Detection of illegal control flow in Android System: Protecting private data used by Smartphone Apps

International audienceToday, security is a requirement for smartphone operating systems that are used to store and handle sensitive information. How- ever, smartphone users usually download third-party applications that can leak personal data without user authorization. For this reason, the dynamic taint analysis mechanism is used to control the manipulation of private data by third-party apps [9]. But this technique does not detect control flows. In particular, untrusted applications can circumvent An- droid system and get privacy sensitive information through control flows. In this paper, we propose a hybrid approach that combines static and dynamic analysis to propagate taint along control dependencies in An- droid system. To evaluate the effectiveness of our approach, we analyse 27 free Android applications. We found that 14 of these applications use control flows to transfer sensitive data. We successfully detect that 8 of them leaked private information. Our approach creates 19% performance overhead that is due to the propagation of taint in the control flow. By using our approach, it becomes possible to detect leakage of personal data through control flows

Security assessment of IoT devices: The case of two smart TVs

Being increasingly complex devices, smart TVs are becoming more capable and have the potential to receive, store, process and transmit considerable amounts of personal data. These capabilities also represent several diverse attack surfaces potentially rendering these devices highly vulnerable. The emergence and high adoption rate of smart TVs have been drawing notable interest from security researchers and industry. We utilise an attack surface area-based approach to assess the security of two modern smart TVs from different vendors and describe some of the possible multi-surface attacks that can be carried out against these devices

Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud

Cloud computing promises to significantly change the way we use computers and access and store our personal and business information. With these new computing and communications paradigms arise new data security challenges. Existing data protection mechanisms such as encryption have failed in preventing data theft attacks, especially those perpetrated by an insider to the cloud provider. We propose a different approach for securing data in the cloud using offensive decoy technology. We monitor data access in the cloud and detect abnormal data access patterns. When unauthorized access is suspected and then verified using challenge questions, we launch a disinformation attack by returning large amounts of decoy information to the attacker. This protects against the misuse of the user's real data. Experiments conducted in a local file setting provide evidence that this approach may provide unprecedented levels of user data security in a Cloud environment

VITASENIOR-MT: A distributed and scalable cloud-based telehealth solution

VITASENIOR-MT is a telehealth platform that allows to remotely monitor biometric and environmental data in a domestic environment, designed specifically to the elderly population. This paper proposes a highly scalable and efficient architecture to transport, process, store and visualize the data collected by devices of an Internet of Things (IoT) scenario. The cloud infrastructure follows a microservices architecture to provide computational scalability, better fault isolation, easy integration and automatic deployment. This solution is complemented with a pre-processing and validation of the collected data at the edge of the Internet by using the Fog Computing concept, allowing a better computing distribution. The presented approach provides personal data security and a simplified way to collect and present the data to the different actors, allowing a dynamic and intuitive management of patients and equipment to caregivers. The presented load tests proved that this solution is more efficient than a monolithic approach, promoting better access and control in the data flowing from heterogeneous equipment.This work has been financially supported by the IC&DT project VITASENIOR-MT CENTRO-01-0145- FEDER-023659 with FEDER funding through programs CENTRO2020 and FCT.info:eu-repo/semantics/publishedVersio

Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials

Personal cryptographic keys are the foundation of many secure services, but storing these keys securely is a challenge, especially if they are used from multiple devices. Storing keys in a centralized location, like an Internet-accessible server, raises serious security concerns (e.g. server compromise). Hardware-based Trusted Execution Environments (TEEs) are a well-known solution for protecting sensitive data in untrusted environments, and are now becoming available on commodity server platforms. Although the idea of protecting keys using a server-side TEE is straight-forward, in this paper we validate this approach and show that it enables new desirable functionality. We describe the design, implementation, and evaluation of a TEE-based Cloud Key Store (CKS), an online service for securely generating, storing, and using personal cryptographic keys. Using remote attestation, users receive strong assurance about the behaviour of the CKS, and can authenticate themselves using passwords while avoiding typical risks of password-based authentication like password theft or phishing. In addition, this design allows users to i) define policy-based access controls for keys; ii) delegate keys to other CKS users for a specified time and/or a limited number of uses; and iii) audit all key usages via a secure audit log. We have implemented a proof of concept CKS using Intel SGX and integrated this into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation performs approximately 6,000 signature operations per second on a single desktop PC. The latency is in the same order of magnitude as using locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on Security, Privacy, and Identity Management in the Cloud (SECPID) 201

