-
Automatic Detection of Fake Key Attacks in Secure Messaging
Authors:
Tarun Kumar Yadav,
Devashish Gosain,
Amir Herzberg,
Daniel Zappala,
Kent Seamons
Abstract:
Popular instant messaging applications such as WhatsApp and Signal provide end-to-end encryption for billions of users. They rely on a centralized, application-specific server to distribute public keys and relay encrypted messages between the users. Therefore, they prevent passive attacks but are vulnerable to some active attacks. A malicious or hacked server can distribute fake keys to users to p…
▽ More
Popular instant messaging applications such as WhatsApp and Signal provide end-to-end encryption for billions of users. They rely on a centralized, application-specific server to distribute public keys and relay encrypted messages between the users. Therefore, they prevent passive attacks but are vulnerable to some active attacks. A malicious or hacked server can distribute fake keys to users to perform man-in-the-middle or impersonation attacks. While typical secure messaging applications provide a manual method for users to detect these attacks, this burdens users, and studies show it is ineffective in practice. This paper presents KTACA, a completely automated approach for key verification that is oblivious to users and easy to deploy. We motivate KTACA by designing two approaches to automatic key verification. One approach uses client auditing (KTCA) and the second uses anonymous key monitoring (AKM). Both have relatively inferior security properties, leading to KTACA, which combines these approaches to provide the best of both worlds. We provide a security analysis of each defense, identifying which attacks they can automatically detect. We implement the active attacks to demonstrate they are possible, and we also create a prototype implementation of all the defenses to measure their performance and confirm their feasibility. Finally, we discuss the strengths and weaknesses of each defense, the overhead on clients and service providers, and deployment considerations.
△ Less
Submitted 18 October, 2022;
originally announced October 2022.
-
Botnets Breaking Transformers: Localization of Power Botnet Attacks Against the Distribution Grid
Authors:
Lynn Pepin,
Lizhi Wang,
Jiangwei Wang,
Songyang Han,
Pranav Pishawikar,
Amir Herzberg,
Peng Zhang,
Fei Miao
Abstract:
Traditional botnet attacks leverage large and distributed numbers of compromised internet-connected devices to target and overwhelm other devices with internet packets. With increasing consumer adoption of high-wattage internet-facing "smart devices", a new "power botnet" attack emerges, where such devices are used to target and overwhelm power grid devices with unusual load demand. We introduce a…
▽ More
Traditional botnet attacks leverage large and distributed numbers of compromised internet-connected devices to target and overwhelm other devices with internet packets. With increasing consumer adoption of high-wattage internet-facing "smart devices", a new "power botnet" attack emerges, where such devices are used to target and overwhelm power grid devices with unusual load demand. We introduce a variant of this attack, the power-botnet weardown-attack, which does not intend to cause blackouts or short-term acute instability, but instead forces expensive mechanical components to activate more frequently, necessitating costly replacements / repairs. Specifically, we target the on-load tap-changer (OLTC) transformer, which uses a mechanical switch that responds to change in load demand. In our analysis and simulations, these attacks can halve the lifespan of an OLTC, or in the most extreme cases, reduce it to $2.5\%$ of its original lifespan. Notably, these power botnets are composed of devices not connected to the internal SCADA systems used to control power grids. This represents a new internet-based cyberattack that targets the power grid from the outside. To help the power system to mitigate these types of botnet attacks, we develop attack-localization strategies. We formulate the problem as a supervised machine learning task to locate the source of power botnet attacks. Within a simulated environment, we generate the training and testing dataset to evaluate several machine learning algorithm based localization methods, including SVM, neural network and decision tree. We show that decision-tree based classification successfully identifies power botnet attacks and locates compromised devices with at least $94\%$ improvement of accuracy over a baseline "most-frequent" classifier.
△ Less
Submitted 18 March, 2022;
originally announced March 2022.
