-
Passwords Are Meant to Be Secret: A Practical Secure Password Entry Channel for Web Browsers
Authors:
Anuj Gautam,
Tarun Kumar Yadav,
Kent Seamons,
Scott Ruoti
Abstract:
Password-based authentication faces various security and usability issues. Password managers help alleviate some of these issues by enabling users to manage their passwords effectively. However, malicious client-side scripts and browser extensions can steal passwords after they have been autofilled by the manager into the web page. In this paper, we explore what role the password manager can take…
▽ More
Password-based authentication faces various security and usability issues. Password managers help alleviate some of these issues by enabling users to manage their passwords effectively. However, malicious client-side scripts and browser extensions can steal passwords after they have been autofilled by the manager into the web page. In this paper, we explore what role the password manager can take in preventing the theft of autofilled credentials without requiring a change to user behavior. To this end, we identify a threat model for password exfiltration and then use this threat model to explore the design space for secure password entry implemented using a password manager. We identify five potential designs that address this issue, each with varying security and deployability tradeoffs. Our analysis shows the design that best balances security and usability is for the manager to autofill a fake password and then rely on the browser to replace the fake password with the actual password immediately before the web request is handed over to the operating system to be transmitted over the network. This removes the ability for malicious client-side scripts or browser extensions to access and exfiltrate the real password. We implement our design in the Firefox browser and conduct experiments, which show that it successfully thwarts malicious scripts and extensions on 97\% of the Alexa top 1000 websites, while also maintaining the capability to revert to default behavior on the remaining websites, avoiding functionality regressions. Most importantly, this design is transparent to users, requiring no change to user behavior.
△ Less
Submitted 8 February, 2024;
originally announced February 2024.
-
InfoGuard: A Design and Usability Study of User-Controlled Application-Independent Encryption for Privacy-Conscious Users
Authors:
Tarun Yadav,
Austin Cook,
Justin Hales,
Kent Seamons
Abstract:
Billions of secure messaging users have adopted end-to-end encryption (E2EE). Nevertheless, challenges remain. Most communication applications do not provide E2EE, and application silos prevent interoperability. Our qualitative analysis of privacy-conscious users' discussions of E2EE on Reddit reveals concerns about trusting client applications with plaintext, lack of clear indicators about how en…
▽ More
Billions of secure messaging users have adopted end-to-end encryption (E2EE). Nevertheless, challenges remain. Most communication applications do not provide E2EE, and application silos prevent interoperability. Our qualitative analysis of privacy-conscious users' discussions of E2EE on Reddit reveals concerns about trusting client applications with plaintext, lack of clear indicators about how encryption works, high cost to switch apps, and concerns that most apps are not open source. We propose InfoGuard, a system enabling E2EE for user-to-user communication in any application. InfoGuard allows users to trigger encryption on any textbox, even if the application does not support E2EE. InfoGuard encrypts text before it reaches the application, eliminating the client app's access to plaintext. InfoGuard also incorporates visible encryption to make it easier for users to understand that their data is being encrypted and give them greater confidence in the system's security. The design enables fine-grained encryption, allowing specific sensitive data items to be encrypted while the rest remains visible to the server. Participants in our user study found InfoGuard usable and trustworthy, expressing a willingness to adopt it.
△ Less
Submitted 1 November, 2023;
originally announced November 2023.
