DOCSLIB.ORG

A Secure One-Use Dynamic Backdoor Password System Based on Public Key Cryptography

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Secure One-Use Dynamic Backdoor Password System Based on Public Key Cryptography A Secure One-use Dynamic Backdoor Password System Based on Public Key Cryptography YU Haitao A Thesis Submitted in Partial Fulfillment of The Requirements For the Degree of Master of Philosophy in Information Engineering • The Chinese University of Hong Kong Jan 2002 The Chinese University of Hong Kong holds the copyright of this thesis. Any person(s) intending to use a part or whole of the materials in the thesis in a proposed publication must seek copyright release from the Dean of the Graduate School. fen 8 IfH 13 jij ^^SUBRARY SYSWy Acknowledgment Here I want to show appreciation to my academic supervisor, Prof. Victor Keh-Wei, for his patient guidance on my research. I just came to Information Integrity Lab only for more than one year. But just in this year, He showed me an attractive research field of cryptography. With his supervision, I find this field interests me much. Also the lab provides me enough equipment for the research work, which enables my free work on my research topic. My thanks will extend to all of my lab members. All the members in the Information Integrity Lab co-operate very well, providing well research environment for me. This has much effect on my thesis research. Finally, I want to thank my family, who give me all hearts support. They make me able to keep all my time and energy on my research work. i Abstract With the development of information technology, people move their lives and business into digital world. Widely adopted digital systems make information security playing an important role in people's daily activities. From the information security point of view, the current authentication methods implemented in information systems are not safe enough even with special administrations. Backdoor password is a common method to solve the problem of lost or forgotten administrative password of an information system. For its function of convenience, this method weakens the system security against hostile activities. The existence of backdoor account also makes a system vulnerable to attacks. Consequently, the information stored in or delivered by the system will face unexpected danger. In this thesis, a new method based on public key cryptography is proposed to replace the traditional backdoor password authentication. Because the system designed in this thesis starts from a totally different point, it overcomes the security problems that are with traditional backdoor password authentication method. Compare to the current backdoor authentication method, our system is more secure, dynamically process the request and all keys are only used once. Additionally to the principle of our newly method to fulfill the backdoor password authentication, this thesis also provide a rough practical multi-user mode system together with the system analysis. Also a concept of partial account is suggested in the system for real case study. ii 摘要 隨著信息技術的發展人們的生活與工作日益走向數碼時代。廣 泛使用的數碼系統將信息安全技術推向舞台的前沿,在人們的曰常 生活何工作中舉足輕重。但是從信息安全的角度出發,即使有專門 的管理,時下的信息系統的身分認證方式仍然不夠十分安全。 在許多信息系統中,解決遺失或忘記管理員口令的方法通常是 使用系統中的後門口令。爲了功能性的實現和使用方便,後門口令 常常削弱系統抵抗敵意行爲的安全性能。同時後門用戶的存在,也 爲黑客攻擊留下方便之門。結果使得信息系統中存儲或傳送的信息 面臨不可預知的危險。 本論文提出了一種基於公鑰密碼學的驗證方法,用於替代現有 後門口令驗證系統解決遺失口令的問題。由於系統基於全新的觀點 設計,因此可以克服現有傳統後門口令驗證系統的安全隱患。與之 相比,本論文提出的系統具有更好的安全性,動態處理過程和所有 關鍵密鑰均爲一次性使用等良好的特性。 本篇論文不僅提出了解決管理員口令遺失問題的全新解決方 法,而且設計出一個基本接近實用的多用戶系統,並作了系統的安 全性分析。本論文還提出了在該系統的具體實現中使用”半用戶” 的槪念。 iii Contents Chapter 1. Introduction 1 1.1 Introduction 1 1.2 Thesis organization 6 Chapter 2. Conventional password authentication and backdoor password schemes ...7 2.1 Password and password authentication 7 2.1.1 Introduction to password and its security problems 7 2.1.2 Front-door passwords vs. backdoor passwords 8 2.1.3 Dynamic passwords vs. static passwords 9 2.2 Forgotten-password problem 10 Chapter 3. Introduction to Cryptography 12 3.1 Introduction to information security 12 3.2 Conventional cryptography 16 3.3 Public-key cryptography 21 3.4 RSA cryptosystem 24 3.5 One-way function 27 3.6 Digital signature 30 3.7 Secret sharing 34 3.8 Zero-knowledge proof. 34 3.9 Key management 36 3.9.1 Key distribution in conventional cryptography 36 3.9.2 Distribution of public keys ..."39 Chapter 4. A secure one-use dynamic backdoor password system based on Public Key Cryptography 42 4.1 System objectives 42 4.2 Simple system and analysis 45 4.2.1 System diagram 45 4.2.2 System protocol 46 4.2.3 Applied technologies 50 4.2.4 System security analysis 52 4.3 Multi-user system and analysis 55 iv 4.3.1 Modification to the system diagram 56 4.3.2 Modification to the system protocol 57 4.3.3 System analysis for multi-user system 64 4.4 Applicable modes and analysis 66 4.5 Conclusion 68 Chapter 5. Conclusion 69 Bibliography 71 Appendix 72 A. Algorithm of MD5 72 B. Algorithm of DSA 76 C. Algorithm ofRSA 79 V Chapter 1. Introduction 1.1 