-
Securing Smartphones: A Micro-TCB Approach
Authors:
Yossi Gilad,
Amir Herzberg,
Ari Trachtenberg
Abstract:
As mobile phones have evolved into `smartphones', with complex operating systems running third- party software, they have become increasingly vulnerable to malicious applications (malware). We introduce a new design for mitigating malware attacks against smartphone users, based on a small trusted computing base module, denoted uTCB. The uTCB manages sensitive data and sensors, and provides core se…
▽ More
As mobile phones have evolved into `smartphones', with complex operating systems running third- party software, they have become increasingly vulnerable to malicious applications (malware). We introduce a new design for mitigating malware attacks against smartphone users, based on a small trusted computing base module, denoted uTCB. The uTCB manages sensitive data and sensors, and provides core services to applications, independently of the operating system. The user invokes uTCB using a simple secure attention key, which is pressed in order to validate physical possession of the device and authorize a sensitive action; this protects private information even if the device is infected with malware. We present a proof-of-concept implementation of uTCB based on ARM's TrustZone, a secure execution environment increasingly found in smartphones, and evaluate our implementation using simulations.
△ Less
Submitted 29 January, 2014;
originally announced January 2014.
-
Ethical Considerations when Employing Fake Identities in OSN for Research
Authors:
Yuval Elovici,
Michael Fire,
Amir Herzberg,
Haya Shulman
Abstract:
Online Social Networks (OSNs) have rapidly become a prominent and widely used service, offering a wealth of personal and sensitive information with significant security and privacy implications. Hence, OSNs are also an important - and popular - subject for research. To perform research based on real-life evidence, however, researchers may need to access OSN data, such as texts and files uploaded b…
▽ More
Online Social Networks (OSNs) have rapidly become a prominent and widely used service, offering a wealth of personal and sensitive information with significant security and privacy implications. Hence, OSNs are also an important - and popular - subject for research. To perform research based on real-life evidence, however, researchers may need to access OSN data, such as texts and files uploaded by users and connections among users. This raises significant ethical problems. Currently, there are no clear ethical guidelines, and researchers may end up (unintentionally) performing ethically questionable research, sometimes even when more ethical research alternatives exist. For example, several studies have employed `fake identities` to collect data from OSNs, but fake identities may be used for attacks and are considered a security issue. Is it legitimate to use fake identities for studying OSNs or for collecting OSN data for research? We present a taxonomy of the ethical challenges facing researchers of OSNs and compare different approaches. We demonstrate how ethical considerations have been taken into account in previous studies that used fake identities. In addition, several possible approaches are offered to reduce or avoid ethical misconducts. We hope this work will stimulate the development and use of ethical practices and methods in the research of online social networks.
△ Less
Submitted 6 October, 2013;
originally announced October 2013.
-
Off-Path Hacking: The Illusion of Challenge-Response Authentication
Authors:
Yossi Gilad,
Amir Herzberg,
Haya Shulman
Abstract:
Everyone is concerned about the Internet security, yet most traffic is not cryptographically protected. The usual justification is that most attackers are only off-path and cannot intercept traffic; hence, challenge-response mechanisms suffice to ensure authenticity. Usually, the challenges re-use existing `unpredictable' header fields to protect widely-deployed protocols such as TCP and DNS. We a…
▽ More
Everyone is concerned about the Internet security, yet most traffic is not cryptographically protected. The usual justification is that most attackers are only off-path and cannot intercept traffic; hence, challenge-response mechanisms suffice to ensure authenticity. Usually, the challenges re-use existing `unpredictable' header fields to protect widely-deployed protocols such as TCP and DNS. We argue that this practice may often only give an illusion of security. We present recent off-path TCP injection and DNS poisoning attacks, enabling attackers to circumvent existing challenge-response defenses. Both TCP and DNS attacks are non-trivial, yet very efficient and practical. The attacks foil widely deployed security mechanisms, such as the Same Origin Policy, and allow a wide range of exploits, e.g., long-term caching of malicious objects and scripts. We hope that this article will motivate adoption of cryptographic mechanisms such as SSL/TLS, IPsec and DNSSEC, and of correct, secure challenge-response mechanisms.
△ Less
Submitted 3 May, 2013;
originally announced May 2013.
