A Principled Approach to Securing IoT Apps

IoT apps are becoming increasingly popular as they allow users to manage their digital lives by connecting otherwise unconnected devices and services: cyberphysical “things” such as smart homes, cars, or fitness armbands, to online services such as Google or Dropbox, to social networks such as Facebook or Twitter. IoT apps rely on end-user programming, such that anyone with an active account on the platform can create and publish apps, with the majority of apps being created by third parties.We demonstrate that the most popular IoT app platforms are susceptible to attacks by malicious app makers and suggest short and longterm countermeasures for securing the apps. For short-term protection we rely on access\ua0control and suggest the apps to be classified either as exclusively private or exclusively public, disallowing in this way information from private sources to flow to public sinks.For longterm protection we rely on a principled approach for designing information flow controls. Following these principles we define projected security, a variant of noninterference that captures the attacker’s view of an app, and design two mechanisms for enforcing it. A static enforcement based on a flow-sensitive type system may be used by the platform to statically analyze the apps before being published on the app store. This enforcement covers leaks stemming from both explicit and implicit flows, but is not expressive enough to address timing attacks. Hence we design a second enforcement based on a dynamic monitor that covers the timing channels as well

Exploring digital shadows from an information science and cybersecurity perspective

Cel/Teza: Celem rozważań jest wypracowanie propozycji spojrzenia na potencjał prowadzenia badań w ramach nauk o komunikacji i mediach z wykorzystaniem śladów cyfrowych (ang. digital footprints, digital shadows, digital traces) z perspektywy informatologii oraz cyberbezpieczeństwa. Koncepcja/Metodyka badań: W rozważaniach teoretycznych bazujących na przeglądzie literatury przedmiotu skupiono się na zdefiniowaniu pojęcia śladu cyfrowego i określeniu jego własności i znaczenia w kontekście nauk o informacji oraz pojęcia cyberbezpieczeństwa. Wyniki i wnioski: Ślady cyfrowe dzięki swojej formie i zróżnicowanemu polu badawczemu pozwalają na prowadzenie wysoko jakościowych pod względem metodologicznym badań naukowych, w których mogą stanowić nie tylko źródło danych badawczych, ale również odzwierciedlenie zachowań informacyjnych użytkowników Internetu. W zależności od kontekstu dane te mogą być wykorzystywane na różne sposoby, np. jako niezbywalny element walki o władzę, prezentacja nastrojów społecznych czy też forma sztuki. Oryginalność/Wartość poznawcza: Ze względu na swoją unikatowość badania śladów cyfrowych mogą wspomóc rozwój różnego rodzaju narzędzi zabezpieczających aktywność cyfrową użytkowników sieci

NoCry: No More Secure Encryption Keys for Cryptographic Ransomware

Since the appearance of ransomware in the cyber crime scene, researchers and anti-malware companies have been offering solutions to mitigate the threat. Anti-malware solutions differ on the specific strategy they implement, and all have pros and cons. However, three requirements concern them all: their implementation must be secure, be effective, and be efficient. Recently, Genç et al. proposed to stop a specific class of ransomware, the cryptographically strong one, by blocking unauthorized calls to cryptographically secure pseudo-random number generators, which are required to build strong encryption keys. Here, in adherence to the requirements, we discuss an implementation of that solution that is more secure (with components that are not vulnerable to known attacks), more effective (with less false negatives in the class of ransomware addressed) and more efficient (with minimal false positive rate and negligible overhead) than the original, bringing its security and technological readiness to a higher level

Back to Basics: Towards Building Societal Resilience Against a Cyber Pandemic

Cybersecurity experts have long been discussing the potential of a cyber pandemic leading to a massive disruption of ICT operations with a devastating societal impact. Even though society has not faced yet the full potential of a cyber pandemic, the recent COVID-19 pandemic demonstrated how a cyber pandemic can look like at its initial stages. Unfortunately, citizens proofed to be unprepared to handle the COVID-19 threat landscape and how fast cyber-attacks escalated at a global scale targeting individuals, corporations, and governments, all at once. This clearly demonstrates that society, at a global scale, is not adequately prepared to defend against a cyber pandemic, despite all the efforts of the cybersecurity community. Cybersecurity awareness and training efforts have been delivered as part of a national or corporate cybersecurity strategy, aiming to promote a cyber hygiene and enhance protection against cyber-attacks on an individual, a corporate, or a national level. The current level of citizens’ cybersecurity awareness is not yet the desired and actions need to be taken to upscale it. Thus, it is time to take a step back to identify what is missing from current awareness efforts and reconsider how people learn. This knowledge can drive the redesign of the national and corporate cybersecurity awareness activities, effectively building citizens’ cyber skills and knowledge, and leading to the development of robust cyber resilient societies, capable of defending and withstanding a future cyber pandemic

