Your search keyword '"Obfuscation"' showing total 163 results

1. POSTER: A Tough Nut to Crack: Attempting to Break Modulation Obfuscation

Author

Naureen Hoque and Hanif Rahbari

Subjects

Spoofing attack, Traffic analysis, Computer science, business.industry, Deep learning, Physical layer, Jamming, Adversary, Computer security, computer.software_genre, Spectrum management, Obfuscation, Artificial intelligence, business, computer

Abstract

Despite being primarily developed for spectrum management, sharing, and enforcement in civilian and military applications, modulation classification can be exploited by an adversary to threaten user privacy (e.g., via traffic analysis), or launch jamming and spoofing attacks. Several existing works study how an adversary can still classify the user traffic despite obfuscation techniques at upper layers, but little work has been done on how an adversary can classify the "modulation scheme'' when it is obfuscated at the physical layer. In this respect, we aim to study how to break the state-of-the-art modulation obfuscation schemes by applying various machine learning (ML) methods. Our preliminary results show that common ML techniques perform poorly in correctly classifying an obfuscated modulation scheme except for the random forest method (with a score as much as twice the other techniques we consider), providing insights on why other techniques, e.g., deep learning, might be more promising for finding underlying correlations.

Published

2021

2. Human Attributes Prediction under Privacy-preserving Conditions

Author

Mohan S. Kankanhalli, Anshu Singh, and Shaojing Fan

Subjects

Visual analytics, business.industry, Computer science, Deep learning, Context (language use), Machine learning, computer.software_genre, Face (geometry), Obfuscation, Key (cryptography), Identity (object-oriented programming), Eye tracking, Artificial intelligence, business, computer

Abstract

Human attributes prediction in visual media is a well-researched topic with a major focus on human faces. However, face images are often of high privacy concern as they can reveal an individual's identity. How to balance this trade-off between privacy and utility is a key problem among researchers and practitioners. In this study, we make one of the first attempts to investigate the human attributes (emotion, age, and gender) prediction under the different de-identification (eyes, lower-face, face, and head obfuscation) privacy scenarios. We first constructed the Diversity in People and Context Dataset (DPaC). We then performed a human study with eye-tracking on how humans recognize facial attributes without the presence of face and context. Results show that in an image, situational context is informative of a target's attributes. Motivated by our human study, we proposed a multi-tasking deep learning model - Context-Guided Human Attributes Prediction (CHAPNet), for human attributes prediction under privacy-preserving conditions. Extensive experiments on DPaC and three commonly used benchmark datasets demonstrate the superiority of CHAPNet in leveraging the situational context for a better interpretation of a target's attributes without the full presence of the target's face. Our research demonstrates the feasibility of visual analytics under de-identification for privacy.

Published

2021

3. Identity-Preserving Face Anonymization via Adaptively Facial Attributes Obfuscation

Author

Xiaochun Cao, Lili Wang, Lutong Han, Hua Zhang, Ruoyu Chen, Jingzhi Li, and Bing Han

Subjects

Focus (computing), Computer science, business.industry, Face (geometry), Obfuscation, Identity (object-oriented programming), Pattern recognition, Artificial intelligence, Visual appearance, business, Facial recognition system, Generator (mathematics), Variety (cybernetics)

Abstract

With the popularity of using computer vision technology in monitoring system, there is an increasing societal concern on intruding people's privacy as the captured images/videos may contain identity-related information e.g. people's face. Existing methods on protecting such privacy focus on removing the identity-related information from faces. However, this would weaken the utility of current monitoring system. In this paper, we develop a face anonymization framework that could obfuscate visual appearance while preserving the identity discriminability. The framework is composed of two parts: an identity-aware region discovery module and an identity-aware face confusion module. The former adaptively locates the identity-independent attributes on human faces, and the latter generates the privacy-preserving faces using original faces and discovered facial attributes. To optimize the face generator, we employ a multi-task based loss function, which consists of discriminator loss, identify preserving loss, and reconstruction loss functions. Our model can achieve a balance between recognition utility and appearance anonymizing by modifying different numbers of facial attributes according to pratical demands, and provide a variety of results. Extensive experiments conducted on two public benchmarks Celeb-A and VGG-Face2 demonstrate the effectiveness of our model under distinct face recognition scenarios.

Published

2021

4. Sentry-NoC

Author

Ahmed Shalaby, Yaswanth Tavva, Trevor E. Carlson, and Li-Shiuan Peh

Subjects

Low overhead, Computer science, business.industry, Hardware_PERFORMANCEANDRELIABILITY, Temporal correlation, Multiplexing, Critical infrastructure, Sentry, Obfuscation, Hardware_INTEGRATEDCIRCUITS, Key (cryptography), Isolation (database systems), business, Computer network

Abstract

SoC security has become essential with devices now pervasive in critical infrastructure in homes and businesses. Today's embedded SoCs are becoming increasingly high-performance and complex, comprising multiple cores, accelerators, and IP blocks interconnected with a Network-on-Chip (NoC). As these IPs can originate from diverse sources, they cannot be trusted to form the root of trust in SoCs. However, the NoC itself, being the communication backbone linking all IPs, is naturally positioned to be the basis for a secure SoC. Therefore, there is a need for an efficient solution that both meets the stringent requirements of modern embedded SoC designs, while maintaining a high level of security. In this paper, we demonstrate how statically-scheduled NoCs inherently enforce traffic isolation and non-interference of communication. The time-division multiplexing (TDM) of NoC links across applications provably ensures that security properties are fulfilled. However, conventional TDM NoCs are still vulnerable to side-channel attacks. We thus propose temporal and data obfuscation schemes that can be embedded within static TDM NoCs, randomizing source-destination communication patterns and switching activity over the links. Our proposed statically-scheduled Sentry-NoC links up untrusted IP blocks to form a secure SoC. Sentry-NoC targets key security properties to effectively mitigate side-channel attacks with an extremely low overhead, reducing average temporal correlation by 81% and average data correlation by 91%.

Published

2021

5. Opposing Data Exploitation: Behaviour Biometrics for Privacy-Preserving Authentication in IoT Environments

Author

Gianmarco Baldini, Veljko Pejovic, and Andraž Krašovec

Subjects

Authentication, Biometrics, business.industry, Computer science, Computer security, computer.software_genre, Adversarial system, Identification (information), Projection (relational algebra), Obfuscation, Identity (object-oriented programming), Internet of Things, business, computer

Abstract

Multimodal data harvested by the Internet of Things sensors has recently been utilised for behavioural biometrics and consequently user authentication. While strengthening the security, these data nevertheless present a privacy threat to users whose behaviour can now be modelled in detail, thus allowing the authenticating authority to not only know who is present, but also what the present person is doing. In this work we reconsider IoT sensor-based authentication and provide a solution mitigating the privacy risk associated with unnecessary information leaks. Our approach harnesses adversarial learning and identifies such a projection of the data that maintains identity separability, yet obfuscates activity separability, thus ensuring that the authenticating authority can successfully identify the user, but not her actions within the sensed environment. We evaluate our approach on a real-world dataset of three activities performed by fifteen users and show that the activity obfuscation is achieved without compromising identification capabilities.

Published

2021

6. Wide-AdGraph: Detecting Ad Trackers with a Wide Dependency Chain Graph

Author

Mohammad Hossein Manshaei, Amir Hossein Kargaran, Masoud Nejad Sattary, Kave Salamatian, Mohammad Sadegh Akhondzadeh, and Mohammad Reza Heidarpour

Subjects

FOS: Computer and information sciences, Computer Science - Machine Learning, Information privacy, Computer Science - Cryptography and Security, Information retrieval, Computer science, BitTorrent tracker, Machine Learning (stat.ML), 020206 networking & telecommunications, 02 engineering and technology, Ad blocking, Machine Learning (cs.LG), Computer Science - Computers and Society, Statistics - Machine Learning, Filter (video), Computers and Society (cs.CY), Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Graph (abstract data type), 020201 artificial intelligence & image processing, Precision and recall, Cryptography and Security (cs.CR), Block (data storage)

Abstract

Websites use third-party ads and tracking services to deliver targeted ads and collect information about users that visit them. These services put users' privacy at risk, and that is why users' demand for blocking these services is growing. Most of the blocking solutions rely on crowd-sourced filter lists manually maintained by a large community of users. In this work, we seek to simplify the update of these filter lists by combining different websites through a large-scale graph connecting all resource requests made over a large set of sites. The features of this graph are extracted and used to train a machine learning algorithm with the aim of detecting ads and tracking resources. As our approach combines different information sources, it is more robust toward evasion techniques that use obfuscation or changing the usage patterns. We evaluate our work over the Alexa top-10K websites and find its accuracy to be 96.1% biased and 90.9% unbiased with high precision and recall. It can also block new ads and tracking services, which would necessitate being blocked by further crowd-sourced existing filter lists. Moreover, the approach followed in this paper sheds light on the ecosystem of third-party tracking and advertising., 9 pages, 7 figures, To appear in the 13th ACM Web Science Conference 2021 (WebSci '21), June 2021

Published

2021

7. Quantum Obfuscation

Author

Vivek Balachandran

Subjects

Control flow, Theoretical computer science, Computer science, Qubit, Obfuscation, TheoryofComputation_GENERAL, Computer Science::Programming Languages, Quantum Physics, Opaque predicate, Quantum, Compiled language, Compile time, Quantum computer

Abstract

In this paper we discuss developing opaque predicates with the help of quantum entangled qubits. These opaque predicates obfuscate classical control flow in hybrid quantum-classical systems. The idea is to use a pair of entangled qubits, one at compile-time and one in the compiled code at runtime to create opaque predicates. We make use of the CHSH game (John Clauser, Michael Horne, Abner Shimony, and Richard Holt) to get consensus about the value of a qubit at runtime, whose value can be predicted at compile time with high probability due to quantum properties. The paper discusses designing opaque predicate that relies on the quantum behavior of the entangled qubits and quantum measurements. The obfuscation produced by this technique maintain only a semantic accuracy of 85.35% when one entangled pair of qubits are used. However, we show that the accuracy can be improved to 100% by introducing additional entangled qubit pairs.

