IEEE European Symposium on Security and Privacy 2023 (EuroS&P)

Affiliated Workshops: ACSW, DevSecOpsRo, IWPE, WACCO, SLIM

-

Please refer to the workshop websites and the mentoring sessions infopage for the programs. Directions to the venue can be found here.

Brief time table for Workshops

9:00 – 10:30 workshops
10:30 – 11:00 coffee break – Restaurant on the ground floor
11:00 – 12:30 workshops
12:30 – 13:30 lunch – Restaurant on the ground floor
13:30 – 15:00 workshops
15:00 – 15:30 coffee break – Restaurant on the ground floor
15:30 – 17:30 workshops

Workshop Locations

Opening

08:30 - 09:00

Keynote: Bart Preneel (KU Leuven)

09:00 - 9:45

Session: Phishing/fraud/scams

9:45 - 10:55

Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy
Enze Liu (University of California, San Diego), Gautam Akiwate (Stanford University), Mattijs Jonker (University of Twente), Ariana Mirian (University of California, San Diego), Grant Ho (University of California, San Diego), Geoffrey M. Voelker (University of California, San Diego), Stefan Savage (University of California, San Diego)

The critical role played by email has led to a range of extension protocols (e.g., SPF, DKIM, DMARC) designed to protect against the spoofing of email sender domains. These protocols are complex as is, but are further complicated by automated email forwarding — used by individual users to manage multiple accounts and by mailing lists to redistribute messages. In this paper, we explore how such email forwarding and its implementations can break the implicit assumptions in widely deployed anti-spoofing protocols. Using large-scale empirical measurements of 20 email forwarding services (16 leading email providers and four popular mailing list services), we identify a range of security issues rooted in forwarding behavior and show how they can be combined to reliably evade existing anti-spoofing controls. We show how this allows attackers to not only deliver spoofed email messages to prominent email providers (e.g., Gmail, Microsoft Outlook, and Zoho), but also reliably spoof email on behalf of tens of thousands of popular domains including sensitive domains used by organizations in government (e.g., state.gov), finance (e.g., transunion.com), law (e.g., perkinscoie.com) and news (e.g., washingtonpost.com) among others.

Android, notify me when it is time to go phishing
Antonio Ruggia (University of Genoa), Andrea Possemato (EURECOM), Alessio Merlo (University of Genoa), Dario Nisi (EURECOM), Simone Aonzo (EURECOM)

[Presentation]

A mobile banking app just started up, and the notification ``App updated, click here to restart'' appears. The graphic theme is the same as the bank. Can we trust it? What if we cannot even trust that tapping an app actually loads the original one? More generally, what if Android notifies an attacker when her victim has just launched the target app of her phishing campaign so that she could cast the hook at the perfect moment?In this paper, we abuse inotify APIs, a mechanism for monitoring file system events, to mount a state inference-based phishing attack from a malicious app installed on the victim's smartphone. We also verified the novelty of our work analyzing 10,000 recent Android malware, and although we found some cases where malware uses inotify for their petty purposes, our attack seems to be publicly unknown.However, since Android constantly evolves year after year, we studied its feasibility over different Android versions and attacker's capabilities. By analyzing 4863 of the most popular apps, the most disconcerting finding is that if the attacker knows the installation path of the target app, all Android apps are vulnerable, regardless of the system version. Getting the installation path of an app is a capability that is only protected by a normal permission, and to make matters worse, there are workarounds to get it even without such permission. Even if this capability is denied, we propose different attack models under which this attack is still possible; however, at the end of our work, we provide the remediation to eradicate once and for all these attacks. Through this work, we reported three vulnerabilities to Google. Two were acknowledged as bugs of moderate severity, while the last one was already known but not public.

Active Countermeasures for Email Fraud
Wentao Chen (University of Bristol), Fuzhou Wang (City University of Hong Kong), Matthew Edwards (University of Bristol)

[Presentation]

As a major component of online crime, email-based fraud is a threat that causes substantial economic losses every year. To counteract these scammers, volunteers called scam-baiters play the roles of victims, reply to scammers, and try to waste their time and attention with long and unproductive conversations. To curb email fraud and magnify the effectiveness of scam-baiting, we developed and deployed an expandable scam-baiting mailserver that can conduct scam-baiting activities automatically. We implemented three reply strategies using three different models and conducted a one-month-long experiment during which we elicited 150 messages from 130 different scammers. We compare the performance of each strategy at attracting and holding the attention of scammers, finding tradeoffs between human-written and automatically-generated response strategies, and we release both our platform and a dataset containing conversations between our automatic scam-baiters and real human scammers, to support future work in preventing online fraud.

Session Chair: Kangjie Lu

Coffee Break

10:55 - 11:15

Session: Crypto + formal methods I

11:15 - 12:40

Multi-Factor Credential Hashing for Asymmetric Brute-Force Attack Resistance
Vivek Nair (UC Berkeley), Dawn Song (UC Berkeley)

Since the introduction of bcrypt in 1999, adaptive password hashing functions, whereby brute-force resistance increases symmetrically with computational difficulty for legitimate users, have been our most powerful post-breach countermeasure against credential disclosure. Unfortunately, the relatively low tolerance of users to added latency places an upper bound on the deployment of this technique in most applications. In this paper, we present a multi-factor credential hashing function (MFCHF) that incorporates the additional entropy of multi-factor authentication into password hashes to provide asymmetric resistance to brute-force attacks. MFCHF provides full backward compatibility with existing authentication software (e.g., Google Authenticator) and hardware (e.g., YubiKeys), with support for common usability features like factor recovery. The result is a 10^6 to 10^48 times increase in the difficulty of cracking hashed credentials, with little added latency or usability impact.

CHEX-MIX: Combining Homomorphic Encryption with Trusted Execution Environments for Oblivious Inference in the Cloud
Deepika Natarajan (University of Michigan-Ann Arbor), Andrew Loveless (University of Michigan-Ann Arbor), Wei Dai (Microsoft Research), Ron Dreslinski (University of Michigan-Ann Arbor)

Data, when coupled with state-of-the-art machine learning models, can enable remarkable applications. But, there exists an underlying tension: users wish to keep their data private, and model providers wish to protect their intellectual property. Homomorphic encryption (HE) and multi-party computation (MPC) techniques have been proposed as solutions to this problem; however, both techniques require model providers to fully trust the server performing the machine learning computation. This limits the scale of inference applications since it prevents model providers from leveraging shared public cloud infrastructures. In this work, we present HEX-ML, a solution to the problem of privacy-preserving machine learning between two mutually distrustful parties in an untrusted cloud setting. HEX-ML relies on a combination of HE and trusted execution environments (TEEs), using HE to provide clients with confidentiality guarantees and TEEs to provide model providers with confidentiality guarantees and protect the integrity of computation from malicious cloud adversaries. Unlike prior solutions to this problem, such as multi-key HE, single-key HE, MPC, or TEE-only techniques, our solution assumes that both clients and the cloud can be malicious, makes no collusion assumptions, and frees model providers from needing to maintain private online infrastructures. Our implementation results show that HEX-ML can execute at high efficiency, with low communication cost, while providing security guarantees unaddressed by prior work. Compared to a recent multi-key HE work, for example, that allows (partial) offload to an untrusted cloud, HEX-ML achieves a 3× lower communication cost and a 3× faster computation time.

A Generic Obfuscation Framework for Preventing ML-Attacks on Strong-PUFs through Exploitation of DRAM-PUFs
Owen Millwood (University of Sheffield), Meltem Kurt Pehlivanoğlu (Kocaeli University), Jack Miskelly (Queen's University Belfast), Aryan Mohammadi Pasikhani (University of Sheffield), Prosanta Gope (University of Sheffield), Elif Bilge Kavun (University of Passau)

Designing sufficiently secure systems for low-power devices is a difficult problem to tackle considering the limited power and computational resources available. With the ubiquitous adoption of the Internet-of-Things (IoT) not appearing to be slowing any time soon, resource-constrained security is more important than ever. Physical Unclonable Functions (PUFs) have gained momentum in recent years for their potential in enabling strong security through generation of unique identifiers based on entropy derived from unique manufacturing variations. Strong-PUFs however, which are desirable for authentication protocols, have been often been shown to be insecure to Machine Learning Modelling Attacks (ML-MA). Recently, some schemes have been proposed to enhance security against ML-MA through post-processing of the PUF, however, often security is not sufficiently upheld, the scheme requires too large an additional overhead, or, key data must be insecurely stored in Non-Volatile Memory. In this work, we propose a generic framework for securing Strong-PUFs against ML-MA through obfuscation of challenge and response data by exploiting a DRAM-PUF to supplement a One-Way Function (OWF) which can be implemented using the available resources on an FPGA platform. Our proposed scheme enables reconfigurability, strong security and one-wayness. We conduct ML-MA using various classifiers to strongly evaluate the performance of our scheme across multiple 16-bit and 32-bit Arbiter-PUF (APUF) variants, showing our scheme reduces model accuracy to around 50% for each PUF (random guessing) and evaluate the uniformity and uniqueness of the final responses, demonstrating that ideal properties are maintained. Even though we demonstrate our proposal through a DRAM-PUF, our scheme can be extended to work with memory-based PUFs in general.

Automatic verification of transparency protocols
Vincent Cheval (INRIA Paris, France), José Moreira (Valory AG, Switzerland), Mark Ryan (University of Birmingham)

We introduce a new methodology and new features in ProVerif, an automatic tool for verifying security protocols. This methodology and these features are aimed at protocols which involve sophisticated data types that have strong properties, such as Merkle trees, which allow compact proofs of data presence and tree extension. Such data types are widely used in protocols in systems that use distributed ledgers and/or blockchains. With our methodology, it is possible to describe the data type quite abstractly, using ProVerif axioms, and prove the correctness of the protocol using those axioms as assumptions. Then, in separate steps, one can define one or more concrete implementations of the data type, and again use ProVerif to show that the implementations satisfy the assumptions that were coded as axioms. This helps make compositional proofs, splitting the proof burden into several manageable pieces. To enable this methodology, we introduce new capabilities in ProVerif, by extending the class of lemmas and axioms that it can reason with. Specifically, we allow user-defined predicates, attacker predicates and message predicates to appear in lemmas and axioms, and define their semantics. We show the soundness of the implementation of this idea with respect to the semantics. We illustrate the methodology and features by providing the first formal verification of two transparency protocols which precisely models the Merkle tree data structure. The two protocols are transparent decryption (sometimes called accountable decryption), and certificate transparency. Transparent decryption is a way of ensuring that decryption operations are visible by people who are affected by them. This can be used, for example, to support privacy: it can mean that a subject is alerted to the fact that information about them has been decrypted. Certificate transparency is an Internet security standard for monitoring and auditing the issuance of digital certificates.

Session Chair: Ghada Almashaqbeh

Lunch Break

13:45 - 13:45

Session: Security and AI

13:45 - 15:10

Protecting Voice-Controllable Devices Against Self-Issued Voice Commands
Sergio Esposito (Royal Holloway University of London), Daniele Sgandurra (Royal Holloway University of London), Giampaolo Bella (Università degli Studi di Catania)

Self-issued voice commands are a class of voice spoofing attacks that leverage a voice-controllable device's internal speaker to issue a malicious voice command to the device itself. These attacks are particularly challenging to protect from, as it is very hard for a countermeasure solution to infer whether the command comes from an external entity or from the device itself. In this paper, we propose a practical countermeasure against self-issued voice commands by training a Siamese Neural Network to recognize the differences between what is being played and what is being recorded by the voice-controllable device. In fact, these audios are similar in case of voice command self-issue attacks and different in case of legitimate commands. We start with a user security requirements analysis of countermeasures against voice spoofing attacks, by describing different classes of synthesized voice commands that need to be blocked or allowed, depending on the necessities of the user. Then, we present our solution to protect voice-controllable devices from self-issued commands and show that it correctly classifies commands in the benign (real-user) and malign (self-issued) categories 97% of the times on average. We compare this result with state-of-the-art anomaly detection techniques as a baseline and show that our solution outperforms them. Furthermore, we instantiate our countermeasure on three different classes of devices to measure its performance, and we find that the additional overhead is negligible. Finally, we measure the usability impact of our solution when users interact with the tested device under different conditions, showing that our solution is resistant to environmental changes and regardless of the identity of the user issuing the commands.

