DOCSLIB.ORG

Paper, My Focus Was Mainly on Designing, Imple- Menting and Evaluating Securepay

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Paper, My Focus Was Mainly on Designing, Imple- Menting and Evaluating Securepay VULNERABLE BY DESIGN: MITIGATING DESIGN FLAWS IN HARDWARE AND SOFTWARE PH.D. THESIS RADHESH KRISHNAN KONOTH VRIJE UNIVERSITEIT AMSTERDAM, 2020 Faculty of Science The research reported in this dissertation was conducted at the Faculty of Science — at the Department of Computer Science — of the Vrije Universiteit Amsterdam This work was supported by the MALPAY consortium, consisting of the Dutch national police, ING, ABN AMRO, Rabobank, Fox-IT, and TNO. This thesis represents the position of the author and not that of the aforementioned consortium partners Copyright © 2020 by Radhesh Krishnan Konoth VRIJE UNIVERSITEIT VULNERABLE BY DESIGN: MITIGATING DESIGN FLAWS IN HARDWARE AND SOFTWARE ACADEMISCH PROEFSCHRIFT ter verkrijging van de graad Doctor of Philosophy aan de Vrije Universiteit Amsterdam, op gezag van de rector magnicus prof.dr. V. Subramaniam, in het openbaar te verdedigen ten overstaan van de promotiecommissie van de Faculteit der Bètawetenschappen op maandag 7 december 2020 om 13.45 uur in de online bijeenkomst van de universiteit, De Boelelaan 1105 door Radhesh Krishnan Konoth geboren te Koorkenchery, India promotor: prof.dr.ir. H. J. Bos copromotor: dr. K. Razavi ഞാൻ ഈ പുസ്തകം എെ അനും അയ്ും സമർിുു “Those that have an attitude of service towards others are the beauty of society." - Amma Acknowledgements Let me begin by acknowledging the people who supported me during this won- derful journey. First and foremost, I am greatly indebted to my supervisor Herbert Bos for providing me the opportunity to do a Ph.D. Thank you Herbert for taking that risk and for believing in me. This journey would not have been possible without your support and guidance. Your dedication, leadership, and the ability to sell any idea are such an inspiration. I truly couldn’t have wished for a better supervisor. You are the best! I am deeply grateful to my co-promoter Kaveh Razavi. Only amazing things happened from the moment you joined the team. You gave me the idea and opportunity to work on a crazy Rowhammer defense project and to do an intern- ship at UCSB. Both ideas ended up as two amazing chapters of this Ph.D. thesis. Every conversation with you was inspiring and you always pushed me to create the best research. I am grateful for all those pushes, guidance, and support. You made this journey a lot more exciting for me. I am indebted. Next, I would like to thank members of my Ph.D. thesis committee: Clémen- tine Maurice, Christian Rossow, Erik van der Kouwe, Michel van Eeten, Marten van Dijk and Wan Fokkink. Thank you for your allotting time and energy to review my thesis. During my Ph.D. I was fortunate to work with a lot of smart researchers. My sincere thanks to Victor, Andrei, Marco, Cristiano, Dennis, Elias, Enes, Wan, Martina, Veelasha, Emanuele, Björn, Christopher, Giovanni. This thesis wouldn’t have existed without your support. VUSec is a group of amazing researchers. Everyone there made this journey very special to me. Thank you Sanjay, Manolis, Taddeüs, Koen, Ben, Erik van der Kouwe, Erik Bosman, Chen, Istvan, Koustubha, Lucian, Natalie, Pietro, Sebasti- aan, Stephan, Elia, Brian, Hany, Emanuele, Alyssa, Marius, and Manuel. I am grateful to all the teachers of my life, friends, and family. Thank you ix x ACKNOWLEDGEMENTS Renuka, Vipin, Zubin, Praveen, Sreekumar, Roshan, Vinod, Candice, Elisabeth, Amrutha, Sreejith, and Akshara (my only niece, yet). I would like to thank my dad and my mom for all the motivation, support, and love. This Ph.D. thesis is a result of your eorts, sacrices, and prayers. Thank you from the bottom of my heart. At the heart of it all, let me express my humble gratitude towards Amma (Mata Amritanandamayi Devi) for her inspiration, guidance, and grace. Without her support, neither would I have started this journey nor would I have concluded this journey. Thank you, Amma. Radhesh Amsterdam, December 2020 Contents Acknowledgements ix Contents xi Publications xv 1 Introduction1 2 BAndroid9 2.1 Introduction............................. 10 2.2 Synchronization........................... 12 2.2.1 Remote Services ...................... 12 2.2.2 App Synchronization.................... 12 2.2.3 2FA Synchronization Vulnerabilities............ 13 2.3 Exploiting 2FA Synchronization Vulnerabilities.......... 14 2.3.1 Android........................... 14 2.3.2 iOS.............................. 18 2.3.3 Dedicated 2FA Apps .................... 19 2.4 Discussion.............................. 20 2.4.1 Feasibility.......................... 20 2.4.2 Recommendations and Future Work............ 21 2.4.3 Responsible Disclosure................... 23 2.5 Background and Related Work................... 23 2.5.1 Man-in-the-Browser.................... 