| 1. |
- Abbas, Haider, et al.
(författare)
-
DUDE: Decryption, Unpacking, Deobfuscation, and Endian Conversion Framework for Embedded Devices Firmware
- 2023
-
Ingår i: IEEE Transactions on Dependable and Secure Computing. - : Institute of Electrical and Electronics Engineers (IEEE). - 1545-5971 .- 1941-0018.
-
Tidskriftsartikel (refereegranskat)abstract
- Commercial-Off-The-Shelf (COTS) embedded devices rely on vendor-specific firmware to perform essential tasks. These firmware have been under active analysis by researchers to check security features and identify possible vendor backdoors. However, consistently unpacking newly created filesystem formats has been exceptionally challenging. To thwart attempts at unpacking, vendors frequently use encryption and obfuscation methods. On the other hand, when handling encrypted, obfuscated, big endian cramfs, or custom filesystem formats found in firmware under test, the available literature and tools are insufficient. This study introduces DUDE, an automated framework that provides novel functionalities, outperforming cutting-edge tools in the decryption, unpacking, deobfuscation, and endian conversion of firmware. For big endian compressed romfs filesystem formats, DUDE supports endian conversion. It also supports deobfuscating obfuscated signatures for successful unpacking. Moreover, decryption support for encrypted binaries from the D-Link and MOXA series has also been added, allowing for easier analysis and access to the contents of these firmware files. Additionally, the framework offers unpacking assistance by supporting the extraction of special filesystem formats commonly found in firmware samples from various vendors. A remarkable 78% (1424 out of 1814) firmware binaries from different vendors were successfully unpacked using the suggested framework. This performance surpasses the capabilities of commercially available tools combined on a single platform.
|
|
| 2. |
|
|
| 3. |
- Chatterjee, Santanu, et al.
(författare)
-
Secure Biometric-Based Authentication Schemeusing Chebyshev Chaotic Map for Multi-Server Environment
- 2018
-
Ingår i: IEEE Transactions on Dependable and Secure Computing. - Piscataway, NJ : IEEE. - 1545-5971 .- 1941-0018. ; 15:5, s. 824-839
-
Tidskriftsartikel (refereegranskat)abstract
- Multi-server environment is the most common scenario for a large number of enterprise class applications. In this environment, user registration at each server is not recommended. Using multi-server authentication architecture, user can manage authentication to various servers using single identity and password. We introduce a new authentication scheme for multi-server environments using Chebyshev chaotic map. In our scheme, we use the Chebyshev chaotic map and biometric verification along with password verification for authorization and access to various application servers. The proposed scheme is light-weight compared to other related schemes. We only use the Chebyshev chaotic map, cryptographic hash function and symmetric key encryption-decryption in the proposed scheme. Our scheme provides strong authentication, and also supports biometrics & password change phase by a legitimate user at any time locally, and dynamic server addition phase. We perform the formal security verification using the broadly-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that the presented scheme is secure. In addition, we use the formal security analysis using the Burrows-Abadi-Needham (BAN) logic along with random oracle models and prove that our scheme is secure against different known attacks. High security and significantly low computation and communication costs make our scheme is very suitable for multi-server environments as compared to other existing related schemes.
|
|
| 4. |
- Cucurull, Jordi, et al.
(författare)
-
Surviving Attacks in Challenged Networks
- 2012
-
Ingår i: IEEE Transactions on Dependable and Secure Computing. - : IEEE Computer Society. - 1545-5971 .- 1941-0018. ; 9:6, s. 917-929
-
Tidskriftsartikel (refereegranskat)abstract
- In the event of a disaster, telecommunication infrastructures can be severely damaged or overloaded. Hastily formed networks can provide communication services in an ad hoc manner. These networks are challenging due to the chaotic context where intermittent connection is the norm and the identity and number of participants cannot be assumed. In such environments malicious actors may try to disrupt the communications to create more chaos for their own benefit. This paper proposes a general security framework for monitoring and reacting to disruptive attacks. It includes a collection of functions to detect anomalies, diagnose them, and perform mitigation. The measures are deployed in each node in a fully distributed fashion, but their collective impact is a significant resilience to attacks, so the actors can disseminate information under adverse conditions. The approach is evaluated in the context of a simulated disaster area network with a many-cast dissemination protocol, Random Walk Gossip, with a store-and-forward mechanism. A challenging threat model where adversaries may 1) try to drain the resources both at node level (battery life) and network level (bandwidth), or 2) reduce message dissemination in their vicinity, without spending much of their own energy, is adopted. The results demonstrate that the approach diminishes the impact of the attacks considerably.
