IEEE European Symposium on Security and Privacy 2018 (EuroS&P)

More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
Paul Rösler (Horst Görtz Institute for IT Security, Chair for Network and Data Security, Ruhr-University Bochum), Christian Mainka (Horst Görtz Institute for IT Security, Chair for Network and Data Security, Ruhr-University Bochum), Jörg Schwenk (Horst Görtz Institute for IT Security, Chair for Network and Data Security, Ruhr-University Bochum)

Secure instant messaging is utilized in two variants: one-to-one communication and group communication. While the first variant has received much attention lately (Frosch et al., EuroS&P16; Cohn-Gordon et al., EuroS&P17; Kobeissi et al., EuroS&P17), little is known about the cryptographic mechanisms and security guarantees of secure group communication in instant messaging. To approach an investigation of group instant messaging protocols, we first provide a comprehensive and realistic security model. This model combines security and reliability goals from various related literature to capture relevant properties for communication in dynamic groups. Thereby the definitions consider their satisfiability with respect to the instant delivery of messages. To show its applicability, we analyze three widely used real-world protocols: Signal, WhatsApp, and Threema. By applying our model, we reveal several shortcomings with respect to the security definition. Therefore we propose generic countermeasures to enhance the protocols regarding the required security and reliability goals. Our systematic analysis reveals that (1) the communications’ integrity – represented by the integrity of all exchanged messages – and (2) the groups’ closeness – represented by the members’ ability of managing the group – are not end-to-end protected. We additionally show that strong security properties, such as Future Secrecy which is a core part of the one-to-one communication in the Signal protocol, do not hold for its group communication.

What you get is what you C: Controlling side effects in mainstream C compilers
Laurent Simon (Cambridge University), David Chisnall (Cambridge University), Ross Anderson (Cambridge University)

Security engineers have been fighting with C compilers for years. A careful programmer would test for null pointer dereferencing or division by zero; but the compiler would fail to understand, and optimize the test away. Modern compilers now have dedicated options to mitigate this. But when a programmer tries to control side effects of code, such as to make a cryptographic algorithm execute in constant time, the problem remains. Programmers devise complex tricks to obscure their intentions, but compiler writers find ever smarter ways to optimize code. A compiler upgrade can suddenly and without warning open a timing channel in previously secure code. This arms race is pointless and has to stop. We argue that we must stop fighting the compiler, and instead make it our ally. As a starting point, we analyze the ways in which compiler optimization breaks implicit properties of crypto code; and add guarantees for two of these properties in Clang/LLVM. Our work explores what is actually involved in controlling side effects on modern CPUs with a standard toolchain. Similar techniques can and should be applied to other security properties; achieving intentions by compiler commands or annotations makes them explicit, so we can reason about them. It is already understood that explicitness is essential for cryptographic protocol security and for compiler performance; it is essential for language security too. We therefore argue that this should be only the first step in a sustained engineering effort.

ChainSmith: Automatically Learning the Semantics of Malicious Campaigns by Mining Threat Intelligence Reports
Ziyun Zhu (University of Maryland, College Park), Tudor Dumitras (University of Maryland, College Park)

Modern cyber attacks consist of a series of steps and are generally part of larger campaigns. Large-scale field data provides a quantitative measurement of these campaigns. On the other hand, security practitioners extract and report qualitative campaign characteristics manually. Linking the two sources provides new insights about attacker strategies from measurements. However, this is a time-consuming task because qualitative measurements are generally reported in natural language and are not machine-readable. We propose an approach to bridge measurement data with manual analysis. We borrow the idea from threat intelligence: we define campaigns using a 4-stage model, and describe each stage using IOCs (indicators of compromise), e.g. URLs and IP addresses. We train a multi-class classifier to extract IOCs and further categorize them into different stages. We implement these ideas in a system called ChainSmith. Our system can achieve 91.9% precision and 97.8% recall in extracting IOCs, and can determine the campaign roles for 86.2% of IOCs with 78.2% precision and 80.7% recall. We run ChainSmith on 14,155 online security articles, from which we collect 24,653 IOCs. The semantic roles allow us to link manual attack analysis with large scale field measurements. In particular, we study the effectiveness of different persuasion techniques used on enticing user to download the payloads. We find that the campaign usually starts from social engineering and “missing codec” ruse is a common persuasion technique that generates the most suspicious downloads each day.

ERASER: Your Data Won’t Be Back
Kaan Onarlioglu (Akamai Technologies), William Robertson (Northeastern University), Engin Kirda (Northeastern University)

Secure deletion of data from non-volatile storage is a well-recognized problem. While numerous solutions have been proposed, advances in storage technologies have stymied efforts to solve the problem. For instance, SSDs make use of techniques such as wear leveling that involve replication of data; this is in direct opposition to efforts to securely delete sensitive data from storage. We present a technique to provide secure deletion guarantees at file granularity, independent of the characteristics of the underlying storage medium. The approach builds on prior seminal work on cryptographic erasure, encrypting every file on an insecure medium with a unique key that can later be discarded to cryptographically render the data irrecoverable. To make the approach scalable and, therefore, usable on commodity systems, keys are organized in an efficient tree structure where a single master key is confined to a secure store. We describe an implementation of this scheme as a file-aware stackable block device, deployed as a standalone Linux kernel module that does not require modifications to the operating system. Our prototype demonstrates that secure deletion independent of the underlying storage medium can be achieved with comparable overhead to existing full disk encryption implementations.

