发布求助
文献互助 智能选刊 最新文献

Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks最新文献

筛选
英文 中文
Smart-Phones Attacking Smart-Homes 智能手机攻击智能家居
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2939925
V. Sivaraman, Dominic Chan, Dylan Earl, R. Boreli
{"title":"Smart-Phones Attacking Smart-Homes","authors":"V. Sivaraman, Dominic Chan, Dylan Earl, R. Boreli","doi":"10.1145/2939918.2939925","DOIUrl":"https://doi.org/10.1145/2939918.2939925","url":null,"abstract":"The explosion in Internet-connected household devices, such as light-bulbs, smoke-alarms, power-switches, and webcams, is creating new vectors for attacking \"smart-homes\" at an unprecedented scale. Common perception is that smart-home IoT devices are protected from Internet attacks by the perimeter security offered by home routers. In this paper we demonstrate how an attacker can infiltrate the home network via a doctored smart-phone app. Unbeknownst to the user, this app scouts for vulnerable IoT devices within the home, reports them to an external entity, and modifies the firewall to allow the external entity to directly attack the IoT device. The ability to infiltrate smart-homes via doctored smart-phone apps demonstrates that home routers are poor protection against Internet attacks and highlights the need for increased security for IoT devices.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"514 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123429746","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 117
Defeating MAC Address Randomization Through Timing Attacks 通过定时攻击击败MAC地址随机化
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2939930
Célestin Matte, M. Cunche, F. Rousseau, M. Vanhoef
{"title":"Defeating MAC Address Randomization Through Timing Attacks","authors":"Célestin Matte, M. Cunche, F. Rousseau, M. Vanhoef","doi":"10.1145/2939918.2939930","DOIUrl":"https://doi.org/10.1145/2939918.2939930","url":null,"abstract":"MAC address randomization is a common privacy protection measure deployed in major operating systems today. It is used to prevent user-tracking with probe requests that are transmitted during IEEE 802.11 network scans. We present an attack to defeat MAC address randomization through observation of the timings of the network scans with an off-the-shelf Wi-Fi interface. This attack relies on a signature based on inter-frame arrival times of probe requests, which is used to group together frames coming from the same device although they use distinct MAC addresses. We propose several distance metrics based on timing and use them together with an incremental learning algorithm in order to group frames. We show that these signatures are consistent over time and can be used as a pseudo-identifier to track devices. Our framework is able to correctly group frames using different MAC addresses but belonging to the same device in up to 75% of the cases. These results show that the timing of 802.11 probe frames can be abused to track individual devices and that address randomization alone is not always enough to protect users against tracking.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132370152","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 59
More Semantics More Robust: Improving Android Malware Classifiers 更多语义更健壮:改进Android恶意软件分类器
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2939931
Wei Chen, David Aspinall, A. Gordon, Charles Sutton, Igor Muttik
{"title":"More Semantics More Robust: Improving Android Malware Classifiers","authors":"Wei Chen, David Aspinall, A. Gordon, Charles Sutton, Igor Muttik","doi":"10.1145/2939918.2939931","DOIUrl":"https://doi.org/10.1145/2939918.2939931","url":null,"abstract":"Automatic malware classifiers often perform badly on the detection of new malware, i.e., their robustness is poor. We study the machine-learning-based mobile malware classifiers and reveal one reason: the input features used by these classifiers can't capture general behavioural patterns of malware instances. We extract the best-performing syntax-based features like permissions and API calls, and some semantics-based features like happen-befores and unwanted behaviours, and train classifiers using popular supervised and semi-supervised learning methods. By comparing their classification performance on industrial datasets collected across several years, we demonstrate that using semantics-based features can dramatically improve robustness of malware classifiers.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124251335","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
A Prover-Anonymous and Terrorist-Fraud Resistant Distance-Bounding Protocol 一个证明者-匿名和恐怖分子-欺诈抵抗距离边界协议
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2939919
Xavier Bultel, S. Gambs, David Gérault, P. Lafourcade, Cristina Onete, J. Robert
{"title":"A Prover-Anonymous and Terrorist-Fraud Resistant Distance-Bounding Protocol","authors":"Xavier Bultel, S. Gambs, David Gérault, P. Lafourcade, Cristina Onete, J. Robert","doi":"10.1145/2939918.2939919","DOIUrl":"https://doi.org/10.1145/2939918.2939919","url":null,"abstract":"Contactless communications have become omnipresent in our daily lives, from simple access cards to electronic passports. Such systems are particularly vulnerable to relay attacks, in which an adversary relays the messages from a prover to a verifier. Distance-bounding protocols were introduced to counter such attacks. Lately, there has been a very active research trend on improving the security of these protocols, but also on ensuring strong privacy properties with respect to active adversaries and malicious verifiers. In particular, a difficult threat to address is the terrorist fraud, in which a far-away prover cooperates with a nearby accomplice to fool a verifier. The usual defence against this attack is to make it impossible for the accomplice to succeed unless the prover provides him with enough information to recover his secret key and impersonate him later on. However, the mere existence of a long-term secret key is problematic with respect to privacy. In this paper, we propose a novel approach in which the prover does not leak his secret key but a reusable session key along with a group signature on it. This allows the adversary to impersonate him even without knowing his signature key. Based on this approach, we give the first distance-bounding protocol, called SPADE, integrating anonymity, revocability and provable resistance to standard threat models.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127155714","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
