Machine Learning (ML) methods have become a valuable asset to solve many real-world tasks, and ML solutions are being increasingly deployed even in production environments. In the cybersecurity domain, however, practitioners still see ML with skepticism---despite abundant research demonstrating the advantages of ML. This disconnection is due to the intrinsically somewhat limited scope of scientific papers, many of which primarily aim to demonstrate new methods ``outperforming'' prior work---and often overlook the practical implications for deploying the proposed solutions in real systems. Such limitations are particularly relevant in the context of ML for Network Intrusion Detection (NID), because ML models are ultimately a single component within a complex security system---which must protect an environment that is constantly under attack. Therefore, the real value of ML solutions for NID depends on a plethora of factors, such as hardware, that are often neglected in research endeavours. This paper aims to reduce the practitioners' skepticism towards ML for NID by changing the evaluation methodology adopted in research. Our takeaway is that such a change can and should be done to increase the security of modern network environments. We first elucidate which factors influence the operational deployment of ML in NID. Then, we propose the notion of pragmatic assessment, which enable practitioners to gauge the real value of an ML method for NID proposed in research. After showing that the state-of-the-art does not allow to estimate the value of existing ML methods, we carry out a pragmatic assessment. We perform a massive experimental campaign focused on the classification of malicious network traffic, and consider hundreds of configuration settings. Our ML models are trained using diverse: datasets, labelling budgets, feature sets, hardware platforms, preprocessing tools, and ML algorithms; all our ML models are tested against known, unknown, and adversarial attacks. Our (reproducible) evaluations allow practitioners to objectively estimate the quality of ML for NID. We conduct a survey with practitioners to validate our major claims.

The current IP-based Internet faces several security and privacy issues. Information-Centric Networking (ICN) aims at overcoming such issues by moving the Internet paradigm from host-centric to content-centric. In this networking paradigm, Interest Flooding Attacks (IFAs) represent a new and dangerous sort of Distributed Denial of Service (DDoS). Existing proposals aiming at identifying IFAs mainly focus on local -- i.e., device-centric -- information, failing to consider complex global relations. Furthermore, complete and meaningful IFA datasets useful for designing detection mechanisms are currently missing. To overcome these issues, we propose GNN4IFA, the first mechanism that considers complex non-local knowledge for IFA detection in the ICN context, leveraging Graph Neural Networks (GNNs). Handling the overall network topology, GNNs deal with intricate but representative devices interactions and network behaviour, thus overcoming the locality issue of traditional IFA detection mechanisms. To test the mechanism, we collect a novel dataset -- i.e., SPOTIFAI -- containing ~40 IFA heterogeneous scenarios over three network topologies. Our solution shows high performance on all the tested topologies and setups, reaching a detection rate higher than 99% and a negligible false positive rate, while requiring a small computational cost. Indeed, GNN4IFA reaches up to a 6% of accuracy improvement compared to the state-of-the-art for its supervised configuration and 10% of true positive rate increase for the unsupervised approach. Moreover, for IFA detection mechanisms it is of paramount importance to generalise their detection independently of the underlying topology. However, this aspect is ignored by previous state-of-the-art solutions. To alleviate this shortfall, we here analyse if and up to what extent GNN4IFA can transfer its detection on network topologies different from the one used in its design phase. Interestingly, GNN4IFA shows high generalisation capabilities, especially when transferred from large topologies to small ones. Thus, GNN4IFA overcomes the available state-of-the-art IFA detection mechanisms both in terms of transferability and raw detection performance.

Microarchitectural optimizations are expected to play a crucial role in ensuring performance scalability in future technology nodes. However, recent attacks have demonstrated that microarchitectural optimizations, which were assumed to be secure, can be exploited. Moreover, new attacks surface at a rapid pace limiting the scope of existing defenses. These developments prompt the need to review microarchitectural optimizations with an emphasis on security, understand the attack landscape and the potential defense strategies. We analyze timing-based side-channel attacks targeting a diverse set of microarchitectural optimizations. We provide a framework for analysing non-transient and transient attacks, which highlights the similarities. We identify the four root causes of timing-based side-channel attacks: determinism, sharing, access violation and information flow, through our systematic analysis. Our key insight is that a subset (or all) of the root causes are exploited by attacks and eliminating any of the exploited root causes, in any attack step, is enough to provide protection. Leveraging our framework, we systematize existing defenses and show that they target these root causes in the different attack steps.

