Day 1 23/10/2019
Room #1

Registration 06:00 - 15:05

Opening Session 06:30 - 07:00

Keynote Speech by Prof. Matt Wright 07:00 - 08:00

Deep Fingerprinting and Triplet Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning

Break 08:00 - 08:30

Session 1 08:30 - 10:05

Blockchain chaired by Yuzhe Tang (Syracuse)
08:30 - 08:50
Trustless Framework for Iterative Double Auction based on Blockchain

One of the major problems in current implementations of iterative double auction is that they rely on a trusted third party to handle the auction process. This imposes the risk of single point of failures and monopoly. In this paper, we aim to tackle this problem by proposing a novel decentralized and trustless framework for iterative double auction based on blockchain. Our design adopts the smart contract and state channel technologies to enable a double auction process among parties that do not trust each other, while minimizing the blockchain transactions. We provide a formal development of the framework and highlight the security of our design against adversaries.
Authors: My Thai (University of Florida), Truc Nguyen (University of Florida),
Hide Authors & Abstract

Show Authors & Abstract
08:55 - 09:15
Towards a Multi-Chain Future of Proof-of-Space

Proof-of-Space provides an intriguing alternative for consensus protocol of permissionless blockchains due to its recyclable nature and the potential to support multiple chains simultaneously. However, a direct shared proof of the same storage, which was adopted in the existing multi-chain schemes based on Proof-of-Space, could give rise to newborn attack on new chain launching. To fix this gap, we propose an innovative framework of single-chain Proof-of-Space and further present a novel multi-chain scheme which can resist newborn attack effectively by elaborately combining shared proof and chain-specific proof of storage. Moreover, we analyze the security of the multi-chain scheme and prove that it is incentive-compatible. This means that participants in such multi-chain system can achieve their greatest utility with our proposed strategy of storage resource partition.
Authors: Shuyang Tang (Shanghai Jiao Tong University), Jilai Zheng (Shanghai Jiao Tong University), Yao Deng (Shanghai Jiao Tong University), Ziyu Wang (Beihang University), Zhiqiang Liu (Shanghai Jiao Tong University), Dawu Gu (Shanghai Jiao Tong University), Zhen Liu (Shanghai Jiao Tong University), Yu Long (Shanghai Jiao Tong University),
Hide Authors & Abstract

Show Authors & Abstract
09:20 - 09:40
Secure Consistency Verification for Untrusted Cloud Storage by Public Blockchains

This work presents ContractChecker, a Blockchain-based security protocol for verifying the storage consistency between mutually distrusting cloud provider and clients. Unlike existing protocols, the ContractChecker uniquely delegates log auditing to the Blockchain, and has the advantages in reducing client cost and lowering requirements on client availability, lending itself to modern scenarios with mobile and web clients. The ContractChecker collects the logs from both clients and cloud server, and verifies the consistency by cross-checking the logs. By this means, it does not only detect the attacks from malicious clients and server forging their logs, but also is able to mitigate those attacks and recover the system from them. In addition, we design new attacks against ContractChecker exploiting various limits in real Blockchain systems (e.g., write unavailability, Blockchain forks, contract race conditions). We analyze and harden the security of ContractChecker protocols under these proposed new attacks. We implement a functional prototype on Ethereum/Solidity. By experiments on Ethereum testnets, we extensively evaluate the cost of the ContractChecker in comparison with that of existing client-based log auditing works. The result shows the ContractChecker can scale to hundreds of clients and save client costs by more than one order of magnitude. The evaluation result verifies our design motivation of delegating log auditing to the Blockchain in ContractChecker.
Authors: Kai Li (Syracuse University), Yu-zhe (Richard) Tang (Syracuse University), Jianliang Xu (Hong Kong Baptist University), Beom Heyn (Ben) Kim (University of Toronto),
Hide Authors & Abstract

Show Authors & Abstract
09:45 - 10:05
An Enhanced Verifiable Inter-domain Routing Protocol based on Blockchain

Promise-violating attack to inter-domain routing protocol is becoming common in recent years, which always causes serious consequences, such as malicious attraction traffic, broken network. To deal with this kind of attack, routing verification is introduced by current research. However, it can only detect attacks against a specific routing policy triggered by one malicious node, and no research has yet been conducted to solve the problem caused by multiple collusion nodes. In this work, we present BRVM, a blockchain-based routing Verification Model, to address the issue of violating shortest AS Path policy. The main idea of BRVM is to record the route proofs to verify whether a route violates the policy by using blockchain technology. The premise of avoiding a collusion attack is that the proportion of the malicious verification nodes is lower than the fault tolerance rate of the consensus algorithm used in the blockchain. We theoretically prove the correctness of BRVM, and implement a prototype based on Quagga and Fabric. Our experiments show that BRVM can solve this kind of promise-violating problem caused by multiple collusion nodes, and about 39% faster than SPIDeR in performance.
Authors: Yaping Liu (Guangzhou University, Guangzhou, China), Shuo Zhang (Guangzhou University, Guangzhou, China), Haojin Zhu (Shanghai Jiao Tong University, Shanghai, China), Peng-Jun Wan (Illinois Institute of Technology, Chicago, USA), Lixin Gao (University of Massachusetts at Amherst, Amherst, USA), Yaoxue Zhang (Tsinghua University, Beijing, China),
Hide Authors & Abstract

Show Authors & Abstract

Lunch 10:05 - 11:30

Session 3 11:30 - 13:05

Catching Malware chaired by Aziz Mohaisen (UCF)
11:30 - 11:50
DeepCG: Classifying Metamorphic Malware through Deep Learning of Call Graphs

As the state-of-the-art malware obfuscation technique, metamorphism has received wide attention. Metamorphic malware can mutate themselves into countless variants during propagation by obfuscating part of their executable code automatically, thus posing serious challenges to all existing detection methods. To address this problem, a fundamental task is to understand the stable features that are relatively invariant across all variants of a certain type of metamorphic malware while distinguishable from other types. In this paper, we systematically study the obfuscation methods of metamorphic malware, and reveal that, compared to frequently used fragmented features such as byte n-grams and opcode sequences, call graphs are more stable against metamorphism, and can be leveraged to classify metamorphic malware effectively. Based on call graphs, we design a metamorphic malware classification method, dubbed deepCG, which enables automatic feature learning of metamorphic malware via deep learning. Specifically, we encapsulate the information of each call graph into an image that is then fed into deep convolutional neural networks for classifying the malware family. Particularly, due to its built-in training data enhancement approach, deepCG can achieve promising classification accuracy even with small-scale training samples. We evaluate deepCG using a PE malware dataset and the Microsoft BIG2015 dataset, and achieve a test accuracy of above 96%.
Authors: Shuang Zhao (Institute of Information Engineering, Chinese Academy of Sciences), Xiaobo Ma (Faculty of Electronic and Information Engineering, Xi’an Jiaotong University), Wei Zou (Institute of Information Engineering, Chinese Academy of Sciences), Bo Bai (Institute of Information Engineering, Chinese Academy of Sciences),
Hide Authors & Abstract

Show Authors & Abstract
11:55 - 12:15
ChaffyScript: Vulnerability-Agnostic Defense of JavaScript Exploits via Memory Perturbation

JavaScript has been used to exploit binary vulnerabilities of host software that are otherwise difficult to exploit; they impose a severe threat to computer security. Although software vendors have deployed techniques like ASLR,sandbox, etc. to mitigate JavaScript exploits, hacking contests (e.g.,Pwn2Own, GeekPwn) have demonstrated that the latest software (e.g., Chrome, IE, Edge, Safari) can still be exploited. An ideal JavaScript exploit mitigation solution should be flexible and allow for deployment without requiring code changes. To this end, we propose ChaffyScript, a vulnerability-agnostic mitigation system that thwarts JavaScript exploits via undermining the memory preparation stage of exploits.We implement a prototype of ChaffyScript, and our evaluation shows that it defeats the 11 latest JavaScript exploits with minimal runtime and memory overhead. It incurs at most 5.88% runtime overhead for chrome and 12.96% for FireFox. The maximal memory overhead JS heap usage, observed using the Octane benchmark, was 8.2%. To demonstrate the deployment flexibility of ChaffyScript, we have integrated it into a web proxy.
Authors: Heng Yin (UC Riverside), Xunchao Hu (Deepbits Technology), Brian Testa (Syracuse University),
Hide Authors & Abstract