Published

2021

8. Computing with time: microarchitectural weird machines

Author

Thomas Benjamin, Jeffrey A. Eitel, Jesse Elwell, Angelo Sapello, Dmitry Evtyushkin, and Abhrajit Ghosh

Subjects

Emulation, business.industry, Computer science, media_common.quotation_subject, Hash function, Payload (computing), Speculative execution, 02 engineering and technology, computer.software_genre, Debugging, 020204 information systems, Embedded system, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Malware, 020201 artificial intelligence & image processing, Side channel attack, business, computer, media_common

Abstract

Side-channel attacks such as Spectre rely on properties of modern CPUs that permit discovery of microarchitectural state via timing of various operations. The Weird Machine concept is an increasingly popular model for characterization of emergent execution that arises from side-effects of conventional computing constructs. In this work we introduce Microarchitectural Weird Machines (µWM): code constructions that allow performing computation through the means of side effects and conflicts between microarchitectual entities such as branch predictors and caches. The results of such computations are observed as timing variations. We demonstrate how µWMs can be used as a powerful obfuscation engine where computation operates based on events unobservable to conventional anti-obfuscation tools based on emulation, debugging, static and dynamic analysis techniques. We demonstrate that µWMs can be used to reliably perform arbitrary computation by implementing a SHA-1 hash function. We then present a practical example in which we use a µWM to obfuscate malware code such that its passive operation is invisible to an observer with full power to view the architectural state of the system until the code receives a trigger. When the trigger is received the malware decrypts and executes its payload. To show the effectiveness of obfuscation we demonstrate its use in the concealment and subsequent execution of a payload that exfiltrates a shadow password file, and a payload that creates a reverse shell.

Published

2021

9. RL-BIN++: Overcoming Binary Instrumentation Challenges in the Presence of Obfuscation Techniques and Problematic Features

Author

Rajeev Barua, Amir Majlesi-Kupaei, and Danny Kim

Subjects

Program analysis, Computer engineering, Overhead (business), Computer science, Obfuscation, Code (cryptography), Binary number, Program transformation, Instrumentation (computer programming), Rewriting

Abstract

This paper improves upon an earlier binary rewriter we designed called RL-Bin. Unlike static rewrites, which are inherently non-robust, RL-Bin uses a dynamic design and thus is more robust. However, although RL-Bin works for most compiled binaries, real-world features commonly found in obfuscated binaries are still not handled. The features include anti-disassembly, dynamically modified code, anti-rewriting, anti-debugging, and code convention violation. This paper presents RL-Bin++, an improved version of RL-Bin, that handles various problematic real-world features, thus correctly rewriting for nearly all benign binaries. We demonstrate that RL-Bin++ can efficiently instrument heavily obfuscated binaries (overhead averaging 2.76x, compared to 4.11x, and 5.31x overhead for DynamoRIO and Pin, which are comparable or lower overheads. However, the main achievement is that we achieved this while maintaining the low overhead of RL-Bin for unobfuscated binaries (only 1.05x). This makes RL-Bin++ the only robust binary instrumentation solution capable of being deployed in live systems since the overhead of DynamoRIO (1.16x), and Pin (1.29x) for unobfuscated binaries is too high for use in live systems.

Published

2021

10. Top-down Physical Design of Soft Embedded FPGA Fabrics

Author

Onur Kibar, Oguz Atli, Mohammed Zackriya, Ken Mai, Prashanth Mohan, and Larry Pileggi

Subjects

Very-large-scale integration, Application-specific integrated circuit, business.industry, Computer science, Embedded system, Obfuscation, Hardware_INTEGRATEDCIRCUITS, Netlist, Hardware obfuscation, Physical design, Routing (electronic design automation), business, Field-programmable gate array

Abstract

In recent years, IC reverse engineering and IC fabrication supply chain security have grown to become significant economic and security threats for designers, system integrators, and end customers. Many of the existing logic locking and obfuscation techniques have shown to be vulnerable to attack once the attacker has access to the design netlist either through reverse engineering or through an untrusted fabrication facility. We introduce soft embedded FPGA redaction, a hardware obfuscation approach that allows the designer substitute security-critical IP blocks within a design with a synthesizable eFPGA fabric. This method fully conceals the logic and the routing of the critical IP and is compatible with standard ASIC flows for easy integration and process portability. To demonstrate eFPGA redaction, we obfuscate a RISC-V control path and a GPS P-code generator. We also show that the modified netlists are resilient to SAT attacks with moderate VLSI overheads. The secure RISC-V design has 1.89x area and 2.36x delay overhead while the GPS design has 1.39x area and negligible delay overhead when implemented on an industrial 22nm FinFET CMOS process.

Published

2021

11. Characterising Proxy Usage in the Bitcoin Peer-to-Peer Network

Author

Alexander Mühle, Christoph Meinel, and Andreas Grüner

Subjects

Computer science, Evasion (network security), 020206 networking & telecommunications, Context (language use), 02 engineering and technology, Peer-to-peer, computer.software_genre, Computer security, Cybercrime, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Ransomware, 020201 artificial intelligence & image processing, Proxy (statistics), computer, Anonymity

Abstract

In the public mind, Bitcoin has often been associated with censorship circumvention and evasion of surveillance measures, specifically in the context of monetary transactions. However, this perceived anonymity is a false sense of security as both on-chain transactions and the underlying message exchange in the peer-to-peer network are attack vectors for deanonymisation and monitoring, as shown in other research. Nonetheless, there has been an increase in Bitcoin usage not only for end-users but also in the context of cybercrime in the form of cryptojacking and ransomware. So there are a number of reasons why proxies might be used in the Bitcoin network, either as a privacy-preserving measure of end-users or as obfuscation in cybercrime. In this paper, we present a measurement study with the goal of characterising the proxy and VPN usage in the Bitcoin peer-to-peer network. We developed YABA (Yet Another Bitcoin Analyser) to gather network data in a geographically distributed fashion and analyse it. We describe our techniques to infer proxy/VPN usage and load on the peer through different latency measurements and the limitations of our approaches. We utilise port scanning of standard proxy/VPN service ports to compare results. We deployed our infrastructure on three continents (4 workers) and continuously crawled the network, with a total of 26.9 million connection attempts over five days. We conclude the usage of proxies to be minimal, with an estimated 0.4% of peers detected through latency measurements. Similar prevalence was measured through the use of port scans with SOCKS port hitrate at 0.3%, while common VPN ports had hitrates between 0.18% and 0.7%.

Published

2021

12. Multifaceted Privacy

Author

Amr El Abbadi, Victor Zakhary, Ishani Gupta, and Rey Tang

Subjects

Stream processing, User privacy, Social network, Computer science, Order (business), business.industry, Obfuscation, Internet privacy, Inference, Persona, business, Privacy model

Abstract

Recent works in social network stream analysis have shown that a user's online persona attributes (e.g., location, gender, ethnicity, political interest, etc.) can be accurately inferred from the topics the user writes about or engages with. Revealing a user's sensitive attributes could represent a privacy threat to some individuals. Microtargeting (e.g., the Cambridge Analytica scandal), surveillance, and discriminating ads are examples of threats to user privacy caused by sensitive attribute inference. In this paper, we propose Multifaceted privacy, a novel privacy model that aims to obfuscate a user's sensitive attributes while publicly preserving the user's public persona. To achieve multifaceted privacy, we build Aegis, a prototype client-centric social network stream processing system that helps preserve multifaceted privacy, and thus allowing social network users to freely express their online personas without revealing their sensitive attributes of choice. Aegis continuously suggests topics and hashtags to social network users to write about in order to obfuscate their sensitive attributes and hence confuse content-based sensitive attribute inferences. Our experiments show that adding as few as 0 to 4 obfuscation posts (depending on how revealing the original post is) successfully hides a user sensitive attributes without changing the user's public persona attributes.

