Cryptography and Security (cs.CR)

Abstract: Machine Learning-as-a-Service, a pay-as-you-go business pattern, is widely accepted by third-party users and developers. However, the open inference APIs may be utilized by malicious customers to conduct model extraction attacks, i.e., attackers can replicate a cloud-based black-box model merely via querying malicious examples. Existing model extraction attacks mainly depend on the posterior knowledge (i.e., predictions of query samples) from Oracle. Thus, they either require high query overhead to simulate the decision boundary, or suffer from generalization errors and overfitting problems due to query budget limitations. To mitigate it, this work proposes an efficient model extraction attack based on prior knowledge for the first time. The insight is that prior knowledge of unlabeled proxy datasets is conducive to the search for the decision boundary (e.g., informative samples). Specifically, we leverage self-supervised learning including autoencoder and contrastive learning to pre-compile the prior knowledge of the proxy dataset into the feature extractor of the substitute model. Then we adopt entropy to measure and sample the most informative examples to query the target model. Our design leverages both prior and posterior knowledge to extract the model and thus eliminates generalizability errors and overfitting problems. We conduct extensive experiments on open APIs like Traffic Recognition, Flower Recognition, Moderation Recognition, and NSFW Recognition from real-world platforms, Azure and Clarifai. The experimental results demonstrate the effectiveness and efficiency of our attack. For example, our attack achieves 95.1% fidelity with merely 1.8K queries (cost 2.16$) on the NSFW Recognition API. Also, the adversarial examples generated with our substitute model have better transferability than others, which reveals that our scheme is more conducive to downstream attacks.

Abstract: Smart mobility is a promising approach to meet urban transport needs in an environmentally and and user-friendly way. Smart mobility computes itineraries with multiple means of transportation, e.g., trams, rental bikes or electric scooters, according to customer preferences. A mobility platform cares for reservations, connecting transports, invoicing and billing. This requires sharing sensible personal data with multiple parties, and puts data privacy at risk. In this paper, we investigate if fully homomorphic encryption (FHE) can be applied in practice to mitigate such privacy issues. FHE allows to calculate on encrypted data, without having to decrypt it first. We implemented three typical distributed computations in a smart mobility scenario with SEAL, a recent programming library for FHE. With this implementation, we have measured memory consumption and execution times for three variants of distributed transactions, that are representative for a wide range of smart mobility tasks. Our evaluation shows, that FHE is indeed applicable to smart mobility: With today's processing capabilities, state-of-the-art FHE increases a smart mobility transaction by about 100 milliseconds and less than 3 microcents.

Abstract: Modern cars are getting so computerised that ENISA's phrase "smart cars" is a perfect fit. The amount of personal data that they process is very large and, yet, increasing. Hence, the need to address citizens' privacy while they drive and, correspondingly, the importance of privacy threat modelling (in support of a respective risk assessment, such as through a Data Protection Impact Assessment). This paper addresses privacy threats by advancing a general modelling methodology and by demonstrating it specifically on soft privacy, which ensures citizens' full control on their personal data. By considering all relevant threat agents, the paper applies the methodology to the specific automotive domain while keeping threats at the same level of detail as ENISA's. The main result beside the modelling methodology consists of both domain-independent and automotive domain-dependent soft privacy threats. While cybersecurity has been vastly threat-modelled so far, this paper extends the literature with a threat model for soft privacy on smart cars, producing 17 domain-independent threats that, associated with 41 domain-specific assets, shape a novel set of domain-dependent threats in automotive.

