Results 1 - 10
of
11
Trustworthy execution on mobile devices: What security properties can my mobile platform give me
, 2011
"... Abstract. We are now in the post-PC era, yet our mobile devices are insecure. We consider the different stake-holders in today’s mobile device ecosystem, and analyze why widely-deployed hardware security primitives on mobile device platforms are inaccessible to application developers and end-users. ..."
Abstract
-
Cited by 10 (1 self)
- Add to MetaCart
(Show Context)
Abstract. We are now in the post-PC era, yet our mobile devices are insecure. We consider the different stake-holders in today’s mobile device ecosystem, and analyze why widely-deployed hardware security primitives on mobile device platforms are inaccessible to application developers and end-users. We systematize existing proposals for leveraging such primitives, and show that they can indeed strengthen the security properties available to applications and users, all without reducing the properties currently enjoyed by OEMs and network carriers. We also highlight shortcomings of existing proposals and make recommendations for future research that may yield practical, deployable results. 1
Leveraging USB to Establish Host Identity Using Commodity Devices
, 2013
"... Abstract—Determining a computer’s identity is a challenge of critical importance to users wishing to ensure that they are interacting with the correct system; it is also extremely valuable to forensics investigators. However, even hosts that contain trusted computing hardware to establish identity c ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
Abstract—Determining a computer’s identity is a challenge of critical importance to users wishing to ensure that they are interacting with the correct system; it is also extremely valuable to forensics investigators. However, even hosts that contain trusted computing hardware to establish identity can be defeated by relay and impersonation attacks. In this paper, we consider how to leverage the virtually ubiquitous USB interface to uniquely identify computers based on the characteristics of their hardware, firmware, and software stacks. We collect USB data on a corpus of over 250 machines with a variety of hardware and software configurations, and through machine learning classification tech-niques we demonstrate that, given a period of observation on the order of tenths of a second, we can differentiate hosts based on a variety of attributes such as operating system, manufacturer, and model with upwards of 90 % accuracy. Over longer periods of observation on the order of minutes, we demonstrate the ability to distinguish between hosts that are seemingly identical; using Random Forest classification and statistical analysis, we generate fingerprints that can be used to uniquely and consistently identify 70 % of a field of 30 machines that share identical OS and hardware specifications. Additionally, we show that we can detect the presence of a hypervisor on a computer with 100% accuracy and that our results are resistant to concept drift, a spoofing attack in which malicious hosts provide fraudulent USB messages, and relaying of commands from other machines. Our techniques are thus generally employable in an easy-to-use and low-cost fashion. I.
Exposing Security Risks for Commercial Mobile Devices
"... Abstract. Recent advances in the hardware capabilities of mobile handheld devices have fostered the development of open source operating systems and a wealth of applications for mobile phones and table devices. This new generation of smart devices, including iPhone and Google Android, are powerful e ..."