Get in Line: Ongoing Co-Presence Verification of a Vehicle Formation Based on Driving Trajectories
Christian Vaas (University of Oxford), Mika Juuti (Aalto University), N. Asokan (Aalto University), Ivan Martinovic (University of Oxford)

Intelligent transportation systems and the advent of smart cities have created a renewed research interest in vehicular networks (VANET). These ad-hoc networks are the key technology for new collaborative approaches to increase the efficiency and safety of our roads. In effect, city-scale field trials are being conducted by major high-tech companies to explore the capabilities and limitations of vehicle-to-infrastructure and vehicle-to-vehicle communication. Initial advances have led to safety enhancing applications like the electronic emergency brake light, cooperative collision avoidance and cooperative adaptive cruise control. In IEEE standard 1609.2, security measures to guarantee the integrity and authenticity of VANET messages are specified. However, physical properties like spatial proximity and driving direction are not considered. These become notably important when vehicles make decisions that concern the safety of users for example to avoid a collision. We propose a novel approach to verify the ongoing co-presence of two vehicles. Our method is based on the observation that the trajectory through a road network can be used to uniquely define a vehicle’s location as well as its driving direction. Our system provides a protocol to authenticate VANET messages for a group of vehicles driving in succession and to de-authenticate vehicles that have left the formation. To demonstrate the feasibility of trajectories as proof for co-presence, we implemented a smartphone application and conducted driving experiments under real-world conditions. We analyze the road network of several major cities from different continents to show the generalizability of our approach. Additionally, we systematically evaluate the security properties of our system by performing city-scale simulations under realistic conditions.

Language-Independent Synthesis of Firewall Policies
Chiara Bodei (Università di Pisa), Pierpaolo Degano (Università di Pisa), Riccardo Focardi (Università Ca Foscari Venezia), Letterio Galletta (Università di Pisa), Mauro Tempesta (Università Ca Foscari Venezia), Lorenzo Veronese (Università Ca Foscari Venezia)

Configuring and maintaining a firewall configuration is notoriously hard. Policies are written in low-level, platform-specific languages where firewall rules are inspected and enforced along non trivial control flow paths. Further difficulties arise from Network Address Translation (NAT), since filters must be implemented with addresses translations in mind. In this work, we study the problem of decompiling a real firewall configuration into an abstract specification. This abstract version throws the low-level details away by exposing the meaning of the configuration, i.e., the allowed connections with possible address translations. The generated specification makes it easier for system administrators to check if: (i) the intended security policy is actually implemented; (ii) two configurations are equivalent; (iii) updates have the desired effect on the firewall behavior. The peculiarity of our approach is that is independent of the specific target firewall system and language. This independence is obtained through a generic intermediate language that provides the typical features of real configuration languages and that separates the specification of the rulesets, determining the destiny of packets, from the specification of the platform-dependent steps needed to elaborate packets. We present a tool that decompiles real firewall configurations from different systems into this intermediate language and uses the Z3 solver to synthesize the abstract specification that succinctly represents the firewall behavior and the NAT. Tests on real configurations show that the tool is effective: it synthesizes complex policies in a matter of minutes and, and it answers to specific queries in just a few seconds. The tool can also point out policy differences before and after configuration updates in a simple, tabular form.

Understanding User Tradeoffs for Search in Encrypted Communication
Wei Bai (University of Maryland, College Park), Ciara Lynton (University of Maryland, College Park), Michelle L. Mazurek (University of Maryland, College Park), Charalampos (Babis) Papamanthou (University of Maryland, College Park)

End-to-end message encryption is the only way to achieve absolute message privacy. However, searching over end-to-end encrypted messages is complicated. Several popular instant messaging tools (e.g., WhatsApp, iMessage) circumvent this inconvenience by storing the search index locally on the devices. Another approach, called searchable encryption, allows users to search encrypted messages without storing the search index locally. These approaches have inherent tradeoffs between usability and security properties, yet little is known about how general users value these tradeoffs, especially in the context of email rather than instant messaging. In this paper, we systematize these tradeoffs in order to identify key feature differences. We use these differences as the basis for a choice-based conjoint analysis experiment focused on email (n=160), in which participants make a series of choices between email services with competing features. The results allow us to quantify the relative importance of each feature. We find that users indicate high relative importance for increasing privacy and minimizing local storage requirements. While privacy is more important overall, local storage is more important than adding additional marginal privacy after an initial improvement. These results suggest that local indexing, which provides more privacy, may often be appropriate for encrypted email, but that searchable encryption, which limits local storage, may also hold promise for some users.

Short Double- and N-Times-Authentication-Preventing Signatures from ECDSA and More
David Derler (IAIK, Graz University of Technology), Sebastian Ramacher (IAIK, Graz University of Technology), Daniel Slamanig (AIT Austrian Institute of Technology)

Double-authentication-preventing signatures (DAPS) are signatures designed with the aim that signing two messages with an identical first part (called address) but different second parts (called payload) allows to publicly extract the secret signing key from two such signatures. A prime application for DAPS is disincentivizing and/or penalizing the creation of two signatures on different payloads within the same address, such as penalizing double spending of transactions in Bitcoin by the loss of the double spender’s money. So far DAPS have been constructed from very specific signature schemes not used in practice and using existing techniques it has proved elusive to construct DAPS schemes from signatures widely used in practice. This, unfortunately, has prevented practical adoption of this interesting tool so far. In this paper we ask whether one can construct DAPS from signature schemes used in practice. We affirmatively answer this question by presenting novel techniques to generically construct provably secure DAPS from a large class of discrete logarithm based signatures. This class includes schemes like Schnorr, DSA, EdDSA, and, most interestingly for practical applications, the widely used ECDSA signature scheme. The resulting DAPS are highly efficient and the shortest among all existing DAPS schemes. They are nearly half of the size of the most efficient factoring based schemes (IACR PKC’17) and improve by a factor of 100 over the most efficient discrete logarithm based ones (ACM CCS’15). Although this efficiency comes at the cost of a reduced address space, i.e., size of keys linear in the number of addresses, we will show that this is not a limitation in practice. Moreover, we generalize DAPS to any N > 2, which we denote as N-times-authentication-preventing signatures (NAPS). Finally, we also provide an integration of our ECDSA-based DAPS into the OpenSSL library and perform an extensive comparison with existing approaches.

Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure
Patrick Speicher (CISPA, Saarland University), Marcel Steinmetz (CISPA, Saarland University), Robert Künnemann (CISPA, Saarland University), Milivoj Simeonovski (CISPA, Saarland University), Giancarlo Pellegrino (CISPA, Saarland University), Jörg Hoffmann (CISPA, Saarland University), Michael Backes (CISPA, Saarland University)

Security in the Internet has historically been added post-hoc, leaving services like email, which, after all, is used by 3.7 billion users, vulnerable to large-scale surveillance. For email alone, there is a multitude of proposals to mitigate known vulnerabilities, ranging from the introduction of completely new protocols to modifications of the communication paths used by big providers. Deciding which measures to deploy requires a deep understanding of the induced benefits, the cost and the resulting effects. This paper proposes the first automated methodology for making formal deployment assessments. Our planning algorithm analyses the impact and cost-efficiency of different known mitigation strategies against an attacker in a formal threat model. This novel formalisation of an infrastructure attacker includes routing, name resolution and application level weaknesses. We apply the methodology to a large-scale scan of the Internet, and assess how protocols like IPsec, DNSSEC, DANE, SMTP STS, SMTP over TLS and other mitigation techniques like server relocation can be combined to improve the confidentiality of email users in 45 combinations of attacker and defender countries and nine cost scenarios. This is the first deployment analysis for mitigation techniques at this scale.

Security Risks in Asynchronous Web Servers: When Performance Optimizations Amplify the Impact of Data-oriented Attacks
Micah Morton (UNC at Chapel Hill), Jan Werner (UNC at Chapel Hill), Panagiotis Kintis (Georgia Tech), Kevin Snow (Zeropoint Dynamics), Manos Antonakakis (Georgia Tech), Michalis Polychronakis (Stony Brook University), Fabian Monrose (UNC at Chapel Hill)

Over the past decade, many innovations have been achieved with respect to improving the responsiveness of highly-trafficked servers. These innovations are fueled by a desire to support complex and data-rich web applications while consuming minimal resources. One of the chief advancements has been the emergence of the asynchronous web server architecture, which is built from the ground up for scalability. While this architecture can offer a significant boost in performance over classic forking servers, it does so at the cost of abandoning memory space isolation between client interactions. This shift in design, that delegates the handling of many unrelated requests within the same process, enables powerful and covert data-oriented attacks that rival complete web server takeover — without ever hijacking the control flow of the server application. To demonstrate the severity of this threat, we present a technique for identifying security-critical web server data by tracing memory accesses committed by the program in generating responses to client requests. We further develop a framework for performing live memory analysis of a running server in order to understand how low-level memory structures can be corrupted for malicious intent. A fundamental goal of our work is to assess the realism of such data-oriented attacks in terms of the types of memory errors that can be leveraged to perform them, and to understand the prominence of these errors in real-world web servers. Our case study on a leading asynchronous architecture, namely Nginx, shows how data-oriented attacks allow an adversary to re-configure an Nginx instance on the fly in order to degrade or disable services (e.g., error reporting, security headers like HSTS, access control), steal sensitive information, as well as distribute arbitrary web content to unsuspecting clients — all by manipulating only a few bytes in memory. Our empirical findings on the susceptibility of modern asynchronous web servers to two well-known CVEs show that the damage could be severe. To address this threat, we also discuss several potential mitigations. Taken as a whole, our work tells a cautionary tale regarding the risks of blindly pushing forward with performance optimizations.

A formal analysis of the Neuchâtel e-voting protocol
Véronique Cortier (Loria & CNRS, France), David Galindo (University of Birmingham, UK), Mathieu Turuani (Loria & INRIA, France)

Remote electronic voting is used in several countries for legally binding elections. Unlike academic voting protocols, these systems are not always documented and their security is rarely analysed rigorously. In this paper, we study a voting system that has been used for electing political representatives and in citizen-driven referenda in the Swiss canton of Neuchatel. We design a detailed model of the protocol in ProVerif for both privacy and verifiability properties. Our analysis mostly confirms the security of the underlying protocol: we show that the Neuchatel protocol guarantees ballot privacy, even against a corrupted server; it also ensures cast-as-intended and recorded-as-cast verifiability, even if the voter’s device is compromised. To our knowledge, this is the first time a full-fledged automatic symbolic analysis of an e-voting system used for politically-binding elections has been realized.

