Your search keyword '"Elisa Bertino"' showing total 711 results

1. Orchestration or Automation: Authentication Flaw Detection in Android Apps

Author

Juanru Li, David Lo, Surya Nepal, Elisa Bertino, Siqi Ma, Robert H. Deng, Diet Ostry, and Sanjay Jha

Subjects

Scheme (programming language), Password, Authentication, Computer science, business.industry, Computer security, computer.software_genre, Automation, Orchestration (computing), Timestamp, Electrical and Electronic Engineering, Android (operating system), business, computer, Implementation, computer.programming_language

Abstract

Passwords are pervasively used to authenticate users' identities in mobile apps. To secure passwords against attacks, protection is applied to the password authentication protocol (PAP). The implementation of the protection scheme becomes an important factor in protecting PAP against attacks. We focus on two basic protection in Android, i.e., SSL/TLS-based PAP and timestamp-based PAP. Previously, we proposed an automated tool, GLACIATE, to detect authentication flaws. We were curious whether orchestration (i.e., involving manual-effort) works better than automation. To answer this question, we propose an orchestrated approach, AUTH-EYE in this paper and compare its effectiveness GLACIATE. We study requirements for correct implementation of PAP and then apply GLACIATE to identify protection enhancements automatically. Through dependency analysis, GLACIATE matches the implementations against the abstracted flaws to recognise defective apps. To evaluate AUTH-EYE, we collected 1,200 Android apps from Google Play. We compared AUTH-EYE with the automation tool, GLACIATE, and two other orchestration tools, MalloDroid and SMV-Hunter. The results demonstrated that orchestration tools detect flaws more precisely although F1 of GLACIATE is higher than AUTH-EYE. Further analysis of the results reveals that highly popular apps and e-commerce apps are not more secure than other apps.

Published

2022

2. A Trust-Based Experience-Aware Framework for Integrating Fuzzy Recommendations

Author

Aleksander Ignjatovic, Elisa Bertino, Haleh Amintoosi, and Mohammad Allahbakhsh

Subjects

Information Systems and Management, Computer Networks and Communications, business.industry, Iterative method, Computer science, media_common.quotation_subject, Aggregate (data warehouse), Comparison results, Machine learning, computer.software_genre, Fuzzy logic, Computer Science Applications, Hardware and Architecture, Quality (business), Stock market, Artificial intelligence, business, computer, media_common, Educational systems

Abstract

Social rating systems are widely used for gathering user feedbacks on the quality of products, items and services. Social rating systems accept various forms of numeric and non-numeric recommendations as input to their aggregation algorithm. Fuzzy recommendations, as one form of input recommendations, while common in areas such as stock market and educational systems, are challenging in terms of aggregation and scaling. Also, taking into account trust and experience of raters while aggregating fuzzy variables is another challenge that needs investigations. In this paper, we propose a trust-based experience-aware method for aggregation of fuzzy recommendations. We propose to use trust and experience of raters along with the area under the curve of the membership of the fuzzy recommendations to compute a weight for recommendations. Then, we present an iterative algorithm to aggregate these computed weighted recommendations. We evaluate our method using a real-world dataset and compare its performance with three well-known iterative algorithms. The comparison results show the superiority of our method over other related approaches.

Published

2022

3. Privacy in the Era of 5G, IoT, Big Data, and Machine Learning

Author

Elisa Bertino

Subjects

Information privacy, business.industry, Computer science, Process (engineering), Computer Networks and Communications, Big data, Computer security, computer.software_genre, Data analysis, Task analysis, Electrical and Electronic Engineering, Internet of Things, business, Mobile device, computer, Law, 5G

Abstract

Technological advances, such as IoT devices, cyberphysical systems, smart mobile devices, cloud systems, data analytics, social networks and increased communication capabilities, are making possible to capture, quickly process and analyze huge amounts of data from which to extract information critical for many tasks, such as healthcare and cyber security. Such an intensive use of data raises however major privacy concerns, especially in the mobile application ecosystem. In this paper, we first show different examples of privacy breaches that can arise in such ecosystem. Those examples show that achieving privacy is challenging and there is no unique technique that one can use; rather one must combine different techniques depending also on the intended use of data. We then outline critical challenges towards achieving comprehensive privacy solutions.

Published

2023

4. Privacy Preserving Location-Aware Personalized Web Service Recommendations

Author

Ibrahim Khalil, Kwok-Yan Lam, Shahriar Badsha, Dongxi Liu, Elisa Bertino, Surya Nepal, and Xun Yi

Subjects

Information Systems and Management, Computer Networks and Communications, Computer science, Quality of service, media_common.quotation_subject, Services computing, 02 engineering and technology, Service provider, computer.software_genre, Computer Science Applications, World Wide Web, Hardware and Architecture, 020204 information systems, Server, 0202 electrical engineering, electronic engineering, information engineering, Collaborative filtering, 020201 artificial intelligence & image processing, Quality (business), Web service, computer, Private information retrieval, media_common

Abstract

The personalized Web service recommendation based on Quality of Service (QoS) is gaining increasing popularity due to its promising ability to help users find high quality services. Studies suggest that it is beneficial to use Collaborative Filtering (CF)-based techniques to facilitate Web service recommendations which can achieve high accuracy in predicting the QoS for unobserved Web services. With the QoS, location of users and Web services has been another significant factor in predicting the QoS values. The more factors that are available to the service providers, the more accurate predictions can be generated. However these factors are privacy sensitive and therefore it is risky to disclose them to any third party service provider. To address this challenge, in this paper we develop a privacy preserving protocol to predict missing QoS values and thereby providing Web service recommendations based on past QoS experiences and locations of users. Our protocol is able to achieve user privacy by means of encrypting the QoS and location as well as to select suitable Web services for users without disclosing any private information. We conduct extensive experimental analysis on publicly available data sets and prove that our method is both secure and practical.

Published

2021

5. ATFuzzer

Author

Fabrizio Cicala, Omar Chowdhury, Imtiaz Karim, Syed Rafiul Hussain, and Elisa Bertino

Subjects

Correctness, Computer Networks and Communications, Computer science, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Fuzz testing, USB, computer.software_genre, Computer Science Applications, law.invention, Bluetooth, Rule-based machine translation, Hardware and Architecture, law, 0202 electrical engineering, electronic engineering, information engineering, Operating system, Cellular network, Baseband processor, Android (operating system), Safety Research, computer, Software, Information Systems

Abstract

Application processors of modern smartphones use the AT interface for issuing high-level commands (or AT-commands) to the baseband processor for performing cellular network operations (e.g., placing a phone call). Vulnerabilities in this interface can be leveraged by malicious USB or Bluetooth peripherals to launch pernicious attacks. In this article, we propose ATFuzzer, which uses a grammar-guided evolutionary fuzzing approach that mutates production rules of the AT-command grammar instead of concrete AT commands to evaluate the correctness and robustness of the AT-command execution process. To automate each step of the analysis pipeline, ATFuzzer first takes as input the 3GPP and other vendor-specific standard documents and, following several heuristics, automatically extracts the seed AT command grammars for the fuzzer. ATFuzzer uses the seed to generate both valid and invalid grammars, following our cross-over and mutation strategies to evaluate both the integrity and execution of AT-commands. Empirical evaluation of ATFuzzer on 10 Android smartphones from 6 vendors revealed 4 invalid AT command grammars over Bluetooth and 14 over USB with implications ranging from DoS, downgrade of cellular protocol version, to severe privacy leaks. The vulnerabilities along with the invalid AT-command grammars were responsibly disclosed to affected vendors and assigned CVE’s.

Published

2020

6. Edge-Based Intrusion Detection for IoT devices

Author

Elisa Bertino, Anand Mudgerikar, and Puneet Sharma

Subjects

General Computer Science, business.industry, Computer science, Testbed, Process (computing), 020206 networking & telecommunications, 02 engineering and technology, Intrusion detection system, Modular design, computer.software_genre, Management Information Systems, Scalability, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), Malware, 020201 artificial intelligence & image processing, Enhanced Data Rates for GSM Evolution, business, computer, Computer network

Abstract

As the Internet of Things (IoT) is estimated to grow to 25 billion by 2021, there is a need for an effective and efficient Intrusion Detection System (IDS) for IoT devices. Traditional network-based IDSs are unable to efficiently detect IoT malware and new evolving forms of attacks like file-less attacks. In this article, we present a system level Device-Edge split IDS for IoT devices. Our IDS profiles IoT devices according to their “behavior” using system-level information like running process parameters and their system calls in an autonomous, efficient, and scalable manner and then detects anomalous behavior indicative of intrusions. The modular design of our IDS along with a unique device-edge split architecture allows for effective attack detection with minimal overhead on the IoT devices. We have extensively evaluated our system using a dataset of 3,973 traditional IoT malware samples and 8 types of sophisticated file-less attacks recently observed against IoT devices in our testbed. We report the evaluation results in terms of detection efficiency and computational.