Abstract
-
Cited by 3 (1 self)
- Add to MetaCart
(Show Context)
Abstract. Recent advances in the hardware capabilities of mobile handheld devices have fostered the development of open source operating systems and a wealth of applications for mobile phones and table devices. This new generation of smart devices, including iPhone and Google Android, are powerful enough to accomplish most of the user tasks previously requiring a personal computer. Moreover, mobile devices have access to Personally Identifiable Information (PII) including a full suite of location services, camera, microphone, among others. In this paper, we discuss the cyber threats that stem from these new smart device capabilities and the online application markets for mobile devices. These threats include malware, data exfiltration, exploitation through USB, and user and data tracking. We will present the ongoing GMU efforts to defend against or mitigate the impact of attacks against mobile devices. Our approaches involve analyzing the source code and binaries of mobile applications, hardening the device by using Kernel-level network and data encryption, and controlling the communication mechanisms for synchronizing the user contents with computers and other phones. We will also explain the enhanced difficulties in dealing with these security issues when the end-goal is to deploy security-enhanced smart phones into military and tactical scenarios. The talk will conclude with a discussion of our current and future research directions. 1
Over-the-Air Cross-platform Infection for Breaking mTAN-based Online Banking Authentication
"... Abstract. We present a novel stealthy cross-platform infection attack in WiFi networks. Our attack has high impact on two-factor authentication schemes that make use of mobile phones. In particular, we apply our attack to break mTAN authentication, one of the most used scheme for online banking worl ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
(Show Context)
Abstract. We present a novel stealthy cross-platform infection attack in WiFi networks. Our attack has high impact on two-factor authentication schemes that make use of mobile phones. In particular, we apply our attack to break mTAN authentication, one of the most used scheme for online banking worldwide (Europe, US, China). We present the design and implementation of the online banking Trojan which spreads over the WiFi network from the user's PC to her mobile phone and automatically pairs these devices. When paired, the host and the mobile malware deliver to the attacker authentication secrets which allow her to successfully authenticate against the online-banking portal and perform nancial transactions in the name of the user. Our attack is stealthy compared to the known banking Trojans ZeuS/ZitMo and SpyEye/Spitmo, as it does not rely on phishing or naïve user behavior for malware spreading and pairing. Our reference implementation targets Windows PCs and Android based smartphones, although our attack is not platform speci c. To achieve cross-platform infection, we applied and adapted attack techniques such as remote code execution, privilege escalation, GOT overwriting, DLL injection and function hooking. Our attack can be implemented by knowledgeable attackers and calls for re-thinking of security measures deployed for protection of online transactions by banks. 1
On the Feasibility of Large-Scale Infections of iOS Devices
"... While Apple iOS has gained increasing attention from attackers due to its rising popularity, very few large scale infections of iOS devices have been discovered because of iOS ’ advanced security architecture. In this paper, we show that infecting a large number of iOS devices through botnets is fea ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
While Apple iOS has gained increasing attention from attackers due to its rising popularity, very few large scale infections of iOS devices have been discovered because of iOS ’ advanced security architecture. In this paper, we show that infecting a large number of iOS devices through botnets is feasible. By exploiting design flaws and weaknesses in the iTunes syncing process, the de-vice provisioning process, and in file storage, we demon-strate that a compromised computer can be instructed to install Apple-signed malicious apps on a connected iOS device, replace existing apps with attacker-signed ma-licious apps, and steal private data (e.g., Facebook and Gmail app cookies) from an iOS device. By analyzing DNS queries generated from more than half a million anonymized IP addresses in known botnets, we measure that on average, 23 % of bot IP addresses demonstrate iOS device existence and Windows iTunes purchases, implying that 23 % of bots will eventually have connec-tions with iOS devices, thus making a large scale infec-tion feasible. 1
Attestation & Authentication for USB Communications
"... Abstract—In this paper, we present the design, implementation, and software testing of USBSec, a secure extension of the vanilla USB protocol that incorporates host authentication to defend against software threats. Specifically, we force the USB host to supply authentication information to the peri ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Abstract—In this paper, we present the design, implementation, and software testing of USBSec, a secure extension of the vanilla USB protocol that incorporates host authentication to defend against software threats. Specifically, we force the USB host to supply authentication information to the peripheral device before enumerating the device. The peripheral validates the authentication information against its own list of authorized host keys. If both sides can validate each other, standard USB enumeration continues otherwise the connection is terminated. We have implemented a fully working prototype of USBSec based on USB implementation in Linux kernel and our experimental results demonstrate its practicality and effectiveness. I.
USENIX Association 23rd USENIX Security Symposium 79 On the Feasibility of Large-Scale Infections of iOS Devices
, 2014
"... is sponsored by USENIX ..."