Published

2020

13. Adaptable and divergent synthetic benchmark generation for hardware security

Author

Domenic Forte and Sarah Amir

Subjects

Very-large-scale integration, Hardware security module, Computer engineering, Standardization, Computer science, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Benchmark (computing), 020201 artificial intelligence & image processing, 02 engineering and technology, Benchmarking, 020202 computer hardware & architecture

Abstract

Benchmarking can drive the development of technologies by facilitating standardization of features for comparison of different methods. While hardware security has seen an exponential growth in innovation throughout the last decade, the lack of sufficient benchmarks for data-driven analysis is prominent. Researchers must currently rely on decades-old VLSI benchmarks, which in most cases were not designed with security evaluation in mind. Considering the present day computational power, these benchmarks lack in both quality and quantity for usage in hardware security topics such as obfuscation and hardware Trojans. Many advanced techniques, like statistical analysis and machine learning, require a large number of samples in order to sufficiently examine the feature space. In an attempt to resolve this issue, we have developed the first synthetic benchmark generation process flow. This paper describes our novel technique that utilizes linear optimization to generate an endless number of synthetic combinational benchmarks that are adaptable to user input constraints and divergent in quantifiable structural features from input reference benchmarks. Thus, our framework offers customization for generating richer and more challenging benchmarks for data-driven hardware security. Through experimentation, we verify that our benchmarks offers more structural variation than the current benchmark suites.

Published

2020

14. Hiding in Plain Site

Author

Shaown Sarker, Jordan Jueckstock, and Alexandros Kapravelos

Subjects

Source code, Computer science, Programming language, media_common.quotation_subject, 020206 networking & telecommunications, 02 engineering and technology, Static analysis, computer.software_genre, JavaScript, Scripting language, Measurement study, Filter (video), 020204 information systems, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Feature (machine learning), computer, media_common, computer.programming_language

Abstract

In this paper, we perform a large-scale measurement study of JavaScript obfuscation of browser APIs in the wild. We rely on a simple, but powerful observation: if dynamic analysis of a script's behavior (specifically, how it interacts with browser APIs) reveals browser API feature usage that cannot be reconciled with static analysis of the script's source code, then that behavior is obfuscated. To quantify and test this observation, we create a hybrid analysis platform using instrumented Chromium to log all browser API accesses by the scripts executed when a user visits a page. We filter the API access traces from our dynamic analysis through a static analysis tool that we developed in order to quantify how much and what kind of functionality is hidden on the web. When applying this methodology across the Alexa top 100k domains, we discover that 95.90% of the domains we successfully visited contain at least one script which invokes APIs that cannot be resolved from static analysis. We observe that eval is no longer the prominent obfuscation method on the web and we uncover families of novel obfuscation techniques that no longer rely on the use of eval.

Published

2020

15. Single Secret Leader Election

Author

Nicola Greco, Lucjan Hanzlik, Saba Eskandarian, and Dan Boneh

Subjects

Cryptocurrency, Leader election, Computer science, Homomorphic encryption, 0102 computer and information sciences, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, nobody, Proof-of-stake, 010201 computation theory & mathematics, Argument, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Identity (object-oriented programming), 020201 artificial intelligence & image processing, computer

Abstract

In a Single Secret Leader Election (SSLE), a group of participants aim to randomly choose exactly one leader from the group with the restriction that the identity of the leader will be known to the chosen leader and nobody else. At a later time, the elected leader should be able to publicly reveal her identity and prove that she has won the election. The election process itself should work properly even if many registered users are passive and do not send any messages. Among the many applications of SSLEs, their potential for enabling more efficient proof-of-stake based cryptocurrencies have recently received increased attention.This paper formally defines SSLE schemes and presents three constructions that provide varying security and performance properties. First, as an existence argument, we show how to realize an ideal SSLE using indistinguishability obfuscation. Next, we show how to build SSLE from low-depth threshold fully homomorphic encryption (TFHE) via a construction which can be instantiated with a circuit of multiplicative depth as low as 10, for realistically-sized secret leader elections. Finally, we show a practical scheme relying on DDH that achieves a slightly relaxed notion of security but which boasts extremely lightweight computational requirements.

Published

2020

16. Time-Efficient Geo-Obfuscation to Protect Worker Location Privacy over Road Networks in Spatial Crowdsourcing

Author

Chenxi Qiu, Li Yan, Zhuozhao Li, Anna Squicciarini, and Ce Pang

Subjects

Linear programming, Computer science, business.industry, Distributed computing, media_common.quotation_subject, Directed graph, Crowdsourcing, Network topology, Task (project management), Server, Obfuscation, Function (engineering), business, media_common

Abstract

To promote cost-effective task assignment in Spatial Crowdsourcing (SC), workers are required to report their location to servers, which raises serious privacy concerns. As a solution, geo-obfuscation has been widely used to protect the location privacy of SC workers, where workers are allowed to report perturbed location instead of the true location. Yet, most existing geo-obfuscation methods consider workers? mobility on a 2 dimensional (2D) plane, wherein workers can move in arbitrary directions. Unfortunately, 2D-based geo-obfuscation is likely to generate high traveling cost for task assignment over roads, as it cannot accurately estimate the traveling costs distortion caused by location obfuscation. In this paper, we tackle the SC worker location privacy problem over road networks. Considering the network-constrained mobility features of workers, we describe workers? mobility by a weighted directed graph, which considers the dynamic traffic condition and road network topology. Based on the graph model, we design a geo-obfuscation (GO) function for workers to maximize the workers? overall location privacy without compromising the task assignment efficiency. We formulate the problem of deriving the optimal GO function as a linear programming (LP) problem. By using the angular block structure of the LP's constraint matrix, we apply Dantzig-Wolfe decomposition to improve the time-efficiency of the GO function generation. Our experimental results in the real-trace driven simulation and the real-world experiment demonstrate the effectiveness of our approach in terms of both privacy and task assignment efficiency.

Published

2020

17. Index Obfuscation for Oblivious Document Retrieval in a Trusted Execution Environment

Author

Yifan Qiao, Shiyu Ji, Timothy Sherwood, Alvin Oliver Glova, Tao Yang, and Jinjin Shao

Subjects

Structure (mathematical logic), Information retrieval, Index (publishing), Trusted hardware, Computer science, Association (object-oriented programming), Obfuscation, Document retrieval, Inverted index, Masking (Electronic Health Record)

Abstract

This paper studies privacy-aware inverted index design and document retrieval for multi-keyword document search in a trusted hardware execution environment such as Intel SGX. The previous work uses time-consuming oblivious computing techniques to avoid the leakage of memory access patterns for privacy preservations in such an environment. This paper proposes an efficiency-enhanced design that obfuscates the inverted index structure with posting bucketing and document ID masking, which aims to hide document-term association and avoid the access pattern leakage. This paper describes privacy-aware oblivious document retrieval during online query processing based on such an index. Both privacy and efficiency analyses are provided, followed by evaluation results comparing proposed designs with multiple baselines.

Published

2020

18. VVSec

Author

Huy Phan, Zhongze Tang, Bo Yuan, Yi Xie, Sheng Wei, Xianglong Feng, and Tian Guo

Subjects

Multimedia, business.industry, Computer science, Deep learning, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, 020207 software engineering, 02 engineering and technology, computer.software_genre, Adversarial system, 020204 information systems, Threat model, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, RGB color model, Quality of experience, Artificial intelligence, Video streaming, Graphics, business, computer

Abstract

Volumetric video (VV) streaming has drawn an increasing amount of interests recently with the rapid advancements in consumer VR/AR devices and the relevant multimedia and graphics research. While the resource and performance challenges in volumetric video streaming have been actively investigated by the multimedia community, the potential security and privacy concerns with this new type of multimedia have not been studied. We for the first time identify an effective threat model that extracts 3D face models from volumetric videos and compromises face ID-based authentications To defend against such attack, we develop a novel volumetric video security mechanism, namely VVSec, which makes benign use of adversarial perturbations to obfuscate the security and privacy-sensitive 3D face models. Such obfuscation ensures that the 3D models cannot be exploited to bypass deep learning-based face authentications. Meanwhile, the injected perturbations are not perceivable by the end-users, maintaining the original quality of experience in volumetric video streaming. We evaluate VVSec using two datasets, including a set of frames extracted from an empirical volumetric video and a public RGB-D face image dataset. Our evaluation results demonstrate the effectiveness of both the proposed attack and defense mechanisms in volumetric video streaming.

Published

2020

19. An empirical study on ARM disassembly tools

Author

Xiapu Luo, Muhui Jiang, Yajin Zhou, Yang Liu, Ruoyu Wang, and Kui Ren

Subjects

Computer science, business.industry, Firmware, media_common.quotation_subject, 020207 software engineering, 02 engineering and technology, Static analysis, computer.software_genre, ARM architecture, Instruction set, Scripting language, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Compiler, Function (engineering), Software engineering, business, computer, media_common

Abstract

With the increasing popularity of embedded devices, ARM is becoming the dominant architecture for them. In the meanwhile, there is a pressing need to perform security assessments for these devices. Due to different types of peripherals, it is challenging to dynamically run the firmware of these devices in an emulated environment. Therefore, the static analysis is still commonly used. Existing work usually leverages off-the-shelf tools to disassemble stripped ARM binaries and (implicitly) assume that reliable disassembling binaries and function recognition are solved problems. However, whether this assumption really holds is unknown. In this paper, we conduct the first comprehensive study on ARM disassembly tools. Specifically, we build 1,896 ARM binaries (including 248 obfuscated ones) with different compilers, compiling options, and obfuscation methods. We then evaluate them using eight state-of-the-art ARM disassembly tools (including both commercial and noncommercial ones) on their capabilities to locate instructions and function boundaries. These two are fundamental ones, which are leveraged to build other primitives. Our work reveals some observations that have not been systematically summarized and/or confirmed. For instance, we find that the existence of both ARM and Thumb instruction sets, and the reuse of the BL instruction for both function calls and branches bring serious challenges to disassembly tools. Our evaluation sheds light on the limitations of state-of-the-art disassembly tools and points out potential directions for improvement. To engage the community, we release the data set, and the related scripts at https://github.com/valour01/arm_disasssembler_study.