Preventing information leakage through microarchitectural side channels is notoriously challenging and continues to be an important research question. In this regard, recent work has shown that automated, compiler-assisted instruction balancing can be applied in the context of small, embedded processors with deterministic timing behavior. However, even in such small processors, new and more subtle microarchitectural side channels continue to be discovered. In this paper, we investigate how to systematically augment a vendor-provided instruction set architecture (ISA) specification with instruction-specific microarchitectural leakage profiles. Concretely, we focus on mitigating a recently uncovered microarchitectural side channel resulting from direct memory access (DMA) capabilities on 16-bit openMSP430 processors. We first develop a principled microarchitectural profiling methodology to systematically extract DMA leakage traces for all possible MSP430 instructions. Next, building on this augmented ISA, we develop practical attacks, an improved compiler mitigation, and we extend a binary validation tool. We experimentally confirm that our improved mitigation fully eliminates information leakage from both the original instruction timings and DMA traces without incurring any additional overhead compared to the original instruction balancing approach.

Many recent attacks such as Branch Target Injection (BTI, aka Spectre v2) take advantage of speculative execution in modern processors, and in particular the inherent race condition between transient execution of code at the predicted target of a branch and the architectural resolution of the branch. This can create a speculation window in which code can be transiently executed at an unintended target, and mitigations for these attacks often focus on minimizing or removing such windows. By investigating the potential sources of latency that may contribute to such a speculation window, such as pipeline contention and simultaneous multithreading (SMT) activity, we show that an attacker can ``win the race'' despite the adoption of widely-used mitigations, on a variety of different x86 CPUs. We also show that such speculation windows may be present for predictions of direct branches. This enables a new class of BTI-style attacks that do not depend on indirect branches, and bypass the majority of existing mitigations against such attacks.

Although cryptographic algorithms may be mathematically secure, it is often possible to leak secret information from the implementation of the algorithms. Timing and power side-channel vulnerabilities are some of the most widely considered threats to cryptographic algorithm implementations. Timing vulnerabilities may be easier to detect and exploit, and all high-quality cryptographic code today should be written in constant-time style. However, this does not prevent power side-channels from existing. With constant time code, potential attackers can resort to power side-channel attacks to try leaking secrets. Detecting potential power side-channel vulnerabilities is a tedious task, as it requires analyzing code at the assembly level and needs reasoning about which instructions could be leaking information based on their operands and their values. To help make the process of detecting potential power side-channel vulnerabilities easier for cryptographers, this work presents Pascal: Power Analysis Side Channel Attack Locator, a tool that introduces novel symbolic register analysis techniques for binary analysis of constant-time cryptographic algorithms, and verifies locations of potential power side-channel vulnerabilities with high precision. Pascal is evaluated on a number of implementations of post-quantum cryptographic algorithms, and it is able to find dozens of previously reported single-trace power side-channel vulnerabilities in these algorithms, all in an automated manner.

It is universally acknowledged that Wi-Fi communications are important to secure. Thus, the Wi-Fi Alliance published WPA3 in 2018 with a distinctive security feature: it leverages a Password-Authenticated Key Exchange (PAKE) protocol to protect users' passwords from offline dictionary attacks. Unfortunately, soon after its release, several attacks were reported against its implementations, in response to which the protocol was updated in a best-effort manner. In this paper, we show that the proposed mitigations are not enough, especially for a complex protocol to implement even for savvy developers. Indeed, we present Dragondoom, a collection of side-channel vulnerabilities of varying strength allowing attackers to recover users' passwords in widely deployed WiFi daemons, such as hostap in its default settings. Our findings target both password conversion methods, namely the default probabilistic hunting-and-pecking and its newly standardized deterministic alternative based on SSWU. We successfully exploit our leakage in practice through microarchitectural mechanisms, despite the limited spatial resolution of Flush+Reload. Our attacks outperform previous works in terms of required measurements. Then, driven by the need to end the spiral of patch-and-hack in Dragonfly implementations, we propose Dragonstar, an implementation of Dragonfly leveraging a formally verified implementation of the underlying mathematical operations, thereby removing all the related leakage vector. Our implementation relies on HACL*, a formally verified crypto library guaranteeing secret-independence. We design Dragonstar, so that its integration within hostap requires minimal modifications to the existing project. Our experiments show that the performance of HACL*-based hostap is comparable to OpenSSL-based, implying that Dragonstar is both efficient and proved to be leakage-free.