-
A Security and Usability Analysis of Local Attacks Against FIDO2
Authors:
Tarun Kumar Yadav,
Kent Seamons
Abstract:
The FIDO2 protocol aims to strengthen or replace password authentication using public-key cryptography. FIDO2 has primarily focused on defending against attacks from afar by remote attackers that compromise a password or attempt to phish the user. In this paper, we explore threats from local attacks on FIDO2 that have received less attention -- a browser extension compromise and attackers gaining…
▽ More
The FIDO2 protocol aims to strengthen or replace password authentication using public-key cryptography. FIDO2 has primarily focused on defending against attacks from afar by remote attackers that compromise a password or attempt to phish the user. In this paper, we explore threats from local attacks on FIDO2 that have received less attention -- a browser extension compromise and attackers gaining physical access to an HSK. Our systematic analysis of current implementations of FIDO2 reveals four underlying flaws, and we demonstrate the feasibility of seven attacks that exploit those flaws. The flaws include (1) Lack of confidentiality/integrity of FIDO2 messages accessible to browser extensions, (2) Broken clone detection algorithm, (3) Potential for user misunderstanding from social engineering and notification/error messages, and (4) Cookie life cycle. We build malicious browser extensions and demonstrate the attacks on ten popular web servers that use FIDO2. We also show that many browser extensions have sufficient permissions to conduct the attacks if they were compromised. A static and dynamic analysis of current browser extensions finds no evidence of the attacks in the wild. We conducted two user studies confirming that participants do not detect the attacks with current error messages, email notifications, and UX responses to the attacks. We provide an improved clone detection algorithm and recommendations for relying part
△ Less
Submitted 5 August, 2023;
originally announced August 2023.
-
Agreeing and Disagreeing in Collaborative Knowledge Graph Construction: An Analysis of Wikidata
Authors:
Elisavet Koutsiana,
Tushita Yadav,
Nitisha Jain,
Albert Meroño-Peñuela,
Elena Simperl
Abstract:
In this work, we study disagreement in discussions around Wikidata, an online knowledge community that builds the data backend of Wikipedia. Discussions are important in collaborative work as they can increase contributor performance and encourage the emergence of shared norms and practices. While disagreements can play a productive role in discussions, they can also lead to conflicts and controve…
▽ More
In this work, we study disagreement in discussions around Wikidata, an online knowledge community that builds the data backend of Wikipedia. Discussions are important in collaborative work as they can increase contributor performance and encourage the emergence of shared norms and practices. While disagreements can play a productive role in discussions, they can also lead to conflicts and controversies, which impact contributor well-being and their motivation to engage. We want to understand if and when such phenomena arise in Wikidata, using a mix of quantitative and qualitative analyses to identify the types of topics people disagree about, the most common patterns of interaction, and roles people play when arguing for or against an issue. We find that decisions to create Wikidata properties are much faster than those to delete properties and that more than half of controversial discussions do not lead to consensus. Our analysis suggests that Wikidata is an inclusive community, considering different opinions when making decisions, and that conflict and vandalism are rare in discussions. At the same time, while one-fourth of the editors participating in controversial discussions contribute with legit and insightful opinions about Wikidata's emerging issues, they do not remain engaged in the discussions. We hope our findings will help Wikidata support community decision making, and improve discussion tools and practices.
△ Less
Submitted 20 June, 2023;
originally announced June 2023.
-
Automatic Detection of Fake Key Attacks in Secure Messaging
Authors:
Tarun Kumar Yadav,
Devashish Gosain,
Amir Herzberg,
Daniel Zappala,
Kent Seamons
Abstract:
Popular instant messaging applications such as WhatsApp and Signal provide end-to-end encryption for billions of users. They rely on a centralized, application-specific server to distribute public keys and relay encrypted messages between the users. Therefore, they prevent passive attacks but are vulnerable to some active attacks. A malicious or hacked server can distribute fake keys to users to p…
▽ More
Popular instant messaging applications such as WhatsApp and Signal provide end-to-end encryption for billions of users. They rely on a centralized, application-specific server to distribute public keys and relay encrypted messages between the users. Therefore, they prevent passive attacks but are vulnerable to some active attacks. A malicious or hacked server can distribute fake keys to users to perform man-in-the-middle or impersonation attacks. While typical secure messaging applications provide a manual method for users to detect these attacks, this burdens users, and studies show it is ineffective in practice. This paper presents KTACA, a completely automated approach for key verification that is oblivious to users and easy to deploy. We motivate KTACA by designing two approaches to automatic key verification. One approach uses client auditing (KTCA) and the second uses anonymous key monitoring (AKM). Both have relatively inferior security properties, leading to KTACA, which combines these approaches to provide the best of both worlds. We provide a security analysis of each defense, identifying which attacks they can automatically detect. We implement the active attacks to demonstrate they are possible, and we also create a prototype implementation of all the defenses to measure their performance and confirm their feasibility. Finally, we discuss the strengths and weaknesses of each defense, the overhead on clients and service providers, and deployment considerations.
