-
SoK: Web Authentication in the Age of End-to-End Encryption
Authors:
Jenny Blessing,
Daniel Hugenroth,
Ross J. Anderson,
Alastair R. Beresford
Abstract:
The advent of end-to-end encrypted (E2EE) messaging and backup services has brought new challenges for usable authentication. Compared to regular web services, the nature of E2EE implies that the provider cannot recover data for users who have forgotten passwords or lost devices. Therefore, new forms of robustness and recoverability are required, leading to a plethora of solutions ranging from ran…
▽ More
The advent of end-to-end encrypted (E2EE) messaging and backup services has brought new challenges for usable authentication. Compared to regular web services, the nature of E2EE implies that the provider cannot recover data for users who have forgotten passwords or lost devices. Therefore, new forms of robustness and recoverability are required, leading to a plethora of solutions ranging from randomly-generated recovery codes to threshold-based social verification. These implications also spread to new forms of authentication and legacy web services: passwordless authentication ("passkeys") has become a promising candidate to replace passwords altogether, but are inherently device-bound. However, users expect that they can login from multiple devices and recover their passwords in case of device loss--prompting providers to sync credentials to cloud storage using E2EE, resulting in the very same authentication challenges of regular E2EE services. Hence, E2EE authentication quickly becomes relevant not only for a niche group of dedicated E2EE enthusiasts but for the general public using the passwordless authentication techniques promoted by their device vendors. In this paper we systematize existing research literature and industry practice relating to security, privacy, usability, and recoverability of E2EE authentication. We investigate authentication and recovery schemes in all widely-used E2EE web services and survey passwordless authentication deployment in the top-200 most popular websites. Finally, we present concrete research directions based on observed gaps between industry deployment and academic literature.
△ Less
Submitted 26 June, 2024;
originally announced June 2024.
-
ModZoo: A Large-Scale Study of Modded Android Apps and their Markets
Authors:
Luis A. Saavedra,
Hridoy S. Dutta,
Alastair R. Beresford,
Alice Hutchings
Abstract:
We present the results of the first large-scale study into Android markets that offer modified or modded apps: apps whose features and functionality have been altered by a third-party. We analyse over 146k (thousand) apps obtained from 13 of the most popular modded app markets. Around 90% of apps we collect are altered in some way when compared to the official counterparts on Google Play. Modifica…
▽ More
We present the results of the first large-scale study into Android markets that offer modified or modded apps: apps whose features and functionality have been altered by a third-party. We analyse over 146k (thousand) apps obtained from 13 of the most popular modded app markets. Around 90% of apps we collect are altered in some way when compared to the official counterparts on Google Play. Modifications include games cheats, such as infinite coins or lives; mainstream apps with premium features provided for free; and apps with modified advertising identifiers or excluded ads. We find the original app developers lose significant potential revenue due to: the provision of paid for apps for free (around 5% of the apps across all markets); the free availability of premium features that require payment in the official app; and modified advertising identifiers. While some modded apps have all trackers and ads removed (3%), in general, the installation of these apps is significantly more risky for the user than the official version: modded apps are ten times more likely to be marked as malicious and often request additional permissions.
△ Less
Submitted 15 February, 2024;
originally announced February 2024.
-
Pudding: Private User Discovery in Anonymity Networks
Authors:
Ceren Kocaoğullar,
Daniel Hugenroth,
Martin Kleppmann,
Alastair R. Beresford
Abstract:
Anonymity networks allow messaging with metadata privacy, providing better privacy than popular encrypted messaging applications. However, contacting a user on an anonymity network currently requires knowing their public key or similar high-entropy information, as these systems lack a privacy-preserving mechanism for contacting a user via a short, human-readable username. Previous research suggest…
▽ More
Anonymity networks allow messaging with metadata privacy, providing better privacy than popular encrypted messaging applications. However, contacting a user on an anonymity network currently requires knowing their public key or similar high-entropy information, as these systems lack a privacy-preserving mechanism for contacting a user via a short, human-readable username. Previous research suggests that this is a barrier to widespread adoption.
In this paper we propose Pudding, a novel private user discovery protocol that allows a user to be contacted on an anonymity network knowing only their email address. Our protocol hides contact relationships between users, prevents impersonation, and conceals which usernames are registered on the network. Pudding is Byzantine fault tolerant, remaining available and secure as long as less than one third of servers are crashed, unavailable, or malicious. It can be deployed on Loopix and Nym without changes to the underlying anonymity network protocol, and it supports mobile devices with intermittent network connectivity. We demonstrate the practicality of Pudding with a prototype using the Nym anonymity network. We also formally define the security and privacy goals of our protocol and conduct a thorough analysis to assess its compliance with these definitions.
