2022 IEEE Security and Privacy Workshops (SPW)最新文献

{"title":"\"It builds trust with the customers\" - Exploring User Perceptions of the Padlock Icon in Browser UI","authors":"E. V. Zezschwitz, Serena Chen, Emily Stark","doi":"10.1109/spw54247.2022.9833869","DOIUrl":"https://doi.org/10.1109/spw54247.2022.9833869","url":null,"abstract":"We performed a large-scale online survey (n=1,880) to study the padlock icon, an established security indicator in web browsers that denotes connection security through HTTPS. In this paper, we evaluate users’ understanding of the padlock icon, and how removing or replacing it might influence their expectations and decisions. We found that the majority of respondents (89%) had misconceptions about the padlock’s meaning. While only a minority (23%-44%) referred to the padlock icon at all when asked to evaluate trustworthiness, these padlock-aware users reported that they would be deterred from a hypothetical shopping transaction when the padlock icon was absent. These users were reassured after seeing secondary UI surfaces (i.e., Chrome Page Info) where more verbose information about connection security was present.We conclude that the padlock icon, displayed by browsers in the address bar, is still misunderstood by many users. The padlock icon guarantees connection security, but is often perceived to indicate the general privacy, security, and trustworthiness of a website. We argue that communicating connection security precisely and clearly is likely to be more effective through secondary UI, where there is more surface area for content. We hope that this paper boosts the discussion about the benefits and drawbacks of showing passive security indicators in the browser UI.","PeriodicalId":334852,"journal":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130315883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"To hash or not to hash: A security assessment of CSP’s unsafe-hashes expression","authors":"Peter Stolz, S. Roth, Ben Stock","doi":"10.1109/spw54247.2022.9833888","DOIUrl":"https://doi.org/10.1109/spw54247.2022.9833888","url":null,"abstract":"More and more people use the Web on a daily basis. We use it for communicating, doing bank transactions, and entertainment. This popularity of the Web has made it one of the main targets of attacks, most prominently Cross-Site Scripting (XSS). To mitigate the effect of those attacks, the prevalence of the Content Security Policy (CSP) is increasing. Such a policy allows developers to control the content that should be allowed on their Web applications precisely. Because this content includes JavaScript (via the script-src directive), it can also be an effective tool to mitigate the damage of markup injections such as XSS. Developers can specify fine-grained policies for scripts to only allow trusted third parties and disallow the usage of functions like eval and its derivatives that directly execute strings as code. As the whole Web is still evolving, so is CSP. The experimental source-expression unsafe-hashes aims to ease the adoption of secure CSPs, by allowing trusted scripts to be used as inline event handlers for HTML tags, which is currently only possible by blindly allowing all inline scripts to be executed. Our goal is to analyze if this expression is able to improve the security of a Web application or if it mainly provides a false sense of security because it still enables attackers to bypass the CSP. We built an automatic crawler utilizing dynamic JavaScript analysis using taint tracking and forced execution to detect security vulnerabilities of inline event handlers. This crawler visited 753,715 unique URLs from the Alexa Top 1,000 domains up to a maximum of 500 URLs per domain. We collected a total of 735,105 individual event handlers, where 443 of those had attribute values that flow into a dangerous JavaScript sink. Our manual analysis of the event handlers revealed that 370 of those handlers on 34 different domains are still vulnerable in presence of a CSP that contains the unsafe-hashes expression. We show that attackers can exploit these flows with only partial injections, such as adding new attributes to existing tags in most cases and discuss the impact of our findings on the future of the CSP standard.","PeriodicalId":334852,"journal":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126580948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Research Report: Progress on Building a File Observatory for Secure Parser Development","authors":"Tim Allison, Wayne Burke, Dustin Graf, C. Mattmann, Anastasija Mensikova, Michael Milano, Philip Southam, R. Stonebraker","doi":"10.1109/spw54247.2022.9833875","DOIUrl":"https://doi.org/10.1109/spw54247.2022.9833875","url":null,"abstract":"Parsing untrusted data is notoriously challenging. Failure to handle maliciously crafted data correctly can (and does) lead to a wide range of vulnerabilities. The Language-theoretic security (LangSec) philosophy seeks to obviate the need for developers to apply ad hoc solutions by, instead, offering formally correct and verifiable input handling throughout the software development lifecycle. One of the key components in developing secure parsers is a broad coverage corpus that enables developers to understand the problem space for a given format and to use, potentially, as seeds for fuzzing and other automated testing. In this paper, we offer an update on work reported at the LangSec 2021 conference on the development of a file observatory to gather and enable analysis on a diverse collection of files at scale. The initial focus of the observatory is on Portable Document Format (PDF) files and file formats typically embedded in PDFs. In this paper, we report on refactoring the ingest process, applying new analytic methods, and improving the User Interface.","PeriodicalId":334852,"journal":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","volume":"2014 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123778310","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"AutoCPS: Control Software Dataset Generation for Semantic Reverse Engineering","authors":"Haoda Wang, Christophe Hauser, Luis Garcia","doi":"10.1109/spw54247.2022.9833887","DOIUrl":"https://doi.org/10.1109/spw54247.2022.9833887","url":null,"abstract":"Binary analysis of closed-source, low-level, and embedded systems software has emerged at the heart of