Published

2020

7. A Secure Shuffling Mechanism for White-Box Attack-Resistant Unmanned Vehicles

Author

Jongho Won, Elisa Bertino, and Seung-Hyun Seo

Subjects

Shuffling, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Lookup table, 0202 electrical engineering, electronic engineering, information engineering, Table (database), Electrical and Electronic Engineering, White box, business, computer, Software, Block cipher

Abstract

Unmanned Vehicles (UVs) have been being utilized for various applications, such as surveillance, search/rescue, and monitoring. The information they transmit is critical for decision-making. However, UVs are vulnerable to white-box attacks due to improvements in reverse engineering techniques and the openness of their software. Therefore, attackers with sufficient knowledge of a target UV can steal secret information stored in the UV by exploiting its vulnerabilities. Recently, several white-box cryptography techniques have been introduced to protect secret keys from being extracted by converting them into large look-up tables. However, none of them provide approaches to securely update the look-up tables. Thus, once a remote attacker succeeds in extracting the static look-up table from a UV, he/she can use it to decrypt past/future communications or to send false information to the control station by impersonating the UV. In this paper, we propose a look-up table shuffling mechanism that supports white-box cryptography with dynamics. The mechanism makes it hard for attackers to determine the positions of the table entries, and thus to decrypt/encrypt ciphertexts/plaintexts. To show the practicality of the block cipher with our mechanism, we implemented it on a board equipped with a GPU and show its GPU-accelerated performance.

Published

2020

8. AI-powered Network Security: Approaches and Research Directions

Author

Elisa Bertino and Imtiaz Karim

Subjects

Network security, business.industry, Computer science, Protocol analysis, Intrusion detection system, Computer security, computer.software_genre, Phase (combat), Critical infrastructure, Software deployment, Leverage (statistics), business, Resilience (network), computer

Abstract

Networks are today a critical infrastructure. Their resilience against attacks is thus crucial. Protecting networks requires a comprehensive security life-cycle and the deployment of different protection techniques. To make defenses more effective, recent solutions leverage AI techniques. In this paper, we discuss AI-based protection techniques, according to a security life-cycle consisting of several phases: (i) Prepare; (ii) Monitor and Diagnose; and (iii) React, Recovery and Fix. For each phase, we discuss relevant AI techniques, initial approaches, and research directions.

Published

2021

9. ProChecker: An Automated Security and Privacy Analysis Framework for 4G LTE Protocol Implementations

Author

Imtiaz Karim, Elisa Bertino, and Syed Rafiul Hussain

Subjects

Model checking, Computer science, business.industry, Cryptographic protocol, Semantic data model, Encryption, Computer security, computer.software_genre, Stateful firewall, Instrumentation (computer programming), business, Protocol (object-oriented programming), Implementation, computer

Abstract

Cellular protocol implementations must comply with the specifications, and the security and privacy requirements. These implementations, however, often deviate from the security and privacy requirements due to under specifications in cellular standards, inherent protocol complexities, and design flaws inducing logical vulnerabilities. Detecting such logical vulnerabilities in the complex and stateful 4G LTE protocol is challenging due to operational dependencies on internal-states, and intertwined complex protocol interactions among multiple participants. In this paper, we address these challenges and develop ProChecker which- (1) extracts a precise semantic model as a finite-state machine of the implementation by combining dynamic testing with static instrumentation, and (2) verifies the properties against the extracted model by combining a symbolic model checker and a cryptographic protocol verifier. We demonstrate the effectiveness of ProChecker by evaluating it on a closed-source and two of the most popular open-source 4G LTE control-plane protocol implementations with 62 properties. ProChecker unveiled 3 new protocol-specific logical attacks, 6 implementation issues, and detected 14 prior attacks. The impact of the attacks range from denial-of-service, broken integrity, encryption, and replay protection to privacy leakage.

Published

2021

10. Can I Reach You? Do I Need To? New Semantics in Security Policy Specification and Testing

Author

Charalampos Katsis, Nathan Ringo, Elisa Bertino, Dan Thomsen, and Fabrizio Cicala

Subjects

Correctness, Network security, business.industry, Computer science, Principle of least privilege, 020207 software engineering, Access control, 02 engineering and technology, Security policy, Computer security, computer.software_genre, Network topology, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Network security policy, business, Resilience (network), computer

Abstract

The zero trust principle only allows authorized and authenticated actions in a computer network. A network policy satisfies the least privilege principle by minimizing the network permissions to only those needed by users and applications. However, administrators face many challenges in creating a least privilege policy since it requires a detailed understanding of the network topology and knowing the communication requirements of every network application and user. This paper addresses those challenges by introducing a graph-based policy specification framework to capture a network's communication requirements and a network compiler that turns those requirements into an enforceable policy. To offset the effort of building such a stringent policy, we incorporate patterns to spread the work of policy creation over time and people. In the paper, we first elaborate on how our framework's semantics enhances network security and resilience. We then introduce a Security Policy Regression Testing tool (SPRT), which leverages our framework's semantics, to test and reason about consistency, correctness, and relevance of network security policies. Finally, we outline relevant research directions.

Published

2021

11. Effectiveness of Model-Based Defenses for Digitally Controlled Industrial Systems: Nuclear Reactor Case Study

Author

Elisa Bertino, Hany S. Abdel-Khalik, and Yeni Li

Subjects

Nuclear and High Energy Physics, Computer science, 020209 energy, media_common.quotation_subject, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 02 engineering and technology, Industrial control system, Deception, Nuclear reactor, Condensed Matter Physics, Computer security, computer.software_genre, law.invention, Intrusion, 020303 mechanical engineering & transports, 0203 mechanical engineering, Nuclear Energy and Engineering, law, 0202 electrical engineering, electronic engineering, information engineering, Control network, Industrial systems, computer, media_common

Abstract

Model-based defenses have been promoted over the past decade as essential defenses against intrusion and data deception attacks into the control network used to digitally regulate the opera...

Published

2019

12. A-PANDDE: Advanced Provenance-based ANomaly Detection of Data Exfiltration

Author

Daren Fadolalkarim and Elisa Bertino

Subjects

File system, SQL, General Computer Science, Database, Computer science, business.industry, 020206 networking & telecommunications, Access control, 02 engineering and technology, Object (computer science), computer.software_genre, Insider, Identifier, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Anomaly detection, business, Law, computer, computer.programming_language

Abstract

Insider threats are a serious problem that could be more damaging than outsiders’ attacks. The reason is that insiders are users who have legitimate access to the data. A database management system (DBMS) access control mechanism is unable to prevent misuse of the data to which the user is authorized to access. Many mechanisms were proposed to detect insiders’ attempts to misuse or steal data at the database level and application level. However, these mechanisms are unable to detect users’ attempts to exfiltrate the data if they store the data into files on their machines. Hence, we need a mechanism that is able to detect suspicious activities resulting from the insiders at the operating system level. As an initial step in this direction, we propose an anomaly detection system that monitors insiders’ actions on data outside the database. To be more precise, our system tracks file system access operations (e.g., read, write, and open to print) on data piped from the database to files. Our approach captures syntactic features of SQL queries that users submit to the DBMS to retrieve data from the database (e.g., select commands). It does that by recording the tables’ object identifiers. Also, the system collects some data features like the tables’ selectivities to profile the amount of data that is being accessed by the user. Furthermore, the system tracks frequencies of users’ actions on files that contain data from the database. The collected information is then used to build profiles of users’ activities. Such profiles are later used to indicate normal and abnormal users’ actions. Experimental results show that our technique is close to accurate, and the detection mechanism incurs low overhead.

