NDSS 2016 Programme – NDSS Symposium [PDF]

NDSS About NDSS Sponsorship Previous Conferences NDSS 2016

NDSS 2016 Programme SUNDAY, FEBRUARY 21 8:00 am – 7:00 pm

Registration

8:00 am – 9:00 am

Continental Breakfast

12:30 pm – 1:30 pm

Lunch, Rousseau Room (first floor)

9:00 am – 5:00 pm

TLS 1.3 Ready or Not (TRON) Workshop

9:00 am – 5:00 pm

Usable Security (USEC) Workshop

9:00 am – 5:00 pm

Understanding and Enhancing Online Privacy (UEOP) Workshop

6:00 pm – 7:00 pm

Welcome Reception, Boardroom and Foyer (open to all Workshop and Symposium attendees)

MONDAY, FEBRUARY 22 7:30 am – 6:00 pm

Registration

7:30 am – 8:30 am

Continental Breakfast

8:30 am– 8:40 am

Welcome and Opening Remarks

8:40 am – 9:40 am

Keynote – Dr. Matthew D. Green

9:40 am – 10:40 am

Session 1: Transport Layer Security

Break 11:10 am – 12:30 pm

Session 2: Network Security – Part I Chair: Engin Kirda

12:30 pm – 1:30 pm

Lunch, Beach North (outside)

1:30 pm – 2:50 pm

Session 3: Web Security Chair: David Balzarotti

Break 3:10 pm – 4:30 pm

Session 4: Network Security – Part II Chair: Adrian Perrig

Break 4:50 pm – 6:10 pm

Session 5: MISC: Cryptocurrencies, Captchas, GameBots Chair: Ari Juels

7:00 pm – 9:00 pm

Poster Reception, Aviary Ballroom

TUESDAY, FEBRUARY 23 7:30 am – 6:00pm

Registration

7:30 am – 8:30 am

Continental Breakfast

8:30 am – 8:40 am

Paper Awards

8:40 am – 10:20 am

Session 6: Privacy in Mobile Chair: Patrick Traynor

Break 10:50 am – 12:30 pm

Session 7: Software Security Chair: Taesoo Kim

12:30 pm – 1:30 pm

Lunch, Beach North (outside)

1:30 pm – 2:50 pm

Session 8: System Security – Part I Chair: Yongdae Kim

Break 3:10 pm – 4:30 pm

Session 9: Privacy – Part I Chair: Reza Shokri

Break 4:50 pm – 6:10 pm

Session 10: Privacy – Part II Chair: Emiliano De Cristofaro

7:00 pm – 9:00 pm

Symposium Dinner, Aviary Ballroom

WEDNESDAY, FEBRUARY 24 7:30 am – Noon

Registration

7:30 am – 8:30 am

Continental Breakfast

8:30 am – 8:40 am

Closing Remarks

8:40 am – 10:20 am

Session 11: Malware Chair: Giovanni Vigna

Break 10:50 am – 12:30 pm

Session 12: System Security – Part II Chair: David Lie

12:30 pm – 1:30 pm

Lunch, Beach North (outside)

1:30 pm – 3:10 pm

Session 13: Android Security

Break 3:40 pm – 5:20 pm

Session 14: User Authentication Chair: Lujo Bauer



Keynote: On Subverting Trust Abstract: Security research is an exercise in paranoia. But sometimes even we researchers aren’t paranoid enough. In this talk I’ll cover the problem of establishing trust in an environment where trust has been broken — subverted, in some cases by malicious attackers, and in others by governments. I’ll focus primarily on two recent incidents: the 2015 hack of Juniper Networks, which led to serious vulnerabilities in widely-trusted VPN devices; and the recent efforts by governments to obtain “cryptographic backdoors” into end-to-end encryption systems that are increasingly popular on smartphones. Slides Dr. Matthew D. Green Assistant Professor Department of Computer Science Johns Hopkins University Dr. Matthew Daniel Green is an Assistant Professor at the John Hopkins University Information Security Institute. He specializes in applied cryptography, including anonymous cryptocurrencies and secure messaging protocols. He is a member of the teams that developed the Zerocash anonymous payment system, and has been a member in the teams that recently exposed serious vulnerabilities in major TLS implementations. He has worked with newspapers to analyze documents from the Snowden cache. He also writes a popular blog on cryptographic engineering.

Session 1: Transport Layer Security Session Chair: Kenny Paterson, RHUL

Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH Slides In response to high-profile attacks that exploit hash function collisions, software vendors have started to phase out the use of MD5 and SHA-1 in third-party digital signature applications such as X.509 certificates. However, weak hash constructions continue to be used in various cryptographic constructions within mainstream protocols such as TLS, IKE, and SSH, because practitioners argue that their use in these protocols relies only on second preimage resistance, and hence is unaffected by collisions. This paper systematically investigates and debunks this argument. We identify a new class of transcript collision attacks on key exchange protocols that rely on efficient collision-finding algorithms on the underlying hash constructions. We implement and demonstrate concrete credential-forwarding attacks on TLS 1.2 client authentication, TLS 1.3 server authentication, and TLS channel bindings. We describe almost-practical impersonation and downgrade attacks in TLS 1.1, IKEv2 and SSH-2. As far as we know, these are the first collisionbased attacks on the cryptographic constructions used in these popular protocols. Our practical attacks on TLS were responsibly disclosed (under the name SLOTH) and have resulted in security updates to several TLS libraries. Our analysis demonstrates the urgent need for disabling all uses of weak hash functions in mainstream protocols, and our recommendations have been incorporated in the upcoming Token Binding and TLS 1.3 protocols. Karthikeyan Bhargavan and Gaetan Leurent (INRIA)

TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication Slides Email and chat still constitute the majority of electronic communication on the Internet. The standardisation and acceptance of protocols such as SMTP, IMAP, POP3, XMPP, and IRC has allowed to deploy servers for email and chat in a decentralised and interoperable fashion. These protocols can be secured by providing encryption with TLS-directly or via the STARTTLS extension. X.509 PKIs and ad hoc methods can be leveraged to authenticate communication peers. However, secure configuration is not straight-forward and many combinations of encryption and authentication mechanisms lead to insecure deployments and potentially compromise of data in transit. In this paper, we present the largest study to date that investigates the security of our email and chat infrastructures. We used active Internet-wide scans to determine the amount of secure service deployments, and employed passive monitoring to investigate to which degree user agents actually choose secure mechanisms for their communication. We addressed both client-toserver interactions as well as server-to-server forwarding. Apart from the authentication and encryption mechanisms that the investigated protocols offer on the transport layer, we also investigated the methods for client authentication in use on the application layer. Our findings shed light on an insofar unexplored area of the Internet. Our results, in a nutshell, are a mix of both positive and negative findings. While large providers offer good security for their users, most of our communication is poorly secured in transit, with weaknesses in the cryptographic setup and especially in the choice of authentication mechanisms. We present a list of actionable changes to improve the situation. Ralph Holz (University of Sydney), Johanna Amann (ICSI), Olivier Mehani and Mohamed Ali Kaafar (Data61/CSIRO), and Matthias Wachs (Technical University of Munich)

Killed by Proxy: Analyzing Client-end TLS Interception Software Slides To filter SSL/TLS-protected traffic, some antivirus and parental-control applications interpose a TLS proxy in the middle of the host’s communications. We set out to analyze such proxies as there are known problems in other (more matured) TLS processing engines, such as browsers and common TLS libraries. Compared to regular proxies, client-end TLS proxies impose several unique constraints, and must be analyzed for additional attack vectors; e.g., proxies may trust their own root certificates for externally-delivered content and rely on a custom trusted CA store (bypassing OS/browser stores). Covering existing and new attack vectors, we design an integrated framework to analyze such client-end TLS proxies. Using the framework, we perform a thorough analysis of eight antivirus and four parental-control applications for Windows that act as TLS proxies, along with two additional products that only import a root certificate. Our systematic analysis uncovered that several of these tools severely affect TLS security on their host machines. In particular, we found that four products are vulnerable to full server impersonation under an active man-in-themiddle (MITM) attack out-of-the-box, and two more if TLS filtering is enabled. Several of these tools also mislead browsers into believing that a TLS connection is more secure than it actually is, by e.g., artificially upgrading a server’s TLS version at the client. Our work is intended to highlight new risks introduced by TLS interception tools, which are possibly used by millions of users. Xavier de Carné de Carnavalet and Mohammad Mannan (Concordia University)

Session 2: Network Security – Part I Session Chair: Engin Kirda, Northeastern University

SIBRA: Scalable Internet Bandwidth Reservation Architecture Slides This paper proposes a Scalable Internet Bandwidth Reservation Architecture (SIBRA) as a new approach against DDoS attacks, which, until now, continue to be a menace on today’s Internet. SIBRA provides scalable inter-domain resource allocations and botnet-size independence, an important property to realize why previous defense approaches are insufficient. Botnet-size independence enables two end hosts to set up communication regardless of the size of distributed botnets in any Autonomous System in the Internet. SIBRA thus ends the arms race between DDoS attackers and defenders. Furthermore, SIBRA is based on purely stateless operations for reservation renewal, flow monitoring, and policing, resulting in highly efficient router operation, which is demonstrated with a full implementation. Finally, SIBRA supports Dynamic Interdomain Leased Lines (DILLs), offering new business opportunities for ISPs. Cristina Basescu, Raphael M. Reischuk, Pawel Szalachowski, Adrian Perrig (ETH Zurich) and Yao Zhang (Beihang University) and Hsu-Chun Hsiao (National Taiwan University) and Ayumu Kubota, Jumpei Urakawa (KDDI R&D Laboratories Inc.)

Don’t Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy Slides There is growing operational awareness of the challenges in securely operating IPv6 networks. Through a measurement study of 520,000 dual-stack servers and 25,000 dual-stack routers, we examine the extent to which security policy codified in IPv4 has also been deployed in IPv6. We find several high-value target applications with a comparatively open security policy in IPv6 including: (i) SSH, Telnet, SNMP, are more than twice as open on routers in IPv6 as they are in IPv4; (ii) nearly half of routers with BGP open were only open in IPv6; and (iii) in the server dataset, SNMP was twice as open in IPv6 as in IPv4. We conduct a detailed study of where port blocking policy is being applied and find that protocol openness discrepancies are consistent within network boundaries, suggesting a systemic failure in organizations to deploy consistent security policy. We successfully communicate our findings with twelve network operators and all twelve confirm that the relative openness was unintentional. Ten of the twelve immediately moved to deploy a congruent IPv6 security policy, reflecting real operational concern. Finally, we revisit the belief that the security impact of this comparative openness in IPv6 is mitigated by the infeasibility of IPv6 network-wide scanning—we find that, for both of our datasets, host addressing practices make discovering these high-value hosts feasible by scanning alone. To help operators accurately measure their own IPv6 security posture, we make our probing system publicly available. Jakub Czyz (University of Michigan & QuadMetrics, Inc.) and Matthew Luckie (University of Waikato) and Mark Allman (International Computer Science Institute) and Michael Bailey (University of Illinois at Urbana-Champaign)