cyber-physical vulnerability assessment of third-party or legacy devices in safety-critical systems. In particular, recovering the semantics of the source algorithmic implementations enables analysts to understand the context of a particular binary program snippet. However, experimentation and evaluation of binary analysis techniques on real-world embedded cyber-physical systems are limited to domain-specific testbeds with a low number of use cases–insufficient to support emerging data-driven techniques. Moreover, the use cases rarely have the source mathematical expressions, algorithms, and compiled binaries. In this paper, we present AutoCPS, a framework for generating a large corpus of control systems binaries along with their source algorithmic expressions and source code. AutoCPS enables researchers to tune the control system binary data generation by varying different permutations of cyber-physical modules, e.g., the underlying control algorithm, while ensuring a semantically valid binary. We initially constrain AutoCPS to the flight software domain and generate over 4000 semantically different control systems source representations, which are then used to generate hundreds of thousands of binaries. We describe current and future use cases of AutoCPS towards cyber-physical vulnerability assessment of safety-critical systems.","PeriodicalId":334852,"journal":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127268495","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"You Can’t Protect What You Don’t Understand: Characterizing an Operational Gas SCADA Network","authors":"Xi Qin, Martin Rosso, A. Cárdenas, S. Etalle, J. D. Hartog, E. Zambon","doi":"10.1109/spw54247.2022.9833864","DOIUrl":"https://doi.org/10.1109/spw54247.2022.9833864","url":null,"abstract":"Natural gas distribution networks are part of a nation’s critical infrastructure, ensuring gas delivery to households and industries (e.g., power plants) with the correct chemical composition and the right conditions of pressure and temperature. Gas distribution is monitored and controlled by a Supervisory Control and Data Acquisition (SCADA) network, which provides centralized monitoring and control over the physical process.In this paper, we conduct the first openly available network measurement study of the SCADA network of an operational large-scale natural gas distribution network. With a total of 154 remote substations communicating through the SCADA system with a Control Room and over 98 days of observation, this is, to the best of our knowledge, the most extensive dataset of this kind analyzed to date.By combining the information obtained from engineering and IEC 104 network traffic, we reconstruct the gas distribution system’s layout, including the type and purpose of the substations and the physical properties of the gas that enters the SCADA system. Our analysis shows that it is possible to extract this information, essential for security monitoring, purely from the raw network traffic and without background knowledge provided by the control system engineers. We also note that configuration changes in SCADA environments, although probably less frequent than in IT environments, are not as rare and exceptional as the research community assumed.","PeriodicalId":334852,"journal":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134380289","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Face Recognition Systems: Are you sure they only consider your face?","authors":"Pavan Srihari Darbha, M. Conti, E. Losiouk, R. Maiti","doi":"10.1109/spw54247.2022.9833871","DOIUrl":"https://doi.org/10.1109/spw54247.2022.9833871","url":null,"abstract":"Face recognition has been one of the major biometric authentication procedures in smart devices that allows users to provide an additional layer of security for accessing their device. The accuracy of image similarity should depend on the face and its expression, as could be extracted from the whole image. Importantly, the background may have a substantial amount of additional information that can potentially pose a threat to the privacy of the user. In this paper, we report the impact of background on the recommended measure of similarity, Euclidean-L2, across different pictures that represent distinguishable emotions and image background. Additionally, we report that this impact of the background varies for different ethnic groups. Our findings are despite the fact that background should not matter for Face Recognition. For each facial image, we perform two preprocessings, gray-scaling and background whitening, and compute the similarity between the original image and the preprocessed image by using the DeepFace Face Recognition System. We have considered six data sets, i) containing 100 blurry images of one American man, ii) and iii) contained 100 images each of one American man in normal settings, iv) contained 50 each of East Asian men and women, v) contained 50 each of Indian men and women, and vi) contained 50 each of African or African-American men and women. We observe that gray scaling or background whitening images makes them dissimilar, often to the point of being unrecognisable. Overall, we report that the information contained in the background of a facial image can be significant and it can have different impacts across different skin complexions and facial structure. Importantly, our initial results bring up an important question of how to identify the images having a higher risk of exposing private information via the background of a facial image.","PeriodicalId":334852,"journal":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","volume":"31 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116652631","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Interactive History Sniffing with Dynamically-Generated QR Codes and CSS Difference Blending","authors":"K. O’Neal, Scott Yilek","doi":"10.1109/spw54247.2022.9833863","DOIUrl":"https://doi.org/10.1109/spw54247.2022.9833863","url":null,"abstract":"In a user-assisted history sniffing attack, first introduced by Weinberg, Chen, Jayaraman, and Jackson, a web site user can be tricked into revealing portions of their browsing history by performing an interactive task, like solving a CAPTCHA puzzle, that is dynamically generated based on the sites they have recently visited. Unlike automated history sniffing attacks, which often can