When the Curious Abandon Honesty: Federated Learning Is Not Private
Franziska Boenisch (Vector Institute), Adam Dziedzic (University of Toronto and Vector Institute), Roei Schuster (Vector Institute), Ali Shahin Shamsabadi (Vector Institute and The Alan Turing Institute), Ilia Shumailov (Vector Institute), Nicolas Papernot (University of Toronto and Vector Institute)

In federated learning (FL), data does not leave personal devices when they are jointly training a machine learning model. Instead, these devices share gradients, parameters, or other model updates, with a central party (e.g., a company) coordinating the training. Because data never “leaves” personal devices, FL is often presented as privacy-preserving. Yet, recently it was shown that this protection is but a thin facade, as even a passive, honest-but-curious attacker observing gradients can reconstruct data ofindividual users contributing to the protocol. In this work, we show a novel data reconstruction attack which allows an active and dishonest central party to efficiently extract user data from the received gradients. While prior work on data reconstruction in FL relies on solving computationally expensive optimization problems or on making easily detectable modifications to the shared model's architecture or parameters, in our attack the central party makes inconspicuous changes to the shared model's weights before sending them out to the users. We call the modified weights of our attack trap weights. Our active attacker is able to recover user data perfectly, i.e., with zero error, even when this data stems from the same class. Recovery comes with near-zero costs: the attack requires no complex optimization objectives. Instead, our attacker exploits inherent data leakage from model gradients and simply amplifies this effect by maliciously altering the weights of the shared model through the trap weights. These specificities enable our attack to scale to fully-connected and convolutional deep neural networks trained with large mini-batches of data. For example, for the high-dimensional vision dataset ImageNet, we perfectly reconstruct more than 50% of the training data points from mini-batches as large as 100 data points. In textual tasks, such as IMDB sentiment analysis, more than 65% of data points from mini-batches containing 100 data points can be perfectly reconstructed.

SoK: Explainable Machine Learning for Computer Security Applications
Azqa Nadeem (Delft University of Technology), Daniël Vos (Delft University of Technology), Clinton Cao (Delft University of Technology), Luca Pajola (University of Padua), Simon Dieck (Delft University of Technology), Robert Baumgartner (Delft University of Technology), Sicco Verwer (Delft University of Technology)

Explainable Artificial Intelligence (XAI) is a promising solution to improve the transparency of machine learning (ML) pipelines. We systematize the increasingly growing (but fragmented) microcosm of studies that develop and utilize XAI methods for defensive and offensive cybersecurity tasks. We identify 3 cybersecurity stakeholders, i.e., model users, designers, and adversaries, that utilize XAI for 4 distinct objectives within an ML pipeline, namely 1) XAI-enabled user assistance, 2) XAI-enabled model verification, 3) explanation verification & robustness, and 4) offensive use of explanations. We further classify the literature w.r.t. the targeted security domain. Our analysis of the literature indicates that many of the XAI applications are designed with little understanding of how they might be integrated into analyst workflows – user studies for explanation evaluation are conducted in only 14% of the cases. The security literature sometimes also fails to disentangle the role of the various stakeholders and particularly minimizes the role of model designers. To this end, we present an illustrative tutorial for model designers: we demonstrate cases where XAI can help in model verification and cases where it may lead to erroneous conclusions instead. The systematization and tutorial enable us to challenge several assumptions and present open problems that can help shape the future of XAI within cybersecurity.

Session Chair: Giovanni Apruzzese

Coffee Break

15:10 - 15:30

Session: Privacy

15:30 - 17:00

Reconstructing Individual Data Points in Federated Learning Hardened with Differential Privacy and Secure Aggregation
Franziska Boenisch (Vector Institute), Adam Dziedzic (University of Toronto and Vector Institute), Roei Schuster (Vector Institute), Ali Shahin Shamsabadi (Vector Institute and The Alan Turing Institute), Ilia Shumailov (Vector Institute), Nicolas Papernot (University of Toronto and Vector Institute)

Federated learning (FL) is a framework for users to jointly train a machine learning model. FL is promoted as a privacy-enhancing technology (PET) that provides data minimization: data never “leaves” personal devices and users share only model updates with a server (e.g., a company) coordinating the distributed training. We assess the realistic (i.e., worst-case) privacy guarantees that are provided to users who are unable to trust the server. To this end, we propose an attack against FL protected with distributed differential privacy (DDP) and secure aggregation (SA). The attack method is based on the introduction of Sybil devices that deviate from the protocol to expose individual users' data for reconstruction by the server. The underlying root cause for the vulnerability to our attack is the power imbalance. The server orchestrates the whole protocol and users are given little guarantees about the selection of other users participating in the protocol. Moving forward, we discuss requirements for an FL protocol to guarantee DDP without asking users to trust the server. We conclude that such systems are not yet practical.

Towards Fine-Grained Localization of Privacy Behaviors
Vijayanta Jain (University of Maine), Sepideh Ghanavati (University of Maine), Sai Teja Peddinti (Google Inc.), Collin McMillan (University of Notre Dame)

Privacy labels help developers communicate their application’s privacy behaviors (i.e., how and why an ap- plication uses personal information) to users. But, studies show that developers face several challenges in creating them and the resultant labels are often inconsistent with their application’s privacy behaviors. In this paper, we create a novel methodology called fine-grained localization of privacy behaviors to locate individual statements in source code which encode privacy behaviors and predict their privacy labels. To implement our approach, we design and develop an attention-based multi-head encoder model. The model creates individual representations of multiple methods and uses attention to identify relevant statements which implement privacy behaviors in those methods. These statements are then used to predict privacy labels for the application’s source code. Our results show that our approach can achieve high accuracy in identifying these labels, with the lowest accuracy of 91.41% and the highest of 98.45%. Our qualitative evaluation also demonstrates that our approach can finely localize statements in methods that implement privacy behaviors. These results showcase our methodology is a good alternative technique to generate consistent privacy labels.

Masterkey attacks against free-text keystroke dynamics and security implications of demographic factors
Tim Van hamme (imec - DistriNet, KU Leuven), Giuseppe Garofalo (imec - DistriNet, KU Leuven), Davy Preuveneers (imec - DistriNet, KU Leuven), Wouter Joosen (imec - DistriNet, KU Leuven)

[Presentation]

This paper presents, and systematically evaluates the first masterkey attack against free-text keystroke dynamics. A masterkey is a typing sequence that matches, hence successfully impersonates, a large part of the population. Therefore, masterkeys are effective tools for an adversary who aims to impersonate someone without knowledge of their typing behavior. On top of the attack itself, we present a new unifying evaluation framework for masterkey attacks that allow for the comparison with knowledge-based authentication factors. In other words, we unify the evaluation of password security with that of masterkey attacks and demonstrate that typing biometrics is approximately 20 times less secure than passwords and approximately two times less secure than a 4-digit pin. Lastly, we study the effect of demographics on typing biometrics, which among others provides novel insights into the effect of being a well-versed typist on security.

"Act natural!": Exchanging Private Messages on Public Blockchains
Thore Tiemann (University of Lübeck), Sebastian Berndt (University of Lübeck), Thomas Eisenbarth (University of Lübeck), Maciej Liskiewicz (University of Lübeck)

[Presentation]

Messengers have become an essential means of interpersonal interaction. Yet untraceable private communication remains an elusive goal, as most messengers hide content, but not communication patterns. The knowledge of communication patterns can by itself reveal too much, as happened e.g., in the context of the Arab Spring. Subliminal channels in cryptographic systems enable untraceable private communication in plain sight. In this context, bulletin boards in the form of blockchains are a natural object for subliminal communication: accessing them is innocuous, as they rely on distributed access for verification and extension. At the same time, blockchain users generate hundreds of thousands of transactions per day that are individually signed and placed on the blockchain. Thus blockchains may serve as innocuous repository for publicly accessible cryptographic transactions where subliminal channels can be placed. In this paper, we propose a public-key subliminal channel using secret-recoverable splittable signature schemes on blockchains and prove that our construction is undetectable in the random oracle model under common cryptographic assumptions. Our approach is applicable to any secret-recoverable splittable signature scheme. Such schemes are used by 98 of the top 100 cryptocurrencies. We also analyze the applicability of our approach to the Bitcoin, Monero, and RippleNet networks and present proof of concept implementations for Bitcoin and RippleNet.

smartFHE: Privacy-Preserving Smart Contracts from Fully Homomorphic Encryption
Ravital Solomon (Sunscreen), Rick Weber (Sunscreen), Ghada Almashaqbeh (University of Connecticut)

Despite the great potential and flexibility of smart contract-enabled blockchains, building privacy-preserving applications using these platforms remains an open question. Existing solutions fall short since they ask end users to coordinate and perform the computation off-chain themselves. While such an approach reduces the burden of the miners of the system, it largely limits the ability of lightweight users to enjoy privacy since performing the actual computation on their own and attesting to its correctness is incredibly expensive even with state-of-the-art proof systems. To address this limitation, we propose smartFHE, a framework to support private smart contracts using fully homomorphic encryption (FHE). To the best of our knowledge, smartFHE is the first to use FHE in the blockchain model; moreover, it is the first to support arbitrary privacy-preserving applications for lightweight users under the same computation-on-demand model pioneered by Ethereum. smartFHE does not overload the user since miners are instead responsible for performing the private computation. This is achieved by employing FHE so miners can compute over encrypted data and account balances. Users are only responsible for proving well-formedness of their private inputs using efficient zero-knowledge proof systems (ZKPs). We formulate a notion for a privacy-preserving smart contract scheme and show a concrete instantiation of our smartFHE framework. We address numerous challenges resulting from using FHE in the blockchain setting--including concurrency, precision, bootstrapping, and storage. We also show how to choose suitable FHE and ZKP schemes to instantiate our framework, since naively choosing these will lead to poor performance in practice. We formally prove correctness and security of our construction and show preliminary benchmarks to evaluate its feasibility in practice.

Session Chair: Veelasha Moonsamy

Online Videos

SMART Credentials in the Multi-queue of Slackness (or Secure Management of Anonymous Reputation Traits without Global Halting)
Jack P. K. Ma (The Chinese University of Hong Kong), Sherman S. M. Chow (The Chinese University of Hong Kong)

[Video]

[Presentation]

People worry that anonymous access would invite misbehavior, e.g., hate speech on web applications. It is desirable to build a judgment layer on top of anonymous credentials such that an external mechanism can assign a score to each authenticated session, putting any misbehaving users in a blocklist. Such anonymous reputation systems focus on an authentication logic over data structures that maintains the session score and its linkage to the originating credential. For fast authentication, state-of-the-art designs require a fixed-length first-in-first-out session queue, leaving no room for prolonged judgments or remedies. This unveils their global-halting loophole -- one hard-to-judge session (waiting for consensus or investigation) would cease authentication of all users due to a backlog of unjudged ones. We propose SMART (slack management of anonymous reputation traits), a new credential design maintaining multiple queues so the server can temporarily judge sessions multiple times before finalization. Such slackness removes the binary judgment of old designs -- if misbehavior is not judged on time, it will be forgiven forever. Realizing the authentication semantics in zero-knowledge requires a dedicated design. We avoid the common but relatively heavy tools such as accumulator and proof of shuffle over multi-queue of signed sessions -- for a consistent yet unlinkable updating data structure maintaining its invariants -- with sessions rearranged according to externally updating judgments. Notably, SMART enjoys the slackness ``for free'' -- authentication time is linear in the number of queues but independent of the number of sessions accumulated in any queue.