Attacking the Network Time Protocol Slides We explore the risk that network attackers can exploit unauthenticated Network Time Protocol (NTP) traffic to alter the time on client systems. We first discuss how an on-path attacker, that hijacks traffic to an NTP server, can quickly shift time on the server’s clients. Then, we present an extremely low-rate (single packet) denial-of-service attack that an off-path attacker, located anywhere on the network, can use to disable NTP clock synchronization on a client. Next, we show how an off-path attacker can exploit IPv4 packet fragmentation to dramatically shift time on a client. We discuss the implications of these attacks on other core Internet protocols, quantify their attack surface using Internet measurements, and suggest a few simple countermeasures that can improve the security of NTP. Aanchal Malhotra, Isaac E. Cohen, Erik Brakke and Sharon Goldberg (Boston University)

SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks Slides We have recently witnessed the real life demonstration of link-flooding attacks – DDoS attacks that target the core of the Internet that can cause significant damage while remaining undetected. Because these attacks use traffic patterns that are indistinguishable from legitimate TCP-like flows, they can be persistent and cause long-term traffic disruption. Existing DDoS defenses that rely on detecting flow deviations from normal TCP traffic patterns cannot work in this case. Given the low cost of launching such attacks and their indistinguishability, we argue that any countermeasure must fundamentally tackle the root cause of the problem: either force attackers to increase their costs, or barring that, force attack traffic to become distinguishable from legitimate traffic. Our key insight is that to tackle this root cause it is sufficient to perform a rate change test, where we temporarily increase the effective bandwidth of the bottlenecked core link and observe the response. Attacks by cost-sensitive adversaries who try to fully utilize the bots’ upstream bandwidth will be detected since they will be unable to demonstrably increase throughput after bandwidth expansion. Alternatively, adversaries are forced to increase costs by having to mimic legitimate clients’ traffic patterns to avoid detection. We design a software-defined network (SDN) based system called SPIFFY that addresses key practical challenges in turning this high-level idea into a concrete defense mechanism, and provide a practical solution to force a tradeoff between cost vs. detectability for link-flooding attacks. We develop fast traffic-engineering algorithms to achieve effective bandwidth expansion and suggest scalable monitoring algorithms for tracking the change in traffic-source behaviors. We demonstrate the effectiveness of SPIFFY using a real SDN testbed and large-scale packet-level and flow-level simulations. Min Suk Kang, Virgil D. Gligor and Vyas Sekar (Carnegie Mellon University)

Session 3: Web Security Session Chair: Davide Balzarotti, Eurecom

CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities Slides Extension architectures of popular web browsers have been carefully studied by the research community; however, the security impact of interactions between different extensions installed on a given system has received comparatively little attention. In this paper, we consider the impact of the lack of isolation between traditional Firefox browser extensions, and identify a novel extensionreuse vulnerability that allows adversaries to launch stealthy attacks against users. This attack leverages capability leaks from legitimate extensions to avoid the inclusion of security-sensitive API calls within the malicious extension itself, rendering extensions that use this technique difficult to detect through the manual vetting process that underpins the security of the Firefox extension ecosystem. We then present CrossFire, a lightweight static analyzer to detect instances of extension-reuse vulnerabilities. CrossFire uses a multi-stage static analysis to efficiently identify potential capability leaks in vulnerable, benign extensions. If a suspected vulnerability is identified, CrossFire then produces a proof-of-concept exploit instance – or, alternatively, an exploit template that can be adapted to rapidly craft a working attack that validates the vulnerability. To ascertain the prevalence of extension-reuse vulnerabilities, we performed a detailed analysis of the top 10 Firefox extensions, and ran further experiments on a random sample drawn from the top 2,000. The results indicate that popular extensions, downloaded by millions of users, contain numerous exploitable extension-reuse vulnerabilities. A case study also provides anecdotal evidence that malicious extensions exploiting extension-reuse vulnerabilities are indeed effective at cloaking themselves from extension vetters. Ahmet Buyukkayhan, Kaan Onarlioglu, William Robertson and Engin Kirda (Northeastern University)

It’s Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services Slides Recent years have seen extensive growth of services enabling free broadcasts of live streams on the Web. Free live streaming services (FLIS) attract millions of viewers and a torrent of infringements of digital copyright laws. Despite the immense popularity of these services, little is known about the actors that facilitate it and maintain webpages to index links for free viewership. This paper presents a comprehensive analysis of the FLIS ecosystem by mapping all parties involved in the delivery of pirated content, discovering their modus operandi, and quantifying the consequences for common Internet users who utilize these services. We develop infrastructure that enables us to perform more than 850,000 visits by identifying 5,685 free live streaming domains, and analyze more than 1 Terabyte of traffic to map the actors that constitute the FLIS ecosystem. On the one hand, our analysis reveals that users of FLIS websites are generally exposed to deceptive advertisements, malware, malicious browser extensions, and fraudulent scams. On the other hand, we find that FLIS actors are often reported for copyright law violations and host their infrastructure predominantly in Europe and Belize. At the same time, we encounter substandard advertisement set-ups by the FLIS actors, along with noticeable trademark infringements through domain names and logos of popular TV channels. Given the magnitude of the discovered abuse, we engineer features that characterize FLIS pages and build a classifier to efficiently identify FLIS pages with high accuracy and low false positives, in an effort to help human analysts identify malicious services and initiate content-takedown requests. M. Zubair Rafique, Tom Van Goethem, Wouter Joosen and Christophe Huygens (KU Leuven) and Nick Nikiforakis (Stony Brook University)

