Security by Default 2015

One of the broad goals of the Science of Security project is to understand more fully the scientific underpinnings of cybersecurity. With this knowledge, the potential for developing systems that, if following these scientific principles, 

is presumed secure. In the meantime, security by default remains a topic of interest and some research. The articles cited here were presented in 2015.

Mustafa, M.A.; Ning Zhang; Kalogridis, G.; Zhong Fan, “MUSP: Multi-service, User Self-controllable and Privacy-preserving System for Smart Metering,” in Communications (ICC), 2015 IEEE International Conference on , vol., no., pp. 788–794, 8-12 June 2015. doi:10.1109/ICC.2015.7248418

Abstract: This paper proposes a Multi-service, User Self-controllable and Privacy-preserving (MUSP) system for secure smart metering. This system has a number of novel properties. Firstly, it can report users’ fine-grained consumption data to grid operators and suppliers securely and with user privacy preservation capability. These are achieved by using a homomorphic encryption technique in conjunction with selective data aggregation and distribution methods, so only the aggregated data are delivered to the authorised data recipients only on a need-to-know basis. Secondly, it allows suppliers to access their customers’ attributable meter readings regularly. To protect users’ privacy, suppliers, by default, can access new data only at a low frequency (e.g. once a month). However, MUSP allows users (1) to adjust (control) this frequency and (2) to release new data by demand (e.g. when change of tariff occurs), thus putting users’ privacy preservation in their own hands. Thirdly, it is equipped with an easy and user friendly supplier switching facility to allow users to switch providers easily and conveniently. Security analysis and performance evaluation demonstrate that the MUSP system can protect users’ privacy while providing these services in an efficient and scalable manner.

Keywords: cryptography; data acquisition; smart meters; MUSP system; distribution methods; homomorphic encryption technique; meter reading; multiservice user self controllable and privacy preserving system; need-to-know basis; secure smart metering; selective data aggregation; Cryptography; Data privacy; Meter reading; Protocols; Registers; Smart grids; Switches (ID#: 15-7253)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7248418&isnumber=7248285

Trang Nguyen, “Using Unrestricted Mobile Sensors to Infer Tapped and Traced User Inputs,” in Information Technology: New Generations (ITNG), 2015 12th International Conference on, vol., no., pp. 151–156, 13–15 April 2015. doi:10.1109/ITNG.2015.29

Abstract: As of January 2014, 58 percent of Americans over the age of 18 own a smart phone. Of these smart phones, Android devices provide some security by requiring that third party application developers declare to users which components and features their applications will access. However, the real time environmental sensors on devices that are supported by the Android API are exempt from this requirement. We evaluate the possibility of exploiting the freedom to discretely use these sensors and expand on previous work by developing an application that can use the gyroscope and accelerometer to interpret what the user has written, even if trace input is used. Trace input is a feature available on Samsung’s default keyboard as well as in many popular third-party keyboard applications. The inclusion of trace input in a key logger application increases the amount of personal information that can be captured since users may choose to use the time-saving trace-based input as opposed to the traditional tap-based input. In this work, we demonstrate that it is indeed possible to recover both tap and trace inputted text using only motion sensor data.

Keywords: accelerometers; application program interfaces; gyroscopes; invasive software; smart phones; Android API; Android device; accelerometer; key logger application; keyboard application; mobile security; motion sensor data; personal information; real-time environmental sensor; smart phone; tapped user input; traced user input; unrestricted mobile sensor; Accelerometers; Accuracy; Feature extraction; Gyroscopes; Keyboards; Sensors; Support vector machines; key logger; mobile malware; mobile security; motion sensors; spyware (ID#: 15-7254)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7113464&isnumber=7113432

Basavaraj, V.; Noyes, D.; Fiondella, L.; Lownes, N., “Mitigating the Impact of Transportation Network Disruptions on Evacuation,” in Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, vol., no., pp. 1–7,

14–16 April 2015. doi:10.1109/THS.2015.7225308

Abstract: Homeland Security Presidential Directive-8 establishes a framework for national preparedness, including a vision, specific scenarios of concern, as well as a task list and target capabilities to be developed. The Department of Homeland Security Science and Technology Directorate has fostered enhanced resilience through sponsorship of tools to simulate the impact of the various disaster scenarios identified. However, the default simulations implemented for each of these scenarios implicitly assume availability of public transportation networks for task such as evacuation and response, yet such availability cannot be guaranteed without explicit consideration of the triggering events on transportation networks. Transportation is especially important as a majority of the scenarios indicate that over half of the affected population will need to be evacuated or self-evacuate and this population may be on the order of hundreds of thousands of people. Given the volume of traffic such scenarios may generate, the automobile transportation network will need to carry the majority of this flow of evacuees. Thus, methods to assess and mitigate the negative impact of transportation network disruptions on all aspects of disaster management, will be essential to reduce communal risk. This paper examines the criticality of public transportation in the context of the planning scenarios, suggesting methods to explicitly incorporate the impact of transportation network disruption. Methods based on dynamic traffic assignment are explored and applied to a small hypothetical scenario inspired by the 2010 Times Square car bombing attempt.

