2017 IEEE European Symposium on Security and Privacy (EuroS&P)最新文献

{"title":"SoK: Fraud in Telephony Networks","authors":"Merve Sahin, Aurélien Francillon, Payas Gupta, M. Ahamad","doi":"10.1109/EuroSP.2017.40","DOIUrl":"https://doi.org/10.1109/EuroSP.2017.40","url":null,"abstract":"Telephone networks first appeared more than a hundred years ago, long beforetransistors were invented. They, therefore, form the oldest large scale networkthat has grown to touch over 7 billion people. Telephony is now merging manycomplex technologies and because numerous services enabled by these technologiescan be monetized, telephony attracts a lot of fraud. In 2015, a telecom fraudassociation study estimated that the loss of revenue due to global telecom fraudwas worth 38 billion US dollars per year. Because of the convergence oftelephony with the Internet, fraud in telephony networks can also have anegative impact on security of online services. However, there is littleacademic work on this topic, in part because of the complexity of such networksand their closed nature. This paper aims to systematically explorefraud in telephony networks. Our taxonomy differentiates the root causes, thevulnerabilities, the exploitation techniques, the fraud types and finally theway fraud benefits fraudsters. We present an overview of eachof these and use CAller NAMe (CNAM) revenue share fraud as aconcrete example to illustrate how our taxonomy helps in better understandingthis fraud and to mitigate it.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130922926","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Refining Authenticated Key Agreement with Strong Adversaries","authors":"Joseph Lallemand, D. Basin, C. Sprenger","doi":"10.1109/EuroSP.2017.22","DOIUrl":"https://doi.org/10.1109/EuroSP.2017.22","url":null,"abstract":"We develop a family of key agreement protocols that are correct by construction. Our work substantially extends prior work on developing security protocols by refinement. First, we strengthen the adversary by allowing him to compromise different resources of protocol participants, such as their long-term keys or their session keys. This enables the systematic development of protocols that ensure strong properties such as perfect-forward secrecy. Second, we broaden the class of protocols supported to include those with non-atomic keys and equationally defined cryptographic operators. We use these extensions to develop key agreement protocols including signed Diffie-Hellman and the core of IKEv1 and SKEME.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130771727","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach","authors":"Nadim Kobeissi, K. Bhargavan, B. Blanchet","doi":"10.1109/EuroSP.2017.38","DOIUrl":"https://doi.org/10.1109/EuroSP.2017.38","url":null,"abstract":"Many popular web applications incorporate end-to-end secure messaging protocols, which seek to ensure that messages sent between users are kept confidential and authenticated, even if the web application's servers are broken into or otherwise compelled into releasing all their data. Protocols that promise such strong security guarantees should be held up to rigorous analysis, since protocol flaws and implementations bugs can easily lead to real-world attacks. We propose a novel methodology that allows protocol designers, implementers, and security analysts to collaboratively verify a protocol using automated tools. The protocol is implemented in ProScript, a new domain-specific language that is designed for writing cryptographic protocol code that can both be executed within JavaScript programs and automatically translated to a readable model in the applied pi calculus. This model can then be analyzed symbolically using ProVerif to find attacks in a variety of threat models. The model can also be used as the basis of a computational proof using CryptoVerif, which reduces the security of the protocol to standard cryptographic assumptions. If ProVerif finds an attack, or if the CryptoVerif proof reveals a weakness, the protocol designer modifies the ProScript protocol code and regenerates the model to enable a new analysis. We demonstrate our methodology by implementing and analyzing a variant of the popular Signal Protocol with only minor differences. We use ProVerif and CryptoVerif to find new and previously-known weaknesses in the protocol and suggest practical countermeasures. Our ProScript protocol code is incorporated within the current release of Cryptocat, a desktop secure messenger application written in JavaScript. Our results indicate that, with disciplined programming and some verification expertise, the systematic analysis of complex cryptographic web applications is now becoming practical.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131907856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Novel Approach for Reasoning about Liveness in Cryptographic Protocols and Its Application to Fair Exchange","authors":"M. Backes, Jannik Dreier, S. Kremer, R. Künnemann","doi":"10.1109/EuroSP.2017.12","DOIUrl":"https://doi.org/10.1109/EuroSP.2017.12","url":null,"abstract":"In this paper, we provide the first methodology for reasoning about livenessproperties of cryptographic protocols in a machine-assisted manner withoutimposing any artificial, finite bounds on the protocols and execution models. To this end, we design an extension of the SAPiC process calculus so that itsupports key concepts for stating and reasoning about liveness properties, along with a corresponding translation into the formalism of multiset rewritingthat the state-of-the-art theorem prover Tamarin relies upon. We prove thatthis translation is sound and complete and can thereby automatically generatesound Tamarin specifications and automate the protocol analysis. Second, we applied our methodology to two widely investigated fair exchangeprotocols – ASW and GJM – and to the Secure Conversation Protocol standardfor industrial control systems, deployed by major players such as Siemens, SAPand ABB. For the fair exchange protocols, we not only re-discovered knownattacks, but also uncovered novel attacks that previous analyses based onfinite models and a restricted number of sessions did not detect. We suggestfixed versions of these protocols for which we prove both fairness andtimeliness, yielding the first automated proofs for fair exchange protocolsthat rely on a general model without restricting the number of sessions andmessage size. For the Secure Conversation Protocol, we prove several strongsecurity properties that are vital for the safety of industrial systems, inparticular that all messages (e.g., commands) are eventually delivered inorder.