Show Authors & Abstract
12:20 - 12:40
Obfusifier: Obfuscation-Resistant Android Malware Detection System

The structure-changing obfuscation has become an effective means for malware authors to create malicious apps that can evade the machine learning-based detection systems. Generally, a highly effective detection system for detecting unobfuscated malware samples can lose its effectiveness when encountering the same samples that have been obfuscated. In this paper, we introduce Obfusifier, a highly effective machine-learning based malware detection system that can sustain its effectiveness even when malware samples are obfuscated using complex and composite techniques. The training of our system is based on obfuscation- resistant features extracted from unobfuscated apps, while the classifier retains high effectiveness for detecting obfuscated malware. Our experimental evaluation shows that Obfusifier can achieve the precision, recall, and F-measure that exceed 95% for detecting obfuscated Android malware, well surpassing any of the previous approaches.
Authors: Qiben Yan (University of Nebraska-Lincoln), Zhiqiang Li (University of Nebraska-Lincoln), Jun Sun (University of Nebraska-Lincoln), Witawas Srisa-An (University of Nebraska-Lincoln), Yutaka Tsutano (University of Nebraska-Lincoln),
Hide Authors & Abstract

Show Authors & Abstract

Break 13:05 - 13:30

Session 5 13:30 - 15:05

Everything Traffic Security chaired by Clay Posey (UCF)
14:00 - 14:20
Traffic-based Automatic Detection of Browser Fingerprinting

Fingerprinting has been widely adopted by first- and third-party websites for the purpose of online tracking. It collects properties of operating systems, browsers, and even the hardware, for generating unique identifiers for visitors on websites. However, fingerprinting has raised both privacy and security concerns. In this paper, we present a traffic-based fingerprinting detection framework, FPExcavator. By analyzing the difference on values carried in outgoing requests from different browsers and machines, FPExcavator detects possible identifiers, as the generated fingerprints, in request header and payload. We implemented FPExcavator with OpenStack, Java, and some command scripts, and evaluated it on 100 websites in a lab setting and 100 websites selected from real-world. FPExcavator achieved 100% detection accuracy rate on 100 testing websites and 99% detection accuracy rate on 100 real-world websites. Meanwhile, it identified 12 new online tracking domains that have not been reported by previous research work. The evaluation results demonstrate that FPExcavator is useful and effective.
Authors: Rui Zhao (University of Nebraska Omaha), Edward Chow (University of Colorado Colorado Springs), Chunchun Li (University of Colorado Colorado Springs),
Hide Authors & Abstract

Show Authors & Abstract
14:25 - 14:45
Measuring Tor Relay Popularity

Tor is one of the most popular anonymity networks. It has been reported that over 2 million unique users utilize the Tor network daily. The Tor network is run by over 6,000 volunteer relays. Each Tor client telescopically builds a circuit by choosing three Tor relays and then uses that circuit to connect to a server. The Tor relay selection algorithm makes sure that no two relays with the same /16 IP address are chosen. Our objective is to determine the popularity of Tor relays when building circuits. With over 44 vantage points (machines running Tor clients) and over 145,000 circuits built, we found that some Tor relays are chosen more often than others. Although a completely balanced selection algorithm is not possible, analysis of our dataset shows that some Tor relays are over 3 times more likely to be chosen than others. An adversary could potentially eavesdrop or correlate more Tor traffic.
Authors: Tao Chen (Oklahoma State University), Weiqi Cui (Oklahoma State University), Eric Chan-Tin (Loyola University Chicago),
Hide Authors & Abstract

Show Authors & Abstract
14:50 - 15:10
SoK: ATT&CK Techniques and Trends in Windows Malware

In an ever-changing landscape of adversary tactics, techniques and procedures (TTPs), malware remains the tool of choice for attackers to gain a foothold on target systems. The Mitre ATT&CK framework is a taxonomy of adversary TTPs. It is meant to advance cyber threat intelligence (CTI) by establishing a generic vocabulary to describe postcompromise adversary behavior. This paper discusses the results of automated analysis of a sample of 951 Windows malware families, which have been plotted on the ATT&CK framework. Based on the framework’s tactics and techniques we provide an overview of established techniques within Windows malware and techniques which have seen increased adoption over recent years. Within our dataset we have observed an increase in techniques applied for fileless execution of malware, discovery of security software and DLL side-loading for defense evasion. We also show how a sophisticated technique, command and control (C&C) over IPC named pipes, is getting adopted by less sophisticated actor groups. Through these observations we have identified how malware authors are innovating techniques in order to bypass established defenses.
Authors: Kris Oosthoek (Delft University of Technology), Christian Doerr (Delft University of Technology),
Hide Authors & Abstract

Show Authors & Abstract
Room #2

Session 2 08:30 - 10:05

Internet of Things chaired by Eric Chan-Tin (Loyola University Chicago)
08:30 - 08:50
Edge-Assisted CNN Inference over Encrypted Data for Internet of Things

Supporting the inference tasks of convolutional neural network (CNN) on resource-constrained Internet of Things (IoT) devices in a timely manner has been an outstanding challenge for emerging smart systems. To mitigate the burden on IoT devices, one prevalent solution is to offload the CNN inference tasks to the public cloud. However, this "offloading-to-cloud" solution may cause privacy breach since the offloaded data can contain sensitive information. For privacy protection, the research community has resorted to advanced cryptographic primitives to support CNN inference over encrypted data. Nevertheless, these attempts are limited by the real-time performance due to the heavy IoT computational overhead brought by cryptographic primitives. In this paper, we propose an edge-computing-assisted scheme to boost the efficiency of CNN inference tasks on IoT devices, which also protects the privacy of IoT data to be offloaded. In our scheme, the most time-consuming convolutional and fully-connected layers are offloaded to edge computing devices and the IoT device only performs efficient encryption and decryption on the fly. As a result, our scheme enables IoT devices to securely offload over 99% CNN operations, and edge devices to execute CNN inference over encrypted data as efficiently as on plaintext. Experiments on AlexNet show that our scheme can speed up CNN inference for more than 35X with a 95.56% energy saving for IoT devices.
Authors: Yifan Tian (Embry-Riddle Aeronautical University), Jiawei Yuan (Embry-Riddle Aeronautical University), Shucheng Yu (Stevens Institute of Technology), Yantian Hou (Boise State University), Houbing Song (Embry-Riddle Aeronautical University),
Hide Authors & Abstract

Show Authors & Abstract
08:55 - 09:15
POKs Based Secure and Energy-Efficient Access Control for Implantable Medical Devices

Implantable medical devices (IMDs), such as pacemakers, implanted cardiac defibrillators and neurostimulators are medical devices implanted into patients' bodies for monitoring physiological signals and performing medical treatments. Many IMDs have built-in wireless communication modules to facilitate data collecting and device reprogramming by external programmers. The wireless communication brings significant conveniences for advanced applications such as real-time and remote monitoring but also introduces the risk of unauthorized wireless access. The absence of effective access control mechanisms exposes patients' life to cyber attacks. In this paper, we present a lightweight and universally applicable access control system for IMDs. By leveraging Physically Obfuscated Keys (POKs) as the hardware root of trust, provable security is achieved based on standard cryptographic primitives while attaining high energy efficiency. In addition, barrier-free IMD access under emergent situations is realized by utilizing the patient's biometrical information. We evaluate our proposed scheme through extensive security analysis and a prototype implementation, which demonstrate our work's superiority on security and energy efficiency.
Authors: Chenglong Fu (Temple University), Xiaojiang Du (Temple University), Longfei Wu (Fayetteville State University), Qiang Zeng (University of South Carolina), Amr Mohamed (Qatar University), Mohsen Guizani (Qatar University),
Hide Authors & Abstract

Show Authors & Abstract
09:20 - 09:40
USB-Watch: A Dynamic Hardware-Assisted USB Threat Detection Framework