Published

2019

13. How Deep Learning Is Making Information Security More Intelligent

Author

Elisa Bertino and Ankush Singla

Subjects

Software_OPERATINGSYSTEMS, Artificial neural network, Computer Networks and Communications, business.industry, Computer science, Deep learning, Botnet, 020206 networking & telecommunications, 02 engineering and technology, Information security, Intrusion detection system, Machine learning, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Statistical classification, 0202 electrical engineering, electronic engineering, information engineering, Malware, 020201 artificial intelligence & image processing, Artificial intelligence, Electrical and Electronic Engineering, Malware analysis, business, Law, computer

Abstract

Manually analyzing vast amounts of newly released malware is a significant problem for the security community. Deep-learning techniques have recently been employed to automate security tasks such as malware analysis, intrusion detection, and botnet detection. We look at such techniques and investigate how practical and secure they are.

Published

2019

14. Guest Editorial Special Issue on Security and Privacy Protection for Big Data and IoT

Author

Hui Li, Elisa Bertino, Fenghua Li, Kui Ren, and Cong Wang

Subjects

Social network, Computer Networks and Communications, business.industry, Process (engineering), Computer science, media_common.quotation_subject, Privacy protection, Big data, Computer security, computer.software_genre, Computer Science Applications, Crowdsensing, Hardware and Architecture, Signal Processing, Quality (business), Internet of Things, business, Wireless sensor network, computer, Information Systems, media_common

Abstract

With the proliferation of the Internet of Things (IoT), wireless sensor networks, mobile social networks, crowdsensing applications, and beyond, huge amounts of data are being explosively generated every day. While big data and IoT bring well-understood benefits to increase knowledge and improve the quality of our daily lives, they also face wide attacking surfaces, and thus raise critical concerns on notions of trust, security, and privacy. One of the fundamental questions is how to collect, store, and process the huge amounts of data in a secure and privacy-preserving manner, without compromising the potential of capitalization on big data and IoT.

Published

2019

15. Look Before You Leap: Secure Connection Bootstrapping for 5G Networks to Defend Against Fake Base-Stations

Author

Ankush Singla, Attila A. Yavuz, Syed Rafiul Hussain, Rouzbeh Behnia, and Elisa Bertino

Subjects

021110 strategic, defence & security studies, Authentication, Computer science, Bootstrapping, business.industry, 0211 other engineering and technologies, Cryptography, 02 engineering and technology, Root cause, Computer security, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, Cellular network, Overhead (computing), 020201 artificial intelligence & image processing, business, Protocol (object-oriented programming), computer, Vulnerability (computing)

Abstract

The lack of authentication protection for bootstrapping messages broadcast by base-stations makes impossible for devices to differentiate between a legitimate and a fake base-station. This vulnerability has been widely acknowledged, but not yet fixed and thus enables law-enforcement agencies, motivated adversaries and nation-states to carry out attacks against targeted users. Although 5G cellular protocols have been enhanced to prevent some of these attacks, the root vulnerability for fake base-stations still exists. In this paper, we propose an efficient broadcast authentication protocol based on a hierarchical identity-based signature scheme, Schnorr-HIBS, which addresses the root cause of the fake base-station problem with minimal computation and communication overhead. We implement and evaluate our proposed protocol using off-the-shelf software-defined radios and open-source libraries. We also provide a comprehensive quantitative and qualitative comparison between our scheme and other candidate solutions for 5G base-station authentication proposed by 3GPP. Our proposed protocol achieves at least a 6x speedup in terms of end-to-end cryptographic delay and a communication cost reduction of 31% over other 3GPP proposals.

Published

2021

16. Message from the General Chairs BigDataSecurity/HPSC/IDS 2021

Author

Bhavani Thuraisingham, Elisa Bertino, Eunice Santos, and Meikang Qiu

Subjects

Multimedia, Computer science, computer.software_genre, computer

Published

2021

17. Scalable non-observational predicate learning in ASP

Author

Elisa Bertino, Mark Law, Krysia Broda, Alessandra Russo, and IBM United Kingdom Ltd

Subjects

Computer science, Programming language, Scalability, Observational study, Predicate (mathematical logic), computer.software_genre, computer

Abstract

Recently, novel ILP systems under the answer set semantics have been proposed, some of which are robust to noise and scalable over large hypothesis spaces. One such system is FastLAS, which is significantly faster than other state-of-the-art ASP-based ILP systems. FastLAS is, however, only capable of Observational Predicate Learning (OPL), where the learned hypothesis defines predicates that are directly observed in the examples. It cannot learn knowledge that is indirectly observable, such as learning causes of observed events. This class of problems, known as non-OPL, is known to be difficult to handle in the context of non-monotonic semantics. Solving non-OPL learning tasks whilst preserving scalability is a challenging open problem. We address this problem with a new abductive method for translating examples of a non-OPL task to a set of examples, called possibilities, such that the original example is covered iff at least one of the possibilities is covered. This new method allows an ILP system capable of performing OPL tasks to be "upgraded" to solve non-OPL tasks. In particular, we present our new FastNonOPL system, which upgrades FastLAS with the new possibility generation. We compare it to other state-of-the-art ASP-based ILP systems capable of solving non-OPL tasks, showing that FastNonOPL is significantly faster, and in many cases more accurate, than these other systems.

Published

2021

18. AI for Security and Security for AI

Author

Sagar Samtani, Sudip Mittal, Maanak Gupta, Elisa Bertino, Cuneyt Gurcan Akcora, and Murat Kantarcioglu

Subjects

business.industry, Computer science, Homeland security, Security industry, Access control, Denial-of-service attack, Intrusion detection system, computer.software_genre, Computer security, GeneralLiterature_MISCELLANEOUS, Information sensitivity, Adversarial system, ComputingMethodologies_PATTERNRECOGNITION, Malware, business, computer

Abstract

On one side, the security industry has successfully adopted some AI-based techniques. Use varies from mitigating denial of service attacks, forensics, intrusion detection systems, homeland security, critical infrastructures protection, sensitive information leakage, access control, and malware detection. On the other side, we see the rise of Adversarial AI. Here the core idea is to subvert AI systems for fun and profit. The methods utilized for the production of AI systems are systematically vulnerable to a new class of vulnerabilities. Adversaries are exploiting these vulnerabilities to alter AI system behavior to serve a malicious end goal. This panel discusses some of these aspects.

Published

2021

19. Fine with '1234'? An Analysis of SMS One-Time Password Randomness in Android Apps

Author

Cong Sun, Elisa Bertino, Hyoungshick Kim, Siqi Ma, Surya Nepal, Diethelm Ostry, and Juanru Li

Subjects

Password, FOS: Computer and information sciences, Authentication, Computer Science - Cryptography and Security, Computer science, Login session, Computer security, computer.software_genre, Login, One-time password, Software Engineering (cs.SE), Computer Science - Software Engineering, Key (cryptography), Android (operating system), computer, Replay attack, Cryptography and Security (cs.CR)

Abstract

A fundamental premise of SMS One-Time Password (OTP) is that the used pseudo-random numbers (PRNs) are uniquely unpredictable for each login session. Hence, the process of generating PRNs is the most critical step in the OTP authentication. An improper implementation of the pseudo-random number generator (PRNG) will result in predictable or even static OTP values, making them vulnerable to potential attacks. In this paper, we present a vulnerability study against PRNGs implemented for Android apps. A key challenge is that PRNGs are typically implemented on the server-side, and thus the source code is not accessible. To resolve this issue, we build an analysis tool, \sysname, to assess implementations of the PRNGs in an automated manner without the source code requirement. Through reverse engineering, \sysname identifies the apps using SMS OTP and triggers each app's login functionality to retrieve OTP values. It further assesses the randomness of the OTP values to identify vulnerable PRNGs. By analyzing 6,431 commercially used Android apps downloaded from \tool{Google Play} and \tool{Tencent Myapp}, \sysname identified 399 vulnerable apps that generate predictable OTP values. Even worse, 194 vulnerable apps use the OTP authentication alone without any additional security mechanisms, leading to insecure authentication against guessing attacks and replay attacks.

Published

2021

20. Zero Trust Architecture: Does It Help?

Author

Elisa Bertino

Subjects

Authentication, Computer Networks and Communications, business.industry, Computer science, Access control, Computer security, computer.software_genre, Security controls, Zero (linguistics), Software deployment, Electrical and Electronic Engineering, Architecture, business, Law, computer

Abstract

Discusses the concept of zero trust architecture (ZTA). ZTA has been introduced as a fine-grained defense approach paradigm that shifts defenses from static, network-based perimeters to users, assets, and resources.1 It assumes that no entities outside and inside the protected system can be trusted and therefore requires articulated and high-coverage deployment of security controls, such as authentication and access control. In a way, ZTA is not new; the idea that securing a system requires pervasive, fine-grained, and continuous deployment of layered security controls is quite obvious. However, the current emphasis on ZTA is important as it pushes systematic approaches to cybersecurity.