Introduction As time goes by, people's life changes much with the development of information technologies. Almost everyday, people start to turn on their radio or TV to get the latest news when they open their eyes in the morning. And even when planning to go to bed, people would like to check if they get new email till that moment. When people go to work, they manage their normal work according to the information they got, make decisions by exchanging the information and minds their colleagues provided and handle the urgent issues from newly coming messages; when people go out for recreation, they enjoy the movies or music for the relaxing information they are experiencing from them, feel entertained for sharing the information when joining the activities with other people and are enriched by the books they are reading. Maybe they will choose to die if they cannot gain anything through all the means they can. Modem people live with, on and for the information. Fortunately, technologies help people to get and exchange information fast and easily. In the last ten years, the Internet and the applications based on networks go beyond our imaginations. More and more people become familiar with this Internet and its applications and feel it is a really fast and easy way to exchange information. Now, the Internet has grown strong enough to carry the same amount of information as many traditional medias like newspaper and TV, or even more. More and more business, educations, social services find their wide contacts with their intentions with this advanced technology. The Internet and its applications, now called the information technologies, help people live more efficiently in the convenience of obtaining information. If the computers and their wide adoptions in many fields were new industrial revolution, the information technologies would be another peak of this revolution waves. Now come the questions: who provide all kinds of the information covering as many fields as possible and what make the numerous information available to people 1 allover the world? If you are familiar with the information technologies, you maybe tell us the answers are ICPs and networks. What is ICP? It is short for Internet Content Provider, who provides lots of information to the public, all kinds of,in his powerful computer servers. As to network, maybe a pizza boy can explain this term in very simple way and is able to be understood even by my grandma. All the technical guys know that network has nodes and links. Links are the physical paths connecting to all nodes mutually, including the coaxial cables, twisted cables, optical fibers and wireless channels. The nodes are the major function parts, mostly are computers and special networking equipment. ICPs,servers provide the Internet contents. And the special networking equipment is responsible for making the global network a unity using the broadcasting, switching, routing technologies. In another words, the server nodes provide the information while the special networking nodes direct the information to the destinations according to the requests. Till now, we know where our information comes from and how it reaches us. As it is said that some people would choose to die if they cannot exchange the information with others, we begin to worry about the security of these nodes essential to us. Maybe those guys are too exaggerating to do so if lacking of information, but in nowadays, information equals to wealth. You may think of what it will be if "Yahoo!" or "Google™" is out of services for two days. People will feel disturbed a lot - they cannot get what they want from the Internet as usual for they are relying on these Internet searching portal sites to gather information. Or even worse, if the “Hotmail” is down for a whole day, there will be millions of people affected by the failure of this biggest worldwide public mail system. Maybe many businesses will be delayed because the managers cannot confirm the information from the Internet or check and reply the emails as scheduled, and the loss may be in billion dollars. But in most cases, our worry about the stability of the services for both server and networking nodes is not necessary. Those servers and equipment are all produced by worldwide famous manufacturers such as Sun, IBM, HP for the servers, and Cisco, Lucent, Nortel for the networking equipment. The qualities of the nodes can be reliable enough for the manufacturers' sound reputation. And then these nodes, both servers and networking equipment are placed in special rooms with proper temperature, humidity, cleanness and even electronic- magnetism. These rooms are kept very carefully to avoid physical damages like fire and loss of power. And even more, some are guarded by armed soldiers. Finally, all those nodes have 2 administrators whose responsibility is to make everything all right when the nodes go wrong. If some nodes are of high importance, private administrators will be assigned to ensure the reliabilities and function recoveries.
