Publications

1 3 4 5 6 7 11

MasterPrint: Exploring the Vulnerability of Partial Fingerprint-based Authentication Systems

April 6, 2017

Aditi Roy, Nasir Memon and Arun Ross

This paper investigates the security of partial fingerprint-based authentication systems, especially when multiple fingerprints of a user are enrolled. A number of consumer electronic devices, such as smartphones, are beginning to incorporate fingerprint sensors for user authentication. The sensors embedded in these devices are generally small and the resulting images are, therefore, limited in size. To compensate for the limited size, these devices often acquire multiple partial impressions of a single finger during enrollment to ensure that at least one of them will successfully match with the image obtained from the user during authentication. Further, in some cases, the user is allowed to enroll multiple fingers, and the impressions pertaining to multiple partial fingers are associated with the same identity (i.e., one user). A user is said to be successfully authenticated if the partial fingerprint obtained during authentication matches any one of the stored templates. This paper investigates the possibility of generating a “MasterPrint”, a synthetic or real partial fingerprint that serendipitously matches one or more of the stored templates for a significant number of users.

X-Platform Phishing: Abusing Trust for Targeted Attacks

April 6, 2017

Hossein Siadati, Toan Nguyen and Nasir D. Memon

Anti-phishing techniques intended to reduce the delivery rate of phishing emails, and anti-phishing trainings meant to decrease the phishing click-through rates. This paper presents the X-Platform Phishing Attack, a deceptive phishing attack with an alarmingly high delivery and click-through rates, and highlights a subset of the challenges that existing anti-phishing methods have fallen short to address. In this attack, an attacker embeds a malicious link within a legitimate message generated by a service provider. This attack can bypass the existing anti-phishing filters because the attacker uses the email ID of a reputable service provider to generate a seemingly legitimate email. This attack is irresistible for users to click on for a similar reason. For this, the attackers use email-based messaging and notification mechanisms such as friend requests, membership invitations, status updates, and customizable gift cards to embed and deliver phishing links to their targets. We have tested the delivery and click-through rates of this at- tack based on customized phishing emails tunneled through GitHubs pull-request mechanism. We observed that 100% of X-Platform Phishing emails passed the anti-phishing systems and were delivered to the inbox of the target subjects. All of the participants clicked on phishing messages, and in some cases, forwarded the message to other project collaborators and they also clicked on the phishing links in turn.

Tools for Automated Analysis of Cybercriminal Markets

April 6, 2017

Sadia Afroz, Rebecca Sorla Portnoff, Greg Durrett, Jonathan Kummerfeld, Damon McCoy, Kirill Levchenko, and Vern Paxson

Underground forums are widely used by criminals to buy and sell a host of stolen items, datasets, resources, and criminal services. These forums contain important resources for understanding cybercrime. However, the number of forums, their size, and the domain expertise required to understand the markets makes manual exploration of these forums unscalable. In this work, we propose an automated, top-down approach for analyzing underground forums.

Secure 3D Printing: Reconstructing and Validating Solid Geometries using Toolpath Reverse Engineering

April 2, 2017

Nektarios Georgios Tsoutsos, Homer Gamil and Michail Maniatakos

As 3D printing becomes more ubiquitous, traditional centralized process chains are transformed to a distributed manufacturing model, where each step of the process can be outsourced to different parties. Despite the countless benefits of this revolutionary technology, outsourcing parts of the process to potentially untrusted parties raises security concerns, as malicious design modifications can impact the structural integrity of the manufactured 3D geometries. To address this problem, we introduce a novel compiler that allows reverse engineering G-code toolpaths (i.e., machine commands describing how a geometry is printed) to reconstruct a close approximation of the original 3D object. Our framework then uses Finite Element Analysis to simulate the reconstructed object under different stress conditions and validate its structural integrity, without requiring a golden model reference.

Logic Locking for Secure Outsourced Chip Fabrication: A New Attack and Provably Secure Defense Mechanism

March 29, 2017

Mohamed El Massad, Jun Zhang, Siddharth Garg, and Mahesh V. Tripunitara

Chip designers outsource chip fabrication to external foundries, but at the risk of IP theft. Logic locking, a promising solution to mitigate this threat, adds extra logic gates (key gates) and inputs (key bits) to the chip so that it functions correctly only when the correct key, known only to the designer but not the foundry, is applied. In this paper, we identify a new vulnerability in all existing logic locking schemes.