Sponge-Based Control-Flow Protection for IoT Devices
Mario Werner (Graz University of Technology), Thomas Unterluggauer (Graz University of Technology), David Schaffenrath (Graz University of Technology), Stefan Mangard (Graz University of Technology)

Embedded devices in the Internet of Things (IoT) face a wide variety of security challenges. For example, software attackers perform code injection and code-reuse attacks on their remote interfaces, and physical access to IoT devices allows to tamper with code in memory, steal confidential Intellectual Property (IP), or mount fault attacks to manipulate a CPU’s control flow. In this work, we present Sponge-based Control Flow Protection (SCFP). SCFP is a stateful, sponge-based scheme to ensure the confidentiality of software IP and its authentic execution on IoT devices. At compile time, SCFP encrypts and authenticates software with instruction-level granularity. During execution, an SCFP hardware extension between the CPU’s fetch and decode stage continuously decrypts and authenticates instructions. Sponge-based authenticated encryption in SCFP yields fine-grained control-flow integrity and thus prevents code-reuse, code-injection, and fault attacks on the code and the control flow. In addition, SCFP withstands any modification of software in memory. For evaluation, we extended a RISC-V core with SCFP and fabricated a real System on Chip (SoC). The average overhead in code size and execution time of SCFP on this design is 19.8 % and 9.1 %, respectively, and thus meets the requirements of embedded IoT devices.

The Real First Class? Inferring Confidential Corporate Mergers and Government Relations from Air Traffic Communication
Martin Strohmeier (University of Oxford), Matthew Smith (University of Oxford), Vincent Lenders (Armasuisse), Ivan Martinovic (University of Oxford)

This paper exploits publicly available aircraft meta data in conjunction with unfiltered air traffic communication gathered from a global collaborative sensor network to study the privacy impact of large-scale aircraft tracking on governments and public corporations. First, we use movement data of 542 verified aircraft used by 113 different governments to identify events and relationships in the real world. We develop a spatio-temporal clustering method which returns 47 public and 18 non-public meetings attended by dedicated government aircraft over the course of 18 months. Additionally, we illustrate the ease of analyzing the long-term behavior and relationships of aviation users through the example of foreign governments visiting Europe. Secondly, we exploit the same types of data to predict potential merger and acquisition (M&A) activities by 36 corporations listed on the US and European stock markets. We identify seven M&A cases, in all of which the buyer has used corporate aircraft to visit the target prior to the official announcement, on average 61 days before. Finally, we analyze five existing technical and non-technical mitigation options available to the individual stakeholders. We quantify their popularity and effectiveness, finding that despite their current widespread use, they are ineffective against the presented exploits. Consequently, we argue that regulatory and technical changes are required to be able to protect the privacy of non-commercial aviation users in the future.

Online Synthesis of Adaptive Side-Channel Attacks Based On Noisy Observations
Lucas Bang (University of California Santa Barbara), Nicolas Rosner (University of California Santa Barbara), Tevfik Bultan (University of California Santa Barbara)

We present an automated technique for synthesizing adaptive attacks to extract information from program functions that leak secret data through a side channel. We synthesize attack steps dynamically and consider noisy program environments. Our approach consists of an offline profiling phase using symbolic execution, witness generation, and profiling to construct a noise model. During our online attack synthesis phase, we use weighted model counting and numeric optimization to automatically synthesize attack inputs. We experimentally evaluate the effectiveness of our approach on DARPA benchmark programs created for testing side-channel analysis techniques.

Crypto Crumple Zones: Enabling Limited Access without Mass Surveillance
Charles Wright (Portland State University), Mayank Varia (Boston University)

Governments around the world are demanding more access to encrypted data, but it has been difficult to build a system that allows the authorities some access without providing unlimited access in practice. In this paper, we present new techniques for maximizing user privacy in jurisdictions that require support for so-called “exceptional access” to encrypted data. In contrast to previous work on this topic (e.g., key escrow), our approach places most of the responsibility for achieving exceptional access on the government, rather than on the users or developers of cryptographic tools. As a result, our constructions are very simple and lightweight, and they can be easily retrofitted onto existing applications and protocols. Critically, we introduce no new third parties, and we add no new messages beyond a single new Diffie-Hellman key exchange in protocols that already use Diffie-Hellman. We present two constructions for crumpling cryptographic keys to make it possible—although arbitrarily expensive—for a government to recover the plaintext for targeted messages. Our symmetric crumpling technique uses a hash-based proof of work to impose a linear cost on the adversary for each message she wishes to recover. Additionally, our public-key crumpling method uses a novel application of Diffie-Hellman over modular arithmetic groups to create an extremely expensive puzzle that the adversary must solve before she can recover even a single message. Our initial analysis shows that we can impose an upfront cost in the range of $100M to several billion dollars and a linear cost between $1K-$1M per message. We show how our constructions can easily be adapted to common tools including PGP, Signal, SRTP, full-disk encryption, and file-based encryption.

User Blocking Considered Harmful? An Attacker-controllable Side Channel to Identify Social Accounts
Takuya Watanabe (NTT Secure Platform Laboratories), Eitaro Shioji (NTT Secure Platform Laboratories), Mitsuaki Akiyama (NTT Secure Platform Laboratories), Keito Sasaoka (Waseda University), Takeshi Yagi (NTT Secure Platform Laboratories), Tatsuya Mori (Waseda University)

This paper presents a practical side-channel attack that identifies the social web service account of a visitor to an attacker’s website. Our attack leverages the widely adopted user-blocking mechanism, abusing its inherent property that certain pages return different web content depending on whether a user is blocked from another user. Our key insight is that an account prepared by an attacker can hold an attacker-controllable binary state of blocking/non-blocking with respect to an arbitrary user on the same service; provided that the user is logged in to the service, this state can be retrieved as one-bit data through the conventional cross-site timing attack when a user visits the attacker’s website. We generalize and refer to such a property as visibility control, which we consider as the fundamental assumption of our attack. Building on this primitive, we show that an attacker with a set of controlled accounts can gain a complete and flexible control over the data leaked through the side channel. Using this mechanism, we show that it is possible to design and implement a robust, large-scale user identification attack on a wide variety of social web services. To verify the feasibility of our attack, we perform an extensive empirical study using 16 popular social web services and demonstrate that at least 12 of these are vulnerable to our attack. Vulnerable services include not only popular social networking sites such as Twitter and Facebook, but also other types of web services that provide social features, e.g., eBay and Xbox Live. We also demonstrate that the attack can achieve nearly 100% accuracy and can finish within a sufficiently short time in a practical setting. We discuss the fundamental principles, practical aspects, and limitations of the attack as well as possible defenses.