Fair exchange protocols let two mutually distrustful parties exchange digital data in a way that neither party can cheat. They have various applications such as the exchange of digital items, or the exchange of digital coins and digital services between a buyer/client and seller/server. In this work, we formally define and propose a generic blockchain-based construction called “Recurring Contingent Service Payment” (RC-S-P). It (i) lets a fair exchange of digital coins and verifiable service reoccur securely between clients and a server while ensuring that the server is paid if and only if it delivers a valid service, and (ii) ensures the parties’ privacy is preserved. RC-S-P supports arbitrary verifiable services, such as “Proofs of Retrievability” (PoR) or verifiable computation and imposes low on-chain overheads. Our formal treatment and construction, for the first time, consider the setting where either client or server is malicious. We also present a concrete efficient instantiation of RC- S-P when the verifiable service is PoR. We implemented the concrete instantiation and analysed its cost. When it deals with a 4-GB outsourced file, a verifier can check a proof in only 90 milliseconds, and a dispute between a prover and verifier is resolved in 0.1 milliseconds. At CCS 2017, two blockchain-based protocols were pro- posed to support the fair exchange of digital coins and a certain verifiable service; namely, PoR. In this work, we show that these protocols (i) are susceptible to a free-riding attack which enables a client to receive the service without paying the server, and (ii) are not suitable for cases where parties’ privacy matters, e.g., when the server’s proof status or buyer’s file size must remain private from the public. RC- S-P simultaneously mitigates the above attack and preserves the parties’ privacy.

The offline-online model is a leading paradigm for practical secure multi-party computation (MPC) protocol design that has successfully reduced the overhead for several prevalent privacy-preserving computation functionalities common to diverse application domains. However, the prohibitive overheads associated with secure comparison - one of these vital functionalities - often bottlenecks current and envisioned MPC solutions. Indeed, an efficient secure comparison solution has the potential for significant real-world impact through its broad applications. This work identifies and presents SIM, a secure protocol for the functionality of interval membership testing. This security functionality, in particular, facilitates secure less-than-zero testing and, in turn, secure comparison. A key technical challenge is to support a fast online protocol for testing in large integer rings while keeping the precomputation tractable. Motivated by the map-reduce paradigm, this work introduces the innovation of (1) computing a sequence of intermediate functionalities on a partition of the input into input blocks and (2) securely aggregating the output from these intermediate outputs. This innovation allows controlling the size of the precomputation through a granularity parameter representing these input blocks' size - enabling application-specific automated compiler optimizations. To demonstrate our protocols' efficiency, we implement and test their performance in a high-demand application: privacy-preserving machine learning. The benchmark results show that switching to our protocols yields significant performance improvement, which indicates that using our protocol in a plug-and-play fashion can improve the performance of various security applications. Our new paradigm of protocol design may be of independent interest because of its potential for extensions to other functionalities of practical interest.

EDHOC is a lightweight authenticated key exchange protocol for IoT communication, currently being standardized by the IETF. Its design is a trimmed-down version of similar protocols like TLS 1.3, building on the SIGn-then-MAc (SIGMA) rationale. In its trimming, however, EDHOC notably deviates from the SIGMA design by sending only short, non-unique credential identifiers, and letting recipients perform trial verification to determine the correct communication partner. Done naively, this can lead to identity misbinding attacks when an attacker can control some of the user keys, invalidating the original SIGMA security analysis and contesting the security of EDHOC. In this work, we formalize a multi-stage key exchange security model capturing the potential attack vectors introduced by non-unique credential identifiers. We show that EDHOC, in its latest draft version 17, indeed achieves session key security and user authentication even in a strong model where the adversary can register malicious keys with colliding identifiers, given that the employed signature scheme provides so-called exclusive ownership. Through our security result, we confirm cryptographic improvements integrated by the IETF working group in recent draft versions of EDHOC based on recommendations from our and others' analysis.

Proof-of-learning (PoL) proposes that a model owner log training checkpoints to establish a proof of having expended the compute necessary for training. The authors of PoL forego cryptographic approaches and trade rigorous security guarantees for scalability to deep learning. They empirically argued the benefit of this approach by showing how spoofing i.e., computing a proof for a stolen model, is as expensive as obtaining the proof honestly by training the model itself. However, recent work provided a counterexample and invalidated this observation. In this work, we first demonstrate that while it is true that current PoL verification is not robust to adversaries, recent work has largely underestimated this lack of robustness. This is because existing spoofing strategies are either unreproducible or target weakened instantiations of PoL---meaning they are easily thwarted by changing hyperparameters of the verification. Instead, we introduce the first spoofing strategies that can be reproduced across different configurations of the PoL verification and can be done for fractions of the cost (of previous spoofing strategies). This is possible because we identify key vulnerabilities of PoL and systematically analyze the underlying assumptions needed for robust verification of a proof. On the theoretical side, we show how realizing these assumptions reduces to open problems in learning theory. We conclude that one cannot develop a provably robust PoL verification mechanism without further understanding of optimization in deep learning.