The USB protocol is among the most widely adopted protocols today. However, this same adoptability leaves unwitting computing devices prone to attacks. Malicious USB devices can mimic benign devices to insert malicious commands on end devices. These malicious USB devices can behave as an actual device and appear benign to the operating system. Typically, advanced software-based detection schemes are used to identify the malicious nature of such devices. However, a powerful adversary can still subvert those software-based detection schemes. To address these concerns, in this work, we introduce a novel hardware-assisted, dynamic USB-threat detection framework called USB-Watch. Specifically, USB-Watch utilizes hardware placed between a USB device and the host machine to hook into the USB communication, collect USB data, and provide the capability to view unaltered USB protocol communications. This unfettered data is then fed into a machine learning-based classifier which dynamically determines the true nature of the USB device. We perform a thorough analysis of typing dynamic features to effectively classify malicious USB devices from benign typing behaviors. We show that USB-Watch provides a lightweight, OS-independent framework which effectively distinguishes differences between normal and malicious USB behaviors with a ROC curve of 0.89. To the best of our knowledge, this is the first hardware-based detection mechanism to dynamically detect threats coming from USB devices.
Authors: Kyle Denney (Florida International University), Enes Erdin (Florida International University), Leonardo Babun (Florida International University), Michael Vai (MIT Lincoln Laboratory), A. Selcuk Uluagac (Florida International University),
Hide Authors & Abstract

Show Authors & Abstract
09:45 - 10:05
Automated IoT Device Fingerprinting Through Encrypted Stream Classification

The explosive growth of the Internet of Things (IoT) has enabled a wide range of new applications and services. Meanwhile, the massive scale and enormous heterogeneity (e.g., in device vendors and types) of IoT raise challenges in efficient network/device management, application QoS-aware provisioning, and security and privacy. Automated and accurate IoT device fingerprinting is a prerequisite step for realizing secure, reliable, and high-quality IoT applications. In this paper, we propose a novel data-driven approach for passive fingerprinting of IoT device types through automatic classification of encrypted IoT network flows. Based on an in-depth empirical study on the traffic of real-world IoT devices, we identify a variety of valuable data features for accurately characterizing IoT device communications. By leveraging these features, we develop a deep learning based classification model for IoT device fingerprinting. Experimental results using a real-world IoT dataset demonstrate that our method can achieve 99 accuracy in IoT device-type identification.
Authors: Jianhua Sun (College of William and Mary), Sun Kun (George Mason University), Chris Shenefie (Cisco Systems, Inc.),
Hide Authors & Abstract

Show Authors & Abstract

Session 4 11:30 - 13:05

Machine Learning chaired by Jiawei Yuan (ERAU)
11:30 - 11:50
Stochastic ADMM Based Distributed Machine Learning with Differential Privacy

While embracing various machine learning techniques to make effective decisions in the big data era, preserving the privacy of sensitive data poses significant challenges. In this paper, we develop a privacy-preserving distributed machine learning algorithm to address this issue. Given the assumption that each data provider owns a dataset with different sample size, our goal is to learn a common classifier over the union of all the local datasets in a distributed way without leaking any sensitive information of the data samples. Such an algorithm needs to jointly consider efficient distributed learning and effective privacy preservation. In the proposed algorithm, we extend stochastic alternating direction method of multipliers (ADMM) in a distributed setting to do distributed learning. For preserving privacy during the iterative process, we combine differential privacy and stochastic ADMM together. In particular, we propose a novel stochastic ADMM based privacy-preserving distributed machine learning (PS-ADMM) algorithm by perturbing the updating gradients, that provide differential privacy guarantee and have a low computational cost. We theoretically demonstrate the convergence rate and utility bound of our proposed PS-ADMM under strongly convex objective. Through our experiments performed on real-world datasets, we show that PS-ADMM outperforms other differentially private ADMM algorithms under the same differential privacy guarantee.
Authors: Jiahao Ding (University of Houston), Sai Mounika Errapotu (University of Houston), Haijun Zhang (University of Science and Technology Beijing), Yanmin Gong (University of Texas at San Antonio), Miao Pan (University of Houston), Zhu Han (University of Houston),
Hide Authors & Abstract

Show Authors & Abstract
12:20 - 12:40
Trojan Attack on Deep Generative Models in Autonomous Driving

Deep generative models (DGMs) have empowered unprecedented innovations in many application domains. However, their security has not been thoroughly assessed when deploying such models in practice, especially in those mission-critical tasks like autonomous driving. In this work, we draw attention to a new attack surface of DGMs, which is the data used in the training phase. We demonstrate that the training data poisoning, the injection of specially-crafted data, are able to teach Trojan behaviors to a DGM without influencing the original training goal. Such Trojan attack will be activated after model deployment only if certain rare triggers are present in an input. For example, a rain-removal DGM after poisoning can, while removing raindrops in input images, change a traffic light from red to green if this traffic light has a specific appearance (i.e. a trigger). Clearly severe consequences can occur if such poisoned model is deployed on vehicle. Our study shows that launching our Trojan attack is feasible on different DGM categories designed for the autonomous driving scenario, and existing defense methods cannot effectively defeat it. We also introduce a concealing technique to make our data poisoning more inconspicuous during the training. In the end, we propose some potential defense strategies inspiring future explorations.
Authors: Shaohua Ding (State Key Laboratory for Novel Software Technology, Nanjing University, China), Yulong Tian (State Key Laboratory for Novel Software Technology, Nanjing University, China), Fengyuan Xu (State Key Laboratory for Novel Software Technology, Nanjing University, China), Qun Li (College of William and Mary, USA), Sheng Zhong (State Key Laboratory for Novel Software Technology, Nanjing University, China),
Hide Authors & Abstract

Show Authors & Abstract
12:45 - 13:05
FuncNet: A Euclidean Embedding Approach for Lightweight Cross-platform Binary Recognition

Reverse analysis is a necessary but manually dependent technique to comprehend the working principle of new malware. The cross-platform binary recognition facilitates the work of reverse engineers by identifying those duplicated or known parts compiled from various platforms. However, existing approaches mainly rely on raw function bytes or cosine embedding representation, which have either low binary recognition accuracy or high binary search overheads on real-world binary recognition tasks. In this paper, we propose a lightweight neural network-based approach to generate the Euclidean embedding (i.e., a numeric vector), based on the control flow graph and callee's interface information of each binary function, and classify the embedding vectors with an Euclidean distance sensitive artificial neural network. We implement a prototype called FuncNet, and evaluate it on real-world projects with 1980 binaries, about 2 million function pairs. The experiment result shows that its accuracy outperforms state-of-the-art solutions by over 13 percent on average and the binary search on big datasets can be done with constant time complexity.
Authors: mengxia luo (Institute of Information Engineering, Chinese Academy of Sciences), can yang (Institute of Information Engineering, Chinese Academy of Sciences), xiaorui gong (Institute of Information Engineering, Chinese Academy of Sciences), lei yu (Institute of Information Engineering, Chinese Academy of Sciences),
Hide Authors & Abstract

Show Authors & Abstract

Break 13:05 - 13:30

Session 6 13:30 - 15:05

Communicating Covertly chaired by Jidong Xiao (Boise State University)
13:30 - 13:50
Covert Channels in SDN: Leaking Out Information from Controllers to End Hosts

Software-Defined Networking (SDN) enables diversified network functionalities with plentiful applications deployed on a logically-centralized controller. In order to work properly, applications are naturally provided with much information on SDN. However, this paper shows that malicious applications can exploit basic SDN mechanisms to build covert channels to stealthily leak out valuable information to end hosts, which can bypass network security policies and break physical network isolation. We design two types of covert channels with basic SDN mechanisms. The first type is a high-rate covert channel that exploits SDN proxy mechanisms to transmit covert messages to colluding hosts inside SDN. The second type is a low-rate covert channel that exploits SDN rule expiry mechanisms to transmit covert messages from SDN applications to any host on the Internet. We develop the prototypes of both covert channels in a real SDN testbed consisting of commercial hardware switches and an open source controller. Evaluations show that the covert channels successfully leak out a TLS private key from the controller to a host inside SDN at a rate of 200 bps with 0% bit error rate, or to a remote host on the Internet at a rate of 0.5 bps with less than 3% bit error rate. In addition, we discuss possible countermeasures to mitigate the covert channel attacks.
Authors: Jiahao Cao (Tsinghua University), Kun Sun (George Mason University), Qi Li (Tsinghua University), Mingwei Xu (Tsinghua University), Zijie Yang (Tsinghua University), Kyung Joon Kwak (Intelligent Automation Inc.), Jason Li (Intelligent Automation Inc.),
Hide Authors & Abstract