On Composability of Game-based Password Authenticated Key Exchange
Marjan Skrobot (University of Luxembourg), Jean Lancrenon (itrust consulting)

It is standard practice that the secret key derived from an execution of a Password Authenticated Key Exchange (PAKE) protocol is used to authenticate and encrypt some data payload using a Symmetric Key Protocol (SKP). Unfortunately, most PAKEs of practical interest are studied using so-called game-based models, which – unlike simulation models – do not guarantee secure composition per se. However, Brzuska et al. (CCS 2011) have shown that a middle ground is possible in the case of authenticated key exchange that relies on PublicKey Infrastructure (PKI): the game-based models do provide secure composition guarantees when the class of higher-level applications is restricted to SKPs. The question that we pose in this paper is whether or not a similar result can be exhibited for PAKE. Our work answers this question positively. More specifically, we show that PAKE protocols secure according to the game-based Real-or-Random (RoR) definition with the weak forward secrecy of Abdalla et al. (S&P 2015) allow for safe composition with arbitrary, higher-level SKPs. Since there is evidence that most PAKEs secure in the Find-then-Guess (FtG) model are in fact secure according to RoR definition, we can conclude that nearly all provably secure PAKEs enjoy a certain degree of composition, one that at least covers the case of implementing secure channels.

I Spy with My Little Eye: Analysis and Detection of Spying Browser Extensions
Anupama Aggarwal (IIIT - Delhi, India), Saravana Kumar (CEG, Guindy, India), Bimal Viswanath (UC Santa Barbara), Liang Zhang (Northeastern University), Ayush Shah (IIIT - Delhi, India), Ponnurangam Kumaraguru (IIIT - Delhi, India)

In this work, we take a step towards understanding and defending against spying browser extensions. These are extensions repurposed to capture online activities of a user and communicate the collected sensitive information to a third-party domain. We conduct an empirical study of such extensions on the Chrome Web Store. First, we present an in-depth analysis of the spying behavior of these extensions. We observe that these extensions steal a variety of sensitive user information, such as the complete browsing history (e.g., the sequence of web traversals), online social network (OSN) access tokens, IP address, and geolocation. Second, we investigate the potential for automatically detecting spying extensions by applying machine learning schemes. We show that using a Recurrent Neural Network (RNN), the sequence of browser API calls made by an extension can be a robust feature, outperforming hand-crafted features (used in prior work on malicious extensions) to detect spying extensions. Our RNN based detection scheme achieves a high precision (90.02%) and recall (93.31%) in detecting spying extensions.

Position-independent Code Reuse: On the Effectiveness of ASLR in the Absence of Information Disclosure
Enes Göktaş (Vrije Universiteit Amsterdam), Benjamin Kollenda (Ruhr-Universität Bochum), Philipp Koppe (Ruhr-Universität Bochum), Erik Bosman (Vrije Universiteit Amsterdam), Georgios Portokalidis (Stevens Institute of Technology), Thorsten Holz (Ruhr-Universität Bochum), Herbert Bos (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam)

Address-space layout randomization is a well-established defense against code-reuse attacks. However, it can be completely bypassed by just-in-time code-reuse attacks that rely on information disclosure of code addresses via memory or side-channel exposure. To address this fundamental weakness, much recent research has focused on detecting and mitigating information disclosure. The assumption being that if we perfect such techniques, we will not only maintain layout secrecy but also stop code reuse. In this paper, we demonstrate that an advanced attacker can mount practical code-reuse attacks even in the complete absence of information disclosure. To this end, we present Position-Independent Code-Reuse Attacks, a new class of code-reuse attacks relying on the relative rather than absolute location of code gadgets in memory. By means of memory massaging, the attacker first makes the victim program generate a rudimentary ROP payload (for instance, containing code pointers that target instructions “close” to relevant gadgets). Afterwards, the addresses in this payload are patched with small offsets via relative memory writes. To establish the practicality of such attacks, we present multiple Position-Independent ROP exploits against real-world software. After showing that we can bypass ASLR in current systems without requiring information disclosures, we evaluate the impact of our technique on other defenses, such as fine-grained ASLR, multi-variant execution, execute-only memory and re-randomization. We conclude by discussing potential mitigations.

TARANET: Traffic-Analysis Resistant Anonymity at the NETwork layer
Chen Chen (CMU), Daniele E. Asoni (ETH Zurich), Adrian Perrig (ETH Zurich), David Barrera (Polytechnique Montréal), George Danezis (UCL), Carmela Troncoso (IMDEA Software Institute)

Modern low-latency anonymity systems, no matter whether constructed as an overlay or implemented at the network layer, offer limited security guarantees against traffic analysis. On the other hand, high-latency anonymity systems offer strong security guarantees at the cost of computational overhead and long delays, which are excessive for interactive applications. We propose TARANET, an anonymity system that implements protection against traffic analysis at the network layer, and limits the incurred latency and overhead. In TARANET’s setup phase, traffic analysis is thwarted by mixing. In the data transmission phase, end hosts and ASes coordinate to shape traffic into constant-rate transmission using packet splitting. Our prototype implementation shows that TARANET can forward anonymous traffic at over 50 Gbps using commodity hardware.