The Web PKI ecosystem provides an underlying layer of security to many Internet protocols used today. By relying on Certificate Authorities (CAs), communication can be authenticated and encrypted based on a chain of trust. Unfortunately, this chain of trust has been broken in the past. For instance, in 2011, adversaries managed to issue fraudulent certificates on behalf of the DigiNotar CA, resulting in a loss of trust in DigiNotar. To better detect fraudulent certificates, Google introduced the concept of Certificate transparency (CT), which is based on append-only logs that allow one to monitor and detect wrongly issued X.509 certificates. In this work, we investigate the potential of these logs as a data source for target reconnaissance. Concretely, we divide our study into two parts: First, we deploy several honeypot web servers over a period of 200 days to study the effect on incoming scanning traffic after pushing a certificate to one or more CT logs. We find that CT leads to incoming network probes, just seconds after requesting a certificate. This suggests that CT logs are used as input for web scans. In the IPv6 address space, our web server received 2,700 packets after pushing our certificate to a CT log, compared to 0 packets in our control group. Second, we use large-scale active measurements to find potentially vulnerable domains from CT log data. Using certificate issuance and renewal patterns, we identify websites that are either at the beginning or at the end of their life cycle. Our results show that freshly deployed websites are not more likely to contain a known CVE compared to websites that just renewed their certificate. On the other side of the spectrum, however, we find that websites with an expired certificate, yet still deployed in the wild, tend to contain more outdated software, and hence more known CVEs. As such, CT logs can indeed function as a data source for target reconnaissance.

The Chromium open-source project has become a fundamental piece of the Web as we know it today, with multiple vendors offering browsers based on its codebase. One of its most popular features is the possibility of altering or enhancing the browser functionality through third-party programs known as browser extensions. Extensions have access to a wide range of capabilities through the use of APIs exposed by Chromium. The Debugger API—arguably the most powerful of such APIs—allows extensions to use the Chrome DevTools Protocol (CDP), a capability-rich tool for debugging and instrumenting the browser. In this paper, we describe several vulnerabilities present in the Debugger API that can be used by an attacker to take control of the browser, escalate privileges, and break context isolation. We demonstrate their impact by introducing six attacks that allow an attacker to steal user information, monitor network traffic, modify site permissions (e.g., access to camera or microphone) and bypass security interstitials without user intervention, and change the browser settings. We provide working Proofs-of-Concept (PoCs) for all of them. Our attacks work in all major Chromium-based browsers as they are rooted in core components of the Chromium project. We reported our findings to the Chromium Development Team, who already fixed some of them and are currently working on fixing the remaining ones. We conclude by discussing how questionable design decisions, lack of public specifications, and an overpowered Debugger API have contributed to enable these attacks, and propose mitigations.

In theory, consent dialogs allow users to express privacy preferences regarding how a website and its partners process users' personal data. In reality, dialogs often employ subtle design techniques known as dark patterns that nudge users towards accepting more cookies than the user would otherwise accept. We build a system, DarkDialogs, that can automatically extract arbitrary cookie consent dialogs from a website and detect the presence of ten dark patterns. Evaluating DarkDialogs against a hand-labelled data set reveals it extracts dialogs with an accuracy of 98.7% and correctly classifies 99% of the studied dark patterns. We deployed DarkDialogs on a sample of 10,000 websites, where it successfully collected 2,092 cookie dialogs and found 3,744 instances of dark patterns. This study found that 20.92% of websites displayed a cookie dialog and that 89.5% of websites with a cookie dialog have at least one dark pattern present. We then test whether dark pattern prevalence is associated with each of: the website's popularity, the presence of a third-party consent management provider, the website's TLD, and the number of ID-like cookies.

Social media platforms have been establishing content moderation guidelines and employing various moderation policies to counter hate speech and misinformation. The goal of this paper is to study these community guidelines and moderation practices, as well as the relevant research publications, to identify the research gaps, differences in moderation techniques, and challenges that should be tackled by the social media platforms and the research community. To this end, we study and analyze in the US jurisdiction the fourteen most popular social media content moderation guidelines and practices, and consolidate them. We then introduce three taxonomies drawn from this analysis as well as covering over two hundred interdisciplinary research papers about moderation strategies. We identify the differences between the content moderation employed in mainstream and fringe social media platforms. Finally, we have in-depth applied discussions on both research and practical challenges and solutions.