-
Unilateral Antidotes to DNS Cache Poisoning
Authors:
Amir Herzberg,
Haya Shulman
Abstract:
We investigate defenses against DNS cache poisoning focusing on mechanisms that can be readily deployed unilaterally by the resolving organisation, preferably in a single gateway or a proxy. DNS poisoning is (still) a major threat to Internet security; determined spoofing attackers are often able to circumvent currently deployed antidotes such as port randomisation. The adoption of DNSSEC, which w…
▽ More
We investigate defenses against DNS cache poisoning focusing on mechanisms that can be readily deployed unilaterally by the resolving organisation, preferably in a single gateway or a proxy. DNS poisoning is (still) a major threat to Internet security; determined spoofing attackers are often able to circumvent currently deployed antidotes such as port randomisation. The adoption of DNSSEC, which would foil DNS poisoning, remains a long-term challenge. We discuss limitations of the prominent resolver-only defenses, mainly port and IP randomisation, 0x20 encoding and birthday protection. We then present two new (unilateral) defenses: the sandwich antidote and the NAT antidote. The defenses are simple, effective and efficient, and can be implemented in a gateway connecting the resolver to the Internet. The sandwich antidote is composed of two phases: poisoning-attack detection and then prevention. The NAT antidote adds entropy to DNS requests by switching the resolver's IP address to a random address (belonging to the same autonomous system). Finally, we show how to implement the birthday protection mechanism in the gateway, thus allowing to restrict the number of DNS requests with the same query to 1 even when the resolver does not support this.
△ Less
Submitted 7 September, 2012;
originally announced September 2012.
-
TCP Injections for Fun and Clogging
Authors:
Yossi Gilad,
Amir Herzberg
Abstract:
We present a new type of clogging DoS attacks, with the highest amplification factors achieved by off-path attackers, using only puppets, i.e., sandboxed malware on victim machines. Specifically, we present off-path variants of the Opt-ack, Ack-storm and Coremelt DoS attacks, achieving results comparable to these achieved previously achieved by eavesdrop**/MitM attackers and (unrestricted) malwa…
▽ More
We present a new type of clogging DoS attacks, with the highest amplification factors achieved by off-path attackers, using only puppets, i.e., sandboxed malware on victim machines. Specifically, we present off-path variants of the Opt-ack, Ack-storm and Coremelt DoS attacks, achieving results comparable to these achieved previously achieved by eavesdrop**/MitM attackers and (unrestricted) malware. In contrast to previous off-path attacks, which attacked the client (machine) running the malware, our attacks address a very different goal: large-scale clogging DoS of a third party, or even of backbone connections.
Our clogging attacks are based on off-path TCP injections. Indeed, as an additional contribution, we present improved off-path TCP injection attacks. Our new attacks significantly relax the requirements cf. to the known attacks; specifically, our injection attack requires only a Java script in browser sandbox (not 'restricted malware'), does not depend on specific operating system properties, and is efficient even when client's port is determined using recommended algorithm. Our attacks are constructed modularly, allowing reuse of modules for other scenarios and replacing modules as necessary. We present specific defenses, however, this work is further proof to the need to base security on sound foundations, using cryptography to provide security even against MitM attackers.
△ Less
Submitted 11 August, 2012;
originally announced August 2012.
-
Security of Patched DNS
Authors:
Amir Herzberg,
Haya Shulman
Abstract:
In spite of the availability of DNSSEC, which protects against cache poisoning even by MitM attackers, many caching DNS resolvers still rely for their security against poisoning on merely validating that DNS responses contain some 'unpredictable' values, copied from the re- quest. These values include the 16 bit identifier field, and other fields, randomised and validated by different 'patches' to…
▽ More
In spite of the availability of DNSSEC, which protects against cache poisoning even by MitM attackers, many caching DNS resolvers still rely for their security against poisoning on merely validating that DNS responses contain some 'unpredictable' values, copied from the re- quest. These values include the 16 bit identifier field, and other fields, randomised and validated by different 'patches' to DNS. We investigate the prominent patches, and show how attackers can circumvent all of them, namely: - We show how attackers can circumvent source port randomisation, in the (common) case where the resolver connects to the Internet via different NAT devices. - We show how attackers can circumvent IP address randomisation, using some (standard-conforming) resolvers. - We show how attackers can circumvent query randomisation, including both randomisation by prepending a random nonce and case randomisation (0x20 encoding). We present countermeasures preventing our attacks; however, we believe that our attacks provide additional motivation for adoption of DNSSEC (or other MitM-secure defenses).
△ Less
Submitted 23 May, 2012;
originally announced May 2012.