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130065493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"LUNA: Quantifying and Leveraging Uncertainty in Android Malware Analysis through Bayesian Machine Learning","authors":"M. Backes, M. Nauman","doi":"10.1109/EuroSP.2017.24","DOIUrl":"https://doi.org/10.1109/EuroSP.2017.24","url":null,"abstract":"Android's growing popularity seems to be hindered only by the amount of malware surfacing for this open platform. Machine learning algorithms have been successfully used for detecting the rapidly growing number of malware families appearing on a daily basis. Existing solutions along these lines, however, have a common limitation: they are all based on classical statistical inference and thus ignore the concept of uncertainty invariably involved in any prediction task. In this paper, we show that ignoring this uncertainty leads to incorrect classification of both benign and malicious apps. To reduce these errors, we utilize Bayesian machine learning – an alternative paradigm based on Bayesian statistical inference – which preserves the concept of uncertainty in all steps of calculation. We move from a black-box to a white-box approach to identify the effects different features (such as sensitive resource usage, declared activities, services and intent filters etc.) have on the classification status of an app. We show that incorporating uncertainty in the learning pipeline helps to reduce incorrect decisions, and significantly improves the accuracy of classification. We achieve a false positive rate of 0.2% compared to the previous best of 1%. We present sufficient details to allow the reader to reproduce our results through openly available probabilistic programming tools and to extend our techniques well beyond the boundaries of this paper.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121556370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CodeArmor: Virtualizing the Code Space to Counter Disclosure Attacks","authors":"Xi Chen, H. Bos, Cristiano Giuffrida","doi":"10.1109/EuroSP.2017.17","DOIUrl":"https://doi.org/10.1109/EuroSP.2017.17","url":null,"abstract":"Code diversification is an effective strategy to prevent modern code-reuse exploits. Unfortunately, diversification techniques are inherently vulnerable to information disclosure. Recent diversification-aware ROP exploits have demonstrated that code disclosure attacks are a realistic threat, with an attacker able to read or execute arbitrary code memory and gather enough gadgets to bypass state-of-the-art code diversification defenses. In this paper, we present CodeArmor, a binary-level system to harden code diversification against all the existing read-based and execution-based code disclosure attacks. To counter such attacks, CodeArmor virtualizes the code space to completely decouple code pointer values from the concrete location of their targets in the memory address space. Using a combination of run-time randomization and pervasively deployed honey gadgets, code space virtualization probabilistically ensures that only code references that can legitimately be issued by the program are effectively translated to the concrete code space. This strategy significantly reduces the attack surface, limiting the attacker to only code pointer gadgets that can be leaked from data memory. In addition, unlike existing leakage-resistant code diversification techniques that provide similar security guarantees, CodeArmor requires no access to source code, hypervisors, or special hardware support. Our experimental results show that CodeArmor significantly raises the bar against existing and future attacks, at the cost of relatively low average performance overhead (6.9% on SPEC and 14.5% on popular server programs, and even lower—roughly halving such average overheads—when operating aggressive inlining optimizations at the binary level).","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"88 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132083273","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Efficient and Flexible Discovery of PHP Application Vulnerabilities","authors":"M. Backes, Konrad Rieck, Malte Skoruppa, Ben Stock, Fabian Yamaguchi","doi":"10.1109/EuroSP.2017.14","DOIUrl":"https://doi.org/10.1109/EuroSP.2017.14","url":null,"abstract":"The Web today is a growing universe of pages and applications teeming with interactive content. The security of such applications is of the utmost importance, as exploits can have a devastating impact on personal and economic levels. The number one programming language in Web applications is PHP, powering more than 80% of the top ten million websites. Yet it was not designed with security in mind and, today, bears a patchwork of fixes and inconsistently designed functions with often unexpected and hardly predictable behavior that typically yield a large attack surface. Consequently, it is prone to different types of vulnerabilities, such as SQL Injection or Cross-Site Scripting. In this paper, we present an interprocedural analysis technique for PHP applications based on code property graphs that scales well to large amounts of code and is highly adaptable in its nature. We implement our prototype using the latest features of PHP 7, leverage an efficient graph database to store code property graphs for PHP, and subsequently identify different types of Web application vulnerabilities by means of programmable graph traversals. We show the efficacy and the scalability of our approach by reporting on an analysis of 1,854 popular open-source projects, comprising almost 80 million lines of code.