Show Authors & Abstract
13:55 - 14:15
Victim-Aware Adaptive Covert Channels

We investigate the problem of detecting advanced covert channel techniques, namely victim-aware adaptive covert channels. An adaptive covert channel is considered victim-aware when the attacker mimics the content of its victim's legitimate communication, such as application-layer metadata, in order to evade detection from a security monitor. In this paper, we show that victim-aware adaptive covert channels break the underlying assumptions of existing covert channel detection solutions, thereby exposing a lack of detection mechanisms against this threat. We propose a toolchain, CHAMELEON, to create synthetic datasets containing victim-aware adaptive covert channel traffic. Armed with CHAMELEON, we evaluate state-of-the-art detection solutions and we show that they fail to effectively detect stealthy attacks. The design of detection techniques against these stealthy attacks is challenging because their network characteristics are similar to those of benign traffic. We explore a deception-based detection technique that we call HONEYTRAFFIC, which generates network messages containing honey tokens, while mimicking the victim's communication. Our approach detects victim-aware adaptive covert channels by observing inconsistencies in such tokens, which are induced by the attacker while mimicking the victim's traffic. Although HONEYTRAFFIC has detection limitations, it can be combined with existing detection methods to make evasion harder for an attacker
Authors: Riccardo Bortolameotti (University of Twente), Thijs van Ede (University of Twente), Andrea Continella (University of California, Santa Barbara), Maarten H. Everts (University of Twente), Willem Jonker (University of Twente), Pieter Hartel (Delft University of Technology), Andreas Peter (University of Twente),
Hide Authors & Abstract

Show Authors & Abstract
14:45 - 15:05
A Loss-tolerant Mechanism of Message Segmentation and Reconstruction in Multi-path Communication of Anti-tracking Network

Multi-path communication applied in the anonymous communication netowrk improves the difficulty of online theft of the netizens' privacy. But in the current multi-path communication mechanisms, when some message blocks are lost, the frequent request for the lost message blocks greatly reduces the communication efficiency and the tracking-resistance. To address this problem, we propose a loss-tolerant mechanism of message segmentation and reconstruction in multi-path communication(FMC). The loss-tolerance of FMC is subject to the property of orthogonal matrix that the inner product of any two rows(columns) is 0. FMC works as follows: 1) firstly, the message is encoded into an orthogonal matrix, and divided into triangular blocks as more as possible; 2) secondly, the message blocks are sent to different communication paths, and each communication path guarantees the security of the transmitted message; 3) thirdly, the receiver recovers the original message even when some message blocks are lost. Without the frequent request for the lost message blocks, FMC greatly improves the communication efficiency and tracking-resistance. Experimental results show that FMC has a strong loss-tolerant performance, and the receiver can certainly recover the original message with 15% lost message blocks at most. For a n×n matrix, n/2 is a proper size of message blocks to balance loss-tolerance, tracking-resistance and communication efficiency.
Authors: Changbo Tian (School of Cyber Security, University of Chinese Academy of Sciences), YongZheng Zhang (Institute of Information Engineering, Chinese Academy of Sciences), Tao Yin (Institute of Information Engineering, Chinese Academy of Sciences), Yupeng Tuo (Institute of Information Engineering, Chinese Academy of Sciences), Ruihai Ge (Institute of Information Engineering, Chinese Academy of Sciences),
Hide Authors & Abstract

Show Authors & Abstract

ATCS Workshop 15:10 - 15:55

Applications and Techniques in Cyber Security
Day 2 24/10/2019
Room #1

Registration 06:00 - 16:00

Keynote Speech by Prof. Shigang Chen 06:30 - 07:30

Privacy in Data Collection and Sharing

Panel Discussion 07:30 - 08:30

Unique Privacy and Security Challenges in IoT Devices

Break 08:30 - 09:00

Session 7 09:00 - 10:35

Let's Talk Privacy chaired by Kun Sun (GMU)
09:00 - 09:20
Ticket Transparency: Accountable Single Sign-On with Privacy-Preserving Public Logs

Single sign-on (SSO) is becoming more and more popular in the Internet. An SSO ticket issued by the identity provider (IdP) allows an entity to sign onto a relying party (RP) on behalf of the account enclosed in the ticket. To ensure its authenticity, an SSO ticket is digi- tally signed by the IdP and verified by the RP. However, recent security incidents indicate that a signing system (e.g., certification authority) might be compromised to sign fraudulent messages, even when it is well protected in accredited commercial systems. Compared with certification authorities, the online signing components of IdPs are even more exposed to adversaries and thus more vulnerable to such threats in practice. This paper proposes ticket transparency to provide accountable SSO services with privacy-preserving public logs against potentially fraudulent tickets issued by a compromised IdP. With this scheme, an IdP-signed ticket is accepted by the RP only if it is recorded in the public logs. It en- ables a user to check all his tickets in the public logs and detect any fraudulent ticket issued without his participation or authorization. We integrate blind signatures, identity-based encryption and Bloom filters in the design, to balance transparency, privacy and efficiency in these security-enhanced SSO services. To the best of our knowledge, this is the first attempt to solve the security problems caused by potentially intruded or compromised IdPs in the SSO services.
Authors: Dawei Chu (Institute of Information Engineering, Chinese Academy of Sciences), Jingqiang Lin (State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences), Fengjun Li (The University of Kansas), Xiaokun Zhang (Academy of Opto-Electronics, Chinese Academy of Sciences), Qiongxiao Wang (Institute of Information Engineering, Chinese Academy of Sciences), Guangqi Liu (Institute of Information Engineering, Chinese Academy of Sciences),
Hide Authors & Abstract

Show Authors & Abstract
09:50 - 10:10
Location Privacy Issues in the OpenSky Network Crowdsourcing Platform

OpenSky Network leverages the freely accessible data generated by the aircraft through the Automatic Dependent Surveillance - Broadcast (ADS-B) technology to create a global open-access network where individuals, industries, and academia can contribute and obtain data. Avionic data are acquired through on-ground general purpose antennas, installed and operated in adequate locations, and later delivered to OpenSky Network. To maintain operators' privacy while still keeping data value, OpenSky Network promises not to reveal the antenna location, if the data contributor wishes so. Thus, open data provided to the participating entities contain neither the location of the operating receiver, nor other location identification data. In this work, we practically demonstrate that maintaining full location privacy in this scenario is almost unfeasible. We apply a time-based location estimation technique that, leveraging: i) the disclosed location of legitimate receivers that did not opt in for location privacy; and, ii) data provided by commercial and military aircraft, reveals with reasonable accuracy the location of the receivers that did opt-in for location privacy. Results achieved by simulations and an experimental campaign over real data provided by the OpenSky Network support our claim, further confirming that maintaining location privacy while still contributing to the community cannot be fully achieved in the actual setting, hence calling for further research.
Authors: Savio Sciancalepore (Hamad Bin Khalifa University (HBKU) - College of Science and Engineering (CSE)), Saeif Alhazbi (Hamad Bin Khalifa University (HBKU) - College of Science and Engineering (CSE)), Roberto Di Pietro (Hamad Bin Khalifa University (HBKU) - College of Science and Engineering (CSE)),
Hide Authors & Abstract

Show Authors & Abstract
10:15 - 10:35
Privacy-Preserving Genomic Data Publishing via Differentially-Private Suffix Tree

Privacy-preserving data publishing is a mechanism for sharing data while ensuring that the privacy of individuals is preserved in the published data, and utility is maintained for data mining and analysis. There is a huge need for sharing genomic data to advance medical and health researches. However, since genomic data is highly sensitive and the ultimate identifier, it is a big challenge to publish genomic data while protecting the privacy of individuals in the data. In this paper, we address the aforementioned challenge by presenting an approach for privacy-preserving genomic data publishing via differentially-private suffix tree. The proposed algorithm uses a top-down approach and utilizes the Laplace mechanism to divide the raw genomic data into disjoint partitions, and then normalize the partitioning structure to ensure consistency and maintain utility. The output of our algorithm is a differentially-private suffix tree, a data structure most suitable for efficient search on genomic data. We experiment on real-life genomic data obtained from the Human Genome Privacy Challenge project, and we show that our approach is efficient, scalable, and achieves high utility with respect to genomic sequence matching count queries.
Authors: Tanya Khatri (Boise State University), Gaby Dagher (Boise State University), Yantian Hou (Boise State University),
Hide Authors & Abstract

