Session 4B

Measurement/Empirical Security

10:30 AM — 11:50 AM HKT
Jun 8 Tue, 10:30 PM — 11:50 PM EDT

Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems

Mustafa Abdallah (Purdue University, USA), Daniel Woods (Purdue University, USA), Parinaz Naghizadeh (Ohio State University, USA), Issa Khalil (Qatar Computing Research Institute (QCRI), HBKU, Qatar), Timothy Cason (Purdue University, USA), Shreyas Sundaram (Purdue University, USA0, Saurabh Bagchi (Purdue University, USA)

We model the behavioral biases of human decision-making in securing interdependent systems and show that such behavioral decision-making leads to a suboptimal pattern of resource allocation compared to non-behavioral (rational) decision-making.We provide empirical evidence for the existence of such behavioral bias model through a controlled subject study with 145 participants. We then propose three learning techniques for enhancing decision-making in multi-round setups. We illustrate the benefits of our decision-making model through multiple interdependent real-world systems and quantify the level of gain compared to the case in which the defenders are behavioral. We also show the benefit of our learning techniques against different attack models. We identify the effects of different system parameters (e.g., the defenders’ security budget availability and distribution, the degree of interdependency among defenders, and collaborative defense strategies) on the degree of suboptimality of security outcomes due to behavioral decision-making.

Analyzing the Overhead of Protection on File Accessing Using Linux Security Modules

Wenhui Zhang (Penn State University, USA), Peng Liu (Penn State University, USA), Trent Jaeger (Penn State University, USA)

Over the years, the complexity of the Linux Security Module (LSM) is keeping increasing (e.g. 10,684 LOC in Linux v2.6.0 vs. 64,018 LOC in v5.3), and the count of the authorization hooks is nearly doubled (e.g. 122 hooks in v2.6.0 vs. 224 hooks in v5.3). In addition, the computer industry has seen tremendous advancement in hardware (e.g., memory and processor frequency) in the past decade. These make the previous evaluation on LSM, which was done 18 years ago, less relevant nowadays. It is important to provide up-to-date measurement results of LSM for system practitioners so that they can make prudent trade-offs between security and performance. This work evaluates the overhead of LSM for file accesses on Linux v5.3.0. We build a performance evaluation framework for LSM. It has two parts, an extension of LMBench2.5 to evaluate the overhead of file operations for different security modules, and a security module with tunable latency for policy enforcement to study the impact of the latency of policy enforcement on the end-to-end latency of file operations. In our evaluation, we find opening a file would see about 87% (Linux v5.3) performance drop when the kernel is integrated with SELinux hooks (policy enforcement disabled) than without, while the figure was 27% (Linux v2.4.2). We found that performance of the above downgrade is affected by two parts, policy enforcement and hook placement. To further investigate the impact of policy enforcement and hook placement respectively, we build a Policy Testing Module, which reuses hook placements of LSM, while alternating latency of policy enforcement. With this module, we are able to quantitatively estimate the impact of the latency of policy enforcement on the end-to-end latency of file operations by using a multiple linear regression model and count policy authorization frequencies for each syscall.We then discuss and justify the evaluation results with static analysis on syscalls’ call graphs.

Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem

Doowon Kim (University of Tennessee, Knoxville, USA), Haehyun Cho (Arizona State University, USA), Yonghwi Kwon (University of Virginia, USA), Adam Oest (PayPal, Inc., USA), Adam Doupe (Arizona State University, USA), Sooel Son (KAIST, South Korea), Gail-Joon Ahn (Arizona State University, USA), Tudor Dumitras (Univ. Maryland, USA)

Phishing attacks are causing substantial damage albeit extensive effort in academia and industry. Recently, a large volume of phishing attacks transit toward adopting HTTPS, leveraging TLS certificates issued from Certificate Authorities (CAs), to make the attacks more effective. In this paper, we present a comprehensive study on the security practices of CAs in the HTTPS phishing ecosystem. We focus on the CAs, critical actors under-studied in previous literature, to better understand the importance of the security practices of CAs and thwart the proliferating HTTPS phishing. In particular, we first present the current landscape and effectiveness of HTTPS phishing attacks comparing to traditional HTTP ones. Then, we conduct an empirical experiment on the CAs’ security practices in terms of the issuance and revocation of the certificates. Our findings highlight serious conflicts between the expected security practices of CAs and reality, raising significant security concerns. We further validate our findings using a longitudinal dataset of abusive certificates used for real phishing attacks in the wild. We confirm that the security concerns of CAs prevail in the wild and these concerns can be one of the main contributors to the recent surge of HTTPS phishing attacks.