△ Less
Submitted 17 November, 2023;
originally announced November 2023.
-
Australian Square Kilometre Array Pathfinder: I. System Description
Authors:
A. W. Hotan,
J. D. Bunton,
A. P. Chippendale,
M. Whiting,
J. Tuthill,
V. A. Moss,
D. McConnell,
S. W. Amy,
M. T. Huynh,
J. R. Allison,
C. S. Anderson,
K. W. Bannister,
E. Bastholm,
R. Beresford,
D. C. -J. Bock,
R. Bolton,
J. M. Chapman,
K. Chow,
J. D. Collier,
F. R. Cooray,
T. J. Cornwell,
P. J. Diamond,
P. G. Edwards,
I. J. Feain,
T. M. O. Franzen
, et al. (41 additional authors not shown)
Abstract:
In this paper we describe the system design and capabilities of the Australian Square Kilometre Array Pathfinder (ASKAP) radio telescope at the conclusion of its construction project and commencement of science operations. ASKAP is one of the first radio telescopes to deploy phased array feed (PAF) technology on a large scale, giving it an instantaneous field of view that covers 31 square degrees…
▽ More
In this paper we describe the system design and capabilities of the Australian Square Kilometre Array Pathfinder (ASKAP) radio telescope at the conclusion of its construction project and commencement of science operations. ASKAP is one of the first radio telescopes to deploy phased array feed (PAF) technology on a large scale, giving it an instantaneous field of view that covers 31 square degrees at 800 MHz. As a two-dimensional array of 36x12m antennas, with baselines ranging from 22m to 6km, ASKAP also has excellent snapshot imaging capability and 10 arcsecond resolution. This, combined with 288 MHz of instantaneous bandwidth and a unique third axis of rotation on each antenna, gives ASKAP the capability to create high dynamic range images of large sky areas very quickly. It is an excellent telescope for surveys between 700 MHz and 1800 MHz and is expected to facilitate great advances in our understanding of galaxy formation, cosmology and radio transients while opening new parameter space for discovery of the unknown.
△ Less
Submitted 2 February, 2021;
originally announced February 2021.
-
An ultra-wide bandwidth (704 to 4032 MHz) receiver for the Parkes radio telescope
Authors:
G. Hobbs,
R. N. Manchester,
A. Dunning,
A. Jameson,
P. Roberts,
D. George,
J. A. Green,
J. Tuthill,
L. Toomey,
J. F. Kaczmarek,
S. Mader,
M. Marquarding,
A. Ahmed,
S. W. Amy,
M. Bailes,
R. Beresford,
N. D. R. Bhat,
D. C. -J. Bock,
M. Bourne,
M. Bowen,
M. Brothers,
A. D. Cameron,
E. Carretti,
N. Carter,
S. Castillo
, et al. (47 additional authors not shown)
Abstract:
We describe an ultra-wide-bandwidth, low-frequency receiver ("UWL") recently installed on the Parkes radio telescope. The receiver system provides continuous frequency coverage from 704 to 4032 MHz. For much of the band (~60%) the system temperature is approximately 22K and the receiver system remains in a linear regime even in the presence of strong mobile phone transmissions. We discuss the scie…
▽ More
We describe an ultra-wide-bandwidth, low-frequency receiver ("UWL") recently installed on the Parkes radio telescope. The receiver system provides continuous frequency coverage from 704 to 4032 MHz. For much of the band (~60%) the system temperature is approximately 22K and the receiver system remains in a linear regime even in the presence of strong mobile phone transmissions. We discuss the scientific and technical aspects of the new receiver including its astronomical objectives, as well as the feed, receiver, digitiser and signal-processor design. We describe the pipeline routines that form the archive-ready data products and how those data files can be accessed from the archives. The system performance is quantified including the system noise and linearity, beam shape, antenna efficiency, polarisation calibration and timing stability.
△ Less
Submitted 2 November, 2019;
originally announced November 2019.
