发布求助
文献互助 智能选刊 最新文献

Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks最新文献

筛选
英文 中文
A practical investigation of identity theft vulnerabilities in Eduroam Eduroam中身份盗窃漏洞的实际调查
Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2015-06-22 DOI: 10.1145/2766498.2766512
Sebastian Brenza, Andre Pawlowski, C. Pöpper
{"title":"A practical investigation of identity theft vulnerabilities in Eduroam","authors":"Sebastian Brenza, Andre Pawlowski, C. Pöpper","doi":"10.1145/2766498.2766512","DOIUrl":"https://doi.org/10.1145/2766498.2766512","url":null,"abstract":"Eduroam offers secure access to the Internet at participating institutions, using authentication via IEEE 802.1X and secure forwarding of authentication data to the authentication server of the user's institution. Due to erroneous configuration manuals and a lack of knowledge on the user side, though, a big share of client devices lack the required root CA certificate to authenticate the Eduroam network, yet still being able to access the network. Moreover, deficient software implementations on client devices prevent users from the secure execution of the authentication process. In this paper, we present an attack that exploits this fact and uses the default behavior of wireless devices in order to capture authentication data. This MITM attack is performed in real-time. It is achieved using a modified version of hostapd, which exploits a compatibility setting of the widely used supplicant software wpa_supplicant. It enables an attacker to authenticate users in EAP-TTLS/PAP and in EAP-TTLS/MS-CHAPv2 without the necessity of cracking the user password hash on the fly and thus without inducing suspicious delays. In a practical study with several hundred users we could show that more than half of the tested devices were vulnerable to the attack. Based on the results of the study, we propose countermeasures to prevent the attack and minimize the amount of vulnerable devices.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124496812","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
Applying the protection goals for privacy engineering to mobile devices 将隐私工程的保护目标应用于移动设备
Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2015-06-22 DOI: 10.1145/2766498.2774986
Meiko Jensen
{"title":"Applying the protection goals for privacy engineering to mobile devices","authors":"Meiko Jensen","doi":"10.1145/2766498.2774986","DOIUrl":"https://doi.org/10.1145/2766498.2774986","url":null,"abstract":"In this paper, we propose to use a set of common core principles (the protection goals for privacy engineering) for measuring and comparing privacy features of mobile device systems. When utilized as a baseline for mobile phone software development, these protection goals can help with acting in legal compliance independent from the exact juridical location of the user.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129548061","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
SVM-based malware detection for Android applications 基于svm的Android应用恶意软件检测
Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2015-06-22 DOI: 10.1145/2766498.2774991
Guqian Dai, Jigang Ge, Minghang Cai, Daoqian Xu, Wenjia Li
{"title":"SVM-based malware detection for Android applications","authors":"Guqian Dai, Jigang Ge, Minghang Cai, Daoqian Xu, Wenjia Li","doi":"10.1145/2766498.2774991","DOIUrl":"https://doi.org/10.1145/2766498.2774991","url":null,"abstract":"In this paper, we study a SVM-based malware detection scheme for Android application, which integrates both risky permission combinations and vulnerable API calls and use them as features in the SVM algorithm. Preliminary experiments have validated the proposed malware detection scheme.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133445060","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Device analyzer: a privacy-aware platform to support research on the Android ecosystem 设备分析器:一个隐私感知平台,支持对Android生态系统的研究
Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2015-06-22 DOI: 10.1145/2766498.2774992
Daniel T. Wagner, Daniel R. Thomas, A. Beresford, A. Rice
{"title":"Device analyzer: a privacy-aware platform to support research on the Android ecosystem","authors":"Daniel T. Wagner, Daniel R. Thomas, A. Beresford, A. Rice","doi":"10.1145/2766498.2774992","DOIUrl":"https://doi.org/10.1145/2766498.2774992","url":null,"abstract":"Device Analyzer is an Android app available from the Google Play store. It is designed to collect a large range of data from the handset and, with agreement from our contributors, share it with researchers around the world. Researchers can access the data collected, and can also use the platform to support their own user studies. In this paper we provide an overview of the privacy-enhancing techniques used in Device Analzyer, including transparency, consent, purpose, access, withdrawal, and accountability. We also demonstrate the utility of our platform by assessing the security of the Android ecosystem to privilege escalation attacks and determine that 88% of Android devices are, on average, vulnerable to one or more of these type of attacks.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"605 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123321603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