Published

2020

20. One-shot signatures and applications to hybrid quantum/classical authentication

Author

Ryan Amos, Aggelos Kiayias, Mark Zhandry, and Marios Georgiou

Subjects

Authentication, Theoretical computer science, Computer science, business.industry, Obfuscation, Cryptography, Cryptographic protocol, business, Quantum, Quantum money, Oracle, Signature (logic), Computer Science::Cryptography and Security

Abstract

We define the notion of one-shot signatures, which are signatures where any secret key can be used to sign only a single message, and then self-destructs. While such signatures are of course impossible classically, we construct one-shot signatures using quantum no-cloning. In particular, we show that such signatures exist relative to a classical oracle, which we can then heuristically obfuscate using known indistinguishability obfuscation schemes. We show that one-shot signatures have numerous applications for hybrid quantum/classical cryptographic tasks, where all communication is required to be classical, but local quantum operations are allowed. Applications include one-time signature tokens, quantum money with classical communication, decentralized blockchain-less cryptocurrency, signature schemes with unclonable secret keys, non-interactive certifiable min-entropy, and more. We thus position one-shot signatures as a powerful new building block for novel quantum cryptographic protocols.

Published

2020

21. DANdroid

Author

Paul Miller, Stuart Millar, Ziming Zhao, Niall McLaughlin, and Jesus Martinez del Rincon

Subjects

021110 strategic, defence & security studies, business.industry, Computer science, Deep learning, Opcode, 0211 other engineering and technologies, 020207 software engineering, 02 engineering and technology, Machine learning, computer.software_genre, Convolutional neural network, Discriminative model, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Feature (machine learning), Malware, Artificial intelligence, business, Resilience (network), computer

Abstract

We present DANdroid, a novel Android malware detection model using a deep learning Discriminative Adversarial Network (DAN) that classifies both obfuscated and unobfuscated apps as either malicious or benign. Our method, which we empirically demonstrate is robust against a selection of four prevalent and real-world obfuscation techniques, makes three contributions. Firstly, an innovative application of discriminative adversarial learning results in malware feature representations with a strong degree of resilience to the four obfuscation techniques. Secondly, the use of three feature sets; raw opcodes, permissions and API calls, that are combined in a multi-view deep learning architecture to increase this obfuscation resilience. Thirdly, we demonstrate the potential of our model to generalize over rare and future obfuscation methods not seen in training. With an overall dataset of 68,880 obfuscated and unobfuscated malicious and benign samples, our multi-view DAN model achieves an average F-score of 0.973 that compares favourably with the state-of-the-art, despite being exposed to the selected obfuscation methods applied both individually and in combination.

Published

2020

22. My script engines know what you did in the dark

Author

Kanta Matsuura, Jun Miyoshi, Yuhei Kawakoya, Yuto Otsuki, Makoto Iwamura, and Toshinori Usui

Subjects

Reverse engineering, 021110 strategic, defence & security studies, education.field_of_study, Computer science, Programming language, 0211 other engineering and technologies, Append, 02 engineering and technology, computer.software_genre, Scripting language, 020204 information systems, Obfuscation, Script analysis, ComputingMethodologies_DOCUMENTANDTEXTPROCESSING, 0202 electrical engineering, electronic engineering, information engineering, Malware, education, computer

Abstract

Malicious scripts have been crucial attack vectors in recent attacks such as malware spam (malspam) and fileless malware. Since malicious scripts are generally obfuscated, statically analyzing them is difficult due to reflections. Therefore, dynamic analysis, which is not affected by obfuscation, is used for malicious script analysis. However, despite its wide adoption, some problems remain unsolved. Current designs of script analysis tools do not fulfill the following three requirements important for malicious script analysis. (1) Universally applicable to various script languages, (2) capable of outputting analysis logs that can precisely recover the behavior of malicious scripts, and (3) applicable to proprietary script engines. In this paper, we propose a method for automatically generating script API tracer by analyzing the target script engine binaries. The method mine the knowledge of script engine internals that are required to append behavior analysis capability. This enables the addition of analysis functionalities to arbitrary script engines and generation of script API tracers that can fulfill the above requirements. Experimental results showed that we can apply this method for building malicious script analysis tools.

Published

2019

23. A General Framework for Privacy-preserving Computation on Cloud Environments

Author

Bahman Javadi and Jim Basilakis

Subjects

Computer science, business.industry, Distributed computing, Ciphertext, Obfuscation, System integration, Binary number, Homomorphic encryption, Cloud computing, Plaintext, Encryption, business

Abstract

While privacy and security concerns dominate public cloud services, Homomorphic Encryption (HE) is seen as an emerging solution that can potentially assure secure processing of sensitive data by third-party cloud vendors. It relies on the fact that computations can occur on encrypted data without the need for decryption, although there are major stumbling blocks to overcome before the technology is considered mature for production cloud environments. This paper examines a proposed technology platform, known as the Homomorphic Encryption Bus (HEB), that leverages HE with data obfuscation methods over a minimal network interaction model, allowing a uniform, flexible and general approach to cloud-based privacy-preserving system integration. The platform is uniquely designed to overcome barriers limiting the mainstream application of existing Fully Homomorphic Encryption (FHE) schemes in the cloud. A client-server interaction model involving ciphertext decryption on the client end is necessary to achieve resetting of 'noisy' ciphertexts in place of a much more inefficient (server only) recryption procedure. Data perturbation techniques are used to obfuscate intermediate data decrypted on the client-side of ciphertext interactions, in a way that is unintelligible to the client. In addition to efficient noise resetting, interactions involving data perturbations also achieve plaintext (binary to integer-based and vice versa) message space swapping, and conversion of accumulated integer-based encodings to a reduced embedded binary form. There appears to be little existing literature that examines these techniques as a means of broadening HE processing capabilities and practical application over the cloud. Interaction performance is examined in terms of timing and multiplicative circuit depth costs, through a simple equation evaluation and against standard recryption.

Published

2019

24. Cheat Protection in Online Games

Author

Stijn Volckaert, Falcarin, Paolo, and Zunke, Michael

Subjects

Technology, Science & Technology, Obfuscation, business.industry, Computer science, Cheating, Online Gaming, ComputingMilieux_PERSONALCOMPUTING, Differential (mechanical device), Computer Science, Software Engineering, Computer security, computer.software_genre, Competitive advantage, Popularity, Great Rift, Computer Science, Theory & Methods, Computer Science, Anti-Tampering, Revenue, The Internet, Anti-Cheat, business, computer, Hacker

Abstract

Competitive online video gaming (or eSports for short) is a booming industry. Current estimates predict global revenues of well over 1 billion dollars by the end of this year, Twitch.tv the largest eSports streaming network is now one of the biggest sites on the internet, and the International Olympic Committee is even considering to include eSports in the 2024 Summer Olympics. With this rising popularity comes a dark side in the form of cheating, however. Cheaters are willing to subvert the rules of the game by any means necessary. Many of them pay monthly subscription fees to get access to exclusive cheating software created by hackers.In this talk, I will discuss the most prevalent types of cheats used in online games and show how they give players a competitive advantage.I will then highlight the various steps that go into creating a cheat and give an overview of the various techniques and tools hackers use in each step, ranging from debuggers, differential data analysis tools, API hooking, bytehacking, etc.Next, I will present cheat mitigation strategies that can be incorporated into a game's design, and detection techniques that can be applied in both client-side and server-side cheat-protection software.Finally, I will zoom in on some of the most popular client-side anti-cheat solutions and highlight some of their capabilities.

Published

2019

25. Robust Detection of Obfuscated Strings in Android Apps

Author

Ulf Kargén, Nahid Shahmehri, and Alireza Mohammadi-Nodooshan

Subjects

Reverse engineering, Computer science, business.industry, computer.software_genre, Machine learning, Random forest, Naive Bayes classifier, Discriminative model, Obfuscation, Decision boundary, Malware, Artificial intelligence, business, computer, Implementation

Abstract

While string obfuscation is a common technique used by mobile developers to prevent reverse engineering of their apps, malware authors also often employ it to, for example, avoid detection by signature-based antivirus products. For this reason, robust techniques for detecting obfuscated strings in apps are an important step towards more effective means of combating obfuscated malware. In this paper, we discuss and empirically characterize four significant limitations of existing machine-learning approaches to string obfuscation detection, and propose a novel method to address these limitations. The key insight of our method is that discriminative classification methods, which try to fit a decision boundary based on a set of positive and negative samples, are inherently bound to generalize poorly when used for string obfuscation detection. Since many different string obfuscation techniques exist, both in the form of commercial tools and as custom implementations, it is close to impossible to construct a training set that is representative of all possible obfuscations. We instead propose a generative approach based on the Naive Bayes method. We first model the distribution of natural-language strings, using a large corpus of strings from 235 languages, and then base our classification on a measure of the confidence with which a language can be assigned to a string. Crucially, this allows us to completely eliminate the need for obfuscated training samples. In our experiments, this new method significantly outperformed both an n-gram based random forest classifier and an entropy-based classifier, in terms of accuracy and generalizability.

