发布求助
文献互助 智能选刊 最新文献

Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks最新文献

筛选
英文 中文
An Offline Dictionary Attack against zkPAKE Protocol 针对zkPAKE协议的离线字典攻击
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3226110
José Becerra, Petra Sala, Marjan Skrobot
{"title":"An Offline Dictionary Attack against zkPAKE Protocol","authors":"José Becerra, Petra Sala, Marjan Skrobot","doi":"10.1145/3212480.3226110","DOIUrl":"https://doi.org/10.1145/3212480.3226110","url":null,"abstract":"Password Authenticated Key Exchange (PAKE) allows a user to establish a secure cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security requirements of PAKE is to prevent offline dictionary attacks. In this paper, we revisit zkPAKE, an augmented PAKE that has been recently proposed by Mochetti, Resende, and Aranha (SBSeg 2015). Our work shows that the zkPAKE protocol is prone to offline password guessing attack, even in the presence of an adversary that has only eavesdropping capabilities. Therefore, zkPAKE is insecure and should not be used as a password-authenticated key exchange mechanism.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133165171","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
I Send, Therefore I Leak: Information Leakage in Low-Power Wide Area Networks 我发,所以我漏:低功耗广域网中的信息泄漏
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3212508
Patrick Leu, Ivan Puddu, Aanjhan Ranganathan, Srdjan Capkun
{"title":"I Send, Therefore I Leak: Information Leakage in Low-Power Wide Area Networks","authors":"Patrick Leu, Ivan Puddu, Aanjhan Ranganathan, Srdjan Capkun","doi":"10.1145/3212480.3212508","DOIUrl":"https://doi.org/10.1145/3212480.3212508","url":null,"abstract":"Low-power wide area networks (LPWANs), such as LoRa, are fast emerging as the preferred networking technology for large-scale Internet of Things deployments (e.g., smart cities). Due to long communication range and ultra low power consumption, LPWAN-enabled sensors are today being deployed in a variety of application scenarios where sensitive information is wirelessly transmitted. In this work, we study the privacy guarantees of LPWANs, in particular LoRa. We show that, although the event-based duty cycling of radio communication, i.e., transmission of radio signals only when an event occurs, saves power, it inherently leaks information. This information leakage is independent of the implemented crypto primitives. We identify two types of information leakage and show that it is hard to completely prevent leakage without incurring significant additional communication and computation costs.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133474107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Beam-Stealing: Intercepting the Sector Sweep to Launch Man-in-the-Middle Attacks on Wireless IEEE 802.11ad Networks 波束窃取:拦截扇区扫描对无线IEEE 802.11ad网络发起中间人攻击
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3212499
Daniel Steinmetzer, Yimin Yuan, M. Hollick
{"title":"Beam-Stealing: Intercepting the Sector Sweep to Launch Man-in-the-Middle Attacks on Wireless IEEE 802.11ad Networks","authors":"Daniel Steinmetzer, Yimin Yuan, M. Hollick","doi":"10.1145/3212480.3212499","DOIUrl":"https://doi.org/10.1145/3212480.3212499","url":null,"abstract":"Millimeter-wave (mm-wave) communication systems provide high data-rates and enable emerging application scenarios, such as 'information showers' for location-based services. Devices are equipped with antenna arrays using dozens of elements to achieve high directionality and thus creating a signal beam that focuses only on a specific area-of-interest. This new communication paradigm of steerable links requires a rethinking of wireless networks and calls for efficient protocols to train the beam alignment among network nodes. The IEEE 802.1 lad standard defines the so-called sector sweep that sweeps through a predefined set of antenna-sectors to find the optimal antenna steerings. Such low-layer protocols lack proper security mechanisms and open unprecedented attack possibilities. Distant attackers might tamper with the beam-training and literally 'steal' the beam from other devices. In this work, we investigate the threat of such beam-stealing attacks that intercept the sector sweep. By injecting forged feedback, we force victims to steer their signals towards the attacker's location. We implement a proof-of-concept on commercial off-the-shelf devices and evaluate the impacts on eavesdropping and acting as a Man-in-the-Middle (MITM). Our practical experiments in typical indoor scenarios reveal that beam-stealing increases the eavesdropping performance by 38% and allow a MITM to relay packets with an average error of only 1%. With these results, we emphasize the threat of beam-training attacks on mm-wave networks and aim to raise the awareness of attack vectors that are emerging with new low-layer amendments in next-generation wireless networks.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124482840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Threat Detection for Collaborative Adaptive Cruise Control in Connected Cars 互联汽车协同自适应巡航控制的威胁检测