NFCGate: an NFC relay application for Android NFCGate:一个Android的NFC中继应用程序
Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2015-06-22 DOI: 10.1145/2766498.2774984
Max Maass, U. Müller, Tom Schons, D. Wegemer, Matthias Schulz
{"title":"NFCGate: an NFC relay application for Android","authors":"Max Maass, U. Müller, Tom Schons, D. Wegemer, Matthias Schulz","doi":"10.1145/2766498.2774984","DOIUrl":"https://doi.org/10.1145/2766498.2774984","url":null,"abstract":"Near Field Communication (NFC) is a technology widely used for security-critical applications like access control or payment systems. Many of these systems rely on the security assumption that the card has to be in close proximity to communicate with the reader. We developed NFCGate, an Android application capable of relaying NFC communication between card and reader using two rooted but otherwise unmodified Android phones. This enables us to increase the distance between card and reader, eavesdrop on, and even modify the exchanged data. The application should work for any system built on top of ISO 14443-3 that is not hardened against relay attacks, and was successfully tested with a popular contactless card payment system and an electronic passport document.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"44 9","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120926406","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Lockpicking physical layer key exchange: weak adversary models invite the thief 开锁物理层密钥交换:弱对手模型邀请小偷
Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2015-06-22 DOI: 10.1145/2766498.2766514
Daniel Steinmetzer, Matthias Schulz, M. Hollick
{"title":"Lockpicking physical layer key exchange: weak adversary models invite the thief","authors":"Daniel Steinmetzer, Matthias Schulz, M. Hollick","doi":"10.1145/2766498.2766514","DOIUrl":"https://doi.org/10.1145/2766498.2766514","url":null,"abstract":"Physical layer security schemes for wireless communications are currently crossing the chasm from theory to practice. They promise information-theoretical security, for instance by guaranteeing the confidentiality of wireless transmissions. Examples include schemes utilizing artificial interference---that is 'jamming for good'---to enable secure physical layer key exchange or other security mechanisms. However, only little attention has been payed to adjusting the employed adversary models during this transition from theory to practice. Typical assumptions give the adversary antenna configurations and transceiver capabilities similar to all other nodes: single antenna eavesdroppers are the norm. We argue that these assumptions are perilous and 'invite the thief'. In this work, we evaluate the security of a representative practical physical layer security scheme, which employs artificial interference to secure physical layer key exchange. Departing from the standard single-antenna eavesdropper, we utilize a more realistic multi-antenna eavesdropper and propose a novel approach that detects artificial interferences. This facilitates a practical attack, effectively 'lockpicking' the key exchange by exploiting the diversity of the jammed signals. Using simulation and real-world software-defined radio (SDR) experimentation, we quantify the impact of increasingly strong adversaries. We show that our approach reduces the secrecy capacity of the scheme by up to 97% compared to single-antenna eavesdroppers. Our results demonstrate the risk unrealistic adversary models pose in current practical physical layer security schemes.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"162 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121028496","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
A measurement study of tracking in paid mobile applications 付费移动应用跟踪的测量研究
Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2015-06-22 DOI: 10.1145/2766498.2766523
Suranga Seneviratne, Harini Kolamunna, A. Seneviratne
{"title":"A measurement study of tracking in paid mobile applications","authors":"Suranga Seneviratne, Harini Kolamunna, A. Seneviratne","doi":"10.1145/2766498.2766523","DOIUrl":"https://doi.org/10.1145/2766498.2766523","url":null,"abstract":"Smartphone usage is tightly coupled with the use of apps that can be either free or paid. Numerous studies have investigated the tracking libraries associated with free apps. Only a limited number of these have focused on paid apps. As expected, these investigations indicate that tracking is happening to a lesser extent in paid apps, yet there is no conclusive evidence. This paper provides the first large-scale study of paid apps. We analyse top paid apps obtained from four different countries: Australia, Brazil, Germany, and US, and quantify the level of tracking taking place in paid apps in comparison to free apps. Our analysis shows that 60% of the paid apps are connected to trackers that collect personal information compared to 85%--95% in free apps. We further show that approximately 20% of the paid apps are connected to more than three trackers. With tracking being pervasive in both free and paid apps, we then quantify the aggregated privacy leakages associated with individual users. Using the data of user installed apps of over 300 smartphone users, we show that 50% of the users are exposed to more than 25 trackers which can result in significant leakages of privacy.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123803972","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 65