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134411964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Replay Attacks on Zero Round-Trip Time: The Case of the TLS 1.3 Handshake Candidates","authors":"M. Fischlin, Felix Günther","doi":"10.1109/EuroSP.2017.18","DOIUrl":"https://doi.org/10.1109/EuroSP.2017.18","url":null,"abstract":"We investigate security of key exchange protocols supporting so-called zero round-trip time (0-RTT), enabling a client to establish a fresh provisional key without interaction, based only on cryptographic material obtained in previous connections. This key can then be already used to protect early application data, transmitted to the server before both parties interact further to switch to fully secure keys. Two recent prominent examples supporting such 0-RTT modes are Google's QUIC protocol and the latest drafts for the upcoming TLS version 1.3. We are especially interested in the question how replay attacks, enabled through the lack of contribution from the server, affect security in the 0-RTT case. Whereas the first proposal of QUIC uses state on the server side to thwart such attacks, the latest version of QUIC and TLS 1.3 rather accept them as inevitable. We analyze what this means for the key secrecy of both the preshared-key-based 0-RTT handshake in draft-14 of TLS 1.3 as well as the Diffie-Hellman-based 0-RTT handshake in TLS 1.3 draft-12. As part of this we extend previous security models to capture such cases, also shedding light on the limitations and options for 0-RTT security under replay attacks.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"90 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128585692","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks","authors":"Timothy Trippel, Ofir Weisse, Wenyuan Xu, P. Honeyman, Kevin Fu","doi":"10.1109/EuroSP.2017.42","DOIUrl":"https://doi.org/10.1109/EuroSP.2017.42","url":null,"abstract":"Cyber-physical systems depend on sensors to make automated decisions. Resonant acoustic injection attacks are already known to cause malfunctions by disabling MEMS-based gyroscopes. However, an open question remains on how to move beyond denial of service attacks to achieve full adversarial control of sensor outputs. Our work investigates how analog acoustic injection attacks can damage the digital integrity of a popular type of sensor: the capacitive MEMS accelerometer. Spoofing such sensors with intentional acoustic interference enables an out-of-spec pathway for attackers to deliver chosen digital values to microprocessors and embedded systems that blindly trust the unvalidated integrity of sensor outputs. Our contributions include (1) modeling the physics of malicious acoustic interference on MEMS accelerometers, (2) discovering the circuit-level security flaws that cause the vulnerabilities by measuring acoustic injection attacks on MEMS accelerometers as well as systems that employ on these sensors, and (3) two software-only defenses that mitigate many of the risks to the integrity of MEMS accelerometer outputs. We characterize two classes of acoustic injection attacks with increasing levels of adversarial control: output biasing and output control. We test these attacks against 20 models of capacitive MEMS accelerometers from 5 different manufacturers. Our experiments find that 75% are vulnerable to output biasing, and 65% are vulnerable to output control. To illustrate end-to-end implications, we show how to inject fake steps into a Fitbit with a $5 speaker. In our self-stimulating attack, we play a malicious music file from a smartphone's speaker to control the on-board MEMS accelerometer trusted by a local app to pilot a toy RC car. In addition to offering hardware design suggestions to eliminate the root causes of insecure amplification and filtering, we introduce two low-cost software defenses that mitigate output biasing attacks: randomized sampling and 180 degree out-of-phase sampling. These software-only approaches mitigate attacks by exploiting the periodic and predictable nature of the malicious acoustic interference signal. Our results call into question the wisdom of allowing microprocessors and embedded systems to blindly trust that hardware abstractions alone will ensure the integrity of sensor outputs.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116994564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Compiler-Agnostic Function Detection in Binaries","authors":"Dennis Andriesse, Asia Slowinska, H. Bos","doi":"10.1109/EuroSP.2017.11","DOIUrl":"https://doi.org/10.1109/EuroSP.2017.11","url":null,"abstract":"We propose Nucleus, a novel function detection algorithm for binaries. In contrast to prior work, Nucleus is compiler-agnostic, and does not require any learning phase or signature information. Instead of scanning for signatures, Nucleus detects functions at the Control Flow Graph-level, making it inherently suitable for difficult cases such as non-contiguous or multi-entry functions. We evaluate Nucleus on a diverse set of 476 C and C ++ binaries, compiled with gcc, clang and Visual Studio for x86 and x64, at optimization levels O0–O3. We achieve consistently good performance, with a mean F-score of 0.95.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123618158","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}