Show Authors & Abstract

Lunch 10:35 - 12:00

Session 9 12:00 - 13:35

Systematic Theory chaired by Kun Sun (GMU)
12:00 - 12:20
On the Security of TRNGs based on Multiple Ring Oscillators

True random number generator (TRNG) is essential for the implementation of cryptographic applications, such as digital signature algorithms and security protocols. The quality of generated sequences would directly influence the security of the cryptographic application. Furthermore, in order to enhance the generation rate of random numbers, a TRNG based on multiple ring oscillators (ROs), i.e., MRO-TRNG for short, has been proposed by Sunar et al. There exist potential risks threatening the security of the MRO-TRNG, like pseudo-randomness and phase interlock. For MRO-TRNG, experimental observation and statistical test results have been well investigated. However, these methods cannot distinguish the pseudo-randomness. The concept of entropy is used to quantify the amount of randomness. As far as we know, there is no entropy estimation method for MRO-TRNGs. In this regard, this paper provides an entropy estimation method to analyze the security of MRO-TRNG based on the method for oscillator-based TRNG, and calculates a lower bound of entropy. The theoretical results are verified through Matlab simulations and FPGA experiments. The conclusions can further guide the setting of design parameters (i.e., number of ROs, sampling frequency, etc.) to generate outputs with sufficient entropy.
Authors: Xinying Wu (School of Cyber Security, University of Chinese Academy of Sciences; Data Assurance and Communications Security Research Center; State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Yuan Ma (Data Assurance and Communications Security Research Center; State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Jing Yang (School of Cyber Security, University of Chinese Academy of Sciences; Data Assurance and Communications Security Research Center; State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Tianyu Chen (Data Assurance and Communications Security Research Center; State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Jingqiang Lin (School of Cyber Security, University of Chinese Academy of Sciences; Data Assurance and Communications Security Research Center; State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China),
Hide Authors & Abstract

Show Authors & Abstract
12:25 - 12:45
Secrecy on a Gaussian Relay-Eavesdropper Channel with a Trusted Relay

Security is a crucial aspect in nowadays wireless communication systems. The open nature of wireless makes the communications more vulnerable to eavesdropping, which leads to that the physical layer security (information theoretic secrecy) is becoming attractive due to its relying on the characteristics of the transmission medium. In this paper, we study the secrecy on a gaussian relay-eavesdropper channel with a trusted relay, which is assumed to be able to decode and encode wiretap codes. We discuss several cooperative strategies to guarantee the information secrecy in some cases and bound the corresponding secrecy rate. Also, we derive a cut-set-like upper bound on the secrecy capacity for our scenario. The relative proofs are also presented in this paper.
Authors: Keke Hu (Institute of Information Engineering, Chinese Academy of Sciences P.R. China), Xiaohui Zhang (Institute of Information Engineering, Chinese Academy of Sciences), Yongming Wang (Institute of Information Engineering, Chinese Academy of Sciences),
Hide Authors & Abstract

Show Authors & Abstract
12:50 - 13:10
Target Information Trading - An Economic Perspective of Security

Ample evidence has confirmed the importance of information in security. While much research on security game has assumed the attackers' limited observation capabilities to obtain target information, few work considers the possibility that the information can be acquired from a data broker, not to mention exploring the profit-seeking behaviors of such an information service in the shrouded underground society. This paper studies the role of information in security problem when the target information is sold by a data broker to multiple competitive attackers. We formulate a novel multi-stage game model to characterize both the cooperative and competitive interactions of the data broker and attackers. Specifically, the attacker competition with correlated purchasing and attacking decisions is modeled as a two-stage stochastic model; and the bargaining process between the data broker and the attackers is analyzed in a Stackelberg game. Both the attackers' competitive equilibrium solutions and data broker's optimal pricing strategy are obtained. Our results show that the information accuracy is more valuable when the target value is higher. Furthermore, the competition may weaken the information value to the attackers but benefit the data broker. The study contributes to the literature by characterizing the co-opetitive behaviors of the attackers with labor specialization, and providing quantitative measures of information value from an economic perspective.
Authors: Jing Hou (Department of Computer Science and Software Engineering, Auburn University), Li Sun (Department of Computer Science and Software Engineering, Auburn University), Tao Shu (Department of Computer Science and Software Engineering, Auburn University), Husheng Li (Department of Electrical Engineering and Computer Science, The University of Tennessee Knoxville),
Hide Authors & Abstract

Show Authors & Abstract
13:15 - 13:35
Cyber Threat Analysis based on Characterizing Adversarial Behavior for Energy Delivery System

Recently, Energy Delivery Systems (EDS) has been the target of several sophisticated attacks with potentials for catastrophic damages. These attacks are diverse in techniques, attack progression, and impacts. System administrators require comprehensive analytics to assess their defense against these diverse adversarial strategies. To address this challenge, this paper proposes a methodology to assess cyber threats proactively by characterizing adversary behavior. First, we describe the different level of threat indicators and their effectiveness to understand the adversary activity. Next, we integrate static network information with dynamic attack strategy by mapping attack graphs into attacker's techniques and tactics. This contextual integration provides insights into attacker's stealthy behavior. Following the enumeration of complexity and effort for attack progression, we devise a metric to quantify the likelihood of an adversary taking an attack path for compromising an asset in EDS. We empirically evaluated our approach within an ICS test-bed. The results show the significance of our approach for characterizing adversarial behavior and gaining valuable insights on cyber risk management.
Authors: Md Sharif Ullah (Old Dominion University), Sachin Shetty (Old Dominion University), Anup Nayak (Accenture Cyber Lab), Amin Hassanzadeh (Accenture Cyber Lab), Kamrul Hasan (Old Dominion University),
Hide Authors & Abstract

Show Authors & Abstract

Break 13:35 - 14:00

Session 11 14:00 - 15:50

Blockchains and IoT chaired by Boyang Wang (University of Cincinnati)
14:00 - 14:20
A Behavior-Aware Profiling of Smart Contracts

The inception of blockchain techniques has been revolutionizing various domains, e.g., Internet of Things, supply chain and healthcare. Ethereum smart contracts emerge as the promising blockchain application, which could enable distrustful parties to participate in the automatic and trustful transactions. Given the increasing importance of Ethereum smart contracts, understanding them becomes imperative. However, prior work only studied smart contracts with general high-level patterns, and one critical question has not been answered yet: how do smart contracts behave individually? In this paper, we present a behavior-aware profiling of individual smart contract from a multi-party perspective, which improves the visibility of the smart contract ecosystem. We conduct a detailed study of the behavior of individual smart contract on two real-world datasets, and our profiling reveals interesting and surprising observations. For example, a few contract completion chains have more than 50 contracts and all of them belong to the Finance category. We also discuss the implications that lead to recommendations to improve the security and performance of the smart contract ecosystem. Overall, our work effectively complements previous work towards generating a comprehensive understanding of smart contracts.
Authors: Xuetao Wei (University of Cincinnati), Can Lu (University of Cincinnati), Fatma Rana Ozcan (University of Cincinnati), Ting Chen (University of Electronic Science and Technology of China), Boyang Wang (University of Cincinnati), Di Wu (Hunan University), Qiang Tang (New Jersey Institute of Technology),
Hide Authors & Abstract

Show Authors & Abstract
14:25 - 14:45
A Performance-Optimization Method for Reusable Fuzzy Extractor Based on Block Error Distribution of Iris Trait