Attack Patterns for Black-Box Security Testing of MultiParty Web Applications Slides The advent of Software-as-a-Service (SaaS) has led to the development of multi-party web applications (MPWAs). MPWAs rely on core trusted third-party systems (e.g., payment servers, identity providers) and protocols such as Cashier-as-a-Service (CaaS), Single Sign-On (SSO) to deliver business services to users. Motivated by the large number of attacks discovered against MPWAs and by the lack of a single general-purpose application-agnostic technique to support their discovery, we propose an automatic technique based on attack patterns for black-box, security testing of MPWAs. Our approach stems from the observation that attacks against popular MPWAs share a number of similarities, even if the underlying protocols and services are different. In this paper, we target six different replay attacks, a login CSRF attack and a persistent XSS attack. Firstly, we propose a methodology in which security experts can create attack patterns from known attacks. Secondly, we present a security testing framework that leverages attack patterns to automatically generate test cases that can be used to automate the security testing of MPWAs. We have implemented our ideas on top of OWASP ZAP (a popular, open-source penetration testing tool), created seven attack patterns that corresponds to thirteen prominent attacks from the literature, and discovered twenty one previously unknown vulnerabilities in prominent MPWAs (e.g., twitter.com, developer.linkedin.com, pinterest.com), including MPWAs that do not belong to SSO and CaaS families. Avinash Sudhodanan (University of Tento, Security & Trust, FBK, Italy) and Alessandro Armando (DIBRIS, University of Genova, Security & Trust, FBK, Italy) and Roberto Carbone (Secruity & Trust, FBK, Italy) and Luca Compagna (SAP Labs France)

Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces Slides Mobile users are increasingly becoming targets of malware infections and scams. Some platforms, such as Android, are more open than others and are therefore easier to exploit than other platforms. In order to curb such attacks it is important to know how these attacks originate. We take a previously unexplored step in this direction and look for the answer at the interface between mobile apps and the Web. Numerous in-app advertisements work at this interface: when the user taps on the advertisement, she is led to a web page which may further redirect until the user reaches the final destination. Similarly, applications also embed web links that again lead to the outside Web. Even though the original application may not be malicious, the Web destinations that the user visits could play an important role in propagating attacks. In order to study such attacks we develop a systematic methodology consisting of three components related to triggering web links and advertisements, detecting malware and scam campaigns, and determining the provenance of such campaigns reaching the user. We have realized this methodology through various techniques and contributions and have developed a robust, integrated system capable of running continuously without human intervention. We deployed this system for a two-month period and analyzed over 600,000 applications in the United States and in China while triggering a total of about 1.5 million links in applications to the Web. We gain a general understanding of attacks through the app-web interface as well as make several interesting findings, including a rogue antivirus scam, free iPad and iPhone scams, and advertisements propagating SMS trojans disguised as fake movie players. In broader terms, our system enables locating attacks and identifying the parties (such as specific ad networks, websites, and applications) that intentionally or unintentionally let them reach the end users and thus increase accountability from these parties. Vaibhav Rastogi (University of Wisconsin-Madison and Pennsylvania State University) and Rui Shao (Zhejiang University) and Yan Chen and Xiang Pan (Northwestern University) and Shihong Zou (State Key Lab of Networking and Switching, Beijing University of Posts and Telecommunications) and Ryan Riley (Qatar University)

Session 4: Network Security Part II Session Chair: Adrian Perrig, ETH Zurich

Enabling Practical Software-defined Networking Security Applications with OFX Slides Software Defined Networks (SDNs) are an appealing platform for network security applications. However, existing approaches to building security applications on SDNs are not practical because of performance and deployment challenges. Network security applications often need to analyze and process traffic in more advanced ways than SDN data plane implementations, such as OpenFlow, allow. Much of an application ends up running on the centralized controller, which forms an inherent bottleneck. Researchers have proposed application specific modifications to the underlying data plane to gain performance, but this results in a solution that is not deployable as it requires new switches and does not support all network security applications. In this paper, we introduce OFX (the OpenFlow Extension Framework) which harnesses the processing power of network switches to enable practical SDN security applications within an existing OpenFlow infrastructure. OFX allows applications to dynamically load software modules directly onto unmodified network switches where application-dependent processing/monitoring can execute closer to the data plane at a rate much closer to line speed. We implemented OFX modules for security applications including Silverline (ACSAC’13), BotMiner (Sec’08), and several others motivated by the custom OpenFlow extensions in Avant-Guard (CCS’13). We evaluated OFX on a Pica 8 3290 switch and found that processing traffic in an OFX module running on the switch had orders of magnitude less overhead than processing traffic at the controller. OFX increased the performance of the evaluated security application by 20-40x as compared to standard OpenFlow implementations and up to 1.25x when compared to middlebox implementations running on dedicated servers. This is all achieved without the need for additional or modified hardware. John Sonchack and Jonathan M. Smith (University of Pennsylvania) and Adam J. Aviv (United States Naval Academy) and Eric Keller (University of Colorado, Boulder)

Forwarding-Loop Attacks in Content Delivery Networks Slides We describe how malicious customers can attack the availability of Content Delivery Networks (CDNs) by creating forwarding loops inside one CDN or across multiple CDNs. Such forwarding loops cause one request to be processed repeatedly or even indefinitely, resulting in undesired resource consumption and potential Denial-of-Service attacks. To evaluate the practicality of such forwarding-loop attacks, we examined 16~popular CDN providers and found all of them are vulnerable to some form of such attacks. While some CDNs appear to be aware of this threat and have adopted specific forwarding-loop detection mechanisms, we discovered that they can all be bypassed with new attack techniques. Although conceptually simple, a comprehensive defense requires collaboration among all CDNs. Given that hurdle, we also discuss other mitigations that individual CDN can implement immediately. At a higher level, our work underscores the hazards that can arise when a networked system provides users with control over forwarding, particularly in a context that lacks a single point of administrative control. Jianjun Chen, Xiaofeng Zheng, Haixin Duan and Jinjin Liang (Tsinghua University and Tsinghua National Laboratory for Information Science and Technology) and Jian Jiang (University of California, Berkeley) and Kang Li (University of Georgia) and Tao Wan (Huawei Canada) and Vern Paxson (University of California, Berkeley and International Computer Science Institute)