An Unbiased Transformer Source Code Learning with Semantic Vulnerability Graph
Nafis Tanveer Islam (University of Texas at San Antonio), Gonzalo De La Torre Parra (University of the Incarnate Word), Dylan Manuel (University of Texas at San Antonio), Elias Bou-Harb (University of Texas at San Antonio), Peyman Najafirad (University of Texas at San Antonio)

[Video]

[Presentation]

Over the years, open source software systems have become prey to threat actors. Even highly-adopted software has been crippled by unforeseeable attacks, leaving millions of devices exposed. While open-source communities act quickly to patch the breach, code vulnerability screening should be an integral part of agile software development from the beginning. Unfortunately, current vulnerability screening techniques are ineffective at identifying novel vulnerabilities or providing developers with code vulnerability explanation. Furthermore, datasets used for vulnerability learning in real-world scenarios have high proportions of benign to vulnerable code, training the classifier to be biased towards the benign class. To address these issues, we propose a joint interpolated multitasked unbiased vulnera- bility classifier comprising a transformer ”RoBERTa” and graph convolution neural network (GCN). Our approach provides developers with code’s vulnerability explanation to address the issue. We present a training process utilizing a semantic vulnerability graph (SVG) representation from source code, created by integrating edges from a sequential flow, control flow, and data flow, as well as a novel flow dubbed Poacher Flow. Remarkably, our experimental results show that our classifier outperforms state-of-the-art results on vulnerability detection with fewer false negatives and false positives, an observed increase in precision of 22.91% and recall of 23.53%. Evaluations using recent data from real- world vulnerabilities published by the National Vulnerability Database demonstrate that our proposed approach achieves a 96% accuracy with low false negative and false positive results.

SoK: Data Sovereignty
Jens Ernstberger (Technical University of Munich), Jan Lauinger (Technical University of Munich), Fatima Elsheimy (Yale University), Liyi Zhou (Imperial College London), Sebastian Steinhorst (Technical University of Munich), Arthur Gervais (University College London), Dawn Song (UC Berkeley)

[Presentation]

[Video]

Society appears to be on the verge of recognizing the need for control over sensitive data in modern web applications. Recently, many systems claim to give control to individuals, promising the preeminent goal of data sovereignty. However, despite recent attention, research and industry efforts are fragmented and lack a holistic system overview. In this paper, we provide the first transecting systematization of data sovereignty by drawing from a dispersed body of knowledge. We clarify the field by identifying its three main areas: (i) decentralized identity, (ii) decentralized access control and (iii) policy-compliant decentralized computation. We find that literature lacks a cohesive set of formal definitions. Each area is considered in isolation, and priorities in industry and academia are not aligned due to a lack of clarity regarding user control. To solve this issue, we propose formal definitions for each sub-area. By highlighting that data sovereignty transcends the domain of decentralized identity, we aim to guide future works to embrace a broader perspective on user control. In each section, we augment our definition with security and privacy properties, discuss the state of the art and proceed to identify open challenges. We conclude by highlighting synergies between areas, emphasizing the real-world benefit obtained by further developing data sovereign systems.

NodeMedic: End-to-End Analysis of Node.js Vulnerabilities with Provenance Graphs
Darion Cassel (Carnegie Mellon University), Limin Jia (Carnegie Mellon University), Wai Tuck Wong (Singapore Management University)

[Presentation]

[Video]

Packages in the Node.js ecosystem often suffer from serious vulnerabilities such as arbitrary command injection and code execution. Existing taint analysis tools fall short in providing an end-to-end infrastructure for automatically detecting and triaging these vulnerabilities. We develop NodeMedic, an end-to-end analysis infrastructure that automates driver creation, performs precise yet scalable dynamic taint propagation via algorithmically tuned propagation policies, and exposes taint provenance information as a provenance graph. Using provenance graphs we develop two post-detection analyses: Automated constraint-based exploit synthesis to confirm true vulnerabilities; Attack-Defense-tree-based rating of flow exploitability. We demonstrate the effectiveness of NodeMedic through a large-scale evaluation of 10,000 Node.js packages. Our evaluation uncovers 155 vulnerabilities, of which 153 are previously undisclosed, and 108 were confirmed with automatically synthesized exploits. We plan to open source NodeMedic and a suite of 589 taint precision unit tests.

Towards Automated Detection of Single-Trace Side-Channel Vulnerabilities in Constant-Time Cryptographic Code
Ferhat Erata (Yale University), Ruzica Piskac (Yale University), Victor Mateu (Technology Innovation Institute), Jakub Szefer (Yale University)

[Presentation]

[Video]

Although cryptographic algorithms may be mathematically secure, it is often possible to leak secret information from the implementation of the algorithms. Timing and power side-channel vulnerabilities are some of the most widely considered threats to cryptographic algorithm implementations. Timing vulnerabilities may be easier to detect and exploit, and all high-quality cryptographic code today should be written in constant-time style. However, this does not prevent power side-channels from existing. With constant time code, potential attackers can resort to power side-channel attacks to try leaking secrets. Detecting potential power side-channel vulnerabilities is a tedious task, as it requires analyzing code at the assembly level and needs reasoning about which instructions could be leaking information based on their operands and their values. To help make the process of detecting potential power side-channel vulnerabilities easier for cryptographers, this work presents Pascal: Power Analysis Side Channel Attack Locator, a tool that introduces novel symbolic register analysis techniques for binary analysis of constant-time cryptographic algorithms, and verifies locations of potential power side-channel vulnerabilities with high precision. Pascal is evaluated on a number of implementations of post-quantum cryptographic algorithms, and it is able to find dozens of previously reported single-trace power side-channel vulnerabilities in these algorithms, all in an automated manner.

SOK: Side Channel Monitoring for Additive Manufacturing - Bridging Cybersecurity and Quality Assurance Communities
Muhammad Ahsan (Virginia Commonwealth University), Muhammad Haris Rais (Virginia Commonwealth University), Irfan Ahmed (Virginia Commonwealth University)

[Presentation]

[Video]

Additive Manufacturing (AM) is critical for the fourth industrial revolution (i.e., Industry 4.0). It involves printing a 3D object layer-by-layer from scratch. Fused filament fabrication (FFF), one of the most widely used AM technology, has been adopted by commercial and domestic consumers. With the recent addition of metal filaments, FFF caters to a broad spectrum of manufacturing industry requirements. Cybersecurity and Quality Assurance (QA) of the FFF process is an active research area. Like any other cyber-physical system, FFF exhibits many side channels (SCs), including acoustic and thermal emissions, vibrations, etc. Researchers in the QA domain use SCs to predict defects in the printed parts. Cybersecurity researchers, on the other hand, utilize SCs to identify malicious anomalies in the process. While the aims are different, there are definite overlaps in both communities' acquisition and analysis methodologies. As the two communities bring distinct skill sets and expertise, we find an opportunity to bring them closer through a systematic study of available work and identifying the commonalities and distinctions to motivate the consumption of cross-domain knowledge. Our approach to systematizing the knowledge is based on identifying the available SC, the acquisition and analysis methodologies, performance statistics, associated challenges, and future research directions. This knowledge consolidation and systematization exercise will not only help the new researchers aiming to explore SCs in the FFF process but also highlight collaboration opportunities between QA and cybersecurity communities.

Privately Evaluating Region Overlaps with Applications to Collaborative Sensor Output Validation
Anrin Chakraborti (Duke University), Michael K. Reiter (Duke University)

[Video]

[Presentation]

Advances in computer vision have made it possible to accurately map objects as regions in 3-dimensional space using LIDAR point clouds. These systems are key building blocks of several emerging technologies including autonomous vehicles. Comparing and validating the output of sensors at different vantage points observing the same scenery can enable these systems to detect faults, identify common obstacles, and improve decision making. However sharing sensor outputs among mutually untrusting parties can leak unwanted information, e.g., model parameters or relative location of the sensors. This work initiates the study of cryptographic protocols that enable two parties observing regions (or objects) in an arbitrary-dimension Euclidean space to privately detect if the regions overlap and approximate the volume of the overlapping region. The protocols rely only on cheap symmetric-key primitives and feature reasonable communication costs and compute times. As applications, the protocols have been benchmarked on data generated from the CARLA autonomous driving simulator and the ScanNet 3D image dataset; they outperform a 2PC garbled-circuit baseline in communication volume and compute time. For instance it takes roughly 0.5 seconds to approximate the volume of the overlapping region of two 3D boxes with low error probability.

Understanding, Measuring, and Detecting Modern Technical Support Scams
Jienan Liu (University of Georgia), Pooja Pun (University of New Orleans), Phani Vadrevu (University of New Orleans), Roberto Perdisci (University of Georgia and Georgia Tech)

[Presentation]

[Video]

Technical support scams (TSS) are social engineering attacks that aim to exploit users that have limited knowledge about technology, such as the elderly, causing significant financial loss to vulnerable citizens. The security community has attempted to respond to these web-based scams with different countermeasures. However, to the best of our knowledge, no robust countermeasures have been proposed thus far to defend against modern TSS campaigns that abuse web search engines to inflate their rankings in search results and lure many potential victims. To defend against these TSS attacks, in this paper we first study the TSS ecosystem, with a particular focus on how modern TSS campaigns are operated and promoted on the web. Then, we capitalize on our findings by proposing a novel detection system named TASER that can be used to differentiate TSS websites from legitimate technical support websites in a {\em topic-agnostic} way, by leveraging features that capture key traits of how TSS web pages are promoted. Our cross-validation tests show that TASER can detect 94.5\% of the TSS links in web search results at a false positive rate of less than 1\%, significantly outperforming previous work.

Fuzzing SGX Enclaves via Host Program Mutations
Arslan Khan (Purdue University), Muqi Zou (Purdue University), Kyungtae Kim (Purdue University), Dongyan Xu (Purdue University), Antonio Bianchi (Purdue University), Dave Jing Tian (Purdue University)

[Presentation]

[Video]

Intel Software Guard eXtension (SGX) is the cornerstone of Confidential Computing, enabling runtime code and data integrity and confidentiality via enclaves. Unfortunately, memory-unsafe and type-unsafe programming languages, such as C/C++, are commonly used to develop enclave implementations. As a result, a memory corruption or a data race within enclaves could lead to different attacks against the enclaves, such as Return-Of-Programming (ROP) and data leakage, breaking the hardware security guarantee provided by SGX. To automatically identify these issues in existing enclave implementations, in this paper, we propose FuzzSGX, an input and program mutation-based fuzzer for Intel SGX enclave implementations. FuzzSGX provides an enclave fuzzing runtime, FuzzSGX Runtime, a drop-in library for Intel SGX SDK emulation mode, enabling code coverage and sanitization within enclaves. To explore the host app-enclave boundary, FuzzSGX conducts static analysis and symbolic execution on existing host apps and enclave implementations to generate promising fuzzing programs, fuzzing both OCALLs and ECALLs. We evaluate FuzzSGX using 30 popular SGX applications and enclave implementations and find 93 bugs among these SGX projects, including data races, null pointer dereferences, out-of-bound accesses, division-by-zero, etc. FuzzSGX achieves 23x higher code coverage and finds 1.5x more unique crashes compared to basic AFL. Furthermore, FuzzSGX finds 31x more bugs by directly targeting the host app-enclave boundary by using program mutations, as compared to only input mutation. To the best of our knowledge, FuzzSGX is the first comprehensive SGX fuzzing solution bridging the benefit of fuzzing and security concerns of real-world enclave implementations.