Fuzzy extractors convert repeated noise readings of a source into same uniformly distributed key. To eliminate noise, non-secret helper data is extracted from the initial enrolment in the registration phase and acts as the ``error correct" tool in the verification phase. However, error correct code based fuzzy extractors have cross-matching problems. Reusable fuzzy extractors are proposed to realize multiple registrations of the same biometrics and provide privacy-enhancing features such as revocability and protection against cross-matching. Nonetheless, Canetti's reusable fuzzy extractors named sample-then-lock suffer from heavy storage and computing resources burdens. In this paper, after conducting a thorough correlation analysis between performance and error tolerance in Canetti's reusable fuzzy extractors, we find that decreasing error tolerance threshold can improve storage and computation performance of reusable fuzzy extractors. Based on statistical analysis of the block error distribution of iris trait, we propose an iris-code preprocessing method which uses Hadamard code to lower error tolerance. We conduct an experiment on a public iris dataset and experimental result shows that our method can improve the performance and security of the reusable fuzzy extractor
Authors: Feng Zhu (State Key Laboratory of Information Security, Institute of Information Engineering Chinese Academy of Science), Peisong Shen (State Key Laboratory of Information Security, Institute of Information Engineering Chinese Academy of Science), Chi Chen (State Key Laboratory of Information Security, Institute of Information Engineering Chinese Academy of Science),
Hide Authors & Abstract

Show Authors & Abstract
14:50 - 15:10
Detecting Root-Level Endpoint Sensor Compromises with Correlated Activity

Endpoint sensors play an important role in an organization's network defense. However, endpoint sensors may be disabled or sabotaged if an adversary gains root-level access to the endpoint running the sensor. While traditional sensors cannot reliably defend against such compromises, this work explores an approach to detect these compromises in applications where multiple sensors can be correlated. We focus on the OpenFlow protocol and show that endpoint sensor data can be corroborated using a remote endpoint's sensor data or that of in-network sensors, like an OpenFlow switch. The approach allows end-to-end round trips of less than 20ms for around 90% of flows, which includes all flow elevation and processing overheads. In addition, the approach can detect flows from compromised nodes if there is a single uncompromised sensor on the network path. This approach allows defenders to quickly identify and quarantine nodes with compromised endpoint sensors.
Authors: Yunsen Lei (Worcester Polytechnic Institute), Craig Shue (Worcester Polytechnic Institute),
Hide Authors & Abstract

Show Authors & Abstract
15:15 - 15:35
Footprints: Ensuring Trusted Service Function Chaining in the World of SDN and NFV

Network Function Virtualization (NFV) and Software Defined Networking (SDN) empower Service Function Chaining (SFC), which integrates an ordered list of Virtualized Network Functions (VNFs) together for implementing a particular service. However, the high-level SFC policy specification cannot guarantee that the VNFs are always chained in an expected manner (or the packet flows of the service are forwarded to the VNFs of concern in a predefined order). An attacker can manage to bypass or evade the security VNFs (e.g., firewall, virus scanner, DPI) and deviate the packets flows from the pre-specified path. It is thus a significant need to have an efficient self-checking mechanism in place, ensuring the SFC to be implemented in a secure and correct way. We develop such a scheme based on an improved crypto primitive, Lite identity-based ordered multisignature, which enforces all the VNFs in the same service chain to sequentially sign the packets received. Then the last hop of the chain will verify the aggregated signature, so as to validate the authenticity of the VNFs, as well as their orders in the chain. We leverage the IETF Network Service Header (NSH) to implement our scheme and run the experiments in a real-world environment to evaluate its performance in terms of computational overhead and latency.
Authors: Montida Pattaranantakul (IMT Lille Douai), Qipeng Song (IMT Lille Douai), Yanmei Tian (Beijing University of Posts and Telecommunications), Licheng Wang (Beijing University of Posts and Telecommunications), Zonghua Zhang (IMT Lille Douai), Ahmed Meddahi (IMT Lille Douai),
Hide Authors & Abstract

Show Authors & Abstract

Gala Dinner 17:00 - 19:00

Room #2

Session 8 09:00 - 10:35

Deep Analytics chaired by Cliff Zou (UCF)
09:25 - 09:45
Towards Forward Secure Internet Traffic

Forward Secrecy (FS) is a security property in key-exchange algorithms which guarantees that a compromise in the secrecy of a long-term private-key does not compromise the secrecy of past session keys. With a growing awareness of long-term mass surveillance programs by governments and others, FS has become widely regarded as a highly desirable property. This is particularly true in the TLS protocol, which is used to secure Internet communication. In this paper, we investigate FS in pre-TLS 1.3 protocols, which do not mandate FS, but still widely used today. We conduct an empirical analysis of over 10 million TLS servers from three different datasets using a novel heuristic approach. Using a modern TLS client handshake algorithms, our results show 5.37% of top domains, 7.51% of random domains, and 26.16% of random IPs do not select FS key-exchange algorithms. Surprisingly, 39.20% of the top domains, 24.40% of the random domains, and 14.46% of the random IPs that do not select FS, do support FS. In light of this analysis, we discuss possible paths toward forward secure Internet traffic. As an improvement of the current state, we propose a new client-side mechanism that we call “Best Effort Forward Secrecy” (BEFS), and an extension of it that we call “Best Effort Forward Secrecy and Authenticated Encryption” (BESAFE), which aims to guide (force) misconfigured servers to FS using a best effort approach.
Authors: Eman Alashwali (University of Oxford), Pawel Szalachowski (Singapore University of Technology and Design (SUTD)), Andrew Martin (University of Oxford),
Hide Authors & Abstract

Show Authors & Abstract
09:50 - 10:10
Application Transiency: Towards a Fair Trade of Personal Information for Application Services

Smartphone users are offered a plethora of applications providing services, such as games and entertainment. In 2018, 94% of applications on Google Play were advertised as "free". However, many of these applications obtain undefined amounts of personal information from unaware users. In this paper, we introduce transiency: a privacy-enhancing feature that prevents applications from running unless explicitly opened by the user. Transient applications can only collect sensitive user information while they are being used, and remain disabled otherwise. We show that a transient app would not be able to detect a sensitive user activity, such as a daily commute to work, unless it was used during the activity. We define characteristics of transient applications and find that, of the top 100 free apps on Google Play, 88 could be made transient. By allowing the user to decide when to allow an app to collect their data, we move towards a fair trade of personal information for application services.
Authors: Raquel Alvarez (Pennsylvania State University), Jake Levenson (Pennsylvania State University), Ryan Sheatsley (Pennsylvania State University), Patrick McDaniel (Pennsylvania State University),
Hide Authors & Abstract

Show Authors & Abstract
10:15 - 10:35
CustomPro: Network Protocol Customization through Cross-host Feature Analysis

The implementations of network protocols are often "bloated'' due to the need to satisfy diverse user requirements and to suit different application environments. The continual expansion of program features contribute to not only growing complexity but also increased the attack surface, making the maintenance of network protocol security very challenging. Existing work either de-bloat programs at source code level (which may not always be available, in particular for legacy systems) or customize binaries only with respect to a very limited set of inputs. In this paper, we propose CustomPro, a new approach for automated customization of network protocols. We harness program execution tracing, tainting and guided symbolic execution to identify relevant code from the original program binary, and leverage static binary rewriting techniques to create a customized program binary that only contains the desired functionalities. We implement a prototype of CustomPro and evaluate its feasibility using OpenSSL (a widely used SSL implementation) and Mosquitto (an IoT messaging protocol implementation). The results show that CustomPro is able to create functional program binaries with only desired features and significantly reduce the potential attack surface by targeting and eliminating unwanted protocol features.
Authors: Yurong Chen (George Washington University), Tian Lan (George Washington University), Guru Venkataramani (George Washington University),
Hide Authors & Abstract

Show Authors & Abstract

Session 10 12:00 - 13:35

Bulletproof Defenses chaired by Ryan Gerdes (Virginia Tech)
12:00 - 12:20
The Disbanding Attack: Exploiting Human-in-the-loop Control in Vehicular Platooning