ARGUS: Assessing Unpatched Vulnerable Devices on the Internet via Efficient Firmware Recognition

Wei Xie (College of Computer, National University of Defense Technology, China), Chao Zhang (Institute for Network Science and Cyberspace of Tsinghua University, China), Pengfei Wang (College of Computer, National University of Defense Technology, China), Zhenhua Wang (College of Computer, National University of Defense Technology, China), Qiang Yang (College of Computer, National University of Defense Technology, China)

Assessing unpatched devices affected by a specified vulnerability is a vital but unsolved issue. Using a proof-of-concept tool on the Internet is illegal, while identifying vulnerable device models and firmware versions via fingerprints is a safer method. However, device search engines such as Shodan do not claim to accurately identify device models or versions, and existing works on firmware online recognition neglect the efficiency challenge of scanning redundant fingerprints. Consequently, this fingerprint-checking method has few real-world verifications on the Internet. We propose ARGUS, a simple but practical framework to identify device models and firmware versions. At its core is a heuristic fingerprint crush saga (FCS) scheme inspired by the phone game “Candy Crush Saga". It can improve efficiency by an average of 156 times compared to scanning fingerprints of all web files by default. This efficiency improvement enables us to widely assess the proportion of unpatched devices affected by 176 CVE vulnerabilities, which is 64.3% on average on the Internet. This result quantitatively proves that the majority of users do not periodically update device firmware.

Session Chair

Yuan Zhang

Session 5B

Applied Cryptography (II)

2:00 PM — 3:20 PM HKT
Jun 9 Wed, 2:00 AM — 3:20 AM EDT

Hash-Enabled Garbling and the Insecurity of Free-Hashing Garbled Circuits

Ruiyu Zhu (Indiana University, USA), Yan Huang (Indiana University, USA)

Hashing garbled circuits is an important, albeit expensive, bandwidthsaving technique that can be an order-of-magnitude slower than generating garbled circuits. In a recent work, Fan et al. (EUROCRYPT, 2017) proposed a method to produce GC-hashes without any calls to expensive collision-resistant hash functions. They showed experimentally that the overhead of hashing GCs can be eliminated almost entirely. In this paper, we identify several security flaws in their approach. (1) We show some fundamental weakness in the notion of hashsecurity, which makes it impossible to support any existing malicious GC-hash-based cut-and-choose protocols. (2) Although the concept of hash-security could be useful in certain scenarios, we show (with concrete attacks) that the Free-Hash construction given in their paper is not really hash-secure. As a positive result of this work, we propose and formalize the concept of hash-enabled garbling and show how an actively-secure 2PC protocol can be constructed with black-box use of any hashenabled garbling scheme. This is the first time when the use of GC-hashes in any cut-and-choose protocols is formally examined and rigorously proved secure. Our protocol allows to leverage GChashes to save bandwidth while minimizing the cut-and-choose duplication factor, i.e., using s (instead of 3s) copies of GCs to achieve 2−s statistical security.

Look Before You Leap: Secure Connection Bootstrapping for 5G Networks to Defend Against Fake Base-Stations

Ankush Singla (Purdue University, USA), Rouzbeh Behnia (University of South Florida, USA), Syed Rafiul Hussain (Pennsylvania State University, USA), Attila Yavuz (University of South Florida, USA), Elisa Bertino (Purdue University, USA)