Published

2021

21. A security-constrained reinforcement learning framework for software defined networks

Author

Elisa Bertino, Jorge Lobo, Anand Mudgerikar, and Dinesh C. Verma

Subjects

Deep Reinforcement Learning, Computer science, business.industry, Network packet, Deep learning, Decision tree, Intrusion detection system, Software Defined Networks, Machine learning, computer.software_genre, Flow network, Security policy, Security and Safety, Reinforcement learning, Artificial intelligence, business, Software-defined networking, computer

Abstract

Comunicació presentada a IEEE International Conference on Communications (ICC 2021), celebrat del 14 al 23 de juny de 2021 de manera virtual. Reinforcement Learning (RL) is an effective technique for building ‘smart’ SDN controllers because of its model-free nature and ability to learn policies online without requiring extensive training data. However, as RL agents are geared to maximize functionality and explore the environment without constraints, security can be breached. In this paper, we propose Jarvis-SDN, a RL framework that constrains explorations by taking security into account. In Jarvis-SDN, the RL agent learns ‘intelligent policies’ which maximize functionality but not at the cost of security. Standard network flow based attack signatures obtained from intrusion detection system (IDS) datasets cannot be used as policies because they do not conform to the state model of the RL framework and thus have poor accuracy and high false positives. To address such issue, the security policies for constraining explorations in Jarvis-SDN are learnt in a semi-supervised manner in the form of ‘partial attack signatures’ from packet captures of IDS datasets that are then encoded in the objective function of the RL based optimization framework. These signatures are learnt using Deep Q-Networks (DQN). Our analysis shows that DQN based attack signatures perform better than classical machine learning techniques, like decision trees, random forests and deep neural networks (DNN), for common network attacks. We instantiate our framework for a SDN controller with the goal of intelligent rate control to further analyze the effectiveness of the attack signatures.

Published

2021

22. IoT Attacks and Malware

Author

Anand Mudgerikar and Elisa Bertino

Subjects

Structure (mathematical logic), business.industry, Computer science, Botnet, Cloud computing, Network attack, Computer security, computer.software_genre, Kill chain, Component-based software engineering, Malware, business, Internet of Things, computer

Abstract

The huge number of deployed Internet of Things (IoT) devices combined with the evolution of multiple technologies like machine learning, embedded systems, and cloud- and edge-based services has resulted in complex dynamic IoT networks. IoT networks are however increasingly a target for attacks and breaches. Recent progresses in artificial intelligence can result in effective security solutions. In order to design such AI-based solutions, an analysis of the structure and kill chain of IoT attacks is required. However, the IoT network attack surface is complex and heterogeneous because of devices that are different with respect to functions, protocols, architectures, and manufacturers and operate with deeply intertwined physical and software components. As a result, the structure of an attack in IoT networks is different from attacks in traditional network settings, and therefore conventional kill chains cannot be directly used to classify attacks. In this chapter, we survey different types of IoT attacks and malware observed in recent times. We then propose a new classification structured specifically for IoT attacks and malware with respect to which AI-based effective security solutions can be designed.

Published

2021

23. Certified Copy? Understanding Security Risks of Wi-Fi Hotspot based Android Data Clone Services

Author

Hehao Li, Wenbo Yang, Elisa Bertino, Surya Nepal, Juanru Li, and Siqi Ma

Subjects

Information privacy, Information sensitivity, Security analysis, Workflow, Exploit, Computer science, Proprietary protocol, Attack surface, Android (operating system), Computer security, computer.software_genre, computer

Abstract

Wi-Fi hotspot-based data clone services are increasingly used by Android users to transfer their user data and preferred configurations while upgrading obsolete phones to new models. Unfortunately, since the data clone services need to manipulate sensitive information protected by the Android system, vulnerabilities in the design or implementation of these services may result in data privacy breaches. In this paper we present an empirical security analysis of eight widely used Wi-Fi hotspot-based data clone services deployed to millions of Android phones. Our study evaluates those services with respect to data export/import, data transmission, and Wi-Fi configuration with respect to security requirements that the data clone procedure should satisfy. Since data clone services are closed source, we design Poirot, an analysis system to recover workflows of the data clone services and detect potential flaws. Our study reveals a series of critical security issues in the data clone services. We demonstrate two types of attacks that exploit the data clone service as a new attack surface. A vulnerable data clone service allows attackers to retrieve sensitive user data without permissions, and even inject malicious contents to compromise the system.

Published

2020

24. Message from the Blockchain 2020 General Chairs

Author

Elisa Bertino, Qinghua Zheng, and Kouichi Sakurai

Subjects

Blockchain, Computer security, computer.software_genre, computer

Published

2020

25. Preparing Network Intrusion Detection Deep Learning Models with Minimal Data Using Adversarial Domain Adaptation

Author

Elisa Bertino, Dinesh C. Verma, and Ankush Singla

Subjects

Domain adaptation, Artificial neural network, business.industry, Computer science, Deep learning, 02 engineering and technology, Intrusion detection system, 010501 environmental sciences, Machine learning, computer.software_genre, 01 natural sciences, Adversarial system, 0202 electrical engineering, electronic engineering, information engineering, Feature (machine learning), 020201 artificial intelligence & image processing, Network intrusion detection, Artificial intelligence, business, Transfer of learning, computer, 0105 earth and related environmental sciences

Abstract

Recent work has shown that deep learning (DL) techniques are highly effective for assisting network intrusion detection systems (NIDS) in identifying malicious attacks on networks. Training DL classification models, however, requires vast amounts of labeled data which is often expensive and time-consuming to collect. Also, DL models trained using data from one type of network may not be able to identify attacks on other types of network or identify new families of attacks discovered over time. In this paper, we propose and evaluate the use of adversarial domain adaptation to address the problem of scarcity of labeled training data in a dataset by transferring knowledge gained from an existing network intrusion detection (NID) dataset. Our approach works for scenarios where the source and target datasets have same or different feature spaces. We demonstrate that our proposed approach can create highly accurate DL classification models even when the number of labeled samples in the target dataset is significantly small.

Published

2020

26. Policy based ensembles for multi domain operations

Author

Ankush Singla, Dinesh C. Verma, Elisa Bertino, Seraphin Calo, and Alessandra Russo

Subjects

Multi domain, Modalities, Computer science, business.industry, Artificial intelligence, Network intrusion detection, business, Machine learning, computer.software_genre, Ensemble learning, computer, Domain (software engineering), Task (project management)

Abstract

In multi-domain operations, different domains get different modalities of input signals, and as a result end up training different models for the same decision-making task. The input modalities could be overlapping with each other, which leads to the situation that models created in one domain may be reusable partially for tasks being conducted in other domains. In order to share the knowledge embedded in different models trained independently in each individual domain, we propose the concept of hybrid policy-based ensembles, in which the heterogeneous models from different domains are combined into an ensemble whose operations are controlled by policies specifying which subset of the models ought to be used for an operation. We show how these policies can expressed based on properties of training datasets, and discuss the performance of these hybrid policy-based ensembles on a dataset used for training network intrusion detection models.

Published

2020

27. An Anomaly Detection System for the Protection of Relational Database Systems against Data Leakage by Application Programs

Author

Asmaa Sallam, Daren Fadolalkarim, and Elisa Bertino

Subjects

Exploit, Computer science, 02 engineering and technology, Static analysis, Database application, computer.software_genre, 01 natural sciences, Application profile, Data flow diagram, 010104 statistics & probability, Relational database management system, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Anomaly detection, Code injection, Data mining, 0101 mathematics, computer

Abstract

Application programs are a possible source of attacks to databases as attackers might exploit vulnerabilities in a privileged database application. They can perform code injection or code-reuse attack in order to steal sensitive data. However, as such attacks very often result in changes in the program’s behavior, program monitoring techniques represent an effective defense to detect on-going attacks. One such technique is monitoring the library/system calls that the application program issues while running. In this paper, we propose AD-PROM, an Anomaly Detection system that aims at protecting relational database systems against malicious/compromised applications PROgraMs aiming at stealing data. AD-PROM tracks calls executed by application programs on data extracted from a database. The system operates in two phases. The first phase statically and dynamically analyzes the behavior of the application in order to build profiles representing the application’s normal behavior. AD-PROM analyzes the control and data flow of the application program (i.e., static analysis), and builds a hidden Markov model trained by the program traces (i.e., dynamic analysis). During the second phase, the program execution is monitored in order to detect anomalies that may represent data leakage attempts. We have implemented AD-PROM and carried experimental activities to assess its performance. The results showed that our system is highly accurate in detecting changes in the application programs’ behaviors and has very low false positive rates.