People worry that anonymous access would invite misbehavior, e.g., hate speech on web applications. It is desirable to build a judgment layer on top of anonymous credentials such that an external mechanism can assign a score to each authenticated session, putting any misbehaving users in a blocklist. Such anonymous reputation systems focus on an authentication logic over data structures that maintains the session score and its linkage to the originating credential. For fast authentication, state-of-the-art designs require a fixed-length first-in-first-out session queue, leaving no room for prolonged judgments or remedies. This unveils their global-halting loophole -- one hard-to-judge session (waiting for consensus or investigation) would cease authentication of all users due to a backlog of unjudged ones. We propose SMART (slack management of anonymous reputation traits), a new credential design maintaining multiple queues so the server can temporarily judge sessions multiple times before finalization. Such slackness removes the binary judgment of old designs -- if misbehavior is not judged on time, it will be forgiven forever. Realizing the authentication semantics in zero-knowledge requires a dedicated design. We avoid the common but relatively heavy tools such as accumulator and proof of shuffle over multi-queue of signed sessions -- for a consistent yet unlinkable updating data structure maintaining its invariants -- with sessions rearranged according to externally updating judgments. Notably, SMART enjoys the slackness ``for free'' -- authentication time is linear in the number of queues but independent of the number of sessions accumulated in any queue.

Browsers have become the most popular and used platform for accessing the web. The wide and exclusive usage of browsers as a medium for doing several tasks in the Internet comes with serious security and privacy risks for the users. For example, it has been shown that websites can employ browser fingerprinting and cross-device tracking techniques to de-anomymize or profile a user, without requiring them to register or create an account. On the other hand, one very convenient feature, available to most major web browsers, is synchronizing the browsers on different devices. Browser synchronization allows users to share settings and preferences of their browsers to multiple devices. In this paper, we are the first, to deliver a framework that can be used by web site operators to detect if different HTTP requests, issued from different browsers, are actually requests performed by the same user. For detecting this, we reconstruct different sessions based on their requested resources, timestamps and cookies. In addition, to evaluate our methodology, we conduct a user study, to collect anonymized HTTP requests from several users, and we prove that the detection of synchronized sessions by the same user is possible, with a success rate higher than 75%. Our results indicate a serious implication to users’ privacy, that has not been studied before.

Asynchronous Remote Key Generation (ARKG), introduced by Frymann et al. at CCS 2020, allows for the generation of unlinkable public keys by third parties, for which corresponding private keys may be later learned only by the key pair’s legitimate owner. These key pairs can then be used in common public-key cryptosystems, including signatures, PKE, KEMs, and schemes supporting delegation, such as proxy signatures. The only known instance of ARKG generates discrete-log-based keys. In this paper, we introduce new ARKG constructions for lattice-based cryptosystems. The key pairs generated using our ARKG scheme can be applied to lattice-based signatures and KEMs, which have recently been selected for standardisation in the NIST PQ process, or as alternative candidates. In particular, we address challenges associated with the noisiness of lattice hardness assumptions, which requires a new generalised definition of ARKG correctness, whilst preserving the security and privacy properties of the former instantiation. Our ARKG construction uses key encapsulation techniques by Brendel et al. (SAC 2020) coined Split KEMs. As an additional contribution, we also show that Kyber (Bos et al., EuroS&P 2018) can be used to construct a Split KEM. The security of our protocol is based on standard LWE assumptions. We also discuss its use with selected candidates from the NIST process and provide an implementation and benchmarks.

The Lightning Network (LN) is a widely-adopted peer-to-peer network that not only addresses Bitcoin's scaling problem but also enables private payments. LN uses a sophisticated onion encryption and routing scheme to ensure the anonymity of the payer and the payee, as well as the secrecy of the payment amount. Recent work has shown that an application-level attacker can hijack payment routes and use the resulting central position to deanonymize the sender and the receiver of a payment. However, these attacks are visible or require a significant fraction of parties to collude. This paper presents a stealthier, passive network-level attack exploiting the joint centralization of the LN at the application and at the network layers. Five autonomous systems can thus see the traffic of up to 80% of all observable communication channels and infer ongoing payments -- even though the traffic is encrypted, and many participants use Tor to hide themselves. The comprehensive view allows the attacker not only to estimate the value of a payment but also to effectively reduce the anonymity size of its endpoints. We show that this deanonymization attack, which we call Revelio, is practical in today's topology of LN and its underlying infrastructure: Our attack perfectly deanonymizes the senders or the receiver in almost one-third of tested payments.

