135 research outputs found
Securing Interactive Sessions Using Mobile Device through Visual Channel and Visual Inspection
Communication channel established from a display to a device's camera is
known as visual channel, and it is helpful in securing key exchange protocol.
In this paper, we study how visual channel can be exploited by a network
terminal and mobile device to jointly verify information in an interactive
session, and how such information can be jointly presented in a user-friendly
manner, taking into account that the mobile device can only capture and display
a small region, and the user may only want to authenticate selective
regions-of-interests. Motivated by applications in Kiosk computing and
multi-factor authentication, we consider three security models: (1) the mobile
device is trusted, (2) at most one of the terminal or the mobile device is
dishonest, and (3) both the terminal and device are dishonest but they do not
collude or communicate. We give two protocols and investigate them under the
abovementioned models. We point out a form of replay attack that renders some
other straightforward implementations cumbersome to use. To enhance
user-friendliness, we propose a solution using visual cues embedded into the 2D
barcodes and incorporate the framework of "augmented reality" for easy
verifications through visual inspection. We give a proof-of-concept
implementation to show that our scheme is feasible in practice.Comment: 16 pages, 10 figure
Evading Classifiers by Morphing in the Dark
Learning-based systems have been shown to be vulnerable to evasion through
adversarial data manipulation. These attacks have been studied under
assumptions that the adversary has certain knowledge of either the target model
internals, its training dataset or at least classification scores it assigns to
input samples. In this paper, we investigate a much more constrained and
realistic attack scenario wherein the target classifier is minimally exposed to
the adversary, revealing on its final classification decision (e.g., reject or
accept an input sample). Moreover, the adversary can only manipulate malicious
samples using a blackbox morpher. That is, the adversary has to evade the
target classifier by morphing malicious samples "in the dark". We present a
scoring mechanism that can assign a real-value score which reflects evasion
progress to each sample based on the limited information available. Leveraging
on such scoring mechanism, we propose an evasion method -- EvadeHC -- and
evaluate it against two PDF malware detectors, namely PDFRate and Hidost. The
experimental evaluation demonstrates that the proposed evasion attacks are
effective, attaining evasion rate on the evaluation dataset.
Interestingly, EvadeHC outperforms the known classifier evasion technique that
operates based on classification scores output by the classifiers. Although our
evaluations are conducted on PDF malware classifier, the proposed approaches
are domain-agnostic and is of wider application to other learning-based
systems
Adaptive Attractors: A Defense Strategy against ML Adversarial Collusion Attacks
In the seller-buyer setting on machine learning models, the seller generates
different copies based on the original model and distributes them to different
buyers, such that adversarial samples generated on one buyer's copy would
likely not work on other copies. A known approach achieves this using
attractor-based rewriter which injects different attractors to different
copies. This induces different adversarial regions in different copies, making
adversarial samples generated on one copy not replicable on others. In this
paper, we focus on a scenario where multiple malicious buyers collude to
attack. We first give two formulations and conduct empirical studies to analyze
effectiveness of collusion attack under different assumptions on the attacker's
capabilities and properties of the attractors. We observe that existing
attractor-based methods do not effectively mislead the colluders in the sense
that adversarial samples found are influenced more by the original model
instead of the attractors as number of colluders increases. Based on this
observation, we propose using adaptive attractors whose weight is guided by a
U-shape curve to cover the shortfalls. Experimentation results show that when
using our approach, the attack success rate of a collusion attack converges to
around 15% even when lots of copies are applied for collusion. In contrast,
when using the existing attractor-based rewriter with fixed weight, the attack
success rate increases linearly with the number of copies used for collusion
Predicting Non-Fungible Token (NFT) Collections: A Contextual Generative Approach
Non-fungible tokens (NFTs) are digital assets stored on a blockchain
representing real-world objects such as art or collectibles. It is a
multibillion-dollar market, where the number of NFT collections increased over
100% in 2022; there are currently more than 80K collections on the Ethereum
blockchain. Each collection, containing numerous tokens of a particular theme,
has its unique characteristics. In this paper, we take a contextual generative
approach that learns these diverse characteristics of NFT collections and
generates the potential market value predictions of newly minted ones. We model
NFTs as a series of transactions. First, meaningful contexts capturing the
characteristics of various collections are derived using unsupervised learning.
Next, our generative approach leverages these contexts to learn better
characterizations of established NFT collections with differing market
capitalization values. Finally, given a new collection in an early stage, the
approach generates future transaction series for this emerging collection.
Comprehensive experiments demonstrate that our approach closely predicts the
potential value of NFT collections
Mixed Fault Tolerance Protocols with Trusted Execution Environment
Blockchain systems are designed, built and operated in the presence of
failures. There are two dominant failure models, namely crash fault and
Byzantine fault. Byzantine fault tolerance (BFT) protocols offer stronger
security guarantees, and thus are widely used in blockchain systems. However,
their security guarantees come at a dear cost to their performance and
scalability. Several works have improved BFT protocols, and Trusted Execution
Environment (TEE) has been shown to be an effective solution. However, existing
such works typically assume that each participating node is equipped with TEE.
For blockchain systems wherein participants typically have different hardware
configurations, i.e., some nodes feature TEE while others do not, existing
TEE-based BFT protocols are not applicable.
This work studies the setting wherein not all participating nodes feature
TEE, under which we propose a new fault model called mixed fault. We explore a
new approach to designing efficient distributed fault-tolerant protocols under
the mixed fault model. In general, mixed fault tolerance (MFT) protocols assume
a network of nodes, among which up to can be subject to
mixed faults. We identify two key principles for designing efficient MFT
protocols, namely, (i) prioritizing non-equivocating nodes in leading the
protocol, and (ii) advocating the use of public-key cryptographic primitives
that allow authenticated messages to be aggregated. We showcase these design
principles by prescribing an MFT protocol, namely MRaft.
We implemented a prototype of MRaft using Intel SGX, integrated it into the
CCF blockchain framework, conducted experiments, and showed that MFT protocols
can obtain the same security guarantees as their BFT counterparts while still
providing better performance (both transaction throughput and latency) and
scalability.Comment: 12 pages, 3 figure
- …