Attacking Deterministic Signature Schemes using Fault Attacks
Damian Poddebniak (Münster University of Applied Sciences), Juraj Somorovsky (Ruhr-University Bochum), Sebastian Schinzel (Münster University of Applied Sciences), Manfred Lochter (Federal Office for Information Security), Paul Rösler (Ruhr-University Bochum)

Many digital signature schemes rely on random numbers that are unique and non-predictable per signature. Failures of random number generators may have catastrophic effects such as compromising private signature keys. In recent years, many widely-used cryptographic technologies adopted deterministic signature schemes because they are presumed to be safer to implement. In this paper, we analyze the security of deterministic ECDSA and EdDSA signature schemes and show that the elimination of random number generators in these schemes enables new kinds of fault attacks. We formalize these attacks and introduce practical attack scenarios against EdDSA using the Rowhammer fault attack. EdDSA is used in many widely used protocols such as TLS, SSH, and IPSec, and we show that these protocols are not vulnerable to our attack. We formalize the necessary requirements of protocols using these deterministic signature schemes to be vulnerable, and discuss mitigation strategies and their effect on fault attacks against deterministic signature schemes.

Dissecting Privacy Risks in Biomedical Data
Pascal Berrang (CISPA, Saarland University), Mathias Humbert (Swiss Data Science Center, ETH/EPFL), Yang Zhang (CISPA, Saarland University), Irina Lehmann (Helmholtz Centre for Environmental Research Leipzig, UFZ, Leipzig), Roland Eils (German Cancer Research Center (DKFZ) & University of Heidelberg), Michael Backes (CISPA, Saarland University)

The decreasing costs of molecular profiling has fueled the biomedical research community with a plethora of new types of biomedical data, enabling a breakthrough towards a more precise and personalized medicine. However, the release of these intrinsically highly sensitive data poses a new severe privacy threat. While biomedical data is largely associated with our health, there also exist various correlations between different types of biomedical data, along the temporal dimension, and also in-between family members. However, so far, the security community has focused on privacy risks stemming from genomic data, largely overlooking the manifold interdependencies between other biomedical data. In this paper, we present a generic framework for quantifying the privacy risks in biomedical data taking into account the various interdependencies between data (i) of different types, (ii) from different individuals, and (iii) at different time. To this end, we rely on a Bayesian network model that allows us to take all aforementioned dependencies into account and run exact probabilistic inference attacks very efficiently. Furthermore, we introduce a generic algorithm for building the Bayesian network, which encompasses expert knowledge for known dependencies, such as genetic inheritance laws, and learns previously unknown dependencies from the data. Then, we conduct a thorough inference risk evaluation with a very rich dataset containing genomic and epigenomic data of mothers and children over multiple years. Besides effective probabilistic inference, we further demonstrate that our Bayesian network model can also serve as a building block for other attacks. We show that, with our framework, an adversary can efficiently identify the parent-child relationships based on methylation data with a success rate of 95%.

CRYSTALS - Kyber: a CCA-secure module-lattice-based KEM
Joppe Bos (NXP), Leo Ducas (CWI), Eike Kiltz (Ruhr-University Bochum), Tancrede Lepoint (SRI), Vadim Lybashevsky (IBM Research), John M. Schanck (University of Waterloo), Peter Schwabe (Radboud University), Damien Stehle (Universite de Lyon)

Rapid advances in quantum computing, together with the announcement by the National Institute of Standards and Technology (NIST) to define new standards for digital-signature, encryption, and key-establishment protocols, have created significant interest in post-quantum cryptographic schemes. This paper introduces Kyber (part of CRYSTALS – Cryptographic Suite for Algebraic Lattices – a package submitted to NIST post-quantum standardization effort in November 2017), a portfolio of post-quantum cryptographic primitives built around a key-encapsulation mechanism (KEM), based on hardness assumptions over module lattices. Our KEM is most naturally seen as a successor to the NEWHOPE KEM (Usenix 2016). In particular, the key and ciphertext sizes of our new construction are about half the size, the KEM offers CCA instead of only passive security, the security is based on a more general (and flexible) lattice problem, and our optimized implementation results in essentially the same running time as the aforementioned scheme. We first introduce a CPA-secure public-key encryption scheme, apply a variant of the Fujisaki–Okamoto transform to create a CCA-secure KEM, and eventually construct, in a black-box manner, CCA-secure encryption, key exchange, and authenticated-key-exchange schemes. The security of our primitives is based on the hardness of Module-LWE in the classical and quantum random oracle models, and our concrete parameters conservatively target more than 128 bits of post-quantum security.

Masters of Time: An Overview of the NTP Ecosystem
Teemu Rytilahti (Horst Görtz Institute for IT-Security, Ruhr University Bochum), Dennis Tatang (Horst Görtz Institute for IT-Security, Ruhr University Bochum), Janosch Köpper (Horst Görtz Institute for IT-Security, Ruhr University Bochum), Thorsten Holz (Horst Görtz Institute for IT-Security, Ruhr University Bochum)

The Network Time Protocol (NTP) is currently the most commonly used approach to keeping the clocks of computing devices accurate. It operates in the background of many systems; however, it is often important because if NTP fails in providing the correct time, multiple applications such as security protocols like TLS can fail. Despite its crucial practical role, only a limited number of measurement studies have focused on the NTP ecosystem. In this paper, we report the results of an in-depth longitudinal study of the services provided by the NTP Pool Project, which enables volunteers to offer their NTP services to other Internet users in a straightforward manner. We supplement these observations with an analysis of other readily available NTP servers, such as those offered by OS vendors or those that can be freely found on the Internet. The analysis indicates a reliance on a small set of servers that are (at least indirectly) responsible for providing the time for the Internet. Furthermore, this paper considers the impact of several incidents that the authors observed between December 2016 and April 2017. To complement this study, we also perform an analysis of multiple geographical regions from the operator’s perspective, spanning a period of 5 months. A coarse-grained categorization of client requests allows us to categorize 95 percent of our incoming traffic as NTP- and SNTP-like traffic (the latter being a simpler, but more error-prone, form of NTP); we observe that up to 75 percent of all requests originated from SNTP-like clients. With this in mind, we consider what kind of harm a rogue server administrator could cause to users.