|
|
| 5. |
|
|
| 6. |
- Etemadi, Khashayar, et al.
(författare)
-
Sorald : Automatic Patch Suggestions for SonarQube Static Analysis Violations
- 2022
-
Ingår i: IEEE Transactions on Dependable and Secure Computing. - : Institute of Electrical and Electronics Engineers (IEEE). - 1545-5971 .- 1941-0018. ; , s. 1-1
-
Tidskriftsartikel (refereegranskat)abstract
- Previous work has shown that early resolution of issues detected by static code analyzers can prevent major costs later on. However, developers often ignore such issues for two main reasons. First, many issues should be interpreted to determine if they correspond to actual flaws in the program. Second, static analyzers often do not present the issues in a way that is actionable. To address these problems, we present Sorald: a novel system that uses metaprogramming templates to transform the abstract syntax trees of programs and suggests fixes for static analysis warnings. Thus, the burden on the developer is reduced from interpreting and fixing static issues, to inspecting and approving full fledged solutions. Sorald fixes violations of 10 rules from SonarJava, one of the most widely used static analyzers for Java. We evaluate Sorald on a dataset of 161 popular repositories on Github. Our analysis shows the effectiveness of Sorald as it fixes 65% (852/1,307) of the violations that meets the repair preconditions. Overall, our experiments show it is possible to automatically fix notable violations of the static analysis rules produced by the state-of-the-art static analyzer SonarJava.
|
|
| 7. |
- Fu, Zhang, 1982, et al.
(författare)
-
Mitigating Distributed Denial of Service Attacks in Multiparty Applications in the Presence of Clock Drifts
- 2012
-
Ingår i: IEEE Transactions on Dependable and Secure Computing. - 1545-5971 .- 1941-0018. ; 9:3, s. 401-413
-
Tidskriftsartikel (refereegranskat)abstract
- Network-based applications commonly open some known communication port(s), makingthemselves easy targets for (distributed) denial of service attacks. Earlier solutions for this problem are based on port-hopping between pairs of processes which are synchronous or exchange acknowledgments. However, acknowledgments, if lost, can cause a port to be open for longer time and thus be vulnerable, while time servers can become targets to DoS attack themselves.Here we extend port-hopping to support multi-party applications, by proposing the BIGWHEEL algorithm, for each application-server to communicate with multiple clients in a port-hopping manner without the need for group synchronization.Furthermore, we present an adaptive algorithm, HOPERAA, for enabling hopping in the presence of bounded asynchrony, namely when the communicating parties have clocks with clock drifts. The solutions are simple, based on each client interacting with the server independently of the other clients, without the need of acknowledgments or time server(s).Further, they do not rely on the application having a fixed port open in the beginning, neither do they require the clients to get a "first-contact" port from a third party. We show analytically the properties of the algorithms and also study experimentally their success rates, confirm the relation with the analytical bounds.
|
|
| 8. |
- He, Debiao, et al.