Due to advances in automated vehicle technology and inter-vehicle communication, vehicular platoons have attracted a growing interest by academia and industry alike, as they can produce safe driving, regularize traffic flow, and increase throughput. Research has demonstrated, however, that when platoons are placed in an adversarial environment, they are vulnerable to a variety of attacks that could negatively impact traffic flow and produce collisions and/or injuries. In this work, we consider an attack that seeks to exploit human-in-the-loop control of compromised vehicles that are part of a platoon. Specifically, we demonstrate that should a human operator need to suddenly take control of a platooned vehicle, significant upstream effects, which threaten the safety of passengers in other vehicles, may be induced. To counter this so-called disbanding attack, we present an optimal centralized mitigation approach. Due to scalability, security, and privacy concerns, such an approach may not be practical in reality. Hence, we also propose a decentralized mitigation algorithm that reduces excessive speed changes and coordinates inter-platoon behaviors to minimize the attack impacts. Our algorithm is compared to the aforementioned optimal approach and is shown to produce nearly equivalent results while requiring fewer resources. Experimental results on a hardware testbed show that our countermeasure permits graceful speed reductions and can provide safety, i.e., no collisions.
Authors: Ali Al-Hashimi (Utah State University), Pratham Oza (Virginia Tech), Ryan Gerdes (Virginia Tech), Thidapat Chantem (Virginia Tech),
Hide Authors & Abstract

Show Authors & Abstract
12:25 - 12:45
Generic Construction of ElGamal-Type Attribute-Based Encryption Schemes with Revocability and Dual-Policy

Cloud is a computing paradigm for allowing data owners to outsource their data to enjoy on-demand services and mitigate the burden of local data storage. However, secure sharing of data via cloud remains an essential issue since the cloud service provider is untrusted. Fortunately, asymmetric-key encryption, such as identity-based encryption (IBE) and attribute-based encryption (ABE), provides a promising tool to offer data confidentiality and has been widely applied in cloud-based applications. In this paper, we summarize the common properties of most of IBE and ABE and introduce a cryptographic primitive called ElGamal type cryptosystem. This primitive can be used to derive a variety of ABE schemes. To illustrate the feasibility, we present generic constructions of revocable attribute-based encryption and dual-policy attribute-based encryption with formal definitions and security proofs. By applying our proposed generic constructions, we also present instantiations of these schemes. Furthermore, we demonstrate the high performance of the proposed schemes via experiments.
Authors: Shengmin Xu (Xi'an University of Posts and Telecommunications), Yinghui Zhang (Xi'an University of Posts and Telecommunications), Yingjiu Li (Singapore Management University), Ximeng Liu (Fuzhou University), Guomin Yang (University of Wollongong),
Hide Authors & Abstract

Show Authors & Abstract
12:50 - 13:10
Online Cyber Deception System using Partially Observable Monte-Carlo Planning Framework

Cyber deception is an approach where the network administrators can deploy a network of decoy assets with the aim to expend adversaries' resources and time and gather information about the adversaries' strategies, tactics, capabilities, and intent. The key challenge in this cyber deception approach is the design and placement of network decoys to ensure maximal information uncertainty for the attackers. State-of-the-art approaches to address this design and placement problem assume a static environment and apriori strategies taken by the attacker. In this paper, we propose the design and placement of network decoys considering scenarios where defender's action influence an attacker to change its strategies and tactics dynamically while maintaining the trade-off between availability and security. The defender maintains a belief consisting of security state and the resultant actions are modeled as Partially Observable Markov Decision Process (POMDP). Our simulation results illustrate the defender's increasing ability to influence the attacker's attack path to comprise of fake nodes and networks.
Authors: MD ALI REZA AL AMIN (Old Dominion University), Sachin Shetty (Old Dominion University), Laurent Njilla (Air Force Research Lab), Deepak Tosh (University of Texas at El Paso), Charles Kamhoua (Army Research Lab),
Hide Authors & Abstract

Show Authors & Abstract
13:15 - 13:35
SEVGuard: Protecting User Mode Applications using Secure Encrypted Virtualization

We present SEVGuard, a minimal virtual execution environment that protects the confidentiality of applications based on AMD's Secure Encrypted Virtualization (SEV). Although SEV was primarily designed for the protection of VMs, we found a way to overcome this limitation and exclusively protect user mode applications. Therefore, we migrate the application into a hardware-accelerated VM and encrypt both its memory and register state. To avoid the overhead of a typical hypervisor, we built our solution on top of the plain Linux Kernel Virtual Machine (KVM) API. With the help of an advanced trapping mechanism, we fully support system and library calls from within the encrypted guest. Furthermore, we allow unmodified code to be transparently virtualized and encrypted by appropriate memory mappings. The memory needed for our minimal VM can be directly allocated within SEVGuard's address space. We evaluated our execution environment regarding correctness and performance, confirming that SEVGuard can be practically used to protect existing legacy applications.
Authors: Ralph Palutke (Friedrich-Alexander-University Erlangen/Nuernberg), Andreas Neubaum (Friedrich-Alexander-University Erlangen/Nuernberg), Johannes Götzfried (Friedrich-Alexander-University Erlangen/Nuernberg),
Hide Authors & Abstract

Show Authors & Abstract

Break 13:35 - 14:00

Session 12 14:00 - 15:50

Security and Analytics chaired by Wenjing Lou (Virginia Tech)
14:00 - 14:20
Hecate: Automated Customization of Program and Communication Features to Reduce Attack Surfaces

Customizing program and communication features is a commonly adopted strategy to counter security threats that arise from rapid inflation of software features. In this paper, we propose Hecate, a novel framework that leverages dynamic execution and trace to create customized, self-contained programs, in order to minimize potential attack surface. It automatically identifies program features (i.e., independent, well-contained operations, utilities, or capabilities) relating to application binaries and their communication functions, tailors and eliminates the features to create customized program binaries in accordance with user needs, in a fully unsupervised fashion. Hecate makes novel use of deep learning to identify program features and their constituent functions by mapping dynamic instruction trace to functions in the binaries. It enables us to modularize program features and efficiently create customized program binaries at large scale. We implement a prototype of Hecate using a number of open source tools such as DynInst and TensorFlow. Evaluation using real-world executables including OpenSSL and LibreOffice demonstrates that Hecate can create a wide range of customized binaries for diverse feature requirements, with the highest accuracy up to 96.28% for feature/function identification and up to 67% reduction of program attack surface.
Authors: Hongfa Xue (The George Washington University), Yurong Chen (The George Washington University), Guru Venkataramani (The George Washington University), Tian Lan (The George Washington University),
Hide Authors & Abstract

Show Authors & Abstract
14:25 - 14:45
Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs

Certificate misissuance is a growing issue in the context of phishing attacks, as it leads inexperienced users to further trust fraudulent websites, if they are equipped with a technically valid certificate. Certificate Transparency (CT) aims at increasing the visibility of such malicious actions by requiring certificate authorities (CAs) to log every certificate they issue in public, tamper-proof, append-only logs. This work introduces Phish-Hook, a novel approach towards detecting phishing websites based on machine learning. Phish-Hook analyses certificates submitted to the CT system based on a conceptually simple, well-understood classification mechanism to effectively attest the phishing likelihood of newly issued certificates. Phish-Hook relies solely on CT log data and foregoes intricate analyses of websites’ source code and traffic. As a consequence, we are able to provide classification results in near real-time and in a resource-efficient way. Our approach advances the state of the art by classifying websites according to five different incremental certificate risk labels, instead of assigning a binary label. Evaluation results demonstrate the effectiveness of our approach, achieving a success rate of over 90%, while requiring fewer, less complex input data, and delivering results in near real-time.
Authors: Edona Fasllija (A-SIT Secure Information Technology Center Austria), Hasan Enişer (Bogazici University), Bernd Prünster (Graz University of Technology),
Hide Authors & Abstract

Show Authors & Abstract
14:50 - 15:10
IIFA: Modular Inter-app Intent Information Flow Analysis of Android Applications

Android apps cooperate through message passing via intents. However, when apps have disparate sets of privileges inter-app communication (IAC) can accidentally or maliciously be misused, e.g., to leak sensitive information contrary to users’ expectations. Recent research has considered static program analysis to detect dangerous data leaks due to inter-component communication (ICC), but suffers from shortcomings for IAC with respect to precision, soundness, and scalability. As a remedy we propose a novel pre-analysis for static ICC/IAC analysis. Our main contribution is the first fully automatic ICC/IAC information flow analysis that is scalable for realistic apps due to modularity, avoiding combinatorial explosion: Our approach determines communicating apps using short summaries rather than inlining intent calls between components and apps, which entails simultaneously analyzing all apps installed on a device. Using benchmarks we establish that IIFA outperforms state-of-the-art analyses in terms of precision and recall. But foremost, applied to the 90 most popular applications from the Google Playstore, IIFA demonstrated its scalability to a large corpus of real-world apps.
Authors: Abhishek Tiwari (University of Potsdam), Sascha Groß (University of Potsdam), Christian Hammer (University of Potsdam),
Hide Authors & Abstract