CDN-on-Demand: An affordable DDoS Defense via Untrusted Clouds Slides We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to resist powerful DDoS attacks, with a fraction of the cost of comparable commercial CDN services. Upon excessive load, CDN-on-Demand serves clients from a scalable set of proxies that it automatically deploys on multiple IaaS cloud providers. CDN-on-Demand can use less expensive, and less trusted, clouds to minimize costs. This is facilitated by the clientless secure-objects, which is a new mechanism we present. The clientless secure-objects mechanism avoids trusting the hosts with private keys or user-data, yet does not require installing new client programs. CDN-on-Demand also introduces an origin-connectivity mechanism, which ensures that essential communication with the content-origin is possible, even in case of severe DoS attacks. A critical feature of CDN-on-Demand is in facilitating easy deployment. We introduce the origingateway module, which deploys CDN-on-Demand automatically and transparently, i.e., without introducing changes to web-server configuration or website content. We implement CDN-onDemand and evaluate each component separately as well as the complete system. Yossi Gilad (Hebrew University) and Amir Herzberg, Michael Sudkovitch and Michael Goberman (Bar Ilan University)

Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security Slides An emerging trend in corporate network administration is BYOD (bring your own device). Although with many advantages, the paradigm shift presents new challenges in security to enterprise networks. While existing solutions such as Mobile Device Management (MDM) focus mainly on controlling and protecting device data, they fall short in providing a holistic network protection system. New innovation is needed in providing administrators with sophisticated network policies and control capabilities over the devices and mobile applications (apps). In this paper, we present PBS (Programmable BYOD Security), a new security solution to enable fine-grained, applicationlevel network security programmability for the purpose of network management and policy enforcement on mobile apps and devices. Our work is motivated by another emerging and powerful concept, SDN (Software-Defined Networking). With a novel abstraction of mobile device elements (e.g., apps and network interfaces on the device) into conventional SDN network elements, PBS intends to provide network-wide, context-aware, app-specific policy enforcement at run-time without introducing much overhead on a resource-constrained mobile device, and without the actual deployment of SDN switches in enterprise networks. We implement a prototype system of PBS, with a controller component that runs a BYOD policy program/application on existing SDN controllers and a client component, PBS, for Android devices. Our evaluation shows that PBS is an effective and practical solution for BYOD security. Sungmin Hong, Robert Baykov, Lei Xu, Srinath Nadimpalli and Guofei Gu (Texas A&M University)

Session 5: MISC: Cryptocurrencies, Captchas, and GameBots Session Chair: Ari Juels, CornellTech

Centrally Banked Cryptocurrencies Slides Current cryptocurrencies, starting with Bitcoin, build a decentralized blockchain-based transaction ledger, maintained through proofs-of-work that also serve to generate a monetary supply. Such decentralization has benefits, such as independence from national political control, but also significant limitations in terms of computational costs and scalability. We introduce RSCoin, a cryptocurrency framework in which central banks maintain complete control over the monetary supply, but rely on a distributed set of authorities, or mintettes, to prevent double-spending. While monetary policy is centralized, RSCoin still provides strong transparency and auditability guarantees. We demonstrate, both theoretically and experimentally, the benefits of a modest degree of centralization, such as the elimination of wasteful hashing and a scalable system for avoiding double-spending attacks. George Danezis and Sarah Meiklejohn (University College London)

Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem Slides The proof-of-work is a central concept in modern cryptocurrencies and denial-of-service protection tools, but the requirement for fast verification so far made it an easy prey for GPU-, ASIC-, and botnet-equipped users. The attempts to rely on memory-intensive computations in order to remedy the disparity between architectures have resulted in slow or broken schemes. In this paper we solve this open problem and show how to construct an asymmetric proof-of-work (PoW) based on a computationally hard problem, which requires a lot of memory to generate a proof (called “memory-hardness” feature) but is instant to verify. Our primary proposal Equihash is a PoW based on the generalized birthday problem and enhanced Wagner’s algorithm for it. We introduce the new technique of algorithm binding to prevent cost amortization and demonstrate that possible parallel implementations are constrained by memory bandwidth. Our scheme has tunable and steep time-space tradeoffs, which impose large computational penalties if less memory is used. Our solution is practical and ready to deploy: a reference implementation of a proof-of-work requiring 700 MB of RAM runs in 30 seconds on a 1.8 GHz CPU, increases the computations by the factor of 1000 if memory is halved, and presents a proof of just 120 bytes long. Alex Biryukov and Dmitry Khovratovich (University of Luxembourg)

