Virtualization Solutions Supporting Privacy and Data Protection in Online Activities

Abstract Nowadays, smart devices like computers, tablets, and smartphones allow transmitting the information everywhere, with high speed, over the World Wide Web. However, risks regarding data integrity, privacy and security when using the Internet, increased dramatically, as methods designed to exploit the system's vulnerabilities are more and more sophisticated. Therefore the need for people working in professional environments to protect their private data when using unsecure connections, by employing advanced tools. There are multiple solutions, but we will focus on the use of virtualization software like VMware or Oracle Virtual Box, together with traditional privacy measures (use of proxies and VPN's). Today's smart devices store an important amount of data about their owners and, in most of the cases, people don't even realize this. Installing and using protection means is often not enough. They have to be properly setup in order to ensure the desired level of security, or anonymity, when using the Internet, and require for the military personnel a good knowledge not only about cyber vulnerabilities and risks, but also technical capabilities and features of the employed security solutions. DISCLAIMER: This paper expresses the views, interpretations, and independent position of the authors. It should not be regarded as an official document, nor expressing formal opinions or policies, of NATO or the HUMINT Centre of Excellence (HCOE)

Extracting Secrets from Encrypted Virtual Machines

AMD SEV is a hardware extension for main memory encryption on multi-tenant systems. SEV uses an on-chip coprocessor, the AMD Secure Processor, to transparently encrypt virtual machine memory with individual, ephemeral keys never leaving the coprocessor. The goal is to protect the confidentiality of the tenants' memory from a malicious or compromised hypervisor and from memory attacks, for instance via cold boot or DMA. The SEVered attack has shown that it is nevertheless possible for a hypervisor to extract memory in plaintext from SEV-encrypted virtual machines without access to their encryption keys. However, the encryption impedes traditional virtual machine introspection techniques from locating secrets in memory prior to extraction. This can require the extraction of large amounts of memory to retrieve specific secrets and thus result in a time-consuming, obvious attack. We present an approach that allows a malicious hypervisor quick identification and theft of secrets, such as TLS, SSH or FDE keys, from encrypted virtual machines on current SEV hardware. We first observe activities of a virtual machine from within the hypervisor in order to infer the memory regions most likely to contain the secrets. Then, we systematically extract those memory regions and analyze their contents on-the-fly. This allows for the efficient retrieval of targeted secrets, strongly increasing the chances of a fast, robust and stealthy theft.Comment: Accepted for publication at CODASPY 201

Application of security technologies in the public websites of banks in Serbia

In this publication, the collected data in the course of a survey are summarized, systemized and analyzed. The survey is conducted in the autumn of 2018 and is focused on the usage of the HTTPS protocol in the public web sites of Serbian banks. The scope of the survey is limited only to the public site of the particular bank and 27 web sites were explored. All of them belong to Serbian banks, which are licensed by the National Bank of Serbia. The HTTPS protocol in the last years is used as the default protocol by many web applications. The study shows that from all 27 Serbian banks licensed by the Serbian National Bank, 81.5% (22 banks) of the surveyed bank's sites are using HTTPS without problems, 11.1% (3 banks) are using HTTPS with some problems and 7,4% (2 banks) are not using HTTPS at all. From banks that are using HTTPS without any problems, the majority - 72.7% (16 banks) use simple Domain Validation (DV), and the rest - 27.2% (6 banks) use Extended Validation (EV) types of certificates. The most popular certification authorities are Thawte with share of 27.2% (6 banks), Go Daddy Secure Certificate Authority and GeoTrust - each with share of 18.1% (4 banks), cPanel Inc. Certification Authority - 13.6% (3 banks), and etc. One bank uses free certificate from Let's Encrypt Authority X3. The validity period varies from 3 months (typically issued from cPanel and Let's Encrypt) to 3 years (typically issued from Go Daddy). Only 7.4% (2 banks) of all Serbian banks are using the latest HTTP/2 protocol

Internet of Things Virtual Networks: Bringing Network Virtualization to Resource-Constrained Devices

Networks of smart resource-constrained objects, such as sensors and actuators, can support a wide range of application domains. In most cases these networks were proprietary and stand-alone. More recently, many efforts have been undertaken to connect these networks to the Internet using standard protocols. Current solutions that integrate smart resource-constrained objects into the Internet are mostly gateway-based. In these solutions, security, firewalling, protocol translations and intelligence are implemented by gateways at the border of the Internet and the resource-constrained networks. In this paper, we introduce a complementary approach to facilitate the realization of what is called the Internet of Things. Our approach focuses on the objects, both resource-constrained and non-constrained, that need to cooperate by integrating them into a secured virtual network, named an Internet of Things Virtual Network or IoT-VN. Inside this IoT-VN full end-to-end communication can take place through the use of protocols that take the limitations of the most resource-constrained devices into account. We describe how this concept maps to several generic use cases and, as such, can constitute a valid alternative approach for supporting selected applications. A first implementation demonstrating the key concepts of this approach is described. It illustrates the feasibility of integrating resource-constrained devices into virtual networks, but also reveals open challenges.The research leading to these results has received funding from the European Union's Seventh Framework Programme (FP7/2007-2013) under grant agreement n°258885 (SPITFIRE project), from the IBBT ICON project GreenWeCan, and a VLIR PhD scholarship to Isam Ishaq

Internet of things virtual networks: bringing network virtualization to resource-constrained devices

Networks of smart resource-constrained objects, such as sensors and actuators, can support a wide range of application domains. In most cases these networks were proprietary and stand-alone. More recently, many efforts have been undertaken to connect these networks to the Internet using standard protocols. Current solutions that integrate smart resource-constrained objects into the Internet are mostly gateway-based. In these solutions, security, firewalling, protocol translations and intelligence are implemented by gateways at the border of the Internet and the resource-constrained networks. In this paper, we introduce a complementary approach to facilitate the realization of what is called the Internet of Things. Our approach focuses on the objects, both resource-constrained and non-constrained, that need to cooperate by integrating them into a secured virtual network, named an Internet of Things Virtual Network or IoT-VN. Inside this IoT-VN full end-to-end communication can take place through the use of protocols that take the limitations of the most resource-constrained devices into account. We describe how this concept maps to several generic use cases and, as such, can constitute a valid alternative approach for supporting selected applications. A first implementation demonstrating the key concepts of this approach is described. It illustrates the feasibility of integrating resource-constrained devices into virtual networks, but also reveals open challenges