-
OpSets: Sequential Specifications for Replicated Datatypes (Extended Version)
Authors:
Martin Kleppmann,
Victor B. F. Gomes,
Dominic P. Mulligan,
Alastair R. Beresford
Abstract:
We introduce OpSets, an executable framework for specifying and reasoning about the semantics of replicated datatypes that provide eventual consistency in a distributed system, and for mechanically verifying algorithms that implement these datatypes. Our approach is simple but expressive, allowing us to succinctly specify a variety of abstract datatypes, including maps, sets, lists, text, graphs,…
▽ More
We introduce OpSets, an executable framework for specifying and reasoning about the semantics of replicated datatypes that provide eventual consistency in a distributed system, and for mechanically verifying algorithms that implement these datatypes. Our approach is simple but expressive, allowing us to succinctly specify a variety of abstract datatypes, including maps, sets, lists, text, graphs, trees, and registers. Our datatypes are also composable, enabling the construction of complex data structures. To demonstrate the utility of OpSets for analysing replication algorithms, we highlight an important correctness property for collaborative text editing that has traditionally been overlooked; algorithms that do not satisfy this property can exhibit awkward interleaving of text. We use OpSets to specify this correctness property and prove that although one existing replication algorithm satisfies this property, several other published algorithms do not. We also show how OpSets can be used to develop new replicated datatypes: we provide a simple specification of an atomic move operation for trees, an operation that had previously been thought to be impossible to implement without locking. We use the Isabelle/HOL proof assistant to formalise the OpSets approach and produce mechanised proofs of correctness of the main claims in this paper, thereby eliminating the ambiguity of previous informal approaches, and ruling out reasoning errors that could occur in handwritten proofs.
△ Less
Submitted 14 May, 2018; v1 submitted 11 May, 2018;
originally announced May 2018.
-
Intra-Library Collusion: A Potential Privacy Nightmare on Smartphones
Authors:
Vincent F. Taylor,
Alastair R. Beresford,
Ivan Martinovic
Abstract:
Smartphones contain a trove of sensitive personal data including our location, who we talk to, our habits, and our interests. Smartphone users trade access to this data by permitting apps to use it, and in return obtain functionality provided by the apps. In many cases, however, users fail to appreciate the scale or sensitivity of the data that they share with third-parties when they use apps. To…
▽ More
Smartphones contain a trove of sensitive personal data including our location, who we talk to, our habits, and our interests. Smartphone users trade access to this data by permitting apps to use it, and in return obtain functionality provided by the apps. In many cases, however, users fail to appreciate the scale or sensitivity of the data that they share with third-parties when they use apps. To this end, prior work has looked at the threat to privacy posed by apps and the third-party libraries that they embed. Prior work, however, fails to paint a realistic picture of the full threat to smartphone users, as it has typically examined apps and third-party libraries in isolation.
In this paper, we describe a novel and potentially devastating privilege escalation attack that can be performed by third-party libraries. This attack, which we call intra-library collusion, occurs when a single library embedded in more than one app on a device leverages the combined set of permissions available to it to pilfer sensitive user data. The possibility for intra-library collusion exists because libraries obtain the same privileges as their host app and popular libraries will likely be used by more than one app on a device.
Using a real-world dataset of over 30,000 smartphones, we find that many popular third-party libraries have the potential to aggregate significant sensitive data from devices by using intra-library collusion. We demonstrate that several popular libraries already collect enough data to facilitate this attack. Using historical data, we show that risks from intra-library collusion have increased significantly over the last two-and-a-half years. We conclude with recommendations for mitigating the aforementioned problems.
△ Less
Submitted 11 August, 2017;
originally announced August 2017.
-
Verifying Strong Eventual Consistency in Distributed Systems
Authors:
Victor B. F. Gomes,
Martin Kleppmann,
Dominic P. Mulligan,
Alastair R. Beresford
Abstract:
Data replication is used in distributed systems to maintain up-to-date copies of shared data across multiple computers in a network. However, despite decades of research, algorithms for achieving consistency in replicated systems are still poorly understood. Indeed, many published algorithms have later been shown to be incorrect, even some that were accompanied by supposed mechanised proofs of cor…
▽ More
Data replication is used in distributed systems to maintain up-to-date copies of shared data across multiple computers in a network. However, despite decades of research, algorithms for achieving consistency in replicated systems are still poorly understood. Indeed, many published algorithms have later been shown to be incorrect, even some that were accompanied by supposed mechanised proofs of correctness. In this work, we focus on the correctness of Conflict-free Replicated Data Types (CRDTs), a class of algorithm that provides strong eventual consistency guarantees for replicated data. We develop a modular and reusable framework in the Isabelle/HOL interactive proof assistant for verifying the correctness of CRDT algorithms. We avoid correctness issues that have dogged previous mechanised proofs in this area by including a network model in our formalisation, and proving that our theorems hold in all possible network behaviours. Our axiomatic network model is a standard abstraction that accurately reflects the behaviour of real-world computer networks. Moreover, we identify an abstract convergence theorem, a property of order relations, which provides a formal definition of strong eventual consistency. We then obtain the first machine-checked correctness theorems for three concrete CRDTs: the Replicated Growable Array, the Observed-Remove Set, and an Increment-Decrement Counter. We find that our framework is highly reusable, develo** proofs of correctness for the latter two CRDTs in a few hours and with relatively little CRDT-specific code.