A Certified Radius-Guided Attack Framework to Image Segmentation Modelse
Wenjie Qu (Huazhong University of Science and Technology), Youqi Li (Beijing Institute of Technology), Binghui Wang (Illinois Institute of Technology)

[Presentation]

[Video]

Image segmentation is an important problem in many safety-critical applications such as medical imaging and autonomous driving. Recent studies show that modern image segmentation models are vulnerable to adversarial perturbations, while existing attack methods mainly follow the idea of attacking image classification models. We argue that image segmentation and classification have inherent differences, and design an attack framework specially for image segmentation models. Our goal is to thoroughly explore the vulnerabilities of modern segmentation models, i.e., aiming to misclassify as many pixels as possible under a perturbation budget in both white-box and black-box settings. Our attack framework is inspired by certified radius, which was originally used by defenders to defend against adversarial perturbations to classification models. We are the first, from the attacker perspective, to leverage the properties of certified radius and propose a certified radius guided attack framework against image segmentation models. Specifically, we first adapt randomized smoothing, the state-of-the-art certification method for classification models, to derive the pixel's certified radius. A larger certified radius of a pixel means the pixel is theoretically more robust to adversarial perturbations. This observation inspires us to focus more on disrupting pixels with relatively smaller certified radii. Accordingly, we design a pixel-wise certified radius guided loss, when plugged into any existing white-box attack, yields our certified radius-guided white-box attack. Next, we propose the first black-box attack to image segmentation models via bandit. A key challenge is no gradient information is available. To address it, we design a novel gradient estimator, based on bandit feedback, which is query-efficient and provably unbiased and stable. We use this gradient estimator to design a projected bandit gradient descent (PBGD) attack. We further use pixels' certified radii and design a certified radius-guided PBGD (CR-PBGD) attack. We prove our PBGD and CR-PBGD attacks can achieve asymptotically optimal attack performance with an optimal rate. We evaluate our certified-radius guided white-box and black-box attacks on multiple modern image segmentation models and datasets. Our results validate the effectiveness of our certified radius-guided attack framework.

Exploring Smart Commercial Building Occupants' Perceptions and Notification Preferences of Internet of Things Data Collection in the United States
Tu Le (University of Virginia), Alan Wang (University of Virginia), Yaxing Yao (University of Maryland, Baltimore County), Yuanyuan Feng (University of Vermont), Arsalan Heydarian (University of Virginia), Norman Sadeh (Carnegie Mellon University), Yuan Tian (University of California, Los Angeles)

[Presentation]

[Video]

Data collection through the Internet of Things (IoT) devices, or smart devices, in commercial buildings enables possibilities for increased convenience and energy efficiency. However, such benefits face a large perceptual challenge when being implemented in practice, due to the different ways occupants working in the buildings understand and trust in the data collection. The semi-public, pervasive, and multi-modal nature of data collection in smart buildings points to the need to study occupants' understanding of data collection and notification preferences. We conduct an online study with 492 participants in the US who report working in smart commercial buildings regarding: 1) awareness and perception of data collection in smart commercial buildings, 2) privacy notification preferences, and 3) potential factors for privacy notification preferences. We find that around half of the participants are not fully aware of the data collection and use practices of IoT even though they notice the presence of IoT devices and sensors. We also discover many misunderstandings around different data practices. The majority of participants want to be notified of data practices in smart buildings, and they prefer push notifications to passive ones such as websites or physical signs. Surprisingly, mobile app notification, despite being a popular channel for smart homes, is the least preferred method for smart commercial buildings.

Understanding the Security Risks of Decentralized Exchanges in the Wild
Jiaqi Chen (Syracuse University), Yibo Wang (Syracuse University), Yuxuan Zhou (Syracuse University), Wanning Ding (Syracuse University), Yuzhe Tang (Syracuse University), XiaoFeng Wang (Indiana University Bloomington), Kai Li (San Diego State University)

[Presentation]

[Video]

DEX, or decentralized exchange, is a prominent class of decentralized finance (DeFi) applications on blockchains, attracting a total locked value worth tens of billions of USD today. This paper presents the first large-scale empirical study to expose the atomicity violations in running DEX operations on Ethereum and Binance Smart Chain (BSC). By joining and analyzing $60 million transactions, we find $671,400 cases of atomicity violations on six popular DEX services, including Uniswap, Balancer, and Curve. Out of these violations, we detect about $55,000 token thefts with high confidence that lead to a value loss of more than $3.88 million USD. Furthermore, the measurement study uncovers previously unknown causes of extractable value, real-world adaptive strategies to these causes, and the systematic behavior in preparing, executing, and finalizing the thefts. Finally, we propose countermeasures to redesign secure DEX protocols and to harden deployed services against the discovered security risks.

MISO: Legacy-compatible Privacy-preserving Single Sign-on using Trusted Execution Environments
Rongwu Xu (Tsinghua University), Sen Yang (Yale University), Fan Zhang (Yale University), Zhixuan Fang (Tsinghua University), Rongwu Xu (Tsinghua University), Sen Yang (Yale University)

[Video]

[Presentation]

Single sign-on (SSO) allows users to authenticate to third-party applications through a central identity provider. Despite their wide adoption, deployed SSO systems suffer from privacy problems such as user tracking by the identity provider. While numerous solutions have been proposed by academic papers, none were adopted because they require modifying identity providers, a significant adoption barrier in practice. Solutions do get deployed, however, fail to eliminate major privacy issues. Leveraging Trusted Execution Environments (TEEs), we propose MISO, the first privacy-preserving SSO system that is completely compatible with existing identity providers (such as Google and Facebook). This means MISO can be easily integrated into existing SSO ecosystem today and benefit end users. MISO also enables new functionality that standard SSO cannot offer: MISO allows users to leverage multiple identity providers in a single SSO workflow, potentially in a threshold fashion, to better protect user accounts. We fully implemented MISO based on Intel SGX. Our evaluation shows that MISO can handle high user concurrency with practical performance.

Privformer: Privacy-preserving Transformer with MPC
Yoshimasa Akimoto (University of Tsukuba), Kazuto Fukuchi (University of Tsukuba), Yohei Akimoto (University of Tsukuba), Jun Sakuma (University of Tsukuba / RIKEN AIP)

[Presentation]

[Video]

Transformer is a deep learning architecture that processes sequence data. Transformer attains the state-of-the-art in several tasks of sequence data analysis, and its variants, such as BERT and GPT-3, are used as a defacto-standard for solving general tasks in NLP. This work presents a $3$-party MPC protocol for secure inference of Transfomer in the honest majority setting. The attention layer is the most time-consuming part when implementing an MPC protocol for Transfomer with existing building blocks. The attention mechanism is a core component of Transformer that captures and exploits complex dependencies among elements in the input sequences. The attention mechanism invokes the exponentiation function $O(S^2)$ times, which becomes a major bottleneck when implementing Transformer with existing MPC primitives. To deal with this, we employ Performer\cite{choromanski2020rethinking}, a variant of Transformer where the sigmoid function that invokes the exponentiation function is replaced with the ReLU function, a more MPC-friendly nonlinear function. Also, by introducing a kernel-based approximation of the attention matrix with random orthogonal matrices, we show that the attention layer can be processed with $O(S)$ times calls of the ReLU function. We investigate the efficiency of the proposed method by an end-to-end implementation of Transformer with $3$-party MPC. Experimental evaluation shows that, for the translation of a sequence where the output sequence length is 64, the computation related to MPC takes about 19 minutes in the LAN environment and the total computation time.

Coverage and Secure Use Analysis of Content Security of Content Security Policies via Clustering
Mengxia Ren (Colorado School of Mines), Chuan Yue (Colorado School of Mines)

[Presentation]

[Video]

Content Security Policy (CSP) is a standardized leading technique for protecting webpages against attacks such as Cross Site Scripting (XSS). However, it is often hard to properly deploy CSPs on webpages, and the deployed CSPs often contain security issues or errors. In this paper, we take the unsupervised clustering approach to analyze the security levels of the deployed CSPs from the directive coverage and secure use perspectives. To effectively protect a webpage, a deployed CSP should cover all types of resources needed on the webpage by using different directive names (or some default directive names if available), and should avoid using unsafe directive values which will allow harmful resources to be loaded into a webpage. We implemented a Google Chrome extension, designed policy features, designed a Contrastive Spectral Clustering (CSC) algorithm, and visited the Alexa top 100K websites to analyze the CSPs deployed on them. From the 13,317 homepages that deployed CSPs under the enforcement mode, we categorized their policies into 16 clusters with different characteristics. We found that 15 clusters are at the low level on the coverage and five clusters are at the low level on the secure use of directives; meanwhile, no cluster is at the high level on the coverage of directives, and nine clusters are at the high level on the secure use of directives. These results indicate that most deployed CSPs do not sufficiently protect webpages, and more importantly, clustering helps identify the corresponding common or different reasons from the directive coverage and secure use perspectives. In addition, by analyzing 110,718 subpages of the 13,317 CSP-deployed homepages, we found that most of them deployed the same CSP as in their homepages. Overall, our approach and results can be helpful for promoting the proper deployment of CSPs.

CommiTEE: An Efficient and Secure Commit-Chain Protocol using TEEs
Andreas Erwig (TU Darmstadt), Sebastian Faust (TU Darmstadt), Siavash Riahi (TU Darmstadt), Tobias Stöckert (Fraunhofer sit)

[Video]

Permissionless blockchain systems such as Bitcoin or Ethereum are slow and expensive, since transactions are processed in a distributed network by a large set of parties. To improve on these shortcomings, a prominent approach is given by so-called 2nd-layer protocols. In these protocols parties process transactions off-chain directly between each other, thereby drastically reducing the costly and slow interaction with the blockchain. In particular, in the optimistic case, when parties behave honestly, no interaction with the blockchain is needed. One of the most popular off-chain solutions are Plasma protocols (often also called commit-chains). These protocols are orchestrated by a so-called operator that maintains the system and processes transactions between parties. Importantly, the operator is trustless, i.e., even if it is malicious users of the system are guaranteed to not lose funds. To achieve this guarantee, Plasma protocols are highly complex and rely on involved and expensive dispute resolution processes. This has significantly slowed down development and deployment of these systems. In this work we propose CommiTEE -- a simple and efficient Plasma system leveraging the power of trusted execution environments (TEE). Besides its simplicity, our protocol requires minimal interaction with the blockchain, thereby drastically reducing costs and improving efficiency. An additional benefit of our solution is that it allows for switching between operators, in case the main operator goes offline due to system failure, or behaving maliciously. We implemented and evaluated our system over Ethereum and show that it is at least 2 times (and in some cases more than 16 times) cheaper in terms of communication complexity when compared to existing Plasma implementations. Moreover, for protocols using zero-knowledge proofs (like NOCUST-ZKP), CommiTEE decreases the on-chain gas cost by a factor ~19 compared to prior solution.

Session: Online Videos Q&A

17:00 - 17:30

Link: https://tudelft.zoom.us/j/93868036842

17:00 - 17:10

SOK: Side Channel Monitoring for Additive Manufacturing - Bridging Cybersecurity and Quality Assurance Communities
Muhammad Ahsan (Virginia Commonwealth University), Muhammad Haris Rais (Virginia Commonwealth University), Irfan Ahmed (Virginia Commonwealth University)

17:10 - 17:20

Coverage and Secure Use Analysis of Content Security of Content Security Policies via Clustering
Mengxia Ren (Colorado School of Mines), Chuan Yue (Colorado School of Mines)

17:20 - 17:30

Session Chair: Herbert Bos

Welcome reception at TU Delft Aula

17:30 - 19:15

Session: Fuzzing & Vulnerability finding

09:00 - 10:25

EF/CF: High Performance Smart Contract Fuzzing for Exploit Generation
Michael Rodler (Amazon Web Services), David Paaßen (University of Duisburg-Essen), Wenting Li (NEC Laboratories Europe), Lukas Bernhard (Ruhr University Bochum), Thorsten Holz (CISPA Helmholtz Center for Information Security), Ghassan Karame (Ruhr University Bochum), Lucas Davi (University of Duisburg-Essen)

Smart contracts are increasingly being used to manage large numbers of high-value tokens and cryptocurrency accounts. There is a strong demand for automated, efficient, and comprehensive methods to detect security vulnerabilities in a given contract. While the literature features a plethora of analysis methods for smart contracts, the existing proposals do not address the ever-increasing complexity of contracts. Existing analysis tools suffer from false alarms and missed bugs in today's smart contracts that are increasingly defined by complexity and interdependencies. To scale accurate analysis to modern smart contracts, we introduce EF/CF, a high-performance fuzzer for Ethereum smart contracts. In contrast to previous work, EF/CF efficiently and accurately models complex smart contract interactions, such as reentrancy and cross-contract interactions, at a very high fuzzing throughput rate. To achieve this, EF/CF transpiles smart contract bytecode into native C++ code, thereby enabling the reuse of existing, optimized fuzzing toolchains for native code. Furthermore, EF/CF increases fuzzing efficiency by employing a structural mutation engine for smart contract transaction sequences and using a contract's ABI to generate valid transaction inputs. In a comprehensive evaluation, we show that EF/CF scales better---without compromising accuracy---to complex contracts when compared to state-of-the-art approaches, including other fuzzers, symbolic/concolic execution, and hybrid approaches. Moreover, we show that EF/CF is able to automatically generate transaction sequences that exploit reentrancy bugs to steal Ether. In contrast to prior work, EF/CF generates concrete exploits, which enables developers to easily reproduce the issue to determine the root-cause.

Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis
Trevor Dunlap (North Carolina State University), Seaver Thorn (North Carolina State University), William Enck (North Carolina State University), Bradley Reaves (North Carolina State University)

Software depends on upstream projects that regularly fix vulnerabilities, but the documentation of those vulnerabilities is often unreliable or unavailable. Automating the collection of existing vulnerability fixes is essential for downstream projects to reliably update their dependencies due to the sheer number of dependencies in modern software. Prior efforts rely solely on incomplete databases or imprecise or inaccurate statistical analysis of upstream repositories. In this paper, we introduce Differential Alert Analysis (DAA) to discover vulnerability fixes in software projects. In contrast to statistical analysis, DAA leverages static analysis security tools (SAST), which reason over code context and semantics. We provide a language-independent implementation of DAA and show that for Python and Java based projects, DAA has high precision for a ground-truth dataset of vulnerability fixes --- even with noisy and low-precision SAST tools. We then use DAA in two large-scale empirical studies covering several prominent ecosystems, finding hundreds of resolved alerts, including many that were never disclosed publicly. DAA thus provides a powerful, accurate primitive for software projects, code analysis tools, vulnerability databases, and researchers to characterize and enhance the security of software supply chains.

Code Vulnerability Detection via Signal-Aware AI
Sahil Suneja (IBM Research), Yufan Zhuang (UCSD), Yunhui Zheng (IBM Research), Jim Laredo (IBM Research), Alessandro Morari (IBM Research), Udayan Khurana (IBM Research)

AI modeling of source code understanding tasks has been gaining popularity. Accompanying their rapid proliferation is an emerging scrutiny over the models' reliability. Concerns have been raised regarding the models not actually learning task-relevant source code features, but fitting other correlated data. To improve model trustworthiness, in this work, we explore data-driven approaches to enhance model signal awareness, i.e., learning the relevant signals in the input for making predictions. We do so by incorporating the notion of code complexity during model training, both (i) explicitly via curriculum learning, and (ii) implicitly by augmenting the training dataset with simplified signal-preserving programs. With our techniques, we achieve up to 4.8x improvement in signal awareness of vulnerability detection models. Using the notion of code complexity, we present a novel interpretation of the model learning behaviour from the perspective of the dataset. We use it to introspect model learning difficulties, and analyze the learning enhancements achieved with our approaches.

Hunting for Truth: Analyzing Explanation Methods in Learning-based Vulnerability Discovery
Tom Ganz (SAP Security Research), Philipp Rall (SAP Security Research), Martin Härterich (SAP Security Research), Konrad Rieck (Technische Universität Braunschweig)

Recent research has developed a series of methods for finding vulnerabilities in software using machine learning. While the proposed methods provide a remarkable performance in controlled experiments, their practical application is hampered by their black-box nature: A security practitioner cannot tell how these methods arrive at a decision and what code structures contribute to a reported security flaw. Explanation methods for machine learning may overcome this problem and guide the practitioner to relevant code. However, there exist a variety of competing explanation methods, each highlighting different code regions when given the same finding. So far, this inconsistency has made it impossible to select a suitable explanation method for practical use. In this paper, we address this problem and develop a method for analyzing and comparing explanations for learning-based vulnerability discovery. Given a predicted vulnerability, our approach uses directed fuzzing to create local ground-truth around code regions marked as relevant by an explanation method. This ground-truth enables us to assess the veracity of the explanation. As a result, we can qualitatively compare different explanation methods and determine the most accurate one for a particular learning setup. In an empirical evaluation with different discovery and explanation methods, we demonstrate the utility of this approach and its capabilities in making learning-based vulnerability discovery more transparent.

Session Chair: Xiao Zhang

Coffee Break

10:25 - 10:45

Session: Networks

10:45 - 12:10

Systematic Improvement of Access-Stratum Security in Mobile Networks Discovery
Rhys Miller (University of Surrey), Ioana Boureanu (University of Surrey), Steve Wesemeyer (University of Surrey), Hemant Zope (Fraunhofer Society), Zhili Sun (University of Surrey)

In mobile networks, the User Equipment (UE) secures some of the communication with its serving Radio Access Network (RAN) node (“base station”) via a set of keys known as Access Stratum (AS) keys. Unfortunately, the level of secrecy of these keys varies with the mobile procedures re-establishing them. To improve the secrecy of the AS keys, we propose minimal changes to 5G & 4G handovers, i.e., the main AS-key establishment procedures. We show the minimality of our changes also via an implementation of one of our protocol in the 3GPP-compliant Open5GCore 5G testbed. We also cross-compare standard handovers with our amended handovers, systematically via MobTrustCom: a framework to quantify especially trust but also communication complexity in mobile networks. Moreover, we use Tamarin, a formal security-protocol verification tool, to prove no loss of "classical" security yet an increase in AS-keys’ secrecy brought by our improvements to handovers.

Anomaly-based Filtering of Application-Layer DDoS Against DNS Authoritatives
Jonas Bushart (CISPA Helmholtz Center for Information Security), Christian Rossow (CISPA Helmholtz Center for Information Security)

Authoritative DNS infrastructures are at the core of the Internet ecosystem. But how resilient are typical authoritative DNS name servers against application-layer Denial-of-Service attacks? In this paper, with the help of a large country-code TLD operator, we assess the expected attack load and DoS countermeasures. We find that standard botnets or even single-homed attackers can overload the computational resources of authoritative name servers—even if redundancy such as anycast is in place. To prevent the resulting devastating DNS outages, we assess how effective upstream filters can be as a last resort. We propose an anomaly detection defense that allows both, well-behaving high-volume DNS resolvers as well as low-volume clients to continue name lookups—while blocking most of the attack traffic. Upstream ISPs or IXPs can deploy our scheme and drop attack traffic to reasonable query loads at or below 100k queries per second at a false positive rate of 1.2 % to 5.7 % (median 2.4 %).

SoK: A Data-driven View on Methods to Detect Reflective Amplification DDoS Attacks Using Honeypots
Marcin Nawrocki (Freie Universität Berlin), John Kristoff (NETSCOUT, University of Illinois at Chicago), Chris Kanich (University of Illinois at Chicago), Raphael Hiesgen (HAW Hamburg), Thomas C. Schmidt (HAW Hamburg), Matthias Wählisch (TU Dresden and Freie Universität Berlin)

In this paper, we revisit the use of honeypots for detecting reflective amplification attacks. These measurement tools require careful design of both data collection and data analysis including cautious threshold inference. We survey common amplification honeypot platforms as well as the underlying methods to infer attack detection thresholds and to extract knowledge from the data. By systematically exploring the threshold space, we find most honeypot platforms produce comparable results despite their different configurations. Moreover, by applying data from a large-scale honeypot deployment, network telescopes, and a real-world baseline obtained from a leading DDoS mitigation provider, we question the fundamental assumption of honeypot research that convergence of observations can imply their completeness. Conclusively we derive guidance on precise, reproducible honeypot research, and present open challenges.

SoK: Pragmatic Assessment of Machine Learning for Network Intrusion Detection
Giovanni Apruzzese (University of Liechtenstein), Pavel Laskov (University of Liechtenstein), Johannes Schneider (University of Liechtenstein)

Machine Learning (ML) methods have become a valuable asset to solve many real-world tasks, and ML solutions are being increasingly deployed even in production environments. In the cybersecurity domain, however, practitioners still see ML with skepticism---despite abundant research demonstrating the advantages of ML. This disconnection is due to the intrinsically somewhat limited scope of scientific papers, many of which primarily aim to demonstrate new methods ``outperforming'' prior work---and often overlook the practical implications for deploying the proposed solutions in real systems. Such limitations are particularly relevant in the context of ML for Network Intrusion Detection (NID), because ML models are ultimately a single component within a complex security system---which must protect an environment that is constantly under attack. Therefore, the real value of ML solutions for NID depends on a plethora of factors, such as hardware, that are often neglected in research endeavours. This paper aims to reduce the practitioners' skepticism towards ML for NID by changing the evaluation methodology adopted in research. Our takeaway is that such a change can and should be done to increase the security of modern network environments. We first elucidate which factors influence the operational deployment of ML in NID. Then, we propose the notion of pragmatic assessment, which enable practitioners to gauge the real value of an ML method for NID proposed in research. After showing that the state-of-the-art does not allow to estimate the value of existing ML methods, we carry out a pragmatic assessment. We perform a massive experimental campaign focused on the classification of malicious network traffic, and consider hundreds of configuration settings. Our ML models are trained using diverse: datasets, labelling budgets, feature sets, hardware platforms, preprocessing tools, and ML algorithms; all our ML models are tested against known, unknown, and adversarial attacks. Our (reproducible) evaluations allow practitioners to objectively estimate the quality of ML for NID. We conduct a survey with practitioners to validate our major claims.

GNN4IFA: Interest Flooding Attack Detection With Graph Neural Networks
Andrea Agiollo (University of Bologna), Enkeleda Bardhi (Sapienza University of Rome), Mauro Conti (University of Padua / Delft University of Technology), Riccardo Lazzeretti (Sapienza University of Rome), Eleonora Losiouk (University of Padua), Andrea Omicini (University of Bologna)

The current IP-based Internet faces several security and privacy issues. Information-Centric Networking (ICN) aims at overcoming such issues by moving the Internet paradigm from host-centric to content-centric. In this networking paradigm, Interest Flooding Attacks (IFAs) represent a new and dangerous sort of Distributed Denial of Service (DDoS). Existing proposals aiming at identifying IFAs mainly focus on local -- i.e., device-centric -- information, failing to consider complex global relations. Furthermore, complete and meaningful IFA datasets useful for designing detection mechanisms are currently missing. To overcome these issues, we propose GNN4IFA, the first mechanism that considers complex non-local knowledge for IFA detection in the ICN context, leveraging Graph Neural Networks (GNNs). Handling the overall network topology, GNNs deal with intricate but representative devices interactions and network behaviour, thus overcoming the locality issue of traditional IFA detection mechanisms. To test the mechanism, we collect a novel dataset -- i.e., SPOTIFAI -- containing ~40 IFA heterogeneous scenarios over three network topologies. Our solution shows high performance on all the tested topologies and setups, reaching a detection rate higher than 99% and a negligible false positive rate, while requiring a small computational cost. Indeed, GNN4IFA reaches up to a 6% of accuracy improvement compared to the state-of-the-art for its supervised configuration and 10% of true positive rate increase for the unsupervised approach. Moreover, for IFA detection mechanisms it is of paramount importance to generalise their detection independently of the underlying topology. However, this aspect is ignored by previous state-of-the-art solutions. To alleviate this shortfall, we here analyse if and up to what extent GNN4IFA can transfer its detection on network topologies different from the one used in its design phase. Interestingly, GNN4IFA shows high generalisation capabilities, especially when transferred from large topologies to small ones. Thus, GNN4IFA overcomes the available state-of-the-art IFA detection mechanisms both in terms of transferability and raw detection performance.

