489 research outputs found
A robust self-organized public key management for mobile ad hoc networks
A mobile ad hoc network (MANET) is a self-organized wireless network where mobile nodes can communicate with each other without the use of any existing network infrastructure or centralized administration. Trust establishment and management are essential for any security framework of MANETs. However, traditional solutions to key management through accessing trusted authorities or centralized servers are infeasible for MANETs due to the absence of infrastructure, frequent mobility, and wireless link instability. In this paper, we propose a robust self-organized, public key management for MANETs. The proposed scheme relies on establishing a small number of trust relations between neighboring nodes during the network initialization phase. Experiences gained as a result of successful communications and node mobility through the network enhance the formation of a web of trust between mobile nodes. The proposed scheme allows each user to create its public key and the corresponding private key, to issue certificates to neighboring nodes, and to perform public key authentication through at least two independent certificate chains without relying on any centralized authority. A measure of the communications cost of the key distribution process has been proposed. Simulation results show that the proposed scheme is robust and efficient in the mobility environment of MANET and against malicious node attacks
Using Hover to Compromise the Confidentiality of User Input on Android
We show that the new hover (floating touch) technology, available in a number
of today's smartphone models, can be abused by any Android application running
with a common SYSTEM_ALERT_WINDOW permission to record all touchscreen input
into other applications. Leveraging this attack, a malicious application
running on the system is therefore able to profile user's behavior, capture
sensitive input such as passwords and PINs as well as record all user's social
interactions. To evaluate our attack we implemented Hoover, a proof-of-concept
malicious application that runs in the system background and records all input
to foreground applications. We evaluated Hoover with 40 users, across two
different Android devices and two input methods, stylus and finger. In the case
of touchscreen input by finger, Hoover estimated the positions of users' clicks
within an error of 100 pixels and keyboard input with an accuracy of 79%.
Hoover captured users' input by stylus even more accurately, estimating users'
clicks within 2 pixels and keyboard input with an accuracy of 98%. We discuss
ways of mitigating this attack and show that this cannot be done by simply
restricting access to permissions or imposing additional cognitive load on the
users since this would significantly constrain the intended use of the hover
technology.Comment: 11 page
Software Grand Exposure: SGX Cache Attacks Are Practical
Side-channel information leakage is a known limitation of SGX. Researchers
have demonstrated that secret-dependent information can be extracted from
enclave execution through page-fault access patterns. Consequently, various
recent research efforts are actively seeking countermeasures to SGX
side-channel attacks. It is widely assumed that SGX may be vulnerable to other
side channels, such as cache access pattern monitoring, as well. However, prior
to our work, the practicality and the extent of such information leakage was
not studied.
In this paper we demonstrate that cache-based attacks are indeed a serious
threat to the confidentiality of SGX-protected programs. Our goal was to design
an attack that is hard to mitigate using known defenses, and therefore we mount
our attack without interrupting enclave execution. This approach has major
technical challenges, since the existing cache monitoring techniques experience
significant noise if the victim process is not interrupted. We designed and
implemented novel attack techniques to reduce this noise by leveraging the
capabilities of the privileged adversary. Our attacks are able to recover
confidential information from SGX enclaves, which we illustrate in two example
cases: extraction of an entire RSA-2048 key during RSA decryption, and
detection of specific human genome sequences during genomic indexing. We show
that our attacks are more effective than previous cache attacks and harder to
mitigate than previous SGX side-channel attacks
- …