-
Fragmentation Considered Poisonous
Authors:
Amir Herzberg,
Haya Shulman
Abstract:
We present practical poisoning and name-server block- ing attacks on standard DNS resolvers, by off-path, spoofing adversaries. Our attacks exploit large DNS responses that cause IP fragmentation; such long re- sponses are increasingly common, mainly due to the use of DNSSEC. In common scenarios, where DNSSEC is partially or incorrectly deployed, our poisoning attacks allow 'com- plete' domain hij…
▽ More
We present practical poisoning and name-server block- ing attacks on standard DNS resolvers, by off-path, spoofing adversaries. Our attacks exploit large DNS responses that cause IP fragmentation; such long re- sponses are increasingly common, mainly due to the use of DNSSEC. In common scenarios, where DNSSEC is partially or incorrectly deployed, our poisoning attacks allow 'com- plete' domain hijacking. When DNSSEC is fully de- ployed, attacker can force use of fake name server; we show exploits of this allowing off-path traffic analy- sis and covert channel. When using NSEC3 opt-out, attacker can also create fake subdomains, circumvent- ing same origin restrictions. Our attacks circumvent resolver-side defenses, e.g., port randomisation, IP ran- domisation and query randomisation. The (new) name server (NS) blocking attacks force re- solver to use specific name server. This attack allows Degradation of Service, traffic-analysis and covert chan- nel, and also facilitates DNS poisoning. We validated the attacks using standard resolver soft- ware and standard DNS name servers and zones, e.g., org.
△ Less
Submitted 17 May, 2012;
originally announced May 2012.
-
Off-Path Attacking the Web
Authors:
Yossi Gilad,
Amir Herzberg
Abstract:
We show how an off-path (spoofing-only) attacker can perform cross-site scripting (XSS), cross-site request forgery (CSRF) and site spoofing/defacement attacks, without requiring vulnerabilities in either web-browser or server and circumventing known defenses. Attacker can also launch devastating denial of service (DoS) attacks, even when the connection between the client and the server is secured…
▽ More
We show how an off-path (spoofing-only) attacker can perform cross-site scripting (XSS), cross-site request forgery (CSRF) and site spoofing/defacement attacks, without requiring vulnerabilities in either web-browser or server and circumventing known defenses. Attacker can also launch devastating denial of service (DoS) attacks, even when the connection between the client and the server is secured with SSL/TLS. The attacks are practical and require a puppet (malicious script in browser sandbox) running on a the victim client machine, and attacker capable of IP-spoofing on the Internet. Our attacks use a technique allowing an off-path attacker to learn the sequence numbers of both client and server in a TCP connection. The technique exploits the fact that many computers, in particular those running Windows, use a global IP-ID counter, which provides a side channel allowing efficient exposure of the connection sequence numbers. We present results of experiments evaluating the learning technique and the attacks that exploit it. Finally, we present practical defenses that can be deployed at the firewall level; no changes to existing TCP/IP stacks are required.
△ Less
Submitted 30 April, 2012;
originally announced April 2012.
-
Stealth-MITM DoS Attacks on Secure Channels
Authors:
Amir Herzberg,
Haya Shulman
Abstract:
We define stealth Man-in-the-Middle adversaries, and analyse their ability to launch denial and degradation of service (DoS) attacks on secure channels. We show realistic attacks, disrupting TCP communication over secure VPNs using IPsec. We present:
First amplifying DoS attack on IPsec, when deployed without anti-replay window.
First amplifying attack on IPsec, when deployed with a `small'…
▽ More
We define stealth Man-in-the-Middle adversaries, and analyse their ability to launch denial and degradation of service (DoS) attacks on secure channels. We show realistic attacks, disrupting TCP communication over secure VPNs using IPsec. We present:
First amplifying DoS attack on IPsec, when deployed without anti-replay window.
First amplifying attack on IPsec, when deployed with a `small' anti-replay window, and analysis of `sufficient' window size.
First amplifying attack on IPsec, when deployed with `sufficient' window size. This attack (as the previous) is realistic: attacker needs only to duplicate and speed-up few packets.
We also suggest a solution designed to prevent the presented attacks, and to provide secure channel immune to degradation and other DoS attacks. Our solution involves changes (only) to the two gateway machines running IPsec.
In addition to their practical importance, our results also raise the challenge of formally defining secure channels immune to DoS and degradation attacks, and providing provably-secure implementations.
△ Less
Submitted 19 October, 2009;
originally announced October 2009.