Session Chair: Marc Dacier

Lunch Break

12:10 - 13:15

Session: Side Channels and Transient Execution

13:15 - 14:40

SoK: Analysis of Root Causes and Defense Strategies for Attacks on Microarchitectural Optimizations
Nadja Ramhöj Holtryd (Chalmers University of Technology), Madhavan Manivannan (Chalmers University of Technology), Per Stenström (Chalmers University of Technology)

[Presentation]

Microarchitectural optimizations are expected to play a crucial role in ensuring performance scalability in future technology nodes. However, recent attacks have demonstrated that microarchitectural optimizations, which were assumed to be secure, can be exploited. Moreover, new attacks surface at a rapid pace limiting the scope of existing defenses. These developments prompt the need to review microarchitectural optimizations with an emphasis on security, understand the attack landscape and the potential defense strategies. We analyze timing-based side-channel attacks targeting a diverse set of microarchitectural optimizations. We provide a framework for analysing non-transient and transient attacks, which highlights the similarities. We identify the four root causes of timing-based side-channel attacks: determinism, sharing, access violation and information flow, through our systematic analysis. Our key insight is that a subset (or all) of the root causes are exploited by attacks and eliminating any of the exploited root causes, in any attack step, is enough to provide protection. Leveraging our framework, we systematize existing defenses and show that they target these root causes in the different attack steps.

MicroProfiler: Principled Side-Channel Mitigation through Microarchitectural Profiling
Marton Bognar (KU Leuven), Hans Winderix (KU Leuven), Jo Van Bulck (KU Leuven), Frank Piessens (KU Leuven)

Preventing information leakage through microarchitectural side channels is notoriously challenging and continues to be an important research question. In this regard, recent work has shown that automated, compiler-assisted instruction balancing can be applied in the context of small, embedded processors with deterministic timing behavior. However, even in such small processors, new and more subtle microarchitectural side channels continue to be discovered. In this paper, we investigate how to systematically augment a vendor-provided instruction set architecture (ISA) specification with instruction-specific microarchitectural leakage profiles. Concretely, we focus on mitigating a recently uncovered microarchitectural side channel resulting from direct memory access (DMA) capabilities on 16-bit openMSP430 processors. We first develop a principled microarchitectural profiling methodology to systematically extract DMA leakage traces for all possible MSP430 instructions. Next, building on this augmented ISA, we develop practical attacks, an improved compiler mitigation, and we extend a binary validation tool. We experimentally confirm that our improved mitigation fully eliminates information leakage from both the original instruction timings and DMA traces without incurring any additional overhead compared to the original instruction balancing approach.

You Cannot Always Win the Race: Analyzing mitigations for branch target prediction attacks
Alyssa Milburn (Intel Corporation), Ke Sun (Intel Corporation), Henrique Kawakami (Intel Corporation)

Many recent attacks such as Branch Target Injection (BTI, aka Spectre v2) take advantage of speculative execution in modern processors, and in particular the inherent race condition between transient execution of code at the predicted target of a branch and the architectural resolution of the branch. This can create a speculation window in which code can be transiently executed at an unintended target, and mitigations for these attacks often focus on minimizing or removing such windows. By investigating the potential sources of latency that may contribute to such a speculation window, such as pipeline contention and simultaneous multithreading (SMT) activity, we show that an attacker can ``win the race'' despite the adoption of widely-used mitigations, on a variety of different x86 CPUs. We also show that such speculation windows may be present for predictions of direct branches. This enables a new class of BTI-style attacks that do not depend on indirect branches, and bypass the majority of existing mitigations against such attacks.

From Dragondoom to Dragonstar: Side-channel Attacks and Formally Verified Implementation of WPA3 Dragonfly Handshake
Daniel De Almeida Braga (Université de Rennes 1, CNRS, IRISA), Mohamed Sabt (Université de Rennes 1, CNRS, IRISA), Pierre-Alain Fouque (Université de Rennes 1, CNRS, IRISA), Natalia Kulatova (Mozilla), Karthikeyan Bhargavan (INRIA)

[Presentation]

It is universally acknowledged that Wi-Fi communications are important to secure. Thus, the Wi-Fi Alliance published WPA3 in 2018 with a distinctive security feature: it leverages a Password-Authenticated Key Exchange (PAKE) protocol to protect users' passwords from offline dictionary attacks. Unfortunately, soon after its release, several attacks were reported against its implementations, in response to which the protocol was updated in a best-effort manner. In this paper, we show that the proposed mitigations are not enough, especially for a complex protocol to implement even for savvy developers. Indeed, we present Dragondoom, a collection of side-channel vulnerabilities of varying strength allowing attackers to recover users' passwords in widely deployed WiFi daemons, such as hostap in its default settings. Our findings target both password conversion methods, namely the default probabilistic hunting-and-pecking and its newly standardized deterministic alternative based on SSWU. We successfully exploit our leakage in practice through microarchitectural mechanisms, despite the limited spatial resolution of Flush+Reload. Our attacks outperform previous works in terms of required measurements. Then, driven by the need to end the spiral of patch-and-hack in Dragonfly implementations, we propose Dragonstar, an implementation of Dragonfly leveraging a formally verified implementation of the underlying mathematical operations, thereby removing all the related leakage vector. Our implementation relies on HACL*, a formally verified crypto library guaranteeing secret-independence. We design Dragonstar, so that its integration within hostap requires minimal modifications to the existing project. Our experiments show that the performance of HACL*-based hostap is comparable to OpenSSL-based, implying that Dragonstar is both efficient and proved to be leakage-free.

Session Chair: Alessandro Brighente

Coffee Break

14:40 - 15:00

Session: Crypto + formal methods II

15:00 - 16:25

Recurring Contingent Service Payment
Aydin Abadi (University College London), Steven J. Murdoch (University College London), Thomas Zacharias (University of Edinburgh)

Fair exchange protocols let two mutually distrustful parties exchange digital data in a way that neither party can cheat. They have various applications such as the exchange of digital items, or the exchange of digital coins and digital services between a buyer/client and seller/server. In this work, we formally define and propose a generic blockchain-based construction called “Recurring Contingent Service Payment” (RC-S-P). It (i) lets a fair exchange of digital coins and verifiable service reoccur securely between clients and a server while ensuring that the server is paid if and only if it delivers a valid service, and (ii) ensures the parties’ privacy is preserved. RC-S-P supports arbitrary verifiable services, such as “Proofs of Retrievability” (PoR) or verifiable computation and imposes low on-chain overheads. Our formal treatment and construction, for the first time, consider the setting where either client or server is malicious. We also present a concrete efficient instantiation of RC- S-P when the verifiable service is PoR. We implemented the concrete instantiation and analysed its cost. When it deals with a 4-GB outsourced file, a verifier can check a proof in only 90 milliseconds, and a dispute between a prover and verifier is resolved in 0.1 milliseconds. At CCS 2017, two blockchain-based protocols were pro- posed to support the fair exchange of digital coins and a certain verifiable service; namely, PoR. In this work, we show that these protocols (i) are susceptible to a free-riding attack which enables a client to receive the service without paying the server, and (ii) are not suitable for cases where parties’ privacy matters, e.g., when the server’s proof status or buyer’s file size must remain private from the public. RC- S-P simultaneously mitigates the above attack and preserves the parties’ privacy.

SIM: Secure Interval Membership Testing and Applications to Secure Comparison
Albert Yu (Purdue University), Donghang Lu (Purdue University), Aniket Kate (Purdue University), Hemanta K. Maji (Purdue University)

The offline-online model is a leading paradigm for practical secure multi-party computation (MPC) protocol design that has successfully reduced the overhead for several prevalent privacy-preserving computation functionalities common to diverse application domains. However, the prohibitive overheads associated with secure comparison - one of these vital functionalities - often bottlenecks current and envisioned MPC solutions. Indeed, an efficient secure comparison solution has the potential for significant real-world impact through its broad applications. This work identifies and presents SIM, a secure protocol for the functionality of interval membership testing. This security functionality, in particular, facilitates secure less-than-zero testing and, in turn, secure comparison. A key technical challenge is to support a fast online protocol for testing in large integer rings while keeping the precomputation tractable. Motivated by the map-reduce paradigm, this work introduces the innovation of (1) computing a sequence of intermediate functionalities on a partition of the input into input blocks and (2) securely aggregating the output from these intermediate outputs. This innovation allows controlling the size of the precomputation through a granularity parameter representing these input blocks' size - enabling application-specific automated compiler optimizations. To demonstrate our protocols' efficiency, we implement and test their performance in a high-demand application: privacy-preserving machine learning. The benchmark results show that switching to our protocols yields significant performance improvement, which indicates that using our protocol in a plug-and-play fashion can improve the performance of various security applications. Our new paradigm of protocol design may be of independent interest because of its potential for extensions to other functionalities of practical interest.

Careful with MAc-then-SIGn: A Computational Analysis of the EDHOC Lightweight Authenticated Key Exchange Protocol
Felix Günther (ETH Zurich), Marc Ilunga Tshibumbu Mukendi (Trail of Bits)

EDHOC is a lightweight authenticated key exchange protocol for IoT communication, currently being standardized by the IETF. Its design is a trimmed-down version of similar protocols like TLS 1.3, building on the SIGn-then-MAc (SIGMA) rationale. In its trimming, however, EDHOC notably deviates from the SIGMA design by sending only short, non-unique credential identifiers, and letting recipients perform trial verification to determine the correct communication partner. Done naively, this can lead to identity misbinding attacks when an attacker can control some of the user keys, invalidating the original SIGMA security analysis and contesting the security of EDHOC. In this work, we formalize a multi-stage key exchange security model capturing the potential attack vectors introduced by non-unique credential identifiers. We show that EDHOC, in its latest draft version 17, indeed achieves session key security and user authentication even in a strong model where the adversary can register malicious keys with colliding identifiers, given that the employed signature scheme provides so-called exclusive ownership. Through our security result, we confirm cryptographic improvements integrated by the IETF working group in recent draft versions of EDHOC based on recommendations from our and others' analysis.

Proof-of-Learning is Currently More Broken Than You Think
Congyu Fang (University of Toronto and Vector Institute), Hengrui Jia (University of Toronto and Vector Institute), Anvith Thudi (University of Toronto and Vector Institute), Mohammad Yaghini (University of Toronto and Vector Institute), Christopher A. Choquette-Choo (Google), Natalie Dullerud (University of Toronto and Vector Institute), Varun Chandrasekaran (Microsoft Research & University of Illinois Urbana-Champaign), Nicolas Papernot (University of Toronto and Vector Institute)

Proof-of-learning (PoL) proposes that a model owner log training checkpoints to establish a proof of having expended the compute necessary for training. The authors of PoL forego cryptographic approaches and trade rigorous security guarantees for scalability to deep learning. They empirically argued the benefit of this approach by showing how spoofing i.e., computing a proof for a stolen model, is as expensive as obtaining the proof honestly by training the model itself. However, recent work provided a counterexample and invalidated this observation. In this work, we first demonstrate that while it is true that current PoL verification is not robust to adversaries, recent work has largely underestimated this lack of robustness. This is because existing spoofing strategies are either unreproducible or target weakened instantiations of PoL---meaning they are easily thwarted by changing hyperparameters of the verification. Instead, we introduce the first spoofing strategies that can be reproduced across different configurations of the PoL verification and can be done for fractions of the cost (of previous spoofing strategies). This is possible because we identify key vulnerabilities of PoL and systematically analyze the underlying assumptions needed for robust verification of a proof. On the theoretical side, we show how realizing these assumptions reduces to open problems in learning theory. We conclude that one cannot develop a provably robust PoL verification mechanism without further understanding of optimization in deep learning.