Published

2020

28. Practical Anonymous Subscription with Revocation Based on Broadcast Encryption

Author

Russell Paulet, Fang-Yu Rao, Xun Yi, and Elisa Bertino

Subjects

Scheme (programming language), Service (systems architecture), Authentication, Revocation, Computer science, business.industry, Blind signature, business, Broadcast encryption, computer, Protocol (object-oriented programming), computer.programming_language, Computer network, Anonymity

Abstract

In this paper we consider the problem where a client wishes to subscribe to some product or service provided by a server, but maintain their anonymity. At the same time, the server must be able to authenticate the client as a genuine user and be able to discontinue (or revoke) the client’s access if the subscription fees are not paid. Current solutions for this problem are typically constructed using some combination of blind signature or zero-knowledge proof techniques, which do not directly support client revocation (that is, revoking a user before expiry of their secret value). In this paper, we present a solution for this problem on the basis of the broadcast encryption scheme, suggested by Boneh et al., by which the server can broadcast a secret to a group of legitimate clients. Our solution allows the registered client to log into the server anonymously and also supports client revocation by the server. Our solution can be used in many applications, such as location-based queries. We formally define a model for our anonymous subscription protocol and prove the security of our solution under this model. In addition, we present experimental results from an implementation of our protocol. These experimental results demonstrate that our protocol is practical.

Published

2020

29. Developing A Compelling Vision for Winning the Cybersecurity Arms Race

Author

Elisa Bertino, Anoop Singhal, Rakesh M. Verma, and Srivathsan Srinivasagopalan

Subjects

Advanced persistent threat, Race (biology), Computer science, Arms race, Key (cryptography), State of affairs, Computer security, computer.software_genre, computer

Abstract

In cybersecurity there is a continuous arms race between the attackers and the defenders. In this panel, we investigate three key questions regarding this arms race. First question is whether this arms race is winnable. Second, if the answer to the first question is in the affirmative, what steps we need to take to win this race. Third, if the answer to the first question is negative, what is the justification for this and what steps can we take to improve the state of affairs and increase the bar for the attackers significantly.

Published

2020

30. On security policy migrations

Author

Alessandra Russos, Jorge Lobo, and Elisa Bertino

Subjects

021110 strategic, defence & security studies, System change, business.industry, Computer science, Policy migration, 0211 other engineering and technologies, Access control, Context (language use), Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Security policy, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Isolation (database systems), business, computer, Security policies, Meaning (linguistics), Simple (philosophy)

Abstract

Comunicació presentada al SACMAT '20: The 25th ACM Symposium on Access Control Models and Technologies, celebrat del 10 al 12 de juny de 2020 a Barcelona, Espanya. There has been over the past decade a rapid change towards computational environments that are comprised of large and diverse sets of devices, many of them mobile, which can connect in flexible and context-dependent ways. Examples range from networks where we can have communications between powerful cloud centers, to the myriad of simple sensor devices on the IoT. As the management of these dynamic environments becomes ever more complex, we want to propose policy migrations as a methodology to simplify the management of security policies by re-utilizing and re-deploying existing policies as the systems change. We are interested in understanding the challenges raised answering the following question: given a security policy that is being enforced in a particular source computational device, what does it entail to migrate this policy to be enforced in a different target device? Because of the differences between devices and because these devices cannot be seen in isolation but in the context where they are deployed, the meaning of the policy enforced in the source device needs to be re-interpreted and implemented in the context of the target device. The aim of the paper is to present a formal framework to evaluate the appropriateness of the migration. This research was sponsored by the U.S. Army Research Laboratory and the U.K. Ministry of Defence under Agreement Number W911NF-16-3-0001. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the U.S. Army Research Laboratory, the U.S. Government, the U.K. Ministry of Defence or the U.K. Government. The U.S. and U.K. Governments are authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation hereon. Jorge Lobo was also supported by the Spanish Ministry of Economy and Competitiveness under Grant Numbers TIN201681032P, MDM20150502, and the U.S. Army Research Office under agreement number W911NF1910432.

Published

2020

31. A Provenance-Aware Multi-dimensional Reputation System for Online Rating Systems

Author

Aleksandar Ignjatovic, Elisa Bertino, and Mohsen Rezvani

Subjects

Computer Networks and Communications, Computer science, Iterative method, business.industry, media_common.quotation_subject, Aggregate (data warehouse), 020206 networking & telecommunications, 02 engineering and technology, Machine learning, computer.software_genre, Reputation system, Convergence (routing), 0202 electrical engineering, electronic engineering, information engineering, Multi dimensional, 020201 artificial intelligence & image processing, Learning to rank, Artificial intelligence, Cluster analysis, business, computer, Reputation, media_common

Abstract

Online rating systems are widely accepted as means for quality assessment on the web and users increasingly rely on these systems when deciding to purchase an item online. This makes such rating systems frequent targets of attempted manipulation by posting unfair rating scores. Therefore, providing useful, realistic rating scores as well as detecting unfair behavior are both of very high importance. Existing solutions are mostly majority based, also employing temporal analysis and clustering techniques. However, they are still vulnerable to unfair ratings. They also ignore distances between options, the provenance of information, and different dimensions of cast rating scores while computing aggregate rating scores and trustworthiness of users. In this article, we propose a robust iterative algorithm which leverages information in the profile of users and provenance of information, and which takes into account the distance between options to provide both more robust and informative rating scores for items and trustworthiness of users. We also prove convergence of iterative ranking algorithms under very general assumptions, which are satisfied by the algorithm proposed in this article. We have implemented and tested our rating method using both simulated data as well as four real-world datasets from various applications of reputation systems. The experimental results demonstrate that our model provides realistic rating scores even in the presence of a massive amount of unfair ratings and outperforms the well-known ranking algorithms.

Published

2018

32. An empirical study of SMS one-time password authentication in Android apps

Author

Siqi Ma, Elisa Bertino, Runhan Feng, Surya Nepal, Diethelm, Zhuo Ma, Juanru Li, Yang Liu, Sanjay Jha, and Robert H. Deng

Subjects

Password, 021110 strategic, defence & security studies, Source code, Short Message Service, Computer science, media_common.quotation_subject, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, One-time password, Empirical research, 020204 information systems, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, Android (operating system), computer, Implementation, media_common

Abstract

A great quantity of user passwords nowadays has been leaked through security breaches of user accounts. To enhance the security of the Password Authentication Protocol (PAP) in such circumstance, Android app developers often implement a complementary One-Time Password (OTP) authentication by utilizing the short message service (SMS). Unfortunately, SMS is not specially designed as a secure service and thus an SMS One-Time Password is vulnerable to many attacks. To check whether a wide variety of currently used SMS OTP authentication protocols in Android apps are properly implemented, this paper presents an empirical study against them. We first derive a set of rules from RFC documents as the guide to implement secure SMS OTP authentication protocol. Then we implement an automated analysis system, AUTH-EYE, to check whether a real-world OTP authentication scheme violates any of these rules. Without accessing server source code, AUTH-EYE executes Android apps to trigger the OTP-relevant functionalities and then analyzes the OTP implementations including those proprietary ones. By only analyzing SMS responses, AUTH-EYE is able to assess the conformance of those implementations to our recommended rules and identify the potentially insecure apps. In our empirical study, AUTH-EYE analyzed 3,303 popular Android apps and found that 544 of them adopt SMS OTP authentication. The further analysis of AUTH-EYE demonstrated a far-from-optimistic status: the implementations of 536 (98.5%) out of the 544 apps violate at least one of our defined rules. The results indicate that Android app developers should seriously consider our discussed security rules and violations so as to implement SMS OTP properly.