 

Demystifying advanced persistent threats for industrial control systems.

March 23, 2017

Keliris, Anastasis and Maniatakos, Michail.

Cyberattacks are an emerging threat for Industrial Control Systems (ICS) that, given the tight coupling between the cyber and physical components, can have far-reaching implications. It is typical for contemporary ICS components to utilize Commercial-Off-The-Shelf (COTS) hardware and software, rendering them prone to vulnerabilities and exploitation techniques that afflict IT systems (Figure 1). In an effort to demonstrate the ICS cyber threat landscape, we discuss a comprehensive methodology for designing an Advanced Persistent Threat (APT), which is a stealthy and continuous type of cyberattack with a high level of sophistication suitable for the complex environment of ICS.

Secure and Flexible Trace-Based Debugging of Systems-on-Chip

March 15, 2017

Jerry Backer, David Hely and Ramesh Karri

This work tackles the conflict between enforcing security of a system-on-chip (SoC) and providing observability during trace-based debugging. On one hand, security objectives require that assets remain confidential at different stages of the SoC life cycle. On the other hand, the trace-based debug infrastructure exposes values of internal signals that can leak the assets to untrusted third parties.

 

Phishing for Phools in the Internet of Things: Modeling One-to-Many Deception using Poisson Signaling Games

March 15, 2017

Jeffrey Pawlick and Quanyan Zhu

Strategic interactions ranging from politics and pharmaceuticals to e-commerce and social networks support equilibria in which agents with private information manipulate others which are vulnerable to deception. Especially in cyberspace and the Internet of things, deception is difficult to detect and trust is complicated to establish. For this reason, effective policy-making, profitable entrepreneurship, and optimal technological design demand quantitative models of deception. In this paper, we use game theory to model specifically one-to-many deception.

Learning from Experience: A Dynamic Closed-Loop QoE Optimization for Video Adaptation and Delivery

March 6, 2017

Imen Triki, Quanyan Zhu, Rachid Elazouzi, Majed Haddad, Zhiheng Xu

In general, the quality of experience QoE is subjective and context-dependent, identifying and calculating the factors that affect QoE is a difficult task. Recently, a lot of effort has been devoted to estimating the users QoE in order to enhance video delivery. In the literature, most of the QoE-driven optimization schemes that realize trade-offs among different quality metrics have been addressed under the assumption of homogenous populations, nevertheless, people perceptions on a given video quality may not be the same, which makes the QoE optimization harder. This paper aims at taking a step further to address this limitation to meet all the users profiles. We propose a closed-loop control framework based on the users subjective feedbacks to learn the QoE function and enhance video qualities at the same time. Our simulation results show that our system converges to a steady state where the learned QoE-function noticeably enhances the users feedbacks.

Remote field device fingerprinting using device-specific modbus information

March 6, 2017

Anastasis Keliris and Michail Maniatakos

Device fingerprinting can provide useful information for vulnerability assessment and penetration testing, and can also facilitate the reconnaissance phase of a malicious campaign. This information becomes critical when the target devices are deployed in industrial environments, given the potential impact of cyber-attacks on critical infrastructure devices. In this paper, we propose a method for fingerprinting industrial devices that utilize the Modbus protocol. Our technique is based on the observation that implementations of the Modbus protocol differ between vendors. Although the Modbus protocol specification defines a device identification mechanism, several vendors do not implement this mechanism or use different methods for identifying their devices. We utilize these implementation differences, in conjunction with the lack of authentication in the Modbus protocol, to fingerprint remote field devices.

Remote field device fingerprinting using device-specific modbus information

March 6, 2017

Anastasis Keliris and Michail Maniatakos

Device fingerprinting can provide useful information for vulnerability assessment and penetration testing, and can also facilitate the reconnaissance phase of a malicious campaign. This information becomes critical when the target devices are deployed in industrial environments, given the potential impact of cyber-attacks on critical infrastructure devices. In this paper, we propose a method for fingerprinting industrial devices that utilize the Modbus protocol. Our technique is based on the observation that implementations of the Modbus protocol differ between vendors. Although the Modbus protocol specification defines a device identification mechanism, several vendors do not implement this mechanism or use different methods for identifying their devices. We utilize these implementation differences, in conjunction with the lack of authentication in the Modbus protocol, to fingerprint remote field devices. We evaluate our proposed methodology on Modbus-enabled devices that are directly connected to the internet and indexed by the Shodan search engine. Our analysis focuses on devices from four vendors used across different industry verticals. We have accurately identified make and model information for 308 devices, improving the fingerprinting capabilities of Shodan by 28%.