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3212492
Matthew Jagielski, N. Jones, Chung-Wei Lin, C. Nita-Rotaru, Shin'ichi Shiraishi
{"title":"Threat Detection for Collaborative Adaptive Cruise Control in Connected Cars","authors":"Matthew Jagielski, N. Jones, Chung-Wei Lin, C. Nita-Rotaru, Shin'ichi Shiraishi","doi":"10.1145/3212480.3212492","DOIUrl":"https://doi.org/10.1145/3212480.3212492","url":null,"abstract":"We study collaborative adaptive cruise control as a representative application for safety services provided by autonomous cars. We provide a detailed analysis of attacks that can be conducted by a motivated attacker targeting the collaborative adaptive cruise control algorithm, by influencing the acceleration reported by another car, or the local LIDAR and RADAR sensors. The attacks have a strong impact on passenger comfort, efficiency and safety, with two of such attacks being able to cause crashes. We also present two detection methods rooted in physical-based constraints and machine learning algorithms. We show the effectiveness of these solutions through simulations and discuss their limitations.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123178242","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 36
Operating Channel Validation: Preventing Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks 操作通道验证:防止针对受保护Wi-Fi网络的多通道中间人攻击
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3212493
M. Vanhoef, Nehru Bhandaru, T. Derham, I. Ouzieli, F. Piessens
{"title":"Operating Channel Validation: Preventing Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks","authors":"M. Vanhoef, Nehru Bhandaru, T. Derham, I. Ouzieli, F. Piessens","doi":"10.1145/3212480.3212493","DOIUrl":"https://doi.org/10.1145/3212480.3212493","url":null,"abstract":"We present a backwards compatible extension to the 802.11 standard to prevent multi-channel man-in-the-middle attacks. This extension authenticates parameters that define the currently in-use channel. Recent attacks against WPA2, such as most key reinstallation attacks, require a man-in-the-middle (MitM) position between the client and Access Point (AP). In particular, they all employ a multi-channel technique to obtain the MitM position. In this technique, the adversary acts as a legitimate AP by copying all frames sent by a real AP to a different channel. At the same time, the adversary acts as a legitimate client by copying all frames sent by the client to the channel of the real AP. When copying frames between both channels, the adversary can reliably manipulate (encrypted) traffic. We propose an extension to the 802.11 standard to prevent such multi-channel MitM attacks, making exploitation of future weaknesses in protected Wi-Fi networks harder, to practically infeasible. Additionally, we propose a method to securely verify dynamic channel switches that may occur while already connected to a network. Finally, we implemented a prototype of our extension on Linux for both the client and AP to confirm practical feasibility.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123206149","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
An Algebraic Quality-Time-Advantage-Based Key Establishment Protocol 一种基于代数质量-时间优势的密钥建立协议
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3212507
G. Amariucai, Sanchita Barman, Y. Guan
{"title":"An Algebraic Quality-Time-Advantage-Based Key Establishment Protocol","authors":"G. Amariucai, Sanchita Barman, Y. Guan","doi":"10.1145/3212480.3212507","DOIUrl":"https://doi.org/10.1145/3212480.3212507","url":null,"abstract":"The essence of information assurance resides in the ability to establish secret keys between the legitimate communicating parties. Common approaches to key establishment include public-key infrastructure, key-distribution centers, physical-layer security or key extraction from common randomness. Of these, the latter two are based on specific natural advantages that the legitimate parties hold over their adversaries -- most often, such advantages rely on superior or privileged communication channels. This paper tackles a key-establishment protocol that relies on a completely different type of advantage: time. The protocol builds on the idea that when two devices are able to spend a pre-determined, mostly uninterrupted, interval of time in the company of each other, and when such a feat is outside the capability of any realistic attacker, then the legitimate parties should be able to establish a secret key without any prior common information. The paper presents a basic efficient time-based key establishment protocol, and demonstrates how it can be extended to follow customized information transfer functions and deal with predictable fluctuations of wireless interference.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131981752","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Increasing Mix-Zone Efficacy for Pseudonym Change in VANETs using Chaff Messages 利用箔条消息提高vanet中假名更改的混合区效率
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3226103
Christian Vaas, Panos Papadimitratos, I. Martinovic
