Undermining User Privacy on Mobile Devices Using AI

Over the past years, literature has shown that attacks exploiting the microarchitecture of modern processors pose a serious threat to the privacy of mobile phone users. This is because applications leave distinct footprints in the processor, which can be used by malware to infer user activities. In this work, we show that these inference attacks are considerably more practical when combined with advanced AI techniques. In particular, we focus on profiling the activity in the last-level cache (LLC) of ARM processors. We employ a simple Prime+Probe based monitoring technique to obtain cache traces, which we classify with Deep Learning methods including Convolutional Neural Networks. We demonstrate our approach on an off-the-shelf Android phone by launching a successful attack from an unprivileged, zeropermission App in well under a minute. The App thereby detects running applications with an accuracy of 98% and reveals opened websites and streaming videos by monitoring the LLC for at most 6 seconds. This is possible, since Deep Learning compensates measurement disturbances stemming from the inherently noisy LLC monitoring and unfavorable cache characteristics such as random line replacement policies. In summary, our results show that thanks to advanced AI techniques, inference attacks are becoming alarmingly easy to implement and execute in practice. This once more calls for countermeasures that confine microarchitectural leakage and protect mobile phone applications, especially those valuing the privacy of their users

The Security Testbed for the Purposes of the ITS-G5 Communication Attacks Prevention

Secure communication in the Intelligent Transport System (ITS) plays a crucial role in vehicular safety. Security threats can be an unwanted cause of congestions and attacks. In this paper, first, the security threats in ITS are described and discussed. Second, a concept of the security testbed for ITS-G5 communication was presented. Its purpose is to test or verify the security threats for the machine-to-machine communication in the ITS. The testbed is composed of two parts. The first part represents the vehicle, and the second part is the Road-Side Unit (RSU) or the Road-vehicle unit (RVU). The testbed contains Arduino-type modules, SPI interface to CAN bus converter, and ELM 327 diagnostic tool supporting all communication protocols of the OBD standard. The simulator presented in this article was practically implemented and the functionality verified by experimental testing. Finally, a message for remote speed limiting was implemented on the testbed for further security testing.Peer reviewe

Far Field EM Side-Channel Attack on AES Using Deep Learning

We present the first deep learning-based side-channel attack on AES-128 using far field electromagnetic emissions as a side channel. Our neural networks are trained on traces captured from five different Bluetooth devices at five different distances to target and tested on four other Bluetooth devices. We can recover the key from less than 10K traces captured in an office environment at 15 m distance to target even if the measurement for each encryption is taken only once. Previous template attacks required multiple repetitions of the same encryption. For the case of 1K repetitions, we need less than 400 traces on average at 15 m distance to target. This improves the template attack presented at CHES\u272020 which requires 5K traces and key enumeration up to $2^{23}$

Web Platform for Comprehensive Penetration Testing

This paper presents the design, development, and implementation of a web platform embedded in the proposed Highly Scalable Model with the main purpose of increasing the effect of penetration testing to such an extent that the time, complexity, and work required to successfully complete the entire test will be considerably lower than using currently available tools, together with greater coverage of the testing area

Network Protection Against DDoS Attacks

The paper deals with possibilities of the network protection against Distributed Denial of Service attacks (DDoS). The basic types of DDoS attacks and their impact on the protected network are presented here. Furthermore, we present basic detection and defense techniques thanks to which it is possible to increase resistance of the protected network or device against DDoS attacks. Moreover, we tested the ability of current commercial Intrusion Prevention Systems (IPS), especially Radware DefensePro 6.10.00 product against the most common types of DDoS attacks. We create five scenarios that are varied in type and strength of the DDoS attacks. The attacks intensity was much greater than the normal intensity of the current DDoS attacks

Robust profiled attacks: should the adversary trust the dataset?

Side-channel attacks provide tools to analyse the degree of resilience of a cryptographic device against adversaries measuring leakages (e.g. power traces) on the target device executing cryptographic algorithms. In 2002, Chari et al. introduced template attacks (TA) as the strongest parametric profiled attacks in an information theoretic sense. Few years later, Schindler et al. proposed stochastic attacks (representing other parametric profiled attacks) as improved attacks (with respect to TA) when the adversary has information on the data-dependent part of the leakage. Less than ten years later, the machine learning field provided non-parametric profiled attacks especially useful in high dimensionality contexts. In this study, the authors provide new contexts in which profiled attacks based on machine learning outperform conventional parametric profiled attacks: when the set of leakages contains errors or distortions. More precisely, the authors found that (i) profiled attacks based on machine learning remain effective in a wide range of scenarios, and (ii) TA are more sensitive to distortions and errors in the profiling and attacking sets.SCOPUS: ar.jinfo:eu-repo/semantics/publishe

Simple Electromagnetic Analysis in Cryptography

The article describes the main principle and methods of simple electromagnetic analysis and thus provides an overview of simple electromagnetic analysis.<br />The introductions chapters describe specific SPA attack used visual inspection of EM traces, template based attack and collision attack.<br />After reading the article, the reader is sufficiently informed of any context of SEMA.<br />Another aim of the article is the practical realization of SEMA which is focused on AES implementation.<br />The visual inspection of EM trace of AES is performed step by step and the result is the determination of secret key Hamming weight.<br />On the resulting EM trace, the Hamming weight of the secret key 1 to 8 was clearly visible.<br />This method allows reduction from the number of possible keys for following brute force attack. <br /

Interactive Environment for Effective Cybersecurity Teaching and Learning

Cybersecurity affects all users to some extent, and it is essential to raise awareness about potential cybersecurity risks and improve practical skills from an early stage of their education. This paper addresses these aspects and discusses the research, design, and implementation of a platform for effective cybersecurity teaching and learning. Our main contribution is the creation of an interactive environment with the easy-to-use execution and management of educational and training scenarios. Our solution is tailored for multi-level education, as well as small to medium-sized institutions, and we have validated its effectiveness through several test sessions conducted with university and high school students. In addition, the paper presents selected preliminary results from the testing performed and an overall evaluation of the environment.publishedVersionPeer reviewe

Undermining User Privacy on Mobile Devices Using AI

Over the past years, literature has shown that attacks exploiting the microarchitecture of modern processors pose a serious threat to user privacy. This is because applications leave distinct footprints in the processor, which malware can use to infer user activities. In this work, we show that these inference attacks can greatly be enhanced with advanced AI techniques. In particular, we focus on profiling the activity in the last-level cache (LLC) of ARM processors. We employ a simple Prime+Probe based monitoring technique to obtain cache traces, which we classify with deep learning methods including convolutional neural networks. We demonstrate our approach on an off-the-shelf Android phone by launching a successful attack from an unprivileged, zero-permission app in well under a minute. The app detects running applications, opened websites, and streaming videos with up to 98% accuracy and a profiling phase of at most 6 seconds. This is possible, as deep learning compensates measurement disturbances stemming from the inherently noisy LLC monitoring and unfavorable cache characteristics. In summary, our results show that thanks to advanced AI techniques, inference attacks are becoming alarmingly easy to execute in practice. This once more calls for countermeasures that confine microarchitectural leakage and protect mobile phone applications, especially those valuing the privacy of their users