△ Less
Submitted 18 October, 2022;
originally announced October 2022.
-
Variational Inference with Latent Space Quantization for Adversarial Resilience
Authors:
Vinay Kyatham,
Mayank Mishra,
Tarun Kumar Yadav,
Deepak Mishra,
Prathosh AP
Abstract:
Despite their tremendous success in modelling high-dimensional data manifolds, deep neural networks suffer from the threat of adversarial attacks - Existence of perceptually valid input-like samples obtained through careful perturbation that lead to degradation in the performance of the underlying model. Major concerns with existing defense mechanisms include non-generalizability across different…
▽ More
Despite their tremendous success in modelling high-dimensional data manifolds, deep neural networks suffer from the threat of adversarial attacks - Existence of perceptually valid input-like samples obtained through careful perturbation that lead to degradation in the performance of the underlying model. Major concerns with existing defense mechanisms include non-generalizability across different attacks, models and large inference time. In this paper, we propose a generalized defense mechanism capitalizing on the expressive power of regularized latent space based generative models. We design an adversarial filter, devoid of access to classifier and adversaries, which makes it usable in tandem with any classifier. The basic idea is to learn a Lipschitz constrained map** from the data manifold, incorporating adversarial perturbations, to a quantized latent space and re-map it to the true data manifold. Specifically, we simultaneously auto-encode the data manifold and its perturbations implicitly through the perturbations of the regularized and quantized generative latent space, realized using variational inference. We demonstrate the efficacy of the proposed formulation in providing resilience against multiple attack types (black and white box) and methods, while being almost real-time. Our experiments show that the proposed method surpasses the state-of-the-art techniques in several cases.
△ Less
Submitted 6 September, 2019; v1 submitted 24 March, 2019;
originally announced March 2019.
-
Identification of Bugs and Vulnerabilities in TLS Implementation for Windows Operating System Using State Machine Learning
Authors:
Tarun Yadav,
Koustav Sadhukhan
Abstract:
TLS protocol is an essential part of secure Internet communication. In past, many attacks have been identified on the protocol. Most of these attacks are due to flaws in protocol implementation. The flaws are due to improper design and implementation of program logic by programmers. One of the widely used implementation of TLS is SChannel which is used in Windows operating system since its incepti…
▽ More
TLS protocol is an essential part of secure Internet communication. In past, many attacks have been identified on the protocol. Most of these attacks are due to flaws in protocol implementation. The flaws are due to improper design and implementation of program logic by programmers. One of the widely used implementation of TLS is SChannel which is used in Windows operating system since its inception. We have used protocol state fuzzing to identify vulnerable and undesired state transitions in the state machine of the protocol for various versions of SChannel. The client as well as server components have been analyzed thoroughly using this technique and various flaws have been discovered in the implementation. Exploitation of these flaws under specific circumstances may lead to serious attacks which could disrupt secure communication. In this paper, we analyze state machine models of TLS protocol implementation of SChannel library and describe weaknesses and design flaws in these models, found using protocol state fuzzing.
△ Less
Submitted 20 February, 2019;
originally announced February 2019.
-
Where The Light Gets In: Analyzing Web Censorship Mechanisms in India
Authors:
Tarun Kumar Yadav,
Akshat Sinha,
Devashish Gosain,
Piyush Sharma,
Sambuddho Chakravarty
Abstract:
This paper presents a detailed study of the Internet censorship in India. We consolidated a list of potentially blocked websites from various public sources to assess censorship mechanisms used by nine major ISPs. To begin with, we demonstrate that existing censorship detection tools like OONI are grossly inaccurate. We thus developed various techniques and heuristics to correctly assess censorshi…
▽ More
This paper presents a detailed study of the Internet censorship in India. We consolidated a list of potentially blocked websites from various public sources to assess censorship mechanisms used by nine major ISPs. To begin with, we demonstrate that existing censorship detection tools like OONI are grossly inaccurate. We thus developed various techniques and heuristics to correctly assess censorship and study the underlying mechanism involved in these ISPs. At every step we corroborated our finding manually to test the efficacy of our approach, a step largely ignored by others. We fortify our findings by adjudging the coverage and consistency of censorship infrastructure, broadly in terms of average number of network paths and requested domains the infrastructure surveils. Our results indicate a clear disparity among the ISPs, on how they install censorship infrastructure. For instance, in Idea network we observed the censorious middleboxes on over 90% of our tested intra-AS paths whereas for Vodafone, it is as low as 2.5%. We conclude our research by devising our own novel anti-censorship strategies, that does not depend on third party tools (like proxies, Tor and VPNs etc.). We managed to anti-censor all blocked websites in all ISPs under test.