Searchable Symmetric Encryption (SSE) allows a (potentially untrusted) server to efficiently execute keyword search queries directly on a collection of a client's encrypted documents, while ensuring client privacy by minimizing the amount of information leakage to the server. An often overlooked aspect of existing SSE constructions is the following: while SSE is an ostensibly symmetric-key primitive, almost all SSE constructions supporting conjunctive (and more general Boolean) queries resort to classically secure public-key cryptographic techniques to achieve compact storage of the encrypted database and/or fast encrypted query processing. These schemes are inherently quantum-unsafe. On the other hand, quantum-safe SSE schemes based on purely symmetric-key cryptoprimitives are either severely limited in terms of the expressiveness of queries they support, or are highly inefficient in practice. In particular, there exists today no quantum-safe yet practically efficient SSE scheme supporting conjunctive keyword queries over encrypted document collections. We solve this open question by proposing Oblivious Post-Quantum Secure Cross Tags (PQOXT) - the first provably quantum-safe SSE scheme that supports highly scalable and practically efficient conjunctive keyword searches over extremely large encrypted document collections. The technical centerpiece of PQOXT is a novel oblivious cross-tag generation protocol with provable security guarantees derived from well-studied plausibly post-quantum secure lattice-based hardness assumptions. We prove the simulation-based post-quantum security of PQOXT with respect to a rigorously defined and thoroughly analyzed leakage profile. We then present a prototype implementation of PQOXT and experimentally validate its practical efficiency and scalability over extremely large real-world databases. Our experiments show that PQOXT is competitive with the best classically secure SSE schemes supporting conjunctive keyword queries in terms of end-to-end search latency, albeit at the cost of an increased storage overhead for the encrypted database (which we view as a tradeoff for achieving quantum-safety while retaining query expressiveness).

Most proposals for securing control systems are heuristic in nature, and while they increase the protection of their target, the security guarantees they provide are unclear. This paper proposes a new way of modeling the security guarantees of a Cyber-Physical System (CPS) against arbitrary false command attacks. As our main case study, we use the most popular testbed for control systems security. We first propose a detailed formal model of this testbed and then show how the original configuration is vulnerable to a single-actuator attack. We then propose modifications to the control system and prove that our modified system is secure against arbitrary, single-actuator attacks.

Advances in computer vision have made it possible to accurately map objects as regions in 3-dimensional space using LIDAR point clouds. These systems are key building blocks of several emerging technologies including autonomous vehicles. Comparing and validating the output of sensors at different vantage points observing the same scenery can enable these systems to detect faults, identify common obstacles, and improve decision making. However sharing sensor outputs among mutually untrusting parties can leak unwanted information, e.g., model parameters or relative location of the sensors. This work initiates the study of cryptographic protocols that enable two parties observing regions (or objects) in an arbitrary-dimension Euclidean space to privately detect if the regions overlap and approximate the volume of the overlapping region. The protocols rely only on cheap symmetric-key primitives and feature reasonable communication costs and compute times. As applications, the protocols have been benchmarked on data generated from the CARLA autonomous driving simulator and the ScanNet 3D image dataset; they outperform a 2PC garbled-circuit baseline in communication volume and compute time. For instance it takes roughly 0.5 seconds to approximate the volume of the overlapping region of two 3D boxes with low error probability.

Data collection through the Internet of Things (IoT) devices, or smart devices, in commercial buildings enables possibilities for increased convenience and energy efficiency. However, such benefits face a large perceptual challenge when being implemented in practice, due to the different ways occupants working in the buildings understand and trust in the data collection. The semi-public, pervasive, and multi-modal nature of data collection in smart buildings points to the need to study occupants' understanding of data collection and notification preferences. We conduct an online study with 492 participants in the US who report working in smart commercial buildings regarding: 1) awareness and perception of data collection in smart commercial buildings, 2) privacy notification preferences, and 3) potential factors for privacy notification preferences. We find that around half of the participants are not fully aware of the data collection and use practices of IoT even though they notice the presence of IoT devices and sensors. We also discover many misunderstandings around different data practices. The majority of participants want to be notified of data practices in smart buildings, and they prefer push notifications to passive ones such as websites or physical signs. Surprisingly, mobile app notification, despite being a popular channel for smart homes, is the least preferred method for smart commercial buildings.