Published

2019

26. AdVersarial

Author

Dan Boneh, Giancarlo Pellegrino, Pascal Dupré, Florian Tramèr, and Gili Rusak

Subjects

FOS: Computer and information sciences, Computer Science - Machine Learning, Computer Science - Cryptography and Security, business.industry, Computer science, Machine Learning (stat.ML), 020206 networking & telecommunications, Denial-of-service attack, 02 engineering and technology, Adversarial machine learning, Internet security, Ad blocking, Machine Learning (cs.LG), Upload, Statistics - Machine Learning, Human–computer interaction, Web page, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Web content, business, Set (psychology), Cryptography and Security (cs.CR)

Abstract

Perceptual ad-blocking is a novel approach that detects online advertisements based on their visual content. Compared to traditional filter lists, the use of perceptual signals is believed to be less prone to an arms race with web publishers and ad networks. We demonstrate that this may not be the case. We describe attacks on multiple perceptual ad-blocking techniques, and unveil a new arms race that likely disfavors ad-blockers. Unexpectedly, perceptual ad-blocking can also introduce new vulnerabilities that let an attacker bypass web security boundaries and mount DDoS attacks. We first analyze the design space of perceptual ad-blockers and present a unified architecture that incorporates prior academic and commercial work. We then explore a variety of attacks on the ad-blocker's detection pipeline, that enable publishers or ad networks to evade or detect ad-blocking, and at times even abuse its high privilege level to bypass web security boundaries. On one hand, we show that perceptual ad-blocking must visually classify rendered web content to escape an arms race centered on obfuscation of page markup. On the other, we present a concrete set of attacks on visual ad-blockers by constructing adversarial examples in a real web page context. For seven ad-detectors, we create perturbed ads, ad-disclosure logos, and native web content that misleads perceptual ad-blocking with 100% success rates. In one of our attacks, we demonstrate how a malicious user can upload adversarial content, such as a perturbed image in a Facebook post, that fools the ad-blocker into removing another users' non-ad content. Moving beyond the Web and visual domain, we also build adversarial examples for AdblockRadio, an open source radio client that uses machine learning to detects ads in raw audio streams., 17 pages, 14 figures

Published

2019

27. Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts

Author

Tiantian Zhu, Qi Alfred Chen, Xiong Chunlin, Yan Chen, Hai Yang, and Zhenyuan Li

Subjects

021110 strategic, defence & security studies, Advanced persistent threat, Emulation, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Construct (python library), computer.software_genre, Computer security, Phishing, Scripting language, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Ransomware, 020201 artificial intelligence & image processing, Abstract syntax tree, computer

Abstract

In recent years, PowerShell is increasingly reported to appear in a variety of cyber attacks ranging from advanced persistent threat, ransomware, phishing emails, cryptojacking, financial threats, to fileless attacks. However, since the PowerShell language is dynamic by design and can construct script pieces at different levels, state-of-the-art static analysis based PowerShell attack detection approaches are inherently vulnerable to obfuscations. To overcome this challenge, in this paper we design the first effective and light-weight deobfuscation approach for PowerShell scripts. To address the challenge in precisely identifying the recoverable script pieces, we design a novel subtree-based deobfuscation method that performs obfuscation detection and emulation-based recovery at the level of subtrees in the abstract syntax tree of PowerShell scripts. Building upon the new deobfuscation method, we are able to further design the first semantic-aware PowerShell attack detection system. To enable semantic-based detection, we leverage the classic objective-oriented association mining algorithm and newly identify 31 semantic signatures for PowerShell attacks. We perform an evaluation on a collection of 2342 benign samples and 4141 malicious samples, and find that our deobfuscation method takes less than 0.5 seconds on average and meanwhile increases the similarity between the obfuscated and original scripts from only 0.5% to around 80%, which is thus both effective and light-weight. In addition, with our deobfuscation applied, the attack detection rates for Windows Defender and VirusTotal increase substantially from 0.3% and 2.65% to 75.0% and 90.0%, respectively. Furthermore, when our deobfuscation is applied, our semantic-aware attack detection system outperforms both Windows Defender and VirusTotal with a 92.3% true positive rate and a 0% false positive rate on average.

Published

2019

28. Obfuscation-Resilient Code Recognition in Android Apps

Author

Johannes Feichtner and Christof Rabensteiner

Subjects

Common code, Information retrieval, Computer science, Obfuscation, Code (cryptography), Attack surface, Android (operating system), Precision and recall, Abstract syntax tree

Abstract

Many Android developers take advantage of third-party libraries and code snippets from public sources to add functionality to apps. Besides making development more productive, external code can also be harmful, introduce vulnerabilities, or raise critical privacy issues that threaten the security of sensitive user data and amplify an app's attack surface. Reliably recognizing such code fragments in Android applications is challenging due to the widespread use of obfuscation techniques and a variety of ways, how developers can express semantically similar program statements. We propose a code recognition technique that is resilient against common code transformations and that excels in identifying code fragments and libraries in Android applications. Our method relies on obfuscation-resilient features from the Abstract Syntax Tree of methods and uses them in combination with invariant attributes from method signatures to derive well-characterizing fingerprints. To identify similar code, we elaborate an effective scoring metric that reliably compares fingerprints at method, class, and package level. We investigate how well our solution tackles obfuscated, shrunken, and optimized code by applying our technique to real-world applications. We thoroughly evaluate our solution and demonstrate its practical ability to fingerprint and recognize code with high precision and recall.

Published

2019

29. IoT Ignorance is Digital Forensics Research Bliss

Author

Tina Wu, Ibrahim Baggili, and Frank Breitinger

Subjects

business.industry, Process (engineering), Computer science, Digital forensics, Subject (documents), Cloud computing, Encryption, Data science, Field (computer science), BLISS, Obfuscation, business, computer, computer.programming_language

Abstract

Interactions with IoT devices generates vast amounts of personal data that can be used as a source of evidence in digital investigations. Currently, there are many challenges in IoT forensics such as the difficulty in acquiring and analysing IoT data/devices and the lack IoT forensic tools. Besides technical challenges, there are many concepts in IoT forensics that have yet to be explored such as definitions, experience and capability in the analysis of IoT data/devices and current/future challenges. A deeper understanding of these various concepts will help progress the field. To achieve this goal, we conducted a survey which received 70 responses and provided the following results: (1) IoT forensics is a sub-domain of digital forensics, but it is undecided what domains are included; (2) practitioners are already having to examine IoT devices even though they felt undertrained; (3) requirements for technical training, software and education are non-existent; (4) high priority on research should be to develop IoT forensic tools, how to preserve volatile data and methods to identify and acquire data from the cloud; (5) improvements to forensic tools should be aimed at data acquisition (imaging) and device disassembly / forensic process; (6) practitioners' perspectives on research direction differ slightly to non-practitioners in that the focus should be on breaking encryption on IoT devices rather than focus on cloud data forensics; (7) future research should focus on developing initiatives and strategies to overcome data encryption and trail obfuscation in the cloud and ongoing development of IoT forensic tools. The responses to the survey question on the definition of IoT forensics helped us formulate a working definition. This has provided a clearer understanding of the subject, which will help further advance the research area.

Published

2019

30. Oblivious DNS

Author

Paul Schmitt, Allison Mankin, Anne Edmundson, and Nick Feamster

Subjects

Third party, business.industry, Computer science, Server, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Obfuscation, Web page, Overhead (computing), Layer (object-oriented design), Namespace, business, Ip address, Computer network

Abstract

Virtually every Internet communication typically involves a Domain Name System (DNS) lookup for the destination server that the client wants to communicate with. Operators of DNS recursive resolvers---the machines that receive a client's query for a domain name and resolve it to a corresponding IP address---can learn significant information about client activity. Recognizing the privacy vulnerabilities associated with DNS queries, various third parties have created alternate DNS services that obscure a user's DNS queries from his or her Internet service provider. Yet, these systems merely transfer trust to a different third party. We argue that no single party ought to be able to associate DNS queries with a client IP address that issues those queries. To this end, we present Oblivious DNS (ODNS), which introduces an additional layer of obfuscation between clients and their queries. To do so, ODNS uses its own authoritative namespace; the authoritative servers for the ODNS namespace act as recursive resolvers for the DNS queries that they receive, but they never see the IP addresses for the clients that initiated these queries. Our experiments using a prototype show that ODNS introduces minimal performance overhead, both for individual queries and for web page loads. Critically, we design ODNS to be compatible with existing DNS infrastructure.