23 2.5.2 Two-Factor Authentication................. 24 2.5.3 Cross-platform infection.................. 25 2.6 Conclusion ............................. 26 3 SecurePay 27 xi xii CONTENTS 3.1 Introduction............................. 28 3.2 Background............................. 31 3.2.1 Mobile transactions and 2FA................ 31 3.2.2 Separating the factors ................... 32 3.2.3 Trusted Execution Environment (TEE) .......... 33 3.3 Threat model and assumptions................... 33 3.4 Design................................ 34 3.4.1 Requirements for a secure and compatible design . 34 3.4.2 SecurePay.......................... 35 3.5 Implementation........................... 39 3.5.1 SecurePay components................... 39 3.5.2 SecurePay registration and bootstrap........... 43 3.6 Evaluation.............................. 44 3.6.1 Security of mobile transactions .............. 44 3.6.2 Security of non-mobile transactions............ 45 3.6.3 Verication using Tamarin . 46 3.6.4 Performance evaluation .................. 50 3.6.5 Integration eort...................... 51 3.6.6 Comparison with similar eorts.............. 51 3.7 Discussion.............................. 55 3.8 Related work ............................ 56 3.9 Conclusions............................. 58 4 ZebRAM 61 4.1 Introduction............................. 62 4.2 Background............................. 64 4.2.1 DRAM Organization.................... 64 4.2.2 The Rowhammer Bug ................... 66 4.2.3 Rowhammer Defenses................... 67 4.3 Threat Model............................ 68 4.4 Design................................ 68 4.5 Implementation........................... 71 4.5.1 ZebRAM Prototype Components ............. 72 4.5.2 Implementation Details................... 73 4.6 Security Evaluation......................... 75 4.6.1 Traditional Rowhammer Exploits............. 75 CONTENTS xiii 4.6.2 ZebRAM-aware Exploits.................. 76 4.7 Performance Evaluation ...................... 77 4.8 Related work ............................ 84 4.9 Discussion.............................. 87 4.9.1 Prototype.......................... 87 4.9.2 Alternative Implementations................ 87 4.10 Conclusion ............................. 88 5 MineSweeper 91 5.1 Introduction............................. 93 5.2 Background............................. 95 5.2.1 Cryptocurrency Mining Pools............... 96 5.2.2 In-browser Cryptomining ................. 96 5.2.3 Web Technologies ..................... 97 5.2.4 Existing Defenses against Drive-by Mining . 98 5.3 Threat Model............................ 99 5.4 Drive-by Mining in the Wild.................... 100 5.4.1 Data Collection....................... 101 5.4.2 Data Analysis and Correlation . 105 5.4.3 In-depth Analysis and Results . 108 5.4.4 Common Drive-by Mining Characteristics . 117 5.5 Drive-by Mining Detection..................... 117 5.5.1 Cryptomining Hashing Code . 118 5.5.2 Wasm Analysis....................... 120 5.5.3 Cryptographic Function Detection . 120 5.5.4 Deployment Considerations . 123 5.6 Evaluation.............................. 123 5.7 Limitations and Future Work.................... 128 5.8 Related Work............................ 129 5.9 Conclusion ............................. 130 6 Conclusion 133 References 139 Conference Proceedings ......................... 139 Articles .................................. 146 xiv CONTENTS Books ................................... 147 Technical Reports and Documentation . 147 Online................................... 148 Talks.................................... 153 Source code................................ 154 Summary 155 Samenvatting 157 Publications Parts of this dissertation have been published earlier. The text in this thesis dif- fers from the published versions in minor editorial changes that were made to improve readability. The following publications form the core of this thesis. R. K. Konoth, V. van der Veen, and H. Bos. How anywhere computing just killed your phone-based two-factor authentication. In Proceedings of the 20th International Conference on Financial Cryptography and Data Security (FC). Feb. 2016. [Appears in Chapter2.] R. K. Konoth, B. Fischer, W. Fokkink, E. Athanasopoulos, K. Razavi, and H. Bos. SecurePay: Strengthening two-factor authentication for arbitrary trans- actions. In Proceedings of the 5th IEEE European Symposium on Security and Pri- vacy (EuroS&P). Sep. 2020. [Appears in Chapter3.] R. K. Konoth, M. Oliverio, A. Tatar, D. Andriesse, H. Bos, C. Giurida, and K. Razavi. ZebRAM: Comprehensive and compatible software protection against rowhammer attacks. In Proceedings of the 13th USENIX Symposium on Operat- ing Systems Design and Implementation (OSDI). Nov. 2018. [Appears in Chapter4.] R. K. Konoth, E. Vineti, V. Moonsamy, M. Lindorfer, C. Kruegel, H. Bos, and G.