{"title":"Increasing Mix-Zone Efficacy for Pseudonym Change in VANETs using Chaff Messages","authors":"Christian Vaas, Panos Papadimitratos, I. Martinovic","doi":"10.1145/3212480.3226103","DOIUrl":"https://doi.org/10.1145/3212480.3226103","url":null,"abstract":"Vehicular ad-hoc networks (VANETs) are designed to play a key role in the development of future transportation systems. Although cooperative awareness messages provide the required situational awareness for new safety and efficiency applications, they also introduce a new attack vector to compromise privacy. The use of ephemeral credentials called pseudonyms for privacy protection was proposed while ensuring the required security properties. In order to prevent an attacker from linking old to new pseudonyms, mix-zones provide a region in which vehicles can covertly change their signing material. In this poster, we extend the idea of mix-zones to mitigate pseudonym linking attacks with a mechanism inspired by chaff-based privacy defense techniques for mix-networks. By providing chaff trajectories, our system restores the efficacy of mix-zones to compensate for a lack of vehicles available to participate in the mixing procedure. Our simulation results of a realistic traffic scenario show that a significant improvement is possible.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"27 10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125683988","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks 第11届美国计算机协会无线和移动网络安全与隐私会议论文集
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480
{"title":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","authors":"","doi":"10.1145/3212480","DOIUrl":"https://doi.org/10.1145/3212480","url":null,"abstract":"","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116655151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Passwords in the Air: Harvesting Wi-Fi Credentials from SmartCfg Provisioning 空中密码:从SmartCfg Provisioning中获取Wi-Fi凭据
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI: 10.1145/3212480.3212496
Changyu Li, Quanpu Cai, Juanru Li, Hui Liu, Yuanyuan Zhang, Dawu Gu, Yu Yu
{"title":"Passwords in the Air: Harvesting Wi-Fi Credentials from SmartCfg Provisioning","authors":"Changyu Li, Quanpu Cai, Juanru Li, Hui Liu, Yuanyuan Zhang, Dawu Gu, Yu Yu","doi":"10.1145/3212480.3212496","DOIUrl":"https://doi.org/10.1145/3212480.3212496","url":null,"abstract":"Smart devices without an interactive UI (e.g., a smart bulb) typically rely on specific provisioning schemes to connect to wireless networks. Among all the provisioning schemes, SmartCfg is a popular technology to configure the connection between smart devices and wireless routers. Although the SmartCfg technology facilitates the Wi-Fi configuration, existing solutions seldom take into serious consideration the protection of credentials and therefore introduce security threats against Wi-Fi credentials. This paper conducts a security analysis against eight SmartCfg based Wi-Fi provisioning solutions designed by different wireless module manufacturers. Our analysis demonstrates that six manufacturers provide flawed SmartCfg implementations that directly lead to the exposure of Wi-Fi credentials: attackers could exploit these flaws to obtain important credentials without any substantial efforts on brute-force password cracking. Furthermore, we keep track of the smart devices that adopt such Wi-Fi provisioning solutions to investigate the influence of the security flaws on real world products. Through reversely analyzing the corresponding apps of those smart devices we conclude that the flawed SmartCfg implementations constitute a wide potential impact on the security of smart home ecosystems.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126548690","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
WLAN Device Fingerprinting using Channel State Information (CSI) 基于信道状态信息(CSI)的WLAN设备指纹
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-01 DOI: 10.1145/3212480.3226099
Florian Adamsky, Tatiana Retunskaia, Stefan Schiffner, C. Köbel, T. Engel
{"title":"WLAN Device Fingerprinting using Channel State Information (CSI)","authors":"Florian Adamsky, Tatiana Retunskaia, Stefan Schiffner, C. Köbel, T. Engel","doi":"10.1145/3212480.3226099","DOIUrl":"https://doi.org/10.1145/3212480.3226099","url":null,"abstract":"As of IEEE 802.11n, a wireless Network Interface Card (NIC) uses Channel State Information (CSI) to optimize the transmission over multiple antennas. CSI contain radio-metrics such as amplitude and phase. Due to scattering during hardware production these metrics exhibit unique properties. Since these information are transmitted unencrypted, they can be captured by a passive observer. We show that these information can be used to create a unique fingerprint of a wireless device, based on as little as 100 CSI packets per device collected with an off-the-shelf Wi-Fi card. For our proof of concept we captured data from seven smartphones including two identical models. We were able to identify more than 90% when using out-of-the-box Random Forrest (RF).","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129850123","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信