Published

2019

31. LibID: reliable identification of obfuscated third-party Android libraries

Author

Stephan A. Kollmann, Jiexin Zhang, and Alastair R. Beresford

Subjects

Binary integer programming, Information retrieval, Third party, Obfuscation, Computer science, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Static analysis, Obfuscation (software), Parameter identification problem, Third-party library, Android, 0202 electrical engineering, electronic engineering, information engineering, Android (operating system), ProGuard

Abstract

Third-party libraries are vital components of Android apps, yet they can also introduce serious security threats and impede the accuracy and reliability of app analysis tasks, such as app clone detection. Several library detection approaches have been proposed to address these problems. However, we show these techniques are not robust against popular code obfuscators, such as ProGuard, which is now used in nearly half of all apps. We then present LibID, a library detection tool that is more resilient to code shrinking and package modification than state-of-the-art tools. We show that the library identification problem can be formulated using binary integer programming models. LibID is able to identify specific versions of third-party libraries in candidate apps through static analysis of app binaries coupled with a database of third-party libraries. We propose a novel approach to generate synthetic apps to tune the detection thresholds. Then, we use F-Droid apps as the ground truth to evaluate LibID under different obfuscation settings, which shows that LibID is more robust to code obfuscators than state-of-the-art tools. Finally, we demonstrate the utility of LibID by detecting the use of a vulnerable version of the OkHttp library in nearly 10% of 3,958 most popular apps on the Google Play Store.

Published

2019

32. Flexibly and Securely Shape Your Data Disclosed to Others

Author

Shucheng Yu, Ke Cheng, Yantian Hou, Qingqing Xie, Gaby G. Dagher, and Liangmin Wang

Subjects

Scheme (programming language), 020203 distributed computing, 021110 strategic, defence & security studies, Cryptographic primitive, business.industry, Computer science, 0211 other engineering and technologies, Homomorphic encryption, Access control, Cloud computing, 02 engineering and technology, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Identity (object-oriented programming), business, computer, Computer network, computer.programming_language

Abstract

This work is to enhance existing fine-grained access control to support a more expressive access policy over arithmetic operation results. We aim to enable data owners to flexibly bind a user's identity with his/her authorized access target according to a given access control policy, which indicates how a piece of data obfuscated by different noises. To this end, we design a cryptographic primitive that decouples the noisy data to two components, one associated with user identity, and the other one shared and dynamically changes, with the composite of these two components evaluated and revealed at user sides. The security of our scheme is formally proven using game based approach. We implement our system on a commercial cloud platform and use extensive experiments to validate its functionality and performance.

Published

2019

33. Location Privacy in Heterogeneous Vehicular Networks

Author

Ralf Steinmetz, Daniel Bischoff, and Tobias Meuser

Subjects

Context monitoring, Vehicular ad hoc network, business.industry, Computer science, Bandwidth (signal processing), 020302 automobile design & engineering, Floating car data, Context (language use), 02 engineering and technology, 0203 mechanical engineering, Obfuscation, Cellular network, business, Computer network

Abstract

Vehicle exchange Floating Car Data (FCD) to increase their awareness beyond their local perception. For this purpose, the context-sensitive FCD is commonly distributed using the cellular network. To receive FCD via the cellular network, the vehicles share their current context (often location) with a backend.This permanent and accurate observation of the vehicle's context interferes with the privacy of the occupants. In this work, we use obfuscation to protect the location privacy of the occupants. For this purpose, we adopt the precision of the context monitoring of the vehicle to the privacy needs of the occupants. As unnecessary FCD is transmitted to the vehicle, this imprecision reduces the share of useful FCD, which might lead to additional bandwidth consumption. We compensate for this additional consumption by filtering FCD with low impact for the vehicle and simultaneously relying on less-privacy-aware vehicles to provide FCD via local communication channels like Wifi.

Published

2019

34. A Cellular Automata Guided Obfuscation Strategy For Finite-State-Machine Synthesis

Author

Santanu Chattopadhyay, Rajit Karmakar, and Suman Sekhar Jana

Subjects

Scheme (programming language), Finite-state machine, Theoretical computer science, Computer science, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 02 engineering and technology, DUAL (cognitive architecture), Cellular automaton, 020202 computer hardware & architecture, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Finite state machine synthesis, 020201 artificial intelligence & image processing, Hardware_REGISTER-TRANSFER-LEVELIMPLEMENTATION, computer, Hardware_LOGICDESIGN, computer.programming_language

Abstract

A popular countermeasure against IP piracy relies on obfuscating the Finite State Machine (FSM), which is assumed to be the heart of a digital system. In this paper, we propose to use a special class of non-group additive cellular automata (CA) called $D 1 \ast CA$, and it’s counterpart $D1 \ast CA_{dual}$ to obfuscate each state-transition of an FSM. The synthesized FSM exhibits correct state-transitions only for a correct key, which is a designer’s secret. The proposed easily testable key-controlled FSM synthesis scheme can thwart reverse engineering attacks, thus offers IP protection.

Published

2019

35. Low-Overhead Power Trace Obfuscation for Smart Meter Privacy

Author

Massimo Poncino, Enrico Macii, Daniele Jahier Pagliari, and Sara Vinco

Subjects

Battery (electricity), 021110 strategic, defence & security studies, Computer science, business.industry, Smart meter, 020208 electrical & electronic engineering, 0211 other engineering and technologies, 02 engineering and technology, Energy consumption, Energy Storage, Energy storage, Noise, Filter (video), Smart Meter Privacy, Embedded system, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Load Disaggregation, business, TRACE (psycholinguistics)

Abstract

Smart meters communicate to the utility provider fine-grain information about a user’s energy consumption, which could be used to infer the user’s habits and pose thus a critical privacy risk. State-of-the-art solutions try to obfuscate the readings of a meter either by using a large re-chargeable battery to filter the trace or by adding random noise to alter it. Both solutions, however, have significant drawbacks: large batteries are prohibitively expensive, whereas digitally added noise implies that the user entrusts the utility provider to protect his/her privacy.This work proposes a hybrid approach in which zero-average noise is inserted in the power trace by means of a small energy storage device (battery or supercapacitor); the distinguishing feature of our approach is that this obfuscating device is indistinguishable from any other load and therefore it complicates by construction the load disaggregation task performed by the provider or by a malicious third party. Simulation results show that our device can achieve comparable or superior privacy enhancement as that of a solution based on a large battery and therefore with smaller cost.CCS Concepts• Hardware $\rightarrow $ Energy generation and storage; Energy metering; • Security and privacy $\rightarrow$ Domain-specific security and privacy architectures.

Published

2019

36. Anything to Hide? Studying Minified and Obfuscated Code in the Web

Author

Cristian-Alexandru Staicu, Philippe Skolka, and Michael Pradel

Subjects

Programming language, business.industry, Computer science, 020207 software engineering, 02 engineering and technology, computer.software_genre, Internet security, JavaScript, Obfuscation (software), Timing attack, Scripting language, 020204 information systems, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Web application, Minification, business, computer, Classifier (UML), computer.programming_language

Abstract

JavaScript has been used for various attacks on client-side web applications. To hinder both manual and automated analysis from detecting malicious scripts, code minification and code obfuscation may hide the behavior of a script. Unfortunately, little is currently known about how real-world websites use such code transformations. This paper presents an empirical study of obfuscation and minification in 967,149 scripts (424,023 unique) from the top 100,000 websites. The core of our study is a highly accurate (95%-100%) neural network-based classifier that we train to identify whether obfuscation or minification have been applied and if yes, using what tools. We find that code transformations are very widespread, affecting 38% of all scripts. Most of the transformed code has been minified, whereas advanced obfuscation techniques, such as encoding parts of the code or fetching all strings from a global array, affect less than 1% of all scripts (2,842 unique scripts in total). Studying which code gets obfuscated, we find that obfuscation is particularly common in certain website categories, e.g., adult content. Further analysis of the obfuscated code shows that most of it is similar to the output produced by a single obfuscation tool and that some obfuscated scripts trigger suspicious behavior, such as likely fingerprinting and timing attacks. Finally, we show that obfuscation comes at a cost, because it slows down execution and risks to produce code that changes the intended behavior. Overall, our study shows that the security community must consider minified and obfuscated JavaScript code, and it provides insights into what kinds of transformations to focus on. Our learned classifiers provide an automated and accurate way to identify obfuscated code, and we release a set of real-world obfuscated scripts for future research.

Published

2019

37. Can Privacy Be Satisfying?

Author

Rakibul Hasan, Apu Kapadia, Eman T. Hassan, Kelly Caine, Roberto Hoyle, Yifang Li, and David J. Crandall

Subjects

business.industry, Computer science, 05 social sciences, Internet privacy, 020207 software engineering, 02 engineering and technology, Affect (psychology), Information sensitivity, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, Social media, business, 050107 human factors

Abstract

Pervasive photo sharing in online social media platforms can cause unintended privacy violations when elements of an image reveal sensitive information. Prior studies have identified image obfuscation methods (e.g., blurring) to enhance privacy, but many of these methods adversely affect viewers' satisfaction with the photo, which may cause people to avoid using them. In this paper, we study the novel hypothesis that it may be possible to restore viewers' satisfaction by 'boosting' or enhancing the aesthetics of an obscured image, thereby compensating for the negative effects of a privacy transform. Using a between-subjects online experiment, we studied the effects of three artistic transformations on images that had objects obscured using three popular obfuscation methods validated by prior research. Our findings suggest that using artistic transformations can mitigate some negative effects of obfuscation methods, but more exploration is needed to retain viewer satisfaction.