The lack of authentication protection for bootstrapping messages broadcast by base-stations makes impossible for devices to differentiate between a legitimate and a fake base-station. This vulnerability has been widely acknowledged, but not yet fixed and thus enables law-enforcement agencies, motivated adversaries and nation-states to carry out attacks against targeted users. Although 5G cellular protocols have been enhanced to prevent some of these attacks, the root vulnerability for fake base-stations still exists. In this paper, we propose an efficient broadcast authentication protocol based on a hierarchical identity-based signature scheme, Schnorr-HIBS, which addresses the root cause of the fake base-station problem with minimal computation and communication overhead. We implement and evaluate our proposed protocol using off-the-shelf software-defined radios and open-source libraries. We also provide a comprehensive quantitative and qualitative comparison between our scheme and other candidate solutions for 5G base-station authentication proposed by 3GPP. Our proposed protocol achieves at least a 6x speedup in terms of end-to-end cryptographic delay and a communication cost reduction of 31% over other 3GPP proposals.

Efficient Graph Encryption Scheme for Shortest Path Queries

Esha Ghosh (Microsoft Research, Redmond, USA), Seny Kamara (Brown University, USA), Roberto Tamassia (Brown University, USA)

Graph encryption schemes (introduced by [Chase and Kamara, 2010]) have been receiving growing interest across various disciplines due to their attractive tradeoff between functionality, efficiency and privacy. In this paper, we advance the state of the art on encrypted graph search by providing an efficient graph encryption scheme for shortest path queries. The preprocessing time and space and the query time are proportional to those for building and querying the search structure for the unencrypted graph. Hence, the overhead of providing structured encryption is asymptotically optimal. We implement our scheme and experimentally validate its performance on real world networks. Furthermore, we extend our scheme to support verifiability. Our scheme is the first structured encryption scheme that supports a recursive algorithm, where the number of recursion steps is not known at setup time (unlike the chaining technique from [Chase and Kamara, 2010]). Recursion is an important algorithmic design paradigm. Hence, our technique may help develop other practical encrypted structures for recursive algorithms.

Session Chair

Xingliang Yuan

Session 6B

Privacy (I)

3:40 PM — 5:00 PM HKT
Jun 9 Wed, 3:40 AM — 5:00 AM EDT

Measuring User Perception for Detecting Unexpected Access to Sensitive Resource in Mobile Apps

Trung Tin Nguyen (CISPA Helmholtz Center for Information Security, Germany), Duc Cuong Nguyen (CISPA Helmholtz Center for Information Security, Germany), Michael Schilling (CISPA Helmholtz Center for Information Security, Germany), Gang Wang (University of Illinois at Urbana-Champaign, USA), Michael Backes (CISPA Helmholtz Center for Information Security, Germany)

Understanding users’ perception of app behaviors is an important step to detect data access that violates user expectations. While existing works have used various proxies to infer user expectations (e.g., by analyzing app descriptions), how real-world users perceive an app’s data access when they interact with graphical user interfaces (UI) has not been fully explored. In this paper, we aimed to fill this gap by directly measuring how end-users perceive app behaviors based on graphical UI elements via extensive user studies. The results are used to build an automated tool - GUIBAT (Graphical User Interface Behavioral Analysis Tool) - that detects sensitive resource accesses that violate user expectations. We conducted three user studies in total (N=904). The first two user studies were used to build a semantic mapping between user expectations of sensitive resource accesses and the common graphical UI elements (N=459). The third user study (N=445) was used to validate the performance of GUIBAT in predicting user expectations. By comparing user expectations and the actual app behavior (inferred by static program analysis) for 47,909 Android apps, we found that 75.38% of the apps have at least one unexpected sensitive resource access in which thirdparty libraries attributed to 46.13%. Our analysis lays a concrete foundation for modeling user expectations based on UI elements. We show the urgent need for more transparent UI designs to better inform users of data access, and call for new tools to support app developers in this endeavor.