Published

2019

33. Opening Pandora's box through ATFuzzer

Author

Syed Rafiul Hussain, Omar Chowdhury, Fabrizio Cicala, Imtiaz Karim, and Elisa Bertino

Subjects

021110 strategic, defence & security studies, Correctness, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Fuzz testing, USB, computer.software_genre, law.invention, Bluetooth, law, Robustness (computer science), 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Operating system, Cellular network, Android (operating system), Baseband processor, computer

Abstract

This paper focuses on checking the correctness and robustness of the AT command interface exposed by the cellular baseband processor through Bluetooth and USB. A device's application processor uses this interface for issuing high-level commands (or, AT commands) to the baseband processor for performing cellular network operations (e.g., placing a phone call). Vulnerabilities in this interface can be leveraged by malicious Bluetooth peripherals to launch pernicious attacks including DoS and privacy attacks. To identify such vulnerabilities, we propose ATFuzzer that uses a grammar-guided evolutionary fuzzing approach which mutates production rules of the AT command grammar instead of concrete AT commands. Empirical evaluation with ATFuzzer on 10 Android smartphones from 6 vendors revealed 4 invalid AT command grammars over Bluetooth and 13 over USB with implications ranging from DoS, downgrade of cellular protocol version (e.g., from 4G to 3G/2G) to severe privacy leaks. The vulnerabilities along with the invalid AT command grammars were responsibly disclosed to affected vendors and two of the reported vulnerabilities have been already assigned CVEs (CVE-2019-16400 and CVE-2019-16401).

Published

2019

34. Policy based Ensembles for applying ML on Big Data

Author

Alessandra Russo, Dinesh C. Verma, Graham White, Elisa Bertino, and Seraphin Calo

Subjects

Ensemble forecasting, Computer science, business.industry, Control (management), Big data, 020206 networking & telecommunications, 02 engineering and technology, Machine learning, computer.software_genre, Ensemble learning, Lead (geology), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Artificial intelligence, business, computer

Abstract

When creating real-world machine learning applications, system developers have to deal with the challenges of a dynamic environment where conditions change frequently, data has uncertainty, and new unanticipated situations are encountered. This requires a flexible approach in deciding how to use, adapt and create an AI model. Ensemble learning, where multiple models are trained, and use concurrently provides one way to address some of the issues. However, ensembles as used within the AI literature have primarily focused on creating a better model in a static environment. If we couple ensemble models with the concept of policy based control, we can create a system that is able to deal better with real-world scenarios. If we further augment the system so that it can generate its own policies, we can make progress towards the goal of a broad AI which can dynamically adapt itself. In this paper, we present an architecture for policy based ensemble, and show how it can lead to an approach towards broad AI.

Published

2019

35. A Comparison Between Statistical and Symbolic Learning Approaches for Generative Policy Models

Author

Elisa Bertino, Alessandra Russo, Mark Law, Geeth de Mel, Daniel Cunnington, and Graham White

Subjects

Training set, Process (engineering), business.industry, Computer science, Context (language use), 02 engineering and technology, Machine learning, computer.software_genre, Information science, Variety (cybernetics), Symbolic learning, Range (mathematics), Order (exchange), 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Artificial intelligence, business, computer, Generative grammar

Abstract

Generative Policy Models (GPMs) have been proposed as a method for future autonomous decision making in a distributed, collaborative environment. To learn a GPM, previous policy examples that contain policy features and the corresponding policy decisions are used. Recently, GPMs have been constructed using both symbolic and statistical learning algorithms. In either case, the goal of the learning process is to create a model across a wide range of contexts from which specific policies may be generated in a given context. Empirically, we expect each learning approach to provide certain advantages over the other. This paper assesses the relative performance of each learning approach in order to examine these advantages and disadvantages. Several carefully prepared data sets are used to train a variety of models across different learning algorithms, where models for each learning algorithm are trained with varying amounts of labelled examples. The performance of each model is evaluated across a variety of metrics which indicates the strength of each learning algorithm for the different scenarios presented and the amount of training data provided. Finally, future research directions are outlined to fully realise GPMs in a distributed, collaborative environment.

Published

2019

36. Access Control Model Extensions to Support Data Privacy Protection based on GDPR

Author

Elisa Bertino and Maryam Davari

Subjects

Blockchain, business.industry, Process (engineering), Computer science, Control (management), XACML, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Access control, 02 engineering and technology, Ontology (information science), Computer security, computer.software_genre, Semantic data model, 03 medical and health sciences, 0302 clinical medicine, 020204 information systems, General Data Protection Regulation, 0202 electrical engineering, electronic engineering, information engineering, 030212 general & internal medicine, Reference architecture, business, computer, computer.programming_language

Abstract

The General Data Protection Regulation (GDPR) gives control of data to the data owner. It imposes several requirements and obligations on organizations that process and manage personal data of EU citizens. GDPR uses consent as a legal basis for personal data processing. We design a semantic model to represent GDPR consents; our model is explicit, understandable, and reusable. Ensuring that organizations comply with GDPR with respect to user consents is a critical issue. To address such an issue, we propose a Blockchain-based model for compliance verification. Our decentralized model ensures that only parties authorized based on users’ consent can access users’ data and that all activities are logged in an immutable distributed ledger. Our GDPR privacy protection framework is cast into the XACML reference architecture.

Published

2019

37. On the Quality of Classification Models for Inferring ABAC Policies from Access Logs

Author

Elisa Bertino, Stefano Valtolina, Luca Cappelletti, Giorgio Valentini, and Marco Mesiti

Subjects

Flexibility (engineering), 021110 strategic, defence & security studies, Association rule learning, Property (programming), business.industry, Computer science, media_common.quotation_subject, 0211 other engineering and technologies, Usability, Access control, 02 engineering and technology, Machine learning, computer.software_genre, Identification (information), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Quality (business), Artificial intelligence, business, computer, media_common

Abstract

The attribute-based access control (ABAC) model has been gaining popularity in recent years because of its advantages in granularity, flexibility, and usability. Few approaches based on association rules mining have been proposed for the automatic generation of ABAC policies from access logs. Their aim is the identification of policies that do not overfit over training data, are not too general and thus does to disclose sensitive resources to everyone, and are interpretable by humans. The large ABAC privilege space along with the sparsity and unbalance distribution of the available logs make the solution of this task particularly complex and current approaches have different limitations. In this paper we compare different symbolic and nonsymbolic machine learning (ML) techniques for inferring ABAC policies and discuss their pros and cons. Based on experimental results on a toy dataset and on a real dataset, we argue that which is the best technique depends on the characteristics of the considered data. When the data are highly separable according to PCA and t-SNE decomposition, the quality of the obtained ABAC policies is higher and also policies are easily interpretable. By contrast, when this property does not hold, the quality of the obtained policies is low; in this case, non-symbolic ML techniques show better results than the symbolic ones.

Published

2019

38. Secure Seamless Bluetooth Low Energy Connection Migration for Unmodified IoT Devices

Author

Shagufta Mehnaz, Shahriar Nirjon, Elisa Bertino, and Syed Rafiul Hussain

Subjects

021110 strategic, defence & security studies, Computer Networks and Communications, business.industry, computer.internet_protocol, Computer science, 0211 other engineering and technologies, Mobile computing, 020206 networking & telecommunications, 02 engineering and technology, Gateway (computer program), Encryption, law.invention, Smartwatch, Bluetooth, law, Default gateway, 0202 electrical engineering, electronic engineering, information engineering, Mobile telephony, Electrical and Electronic Engineering, business, computer, Software, Bluetooth Low Energy, Computer network

Abstract

At present, Bluetooth Low Energy (BLE) is dominantly used in commercially available Internet of Things (IoT) devices–such as smart watches, fitness trackers, and smart appliances. Compared to classic Bluetooth, BLE has been simplified in many ways that include its connection establishment, data exchange, and encryption processes. Unfortunately, this simplification comes at a cost. For example, only a star topology is supported in BLE environments and a peripheral (an IoT device) can communicate with only one gateway (e.g., a smartphone, or a BLE hub) at any given set time. When a peripheral goes out of range and thus loses connectivity to a gateway, it cannot connect and seamlessly communicate with another gateway without user interventions. In other words, BLE connections are not automatically migrated or handed-off to another gateway. In this paper, we propose SeamBlue 1 1. A preliminary version [1] of this paper has been published in a conference. , which brings secure seamless connectivity to BLE-capable mobile IoT devices in an environment that consists of a network of gateways. Our framework ensures that unmodified, commercial off-the-shelf BLE devices seamlessly and securely connect to a nearby gateway without any user intervention.

