14 research outputs found
The security of NTP's datagram protocol
For decades, the Network Time Protocol (NTP) has been
used to synchronize computer clocks over untrusted network paths. This
work takes a new look at the security of NTP’s datagram protocol. We
argue that NTP’s datagram protocol in RFC5905 is both underspecified
and flawed. The NTP specifications do not sufficiently respect (1) the
conflicting security requirements of different NTP modes, and (2) the
mechanism NTP uses to prevent off-path attacks. A further problem
is that (3) NTP’s control-query interface reveals sensitive information
that can be exploited in off-path attacks. We exploit these problems
in several attacks that remote attackers can use to maliciously alter a
target’s time. We use network scans to find millions of IPs that are
vulnerable to our attacks. Finally, we move beyond identifying attacks
by developing a cryptographic model and using it to prove the security
of a new backwards-compatible client/server protocol for NTP.https://eprint.iacr.org/2016/1006.pdfhttps://eprint.iacr.org/2016/1006.pdfPublished versio
XSS Vulnerabilities in Cloud-Application Add-Ons
Cloud-application add-ons are microservices that extend the functionality of
the core applications. Many application vendors have opened their APIs for
third-party developers and created marketplaces for add-ons (also add-ins or
apps). This is a relatively new phenomenon, and its effects on the application
security have not been widely studied. It seems likely that some of the add-ons
have lower code quality than the core applications themselves and, thus, may
bring in security vulnerabilities. We found that many such add-ons are
vulnerable to cross-site scripting (XSS). The attacker can take advantage of
the document-sharing and messaging features of the cloud applications to send
malicious input to them. The vulnerable add-ons then execute client-side
JavaScript from the carefully crafted malicious input. In a major analysis
effort, we systematically studied 300 add-ons for three popular application
suites, namely Microsoft Office Online, G Suite and Shopify, and discovered a
significant percentage of vulnerable add-ons in each marketplace. We present
the results of this study, as well as analyze the add-on architectures to
understand how the XSS vulnerabilities can be exploited and how the threat can
be mitigated
Feature omission vulnerabilities: Thwarting signature generation for polymorphic worms
To combat the rapid infection rate of today’s Internet worms, signatures for novel worms must be generated soon after an outbreak. This is especially critical in the case of polymorphic worms, whose binary representation changes frequently during the infection process. In this paper, we examine the assumptions underlying two leading network-based signature generation systems for polymorphic worms: Polygraph [14] and Hamsa [12]. By identifying an assumption of both systems not met by all vulnerabilities, we discover a class of vulnerabilities (feature omission vulnerabilities) that neither system can accurately characterize. We demonstrate the limitations of Polygraph and Hamsa by testing the signatures that they generate for exploits targeting a feature omission vulnerability. We discuss why feature omission vulnerabilities are difficult to characterize and how increased semantic awareness can help the signature generation process. 1
Multi-party off-the-record messaging
16th ACM Conference on Computer and Communications Security, CCS'09; Chicago, IL; United States; 9 November 2009 through 13 November 2009Most cryptographic algorithms provide a means for secret and authentic communication. However, under many circumstances, the ability to repudiate messages or deny a conversation is no less important than secrecy and authenticity. For whistleblowers, informants, political dissidents and journalists - to name a few - it is most important to have means for deniable conversation, where electronic communication must mimic face-to-face private meetings. Off-the-Record Messaging, proposed in 2004 by Borisov, Goldberg and Brewer, and its subsequent improvements, simulate private two-party meetings. Despite some attempts, the multi-party scenario remains unresolved. In this paper, we first identify the properties of multi-party private meetings. We illustrate the differences not only between the physical and electronic medium but also between two- and multi-party scenarios, which have important implications for the design of private chatrooms. We then propose a solution to multi-party off-the-record instant messaging that satisfies the above properties. Our solution is also composable with extensions that provide other properties, such as anonymity. Copyright 2009 ACM