Certifiably Vulnerable: Using Certificate Transparency Logs for Target Reconnaissance
Stijn Pletinckx (University of California, Santa Barbara), Thanh-Dat Nguyen (Delft University of Technology), Tobias Fiebig (Max Planck Institute for Informatics), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara)

The Web PKI ecosystem provides an underlying layer of security to many Internet protocols used today. By relying on Certificate Authorities (CAs), communication can be authenticated and encrypted based on a chain of trust. Unfortunately, this chain of trust has been broken in the past. For instance, in 2011, adversaries managed to issue fraudulent certificates on behalf of the DigiNotar CA, resulting in a loss of trust in DigiNotar. To better detect fraudulent certificates, Google introduced the concept of Certificate transparency (CT), which is based on append-only logs that allow one to monitor and detect wrongly issued X.509 certificates. In this work, we investigate the potential of these logs as a data source for target reconnaissance. Concretely, we divide our study into two parts: First, we deploy several honeypot web servers over a period of 200 days to study the effect on incoming scanning traffic after pushing a certificate to one or more CT logs. We find that CT leads to incoming network probes, just seconds after requesting a certificate. This suggests that CT logs are used as input for web scans. In the IPv6 address space, our web server received 2,700 packets after pushing our certificate to a CT log, compared to 0 packets in our control group. Second, we use large-scale active measurements to find potentially vulnerable domains from CT log data. Using certificate issuance and renewal patterns, we identify websites that are either at the beginning or at the end of their life cycle. Our results show that freshly deployed websites are not more likely to contain a known CVE compared to websites that just renewed their certificate. On the other side of the spectrum, however, we find that websites with an expired certificate, yet still deployed in the wild, tend to contain more outdated software, and hence more known CVEs. As such, CT logs can indeed function as a data source for target reconnaissance.

Session Chair: Paolo Palmieri

Posters

16:25 - 17:30

Online Videos

Privately Evaluating Region Overlaps with Applications to Collaborative Sensor Output Validation
Anrin Chakraborti (Duke University), Michael K. Reiter (Duke University)

Coverage and Secure Use Analysis of Content Security of Content Security Policies via Clustering
Mengxia Ren (Colorado School of Mines), Chuan Yue (Colorado School of Mines)

Session: Online Videos Q&A

17:00 - 17:30

Link: https://tudelft.zoom.us/j/93868036842

17:00 - 17:10

17:10 - 17:20

17:20 - 17:30

Session Chair: David Evans

Gala Dinner

19:00 - 22:00

Session: Web and social media

9:00 - 10:25

Chrowned by an Extension: Exploiting the Chrome DevTools Protocol
José Miguel Moreno (Universidad Carlos III de Madrid), Narseo Vallina-Rodriguez (IMDEA Networks/AppCensus), Juan Tapiador (Universidad Carlos III de Madrid)

The Chromium open-source project has become a fundamental piece of the Web as we know it today, with multiple vendors offering browsers based on its codebase. One of its most popular features is the possibility of altering or enhancing the browser functionality through third-party programs known as browser extensions. Extensions have access to a wide range of capabilities through the use of APIs exposed by Chromium. The Debugger API—arguably the most powerful of such APIs—allows extensions to use the Chrome DevTools Protocol (CDP), a capability-rich tool for debugging and instrumenting the browser. In this paper, we describe several vulnerabilities present in the Debugger API that can be used by an attacker to take control of the browser, escalate privileges, and break context isolation. We demonstrate their impact by introducing six attacks that allow an attacker to steal user information, monitor network traffic, modify site permissions (e.g., access to camera or microphone) and bypass security interstitials without user intervention, and change the browser settings. We provide working Proofs-of-Concept (PoCs) for all of them. Our attacks work in all major Chromium-based browsers as they are rooted in core components of the Chromium project. We reported our findings to the Chromium Development Team, who already fixed some of them and are currently working on fixing the remaining ones. We conclude by discussing how questionable design decisions, lack of public specifications, and an overpowered Debugger API have contributed to enable these attacks, and propose mitigations.

DarkDialogs: Automated detection of 10 dark patterns on cookie dialogs
Daniel Kirkman (University of Edinburgh), Kami Vaniea (University of Edinburgh), Daniel W Woods (University of Edinburgh)

[Presentation]

In theory, consent dialogs allow users to express privacy preferences regarding how a website and its partners process users' personal data. In reality, dialogs often employ subtle design techniques known as dark patterns that nudge users towards accepting more cookies than the user would otherwise accept. We build a system, DarkDialogs, that can automatically extract arbitrary cookie consent dialogs from a website and detect the presence of ten dark patterns. Evaluating DarkDialogs against a hand-labelled data set reveals it extracts dialogs with an accuracy of 98.7% and correctly classifies 99% of the studied dark patterns. We deployed DarkDialogs on a sample of 10,000 websites, where it successfully collected 2,092 cookie dialogs and found 3,744 instances of dark patterns. This study found that 20.92% of websites displayed a cookie dialog and that 89.5% of websites with a cookie dialog have at least one dark pattern present. We then test whether dark pattern prevalence is associated with each of: the website's popularity, the presence of a third-party consent management provider, the website's TLD, and the number of ID-like cookies.

SoK: Content Moderation in Social Media, from Guidelines to Enforcement, and Research to Practice
Mohit Singhal (The University of Texas at Arlington), Chen Ling (Boston University), Pujan Paudel (Boston University), Poojitha Thota (The University of Texas at Arlington), Nihal Kumarswamy (The University of Texas at Arlington), Gianluca Stringhini (Boston University), Shirin Nilizadeh (The University of Texas at Arlington)

[Presentation]

Social media platforms have been establishing content moderation guidelines and employing various moderation policies to counter hate speech and misinformation. The goal of this paper is to study these community guidelines and moderation practices, as well as the relevant research publications, to identify the research gaps, differences in moderation techniques, and challenges that should be tackled by the social media platforms and the research community. To this end, we study and analyze in the US jurisdiction the fourteen most popular social media content moderation guidelines and practices, and consolidate them. We then introduce three taxonomies drawn from this analysis as well as covering over two hundred interdisciplinary research papers about moderation strategies. We identify the differences between the content moderation employed in mainstream and fringe social media platforms. Finally, we have in-depth applied discussions on both research and practical challenges and solutions.

Been here already? Detecting Synchronized Browsers in the Wild
Pantelina Ioannou (University of Cyprus), Elias Athanasopoulos (University of Cyprus)

Browsers have become the most popular and used platform for accessing the web. The wide and exclusive usage of browsers as a medium for doing several tasks in the Internet comes with serious security and privacy risks for the users. For example, it has been shown that websites can employ browser fingerprinting and cross-device tracking techniques to de-anomymize or profile a user, without requiring them to register or create an account. On the other hand, one very convenient feature, available to most major web browsers, is synchronizing the browsers on different devices. Browser synchronization allows users to share settings and preferences of their browsers to multiple devices. In this paper, we are the first, to deliver a framework that can be used by web site operators to detect if different HTTP requests, issued from different browsers, are actually requests performed by the same user. For detecting this, we reconstruct different sessions based on their requested resources, timestamps and cookies. In addition, to evaluate our methodology, we conduct a user study, to collect anonymized HTTP requests from several users, and we prove that the detection of synchronized sessions by the same user is possible, with a success rate higher than 75%. Our results indicate a serious implication to users’ privacy, that has not been studied before.

Session Chair: Aurore Fass

Coffee Break

10:25 - 10:45

Session: Crypto + formal methods III

10:45 - 12:10

Asynchronous Remote Key Generation for Post-Quantum Cryptosystems from Lattices
Nick Frymann (University of Surrey), Daniel Gardham (University of Surrey), Mark Manulis (Universität der Bundeswehr München)

Asynchronous Remote Key Generation (ARKG), introduced by Frymann et al. at CCS 2020, allows for the generation of unlinkable public keys by third parties, for which corresponding private keys may be later learned only by the key pair’s legitimate owner. These key pairs can then be used in common public-key cryptosystems, including signatures, PKE, KEMs, and schemes supporting delegation, such as proxy signatures. The only known instance of ARKG generates discrete-log-based keys. In this paper, we introduce new ARKG constructions for lattice-based cryptosystems. The key pairs generated using our ARKG scheme can be applied to lattice-based signatures and KEMs, which have recently been selected for standardisation in the NIST PQ process, or as alternative candidates. In particular, we address challenges associated with the noisiness of lattice hardness assumptions, which requires a new generalised definition of ARKG correctness, whilst preserving the security and privacy properties of the former instantiation. Our ARKG construction uses key encapsulation techniques by Brendel et al. (SAC 2020) coined Split KEMs. As an additional contribution, we also show that Kyber (Bos et al., EuroS&P 2018) can be used to construct a Split KEM. The security of our protocol is based on standard LWE assumptions. We also discuss its use with selected candidates from the NIST process and provide an implementation and benchmarks.

Revelio: A Network-Level Attack Against the Privacy in the Lightning Network
Theo von Arx (ETH Zurich), Muoi Tran (ETH Zurich), Laurent Vanbever (ETH Zurich)

The Lightning Network (LN) is a widely-adopted peer-to-peer network that not only addresses Bitcoin's scaling problem but also enables private payments. LN uses a sophisticated onion encryption and routing scheme to ensure the anonymity of the payer and the payee, as well as the secrecy of the payment amount. Recent work has shown that an application-level attacker can hijack payment routes and use the resulting central position to deanonymize the sender and the receiver of a payment. However, these attacks are visible or require a significant fraction of parties to collude. This paper presents a stealthier, passive network-level attack exploiting the joint centralization of the LN at the application and at the network layers. Five autonomous systems can thus see the traffic of up to 80% of all observable communication channels and infer ongoing payments -- even though the traffic is encrypted, and many participants use Tor to hide themselves. The comprehensive view allows the attacker not only to estimate the value of a payment but also to effectively reduce the anonymity size of its endpoints. We show that this deanonymization attack, which we call Revelio, is practical in today's topology of LN and its underlying infrastructure: Our attack perfectly deanonymizes the senders or the receiver in almost one-third of tested payments.

Conjunctive Searchable Symmetric Encryption from Hard Lattices
Debadrita Talapatra (IIT Kharagpur, India), Sikhar Patranabis (IBM Research, India), Debdeep Mukhopadhyay (IIT Kharagpur, India)

[Presentation]

Searchable Symmetric Encryption (SSE) allows a (potentially untrusted) server to efficiently execute keyword search queries directly on a collection of a client's encrypted documents, while ensuring client privacy by minimizing the amount of information leakage to the server. An often overlooked aspect of existing SSE constructions is the following: while SSE is an ostensibly symmetric-key primitive, almost all SSE constructions supporting conjunctive (and more general Boolean) queries resort to classically secure public-key cryptographic techniques to achieve compact storage of the encrypted database and/or fast encrypted query processing. These schemes are inherently quantum-unsafe. On the other hand, quantum-safe SSE schemes based on purely symmetric-key cryptoprimitives are either severely limited in terms of the expressiveness of queries they support, or are highly inefficient in practice. In particular, there exists today no quantum-safe yet practically efficient SSE scheme supporting conjunctive keyword queries over encrypted document collections. We solve this open question by proposing Oblivious Post-Quantum Secure Cross Tags (PQOXT) - the first provably quantum-safe SSE scheme that supports highly scalable and practically efficient conjunctive keyword searches over extremely large encrypted document collections. The technical centerpiece of PQOXT is a novel oblivious cross-tag generation protocol with provable security guarantees derived from well-studied plausibly post-quantum secure lattice-based hardness assumptions. We prove the simulation-based post-quantum security of PQOXT with respect to a rigorously defined and thoroughly analyzed leakage profile. We then present a prototype implementation of PQOXT and experimentally validate its practical efficiency and scalability over extremely large real-world databases. Our experiments show that PQOXT is competitive with the best classically secure SSE schemes supporting conjunctive keyword queries in terms of end-to-end search latency, albeit at the cost of an increased storage overhead for the encrypted database (which we view as a tradeoff for achieving quantum-safety while retaining query expressiveness).

Provable Adversarial Safety in Cyber-Physical Systems
John H. Castellanos (CISPA Helmholtz Center for Information Security), Mohamed Maghenem (CNRS France), Alvaro Cardenas (UC Santa Cruz), Ricardo G. Sanfelice (UC Santa Cruz), Jianying Zhou (Singapore University of Technology and Design)

[Presentation]

Most proposals for securing control systems are heuristic in nature, and while they increase the protection of their target, the security guarantees they provide are unclear. This paper proposes a new way of modeling the security guarantees of a Cyber-Physical System (CPS) against arbitrary false command attacks. As our main case study, we use the most popular testbed for control systems security. We first propose a detailed formal model of this testbed and then show how the original configuration is vulnerable to a single-actuator attack. We then propose modifications to the control system and prove that our modified system is secure against arbitrary, single-actuator attacks.