Making USB Great Again with usbfilter Making USB Great Again with USBFILTER
, 2016
"... Abstract USB provides ubiquitous plug-and-play connectivity for a wide range of devices. However, the complex nature of USB obscures the true functionality of devices from the user, and operating systems blindly trust any physically-attached device. This has led to a number of attacks, ranging from ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract USB provides ubiquitous plug-and-play connectivity for a wide range of devices. However, the complex nature of USB obscures the true functionality of devices from the user, and operating systems blindly trust any physically-attached device. This has led to a number of attacks, ranging from hidden keyboards to network adapters, that rely on the user being unable to identify all of the functions attached to the host. In this paper, we present USBFILTER, which provides the first packet-level access control for USB and can prevent unauthorized interfaces from successfully connecting to the host operating system. USBFILTER can trace individual USB packets back to their respective processes and block unauthorized access to any device. By instrumenting the host's USB stack between the device drivers and the USB controller, our system is able to filter packets at a granularity that previous works cannot -at the lowest possible level in the operating system. USBFILTER is not only able to block or permit specific device interfaces; it can also restrict interfaces to a particular application (e.g., only Skype can access my webcam). Furthermore, our experimental analysis shows that USBFILTER introduces a negligible (3-10µs) increase in latency while providing mediation of all USB packets on the host. Our system provides a level of granularity and extensibility that reduces the uncertainty of USB connectivity and ensures unauthorized devices are unable to communicate with the host.
A Security Hygienic Smart Charger for Mobile Devices
"... Abstract—Measuring and attesting to the operational integrity and security posture of a mobile device is challenging. Today, smart phones and tablet computers lack a number of traditional security features that have emerged for commodity laptops and desktops. In addition to restricted power, mobile ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—Measuring and attesting to the operational integrity and security posture of a mobile device is challenging. Today, smart phones and tablet computers lack a number of traditional security features that have emerged for commodity laptops and desktops. In addition to restricted power, mobile devices generally don’t have a hardware root-of-trust and currently lack ubiquitous virtualization capability, which limits some of today’s approaches to security. Even as these security mechanisms reemerge for mobile devices, no single one is expected to be a “silver bullet. ” We believe that the need to recharge these mobile devices can be exploited with the introduction of a hygienic smart charger concept. The charger is used to measure, attest, and remediate the integrity of hosted mobile devices via the Universal Serial Bus (USB), while the mobile device re-charges. A reference prototype specifically targeting the Android-based Nexus S is introduced. Keywords-mobile security; measurement and attestation; system integrity; power; hygiene; malware I.
Implementing and Optimizing an Encryption Filesystem on Android
"... Abstract—The recent surge in popularity of smart handheld devices, including smart-phones and tablets, has given rise to new challenges in protection of Personal Identifiable Information (PII). Indeed, modern mobile devices store PII for applications that span from email to SMS and from social media ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—The recent surge in popularity of smart handheld devices, including smart-phones and tablets, has given rise to new challenges in protection of Personal Identifiable Information (PII). Indeed, modern mobile devices store PII for applications that span from email to SMS and from social media to location-based services increasing the concerns of the end user’s privacy. Therefore, there is a clear need and expectation for PII data to be protected in the case of loss, theft, or capture of the portable device. In this paper, we present a novel FUSE (Filesystem in USErspace) encryption filesystem to protect the removable and persistent storage on heterogeneous smart gadget devices running the Android platform. The proposed filesystem leverages NIST certified cryptographic algorithms to encrypt the dataat-rest. We present an analysis of the security and performance trade-offs in a wide-range of usage and load scenarios. Using existing known micro benchmarks in devices using encryption without any optimization, we show that encrypted operations can incur negligible overhead for read operations and up to twenty (20) times overhead for write operations for I/Ointensive programs. In addition, we quantified the database transaction performance and we observed a 50 % operation time slowdown on average when using encryption. We further explore generic and device specific optimizations and gain 10 % to 60 % performance for different operations reducing the initial cost of encryption. Finally, we show that our approach is easy to install and configure across all Android platforms including mobile phones, tablets, and small notebooks without any user perceivable delay for most of the regular Android applications. Keywords-Smart handheld devices, Full disk encryption, Encrypted filesystem, I/O performance. I.