△ Less
Submitted 29 August, 2017; v1 submitted 6 July, 2017;
originally announced July 2017.
-
A Conflict-Free Replicated JSON Datatype
Authors:
Martin Kleppmann,
Alastair R. Beresford
Abstract:
Many applications model their data in a general-purpose storage format such as JSON. This data structure is modified by the application as a result of user input. Such modifications are well understood if performed sequentially on a single copy of the data, but if the data is replicated and modified concurrently on multiple devices, it is unclear what the semantics should be. In this paper we pres…
▽ More
Many applications model their data in a general-purpose storage format such as JSON. This data structure is modified by the application as a result of user input. Such modifications are well understood if performed sequentially on a single copy of the data, but if the data is replicated and modified concurrently on multiple devices, it is unclear what the semantics should be. In this paper we present an algorithm and formal semantics for a JSON data structure that automatically resolves concurrent modifications such that no updates are lost, and such that all replicas converge towards the same state (a conflict-free replicated datatype or CRDT). It supports arbitrarily nested list and map types, which can be modified by insertion, deletion and assignment. The algorithm performs all merging client-side and does not depend on ordering guarantees from the network, making it suitable for deployment on mobile devices with poor network connectivity, in peer-to-peer networks, and in messaging systems with end-to-end encryption.
△ Less
Submitted 15 August, 2017; v1 submitted 13 August, 2016;
originally announced August 2016.
-
Testing a modified ASKAP Mark II phased array feed on the 64 m Parkes radio telescope
Authors:
A. P. Chippendale,
R. J. Beresford,
X. Deng,
M. Leach,
J. E. Reynolds,
M. Kramer,
T. Tzioumis
Abstract:
We present the first installation and characterization of a phased array feed (PAF) on the 64 m Parkes radio telescope. The combined system operates best between 0.8 GHz and 1.74 GHz where the beamformed noise temperature is between 45 K and 60 K, the aperture efficiency ranges from 70% to 80%, and the effective field of view is 1.4 deg$^2$ at 1310 MHz. After a 6-month trial observing program at P…
▽ More
We present the first installation and characterization of a phased array feed (PAF) on the 64 m Parkes radio telescope. The combined system operates best between 0.8 GHz and 1.74 GHz where the beamformed noise temperature is between 45 K and 60 K, the aperture efficiency ranges from 70% to 80%, and the effective field of view is 1.4 deg$^2$ at 1310 MHz. After a 6-month trial observing program at Parkes, the PAF will be installed on the 100 m antenna at Effelsberg. This is the first time a PAF has been installed on a large single-antenna radio telescope and made available to astronomers.
△ Less
Submitted 10 June, 2016;
originally announced June 2016.
-
Measured Aperture-Array Noise Temperature of the Mark II Phased Array Feed for ASKAP
Authors:
A. P. Chippendale,
A. J. Brown,
R. J. Beresford,
G. A. Hampson,
R. D. Shaw,
D. B. Hayman,
A. Macleod,
A. R. Forsyth,
S. G. Hay,
M. Leach,
C. Cantrall,
M. L. Brothers,
A. W. Hotan
Abstract:
We have measured the aperture-array noise temperature of the first Mk. II phased array feed that CSIRO has built for the Australian Square Kilometre Array Pathfinder telescope. As an aperture array, the Mk. II phased array feed achieves a beam equivalent noise temperature less than 40 K from 0.78 GHz to 1.7 GHz and less than 50 K from 0.7 GHz to 1.8 GHz for a boresight beam directed at the zenith.…
▽ More
We have measured the aperture-array noise temperature of the first Mk. II phased array feed that CSIRO has built for the Australian Square Kilometre Array Pathfinder telescope. As an aperture array, the Mk. II phased array feed achieves a beam equivalent noise temperature less than 40 K from 0.78 GHz to 1.7 GHz and less than 50 K from 0.7 GHz to 1.8 GHz for a boresight beam directed at the zenith. We believe these are the lowest reported noise temperatures over these frequency ranges for ambient-temperature phased arrays. The measured noise temperature includes receiver electronics noise, ohmic losses in the array, and stray radiation from sidelobes illuminating the sky and ground away from the desired field of view. This phased array feed was designed for the Australian Square Kilometre Array Pathfinder to demonstrate fast astronomical surveys with a wide field of view for the Square Kilometre Array.
△ Less
Submitted 6 November, 2015; v1 submitted 17 September, 2015;
originally announced September 2015.