Published

2018

39. PrivBioMTAuth: Privacy Preserving Biometrics-Based and User Centric Protocol for User Authentication From Mobile Phones

Author

Hasini Gunasinghe and Elisa Bertino

Subjects

Challenge-Handshake Authentication Protocol, 021110 strategic, defence & security studies, Authentication, User authentication, Biometrics, Computer Networks and Communications, business.industry, Computer science, Data_MISCELLANEOUS, 0211 other engineering and technologies, Cryptography, 02 engineering and technology, Service provider, Computer security, computer.software_genre, Security token, Identifier, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Safety, Risk, Reliability and Quality, business, computer

Abstract

We introduce a privacy preserving biometrics-based authentication solution by which users can authenticate to different service providers from mobile phones without involving identity providers in the transactions. Authentication is performed via zero-knowledge proof of knowledge, based on a cryptographic identity token that encodes the biometric identifier of the user and a secret provided by the user, making it three-factor authentication. Our approach for generating a unique, repeatable, and revocable biometric identifier from the user’s biometric image is based on a machine learning-based classification technique, which involves the features extracted from the user’s biometric image. We have implemented a prototype of the proposed authentication solution and evaluated our solution with respect to its performance, security, and privacy. The evaluation has been performed on a public data set of face images.

Published

2018

40. Highly efficient randomized authentication in VANETs

Author

Wei Jiang, Elisa Bertino, Dan Lin, and Jian Kang

Subjects

Security analysis, Authentication, Vehicular ad hoc network, Computer Networks and Communications, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020302 automobile design & engineering, 020206 networking & telecommunications, 02 engineering and technology, Service provider, Computer security, computer.software_genre, Computer Science Applications, 0203 mechanical engineering, Hardware and Architecture, Server, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, Protocol (object-oriented programming), computer, Software, Information Systems, Anonymity

Abstract

Considering the huge number of vehicles on the roads, Vehicular Ad-hoc Networks (VANETs) are envisioned to foster a variety of new applications ranging from road safety enhancement to mobile entertainment. These new VANET applications all face a critical challenge which is to ensure the identity and location privacy of vehicles’ owners who participate in such ad-hoc network. In this paper, we propose a highly efficient randomized authentication protocol that leverages homomorphic encryption to allow each individual vehicle to self-generate any number of authenticated identities to achieve full anonymity in VANETs. The proposed protocol prevents vehicles from being tracked by any single party including peer vehicles, service providers, authentication servers, and other infrastructure. Meanwhile, our protocol also provides traceability in case of any dispute. We have conducted both security analysis and experimental study which demonstrates the superiority of our protocol compared to other existing works.

Published

2018

41. Real-Time Digital Signatures for Time-Critical Networks

Author

Ioannis Papapanagiotou, Ankush Singla, Anand Mudgerikar, Attila A. Yavuz, and Elisa Bertino

Subjects

021110 strategic, defence & security studies, Authentication, Vehicular ad hoc network, Computer Networks and Communications, Computer science, business.industry, NTRU, 0211 other engineering and technologies, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, Random oracle, Digital signature, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), Enhanced Data Rates for GSM Evolution, Safety, Risk, Reliability and Quality, business, computer, Computer network

Abstract

The secure and efficient operation of time-critical networks, such as vehicular networks, smart-grid, and other smart-infrastructures, is of primary importance in today’s society. It is crucial to minimize the impact of security mechanisms over such networks so that the safe and reliable operations of time-critical systems are not being interfered. For instance, if the delay introduced by the crypto operations negatively affects the time available for braking a car before a collision, the car may not be able to safely stop in time. In particular, as a primary authentication mechanism, existing digital signatures introduce a significant computation and communication overhead, and therefore are unable to fully meet the real-time processing requirements of such time-critical networks. In this paper, we introduce a new suite of real-time digital signatures referred to as Structure-free and Compact Real-time Authentication ( ${SCRA}$ ), supported by hardware acceleration, to provide delay-aware authentication in time-critical networks. ${SCRA}$ is a novel signature framework that can transform any secure aggregate signature into a signer efficient signature. We instantiate ${SCRA}$ framework with condensed-RSA, BGLS, and NTRU signatures. Our analytical and experimental evaluation validates the significant performance advantages of ${SCRA}$ schemes over their base signatures and the state-of-the-art schemes. Moreover, we push the performance of ${SCRA}$ schemes to the edge via highly optimized implementations on vehicular capable system-on-chip as well as server-grade general purpose graphics processing units. We prove that ${SCRA}$ is secure (in random oracle model) and show that ${SCRA}$ can offer an ideal alternative for authentication in time-critical applications.

Published

2017

42. Pareto Optimal Security Resource Allocation for Internet of Things

Author

Edoardo Serra, Antonino Rullo, Elisa Bertino, and Daniele Midi

Subjects

021110 strategic, defence & security studies, Optimization problem, Cloud computing security, General Computer Science, Computer science, Network packet, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Energy consumption, Computer security model, Network topology, Computer security, computer.software_genre, Robustness (computer science), 0202 electrical engineering, electronic engineering, information engineering, Safety, Risk, Reliability and Quality, computer, Pareto analysis

Abstract

In many Internet of Thing (IoT) application domains security is a critical requirement, because malicious parties can undermine the effectiveness of IoT-based systems by compromising single components and/or communication channels. Thus, a security infrastructure is needed to ensure the proper functioning of such systems even under attack. However, it is also critical that security be at a reasonable resource and energy cost. In this article, we focus on the problem of efficiently and effectively securing IoT networks by carefully allocating security resources in the network area. In particular, given a set of security resources R and a set of attacks to be faced A , our method chooses the subset of R that best addresses the attacks in A , and the set of locations where to place them, that ensure the security coverage of all IoT devices at minimum cost and energy consumption. We model our problem according to game theory and provide a Pareto-optimal solution in which the cost of the security infrastructure, its energy consumption, and the probability of a successful attack are minimized. Our experimental evaluation shows that our technique improves the system robustness in terms of packet delivery rate for different network topologies. Furthermore, we also provide a method for handling the computation of the resource allocation plan for large-scale networks scenarios, where the optimization problem may require an unreasonable amount of time to be solved. We show how our proposed method drastically reduces the computing time, while providing a reasonable approximation of the optimal solution.

Published

2017

43. A Collaborative DDoS Defence Framework Using Network Function Virtualization

Author

Carol Fung, Bahman Rashidi, and Elisa Bertino

Subjects

Computer Networks and Communications, Computer science, 020206 networking & telecommunications, Denial-of-service attack, 02 engineering and technology, Computer security, computer.software_genre, Shared resource, Resource (project management), Server, 0202 electrical engineering, electronic engineering, information engineering, Stackelberg competition, Resource allocation, 020201 artificial intelligence & image processing, Resource management, SYN flood, Safety, Risk, Reliability and Quality, computer

Abstract

High-profile and often destructive distributed denial of service (DDoS) attacks continue to be one of the top security concerns as the DDoS attacks volumes are increasing constantly. Among them, the SYN Flood attack is the most common type. Conventional DDoS defense solutions may not be preferable, since they demand highly capable hardware resources, which induce high cost and long deployment cycle. The emerging of network function virtualization (NFV) technology introduces new opportunities to decrease the amount of proprietary hardware that is needed to launch and operate network services. In this paper, we propose a DDoS defense mechanism named CoFence, which facilitates a “domain-helps-domain” collaboration network among NFV-based domain networks. CoFence allows domain networks to help each other in handling large volume of DDoS attacks through resource sharing. Specifically, we design a dynamic resource allocation mechanism for domains so that the resource allocation is fair, efficient, and incentive-compatible. The resource sharing mechanism is modeled as a multi-leader-follower Stackelberg game. In this game, all domains have a degree of control to maximize their own utility. The resource supplier domains determine the amount of resource to each requesting peer based on optimizing a reciprocal-based utility function. On the other hand, the resource requesting domains decide the level of demand to send to the resource supplier domains in order to reach sufficient support. Our simulation results demonstrate that the designed resource allocation game is effective, incentive compatible, fair, and reciprocal under its Nash equilibrium.

Published

2017

44. Heimdall: Mitigating the Internet of Insecure Things

Author

Elisa Bertino, Daniele Midi, Javid Habibi, and Anand Mudgerikar

Subjects

Router, Computer Networks and Communications, Smart objects, Computer science, Botnet, Vulnerability, 050801 communication & media studies, Denial-of-service attack, 02 engineering and technology, Intrusion detection system, Computer security, computer.software_genre, 0508 media and communications, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), business.industry, 05 social sciences, Whitelist, 020206 networking & telecommunications, Computer Science Applications, Hardware and Architecture, Signal Processing, The Internet, business, computer, Information Systems, Computer network

Abstract

The Internet of Things (IoT) is built of many small smart objects continuously connected to the Internet. This makes these devices an easy target for attacks exploiting vulnerabilities at the network, application, and mobile level. With that it comes as no surprise that distributed denial of service attacks leveraging these vulnerable devices have become a new standard for effective botnets. In this paper, we propose Heimdall, a whitelist-based intrusion detection technique tailored to IoT devices. Heimdall operates on routers acting as gateways for IoT as a homogeneous defense for all devices behind the router. Our experimental results show that our defense mechanism is effective and has minimal overhead.