Principled Flow Tracking in IoT and Low-Level Applications

Significant fractions of our lives are spent digitally, connected to and dependent on Internet-based applications, be it through the Web, mobile, or IoT. All such applications have access to and are entrusted with private user data, such as location, photos, browsing habits, private feed from social networks, or bank details.In this thesis, we focus on IoT and Web(Assembly) apps. We demonstrate IoT apps to be vulnerable to attacks by malicious app makers who are able to bypass the sandboxing mechanisms enforced by the platform to stealthy exfiltrate user data. We further give examples of carefully crafted WebAssembly code abusing the semantics to leak user data.We are interested in applying language-based technologies to ensure application security due to the formal guarantees they provide. Such technologies analyze the underlying program and track how the information flows in an application, with the goal of either statically proving its security, or preventing insecurities from happening at runtime. As such, for protecting against the attacks on IoT apps, we develop both static and dynamic methods, while for securing WebAssembly apps we describe a hybrid approach, combining both.While language-based technologies provide strong security guarantees, they are still to see a widespread adoption outside the academic community where they emerged.In this direction, we outline six design principles to assist the developer in choosing the right security characterization and enforcement mechanism for their system.We further investigate the relative expressiveness of two static enforcement mechanisms which pursue fine- and coarse-grained approaches for tracking the flow of sensitive information in a system.\ua0Finally, we provide the developer with an automatic method for reducing the manual burden associated with some of the language-based enforcements

Lattice-Based Blind Signatures, Revisited

We observe that all previously known lattice-based blind signature schemes contain subtle flaws in their security proofs (e.g., Rückert, ASIACRYPT \u2708) or can be attacked (e.g., BLAZE by Alkadri et al., FC \u2720). Motivated by this, we revisit the problem of constructing blind signatures from standard lattice assumptions. We propose a new three-round lattice-based blind signature scheme whose security can be proved, in the random oracle model, from the standard SIS assumption. Our starting point is a modified version of the (insecure) BLAZE scheme, which itself is based Lyubashevsky\u27s three-round identification scheme combined with a new aborting technique to reduce the correctness error. Our proof builds upon and extends the recent modular framework for blind signatures of Hauck, Kiltz, and Loss (EUROCRYPT \u2719). It also introduces several new techniques to overcome the additional challenges posed by the correctness error which is inherent to all lattice-based constructions. While our construction is mostly of theoretical interest, we believe it to be an important stepping stone for future works in this area

Securely Scaling Blockchain Base Layers

This thesis presents the design, implementation and evaluation of techniques to scale the base layers of decentralised blockchain networks---where transactions are directly posted on the chain. The key challenge is to scale the base layer without sacrificing properties such as decentralisation, security and public verifiability. It proposes Chainspace, a blockchain sharding system where nodes process and reach consensus on transactions in parallel, thereby scaling block production and increasing on-chain throughput. In order to make the actions of consensus-participating nodes efficiently verifiable despite the increase of on-chain data, a system of fraud and data availability proofs is proposed so that invalid blocks can be efficiently challenged and rejected without the need for all users to download all transactions, thereby scaling block verification. It then explores blockchain and application design paradigms that enable on-chain scalability on the outset. This is in contrast to sharding, which scales blockchains designed under the traditional state machine replication paradigm where consensus and transaction execution are coupled. LazyLedger, a blockchain design where the consensus layer separated from the execution layer is proposed, where the consensus is only responsible for checking the availability of the data in blocks via data availability proofs. Transactions are instead executed off-chain, eliminating the need for nodes to execute on-chain transactions in order to verify blocks. Finally, as an example of a blockchain use case that does not require an execution layer, Contour, a scalable design for software binary transparency is proposed on top of the existing Bitcoin blockchain, where all software binary records do not need to be posted on-chain