发布求助
文献互助 智能选刊 最新文献

Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks最新文献

筛选
英文 中文
Security on Harvested Power 收获电力的安全
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3226105
Abdullah Hylamia, M. Spanghero, Ambuj Varshney, T. Voigt, Panagiotis Papadimitratos
{"title":"Security on Harvested Power","authors":"Abdullah Hylamia, M. Spanghero, Ambuj Varshney, T. Voigt, Panagiotis Papadimitratos","doi":"10.1145/3212480.3226105","DOIUrl":"https://doi.org/10.1145/3212480.3226105","url":null,"abstract":"Security mechanisms for battery-free devices have to operate under severe energy constraints relying on harvested energy. This is challenging, as the energy harvested from the ambient environment is usually scarce, intermittent and unpredictable. One of the challenges for developing security mechanisms for such settings is the lack of hardware platforms that recreate energy harvesting conditions experienced on a battery-free sensor node. In this demonstration, we present an energy harvesting security (EHS) platform that enables the development of security algorithms for battery-free sensors. Our results demonstrate that our platform is able to harvest sufficient energy from indoor lighting to support several widely used cryptography algorithms.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126148657","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Towards Battery-free Radio Tomographic Imaging 迈向无电池无线电层析成像
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3226107
Abdullah Hylamia, Ambuj Varshney, Andreas Soleiman, Panos Papadimitratos, C. Rohner, T. Voigt
{"title":"Towards Battery-free Radio Tomographic Imaging","authors":"Abdullah Hylamia, Ambuj Varshney, Andreas Soleiman, Panos Papadimitratos, C. Rohner, T. Voigt","doi":"10.1145/3212480.3226107","DOIUrl":"https://doi.org/10.1145/3212480.3226107","url":null,"abstract":"Radio Tomographic Imaging (RTI) enables novel radio frequency (RF) sensing applications such as intrusion detection systems by observing variations in radio links caused by human actions. RTI applications are, however, severely limited by the requirement to retrofit existing infrastructure with energy-expensive sensors. In this demonstration, we present our ongoing efforts to develop the first battery-free RTI system that operates on minuscule amounts of energy harvested from the ambient environment. Our system eliminates the energy-expensive components employed on state-of-the-art RTI systems achieving two orders of magnitude lower power consumption. Battery-free operation enables a sustainable deployment, as RTI sensors could be deployed for long periods of time with little maintenance effort. Our demonstration showcases an intrusion detection scenario enabled by our system.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"63 4/5","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131956715","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
One-Sided Countermeasures for Side-Channel Attacks Can Backfire 针对侧信道攻击的单边对策可能适得其反
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3226104
Yang Yu, F. Marranghello, Victor Diges Teijeira, E. Dubrova
{"title":"One-Sided Countermeasures for Side-Channel Attacks Can Backfire","authors":"Yang Yu, F. Marranghello, Victor Diges Teijeira, E. Dubrova","doi":"10.1145/3212480.3226104","DOIUrl":"https://doi.org/10.1145/3212480.3226104","url":null,"abstract":"Side-channel attacks are currently one of the most powerful attacks against implementations of cryptographic algorithms. They exploit the correlation between the physical measurements (power consumption, electromagnetic emissions, timing) taken at different points during the computation and the secret key. Some of the existing countermeasures offer a protection against one specific type of side channel only. We show that it can be a bad practice which can make exploitation of other side-channels easier. First, we perform a power analysis attack on an FPGA implementation of the Advanced Encryption Standard (AES) which is not protected against side-channel attacks and estimate the number of power traces required to extract its secret key. Then, we repeat the attack on AES implementations which are protected against fault injections by hardware redundancy and show that they can be broken with three times less power traces than the unprotected AES. We also demonstrate that the problem cannot be solved by complementing the duplicated module, as previously proposed. Our results show that there is a need for increasing knowledge about side-channel attacks and designing stronger countermeasures.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131508850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Expedited Beacon Verification for VANET 快速信标验证VANET
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3226108
Hongyu Jin, Panos Papadimitratos
{"title":"Expedited Beacon Verification for VANET","authors":"Hongyu Jin, Panos Papadimitratos","doi":"10.1145/3212480.3226108","DOIUrl":"https://doi.org/10.1145/3212480.3226108","url":null,"abstract":"Safety beaconing is a basic, yet essential component in secure Vehicular Communication systems. Safety beacons, broadcasted periodically, provide real-time vehicle status to surrounding vehicles, which can be used to provide spatial and mobility awareness. However, secure and privacy-preserving beacons incur high computation overhead, especially when the vehicle density is high or in the presence of adversarial nodes. Here, we show through experimental evaluation how to significantly decrease beacon verification delay.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124871137","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