Published

2017

45. DBSAFE—An Anomaly Detection System to Protect Databases From Exfiltration Attempts

Author

Donald Steiner, R. Michael Lefler, Elisa Bertino, David Landers, Asmaa Sallam, and Syed Rafiul Hussain

Subjects

Database, Computer Networks and Communications, Computer science, business.industry, Anomaly (natural sciences), Data security, 020206 networking & telecommunications, Access control, 02 engineering and technology, computer.software_genre, Encryption, Computer security, Database design, Computer Science Applications, Data access, Relational database management system, Control and Systems Engineering, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Anomaly detection, Data mining, Electrical and Electronic Engineering, business, computer, Information Systems

Abstract

Attempts by insiders to exfiltrate data have become a severe threat to the enterprise. Conventional data security techniques, such as access control and encryption, must be augmented with techniques to detect anomalies in data access that may indicate exfiltration attempts. In this paper, we present the design and evaluation of DBSAFE, a system to detect, alert on, and respond to anomalies in database access designed specifically for relational database management systems (DBMS). The system automatically builds and maintains profiles of normal user and application behavior, based on their interaction with the monitored database during a training phase. The system then uses these profiles to detect anomalous behavior that deviates from normality. Once an anomaly is detected, the system uses predetermined policies guiding automated and/or human response to the anomaly. The DBSAFE architecture does not impose any restrictions on the type of the monitored DBMS. Evaluation results indicate that the proposed techniques are indeed effective in detecting anomalies.

Published

2017

46. A System for Profiling and Monitoring Database Access Patterns by Application Programs for Anomaly Detection

Author

Syed Rafiul Hussain, Elisa Bertino, and Lorenzo Bossi

Subjects

Alias, Database, Computer science, business.industry, View, Access control, Database administrator, 02 engineering and technology, Computer security, computer.software_genre, Application profile, Database testing, SQL injection, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Query by Example, Anomaly detection, business, computer, Software, computer.programming_language

Abstract

Database Management Systems (DBMSs) provide access control mechanisms that allow database administrators (DBAs) to grant application programs access privileges to databases. Though such mechanisms are powerful, in practice finer-grained access control mechanism tailored to the semantics of the data stored in the DMBS is required as a first class defense mechanism against smart attackers. Hence, custom written applications which access databases implement an additional layer of access control. Therefore, securing a database alone is not enough for such applications, as attackers aiming at stealing data can take advantage of vulnerabilities in the privileged applications and make these applications to issue malicious database queries. An access control mechanism can only prevent application programs from accessing the data to which the programs are not authorized, but it is unable to prevent misuse of the data to which application programs are authorized for access. Hence, we need a mechanism able to detect malicious behavior resulting from previously authorized applications. In this paper, we present the architecture of an anomaly detection mechanism, DetAnom , that aims to solve such problem. Our approach is based the analysis and profiling of the application in order to create a succinct representation of its interaction with the database. Such a profile keeps a signature for every submitted query and also the corresponding constraints that the application program must satisfy to submit the query. Later, in the detection phase, whenever the application issues a query, a module captures the query before it reaches the database and verifies the corresponding signature and constraints against the current context of the application. If there is a mismatch, the query is marked as anomalous. The main advantage of our anomaly detection mechanism is that, in order to build the application profiles, we need neither any previous knowledge of application vulnerabilities nor any example of possible attacks. As a result, our mechanism is able to protect the data from attacks tailored to database applications such as code modification attacks, SQL injections, and also from other data-centric attacks as well. We have implemented our mechanism with a software testing technique called concolic testing and the PostgreSQL DBMS. Experimental results show that our profiling technique is close to accurate, requires acceptable amount of time, and the detection mechanism incurs low runtime overhead.

Published

2017

47. Android resource usage risk assessment using hidden Markov model and online learning

Author

Bahman Rashidi, Carol Fung, and Elisa Bertino

Subjects

General Computer Science, Computer science, business.industry, Online learning, 020207 software engineering, 02 engineering and technology, Permission, computer.software_genre, Computer security, Machine learning, 0202 electrical engineering, electronic engineering, information engineering, Malware, 020201 artificial intelligence & image processing, Timestamp, Artificial intelligence, Android (operating system), Hidden Markov model, Risk assessment, business, Law, computer

Abstract

With Android devices users are allowed to install third-party applications from various open markets. This raises security and privacy concerns since the third-party applications may be malicious. Unfortunately, the increasing sophistication and diversity of the malicious Android applications render the conventional defenses techniques ineffective, which results in a large number of malicious applications to remain undetected. In this paper we present XDroid, an Android application and resource risk assessment framework based on the Hidden Markov Model (HMM). In our approach, we first map the applications' behaviors into an observation set, and we attach timestamps to some observations in the set. We show that our novel use of temporal behavior tracking can significantly improve the malware detection accuracy, and that the HMM can generate security alerts when suspicious behaviors are detected. Furthermore, we introduce an online learning model to integrate the input from users and provide adaptive risk assessment. We evaluate our model through a set of experiments on the DREBIN benchmark malware dataset. Our evaluation results demonstrate that the proposed model can accurately assess the risk levels of malicious applications and provide adaptive risk assessment based on user input.

Published

2017

48. Botnets and Internet of Things Security

Author

Elisa Bertino and Nayeem Islam

Subjects

General Computer Science, business.industry, Computer science, Internet privacy, Botnet, 020206 networking & telecommunications, Denial-of-service attack, 02 engineering and technology, Computer security, computer.software_genre, Scalability, 0202 electrical engineering, electronic engineering, information engineering, Trust management (information system), 020201 artificial intelligence & image processing, Internet of Things, business, computer, Vulnerability (computing)

Abstract

Recent distributed denial-of-service attacks demonstrate the high vulnerability of Internet of Things (IoT) systems and devices. Addressing this challenge will require scalable security solutions optimized for the IoT ecosystem.

Published

2017

49. Overview of Mobile Containerization Approaches and Open Research Directions

Author

Elisa Bertino, Daniele Midi, and Oyindamola Oluwatimi

Subjects

021110 strategic, defence & security studies, Multimedia, Computer Networks and Communications, business.industry, Computer science, 0211 other engineering and technologies, Mobile computing, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, Virtualization, Open research, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Mobile telephony, Electrical and Electronic Engineering, business, Law, computer, Mobile device, Enterprise resource planning, Content management

Abstract

When a mobile device is used for both personal and business purposes, securing enterprise content and preserving employees' privacy are vital. Containerization is a promising approach to address such requirements.

Published

2017

50. A System for Response and Prevention of Security Incidents in Wireless Sensor Networks

Author

Daniele Midi, Elisa Bertino, and Salmin Sultana

Subjects

Computer Networks and Communications, Computer science, business.industry, Testbed, 020206 networking & telecommunications, 02 engineering and technology, Load balancing (computing), Executor, Computer security, computer.software_genre, Key distribution in wireless sensor networks, Software deployment, Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Timer, business, Wireless sensor network, computer, Computer network

Abstract

Resource constraints, unattended operating environments, and communication phenomena make Wireless Sensor Networks (WSNs) susceptible to operational failures and security attacks. However, applications often impose stringent requirements on data reliability and service availability, due to the deployment of sensor networks in various critical infrastructures. Given the failure- and attack-prone nature of sensor networks, enabling sensor networks to continuously provide their services as well as to effectively recover from attacks is a crucial requirement. We present Kinesis, a security incident response system designed to keep WSNs functional despite anomalies or attacks and to recover from attacks without significant interruption. Kinesis is quick and effective in responding to incidents, distributed in nature, dynamic in selecting response actions based on the context, and lightweight in terms of response policy specification, communication, and energy overhead. A per-node single timer-based distributed strategy to select the most effective response executor in a neighborhood makes the system simple and scalable, while achieving load balancing and redundant action optimization. We implement Kinesis in TinyOS and measure its performance for various application and network layer incidents. Extensive TOSSIM simulations and testbed experiments show that Kinesis successfully counteracts anomalies/attacks and behaves consistently under various attack scenarios and rates.

Published

2016