A Simple Generic Attack on Text Captchas Slides Text-based Captchas have been widely deployed across the Internet to defend against undesirable or malicious bot programs. Many attacks have been proposed; these fine prior art advanced the scientific understanding of Captcha robustness, but most of them have a limited applicability. In this paper, we report a simple, low-cost but powerful attack that effectively breaks a wide range of text Captchas, each with distinct design features, including those deployed by Google, Microsoft, Yahoo!, Amazon and other Internet giants. For most of the schemes, our attack achieved a success rate ranging from 16% to 77%, and achieved an average speed of solving a puzzle in less than 15 seconds on a standard desktop computer (with a 3.3GHz Intel Core i3 CPU and 2 GB RAM). To the best of our knowledge, this is to date the simplest generic attack on text Captchas. Our attack is based on Log-Gabor filters; a famed application of Gabor filters in computer security is John Daugman’s iris recognition algorithm. Our work is the first to apply Gabor filters for breaking Captchas. Haichang Gao (Xidian University), Jeff Yan (Lancaster University), Fang Cao, Zhengya Zhang, Lei Lei, Mengyun Tang, Ping Zhang, Xin Zhou, Xuqin Wang and Jiawei Li (Xidian University)

You are a Game Bot!: Uncovering Game Bots in MMORPGs via Self-similarity in the Wild Slides Game bots are a critical threat to Massively Multiplayer Online Role-Playing Games (MMORPGs) because they can seriously damage the reputation and in-game economy equilibrium of MMORPGs. Existing game bot detection techniques are not only generally sensitive to changes in game contents but also limited in detecting emerging bot patterns that were hitherto unknown. To overcome the limitation of learning bot patterns over time, we propose a framework that detects game bots through machine learning technique. The proposed framework utilizes self-similarity to effectively measure the frequency of repeated activities per player over time, which is an important clue to identifying bots. Consequently, we use real world MMORPG (“Lineage”, “Aion” and “Blade & Soul”) datasets to evaluate the feasibility of the proposed framework. Our experimental results demonstrate that 1) self-similarity can be used as a general feature in various MMORPGs, 2) a detection model maintenance process with newly updated bot behaviors can be implemented, and 3) our bot detection framework is practicable. Eunjo Lee (NCSOFT), Jiyoung Woo (Korea University), Hyoungshick Kim (Sungkyunkwan University), Aziz Mohaisen (State University of New York at Buffalo) and Huy Kang Kim (Korea University)

Session 6: Privacy in Mobile Session Chair: Patrick Traynor, University of Florida

Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses Slides Modern smartphones contain motion sensors, such as accelerometers and gyroscopes. These sensors have many useful applications; however, they can also be used to uniquely identify a phone by measuring anomalies in the signals, which are a result of manufacturing imperfections. Such measurements can be conducted surreptitiously by web page publishers or advertisers and can be used to track users across applications, websites, and visits. We analyze how well sensor fingerprinting works under real-world constraints. We first develop a highly accurate fingerprinting mechanism that combines multiple motion sensors and makes use of audible and inaudible audio stimulation to improve detection. We evaluate this mechanism using measurements from a large collection of smartphones, in both lab and public conditions. We then analyze techniques to mitigate sensor fingerprinting either by calibrating the sensors to eliminate the signal anomalies, or by adding noise that obfuscates the anomalies. We evaluate the impact of calibration and obfuscation techniques on the classifier accuracy; we also look at how such mitigation techniques impact the utility of the motion sensors. Anupam Das, Nikita Borisov and Matthew Caesar (University of Illinois at Urbana-Champaign)

The Price of Free: Privacy Leakage in Personalized Mobile In-Apps Ads Slides In-app advertising is an essential part to the ecosystem of free mobile applications. On the surface, it creates a win-win situation where app developers can profit from their work, but without charging the users. However, as in the case of web advertising, ad-networks behind in-app advertising employ personalization to improve the effectiveness/profitability of their ad-placement. This need for serving personalized advertisements in turn motivates ad-networks to collect data about users and profile them. As such, “free” apps are only free in monetary terms, but they come with a price of potential privacy concerns. The only question is, how much data are users giving away to pay for the “free apps”? In this paper, we study how much of the user’s interest and demographic information is known to these major ad networks on mobile platform. We also study if personalized ads can be used by the hosting apps to reconstruct some of the user information collected by the ad network. By collecting more than two hundred real user profiles through surveys, as well as the ads seen by the surveyed users, we found that mobile ads delivered by a major ad network, Google, are personalized based on both users’ demographic and interest profiles. In particular, we showed that there is statistically significant correlation between observed ads and the user’s profile. We also demonstrated the possibility of learning users’ sensitive demographic information such as gender (75% accuracy) and parental status (66% accuracy) through personalized ads because users of different demographics tend to get ads of different contents. These findings illustrate that in-app advertising can leak potentially sensitive user information to any app that hosts personalized ads and ad networks’ current protection mechanisms are not sufficient for safe-guarding user’s sensitive personal information. Wei Meng, Ren Ding, Simon P. Chung, Steven Han and Wenke Lee (Georgia Institute of Technology)

What Mobile Ads Know About Mobile Users Slides We analyze the software stack of popular mobile advertising libraries and investigate how they protect the users of advertising-supported apps from malicious advertising. We find that, by and large, advertising libraries properly separate the privileges of the ads from the host app and confine untrusted ads in dedicated browser instances that correctly apply the same origin policy. We then demonstrate how confined malicious ads can still use their ability to load content from external storage (essential for media-rich ads in order to cache video and images) to infer sensitive personal information about the user of the device – even when they cannot read the loaded objects due to the same origin policy. We present our recommendations for mitigating the privacy risks of malicious ads and explain how to re-design mobile advertising software to better protect users from malicious advertising. Sooel Son (Google) and Daehyeok Kim (KAIST) and Vitaly Shmatikov (Cornell Tech)