My Magnetometer Is Telling You Where I've Been?: A Mobile Device Permissionless Location Attack 我的磁力计告诉你我去过哪里?:移动设备Permissionless Location攻击
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3212502
Kenneth Block, G. Noubir
{"title":"My Magnetometer Is Telling You Where I've Been?: A Mobile Device Permissionless Location Attack","authors":"Kenneth Block, G. Noubir","doi":"10.1145/3212480.3212502","DOIUrl":"https://doi.org/10.1145/3212480.3212502","url":null,"abstract":"Although privacy compromises remain an issue among users and advocacy groups, identification of user location has emerged as another point of concern. Techniques using GPS, Wi-Fi, NFC, Bluetooth tracking and cell tower triangulation are well known. These can typically identify location accurately with meter resolution. Another technique, inferring routes via sensor exploitation, may place a user within a few hundred meters of a general location. Acoustic beacons such as those placed in malls may have more finely grained resolution yet are limited by the sensitivity of the device's microphone to ultrasonic signals and directionality. In this paper we are able to discern user location within commercial GPS resolution by leveraging the ability of mobile device magnetometers to detect externally generated signals in a permissionless attack. We are able to achieve an aggregate location identification success rate of 86% with a bit error rate of 1.5% which is only ten times the stationary error rate. We accomplish this with a signal that is a fraction of the Earth's magnetic field strength. We designed, prototyped, and experimentally evaluated a system where a location ID is transmitted via low power magnetic coil(s) and received by permissionless apps. The system can be located at ingresses and kiosks situated in malls, stores, transportation hubs and other public locations including crosswalks using a location ID that is mapped to the GPS coordinates of the facility hosting the system. We demonstrate that using Android phone magnetometers, we can correctly detect and identify the when and the where of a device when the victim walks at a comfortable pace while their device has all the aforementioned services disabled. In order to address the substantial signal fading effects due to mobility in a very-low power magnetic near field, we developed signal processing and coding techniques and evaluated the prototype on six android devices in an IRB-approved study with six participants.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"2011 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114706114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Opinion 的意见
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3212486
Philipp Morgner, Felix C. Freiling, Zinaida Benenson
{"title":"Opinion","authors":"Philipp Morgner, Felix C. Freiling, Zinaida Benenson","doi":"10.1145/3212480.3212486","DOIUrl":"https://doi.org/10.1145/3212480.3212486","url":null,"abstract":"The installed base of Internet of Things (IoT) consumer products is steadily increasing, in conjunction with the number of disclosed security vulnerabilities in these devices. In this paper, we share the opinion that strong security measures are necessary but IoT security cannot solely be improved by means of sophisticated technical solutions. From our point of view, economic incentives for the manufacturers have to be established through enabling consumers to reward security. This is currently not the case, as an asymmetric information barrier prevents consumers from assessing the level of security that is provided by IoT products. As a result, consumers are not willing to pay for a comprehensive security design as they cannot distinguish it from insufficient security measures. Learning from regulatory approaches that overcame information asymmetries about other non-functional properties in consumer products, e.g., energy labels to compare the power consumption, we propose security lifetime labels, a mechanism that transforms security into an accessible feature and enables consumers to make informed buying decisions. Focusing on the delivering of security updates as an important aspect of enforcing IoT security, we aim to transform the asymmetric information about the manufacturers' willingness to provide security updates into a label that can be assessed by the consumers.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"1098 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122912312","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Hardened Registration Process for Participatory Sensing 参与式感知的强化注册过程
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3226109
Jatesada Borsub, Panos Papadimitratos
{"title":"Hardened Registration Process for Participatory Sensing","authors":"Jatesada Borsub, Panos Papadimitratos","doi":"10.1145/3212480.3226109","DOIUrl":"https://doi.org/10.1145/3212480.3226109","url":null,"abstract":"Participatory sensing systems need to gather information from a large number of participants. However, the openness of the system is a double-edged sword: by allowing practically any user to join, the system can be abused by an attacker who introduces a large number of virtual devices. This poster proposes a hardened registration process for Participatory Sensing to raise the bar: registrations are screened through a number of defensive measures, towards rejecting spurious registrations that do not correspond to actual devices. This deprives an adversary from a relatively easy take-over and, at the same time, allows a flexible and open registration process. The defensive measures are incorporated in the participatory sensing application.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129385284","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Android STAR: An Efficient Interaction-Preserving Record-Replay System For Messenger App Usage Surveillance Android STAR:一个有效的交互保存记录重放系统,用于Messenger应用程序使用监视
