2,867 research outputs found
Exploiting Power for Smartphone Security and Privacy
Power consumption has become a key issue for smartphone security and privacy protection. In this dissertation, we propose to exploit power for smartphone security, as well as to optimize energy consumption for smartphone privacy. First, we show that public USB charging stations pose a significant privacy risk to smartphone users. We present a side-channel attack that allows a charging station to identify which webpages are loaded while the smartphone is charging. to evaluate this side-channel, we collected power traces of Alexa top 50 websites on multiple smartphones under several conditions, including: varied battery charging level, browser cache enabled/disabled, taps/no taps on the screen, WiFi/LTE, TLS encryption enabled/disabled, different amounts of time elapsed between collection of training and testing data, and various hosting locations of the website being visited. The results of our evaluation show that the attack is highly successful: in many settings, we were able to achieve over 90% accuracy on webpage identification. On the other hand, our experiments also show that this side-channel is sensitive to some of the aforementioned conditions. Second, we introduce a new attack that allows a malicious charging station to identify which website is being visited by a smartphone user via Tor network. Our attack solely depends on power measurements performed while the user is charging her smartphone. We evaluated the attack by training a machine learning model on power traces from 50 regular webpages and 50 Tor hidden services. We considered realistic constraints such as different Tor circuits types and battery charging levels. We were able to correctly identify webpages visited using the official mobile Tor browser with accuracy of up to 85.7% when the battery was fully charged, and up to 46% when the battery level was between 30% and 50%. Our results show that hidden services can be identified with higher accuracies than regular webpages. Third, we propose a memory- and energy-efficient garbled circuit evaluation mechanism named MEG on smartphones. MEG utilizes batch data transmission and multi-threading to reduce memory and energy consumption. We implement MEG on android smartphones and compare its performance with existing methods (non-pipelined and pipelined). Two garbled circuits of different scales, AES encryption (AES-128) and Levenshtein distance (EDT-256), are considered. Our measurement results show that compared with non-pipelined method, MEG decreases the memory consumption by up to 97.5% for EDT-256 when batch size is 2 MB. Compared with pipelined method, MEG reduces the energy consumption by up to 42% for AES-128 and 23% for EDT-256. Multi-thread MEG also significantly decreases the circuit evaluation time by up to 56.7% for AES-128 and up to 13.5% for EDT-256
Platform for Testing and Evaluation of PUF and TRNG Implementations in FPGAs
Implementation of cryptographic primitives like
Physical Unclonable Functions (PUFs) and True Random Number
Generators (TRNGs) depends significantly on the underlying
hardware. Common evaluation boards offered by FPGA vendors
are not suitable for a fair benchmarking, since they have different
vendor dependent configuration and contain noisy switching
power supplies. The proposed hardware platform is primary
aimed at testing and evaluation of cryptographic primitives
across different FPGA and ASIC families. The modular platform
consists of a motherboard and exchangeable daughter board
modules. These are designed to be as simple as possible to
allow cheap and independent evaluation of cryptographic blocks
and namely PUFs. The motherboard is based on the Microsemi
SmartFusion 2 SoC FPGA. It features a low-noise power supply,
which simplifies evaluation of vulnerability to the side channel
attacks. It provides also means of communication between the
PC and the daughter module. Available software tools can be
easily customized, for example to collect data from the random
number generator located in the daughter module and to read it
via USB interface. The daughter module can be plugged into
the motherboard or connected using an HDMI cable to be
placed inside a Faraday cage or a temperature control chamber.
The whole platform was designed and optimized to fullfil the
European HECTOR project (H2020) requirements
Detecting and Mitigating Denial-of-Service Attacks on Voice over IP Networks
Voice over IP (VoIP) is more susceptible to Denial of Service attacks than traditional data traffic, due to the former's low tolerance to delay and jitter. We describe the design of our VoIP Vulnerability Assessment Tool (VVAT) with which we demonstrate vulnerabilities to DoS attacks inherent in many of the popular VoIP applications available today. In our threat model we assume an adversary who is not a network administrator, nor has direct control of the channel and key VoIP elements. His aim is to degrade his victim's QoS without giving away his presence by making his attack look like a normal network degradation. Even black-boxed, applications like Skype that use proprietary protocols show poor performance under specially crafted DoS attacks to its media stream. Finally we show how securing Skype relays not only preserves many of its useful features such as seamless traversal of firewalls but also protects its users from DoS attacks such as recording of conversations and disruption of voice quality. We also present our experiences using virtualization to protect VoIP applications from 'insider attacks'.