DEMO: Far Away and Yet Nearby - A Framework for Practical Distance Fraud on Proximity Services for Mobile Devices 演示:远而近——移动设备接近服务的实际距离欺诈框架
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2942416
Tobias Schultes, M. Grau, Daniel Steinmetzer, M. Hollick
{"title":"DEMO: Far Away and Yet Nearby - A Framework for Practical Distance Fraud on Proximity Services for Mobile Devices","authors":"Tobias Schultes, M. Grau, Daniel Steinmetzer, M. Hollick","doi":"10.1145/2939918.2942416","DOIUrl":"https://doi.org/10.1145/2939918.2942416","url":null,"abstract":"Proximity services are widely used in mobile applications for fast and easy data transfer and control of various systems within a defined range. Authorization is achieved by proximity detection mechanisms that surrogate extensive pairing processes. In this work, we present our Nearby Distance Fraud Framework (NeDiFF) to investigate distance fraud on various proximity services. NeDiFF cheats on proximity checks in services as Google Nearby Messages, Chromecast guest mode and Android device location. Our results emphasize that proximity services currently used for mobile devices are prone to relay attacks and should not be used in security-sensitive applications.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127326349","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
DARPA: Device Attestation Resilient to Physical Attacks DARPA:抗物理攻击设备认证
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2939938
Ahmad Ibrahim, A. Sadeghi, G. Tsudik, Shaza Zeitouni
{"title":"DARPA: Device Attestation Resilient to Physical Attacks","authors":"Ahmad Ibrahim, A. Sadeghi, G. Tsudik, Shaza Zeitouni","doi":"10.1145/2939918.2939938","DOIUrl":"https://doi.org/10.1145/2939918.2939938","url":null,"abstract":"As embedded devices (under the guise of \"smart-whatever\") rapidly proliferate into many domains, they become attractive targets for malware. Protecting them from software and physical attacks becomes both important and challenging. Remote attestation is a basic tool for mitigating such attacks. It allows a trusted party (verifier) to remotely assess software integrity of a remote, untrusted, and possibly compromised, embedded device (prover). Prior remote attestation methods focus on software (malware) attacks in a one-verifier/one-prover setting. Physical attacks on provers are generally ruled out as being either unrealistic or impossible to mitigate. In this paper, we argue that physical attacks must be considered, particularly, in the context of many provers, e.g., a network, of devices. As- suming that physical attacks require capture and subsequent temporary disablement of the victim device(s), we propose DARPA, a light-weight protocol that takes advantage of absence detection to identify suspected devices. DARPA is resilient against a very strong adversary and imposes minimal additional hardware requirements. We justify and identify DARPA's design goals and evaluate its security and costs.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128565553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 93
Trust The Wire, They Always Told Me!: On Practical Non-Destructive Wire-Tap Attacks Against Ethernet 相信电线,他们总是告诉我!:针对以太网的实用非破坏性窃听攻击
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2940650
Matthias Schulz, Patrick Klapper, M. Hollick, Erik Tews, S. Katzenbeisser
{"title":"Trust The Wire, They Always Told Me!: On Practical Non-Destructive Wire-Tap Attacks Against Ethernet","authors":"Matthias Schulz, Patrick Klapper, M. Hollick, Erik Tews, S. Katzenbeisser","doi":"10.1145/2939918.2940650","DOIUrl":"https://doi.org/10.1145/2939918.2940650","url":null,"abstract":"Ethernet technology dominates enterprise and home network installations and is present in datacenters as well as parts of the backbone of the Internet. Due to its wireline nature, Ethernet networks are often assumed to intrinsically protect the exchanged data against attacks carried out by eavesdroppers and malicious attackers that do not have physical access to network devices, patch panels and network outlets. In this work, we practically evaluate the possibility of wireless attacks against wired Ethernet installations with respect to resistance against eavesdropping by using off-the-shelf software-defined radio platforms. Our results clearly indicate that twisted-pair network cables radiate enough electromagnetic waves to reconstruct transmitted frames with negligible bit error rates, even when the cables are not damaged at all. Since this allows an attacker to stay undetected, it urges the need for link layer encryption or physical layer security to protect confidentiality.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134519175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
POSTER: Friend or Foe? Context Authentication for Trust Domain Separation in IoT Environments 海报:朋友还是敌人?物联网环境下信任域分离认证
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2942422
Markus Miettinen, Jialin Huang, T. D. Nguyen, N. Asokan, A. Sadeghi