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3212503
Lun-Pin Yuan, Peng Liu, Sencun Zhu
{"title":"Android STAR: An Efficient Interaction-Preserving Record-Replay System For Messenger App Usage Surveillance","authors":"Lun-Pin Yuan, Peng Liu, Sencun Zhu","doi":"10.1145/3212480.3212503","DOIUrl":"https://doi.org/10.1145/3212480.3212503","url":null,"abstract":"Messenger apps on smart phones are widely used for easy communication in a collaborative workplace. However, the use of messengers increases risks to both the organization and the collaborators. For example, an employee may receive proprietary information from one app and then accidentally leak it with another app, but neither the employer nor the employee can effectively prove or disprove what has happened inside messengers. To prove mental elements in a lawsuit, the capability of inspecting the use of messengers in a workplace is desirable to both parties: one can prove misconduct and the other can prove innocence. Yet, guilty intention is subtle if not literally described, and how to prove whether there was a guilty intention has not yet been resolved. To provide new kind of evidence, we propose Android STAR, an inspection-purposed record-and-replay service that replays conversation histories and user interactions with apps. We assume that the employer has obtained consents of employees, and the employees have installed Android STAR in their company devices. The challenge to app-usage inspection includes app variety and evidence veracity. We evaluate STAR with 10 popular messenger apps (including Telegram, LINE, and WeChat). Our results show that while STAR can replay in high-fidelity, it only introduces small performance overhead.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127938564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Automated Binary Analysis on iOS: A Case Study on Cryptographic Misuse in iOS Applications iOS上的自动二进制分析:iOS应用中密码滥用的案例研究
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3212487
Johannes Feichtner, David Missmann, Raphael Spreitzer
{"title":"Automated Binary Analysis on iOS: A Case Study on Cryptographic Misuse in iOS Applications","authors":"Johannes Feichtner, David Missmann, Raphael Spreitzer","doi":"10.1145/3212480.3212487","DOIUrl":"https://doi.org/10.1145/3212480.3212487","url":null,"abstract":"A wide range of mobile applications for Apple's iOS platform process sensitive data and, therefore, rely on protective mechanisms natively provided by the operating system. A wrong application of cryptography or security-critical APIs, however, exposes secrets to unrelated parties and undermines the overall security. We introduce an approach for uncovering cryptographic misuse in iOS applications. We present a way to decompile 64-bit ARM binaries to their LLVM intermediate representation (IR). Based on the reverse-engineered code, static program slicing is applied to determine the data flow in relevant code segments. For this analysis to be most accurate, we propose an adapted version of Andersen's pointer analysis, capable of handling decompiled LLVM IR code with type information recovered from the binary. To finally highlight the improper usage of cryptographic APIs, a set of predefined security rules is checked against the extracted execution paths. As a result, we are not only able to confirm the existence of problematic statements in iOS applications but can also pinpoint their origin. To evaluate the applicability of our solution and to disclose possible weaknesses, we conducted a manual and automated inspection on a set of iOS applications that include cryptographic functionality. We found that 343 out of 417 applications (82%) are subject to at least one security misconception. Among the most common flaws are the usage of non-random initialization vectors and constant encryption keys as input to cryptographic primitives.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130252046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Privacy Preservation through Uniformity 统一保护隐私
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3226101
M. Khodaei, Hamid Noroozi, Panos Papadimitratos
{"title":"Privacy Preservation through Uniformity","authors":"M. Khodaei, Hamid Noroozi, Panos Papadimitratos","doi":"10.1145/3212480.3226101","DOIUrl":"https://doi.org/10.1145/3212480.3226101","url":null,"abstract":"Inter-vehicle communications disclose rich information about vehicle whereabouts. Pseudonymous authentication secures communication while enhancing user privacy thanks to a set of anonymized certificates, termed pseudonyms. Vehicles switch the pseudonyms (and the corresponding private key) frequently; we term this pseudonym transition process. However, exactly because vehicles can in principle change their pseudonyms asynchronously, an adversary that eavesdrops (pseudonymously) signed messages, could link pseudonyms based on the times of pseudonym transition processes. In this poster, we show how one can link pseudonyms of a given vehicle by simply looking at the timing information of pseudonym transition processes. We also propose \"mix-zone everywhere\": time-aligned pseudonyms are issued for all vehicles to facilitate synchronous pseudonym update; as a result, all vehicles update their pseudonyms simultaneously, thus achieving higher user privacy protection.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"13 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132088287","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信