Keywords: automobiles; emergency management; national security; planning; public transport; risk analysis; road traffic; Department of Homeland Security Science and Technology Directorate; Homeland Security Presidential Directive-8; automobile transportation network; communal risk reduction; default simulations; disaster management; dynamic traffic assignment; evacuation; public transportation network; transportation network disruption impact mitigation; triggering events; Automobiles; Hospitals; Planning; Sociology; Statistics; Vehicle dynamics (ID#: 15-7255)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7225308&isnumber=7190491

Shirey, R.G.; Hopkinson, K.M.; Stewart, K.E.; Hodson, D.D.; Borghetti, B.J., “Analysis of Implementations to Secure Git for Use as an Encrypted Distributed Version Control System,” in System Sciences (HICSS), 2015 48th Hawaii International Conference on, vol., no., pp. 5310–5319, 5–8 Jan. 2015. doi:10.1109/HICSS.2015.625

Abstract: This paper analyzes two existing methods for securing Git repositories, Git-encrypt and Git-crypt, by comparing their performance relative to the default Git implementation. Securing a Git repository is necessary when the repository contains sensitive or restricted data. This allows the repository to be stored on any third-party cloud provider with assurance that even if the repository data is leaked, it will remain secure. The analysis of current Git encryption methods is done through a series of tests that examines the performance trade-offs made for added security. This performance is analyzed in terms of size, time, and functionality using three different Git repositories of varying size. The three experiments include initializing and populating a repository, compressing a repository through garbage collection, and modifying then committing files to the repository. The results show that Git maintains functionality with each of these two encryption implementations at the cost of time and repository size. The time increase is found to be a factor ranging from 14 to 38 times the original time. The size increase over multiple commits of edited files is found to increase linearly proportional to the working set of files.

Keywords: cryptography; Git repositories; Git-crypt; Git-encrypt; encrypted distributed version control system; restricted data; sensitive data; Computers; Control systems; Encryption; Kernel; Linux; Vectors; Cloud; Cryptography; Distributed; Git; Open Source; Repository; Secure; Software; Version Control (ID#: 15-7256)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7070454&isnumber=7069647

Biryukov, A.; Pustogarov, I., “Bitcoin over Tor Isn't a Good Idea,” in Security and Privacy (SP), 2015 IEEE Symposium on, vol., no., pp. 122–134, 17–21 May 2015. doi:10.1109/SP.2015.15

Abstract: Bit coin is a decentralized P2P digital currency in which coins are generated by a distributed set of miners and transactions are broadcasted via a peer-to-peer network. While Bit coin provides some level of anonymity (or rather pseudonymity) by encouraging the users to have any number of random-looking Bit coin addresses, recent research shows that this level of anonymity is rather low. This encourages users to connect to the Bit coin network through anonymizers like Tor and motivates development of default Tor functionality for popular mobile SPV clients. In this paper we show that combining Tor and Bit coin creates a new attack vector. A low-resource attacker can gain full control of information flows between all users who chose to use Bit coin over Tor. In particular the attacker can link together user’s transactions regardless of pseudonyms used, control which Bit coin blocks and transactions are relayed to user and can delay or discard user’s transactions and blocks. Moreover, we show how an attacker can fingerprint users and then recognize them and learn their IP addresses when they decide to connect to the Bit coin network directly.

Keywords: IP networks; peer-to-peer computing; security of data; Bit coin network; Bitcoin; IP address; decentralized P2P digital currency; default Tor functionality; information flow; low-resource attacker; peer-to-peer network; popular mobile SPV client; pseudonymity; random-looking Bit coin address; user transactions; Bandwidth; Databases; Online banking; Peer-to-peer computing; Relays; Servers; Anonymity; Bitcoin; P2P; Security; Tor; cryptocurrency (ID#: 15-7257)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7163022&isnumber=7163005

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.