Load more

Recommended publications
  • Backdoors in Software: a Cycle of Fear and Uncertainty
    BACKDOORS IN SOFTWARE: A CYCLE OF FEAR AND UNCERTAINTY Leah Holden, Tufts University, Medford, MA Abstract: With the advent of cryptography and an increasingly online world, an antagonist to the security provided by encryption has emerged: backdoors. Backdoors are slated as insidious but often they aren’t intended to be. Backdoors can just be abused maintenance accounts, exploited vulnerabilities, or created by another agent via infecting host servers with malware. We cannot ignore that they may also be intentionally programmed into the source code of an application. Like with the cyber attrition problem, it may be difficult to determine the root cause of a backdoor and challenging to prove its very existence. These characteristics of backdoors ultimately lead to a state of being that I liken to a cycle of fear where governments or companies throw accusations around, the public roasts the accused, and other companies live in fear of being next. Notably missing from this cycle are any concrete solutions for preventing backdoors. A pervasive problem underlies this cycle: backdoors could be mitigated if software developers and their managers fully embraced the concept that no one should ever be able to bypass authentication. From the Clipper chip to the FBI and Apple’s standoff, we will examine requested, suspected, and proven backdoors up through the end of 2017. We will also look at the aftermath of these incidents and their effect on the relationship between software and government. Introduction: A backdoor has been defined as both “an undocumented portal that allows an administrator to enter the system to troubleshoot or do upkeep” and “ a secret portal that hackers and intelligence agencies used to gain illicit access” (Zetter).
    [Show full text]
  • Veracode.Com
    Joe Brady Senior Solutions Architect [email protected] 1 Detecting Software Austin OWASP Backdoors August 30, 2011 Joe Brady Senior Solutions Architect Software Security Simplified [email protected] About • Veracode provides automated, SaaS-based, application security assessment and remediation capabilities for Internal , external and 3rd party Applications . • Automated techniques include static binary analysis and dynamic analysis . • Founded in 2006, includes application security experts from L 0pht, @stake, Guardent, Symantec, VeriSign and SPI Dynamics/Hewlett Packard 3 Now is a good time to think about software backdoors • Unverified and untested software is everywhere • It’s in your computer, house, car, phone, TV, printer and even refrigerator • Most of that software was developed by people you don’t trust or don’t know very well • You clicked on that link someone sent you didn’t you? What we will cover today (three things to worry think about) • Application Backdoors ‣ Backdoors in the applications you own, are buying or have built ‣ Do you know where your source code was last night? • System Backdoors ‣ Vulnerabilities in the software you use everyday that can be used to implant a system backdoor ‣ E.g. Aurora (CVE-2010-0249) • Mobile Backdoors ‣ Your phone just might be spying on you Attacker Motivation • Most practical method of compromise for many systems ‣ Let the users install your backdoor on systems you have no access to ‣ Looks like legitimate software so may bypass AV • Retrieve and manipulate valuable private data ‣ Looks like legitimate application traffic so little risk of detection by IDS and DLP • For high value targets it becomes cost effective and more reliable.