Load more

Recommended publications
  • Security Analysis of Docker Containers in a Production Environment
    Security analysis of Docker containers in a production environment Jon-Anders Kabbe Master of Science in Communication Technology Submission date: June 2017 Supervisor: Colin Alexander Boyd, IIK Co-supervisor: Audun Bjørkøy, TIND Technologies Norwegian University of Science and Technology Department of Information Security and Communication Technology Title: Security Analysis of Docker Containers in a Production Environment Student: Jon-Anders Kabbe Problem description: Deployment of Docker containers has achieved its popularity by providing an au- tomatable and stable environment serving a particular application. Docker creates a separate image of a file system with everything the application require during runtime. Containers run atop the regular file system as separate units containing only libraries and tools that particular application require. Docker containers reduce the attack surface, improves process interaction and sim- plifies sandboxing. But containers also raise security concerns, reduced segregation between the operating system and application, out of date or variations in libraries and tools and is still an unsettled technology. Docker containers provide a stable and static environment for applications; this is achieved by creating a static image of only libraries and tools the specific application needs during runtime. Out of date tools and libraries are a major security risk when exposing applications over the Internet, but availability is essential in a competitive market. Does Docker raise some security concerns compared to standard application deploy- ment such as hypervisor-based virtual machines? Is the Docker “best practices” sufficient to secure the container and how does this compare to traditional virtual machine application deployment? Responsible professor: Colin Alexander Boyd, ITEM Supervisor: Audun Bjørkøy, TIND Technologies Abstract Container technology for hosting applications on the web is gaining traction as the preferred mode of deployment.
    [Show full text]
  • Identifying Threats Associated with Man-In-The-Middle Attacks During Communication Between a Mobile Device and the Back End Server in Mobile Banking Applications
    IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 16, Issue 2, Ver. IX (Mar-Apr. 2014), PP 35-42 www.iosrjournals.org Identifying Threats Associated With Man-In-The-Middle Attacks during Communication between a Mobile Device and the Back End Server in Mobile Banking Applications Anthony Luvanda1,*Dr Stephen Kimani1 Dr Micheal Kimwele1 1. School of Computing and Information Technology, Jomo Kenyatta University of Agriculture and Technology, PO Box 62000-00200 Nairobi Kenya Abstract: Mobile banking, sometimes referred to as M-Banking, Mbanking or SMS Banking, is a term used for performing balance checks, account transactions, payments, credit applications and other banking transactions through a mobile device such as a mobile phone or Personal Digital Assistant (PDA). Mobile banking has until recently most often been performed via SMS or the Mobile Web. Apple's initial success with iPhone and the rapid growth of phones based on Google's Android (operating system) have led to increasing use of special client programs, called apps, downloaded to the mobile device hence increasing the number of banking applications that can be made available on mobile phones . This in turn has increased the popularity of mobile device use in regards to personal banking activities. Due to the characteristics of wireless medium, limited protection of the nodes, nature of connectivity and lack of centralized managing point, wireless networks tend to be highly vulnerable and more often than not they become subjects of attack. This paper proposes to identify potential threats associated with communication between a mobile device and the back end server in mobile banking applications.