(författare)
-
A Provably-Secure Cross-Domain Handshake Scheme with Symptoms-Matching for Mobile Healthcare Social Network
- 2018
-
Ingår i: IEEE Transactions on Dependable and Secure Computing. - Piscataway, NJ : Institute of Electrical and Electronics Engineers (IEEE). - 1545-5971 .- 1941-0018. ; 15:4, s. 633-645
-
Tidskriftsartikel (refereegranskat)abstract
- With rapid developments of sensor, wireless and mobile communication technologies, Mobile Healthcare Social Networks (MHSNs) have emerged as a popular means of communication in healthcare services. Within MHSNs, patients can use their mobile devices to securely share their experiences, broaden their understanding of the illness or symptoms, form a supportive network, and transmit information (e.g. state of health and new symptoms) between users and other stake holders (e.g. medical center). Despite the benefits afforded by MHSNs, there are underlying security and privacy issues (e.g. due to the transmission of messages via a wireless channel). The handshake scheme is an important cryptographic mechanism, which can provide secure communication in MHSNs (e.g. anonymity and mutual authentication between users, such as patients). In this paper, we present a new framework for the handshake scheme in MHSNs, which is based on hierarchical identity-based cryptography. We then construct an efficient Cross-Domain HandShake (CDHS) scheme that allows symptoms-matching within MHSNs. For example, using the proposed CDHS scheme, two patients registered with different healthcare centers can achieve mutual authentication and generate a session key for future secure communications. We then prove the security of the scheme, and a comparative summary demonstrates that the proposed CDHS scheme requires fewer computation and lower communication costs. We also implement the proposed CDHS scheme and three related schemes in a proof of concept Android app to demonstrate utility of the scheme. Findings from the evaluations demonstrate that the proposed CDHS scheme achieves a reduction of 18.14% and 5.41% in computation cost and communication cost, in comparison to three other related handshake schemes. © 2016 IEEE.
|
|
| 9. |
- Holm, Hannes
(författare)
-
A Large-Scale Study of the Time Required To Compromise a Computer System
- 2014
-
Ingår i: IEEE Transactions on Dependable and Secure Computing. - : IEEE Computer Society. - 1545-5971 .- 1941-0018. ; 11:1, s. 6506084-
-
Tidskriftsartikel (refereegranskat)abstract
- A frequent assumption in the domain of cybersecurity is that cyberintrusions follow the properties of a Poisson process, i.e., that the number of intrusions is well modeled by a Poisson distribution and that the time between intrusions is exponentially distributed. This paper studies this property by analyzing all cyberintrusions that have been detected across more than 260,000 computer systems over a period of almost three years. The results show that the assumption of a Poisson process model might be unoptimalâthe log-normal distribution is a significantly better fit in terms of modeling both the number of detected intrusions and the time between intrusions, and the Pareto distribution is a significantly better fit in terms of modeling the time to first intrusion. The paper also analyzes whether time to compromise (TTC) increase for each successful intrusion of a computer system. The results regarding this property suggest that time to compromise decrease along the number of intrusions of a system.
|
|
| 10. |
- Holm, Hannes, et al.
(författare)
-
Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks
- 2012
-
Ingår i: IEEE Transactions on Dependable and Secure Computing. - 1545-5971 .- 1941-0018. ; 9:6, s. 825-837
-
Tidskriftsartikel (refereegranskat)abstract
- The Common Vulnerability Scoring System (CVSS) is a widely used and well-established standard for classifying the severity of security vulnerabilities. For instance, all vulnerabilities in the US National Vulnerability Database (NVD) are scored according to this method. As computer systems typically have multiple vulnerabilities, it is often desirable to aggregate the score of individual vulnerabilities to a system level. Several such metrics have been proposed, but their quality has not been studied. This paper presents a statistical analysis of how 18 security estimation metrics based on CVSS data correlate with the time-to-compromise of 34 successful attacks. The empirical data originates from an international cyber defense exercise involving over 100 participants and were collected by studying network traffic logs, attacker logs, observer logs, and network vulnerabilities. The results suggest that security modeling with CVSS data alone does not accurately portray the time-to-compromise of a system. However, results also show that metrics employing more CVSS data are more correlated with time-to-compromise. As a consequence, models that only use the weakest link (most severe vulnerability) to compose a metric are less promising than those that consider all vulnerabilities.
|
|