Session Chair: Giancarlo Pellegrino

Lunch Break

12:10 - 13:15

Session: Analyzing attacks on things

13:15 - 14:40

AoT - Attack on Things: A security analysis of IoT firmware updates
Muhammad Ibrahim (Purdue University), Andrea Continella (University of Twente), Antonio Bianchi (Purdue University)

[Presentation]

IoT devices implement firmware update mechanisms to fix security issues and add new features. These mechanisms are often mediated by companion apps, running on smartphones, that trigger and mediate them. While crucial to keep a device updated, these mechanisms may be the cause of critical security vulnerabilities if not implemented correctly. Given their security relevance, in this paper, we perform a systematic security analysis of the firmware update mechanisms adopted by IoT devices via their companion apps. First, we define a threat model for IoT firmware updates and we categorize the different potential security issues affecting them. Then, we analyze popular IoT devices (and corresponding companion apps) to identify vulnerable devices and the SDKs that these vulnerable devices use to implement the update functionality. This analysis reveals 6 vulnerable SDKs. Additionally, for each SDK we generate a fingerprint, and we leverage this fingerprint to perform a large-scale analysis on companion apps from the Google Play Store. Our results show that 61 popular devices and 1,375 apps use these vulnerable SDKs, thus they potentially use a vulnerable firmware update mechanism.

Comprehensively Analyzing the Impact of Cyberattacks on Power Grids
Lennart Bader (Fraunhofer FKIE & RWTH Aachen University), Martin Serror (Fraunhofer FKIE), Olav Lamberts (Fraunhofer FKIE & RWTH Aachen University), Ömer Sen (RWTH Aachen University & Fraunhofer FIT), Dennis van der Velde (Fraunhofer FIT), Immanuel Hacker (RWTH Aachen University & Fraunhofer FIT), Julian Filter (RWTH Aachen University), Elmar Padilla (Fraunhofer FKIE), Martin Henze (RWTH Aachen University & Fraunhofer FKIE)

[Presentation]

The increasing digitalization of power grids and especially the shift towards IP-based communication drastically increase the susceptibility to cyberattacks, potentially leading to blackouts and physical damage. Understanding the involved risks, the interplay of communication and physical assets, and the effects of cyberattacks are paramount for the uninterrupted operation of this critical infrastructure. However, as the impact of cyberattacks cannot be researched in real-world power grids, current efforts tend to focus on analyzing isolated aspects at small scales, often covering only either physical or communication assets. To fill this gap, we present WATTSON, a comprehensive research environment that facilitates reproducing, implementing, and analyzing cyberattacks against power grids and, in particular, their impact on both communication and physical processes. We validate WATTSON's accuracy against a physical testbed and show its scalability to realistic power grid sizes. We then perform authentic cyberattacks, such as Industroyer, within the environment and study their impact on the power grid's energy and communication side. Besides known vulnerabilities, our results reveal the ripple effects of susceptible communication on complex cyber-physical processes and thus lay the foundation for effective countermeasures.

SoK: SoK: Rethinking Sensor Spoofing Attacks against Robotic Vehicles from a Systematic View Sensor Spoofing Attacks against Robotic Vehicles from a Systematic View
Yuan Xu (Nanyang Technological University), Xingshuo Han (Nanyang Technological University), Gelei Deng (Nanyang Technological University), Jiwei Li (Zhejiang University), Yang Liu (Nanyang Technological University), Tianwei Zhang (Nanyang Technological University)

Robotic Vehicles (RVs) have gained great popularity over the past few years. Meanwhile, they are also demonstrated to be vulnerable to sensor spoofing attacks. Although a wealth of research works have presented various attacks, some key questions remain unanswered: are these existing works complete enough to cover all the sensor spoofing threats? If not, how many attacks are not explored, and how difficult is it to realize them? This paper answers the above questions by comprehensively systematizing the knowledge of sensor spoofing attacks against RVs. Our contributions are threefold. (1) We identify seven common attack paths in an RV system pipeline. We categorize and assess existing spoofing attacks from the perspectives of spoofer property, operation, victim characteristic and attack goal. Based on this systematization, we identify 4 interesting insights about spoofing attack designs. (2) We propose a novel action flow model to systematically describe robotic function executions and sensor spoofing vulnerabilities. With this model, we successfully discover 103 spoofing attack vectors, 26 of which have been verified by prior works, while 77 attacks are never considered. (3) We design two novel attack methodologies to verify the feasibility of newly discovered spoofing attack vectors.

Session Chair: Gianluca Stringhini

Coffee Break

14:40 - 15:00

Session: Trusted computing and defenses

15:00 - 16:25

faulTPM: Exposing AMD fTPMs’ Deepest Secrets
Hans Niklas Jacob (Technische Universität Berlin), Christian Werling (Technische Universität Berlin), Robert Buhren (Technische Universität Berlin), Jean-Pierre Seifert (Technische Universität Berlin)

Trusted Platform Modules (TPMs) constitute an integral building block of modern security features. Moreover, as Windows 11 made a TPM 2.0 mandatory, they are subject to an ever-increasing academic challenge. While discrete TPMs (dTPMs) – as found in higher-end systems – have been susceptible to attacks on their exposed communication interface, more common firmware TPMs (fTPMs) are immune to this attack vector as they do not communicate with the CPU via an exposed bus. In this paper we analyze a new class of attacks against fTPMs: Attacking their Trusted Execution Environment (TEE) can lead to a full TPM state compromise. We experimentally verify this attack by compromising the AMD Secure Processor (AMD-SP) which constitutes the TEE for AMD’s fTPMs. In contrast to previous dTPM sniffing attacks, this vulnerability exposes the complete internal TPM state of the fTPM. It allows us to extract any cryptographic material stored or sealed by the fTPM regardless of authentication mechanisms such as Platform Configuration Register (PCR) validation or passphrases with anti-hammering protection. First, we demonstrate the impact of our findings by – to the best of our knowledge – enabling the first attack against Full Disk Encryption (FDE) solutions backed by an fTPM. Furthermore, we lay out how any application relying solely on the security properties of the TPM – like Bitlocker’s TPM-only protector – can be defeated by an attacker with 2- 3 hours of physical access to the target device. Lastly, we analyze the impact of our attack on FDE solutions protected by a TPM and PIN strategy. While a naive implementation also leaves the disk completely unprotected, we find that BitLocker’s FDE implementation withholds some protection depending on the complexity of the used PIN. Our results show that when an fTPM’s internal state is compromised, a TPM and PIN strategy for FDE is less secure than TPM-less protection with a reasonable passphrase.

CHERI-TrEE: Flexible enclaves on capability machines
Thomas Van Strydonck (KU Leuven), Job Noorman (KU Leuven), Jennifer Jackson (University of Birmingham), Leonardo Alves Dias (University of Birmingham), Robin Vanderstraeten (Vrije Universiteit Brussel), David Oswald (University of Birmingham), Frank Piessens (KU Leuven), Dominique Devriese (KU Leuven)

This paper studies the integration of two successful hardware-supported security mechanisms: capabilities and enclaved execution. *Capabilities* are a powerful and flexible security mechanism for implementing fine-grained memory access control and for compartmentalizing untrusted or buggy software components. Capabilities have a long history, but have gained significant momentum recently, as evidenced by ARM's experimental Morello processor that supports the Capability Hardware Enhanced RISC Instructions (CHERI). *Enclaved execution* is a popular mechanism for dynamically creating Trusted Execution Environments (TEEs), called *enclaves*. Enclaves are isolated execution contexts that protect integrity and confidentiality of software in the enclave (even against compromised system software) and that support attestation. Integrating capabilities and enclaved execution in a single processor is challenging because they overlap partially in their security objectives, and a clean integration should unify the way in which these overlapping objectives are achieved. In addition, it is not obvious how attestation should interact with capabilities. In this paper, we propose CHERI-TrEE: a novel design for a processor that cleanly integrates support for both capabilities and enclaved execution. CHERI-TrEE targets low-end embedded systems without virtual memory. We show that CHERI-TrEE is greater than the sum of its parts, by showing how it naturally supports useful features that have traditionally been hard to support in enclaved execution, like dynamically growing and shrinking enclaves, non-contiguous and nested enclaves, sharing of memory between enclaves etc. We implement our proposal both in hardware on a RISC-V processor, as well as in a small software hypervisor on top of ARM Morello, and evaluate impact on performance and hardware resources.

Watermarking Graph Neural Networks based on Backdoor Attacks
Jing Xu (Delft University of Technology), Stefanos Koffas (Delft University of Technology), Oguzhan Ersoy (Radboud University), Stjepan Picek (Radboud University)

Graph Neural Networks (GNNs) have achieved promising performance in various real-world applications. Building a powerful GNN model is not a trivial task, as it requires a large amount of training data, powerful computing resources, and human expertise in fine-tuning the model. Moreover, with the development of adversarial attacks, e.g., model stealing attacks, GNNs raise challenges to model authentication. To avoid copyright infringement on GNNs, verifying the ownership of the GNN models is necessary. This paper presents a watermarking framework for GNNs for both graph and node classification tasks. We 1) design two strategies to generate watermarked data for the graph classification task and one for the node classification task, 2) embed the watermark into the host model through training to obtain the watermarked GNN model, and 3) verify the ownership of the suspicious model in a black-box setting. The experiments show that our framework can verify the ownership of GNN models with a very high probability (up to $99\%$) for both tasks. Finally, we experimentally show that our watermarking approach is robust against a state-of-the-art model extraction technique and four state-of-the-art defenses against backdoor attacks.

Session Chair: Lucas Davi

Closing

16:30

Online Videos

Privately Evaluating Region Overlaps with Applications to Collaborative Sensor Output Validation
Anrin Chakraborti (Duke University), Michael K. Reiter (Duke University)

Coverage and Secure Use Analysis of Content Security of Content Security Policies via Clustering
Mengxia Ren (Colorado School of Mines), Chuan Yue (Colorado School of Mines)

Session: Online Videos Q&A

17:00 - 17:30

Link: https://tudelft.zoom.us/j/93868036842

17:00 - 17:10

17:10 - 17:20

Towards Automated Detection of Single-Trace Side-Channel Vulnerabilities in Constant-Time Cryptographic Code
Ferhat Erata (Yale University), Ruzica Piskac (Yale University), Victor Mateu (Technology Innovation Institute), Jakub Szefer (Yale University)

[Presentation]

Although cryptographic algorithms may be mathematically secure, it is often possible to leak secret information from the implementation of the algorithms. Timing and power side-channel vulnerabilities are some of the most widely considered threats to cryptographic algorithm implementations. Timing vulnerabilities may be easier to detect and exploit, and all high-quality cryptographic code today should be written in constant-time style. However, this does not prevent power side-channels from existing. With constant time code, potential attackers can resort to power side-channel attacks to try leaking secrets. Detecting potential power side-channel vulnerabilities is a tedious task, as it requires analyzing code at the assembly level and needs reasoning about which instructions could be leaking information based on their operands and their values. To help make the process of detecting potential power side-channel vulnerabilities easier for cryptographers, this work presents Pascal: Power Analysis Side Channel Attack Locator, a tool that introduces novel symbolic register analysis techniques for binary analysis of constant-time cryptographic algorithms, and verifies locations of potential power side-channel vulnerabilities with high precision. Pascal is evaluated on a number of implementations of post-quantum cryptographic algorithms, and it is able to find dozens of previously reported single-trace power side-channel vulnerabilities in these algorithms, all in an automated manner.

17:20 - 17:30

Session Chair: Herbert Bos

Affiliated Workshops: RICSS, LPW, WoRMA, AD&D, WTMC, STAST

-

Please refer to the workshop websites and mentoring sessions infopage for the programs. Directions to the venue can be found here.