{"title":"POSTER: Friend or Foe? Context Authentication for Trust Domain Separation in IoT Environments","authors":"Markus Miettinen, Jialin Huang, T. D. Nguyen, N. Asokan, A. Sadeghi","doi":"10.1145/2939918.2942422","DOIUrl":"https://doi.org/10.1145/2939918.2942422","url":null,"abstract":"The Internet of Things (IoT) is rapidly emerging, resulting in a growing demand for guaranteeing its security and privacy. Imagine the following scenario: In a not so distant future you have just purchased a number of Internet-of-Things (IoT) appliances for your smart home. You are standing in your living room and would like to have these new devices wirelessly connect to each other and your home network. The set of your own devices in your network constitute your trust domain. Most IoT devices are equipped with environmental sensors, e.g., for monitoring ambient luminosity, audio, or temperature. A breach in your trust domain could leak such sensor data, and hence potentially sensitive private information about your behavior and habits, to outsiders. Therefore, you want to make sure that none of your devices accidentally connect to your neighbor’s home network. You also want to make sure that only your own devices are granted access to your trust domain. The devices could use appropriate service discovery and key exchange protocols to establish secure communication links with each other and other devices like the home WiFi router. But how can your devices distinguish between other devices that belong to your trust domain and devices of your neighbors that happen to lie within wireless communication range? That is, how can devices in a trust domain (e.g., your home) authenticate each other?","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132221802","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Shatter: Using Threshold Cryptography to Protect Single Users with Multiple Devices 粉碎:使用阈值加密保护单个用户与多个设备
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2939932
Erinn Atwater, U. Hengartner
{"title":"Shatter: Using Threshold Cryptography to Protect Single Users with Multiple Devices","authors":"Erinn Atwater, U. Hengartner","doi":"10.1145/2939918.2939932","DOIUrl":"https://doi.org/10.1145/2939918.2939932","url":null,"abstract":"The average computer user is no longer restricted to one device. They may have several devices and expect their applications to work on all of them. A challenge arises when these applications need the cryptographic private key of the devices' owner. Here the device owner typically has to manage keys manually with a \"keychain\" app, which leads to private keys being transferred insecurely between devices -- or even to other people. Even with intuitive synchronization mechanisms, theft and malware still pose a major risk to keys. Phones and watches are frequently removed or set down, and a single compromised device leads to the loss of the owner's private key, a catastrophic failure that can be quite difficult to recover from. We introduce Shatter, an open-source framework that runs on desktops, Android, and Android Wear, and performs key distribution on a user's behalf. Shatter uses threshold cryptography to turn the security weakness of having multiple devices into a strength. Apps that delegate cryptographic operations to Shatter have their keys compromised only when a threshold number of devices are compromised by the same attacker. We demonstrate how our framework operates with two popular Android apps (protecting identity keys for a messaging app, and encryption keys for a note-taking app) in a backwards-compatible manner: only Shatter users need to move to a Shatter-aware version of the app. Shatter has minimal impact on app performance, with signatures and decryption being calculated in 0.5s and security proofs in 14s.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134412786","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Profiling the Strength of Physical-Layer Security: A Study in Orthogonal Blinding 描述物理层安全强度:正交盲法的研究
Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2016-07-18 DOI: 10.1145/2939918.2939933
Yao Zheng, Matthias Schulz, W. Lou, Y. T. Hou, M. Hollick
{"title":"Profiling the Strength of Physical-Layer Security: A Study in Orthogonal Blinding","authors":"Yao Zheng, Matthias Schulz, W. Lou, Y. T. Hou, M. Hollick","doi":"10.1145/2939918.2939933","DOIUrl":"https://doi.org/10.1145/2939918.2939933","url":null,"abstract":"Physical layer security for wireless communication is broadly considered as a promising approach to protect data confidentiality against eavesdroppers. However, despite its ample theoretical foundation, the transition to practical implementations of physical-layer security still lacks success. A close inspection of proven vulnerable physical-layer security designs reveals that the flaws are usually overlooked when the scheme is only evaluated against an inferior, single-antenna eavesdropper. Meanwhile, the attacks exposing vulnerabilities often lack theoretical justification. To reduce the gap between theory and practice, we posit that a physical-layer security scheme must be studied under multiple adversarial models to fully grasp its security strength. In this regard, we evaluate a specific physical-layer security scheme, i.e. orthogonal blinding, under multiple eavesdropper settings. We further propose a practical \"ciphertext-only attack\" that allows eavesdroppers to recover the original message by exploiting the low entropy fields in wireless packets. By means of simulation, we are able to reduce the symbol error rate at an eavesdropper below 1% using only the eavesdropper's receiving data and a general knowledge about the format of the wireless packets.","PeriodicalId":387704,"journal":{"name":"Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131301322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信