Low-Cost Hiding of the Query Pattern

Maryam Sepehri (Milan University, Italy), Florian Kerschbaum (University of Waterloo, Canada)

Several attacks have shown that the leakage from the access pattern in searchable encryption is dangerous. Attacks exploiting leakage from the query pattern are as dangerous, but less explored. While there are known, lightweight countermeasures to hide information in the access pattern by padding the ciphertexts, the same is not true for the query pattern. Oblivious RAM hides the query patterns, but requires a logarithmic overhead in the size of the database and hence will become even slower as data grows. In this paper we present a query smoothing algorithm to hide the frequency information in the query pattern of searchable encryption schemes by introducing fake queries. Our method only introduces a constant overhead of 7 to 13 fake queries per real query in our experiments. Furthermore, we show that our query smoothing algorithm can also be applied to range-searchable encryption schemes and then prevents all recent plaintext recovery attacks.

Horizontal Privacy-Preserving Linear Regression Which is Highly Efficient for Dataset of Low Dimension

Linpeng Lu (Shanghai JiaoTong University, China), Ning Ding (Shanghai JiaoTong University, China)

Linear regression is a widely used machine learning model for applications such as personalized health-care prediction, recommendation systems, and policy making etc. Nowadays one important trend of applying this model (also others) is privacy-preserving linear regression, in which multiple parties, each possessing a part of dataset, jointly perform the learning process, while paying a specific attention to the goal of preserving privacy of their data. Consequently some works on how to achieve this goal with various properties appear in recent years. In this paper, we present a new privacy-preserving linear regression protocol for the scenario where dataset is distributed horizontally, which works highly efficiently in particular when training dataset is of low dimension. Our protocol uses two non-colluding servers, in which multiple data providers share their private data, i.e. a 𝑑 × 𝑑 matrix where 𝑑 denotes the dimension of dataset, into two shares and send shares to the two servers respectively which then jointly perform the training process securely. Our technical novelties are as follows. We remark that in the method of solving linear systems (SLS), one mainstream method for linear regression (while the other one is stochastic gradient descent (SGD)), the time complexity only depends on the dimension, regardless of the number of samples. Note that known works using SLS employ garbled circuits for entire linear systems and thus use heavy computation. We implement SLS via the share-computation method which is known for securely implementing SGD and has not been applied to SLS to our knowledge, and thus inherit the advantages from them both (note that SLS admits fast computation when dataset is of low dimension, and the share-computation method is faster than the method of garbled circuits for entire linear systems). In the share-computation for SLS we propose a hybrid method, combining garbled circuits and secret sharing, to realize a secure and round-efficient division for fixed-point number (8+2𝜃 rounds, where 𝜃 is a small number of iterations and is set to 5 in our experiment). We then use the division protocol to implement our new protocol for linear regression. As a consequence, our protocol is highly efficient for dataset of low dimension. We implement our protocol in C++ and the experiments show that our protocol is much more efficient than the state of the art implementations for privacy-preserving linear regression for dataset of low dimension.

Accelerating Secure (2+1)-Party Computation by Insecure but Efficient Building Blocks

Keitaro Hiwatashi (The University of Tokyo / AIST, Japan), Ken Ogura (The University of Tokyo, Japan), Satsuya Ohata (Digital Garage, Inc., Japan), Koji Nuida (The University of Tokyo / AIST, Japan)

Secure multi-party computation (MPC) is a cryptographic tool that enables a set of parties to compute a function jointly while keeping each input secret. Since MPC based on secret sharing (SS) achieves high throughput and works fast, many applications have been developed. However, SS-based MPC requires many communication rounds in general, and this becomes a performance bottleneck in real-world applications under high-latency networks. In this paper, we propose SS-based secure three-party computation with almost no preprocessing based on our new (small-)constant-round fundamental gates, by revisiting a framework in a few previous works where a number of parties are assisted by another party who may partially learn secret information. Instead of ordinary logical gates, our fundamental gate is an efficient Equality, for which the result leaks to the third party, and we develop novel two-round constructions of secure building-block protocols (LessThan Comparison, RightShift, Table LookUp, etc.) from the insecure Equality. To show the practicality of our protocols, we implement a secure exact edit distance protocol for two genome strings. Our experiments show that in some network setting our protocol is about 2 times faster (14 times faster taking preprocessing into consideration) than the state-of-the-art SS-based protocol (Ohata and Nuida, FC 2020).

Session Chair

Miroslaw Kutylowski

Made with in Toronto · Privacy Policy · © 2021 Duetone Corp.