A Blockchain-Based Privacy-Preserving Physical Delivery System

The internet has transformed the way we shop. Previously, most of our purchases came in the form of shopping trips to a nearby store. Now, it’s as easy as clicking a mouse. But with great convenience comes great responsibility. We have to be constantly vigilant about our personal information. This work presents a novel approach for online buyers to have a trusted, decentralized, privacy-preserved physical assets delivery solution. The proposed solution focuses on privacy-preserving personal information in delivering physical assets between sellers and buyers. Our primary approach is to prevent sellers and agents (responsible for ensuring the asset delivery is carried out) from accessing the buyer\u27s shipping information. Those data include personally identifiable information such as full name, phone number, email address, etc. Our framework encrypts the information printed on the physical packages (containing personal information) and stores that information into a decentralized database as encrypted data rather than keeping them in centralized databases using technologies like Blockchain, Ethereum, smart contracts and a commit-reveal scheme. In our framework, we used Blockchain, smart contracts to increase the transparency, accessibility, and integrity of the data and the commit-reveal scheme to preserve the confidentiality of the data. We present, implement and assess a blockchain-based system using Ethereum smart contracts. We present detailed algorithms that explain the details of our smart contract, security, cost and performance analysis of the proposed method. Our work indicates that the proposed solution is economically attainable and provides data integrity, security, transparency, and traceability

MooseGuard: secure file sharing at scale in untrusted environments

Shared storage systems provide cheap, scalable, and reliable storage, but secure sharing in these systems requires users to encrypt their data and limit efficient sharing or trust a service provider to faithfully keep their data private. Current research has explored the use of trusted execution environments (TEEs) to operate on sensitive data and sharing policies in isolated execution. That work enables the utilization of untrusted shared resources to store and share sensitive data while maintaining stronger security guarantees. However, current research has limitations in scaling these solutions, as it bottlenecks both metadata and data operations within the same physical TEE, whereas a scaled file system distributes metadata and data operations to separate devices. This paper explores the use of two TEEs specialized for metadata and data operations to provide file sharing at scale with less overhead in addition to strong security guarantees. This approach achieves scaled metadata and concurrent use by utilizing a server-side TEE for isolated execution on a master server and provides data privacy and efficient access revocation through a client-side TEE. MooseGuard is the prototype implementation of this design, utilizing Intel SGX as a TEE and extending the MooseFS distributed file system. MooseGuard's implementation details the modifications needed to provide security and shows how this approach can be applied to a typical distributed file system. An evaluation of MooseGuard demonstrates that TEEs specialized for metadata and data operations allow a secured distributed file system to maintain its scale with only constant overheads. As TEEs and secure hardware become more widely available in public clouds, enterprise, and personal devices, MooseGuard presents a way for users to get the best of both worlds in data privacy and efficient sharing when using scaled, shared storage systems

Fine-grained disclosure control for app ecosystems

The modern computing landscape contains an increasing number of app ecosystems, where users store personal data on platforms such as Facebook or smartphones. APIs enable third-party applications (apps) to utilize that data. A key concern associated with app ecosystems is the confidentiality of user data. In this paper, we develop a new model of disclosure in app ecosystems. In contrast with previous solutions, our model is data-derived and semantically meaningful. Information disclosure is modeled in terms of a set of distinguished security views. Each query is labeled with the precise set of security views that is needed to answer it, and these labels drive policy decisions. We explain how our disclosure model can be used in practice and provide algorithms for labeling conjunctive queries for the case of single-atom security views. We show that our approach is useful by demonstrating the scalability of our algorithms and by applying it to the real-world disclosure control system used by Facebook

An approach to building a secure and persistent distributed object management system

The Common Object Request Broker Architecture (CORBA) proposed by the Object Management Group (OMG) is a widely accepted standard to provide a system level framework in design and implementation of distributed objects. The core of the Object Management Architecture (OMA) is an Object Request Broker (ORB), which provides transparency of object location, activation, and communications. However, the specification provided by the OMG is not sufficient. For instance, there are no security specifications when handling object requests through the ORBs. The lack of such a security service prevents the use of CORBA from handling sensitive data such as personal and corporate financial information; In view of the above, this thesis identifies, explores, and provides an approach to handling secure objects in a distributed environment along with a persistent object service using the CORBA specification. The research specifically involves the design and implementation of a secured distributed object service. This object service requires a persistent service and object storage for storing and retrieving security specific information. To provide a secure distributed object environment, a secure object service using the specifications provided by the OMG has been designed and implemented. In addition, to preserve the persistence of secure information, an object service has been implemented to provide a persistent data store; The secure object service can provide a framework for handling distributed object in applications requiring security clearance such as distributed banking, online stock tradings, internet shopping, geographic and medical information systems

Alpha Phi-shing Fraternity: Phishing Assessment in a Higher Education Institution

Phishing is a common social engineering attack aimed to steal personal information. Universities attract phishing attacks because: 1) they store employees and students sensitive data, 2) they save confidential documents, 3) their infrastructures often lack security. In this paper, we showcase a phishing assessment at the University of Redacted aimed to identify the people, and the features of such people, that are more susceptible to phishing attacks. We delivered phishing emails to 1.508 subjects in three separate batches, collecting a clickrate equal to 30%, 11% and 13%, respectively. We considered several features (i.e., age, gender, role, working/studying field, email template) in univariate and multivariate analyses and found that students are more susceptible to phishing attacks than professors or technical/administrative staff, and that emails designed through a spearphishing approach receive a highest clickrate. We believe this work provides the foundations for setting up an effective educational campaign to prevent phishing attacks not only at the University of Redacted, but in any other university