    [Show full text]
  • A Survey on Smartphones Security: Software Vulnerabilities, Malware, and Attacks
    (IJACSA) International Journal of Advanced Computer Science and Applications Vol. 8, No. 10, 2017 A Survey on Smartphones Security: Software Vulnerabilities, Malware, and Attacks Milad Taleby Ahvanooey*, Prof. Qianmu Li*, Mahdi Rabbani, Ahmed Raza Rajput School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing, P.O. Box 210094 P.R. China. Abstract—Nowadays, the usage of smartphones and their desktop usage (desktop usage, web usage, overall is down to applications have become rapidly popular in people’s daily life. 44.9% in the first quarter of 2017). Further, based on the latest Over the last decade, availability of mobile money services such report released by Kaspersky on December 2016 [3], 36% of as mobile-payment systems and app markets have significantly online banking attacks have targeted Android devices and increased due to the different forms of apps and connectivity increased 8% compared to the year 2015. In all online banking provided by mobile devices, such as 3G, 4G, GPRS, and Wi-Fi, attacks in 2016, have been stolen more than $100 million etc. In the same trend, the number of vulnerabilities targeting around the world. Although Android OS becomes very popular these services and communication networks has raised as well. today, it is exposing more and more vulnerable encounter Therefore, smartphones have become ideal target devices for attacks due to having open-source software, thus everybody malicious programmers. With increasing the number of can develop apps freely. A malware writer (or developer) can vulnerabilities and attacks, there has been a corresponding ascent of the security countermeasures presented by the take advantage of these features to develop malicious apps.
    [Show full text]
  • Backdoor Attacks and Countermeasures on Deep Learning
    1 Backdoor Attacks and Countermeasures on Deep Learning: A Comprehensive Review Yansong Gao, Bao Gia Doan, Zhi Zhang, Siqi Ma, Jiliang Zhang, Anmin Fu, Surya Nepal, and Hyoungshick Kim Abstract—Backdoor attacks insert hidden associations or trig- cases, an attacker can intelligently bypass existing defenses with gers to the deep learning models to override correct inference an adaptive attack. Drawing the insights from the systematic such as classification and make the system perform maliciously review, we also present key areas for future research on the according to the attacker-chosen target while behaving normally backdoor, such as empirical security evaluations from physical in the absence of the trigger. As a new and rapidly evolving trigger attacks, and in particular, more efficient and practical realistic attack, it could result in dire consequences, especially countermeasures are solicited. considering that the backdoor attack surfaces are broad. In 2019, the U.S. Army Research Office started soliciting countermeasures Index Terms—Backdoor Attacks, Backdoor Countermeasures, and launching TrojAI project, the National Institute of Standards Deep Learning (DL), Deep Neural Network (DNN) and Technology has initialized a corresponding online competi- tion accordingly. CONTENTS However, there is still no systematic and comprehensive review of this emerging area. Firstly, there is currently no systematic taxonomy of backdoor attack surfaces according to I Introduction 2 the attacker’s capabilities. In this context, attacks are diverse and not combed. Secondly, there is also a lack of analysis and II A Taxonomy of Adversarial Attacks on Deep comparison of various nascent backdoor countermeasures. In Learning 3 this context, it is uneasy to follow the latest trend to develop II-A Adversarial Example Attack .
    [Show full text]
  • Ransomware Attack: What’S Your Data Recovery Plan?
    RANSOMWARE ATTACK: WHAT’S YOUR DATA RECOVERY PLAN? Learn more about how KeepItSafe can help to reduce costs, save time, and provide compliance for online 888 965 9988 backup, disaster recovery-as-a-Service, mobile data www.keepitsafe.com protection, and cloud SaaS backup — contact us today. [email protected] Understanding and Preventing Ransomware Attacks TABLE OF CONTENTS What is Ransomware and Why is it On the Rise? pg. 03 The Most Common Types of Ransomware pg. 04 How Ransomware Spreads pg. 06 What You Can Do: 10 Steps pg. 08 to Defend Against Ransomware How KeepItSafe® Helps Combat Ransomware pg. 11 2 www.keepitsafe.com Understanding and Preventing Ransomware Attacks WHAT IS RANSOMWARE AND WHY IS IT ON THE RISE? New Ransomware 1,400,000 1,200,000 1,000,000 800,000 600,000 400,000 200,000 0 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 2013 2014 2015 McAfee Labs Threats Report, August 2015 Imagine sitting down at your office computer, logging in to your corporate network, and being greeted by the following onscreen message: “We have locked you out of access to all of your company’s systems, files and other data. To have access restored, please deposit $100,000 in the following bitcoin account.” This is “ransomware,” one of the most prevalent forms of malicious cyber attacks facing businesses today. With a ransomware attack, a cyber hacker infects your network or device with malicious software, usually through code attached to an email or contained within seemingly legitimate software you download from a website. Once the malicious software propagates through your systems, the hacker can then encrypt your data — and contact you with an offer to pay a ransom to get the data back.