Free for All! Assessing User Data Exposure to Advertising Libraries on Android Slides Many studies have focused on detecting and measuring the security and privacy risks associated with the integration of advertising libraries in mobile apps. These studies consistently demonstrate the abuses of existing ad libraries. However, to fully assess the risks of an app that uses an advertising library, we need to take into account not only the current behaviors but all of the allowed behaviors that could result in the compromise of user data confidentiality. Ad libraries on Android have potential for greater data collection through at least four major channels: using unprotected APIs to learn other apps’ information on the phone (e.g., app names); using protected APIs via permissions inherited from the host app to access sensitive information (e.g., Google and Facebook account information, geo locations); gaining access to files which the host app stores in its own protection domain, and observing user inputs into the host app. In this work, we systematically explore the potential reach of advertising libraries through these channels. We develop an attack simulator called Pluto that is able to analyze an app and tell whether it exposes targeted user data – such as contact information, interests, demographics, medical conditions and so on – to an opportunistic ad library. Pluto embodies novel strategies for using natural language processing to illustrate what targeted data can potentially be learned from an ad network using files and user inputs. Pluto also leverages machine learning and data mining models to reveal what advertising networks can learn from the list of installed apps. We validate Pluto with a collection of apps for which we have determined ground truth about targeted data they may reveal, together with a data set derived from a survey we conducted that gives ground truth for targeted data and corresponding lists of installed apps for about 300 users. We use these to show that Pluto, and hence also opportunistic ad networks, can achieve 75% recall and 80% precision for selected targeted data coming from app files and inputs, and even better results for certain targeted data based on the list of installed apps. Pluto is the first tool that estimates potential risk associated with integrating advertising in apps based on the four major channels and arbitrary sets of target data. Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang and Carl A. Gunter (University of Illinois at Urbana-Champaign)

Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems Slides Mobile communication systems are now an essential part of life throughout the world. Fourth generation “Long Term Evolution” (LTE) mobile communication networks are being deployed. The LTE suite of specifications is considered to be significantly better than its predecessors not only in terms of functionality but also with respect to security and privacy for subscribers. We carefully analyzed LTE access network protocol specifications and uncovered several vulnerabilities. Using commercial LTE mobile devices in real LTE networks, we demonstrate inexpensive, and practical attacks exploiting these vulnerabilities. Our first class of attacks consists of three different ways of making an LTE device leak its location: In our experiments, a semi-passive attacker can locate an LTE device within a 2 km2 area in a city whereas an active attacker can precisely locate an LTE device using GPS co-ordinates or trilateration via cell-tower signal strength information. Our second class of attacks can persistently deny some or all services to a target LTE device. To the best of our knowledge, our work constitutes the first publicly reported practical attacks against LTE access network protocols. We present several countermeasures to resist our specific attacks. We also discuss possible trade-off considerations that may explain why these vulnerabilities exist. We argue that justification for these trade-offs may no longer valid. We recommend that safety margins introduced into future specifications to address such trade-offs should incorporate greater agility to accommodate subsequent changes in the trade-off equilibrium. Altaf Shaik and Jean-Pierre Seifert (TU Berlin & T-Labs) and Ravishankar Borgaonkar (Aalto University) and N. Asokan (Aalto University & University of Helsinki) and Valtteri Niemi (University of Helsinki)

Session 7: Software Security Session Chair: Taesoo Kim, Georgia Tech

Towards Automated Dynamic Analysis for Linux-based Embedded Firmware Slides Commercial-off-the-shelf (COTS) network-enabled embedded devices are usually controlled by vendor firmware to perform integral functions in our daily lives. From home and small office networking equipment, such as wireless routers, over network attached storage, and surveillance cameras these devices are operated by proprietary firmware. For example, wireless home routers are often the first and only line of defense that separates a home user’s personal computing and information devices from the Internet. Such a vital and privileged position in the user’s network requires that these devices operate securely. Unfortunately, recent research and anecdotal evidence suggest that such security assumptions are not at all upheld by the devices deployed around the world. A first step to assess the security of such embedded device firmware is the accurate identification of vulnerabilities. However, the market offers a large variety of these embedded devices, which severely impacts the scalability of existing approaches in this area. In this paper, we present FIRMADYNE, the first automated dynamic analysis system that specifically targets Linux-based firmware on network-connected COTS devices in a scalable manner. We identify a series of challenges inherent to the dynamic analysis of COTS firmware, and discuss how our design decisions address them. At its core, FIRMADYNE relies on software-based full system emulation with an instrumented kernel to achieve the scalability necessary to analyze thousands of firmware binaries automatically. We evaluate FIRMADYNE on a real-world dataset of 23,035 firmware images across 42 device vendors gathered by our system. Using a sample of 74 exploits on the 9,486 firmware images that our system can successfully extract, we discover that 895 firmware images spanning at least 90 distinct products are vulnerable to one or more of the sampled exploit(s). This includes 14 previously-unknown vulnerabilities that were discovered with the aid of our framework, which affect 86 firmware images spanning at least 14 distinct products. Furthermore, our results show that 11 of our tested attacks affect firmware images from more than one vendor, suggesting that codesharing and common upstream manufacturers (OEMs) are quite prevalent. Daming D. Chen, Maverick Woo and David Brumley (Carnegie Mellon University) and Manuel Egele (Boston University)

discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code Slides The identification of security-critical vulnerabilities is a key for protecting computer systems. Being able to perform this process at the binary level is very important given that many software projects are closed-source. Even if the source code is available, compilation may create a mismatch between the source code and the binary code that is executed by the processor, causing analyses that are performed on source code to fail to detect certain bugs and vulnerabilities. Existing approaches to find bugs in binary code 1) use dynamic analysis which is difficult for firmware; 2) handle a single architecture; or 3) use semantic similarity, which is very slow when analyzing large code bases. In this paper, we present a new approach to efficiently search for bugs in binary code. Starting with a binary function that contains a bug, we identify similar functions in other binaries across different compilers, optimization levels, operating systems, and CPU architectures. The main idea is to compute similarity between functions based on the structure of the corresponding control flow graphs. To minimize this costly computation, we employ an efficient pre-filter based on numeric features to quickly identify a small set of candidate functions. This allows us to efficiently search for similar functions in large code bases. We have designed and implemented a prototype of our approach, called discovRE, that supports four instruction set architectures (x86, x64, ARM, MIPS). We show that discovRE is four orders of magnitude faster than the state-of-the-art academic approach for cross-architecture bug search in binaries. We also show that we can identify Heartbleed and POODLE vulnerabilities in an Android system image that contains over 120,000 native ARM functions in less than 80 milliseconds. Sebastian Eschweiler and Khaled Yakdan (University of Bonn) and Elmar Gerhards-Padilla (Fraunhofer FKIE)

Driller: Augmenting Fuzzing Through Selective Symbolic Execution Slides Memory corruption vulnerabilities are an ever-present risk in software, which attackers can exploit to obtain private information or monetary gain. As products with access to sensitive data are becoming more prevalent, the number of potentially exploitable systems is also increasing, resulting in a greater need for automated software vetting tools. DARPA recently funded a competition, with millions of dollars in prize money, to further research of automated vulnerability finding and patching, showing the importance of research in this area. Current techniques for finding potential bugs include static, dynamic, and concolic analysis systems, which each have their own advantages and disadvantages. Systems designed to create inputs which trigger vulnerabilities typically only find shallow bugs and struggle to exercise deeper paths in executables. We present Driller, a hybrid vulnerability excavation tool which leverages fuzzing and selective concolic execution, in a complementary manner, to find deeper bugs. Inexpensive fuzzing is used to exercise compartments of an application, while concolic execution is used to generate inputs which satisfy the complex checks separating the compartments. By combining the strengths of the two techniques, we mitigate their weaknesses, avoiding the path explosion inherent in concolic analysis and the incompleteness of fuzzing. Driller uses selective concolic execution to explore only the paths deemed interesting by the instrumented fuzzer and to generate inputs for conditions that the fuzzer could not satisfy. We evaluate Driller on 126 applications released in the qualifying event of the DARPA Cyber Grand Challenge and show its efficacy by identifying the same number of vulnerabilities, in the same time, as the top-scoring team of the qualifying event. Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel and Giovanni Vigna (UC Santa Barbara)

VTrust: Regaining Trust on Virtual Calls Slides Virtual function calls are one of the most popular control-flow hijack attack targets. Compilers use a virtual function pointer table, called a VTable, to dynamically dispatch virtual function calls. These VTables are read-only, but pointers to them are not. VTable pointers reside in objects that are writable, allowing attackers to overwrite them. As a result, attackers can divert the control-flow of virtual function calls and launch VTable hijacking attacks. Researchers have proposed several solutions to protect virtual calls. However, they either incur high performance overhead or fail to defeat some VTable hijacking attacks. In this paper, we propose a lightweight defense solution, VTrust, to protect all virtual function calls from VTable hijacking attacks. It consists of two independent layers of defenses: virtual function type enforcement and VTable pointer sanitization. Combined with modern compilers’ default configuration, i.e., placing VTables in read-only memory, VTrust can defeat all VTable hijacking attacks and supports modularity, allowing us to harden applications module by module. We have implemented a prototype on the LLVM compiler framework. Our experiments show that this solution only introduces a low performance overhead, and it defeats real world VTable hijacking attacks. Chao Zhang and Dawn Song (UC Berkeley) and Scott A. Carr and Mathias Payer (Purdue University) and Tongxin Li and Yu Ding (Peking University) and Chengyu Song (Georgia Institute of Technology)

Protecting C++ Dynamic Dispatch Through VTable Interleaving Slides With new defenses against traditional control-flow attacks like stack buffer overflows, attackers are increasingly using more advanced mechanisms to take control of execution. One common such attack is vtable hijacking, in which the attacker exploits bugs in C++ programs to overwrite pointers to the virtual method tables (vtables) of objects. We present a novel defense against this attack. The key insight of our approach is a new way of laying out vtables in memory through careful ordering and interleaving. Although this layout is very different from a traditional layout, it is backwards compatible with the traditional way of performing dynamic dispatch. Most importantly, with this new layout, checking the validity of a vtable at runtime becomes an efficient range check, rather than a set membership test. Compared to prior approaches that provide similar guarantees, our approach does not use any profiling information, has lower performance overhead (about 1%) and has lower code bloat overhead (about 1.7%). Dimitar Bounov, Rami Gökhan Kıcı and Sorin Lerner (UCSD)

Session 8: System Security – Part I Session Chair: Yongdae Kim, KAIST

ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting Slides Provenance tracing is a very important approach to Advanced Persistent Threat (APT) attack detection and investigation. Existing techniques either suffer from the dependence explosion problem or have non-trivial space and runtime overhead, which hinder their application in practice. We propose ProTracer, a lightweight provenance tracing system that alternates between system event logging and unit level taint propagation. The technique is built on an on-the-fly system event processing infrastructure that features a very lightweight kernel module and a sophisticated user space daemon that performs concurrent and out-of-order event processing. The evaluation on different real-world system workloads and a number of advanced attacks show that ProTracer only produces 13MB log data per day, and 0.84GB(Server)/2.32GB(Client) in 3 months without losing any important information. The space consumption is only < 1.28% of the state-of-the-art, 7 times smaller than an off-line garbage collection technique. The runtime overhead averages