-
Measured Sensitivity of the First Mark II Phased Array Feed on an ASKAP Antenna
Authors:
A. P. Chippendale,
A. J. Brown,
R. J. Beresford,
G. A. Hampson,
A. Macleod,
R. D. Shaw,
M. L. Brothers,
C. Cantrall,
A. R. Forsyth,
S. G. Hay,
M. Leach
Abstract:
This paper presents the measured sensitivity of CSIRO's first Mk. II phased array feed (PAF) on an ASKAP antenna. The Mk. II achieves a minimum system-temperature-over-efficiency $T_\mathrm{sys}/η$ of 78 K at 1.23 GHz and is 95 K or better from 835 MHz to 1.8 GHz. This PAF was designed for the Australian SKA Pathfinder telescope to demonstrate fast astronomical surveys with a wide field of view fo…
▽ More
This paper presents the measured sensitivity of CSIRO's first Mk. II phased array feed (PAF) on an ASKAP antenna. The Mk. II achieves a minimum system-temperature-over-efficiency $T_\mathrm{sys}/η$ of 78 K at 1.23 GHz and is 95 K or better from 835 MHz to 1.8 GHz. This PAF was designed for the Australian SKA Pathfinder telescope to demonstrate fast astronomical surveys with a wide field of view for the Square Kilometre Array (SKA).
△ Less
Submitted 1 September, 2015;
originally announced September 2015.
-
The Australian Square Kilometre Array Pathfinder: System Architecture and Specifications of the Boolardy Engineering Test Array
Authors:
A. W. Hotan,
J. D. Bunton,
L. Harvey-Smith,
B. Humphreys,
B. D. Jeffs,
T. Shimwell,
J. Tuthill,
M. Voronkov,
G. Allen,
S. Amy,
K. Ardern,
P. Axtens,
L. Ball,
K. Bannister,
S. Barker,
T. Bateman,
R. Beresford,
D. Bock,
R. Bolton,
M. Bowen,
B. Boyle,
R. Braun,
S. Broadhurst,
D. Brodrick,
K. Brooks
, et al. (76 additional authors not shown)
Abstract:
This paper describes the system architecture of a newly constructed radio telescope - the Boolardy Engineering Test Array, which is a prototype of the Australian Square Kilometre Array Pathfinder telescope. Phased array feed technology is used to form multiple simultaneous beams per antenna, providing astronomers with unprecedented survey speed. The test array described here is a 6-antenna interfe…
▽ More
This paper describes the system architecture of a newly constructed radio telescope - the Boolardy Engineering Test Array, which is a prototype of the Australian Square Kilometre Array Pathfinder telescope. Phased array feed technology is used to form multiple simultaneous beams per antenna, providing astronomers with unprecedented survey speed. The test array described here is a 6-antenna interferometer, fitted with prototype signal processing hardware capable of forming at least 9 dual-polarisation beams simultaneously, allowing several square degrees to be imaged in a single pointed observation. The main purpose of the test array is to develop beamforming and wide-field calibration methods for use with the full telescope, but it will also be capable of limited early science demonstrations.
△ Less
Submitted 4 September, 2014;
originally announced September 2014.
-
Proceedings Second International Workshop on Programming Language Approaches to Concurrency and Communication-cEntric Software
Authors:
Alastair R. Beresford,
Simon Gay
Abstract:
The Second International Workshop on Programming Language Approaches to Concurrency and Communication-cEntric Software (PLACES) was co-located with ETAPS 2009 in the city of York, England. The workshop took place on Sunday 22nd March 2009. The workshop focused on the challenges raised by the changing landscape of computer software. Traditionally, most software was written for a single computer w…
▽ More
The Second International Workshop on Programming Language Approaches to Concurrency and Communication-cEntric Software (PLACES) was co-located with ETAPS 2009 in the city of York, England. The workshop took place on Sunday 22nd March 2009. The workshop focused on the challenges raised by the changing landscape of computer software. Traditionally, most software was written for a single computer with one CPU. However applications on the web today are built using numerous interacting services deployed on across many machines; soon off-the-shelf CPUs will host thousands of cores, and sensor networks will be composed from a large number of processing units. Many normal applications will soon need to make effective use of thousands of computing nodes. At some level of granularity, computation in such systems will be inherently concurrent and communication-centred.
The development of effective programming methodologies for the coming computing paradigm demands exploration and understanding of a wide variety of ideas and techniques. This workshop offered a forum where researchers from different fields could exchange new ideas on one of the central challenges for programming in the near future, the development of programming methodologies and infrastructures where concurrency and distribution are the norm rather than a marginal concern.
△ Less
Submitted 6 February, 2010;
originally announced February 2010.