Published

2019

38. Secure and Trustworthy Cyber-Physical System Design

Author

Pierluigi Nuzzo

Subjects

Electronic system-level design and verification, Computer science, Obfuscation, Perspective (graphical), Cyber-physical system, Algorithm design, Electronic design automation, Computer security, computer.software_genre, Realization (systems), computer, Abstraction (linguistics)

Abstract

This talk discusses some of the design challenges posed by cyber-physical system security at different abstraction layers, from algorithm design to the realization of trusted hardware platforms. We introduce two design problems, namely, detecting sensor attacks in large-scale cyber-physical systems, and systematic design of circuit obfuscation schemes to satisfy system-level security requirements. We then summarize some of the approaches pursued by the research community to address these problems, with the potential of fostering new methodologies, algorithms, and tools for the design of secure and trustworthy cyber-physical systems.

Published

2019

39. Adversarial Authorship Attribution in Open-Source Projects

Author

Celine Perley, Natalia Stakhanova, Alina Matyukhina, and Mila Dalla Preda

Subjects

Source code, business.industry, Computer science, open-source software, media_common.quotation_subject, adversarial, 020207 software engineering, 02 engineering and technology, obfuscation, imitation, World Wide Web, Adversarial system, attacks, Open source, Software, Authorship attribution, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, business, Attribution, media_common, Hacker, Coding (social sciences)

Abstract

Open-source software is open to anyone by design, whether it is a community of developers, hackers or malicious users. Authors of open-source software typically hide their identity through nicknames and avatars. However, they have no protection against authorship attribution techniques that are able to create software author profiles just by analyzing software characteristics. In this paper we present an author imitation attack that allows to deceive current authorship attribution systems and mimic a coding style of a target developer. Withing this context we explore the potential of the existing attribution techniques to be deceived. Our results show that we are able to imitate the coding style of the developers based on the data collected from the popular source code repository, GitHub. To subvert author imitation attack, we propose a novel author obfuscation approach that allows us to hide the coding style of the author. Unlike existing obfuscation tools, this new obfuscation technique uses transformations that preserve code readability. We assess the effectiveness of our attacks on several datasets produced by actual developers from GitHub, and participants of the GoogleCodeJam competition. Throughout our experiments we show that the author hiding can be achieved by making sensible transformations which significantly reduce the likelihood of identifying the author's style to 0% by current authorship attribution systems.

Published

2019

40. ScanSAT

Author

Muhammad Yasin, Hani Saleh, Baker Mohammad, Mahmoud Al-Qutayri, Ozgur Sinanoglu, and Lilas Alrahis

Subjects

021110 strategic, defence & security studies, Computer engineering, Computer science, business.industry, Obfuscation, 0211 other engineering and technologies, 0202 electrical engineering, electronic engineering, information engineering, 02 engineering and technology, Boolean satisfiability problem, business, 020202 computer hardware & architecture, Outsourcing

Abstract

While financially advantageous, outsourcing key steps such as testing to potentially untrusted Outsourced Semiconductor Assembly and Test (OSAT) companies may pose a risk of compromising on-chip assets. Obfuscation of scan chains is a technique that hides the actual scan data from the untrusted testers; logic inserted between the scan cells, driven by a secret key, hide the transformation functions between the scan-in stimulus (scan-out response) and the delivered scan pattern (captured response). In this paper, we propose ScanSAT: an attack that transforms a scan obfuscated circuit to its logic-locked version and applies a variant of the Boolean satisfiability (SAT) based attack, thereby extracting the secret key. Our empirical results demonstrate that ScanSAT can easily break naive scan obfuscation techniques using only three or fewer attack iterations even for large key sizes and in the presence of scan compression.

Published

2019

41. MemCloak

Author

Arya Tavakoli, Weixin Liang, Jinhong Li, Kai Bu, and Ke Li

Subjects

010302 applied physics, Hardware_MEMORYSTRUCTURES, business.industry, Computer science, Memory bandwidth, 02 engineering and technology, 01 natural sciences, 020202 computer hardware & architecture, Data redundancy, Embedded system, 0103 physical sciences, Obfuscation, Memory architecture, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), Cache, Central processing unit, business, Oblivious ram

Abstract

Access patterns over untrusted memory have long been exploited to infer sensitive information like program types or even secret keys. Most existing obfuscation solutions hide real memory accesses among a sufficiently large number of dummy memory accesses. Such solutions lead to a heavy communication overhead and more often apply to the client/server scenario instead of the CPU/memory architecture. Sporadic obfuscation solutions strive for an affordable memory bandwidth cost at the expense of security degradation. For example, they may have to obfuscate accesses over a limited range of memory space to control the overhead. In this paper, we present MemCloak to obfuscate accesses throughout the entire memory space with an 0(1) communication overhead. We advocate leveraging data redundancy to achieve extremely efficient obfuscation. Loading multiple duplicates of a data block in memory, MemCloak enables the CPU to fetch the same data by accessing different memory locations. This breaks the condition for snooping the access pattern. Moreover, we leverage data aggregation to improve memory utilization. It enables the CPU to fetch the same aggregated data block times from the same memory location but each time for a different data block therein. This further prohibits an attacker from correlating memory accesses. We propose a series of optimization techniques to compress the position that tracks memory layout. The optimized position map is hundreds of times smaller than the traditional position map. It takes only several megabytes for protecting a 4 GB memory and can fit in an on-chip cache or buffer. We implement MemCloak using the gem5 simulator and validate its performance using highly memory-intensive MiBench benchmarks.

Published

2018

42. TimingSAT

Author

Ankur Srivastava, Yuntao Liu, and Abhishek Chakraborty

Subjects

Computer science, 0211 other engineering and technologies, 02 engineering and technology, Integrated circuit, 020202 computer hardware & architecture, law.invention, law, Logic gate, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Boolean function, Equivalence class, Algorithm, Hardware_LOGICDESIGN, 021106 design practice & management

Abstract

In order to enhance the security of logic obfuscation schemes, delay based logic locking has been proposed in combination with traditional functional logic locking approaches in recent literature. A circuit obfuscated using the aforementioned approach preserves the correct functionality only when both correct functional and delay keys are provided. In this paper, we develop a novel SAT formulation based approach called TimingSAT to deobfuscte the functionalities of such delay locked designs within a reasonable amount of time. The proposed technique models the timing characteristics of various types of gates present in the design as Boolean functions to build timing profile embedded SAT formulations in terms of targeted key inputs. TimingSAT attack works in two stages: In the first stage the functional keys are found using traditional SAT attack approach and in the second stage the delay keys are deciphered utilizing the timing profile embedded SAT formulation of the circuit. In both stages of the attack, wrong keys are iteratively eliminated till a key belonging to the correct equivalence class is obtained. The experimental results highlight the effectiveness of the proposed TimingSAT attack to break delay logic locked benchmarks within few hours.

Published

2018

43. Software protection on the go: a large-scale empirical study on mobile app obfuscation

Author

Wang, Pei, Bao, Qinkun, Wang, Li, Wang, Shuai, Chen, Zhaofeng, Wei, Tai, Wu, Dinghao, Wang, Pei, Bao, Qinkun, Wang, Li, Wang, Shuai, Chen, Zhaofeng, Wei, Tai, and Wu, Dinghao

Abstract

The prosperity of smartphone markets has raised new concerns about software security on mobile platforms, leading to a growing demand for effective software obfuscation techniques. Due to various differences between the mobile and desktop ecosystems, obfuscation faces both technical and non-technical challenges when applied to mobile software. Although there have been quite a few software security solution providers launching their mobile app obfuscation services, it is yet unclear how real-world mobile developers perform obfuscation as part of their software engineering practices. Our research takes a first step to systematically studying the deployment of software obfuscation techniques in mobile software development. With the help of an automated but coarse-grained method, we computed the likelihood of an app being obfuscated for over a million app samples crawled from Apple App Store. We then inspected the top 6600 instances and managed to identify 601 obfuscated versions of 539 iOS apps. By analyzing this sample set with extensive manual effort, we made various observations that reveal the status quo of mobile obfuscation in the real world, providing insights into understanding and improving the situation of software protection on mobile platforms.