    [Show full text]
  • Back Door and Remote Administration Programs
    By:By:XÇzXÇzAA TÅÅtÜTÅÅtÜ ]A]A `t{ÅÉÉw`t{ÅÉÉw SupervisedSupervised By:DrBy:Dr.. LoLo’’aiai TawalbehTawalbeh New York Institute of Technology (NYIT)-Jordan’s Campus 1 Eng. Ammar Mahmood 11/2/2006 Introduction A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication or securing remote access to a computer, while attempting to remain hidden from casual inspection.(unauthorized persons/systems) Most backdoors are autonomic malicious programs that must be somehow installed to a computer. Some parasites do not require the installation, as their parts are already integrated into particular SW running on a remote host. 11/2/2006 Eng. Ammar Mahmood 2 Introduction The backdoor may take the form of an installed program (e.g., Back Orifice or the Sony/BMG rootkit backdoor installed when any of millions of Sony music CDs were played on a Windows computer), or could be a modification to a legitimate program. 11/2/2006 Eng. Ammar Mahmood 3 Ways of Infection Typical backdoors can be accidentally installed by unaware users. Some backdoors come attached to e- mail messages or are downloaded from the Internet using file sharing programs. Their authors give them unsuspicious names and trick users into opening or executing such files (Trojan horse ). Backdoors often are installed by other parasites like viruses, worms or even spyware (even antispyware e.g. AdWare SpyWare SE ). They get into the system without user knowledge and consent and affect everybody who uses a compromised computer. Some threats can be manually installed by malicious local users who have sufficient privileges for the software installation.
    [Show full text]
  • Backdoors in Crypto the Problem with Castles
    Backdoors in Crypto The Problem with Castles. Treason Doors. Nottingham Castle. ● Roger Mortimer, 1st Earl of March ruled from Nottingham Castle. Nottingham Castle. ● Roger Mortimer, 1st Earl of March ruled from Nottingham Castle. ● Nottingham Castle had a secret tunnel that bypassed all the defenses. Nottingham Castle. ● Roger Mortimer, 1st Earl of March ruled from Nottingham Castle. ● Nottingham Castle had a secret tunnel that bypassed all the defenses. ● 1330 AD - Secret passage isn’t so secret. ○ Overseer of the castle betrays Mortimer. ○ Leads raid through secret tunnel. ○ kills Mortimer’s guards, arrests Mortimer. ○ Mortimer is executed soon after. Maginot Line Fortifications. ● French WW2 fortifications. ● Claim: Designed so that if captured, they would be easier to recapture. What does this have to do with Crypto? ● Can you design a cipher that would keep you secure but you could break if other people used it? ● How? ● What properties should such a backdoor have? Backdoors Definition: ● Backdoors are built-in methods of bypassing the security of a system. Dual EC DRBG Backdoor: Overview ● Dual Elliptic Curve Deterministic Random Bit Generator. ● Backdoored by the NSA. ● Deployed in commercial systems. ● Exposed by Academic Cryptographers and Snowden. Dual EC DRBG Backdoor: How ● Dual Elliptic Curve Deterministic Random Bit Generator. ● Like Blum-Micali, but generates many bits at a time. Dual EC DRBG Backdoor: The players ● NSA - National Security Agency ○ Offensive/Defensive mission: Makes & breaks codes/ciphers, ○ Captures, listens to & analyzes communications. ● NIST - National Institute of Standards and Technology ○ Creates & evaluates national technology standards. ○ Trusted as a fair player nationally & internationally. ● RSA ○ Technology company, created to commercialize public key encryption.