Probabilistic Obfuscation through Covert Channels
Jon Stephens (The University of Arizona), Babak Yadegari (The University of Arizona), Christian Collberg (The University of Arizona), Saumya Debray (The University of Arizona), Carlos Scheidegger (The University of Arizona)

This paper presents a program obfuscation framework that uses covert channels through the program’s execution environment to obfuscate information flow through the program. Unlike prior works on obfuscation, the use of covert channels removes visible information flows from the computation of the program and reroutes them through the program’s runtime system and/or the operating system. This renders these information flows, and the corresponding control and data dependencies, invisible to program analysis tools such as symbolic execution engines. Additionally, we present the idea of probabilistic obfuscation which uses imperfect covert channels to leak information with some probabilistic guarantees. Experimental evaluation of our approach against state of the art detection and analysis techniques show the engines are not well-equipped to handle these obfuscations, particularly those of the probabilistic variety

Have your PI and Eat it Too: Practical Security on a Low-cost Ubiquitous Computing Platform
Amit Vasudevan (CyLab / CMU), Sagar Chaki (SEI / CMU), Amit Vasudevan (CyLab, Carnegie Mellon University)

Robust security on a commodity low-cost and popular computing platform is a worthy goal for today’s Internet of Things (IoT) and embedded ecosystems. We present the first practical security architecture on the Raspberry PI (PI), a ubiquitous and popular low-cost compute module. Our architecture and framework — called UBERPI — focuses on three goals which are keys to achieving practical security: commodity compatibility (e.g., runs unmodified Raspbian/Debian Linux) and unfettered access to platform hardware, performance (avg. 2%–6% overhead), and low trusted computing base and complexity (modular 5544 SLoC). We present a full implementation followed by a comprehensive evaluation and lessons learned. We believe that our contributions and findings elevate the PI into a next generation, secure, low-cost IoT embedded computing platform.

SoK: Security and Privacy in Machine Learning
Nicolas Papernot (Penn State), Patrick McDaniel (Penn State), Arunesh Sinha (University of Michigan), Michael P. Wellman (University of Michigan)

Advances in machine learning (ML) in recent years have enabled a dizzying array of applications such as data analytics, autonomous systems, and security diagnostics. ML is now pervasive—new systems and models are being deployed in every domain imaginable, leading to widespread deployment of software based inference and decision making. There is growing recognition that ML exposes new vulnerabilities in software systems, yet the technical community’s understanding of the nature and extent of these vulnerabilities remains limited. We systematize findings on ML security and privacy, focusing on attacks identified on these systems and defenses crafted to date. We articulate a comprehensive threat model for ML, and categorize attacks and defenses within an adversarial framework. Key insights resulting from works both in the ML and security communities are identified and the effectiveness of approaches are related to structural elements of ML algorithms and the data used to train them. In particular, it is apparent that constructing a theoretical understanding of the sensitivity of modern ML algorithms to the data they analyze, a la PAC theory, will foster a science of security and privacy in ML.

Just In Time Hashing
Benjamin Harsha (Purdue University), Jeremiah Blocki (Purdue University)

In the past few years billions of user passwords have been exposed to the threat of offline cracking attempts. Such brute-force cracking attempts are increasingly dangerous as password cracking hardware continues to improve and as users continue to select low entropy passwords. Key-stretching techniques such as hash iteration and memory hard functions can help to mitigate the risk, but increased key-stretching effort necessarily increases authentication delay so this defense is fundamentally constrained by usability concerns. We introduce Just in Time Hashing (JIT), a client side key-stretching algorithm to protect user passwords against offline brute-force cracking attempts without increasing delay for the user. The basic idea is to exploit idle time while the user is typing in their password to perform extra key-stretching. As soon as the user types in the first character(s) of their password our algorithm immediately begins filling memory with hash values derived from the character(s) that the user has typed thus far. We conduct a user study to guide the development of JIT e.g. by determining how much extra key-stretching could be performed during idle cycles or how many consecutive deletions JIT may need to handle. Our security analysis demonstrates that JIT can substantially increase guessing costs over traditional key-stretching algorithms with equivalent (or less) authentication delay. Specifically an empirical evaluation using existing password datasets demonstrates that JIT increases guessing costs by nearly an order of magnitude in comparison to standard key-stretching techniques with comparable delay. We provide a proof-of-concept implementation of a Just in Time Hashing algorithm by modifying Argon2.