IoT devices implement firmware update mechanisms to fix security issues and add new features. These mechanisms are often mediated by companion apps, running on smartphones, that trigger and mediate them. While crucial to keep a device updated, these mechanisms may be the cause of critical security vulnerabilities if not implemented correctly. Given their security relevance, in this paper, we perform a systematic security analysis of the firmware update mechanisms adopted by IoT devices via their companion apps. First, we define a threat model for IoT firmware updates and we categorize the different potential security issues affecting them. Then, we analyze popular IoT devices (and corresponding companion apps) to identify vulnerable devices and the SDKs that these vulnerable devices use to implement the update functionality. This analysis reveals 6 vulnerable SDKs. Additionally, for each SDK we generate a fingerprint, and we leverage this fingerprint to perform a large-scale analysis on companion apps from the Google Play Store. Our results show that 61 popular devices and 1,375 apps use these vulnerable SDKs, thus they potentially use a vulnerable firmware update mechanism.

The increasing digitalization of power grids and especially the shift towards IP-based communication drastically increase the susceptibility to cyberattacks, potentially leading to blackouts and physical damage. Understanding the involved risks, the interplay of communication and physical assets, and the effects of cyberattacks are paramount for the uninterrupted operation of this critical infrastructure. However, as the impact of cyberattacks cannot be researched in real-world power grids, current efforts tend to focus on analyzing isolated aspects at small scales, often covering only either physical or communication assets. To fill this gap, we present WATTSON, a comprehensive research environment that facilitates reproducing, implementing, and analyzing cyberattacks against power grids and, in particular, their impact on both communication and physical processes. We validate WATTSON's accuracy against a physical testbed and show its scalability to realistic power grid sizes. We then perform authentic cyberattacks, such as Industroyer, within the environment and study their impact on the power grid's energy and communication side. Besides known vulnerabilities, our results reveal the ripple effects of susceptible communication on complex cyber-physical processes and thus lay the foundation for effective countermeasures.

Robotic Vehicles (RVs) have gained great popularity over the past few years. Meanwhile, they are also demonstrated to be vulnerable to sensor spoofing attacks. Although a wealth of research works have presented various attacks, some key questions remain unanswered: are these existing works complete enough to cover all the sensor spoofing threats? If not, how many attacks are not explored, and how difficult is it to realize them? This paper answers the above questions by comprehensively systematizing the knowledge of sensor spoofing attacks against RVs. Our contributions are threefold. (1) We identify seven common attack paths in an RV system pipeline. We categorize and assess existing spoofing attacks from the perspectives of spoofer property, operation, victim characteristic and attack goal. Based on this systematization, we identify 4 interesting insights about spoofing attack designs. (2) We propose a novel action flow model to systematically describe robotic function executions and sensor spoofing vulnerabilities. With this model, we successfully discover 103 spoofing attack vectors, 26 of which have been verified by prior works, while 77 attacks are never considered. (3) We design two novel attack methodologies to verify the feasibility of newly discovered spoofing attack vectors.

Packages in the Node.js ecosystem often suffer from serious vulnerabilities such as arbitrary command injection and code execution. Existing taint analysis tools fall short in providing an end-to-end infrastructure for automatically detecting and triaging these vulnerabilities. We develop NodeMedic, an end-to-end analysis infrastructure that automates driver creation, performs precise yet scalable dynamic taint propagation via algorithmically tuned propagation policies, and exposes taint provenance information as a provenance graph. Using provenance graphs we develop two post-detection analyses: Automated constraint-based exploit synthesis to confirm true vulnerabilities; Attack-Defense-tree-based rating of flow exploitability. We demonstrate the effectiveness of NodeMedic through a large-scale evaluation of 10,000 Node.js packages. Our evaluation uncovers 155 vulnerabilities, of which 153 are previously undisclosed, and 108 were confirmed with automatically synthesized exploits. We plan to open source NodeMedic and a suite of 589 taint precision unit tests.

Trusted Platform Modules (TPMs) constitute an integral building block of modern security features. Moreover, as Windows 11 made a TPM 2.0 mandatory, they are subject to an ever-increasing academic challenge. While discrete TPMs (dTPMs) – as found in higher-end systems – have been susceptible to attacks on their exposed communication interface, more common firmware TPMs (fTPMs) are immune to this attack vector as they do not communicate with the CPU via an exposed bus. In this paper we analyze a new class of attacks against fTPMs: Attacking their Trusted Execution Environment (TEE) can lead to a full TPM state compromise. We experimentally verify this attack by compromising the AMD Secure Processor (AMD-SP) which constitutes the TEE for AMD’s fTPMs. In contrast to previous dTPM sniffing attacks, this vulnerability exposes the complete internal TPM state of the fTPM. It allows us to extract any cryptographic material stored or sealed by the fTPM regardless of authentication mechanisms such as Platform Configuration Register (PCR) validation or passphrases with anti-hammering protection. First, we demonstrate the impact of our findings by – to the best of our knowledge – enabling the first attack against Full Disk Encryption (FDE) solutions backed by an fTPM. Furthermore, we lay out how any application relying solely on the security properties of the TPM – like Bitlocker’s TPM-only protector – can be defeated by an attacker with 2- 3 hours of physical access to the target device. Lastly, we analyze the impact of our attack on FDE solutions protected by a TPM and PIN strategy. While a naive implementation also leaves the disk completely unprotected, we find that BitLocker’s FDE implementation withholds some protection depending on the complexity of the used PIN. Our results show that when an fTPM’s internal state is compromised, a TPM and PIN strategy for FDE is less secure than TPM-less protection with a reasonable passphrase.