    [Show full text]
  • Hunting Trojan Horses
    NUCAR Technical Report TR-01 January 2006 Hunting Trojan Horses Version 1.0 Micha Moffie and David Kaeli 1 Hunting Trojan Horses Micha Moffie and David Kaeli Computer Architecture Research Laboratory Northeastern University, Boston, MA {mmoffie,kaeli}@ece.neu.edu Abstract In this report we present HTH (Hunting Trojan Horses), a security framework for detecting Trojan Horses and Backdoors. The framework is composed of two main parts: 1) Harrier – an application security monitor that performs run-time monitoring to dynamically collect execution-related data, and 2) Secpert – a security-specific Expert System based on CLIPS, which analyzes the events collected by Harrier. Our main contributions to the security research are three-fold. First we identify common malicious behaviors, patterns, and characteristics of Trojan Horses and Backdoors. Second we develop a security policy that can identify such malicious behavior and open the door for effectively using expert systems to implement complex security policies. Third, we construct a prototype that successfully detects Trojan Horses and Backdoors. 1 Introduction Computer attacks grew at an alarming rate in 2004 [26] and this rate is expected to rise. Additionally, zero-day attack exploits are already being sold on the black market. Cases in which malicious code was used for financial gain were reported in the 2005 Symantec Internet Security Threat Report [31] (for the first half of 2005). Symantec also reports a rise in the occurrence of malicious code that exposes confidential information. They further report that this class of malicious code attack represents 74% of the top 50 code samples reported to Symantec in 2005 [31].
    [Show full text]
  • Defending Against Backdoor Techniques Used in Targeted Attacks
    TrendLabs Although the motivation behind targeted attack campaigns may vary, threat actors continue to go after the ‘crown jewels’ or confidential company data of enterprises. Based on a Harvard Business Review study,1 there are four types of data commonly stolen in targeted attacks: personally identifiable information (PII) (28%), authentication credentials (21%), intellectual property (20%), and other sensitive corporate/organizational data (16%). Before getting to the crown jewels, though, attackers need to gather a whole lot of other information about their target in order to infiltrate the network without being detected. This may involve gathering publicly available information about the target, as well as information about the target’s network infrastructure. The latter is often done with the use of malware, such as remote access tools or backdoors. Backdoors play a critical role in targeted attacks. Besides being the primary tool for stealing data, it is also through backdoors that attackers are able to go deeper into the target network without being detected. For this reason, threat actors often employ a wide-array of backdoor techniques to evade detection. For instance, attackers will launch a first-line backdoor to execute commands and establish command- and-control (C&C) communications. This will download the second-line backdoor that will steal information from compromised systems that attackers can use to be able to go deeper into their target networks. In the data exfiltration stage, backdoors are used for uploading files and employing certain ports to hide attackers’ malicious tracks. Figure 1. Backdoor techniques in targeted attacks 1 Scott Shackelford. (April 16, 2014).
    [Show full text]
  • Example of Trojan Horse
    Example Of Trojan Horse Hassan fled his motherliness jumps saliently or next after Gerhardt premises and clabber heroically, unicolor and catenate. Maury usually mangling flirtingly or clamour unmeaningly when genteel Kurtis brutify lest and languishingly. Lex influencing kitty-cornered if xerophilous Lucio hocus or centrifuging. And according to experts, it remains so. As with protecting against most common cybersecurity threats, effective cybersecurity software should be your front line of protection. But what if you need to form an allegiance with this person? Another type of the virus, Mydoom. Wonder Friends to read. When first developed, Gozi used rootkit components to hide its processes. What appearsto have been correctly uninstalled or malware that i get the date, or following paper describes the horse of! Please enter your password! Adware is often known for being an aggressive advertising software that puts unwanted advertising on your computer screen. In as far as events are concerned; the central Intelligence Agency has been conducting searches for people who engage in activities such as drug trafficking and other criminal activities. If someone tries to use your computer, they have to know your password. No matter whether a company favors innovation or not, today innovation is key not only to high productivity and growth, but to the mere survival in the highly competitive environment. The fields may be disguised as added security questions that could give the criminal needed information to gain access to the account later on. It is surprising how far hackers have come to attack people, eh? Run script if the backdoor is found, it will disconnect you from the server, and write to the console the name of the backdoor that you can use later.