Forgotten Siblings: Unifying Attacks on Machine Learning and Digital Watermarking
Erwin Quiring (TU Braunschweig), Daniel Arp (TU Braunschweig), Konrad Rieck (TU Braunschweig)

Machine learning is increasingly used in security-critical applications, such as autonomous driving, face recognition, and malware detection. Most learning methods, however, have not been designed with security in mind and thus are vulnerable to different types of attacks. This problem has motivated the research field of adversarial machine learning that is concerned with attacking and defending learning methods. Concurrently, a separate line of research has tackled a very similar problem: In digital watermarking, a pattern is embedded in a signal in the presence of an adversary. As a consequence, this research field has also extensively studied techniques for attacking and defending watermarking methods. The two research communities have worked in parallel so far, unnoticeably developing similar attack and defense strategies. This paper is a first effort to bring these communities together. To this end, we present a unified notation of black-box attacks against machine learning and watermarking. To demonstrate its efficacy, we apply concepts from watermarking to machine learning and vice versa. We show that countermeasures from watermarking can mitigate recent model-extraction attacks and, similarly, that techniques for hardening machine learning can fend off oracle attacks against watermarks. We further demonstrate a novel threat for watermarking schemes based on recent deep learning attacks from adversarial learning. Our work provides a conceptual link between two research fields and thereby opens novel directions for improving the security of both, machine learning and digital watermarking.

COVERN: A Logic for Compositional Verification of Information Flow Control
Toby Murray (University of Melbourne and Data61), Robert Sison (CSE, UNSW and Data61), Kai Engelhardt (CSE, UNSW and Data61)

Shared memory concurrency is pervasive in modern programming, including in systems that must protect highly sensitive data. Recently, verification has finally emerged as a practical tool for proving interesting security properties of real programs, particularly information flow control (IFC) security. Yet there remain no general logics for verifying IFC security of shared-memory concurrent programs. In this paper we present the first such logic, COVERN (Compositional Verification of Noninterference) and its proof of soundness via a new generic framework for general rely-guarantee IFC reasoning. We apply COVERN to model and verify the security-critical software functionality of the Cross Domain Desktop Compositor, an embedded device that facilitates simultaneous and intuitive user interaction with multiple classified networks while preventing leakage between them. To our knowledge this is the first foundational, machine-checked proof of IFC security for a non-trivial shared-memory concurrent program in the literature.

DeepRefiner: Multi-layer Android Malware Detection System Applying Deep Neural Networks
Ke Xu (Singapore Management University), Yingjiu Li (Singapore Management University), Robert H. Deng (Singapore Management University), Kai Chen (Chinese Academy of Sciences)

As malicious behaviors vary significantly across mobile malware, it is challenging to detect malware both efficiently and effectively. Also due to the continuous evolution of malicious behaviors, it is difficult to extract features by laborious human feature engineering and keep up with the speed of malware evolution. To solve these challenges, we propose DeepRefiner to identify malware both efficiently and effectively. The novel technique enabling effectiveness is the semantic-based deep learning. We use Long Short Term Memory on the semantic structure of Android bytecode, avoiding missing the details of method-level bytecode semantics. To achieve efficiency, we apply Multilayer Perceptron on the xml files based on the finding that most malware can be efficiently identified using information only from xml files. We evaluate the detection performance of DeepRefiner with 62,915 malicious applications and 47,525 benign applications, showing that DeepRefiner effectively detects malware with an accuracy of 97.74% and a false positive rate of 2.54%. We compare DeepRefiner with a state-of-the-art single classifier-based detection system, StormDroid, and ten widely used signature-based anti-virus scanners. The experimental results show that DeepRefiner significantly outperforms StormDroid and anti-virus scanners. In addition, we evaluate the robustness of DeepRefiner against typical obfuscation techniques and adversarial samples. The experimental results demonstrate that DeepRefiner is robust in detecting obfuscated malicious applications.

In search of CurveSwap: Measuring elliptic curve implementations in the wild
Luke Valenta (University of Pennsylvania), Nick Sullivan (Cloudflare), Antonio Sanso (Adobe), Nadia Heninger (University of Pennsylvania)

We survey elliptic curve implementations from several vantage points. We perform internet-wide scans for TLS on a large number of ports, as well as SSH and IPsec to measure elliptic curve support and implementation behaviors, and collect passive measurements of client curve support for TLS. We also perform active measurements to estimate server vulnerability to known attacks against elliptic curve implementations, including support for weak curves, invalid curve attacks, and curve twist attacks. We estimate that 1.53% of HTTPS hosts, 0.04% of SSH hosts, and 4.04% of IKEv2 hosts that support elliptic curves do not perform curve validity checks as specified in elliptic curve standards. We describe how such vulnerabilities could be used to construct an elliptic curve parameter downgrade attack called CurveSwap for TLS, and observe that there do not appear to be combinations of weak behaviors we examined enabling a feasible CurveSwap attack in the wild. We also analyze source code for elliptic curve implementations, and find that a number of libraries fail to perform point validation for JSON Web Encryption, and find a flaw in the Java and NSS multiplication algorithms.

Mining ABAC Rules from Sparse Logs
Carlos Cotrini (ETH Zürich), Thilo Weghorn (ETH Zürich), David Basin (ETH Zürich)

Different methods have been proposed to mine attribute-based access control (ABAC) rules from logs. In practice, these logs are sparse in that they contain only a fraction of all possible requests. However, for sparse logs, existing methods mine and validate overly permissive rules, enabling privilege abuse. We define a novel measure, reliability, that quantifies how overly permissive a rule is and we show why other standard measures like confidence and entropy fail in quantifying over-permissiveness. We build upon state-of-the-art subgroup discovery algorithms and our new reliability measure to design Rhapsody, the first ABAC mining algorithm with correctness guarantees: Rhapsody mines a rule if and only if the rule covers a significant number of requests, its reliability is above a given threshold, and there is no equivalent shorter rule. We evaluate Rhapsody on different real-world scenarios using logs from Amazon and a computer lab at ETH Zurich. Our results show that Rhapsody generalizes better and produces substantially smaller rules than competing approaches.

Keynotes

Accepted Papers