This paper studies the integration of two successful hardware-supported security mechanisms: capabilities and enclaved execution. *Capabilities* are a powerful and flexible security mechanism for implementing fine-grained memory access control and for compartmentalizing untrusted or buggy software components. Capabilities have a long history, but have gained significant momentum recently, as evidenced by ARM's experimental Morello processor that supports the Capability Hardware Enhanced RISC Instructions (CHERI). *Enclaved execution* is a popular mechanism for dynamically creating Trusted Execution Environments (TEEs), called *enclaves*. Enclaves are isolated execution contexts that protect integrity and confidentiality of software in the enclave (even against compromised system software) and that support attestation. Integrating capabilities and enclaved execution in a single processor is challenging because they overlap partially in their security objectives, and a clean integration should unify the way in which these overlapping objectives are achieved. In addition, it is not obvious how attestation should interact with capabilities. In this paper, we propose CHERI-TrEE: a novel design for a processor that cleanly integrates support for both capabilities and enclaved execution. CHERI-TrEE targets low-end embedded systems without virtual memory. We show that CHERI-TrEE is greater than the sum of its parts, by showing how it naturally supports useful features that have traditionally been hard to support in enclaved execution, like dynamically growing and shrinking enclaves, non-contiguous and nested enclaves, sharing of memory between enclaves etc. We implement our proposal both in hardware on a RISC-V processor, as well as in a small software hypervisor on top of ARM Morello, and evaluate impact on performance and hardware resources.

Additive Manufacturing (AM) is critical for the fourth industrial revolution (i.e., Industry 4.0). It involves printing a 3D object layer-by-layer from scratch. Fused filament fabrication (FFF), one of the most widely used AM technology, has been adopted by commercial and domestic consumers. With the recent addition of metal filaments, FFF caters to a broad spectrum of manufacturing industry requirements. Cybersecurity and Quality Assurance (QA) of the FFF process is an active research area. Like any other cyber-physical system, FFF exhibits many side channels (SCs), including acoustic and thermal emissions, vibrations, etc. Researchers in the QA domain use SCs to predict defects in the printed parts. Cybersecurity researchers, on the other hand, utilize SCs to identify malicious anomalies in the process. While the aims are different, there are definite overlaps in both communities' acquisition and analysis methodologies. As the two communities bring distinct skill sets and expertise, we find an opportunity to bring them closer through a systematic study of available work and identifying the commonalities and distinctions to motivate the consumption of cross-domain knowledge. Our approach to systematizing the knowledge is based on identifying the available SC, the acquisition and analysis methodologies, performance statistics, associated challenges, and future research directions. This knowledge consolidation and systematization exercise will not only help the new researchers aiming to explore SCs in the FFF process but also highlight collaboration opportunities between QA and cybersecurity communities.

Graph Neural Networks (GNNs) have achieved promising performance in various real-world applications. Building a powerful GNN model is not a trivial task, as it requires a large amount of training data, powerful computing resources, and human expertise in fine-tuning the model. Moreover, with the development of adversarial attacks, e.g., model stealing attacks, GNNs raise challenges to model authentication. To avoid copyright infringement on GNNs, verifying the ownership of the GNN models is necessary. This paper presents a watermarking framework for GNNs for both graph and node classification tasks. We 1) design two strategies to generate watermarked data for the graph classification task and one for the node classification task, 2) embed the watermark into the host model through training to obtain the watermarked GNN model, and 3) verify the ownership of the suspicious model in a black-box setting. The experiments show that our framework can verify the ownership of GNN models with a very high probability (up to $99\%$) for both tasks. Finally, we experimentally show that our watermarking approach is robust against a state-of-the-art model extraction technique and four state-of-the-art defenses against backdoor attacks.