    [Show full text]
  • The Trojan Horse Defense in Cybercrime Cases, 21 Santa Clara High Tech
    Santa Clara High Technology Law Journal Volume 21 | Issue 1 Article 1 2004 The rT ojan Horse Defense in Cybercrime Cases Susan W. Brenner Brian Carrier Jef Henninger Follow this and additional works at: http://digitalcommons.law.scu.edu/chtlj Part of the Law Commons Recommended Citation Susan W. Brenner, Brian Carrier, and Jef Henninger, The Trojan Horse Defense in Cybercrime Cases, 21 Santa Clara High Tech. L.J. 1 (2004). Available at: http://digitalcommons.law.scu.edu/chtlj/vol21/iss1/1 This Article is brought to you for free and open access by the Journals at Santa Clara Law Digital Commons. It has been accepted for inclusion in Santa Clara High Technology Law Journal by an authorized administrator of Santa Clara Law Digital Commons. For more information, please contact [email protected]. ARTICLES THE TROJAN HORSE DEFENSE IN CYBERCRIME CASES Susan W. Brennert & Brian Carrier with Jef Henninger* TABLE OF CONTENTS I. INTRODUCTION ............................................................. 3 II. LEGAL ISSUES ............................................................ 14 A. How the Trojan Horse Defense Is Used ...................... 16 1. Raise Reasonable Doubt ............................................ 16 2. Negate Mens Rea ..................................................... 18 3. Establishing the Defense .......................................... 18 B. How Can the Prosecution Respond? ............. .......... 21 1. Establish Defendant's Computer Expertise .............. 22 2. "Character" Evidence ..............................................
    [Show full text]
  • An Enhanced Fuzzing Framework for Physical SOHO Router Devices To
    Zhang et al. Cybersecurity (2021) 4:24 Cybersecurity https://doi.org/10.1186/s42400-021-00091-9 RESEARCH Open Access ESRFuzzer: an enhanced fuzzing framework for physical SOHO router devices to discover multi-Type vulnerabilities Yu Zhang1,2,3,4, Wei Huo1,2,3,4, Kunpeng Jian1,2,3,4, Ji Shi1,2,3,4,LongquanLiu1,2,3,4,YanyanZou1,2,3,4* , Chao Zhang5,6 and Baoxu Liu1,2,3,4 Abstract SOHO (small office/home office) routers provide services for end devices to connect to the Internet, playing an important role in cyberspace. Unfortunately, security vulnerabilities pervasively exist in these routers, especially in the web server modules, greatly endangering end users. To discover these vulnerabilities, fuzzing web server modules of SOHO routers is the most popular solution. However, its effectiveness is limited due to the lack of input specification, lack of routers’ internal running states, and lack of testing environment recovery mechanisms. Moreover, existing worksfordevicefuzzingaremorelikelytodetectmemorycorruptionvulnerabilities. In this paper, we propose a solution ESRFuzzer to address these issues. It is a fully automated fuzzing framework for testing physical SOHO devices. It continuously and effectively generates test cases by leveraging two input semantic models, i.e., KEY-VALUE data model and CONF-READ communication model, and automatically recovers the testing environment with power management. It also coordinates diversified mutation rules with multiple monitoring mechanisms to trigger multi-type vulnerabilities. With the guidance of the two semantic models, ESRFuzzer can work in two ways: general mode fuzzing and D-CONF mode fuzzing. General mode fuzzing can discover both issues which occur in the CONF and READ operation, while D-CONF mode fuzzing focus on the READ-op issues especially missed by general mode fuzzing.
    [Show full text]