CAPS: context-aware privacy scheme for VANET safety applications CAPS:用于VANET安全应用程序的上下文感知隐私方案
Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2015-06-22 DOI: 10.1145/2766498.2766500
Karim Emara, W. Wörndl, J. Schlichter
{"title":"CAPS: context-aware privacy scheme for VANET safety applications","authors":"Karim Emara, W. Wörndl, J. Schlichter","doi":"10.1145/2766498.2766500","DOIUrl":"https://doi.org/10.1145/2766498.2766500","url":null,"abstract":"Preserving location privacy in vehicular ad hoc networks (VANET) is an important requirement for public acceptance of this emerging technology. Many privacy schemes concern changing pseudonyms periodically to avoid linking messages. However, the spatiotemporal information contained in beacons makes vehicles traceable and the driver's privacy breached. Therefore, the pseudonym change should be performed in a mix-context to discontinue the spatial and temporal correlation of subsequent beacons. Such mix-context is commonly accomplished by using a silence period or in predetermined locations (e.g., mix-zone). In this paper, we propose a location privacy scheme that lets vehicles decide when to change its pseudonym and enter a silence period and when to exit from it adaptively based on its context. In this scheme, a vehicle monitors the surrounding vehicles and enters silence when it finds one or more neighbors silent. It resumes beaconing with a new pseudonym when its actual state is likely to be mixed with the state of a silent neighbor. We evaluate this scheme against a global multi-target tracking adversary using simulated and realistic vehicle traces and compare it with the random silent period scheme. Furthermore, we evaluate the quality of service of a forward collision warning safety application to ensure its applicability in safety applications. We measure the quality of service by estimating the probability of correctly identifying the fundamental factors of that application using Monte Carlo analysis.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"256 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114295120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 53
SpotShare and nearbyPeople: applications of the Social PaL framework SpotShare和nearbyPeople: Social PaL框架的应用
Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2015-06-22 DOI: 10.1145/2766498.2774985
M. Nagy, Thanh Bui, S. Udar, N. Asokan, J. Ott
{"title":"SpotShare and nearbyPeople: applications of the Social PaL framework","authors":"M. Nagy, Thanh Bui, S. Udar, N. Asokan, J. Ott","doi":"10.1145/2766498.2774985","DOIUrl":"https://doi.org/10.1145/2766498.2774985","url":null,"abstract":"Imagine if there is a privacy-preserving mechanism for two mobile devices to determine if their owners have common friends. It can be useful for access control in applications like ride-sharing, sharing Internet access or even just a simple \"people radar\" app for showing nearby friends and friends-of-friends. Current mechanisms for doing this come at the cost of revealing these interactions and the users' locations to central servers. In a paper that appears in the WiSec 2015 proceedings, we describe Social Pal [2], a framework that allows privacy-preserving discovery of the distance between two users in a social network. Social Pal was implemented as a general purpose software framework that can be easily used by application developers who wish to incorporate such functionality into their applications.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122265013","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Security and system architecture: comparison of Android customizations 安全性和系统架构:Android自定义的比较
Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2015-06-22 DOI: 10.1145/2766498.2766519
R. Gallo, Patricia Hongo, R. Dahab, L. C. Navarro, Henrique Kawakami, Kaio Galvão, Glauco Barroso Junquera, L. Ribeiro
{"title":"Security and system architecture: comparison of Android customizations","authors":"R. Gallo, Patricia Hongo, R. Dahab, L. C. Navarro, Henrique Kawakami, Kaio Galvão, Glauco Barroso Junquera, L. Ribeiro","doi":"10.1145/2766498.2766519","DOIUrl":"https://doi.org/10.1145/2766498.2766519","url":null,"abstract":"Smartphone manufacturers frequently customize Android distributions so as to create competitive advantages by adding, removing and modifying packages and configurations. In this paper we show that such modifications have deep architectural implications for security. We analysed five different distributions: Google Nexus 4, Google Nexus 5, Sony Z1, Samsung Galaxy S4 and Samsung Galaxy S5, all running OS versions 4.4.X (except for Samsung S4 running version 4.3). Our conclusions indicate that serious security issues such as expanded attack surface and poorer permission control grow sharply with the level of customization.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124563365","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信