Secure and Reconfigurable Network Design for Critical Information Dissemination in the Internet of Battlefield Things (IoBT)

March 2, 2017

Muhammad Junaid Farooq and Quanyan Zhu

This work aims to build the theoretical foundations of designing secure and reconfigurable IoBT networks. Leveraging the theories of stochastic geometry and mathematical epidemiology, we develop an integrated framework to study the communication of mission-critical data among different types of network devices and consequently design the network in a cost effective manner.

Security analysis of Anti-SAT

February 20, 2017

Muhammad Yasin, Bodhisatwa Mazumdar, Ozgur Sinanoglu, and Jeyavijayan Rajendran

Logic encryption protects integrated circuits (ICs) against intellectual property (IP) piracy and overbuilding attacks by encrypting the IC with a key. A Boolean satisfiability (SAT) based attack breaks all existing logic encryption technique within few hours. Recently, a defense mechanism known as Anti-SAT was presented that protects against SAT attack, by rendering the SAT-attack effort exponential in terms of the number of key gates.

A Bi-Level Game Approach to Attack-Aware Cyber Insurance of Computer Networks

February 20, 2017

Rui Zhang, Quanyan Zhu and Yezekael Hayel

Network security becomes more challenging than ever as today’s computer networks become increasingly complex. The deployment of defense mechanisms such as firewalls , intrusion detection systems , and moving target defenses can effectively reduce the success rate of cyber attacks but cannot guarantee perfect network security as attacks are becoming more stealthy and sophisticated . Network users can still be hacked, resulting in severe data breaches, disruption of services and financial losses. Cyber insurance provides users a valuable additional layer of protection to mitigate potential vulnerabilities to unknown threats, hacking, and human errors. An incentive compatible cyber insurance policy could help reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures in return for more coverage and the implementation of best practices by basing premiums on an insured level of self-protection

Optimal Security Policy for Protection Against Heterogeneous Malware

February 19, 2017

Vladislav Taynitskiy, Elena Gubar, and Quanyan Zhu

Malware is a malicious software which aims to disrupt computer operations, gather sensitive information, and gain access to private computer systems. It can induce various sorts of damage, including economic costs, the leakage of private information, and instability of physical systems, etc. The distribution of antivirus patches in a network enables the control of the proliferation of malicious software and decreases possible losses. Multiple types of malware can coexist in a network. Hence it is important to protect a computer network from several heterogeneous malware, which can propagate in the network at the same time. In this study, we model the propagation of two types of malware using a modified two-virus epidemic model.

Undermining Cybercrime: A Case Study on User Response to Unregulated Payment Systems

February 15, 2017

Prakhar Pandey, Ryan Brunt, Damon McCoy

In this case study, we use the leaked database of a DDoS for hire service, vdos-s.com (VDOS), to investigate how users responded to disruptions in their payment options. Earlier this year VDOS was hacked and authorities were able to arrest the people running the site [2]. Using their leaked database, we analyze user data from July 2014 through July 2016. During this time, interventions were launched by other researchers and law enforcement to disrupt access to PayPal, the primary method used to subscribe to these booter services. In response, many booters, including VDOS, scrapped regulated payment processors in favor of Bitcoin. We show that users who previously used regulated payments methods were unlikely to switch to Bitcoin. We also show that the disruptions to PayPal caused spikes in customer complaints. Our findings are limited to the VDOS users we analyzed so future work will need to be done to understand how users respond to payment disruptions.

Intelligence business: Trump must keep privacy protections for US firms

February 13, 2017

TheHill_Featured

Zachary K. Goldman poses questions for the Director of National Intelligence on information privacy, cybersecurity, and American businesses in The Hill.

Automotive Electrical/Electronic Architecture Security via Distributed In-Vehicle Traffic Monitoring

February 9, 2017

Peter Waszecki, Philipp Mundhenk, Sebastian Steinhorst, Martin Lukasiewycz, Ramesh Karri, and Samarjit Chakraborty

Due to the growing interconnectedness and complexity of in-vehicle networks, in addition to safety, security is becoming an increasingly important topic in the automotive domain. In this paper we study techniques for detecting security infringements in automotive Electrical and Electronic (E/E) architectures. Towards this we propose in-vehicle network traffic monitoring to detect increased transmission rates of manipulated message streams.