12 research outputs found
CAOS:Concurrent-Access Obfuscated Store
This paper proposes Concurrent-Access Obfuscated Store (CAOS), a construction
for remote data storage that provides access-pattern obfuscation in a
honest-but-curious adversarial model, while allowing for low bandwidth overhead
and client storage. Compared to the state of the art, the main advantage of
CAOS is that it supports concurrent access without a proxy, for multiple
read-only clients and a single read-write client. Concurrent access is achieved
by letting clients maintain independent maps that describe how the data is
stored. These maps might diverge from client to client, but it is guaranteed
that no client will ever lose track of current data. We achieve efficiency and
concurrency at the expense of perfect obfuscation: in CAOS the extent to which
access patterns are hidden is determined by the resources allocated to its
built-in obfuscation mechanism. To assess this trade-off we provide both a
security and a performance analysis of our protocol instance. We additionally
provide a proof-of-concept implementation
Cutting Through the Complexity of Reverse Engineering Embedded Devices
Performing security analysis of embedded devices is a challenging task. They present many difficulties not usually found when analyzing commodity systems: undocumented peripherals, esoteric instruction sets, and limited tool support. Thus, a significant amount of reverse engineering is almost always required to analyze such devices. In this paper, we present Incision, an architecture and operating-system agnostic reverse engineering framework. Incision tackles the problem of reducing the upfront effort to analyze complex end-user devices. It combines static and dynamic analyses in a feedback loop, enabling information from each to be used in tandem to improve our overall understanding of the firmware analyzed. We use Incision to analyze a variety of devices and firmware. Our evaluation spans firmware based on three RTOSes, an automotive ECU, and a 4G/LTE baseband. We demonstrate that Incision does not introduce significant complexity to the standard reverse engineering process and requires little manual effort to use. Moreover, its analyses produce correct results with high confidence and are robust across different OSes and ISAs
Millimeter-Wave Automotive Radar Spoofing
Millimeter-wave radar systems are one of the core components of the
safety-critical Advanced Driver Assistant System (ADAS) of a modern vehicle.
Due to their ability to operate efficiently despite bad weather conditions and
poor visibility, they are often the only reliable sensor a car has to detect
and evaluate potential dangers in the surrounding environment. In this paper,
we propose several attacks against automotive radars for the purposes of
assessing their reliability in real-world scenarios. Using COTS hardware, we
are able to successfully interfere with automotive-grade FMCW radars operating
in the commonly used 77GHz frequency band, deployed in real-world, truly
wireless environments. Our strongest type of interference is able to trick the
victim into detecting virtual (moving) objects. We also extend this attack with
a novel method that leverages noise to remove real-world objects, thus
complementing the aforementioned object spoofing attack. We evaluate the
viability of our attacks in two ways. First, we establish a baseline by
implementing and evaluating an unrealistically powerful adversary which
requires synchronization to the victim in a limited setup that uses wire-based
chirp synchronization. Later, we implement, for the first time, a truly
wireless attack that evaluates a weaker but realistic adversary which is
non-synchronized and does not require any adjustment feedback from the victim.
Finally, we provide theoretical fundamentals for our findings, and discuss the
efficiency of potential countermeasures against the proposed attacks. We plan
to release our software as open-source