    [Show full text]
  • A Study of Android Application Security
    A Study of Android Application Security William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri Systems and Internet Infrastructure Security Laboratory Department of Computer Science and Engineering The Pennsylvania State University enck, octeau, mcdaniel, swarat @cse.psu.edu { } Abstract ingly desire it, markets are not in a position to provide security in more than a superficial way [30]. The lack of The fluidity of application markets complicate smart- a common definition for security and the volume of ap- phone security. Although recent efforts have shed light plications ensures that some malicious, questionable, and on particular security issues, there remains little insight vulnerable applications will find their way to market. into broader security characteristics of smartphone ap- In this paper, we broadly characterize the security of plications. This paper seeks to better understand smart- applications in the Android Market. In contrast to past phone application security by studying 1,100 popular studies with narrower foci, e.g., [14, 12], we consider a free Android applications. We introduce the ded decom- breadth of concerns including both dangerous functional- piler, which recovers Android application source code ity and vulnerabilities, and apply a wide range of analysis directly from its installation image. We design and exe- techniques. In this, we make two primary contributions: cute a horizontal study of smartphone applications based on static analysis of 21 million lines of recovered code. We design and implement a Dalvik decompilier, • Our analysis uncovered pervasive use/misuse of person- ded. ded recovers an application’s Java source al/phone identifiers, and deep penetration of advertising solely from its installation image by inferring lost and analytics networks.
    [Show full text]
  • IBM Multi-Factor Authentication for Z/OS
    Multi Factor Authentication for Linux on IBM Z using a centralized z/OS LDAP infrastructure Dr. Manfred Gnirss Thomas Wienert Z ATS IBM Systems IBM Germany R & D Boeblingen, 18.7.2018 © 2018 IBM Corporation 2 Trademarks The following are trademarks of the International Business Machines Corporation in the United States, other countries, or both. Not all common law marks used by IBM are listed on this page. Failure of a mark to appear does not mean that IBM does not use the mark nor does it mean that the product is not actively marketed or is not significant within its relevant market. Those trademarks followed by ® are registered trademarks of IBM in the United States; all others are trademarks or common law marks of IBM in the United States. For a complete list of IBM Trademarks, see www.ibm.com/legal/copytrade.shtml: *BladeCenter®, DB2®, e business(logo)®, DataPower®, ESCON, eServer, FICON, IBM®, IBM (logo)®, MVS, OS/390®, POWER6®, POWER6+, POWER7®, Power Architecture®, PowerVM®, S/390®, System p®, System p5, System x®, System z®, System z9®, System z10®, WebSphere®, X-Architecture®, zEnterprise, z9®, z10, z/Architecture®, z/OS®, z/VM®, z/VSE®, zSeries® The following are trademearks or registered trademarks of other companies. Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc.
    [Show full text]
  • Recent Developments in Cybersecurity Melanie J
    American University Business Law Review Volume 2 | Issue 2 Article 1 2013 Fiddling on the Roof: Recent Developments in Cybersecurity Melanie J. Teplinsky Follow this and additional works at: http://digitalcommons.wcl.american.edu/aublr Part of the Law Commons Recommended Citation Teplinsky, Melanie J. "Fiddling on the Roof: Recent Developments in Cybersecurity." American University Business Law Review 2, no. 2 (2013): 225-322. This Article is brought to you for free and open access by the Washington College of Law Journals & Law Reviews at Digital Commons @ American University Washington College of Law. It has been accepted for inclusion in American University Business Law Review by an authorized administrator of Digital Commons @ American University Washington College of Law. For more information, please contact [email protected]. ARTICLES FIDDLING ON THE ROOF: RECENT DEVELOPMENTS IN CYBERSECURITY MELANIE J. TEPLINSKY* TABLE OF CONTENTS Introduction .......................................... ..... 227 I. The Promise and Peril of Cyberspace .............. ........ 227 II. Self-Regulation and the Challenge of Critical Infrastructure ......... 232 III. The Changing Face of Cybersecurity: Technology Trends ............ 233 A. Mobile Technology ......................... 233 B. Cloud Computing ........................... ...... 237 C. Social Networking ................................. 241 IV. The Changing Face of Cybersecurity: Cyberthreat Trends ............ 244 A. Cybercrime ................................. ..... 249 1. Costs of Cybercrime
    [Show full text]
  • SANS Spearphishing Survival Guide
    SANS Spearphishing Survival Guide A SANS Whitepaper Written by Jerry Shenk December 2015 Sponsored by Proofpoint ©2015 SANS™ Institute Executive Summary Organizations are constantly under attack. Nearly every week comes a news headline of another breach affecting millions of people. Organizations that experience “small” breaches spend hundreds of thousands of dollars on forensic examinations, infrastructure upgrades and identity monitoring. Those that get hit by a large breach spend millions. The majority of those threats still arrive by email in the form of weaponized file attachments, malicious links, wire-transfer fraud and credential phishing. In most cases, attackers deploy email-borne attacks that target specific individuals and fool them into believing they are from someone they do business with or someone in authority who knows them. Often, attackers gather the information they need to pull off these sorts of phishing attacks over social media, where employees share significant amounts of personal and contextual information. Just as often, employees leak information over mobile applications that make it easier for criminals to target their attacks. While most antivirus, anti-malware and email security systems are good at catching traditional mass email phishing attacks with known malicious attachments, links and content, they are not catching the most sophisticated targeted attacks on email recipients. These types of attacks, called spearphishing, gather information on high- value targets who have direct access to company financial or customer information.1 Using social media, mobile apps and other sources of information (such as a company website), criminals can make connections between business associates and third parties in order to craft emails that look like they come from someone the targets work with—and neither network-based nor email-based security tools are catching them consistently.