Show Authors & Abstract
15:15 - 15:35
Power Analysis and Protection on SPECK and Its Application in IoT

Emerging applications such as the Internet of Things (IoT) promotes the development of lightweight cryptography. SPECK is a lightweight block cipher, specially designed for limited resource devices that was presented by National Security Agency. Nevertheless, before using SPECK in any practical application, protection against side-channel attacks must be paid attention to. In this paper, we take two attack positions into account and make effort to implement correlation power analysis on a naive software implementation of SPECK algorithm in the IoT application scenario. Our experimental results show that the real key fixed in the register can be successfully recovered when attack the XOR operations, while there is always an interference item that confuses the correct key when attack the modulo addition operation. Furthermore, we proposal a countermeasure against power attacks in the IoT application, and the protected SPECK only cost 53.01%, 6.27% and 318.18% of extra code, RAM and time, respectively.
Authors: Jing Ge (Beijing Institute of Technology),
Hide Authors & Abstract

Show Authors & Abstract
Day 3 25/10/2019
Room #1

Registration 06:00 - 10:00

Session 13 06:30 - 08:05

Machine Learning, Privately chaired by Xinwen Fu (U. Mass. Lowell)
06:30 - 06:50
Adversarial False Data Injection Attack against Nonlinear AC State Estimation with ANN in Smart Grid

Artificial neural network (ANN) provides superior accuracy for nonlinear alternating current (AC) state estimation (SE) in smart grid over traditional methods. However, research has discovered that ANN could be easily fooled by adversarial examples. In this paper, we initiate a new study of adversarial false data injection (FDI) attack against AC SE with ANN: by injecting a deliberate attack vector into measurements, the attacker can degrade the accuracy of ANN SE while remaining undetected. We propose a population-based algorithm and a gradient-based algorithm to generate attack vectors. The performance of these algorithms are evaluated through simulations on IEEE 9-bus, 14-bus and 30-bus systems under various attack scenarios. Simulation results show that DE is more effective than SLSQP on all simulation cases. The attack examples generated by DE algorithm successfully degrade the ANN SE accuracy with high probability.
Authors: Tian Liu (Auburn University), Tao Shu (Auburn University),
Hide Authors & Abstract

Show Authors & Abstract
06:55 - 07:15
Effectiveness of Adversarial Examples and Defenses for Malware Classification

Artificial neural networks have been successfully used for many different classification tasks including malware detection and dis- tinguishing between malicious and non-malicious programs. Although artificial neural networks perform very well on these tasks, they are also vulnerable to adversarial examples. An adversarial example is a sam- ple that has minor modifications made to it so that the neural network misclassifies it. Many techniques have been proposed, both for crafting adversarial examples and for hardening neural networks against them. Most previous work was done in the image domain. Some of the attacks have been adopted to work in the malware domain which typically deals with binary feature vectors. In order to better understand the space of adversarial examples in malware classification, we study different ap- proaches of crafting adversarial examples and defense techniques in the malware domain and compare their effectiveness on multiple data sets.
Authors: Robert Podschwadt (University of North Texas), Hassan Takabi (University of North Texas),
Hide Authors & Abstract

Show Authors & Abstract
07:20 - 07:40
PrivC - A Framework for Efficient Secure Two-Party Computation

Secure Multiparty Computation (SMC) allows mutually distrusted parties to jointly evaluate a function on their private inputs without revealing anything but the output of the function. SMC has been extensively studied for decades by the research community and significant progresses have been made, both in the directions of computing capability and performance improvement. In this work, we design and implement PrivC, an efficient framework for secure two-party computing. Our design was based on arithmetic sharing, oblivious transfer, and garbled circuits. We demonstrate the efficiency of our design and implementation using benchmark datasets and real world applications at our organization. Evaluations have shown that PrivC outperforms several other competitive two-party frameworks.
Authors: Kai He (Baidu Inc.), Liu Yang (Baidu Inc.), Jue Hong (Baidu Inc.), Jinghua Jiang (Baidu Inc.), Jieming Wu (Baidu Inc.), Xu Dong (Baidu Inc.), Zhuxun Liang (Baidu Inc.),
Hide Authors & Abstract

Show Authors & Abstract

Break 08:05 - 08:30

Session 14 08:30 - 10:05

Better Clouds chaired by Taeho Jung (University of Notre Dame)
08:30 - 08:50
Non-Interactive MPC with Trusted Hardware Secure Against Residual Function Attacks

Secure multiparty computation (MPC) has been repeatedly optimized, and protocols with two communication rounds and strong security guarantees have been achieved. While progress has been made constructing non-interactive protocols with just one-round of online communication (i.e., non-interactive MPC or NI-MPC), since correct evaluation must be guaranteed with only one round, these protocols are by their nature vulnerable to the residual function attack in the standard model. This is because a party that receives a garbled circuit may repeatedly evaluate the circuit locally, while varying their own inputs and fixing the inputs of others to learn the values entered by other participants. We present the fi rst MPC protocol with a one-round online phase that is secure against the residual function attack. We also present rigorous proofs of correctness and security in the covert adversary model, a reduction of the malicious model that is stronger than the semi-honest model and better suited for modeling the behaviour of parties in the real world, for our protocol. Furthermore, we rigorously analyze the communication and computational complexity of current state of the art protocols which require two rounds of communication or one round during the online-phase with a reduced security requirement, and demonstrate that our protocol is comparable to or outperforms their complexity.
Authors: Ryan Karl (University of Notre Dame), Timothy Burchfield (University of Notre Dame), Jonathan Takeshita (University of Notre Dame), Taeho Jung (University of Notre Dame),
Hide Authors & Abstract

Show Authors & Abstract
09:20 - 09:40
Authenticated LSM Trees with Minimal Trust

In the age of user-generated contents, the workloads imposed on information-security infrastructures become increasingly write intensive. However, existing security protocols, specifically authenticated data structures (ADSs), are historically designed based on update-in-place data structures and incur overhead when serving write-intensive workloads. In this work, we present LPAD (Log-structured Persistent Authenticated Directory), a new ADS protocol designed uniquely based on the log-structure merge trees (LSM trees) which recently gain popularity in the design of modern storage systems. On the write path, LPAD supports streaming, non-interactive updates with constant proof from trusted data owners. On the read path, LPAD supports point queries over the dynamic dataset with a polynomial proof. The key to enable this efficiency is a verifiable reorganization operation, called verifiable merge, in LPAD. Verifiable merge is secured by the execution in an enclave of trusted ex execution environments (TEE). To minimize the trusted computing base (TCB), LPAD places the code related to verifiable merge in enclave, and nothing else. Our implementation of LPAD on Google LevelDB codebase and on Intel SGX shows that the TCB is reduced by 20 times: The enclave size of LPAD is one thousand code lines out of more than twenty thousands code lines of a vanilla LevelDB. Under the YCSB workloads, LPAD improves the performance by an order of magnitude comparing with existing ADSs.
Authors: Yuzhe Tang (Syracuse University), Ju Chen (Syracuse University), Kai Li (Syracuse University),
Hide Authors & Abstract

Show Authors & Abstract
09:45 - 10:05
Modern Family: A Revocable Hybrid Encryption Scheme Based on Attribute-Based Encryption, Symmetric Searchable Encryption and SGX

Secure cloud storage is considered as one of the most important issues that both businesses and end-users take into account before moving their private data to the cloud. Lately, we have seen some interesting approaches that are based either on the promising concept of Symmetric Searchable Encryption (SSE) or on the well-studied field of Attribute-Based Encryption (ABE). In this paper, we propose a hybrid encryption scheme that combines both SSE and ABE by utilizing the advantages of both these techniques. In contrast to many approaches, we design a revocation mechanism that is completely separated from the ABE scheme and solely based on the functionality offered by SGX.
Authors: Alexandros Bakas (Tampere University), Atnonis Michalas (Tampere University),
Hide Authors & Abstract

Show Authors & Abstract