probe 1000s of sites in a user’s browsing history, such user-assisted attacks have typically been limited to probing a much smaller number of sites.In this paper, we introduce a new user-assisted history sniffing attack based on malicious QR codes. These dynamically-generated QR codes allow a malicious site to probe thousands of links from a victim user’s browsing history. Generating these malicious QR codes based on the user’s history turns out to be challenging due to the required error-correcting properties. To overcome this issue, we show how to use a recent browser feature, CSS difference blending, to simulate an exclusive-OR of the dots in a QR code and correctly generate the error-correcting bits. This method of dynamically generating a valid QR code based on private user data may be of independent interest. Our results provide further evidence that the history sniffing defenses recently proposed by Smith, Disselkoen, Narayan, Brown, and Stefan should be seriously considered by browser vendors.","PeriodicalId":334852,"journal":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129219928","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"BLE-Doubt: Smartphone-Based Detection of Malicious Bluetooth Trackers","authors":"Jimmy Briggs, Christine Geeng","doi":"10.1109/spw54247.2022.9833870","DOIUrl":"https://doi.org/10.1109/spw54247.2022.9833870","url":null,"abstract":"Stalkers can hide Bluetooth Low-Energy (BLE) trackers, like the Apple AirTag and Tile Finder, in their targets’ clothing or vehicles to surveil their locations. Existing countermeasures to detect BLE-based stalking are promising but have several shortcomings: they only work against Apple products, they are slow to detect trackers, and there is no publicly available characterization of how well they work. We present an open-source, general method for detecting maliciously deployed BLE trackers. Our algorithm detects malicious devices in just a few minutes, whereas previous algorithms take hours or days. We show in a small but novel validation study that our algorithm performs with high precision and recall for most extant trackers, although AirTags pose additional challenges. Along with our algorithm and validation, we provide an open-source Android application capable of real-time detection of these devices. We also characterize the behavior of the AirTag and discuss the risk factors which make it particularly hard to detect. We conclude with a discussion for future work to make tracking devices safer for the public.","PeriodicalId":334852,"journal":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127841838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Client-Side Seat to TLS Deployment","authors":"Moritz Birghan, Thyla van der Merwe","doi":"10.1109/spw54247.2022.9833861","DOIUrl":"https://doi.org/10.1109/spw54247.2022.9833861","url":null,"abstract":"The official release of the latest version of the Transport Layer Security (TLS) protocol, namely TLS 1.3, has been accompanied by rapid adoption across the Web. In 2019, Holz et al. set out to measure this adoption, i.e., deployment and uptake of the protocol (CoRR 2019). Whilst informative and undeniably useful for the TLS community, Holz et al. note that they were unable to measure some of the newer features of TLS 1.3, including zero round-trip time (0-RTT) and post-handshake authentication (PHA). The altered structure of TLS 1.3, with more encryption of the handshake, renders measurement of these features impossible via passive monitoring and Internet scanning. Access to client-side TLS telemetry enables our work to address these limitations, and presents a clearer view of the TLS 1.3 adoption landscape. Specifically, our work comments on the true acceptance rate of client-generated early data, and on the odd usage patterns surrounding client authentication that occurs post-handshake. Our work also presents an up-to-date measurement of TLS 1.3 deployment, both confirming and extending the predictions and results presented by Holz et al.","PeriodicalId":334852,"journal":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","volume":"202 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134519491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats","authors":"D. Antonioli, Mathias Payer","doi":"10.1109/spw54247.2022.9833886","DOIUrl":"https://doi.org/10.1109/spw54247.2022.9833886","url":null,"abstract":"Cars are some of the most security-critical consumer devices. On the one hand, owners expect rich infotainment features, including audio, hands-free calls, contact management, or navigation through their connected mobile phone. On the other hand, the infotainment unit exposes exploitable wireless attack surfaces. This work evaluates protocol-level Bluetooth threats on vehicles, a critical but unexplored wireless attack surface. These threats are crucial because they are portable across vehicles, and they can achieve impactful goals, such as accessing sensitive data or even taking remote control of the vehicle. Their evaluation is novel as prior work focused on other wireless attack surfaces, notably Bluetooth implementation bugs. Among relevant protocol-level threats, we pick the KNOB and BIAS attacks because they provide the most effective strategy to impersonate arbitrary Bluetooth devices and are not yet evaluated against vehicles.Testing vehicles is challenging for several reasons, and we had to design a cost-effective methodology based on hybrid lab/on the road experiments. We evaluated 5 popular infotainment units (e.g., KIA and Toyota units) in the lab and 3 recent cars (e.g., Suzuki and Skoda cars) in a controlled on-the-road environment. We describe our methodology in detail to allow other researchers to reproduce and extend our results. Our Bluetooth protocol-level security evaluation uncovers worrisome facts about the state of vehicular security. For example, all tested devices are vulnerable to BIAS and KNOB, despite the patches in the Bluetooth standard. For example, the standard mandates keys with 7 bytes of entropy, but the tested devices accept keys with 1 byte of entropy. Moreover, all tested devices employ weak and outdated Bluetooth security parameters (e.g., weak authentication protocols and ciphers).","PeriodicalId":334852,"journal":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127114461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}