△ Less
Submitted 5 August, 2018;
originally announced August 2018.
-
Technical Aspects of Cyber Kill Chain
Authors:
Tarun Yadav,
Rao Arvind Mallari
Abstract:
Recent trends in targeted cyber-attacks has increased the interest of research in the field of cyber security. Such attacks have massive disruptive effects on rganizations, enterprises and governments. Cyber kill chain is a model to describe cyber-attacks so as to develop incident response and analysis capabilities. Cyber kill chain in simple terms is an attack chain, the path that an intruder tak…
▽ More
Recent trends in targeted cyber-attacks has increased the interest of research in the field of cyber security. Such attacks have massive disruptive effects on rganizations, enterprises and governments. Cyber kill chain is a model to describe cyber-attacks so as to develop incident response and analysis capabilities. Cyber kill chain in simple terms is an attack chain, the path that an intruder takes to penetrate information systems over time to execute an attack on the target. This paper broadly categories the methodologies, techniques and tools involved in cyber-attacks. This paper intends to help a cyber security researcher to realize the options available to an attacker at every stage of a cyber-attack.
△ Less
Submitted 10 June, 2016;
originally announced June 2016.
-
Cyber Attack Thread: A Control-flow Based Approach to Deconstruct and Mitigate Cyber Threats
Authors:
Koustav Sadhukhan,
Rao Arvind Mallari,
Tarun Yadav
Abstract:
Attacks in cyberspace have got attention due to risk at privacy, breach of trust and financial losses for individuals as well as organizations. In recent years, these attacks have become more complex to analyze technically, as well as to detect and prevent from accessing confidential data. Although there are many methodologies and mechanisms which have been suggested for cyber-attack detection and…
▽ More
Attacks in cyberspace have got attention due to risk at privacy, breach of trust and financial losses for individuals as well as organizations. In recent years, these attacks have become more complex to analyze technically, as well as to detect and prevent from accessing confidential data. Although there are many methodologies and mechanisms which have been suggested for cyber-attack detection and prevention, but not from the perspective of an attacker. This paper presents the cyber-defence as hindrances, faced by the attacker, by understanding attack thread and defence possibilities with existing security mechanisms. Seven phases of Cyber Attack Thread are introduced and technical aspects are discussed with reference to APT attacks. The paper aims for security practitioner and administrators as well as for the general audience to understand the attack scenario and defensive security measures.
△ Less
Submitted 10 June, 2016;
originally announced June 2016.
-
Approximation Algorithm for N-distance Minimal Vertex Cover Problem
Authors:
Tarun Yadav,
Koustav Sadhukhan,
Rao Arvind Mallari
Abstract:
Evolution of large scale networks demand for efficient way of communication in the networks. One way to propagate information in the network is to find vertex cover. In this paper we describe a variant of vertex cover problem naming it N-distance Vertex Minimal Cover(N-MVC) Problem to optimize information propagation throughout the network. A minimum subset of vertices of a unweighted and undirect…
▽ More
Evolution of large scale networks demand for efficient way of communication in the networks. One way to propagate information in the network is to find vertex cover. In this paper we describe a variant of vertex cover problem naming it N-distance Vertex Minimal Cover(N-MVC) Problem to optimize information propagation throughout the network. A minimum subset of vertices of a unweighted and undirected graph G = (V, E) is called N-MVC if for all v in V , v is at distance less than or equal to N from at least one of the the vertices in N-MVC. In the following paper, this problem is defined, formulated and an approximation algorithm is proposed with discussion on its correctness and upper bound.
△ Less
Submitted 9 June, 2016;
originally announced June 2016.