Published

2018

44. How You Get Shot in the Back

Author

Yuan Zhang, Yuhong Nan, Min Yang, Zhibo Zhang, Zhemin Yang, Sen Yang, Zhiyun Qian, Geng Hong, Haixin Duan, and Lei Zhang

Subjects

Cryptocurrency, Computer science, business.industry, Evasion (network security), 020206 networking & telecommunications, Cryptography, 02 engineering and technology, JavaScript, Computer security, computer.software_genre, Obfuscation (software), Scripting language, Obfuscation, Web page, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Web content, business, computer, computer.programming_language

Abstract

As a new mechanism to monetize web content, cryptocurrency mining is becoming increasingly popular. The idea is simple: a webpage delivers extra workload (JavaScript) that consumes computational resources on the client machine to solve cryptographic puzzles, typically without notifying users or having explicit user consent. This new mechanism, often heavily abused and thus considered a threat termed "cryptojacking", is estimated to affect over 10 million web users every month; however, only a few anecdotal reports exist so far and little is known about its severeness, infrastructure, and technical characteristics behind the scene. This is likely due to the lack of effective approaches to detect cryptojacking at a large-scale (e.g., VirusTotal). In this paper, we take a first step towards an in-depth study over cryptojacking. By leveraging a set of inherent characteristics of cryptojacking scripts, we build CMTracker, a behavior-based detector with two runtime profilers for automatically tracking Cryptocurrency Mining scripts and their related domains. Surprisingly, our approach successfully discovered 2,770 unique cryptojacking samples from 853,936 popular web pages, including 868 among top 100K in Alexa list. Leveraging these samples, we gain a more comprehensive picture of the cryptojacking attacks, including their impact, distribution mechanisms, obfuscation, and attempts to evade detection. For instance, a diverse set of organizations benefit from cryptojacking based on the unique wallet ids. In addition, to stay under the radar, they frequently update their attack domains (fastflux) on the order of days. Many attackers also apply evasion techniques, including limiting the CPU usage, obfuscating the code, etc.

Published

2018

45. VMHunt

Author

Yu Fu, Jiang Ming, Dongpeng Xu, and Dinghao Wu

Subjects

Binary analysis, 021110 strategic, defence & security studies, Correctness, Programming language, Computer science, business.industry, 0211 other engineering and technologies, 02 engineering and technology, Snippet, computer.software_genre, Symbolic execution, Encryption, Virtualization, Virtual machine, 020204 information systems, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Malware, Binary code, business, computer

Abstract

Code virtualization is a highly sophisticated obfuscation technique adopted by malware authors to stay under the radar. However, the increasing complexity of code virtualization also becomes a "double-edged sword" for practical application. Due to its performance limitations and compatibility problems, code virtualization is seldom used on an entire program. Rather, it is mainly used only to safeguard the key parts of code such as security checks and encryption keys. Many techniques have been proposed to reverse engineer the virtualized code, but they share some common limitations. They assume the scope of virtualized code is known in advance and mainly focus on the classic structure of code emulator. Also, few work verifies the correctness of their deobfuscation results. In this paper, with fewer assumptions on the type and scope of code virtualization, we present a verifiable method to address the challenge of partially-virtualized binary code simplification. Our key insight is that code virtualization is a kind of process-level virtual machine (VM), and the context switch patterns when entering and exiting the VM can be used to detect the VM boundaries. Based on the scope of VM boundary, we simplify the virtualized code. We first ignore all the instructions in a given virtualized snippet that do not affect the final result of that snippet. To better revert the data obfuscation effect that encodes a variable through bitwise operations, we then run a new symbolic execution called multiple granularity symbolic execution to further simplify the trace snippet. The generated concise symbolic formulas facilitate the correctness testing of our simplification results. We have implemented our idea as an open source tool, VMHunt, and evaluated it with real-world applications and malware. The encouraging experimental results demonstrate that VMHunt is a significant improvement over the state of the art.

Published

2018

46. Android authorship attribution through string analysis

Author

Vaibhavi Kalgutkar, Alina Matyukhina, Natalia Stakhanova, and Paul Cook

Subjects

Computer science, String analysis, 020207 software engineering, 02 engineering and technology, computer.software_genre, Mobile malware, Authorship attribution, 020204 information systems, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Malware, Data mining, Android (operating system), computer, Mobile device

Abstract

With the rising popularity of Android mobile devices, the amount of malicious applications targeting the Android platform has been increasing tremendously. To mitigate the risk of malicious apps, there is a need for an automated system to detect these applications. Current detection techniques rely on the signatures of well-documented malware, and hence may not be able to detect new malware samples. Instead of generating signatures for malware samples themselves, in this work, we propose to develop a lightweight system that can generate signatures of malware writers by leveraging the string components present in their Android binaries. Using these author signatures, we can effectively detect a wide range of existing, as well as any new, malware samples generated by particular authors. The proposed system achieved 98%, 96%, and 71% accuracy over datasets of 1559 benign, 262 malicious, and 96 obfuscated Android applications, respectively. The string-based approach achieved 71% of accuracy compared to only 50% obtained with the existing Ding and Samadzadeh's system.

Published

2018

47. Tackling Androids Native Library Malware with Robust, Efficient and Accurate Similarity Measures

Author

Anatoli Kalysch, Oskar Milisterfer, Mykolai Protsenko, and Tilo Müller

Subjects

Computer science, 020207 software engineering, 02 engineering and technology, computer.software_genre, Disassembler, Robustness (computer science), 020204 information systems, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Malware, Binary code, Compiler, Data mining, Malware analysis, computer, Machine code

Abstract

Code similarity measures create a comparison metric showing to what degree two code samples have the same functionality, e.g., to statically detect the use of known libraries in binary code. They are both an indispensable part of automated malware analysis, as well as a helper for the detection of plagiarism (IP protection) and the illegal use of open-source libraries in commercial apps. The centroid similarity metric extracts control-flow features from binary code and encodes them as geometric structures before comparing them. In our paper, we propose novel improvements to the centroid approach and apply it to the ARM architecture for the first time. We implement our approach as a plug-in for the IDA Pro disassembler and evaluate it regarding efficiency, accuracy and robustness on Android. Based on a dataset of 508,745 APKs, collected from 18 third-party app markets, we achieve a detection rate of 89% for the use of native code libraries, with an FPR of 10.8%. To test the robustness of our approach against the compiler version, optimization level, and other code transformations, we obfuscate and recompile known open-source libraries to evaluate which code transformations are resisted. Based on our results, we discuss how code re-use can be hidden by obfuscation and conclude with possible improvements.

Published

2018

48. A Unifying logic encryption security metric

Author

Dominik Sisejkovic, Rainer Leupers, Gerd Ascheid, and Simon Metzner

Subjects

Reverse engineering, Hardware security module, business.industry, Computer science, Supply chain, 02 engineering and technology, Computer security, computer.software_genre, Encryption, 020202 computer hardware & architecture, Security metric, Metric (mathematics), Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, business, computer

Abstract

The globalization of the IC supply chain has brought forth the era of fabless companies. Due to security issues during design and fabrication processes, various security concerns have risen, ranging from IP piracy and reverse engineering to hardware Trojans. Logic encryption has emerged as a mitigation against these threats. However, no generic metrics for quantifying the security of logic encryption algorithms has been reported so far, making it impossible to formally compare different approaches. In this paper, we propose a unifying metric, capturing the key security aspects of logic encryption algorithms. The metric is evaluated on state-of-the-art algorithms and benchmarks.

Published

2018

49. TAO

Author

Siddharth Garg, Ramesh Karri, Francesco Regazzoni, and Christian Pilato

Subjects

Focus (computing), business.industry, Computer science, Overhead (engineering), ComputingMilieux_LEGALASPECTSOFCOMPUTING, 020207 software engineering, 02 engineering and technology, 020202 computer hardware & architecture, Abstraction layer, Embedded system, High-level synthesis, Component (UML), Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), business

Abstract

Intellectual Property (IP) theft costs semiconductor design companies billions of dollars every year. Unauthorized IP copies start from reverse engineering the given chip. Existing techniques to protect against IP theft aim to hide the IC’s functionality, but focus on manipulating the HDL descriptions. We propose TAO as a comprehensive solution based on high-level synthesis to raise the abstraction level and apply algorithmic obfuscation automatically. TAO includes several transformations that make the component hard to reverse engineer during chip fabrication, while a key is later inserted to unlock the functionality. Finally, this is a promising approach to obfuscate large-scale designs despite the hardware overhead needed to implement the obfuscation.

Published

2018

50. Eliciting social biases in children using tangible games

Author

Mehr-un-Nisa Arif Kitchlew, Meher Fatima Zaidi, Suleman Shahid, and Saad Jamal

Subjects

media_common.quotation_subject, 05 social sciences, Applied psychology, 02 engineering and technology, Order (exchange), 020204 information systems, Gauge (instrument), Perception, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, Psychology, Socioeconomic status, 050107 human factors, Privilege (social inequality), Storytelling, media_common, Social capital

Abstract

Social capital and privilege, along with the constrictions of social stereotypes, can adversely impact a child's perception of the world. This paper describes the development and implementation of an interactive tangible tool for children aged 7--9, to be played with in schools across Pakistan to assess levels of socioeconomic and gender biases among them, as well as to gauge its comparative benefits over traditional detection methods. In order to obtain more concrete results, the tool has been developed as a theme-based game board for obfuscation, to divert the users' attention from the attributes being evaluated so that the investigative nature of the tool does not significantly hinder users from responding naturally.

Published

2018