Our contribution is two fold we: 1) Outline a threat model for VoIP, incorporating our attack models in an open-source network simulator/emulator allowing VoIP vendors to check their software for vulnerabilities in a controlled environment before releasing it. 2) We present two promising approaches for protecting the confidentiality, availability and authentication of VoIP Services
Experimental Long-Distance Decoy-State Quantum Key Distribution Based On Polarization Encoding
We demonstrate the decoy-state quantum key distribution (QKD) with one-way
quantum communication in polarization space over 102km. Further, we simplify
the experimental setup and use only one detector to implement the one-way
decoy-state QKD over 75km, with the advantage to overcome the security
loopholes due to the efficiency mismatch of detectors. Our experimental
implementation can really offer the unconditionally secure final keys. We use 3
different intensities of 0, 0.2 and 0.6 for the pulses of source in our
experiment. In order to eliminate the influences of polarization mode
dispersion in the long-distance single-mode optical fiber, an automatic
polarization compensation system is utilized to implement the active
compensation.Comment: 4 pages,3 figure
PerfWeb: How to Violate Web Privacy with Hardware Performance Events
The browser history reveals highly sensitive information about users, such as
financial status, health conditions, or political views. Private browsing modes
and anonymity networks are consequently important tools to preserve the privacy
not only of regular users but in particular of whistleblowers and dissidents.
Yet, in this work we show how a malicious application can infer opened websites
from Google Chrome in Incognito mode and from Tor Browser by exploiting
hardware performance events (HPEs). In particular, we analyze the browsers'
microarchitectural footprint with the help of advanced Machine Learning
techniques: k-th Nearest Neighbors, Decision Trees, Support Vector Machines,
and in contrast to previous literature also Convolutional Neural Networks. We
profile 40 different websites, 30 of the top Alexa sites and 10 whistleblowing
portals, on two machines featuring an Intel and an ARM processor. By monitoring
retired instructions, cache accesses, and bus cycles for at most 5 seconds, we
manage to classify the selected websites with a success rate of up to 86.3%.
The results show that hardware performance events can clearly undermine the
privacy of web users. We therefore propose mitigation strategies that impede
our attacks and still allow legitimate use of HPEs
e-SAFE: Secure, Efficient and Forensics-Enabled Access to Implantable Medical Devices
To facilitate monitoring and management, modern Implantable Medical Devices
(IMDs) are often equipped with wireless capabilities, which raise the risk of
malicious access to IMDs. Although schemes are proposed to secure the IMD
access, some issues are still open. First, pre-sharing a long-term key between
a patient's IMD and a doctor's programmer is vulnerable since once the doctor's
programmer is compromised, all of her patients suffer; establishing a temporary
key by leveraging proximity gets rid of pre-shared keys, but as the approach
lacks real authentication, it can be exploited by nearby adversaries or through
man-in-the-middle attacks. Second, while prolonging the lifetime of IMDs is one
of the most important design goals, few schemes explore to lower the
communication and computation overhead all at once. Finally, how to safely
record the commands issued by doctors for the purpose of forensics, which can
be the last measure to protect the patients' rights, is commonly omitted in the
existing literature. Motivated by these important yet open problems, we propose
an innovative scheme e-SAFE, which significantly improves security and safety,
reduces the communication overhead and enables IMD-access forensics. We present
a novel lightweight compressive sensing based encryption algorithm to encrypt
and compress the IMD data simultaneously, reducing the data transmission
overhead by over 50% while ensuring high data confidentiality and usability.
Furthermore, we provide a suite of protocols regarding device pairing,
dual-factor authentication, and accountability-enabled access. The security
analysis and performance evaluation show the validity and efficiency of the
proposed scheme
Conscript Your Friends into Larger Anonymity Sets with JavaScript
We present the design and prototype implementation of ConScript, a framework
for using JavaScript to allow casual Web users to participate in an anonymous
communication system. When a Web user visits a cooperative Web site, the site
serves a JavaScript application that instructs the browser to create and submit
"dummy" messages into the anonymity system. Users who want to send non-dummy
messages through the anonymity system use a browser plug-in to replace these
dummy messages with real messages. Creating such conscripted anonymity sets can
increase the anonymity set size available to users of remailer, e-voting, and
verifiable shuffle-style anonymity systems. We outline ConScript's
architecture, we address a number of potential attacks against ConScript, and
we discuss the ethical issues related to deploying such a system. Our
implementation results demonstrate the practicality of ConScript: a workstation
running our ConScript prototype JavaScript client generates a dummy message for
a mix-net in 81 milliseconds and it generates a dummy message for a
DoS-resistant DC-net in 156 milliseconds.Comment: An abbreviated version of this paper will appear at the WPES 2013
worksho
Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices
Contains fulltext :
187230.pdf (preprint version ) (Open Access
Multiplexed Quantum Random Number Generation
Fast secure random number generation is essential for high-speed encrypted
communication, and is the backbone of information security. Generation of truly
random numbers depends on the intrinsic randomness of the process used and is
usually limited by electronic bandwidth and signal processing data rates. Here
we use a multiplexing scheme to create a fast quantum random number generator
structurally tailored to encryption for distributed computing, and high
bit-rate data transfer. We use vacuum fluctuations measured by seven homodyne
detectors as quantum randomness sources, multiplexed using a single integrated
optical device. We obtain a random number generation rate of 3.08 Gbit/s, from
only 27.5 MHz of sampled detector bandwidth. Furthermore, we take advantage of
the multiplexed nature of our system to demonstrate an unseeded strong
extractor with a generation rate of 26 Mbit/s.Comment: 10 pages, 3 figures and 1 tabl
- …