    [Show full text]
  • Security and Hardening Guide Security and Hardening Guide SUSE Linux Enterprise Desktop 15 SP2
    SUSE Linux Enterprise Desktop 15 SP2 Security and Hardening Guide Security and Hardening Guide SUSE Linux Enterprise Desktop 15 SP2 Introduces basic concepts of system security, covering both local and network security aspects. Shows how to use the product inherent security software like AppArmor, SELinux, or the auditing system that reliably collects information about any security-relevant events. Supports the administrator with security-related choices and decisions in installing and setting up a secure SUSE Linux Enterprise Server and additional processes to further secure and harden that installation. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC,
    [Show full text]
  • Systematization of Vulnerability Discovery Knowledge: Review
    Systematization of Vulnerability Discovery Knowledge Review Protocol Nuthan Munaiah and Andrew Meneely Department of Software Engineering Rochester Institute of Technology Rochester, NY 14623 {nm6061,axmvse}@rit.edu February 12, 2019 1 Introduction As more aspects of our daily lives depend on technology, the software that supports this technology must be secure. We, as users, almost subconsciously assume the software we use to always be available to serve our requests while preserving the confidentiality and integrity of our information. Unfortunately, incidents involving catastrophic software vulnerabilities such as Heartbleed (in OpenSSL), Stagefright (in Android), and EternalBlue (in Windows) have made abundantly clear that software, like other engineered creations, is prone to mistakes. Over the years, Software Engineering, as a discipline, has recognized the potential for engineers to make mistakes and has incorporated processes to prevent such mistakes from becoming exploitable vulnerabilities. Developers leverage a plethora of processes, techniques, and tools such as threat modeling, static and dynamic analyses, unit/integration/fuzz/penetration testing, and code reviews to engineer secure software. These practices, while effective at identifying vulnerabilities in software, are limited in their ability to describe the engineering failures that may have led to the introduction of vulnerabilities. Fortunately, as researchers propose empirically-validated metrics to characterize historical vulnerabilities, the factors that may have led to the introduction of vulnerabilities emerge. Developers must be made aware of these factors to help them proactively consider security implications of the code that they contribute. In other words, we want developers to think like an attacker (i.e. inculcate an attacker mindset) to proactively discover vulnerabilities.
    [Show full text]
  • The Rise and Imminent Fall of the N-Day Exploit Market in the Cybercriminal Underground
    The Rise and Imminent Fall of the N-Day Exploit Market in the Cybercriminal Underground Mayra Rosario Fuentes and Shiau-Jing Ding Contents TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and 4 should not be construed to constitute legal advice. The information contained herein may not be applicable to all Introduction situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing 7 herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document Overview of Exploit Developers at any time without prior notice. Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise 12 related to the accuracy of a translation, please refer to the original language official version of the document. Any Overview of Exploit Demand and discrepancies or differences created in the translation are Availability not binding and have no legal effect for compliance or enforcement purposes. Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro 16 makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree Outdated Exploits that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied.
