining whether a user is a human or a bot is important
for the survival of an online world. However, the existing mechanisms
are either invasive or pose a burden to the user. We present a solution that
is based on a machine learning model to distinguish between humans and
bots that uses natural events of normal browsing (such as touch the screen
of a phone) to make its prediction. To ensure that no private data leaves
the user’s device, we evaluate such a model in the device rather than sending
the data over the wire. To provide insurance that the expected model has
been evaluated, the user’s device generates a cryptographic proof. However
this opens an important question. Can we achieve a high level of accuracy
without resulting in a noneffective battery consumption? We provide a positive
answer to this question in this work, and show that a privacy-preserving
solution can be achieved while maintaining the accuracy high and the user’s
performance overhead low.
In Chapter 4 we focus on the problem of internet voting. Internet voting
means voting remotely, and therefore in an uncontrolled environment.
This means that anyone can be voting under the supervision of a coercer,
which makes the main goal of the protocols presented to be that of coercionresistance.
We need to build a protocol that allows a voter to escape the
act of coercion. We present two proposals with the main goal of providing
a usable, and scalable coercion resistant protocol. They both have different
trade-offs. On the one hand we provide a coercion resistance mechanism
that results in linear filtering, but that provides a slightly weaker notion of
coercion-resistance. Secondly, we present a mechanism with a slightly higher
complexity (poly-logarithmic) but that instead provides a stronger notion of
coercion resistance. Both solutions are based on a same idea: allowing the
voter to cast several votes (such that only the last one is counted) in a way
that cannot be determined by a coercer.
Finally, in Chapter 5, we conclude the thesis, and expose how our results
push one step further the state-of-the-art. We concisely expose our contributions,
and describe clearly what are the next steps to follow. The results
presented in this work argue against the two main claims against privacy preserving solutions: either that privacy is not practical or that higher levels
of privacy result in lower levels of security.Programa de Doctorado en Ciencia y TecnologĂa Informática por la Universidad Carlos III de MadridPresidente: AgustĂn MartĂn Muñoz.- Secretario: JosĂ© MarĂa de Fuentes GarcĂa-Romero de Tejada.- Vocal: Alberto Peinado DomĂngue
- …