    [Show full text]
  • Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE of CONTENTS 2016 Internet Security Threat Report 2
    Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE OF CONTENTS 2016 Internet Security Threat Report 2 CONTENTS 4 Introduction 21 Tech Support Scams Go Nuclear, 39 Infographic: A New Zero-Day Vulnerability Spreading Ransomware Discovered Every Week in 2015 5 Executive Summary 22 Malvertising 39 Infographic: A New Zero-Day Vulnerability Discovered Every Week in 2015 8 BIG NUMBERS 23 Cybersecurity Challenges For Website Owners 40 Spear Phishing 10 MOBILE DEVICES & THE 23 Put Your Money Where Your Mouse Is 43 Active Attack Groups in 2015 INTERNET OF THINGS 23 Websites Are Still Vulnerable to Attacks 44 Infographic: Attackers Target Both Large and Small Businesses 10 Smartphones Leading to Malware and Data Breaches and Mobile Devices 23 Moving to Stronger Authentication 45 Profiting from High-Level Corporate Attacks and the Butterfly Effect 10 One Phone Per Person 24 Accelerating to Always-On Encryption 45 Cybersecurity, Cybersabotage, and Coping 11 Cross-Over Threats 24 Reinforced Reassurance with Black Swan Events 11 Android Attacks Become More Stealthy 25 Websites Need to Become Harder to 46 Cybersabotage and 12 How Malicious Video Messages Could Attack the Threat of “Hybrid Warfare” Lead to Stagefright and Stagefright 2.0 25 SSL/TLS and The 46 Small Business and the Dirty Linen Attack Industry’s Response 13 Android Users under Fire with Phishing 47 Industrial Control Systems and Ransomware 25 The Evolution of Encryption Vulnerable to Attacks 13 Apple iOS Users Now More at Risk than 25 Strength in Numbers 47 Obscurity is No Defense
    [Show full text]
  • Efficiently Mitigating Transient Execution Attacks Using the Unmapped Speculation Contract Jonathan Behrens, Anton Cao, Cel Skeggs, Adam Belay, M
    Efficiently Mitigating Transient Execution Attacks using the Unmapped Speculation Contract Jonathan Behrens, Anton Cao, Cel Skeggs, Adam Belay, M. Frans Kaashoek, and Nickolai Zeldovich, MIT CSAIL https://www.usenix.org/conference/osdi20/presentation/behrens This paper is included in the Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation November 4–6, 2020 978-1-939133-19-9 Open access to the Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation is sponsored by USENIX Efficiently Mitigating Transient Execution Attacks using the Unmapped Speculation Contract Jonathan Behrens, Anton Cao, Cel Skeggs, Adam Belay, M. Frans Kaashoek, and Nickolai Zeldovich MIT CSAIL Abstract designers have implemented a range of mitigations to defeat transient execution attacks, including state flushing, selectively Today’s kernels pay a performance penalty for mitigations— preventing speculative execution, and removing observation such as KPTI, retpoline, return stack stuffing, speculation channels [5]. These mitigations impose performance over- barriers—to protect against transient execution side-channel heads (see §2): some of the mitigations must be applied at attacks such as Meltdown [21] and Spectre [16]. each privilege mode transition (e.g., system call entry and exit), To address this performance penalty, this paper articulates and some must be applied to all running code (e.g., retpolines the unmapped speculation contract, an observation that mem- for all indirect jumps). In some cases, they are so expensive ory that isn’t mapped in a page table cannot be leaked through that OS vendors have decided to leave them disabled by de- transient execution. To demonstrate the value of this contract, fault [2, 22].
    [Show full text]
  • Compromised Connections
    COMPROMISED CONNECTIONS OVERCOMING PRIVACY CHALLENGES OF THE MOBILE INTERNET The Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and many other international and regional treaties recognize privacy as a fundamental human right. Privacy A WORLD OF INFORMATION underpins key values such as freedom of expression, freedom of association, and freedom of speech, IN YOUR MOBILE PHONE and it is one of the most important, nuanced and complex fundamental rights of contemporary age. For those of us who care deeply about privacy, safety and security, not only for ourselves but also for our development partners and their missions, we need to think of mobile phones as primary computers As mobile phones have transformed from clunky handheld calling devices to nifty touch-screen rather than just calling devices. We need to keep in mind that, as the storage, functionality, and smartphones loaded with apps and supported by cloud access, the networks these phones rely on capability of mobiles increase, so do the risks to users. have become ubiquitous, ferrying vast amounts of data across invisible spectrums and reaching the Can we address these hidden costs to our digital connections? Fortunately, yes! We recommend: most remote corners of the world. • Adopting device, data, network and application safety measures From a technical point-of-view, today’s phones are actually more like compact mobile computers. They are packed with digital intelligence and capable of processing many of the tasks previously confined
    [Show full text]