Abstract: While homomorphic encryption (HE) has garnered significant research interest in cloud-based outsourced databases due to its algebraic properties over ciphertexts, the computational overhead associated with HE has hindered its widespread adoption in production database systems. Recently, a caching technique called Radix-based additive caching of homomorphic encryption (Rache) was proposed in SIGMOD'23. The primary objective of this paper is to address the performance overhead resulting from the expensive randomization process in Rache. To achieve this, we propose a novel encryption algorithm called $ASEnc$, which replaces the computationally intensive full scan of radixes with the caching of a polynomial number of radix-powers during an offline stage. This design significantly reduces the performance impact caused by randomization. Furthermore, this paper aims to extend Rache's capabilities to support floating-point numbers. To accomplish this, we introduce a new encryption algorithm named $FSEnc$, leveraging efficient constant multiplication available in state-of-the-art fully homomorphic encryption (FHE) schemes. Notably, $FSEnc$ offers the flexibility to cache the coefficients instead of the radixes themselves, which may result in a large number of cached ciphertexts. However, we manage this efficiently by streaming the dynamically cached ciphertexts through a vector of circular buffers. We demonstrate that both encryption algorithms guarantee semantic security (IND-CPA). To validate their performance, we implement both algorithms as loadable functions in MySQL 8.0 and deploy the system prototype on a 96-core server hosted in the Chameleon Cloud. Experimental results showcase that $ASEnc$ outperforms Rache by 2.3--3.3$\times$, while $FSEnc$ surpasses the state-of-the-art floating-point FHE CKKS by 1.8--5.6$\times$.

Abstract: Vulnerabilities of Ethereum smart contracts often cause serious financial damage. Whereas the Solidity compiler has been updated to prevent vulnerabilities, its effectiveness has not been revealed so far, to the best of our knowledge. In this paper, we shed light on the impact of compiler versions of vulnerabilities of Ethereum smart contracts. To this end, we collected 503,572 contracts with Solidity source codes in the Ethereum blockchain and then analyzed their vulnerabilities. For three vulnerabilities with high severity, i.e., Locked Money, Using tx.origin, and Unchecked Call, we show that their appearance rates are decreased by virtue of major updates of the Solidity compiler. We then found the following four key insights. First, after the release of version 0.6, the appearance rate for Locked Money has decreased. Second, regardless of compiler updates, the appearance rate for Using tx.origin is significantly low. Third, although the appearance rate for Unchecked Call has decreased in version 0.8, it still remains high due to various factors, including code clones. Fourth, through analysis of code clones, our promising results show that the appearance rate for Unchecked Call can be further decreased by removing the code clones.

Abstract: Penetration testing increases the security of systems through tasking testers to 'think like the adversary' and attempt to find the ways that an attacker would break into the system. For many systems, this can be conducted in a safe and controlled way; however, some systems are so critical to human life and safety that the risk of their failure or disablement due to active penetration testing cannot be assumed. These systems are also critical to evaluate the security of, to prevent attackers from disabling them or causing their maloperation; however, this must be done in a manner that doesn't risk the very malady that testing seeks to avoid through the testing process itself. This paper presents P2SCP, a paradigm for penetration testing of systems that cannot be subjected to the risk of penetration testing. It discusses how data collection, the creation of digital twins and cousins and evaluative analysis can be utilized to conduct virtual penetration tests on critical infrastructure systems. This proposed paradigm is analyzed through the use of several case studies.

Abstract: A system vulnerability analysis technique (SVAT) for complex mission critical systems (CMCS) was developed in response to the need to be able to conduct penetration testing on large industrial systems which cannot be taken offline or risk disablement or impairment for conventional penetration testing. SVAT-CMCS facilitates the use of known vulnerability and exploit information, incremental testing of system components and data analysis techniques to identify attack pathways in CMCSs. This data can be utilized for corrective activities or to target controlled manual follow-up testing. This paper presents the SVAT-CMCS paradigm and describes its implementation in a software tool, which was built using the Blackboard Architecture, that can be utilized for attack pathway identification. The performance of this tool is characterized using three example models. In particular, it explores the path generation speed and the impact of link cap restrictions on system operations, under different levels of network size and complexity. Accurate fact-rule processing is also tested using these models. The results show significant decreases in path generation efficiency as the link cap and network complexity increase; however, rule processing accuracy is not impacted.

Abstract: Fuzzing is utilized for testing software and systems for cybersecurity risk via the automated adaptation of inputs. It facilitates the identification of software bugs and misconfigurations that may create vulnerabilities, cause abnormal operations or result in systems' failure. While many fuzzers have been purpose-developed for testing specific systems, this paper proposes a generalized fuzzer that provides a specific capability for testing software and cyber-physical systems which utilize configuration files. While this fuzzer facilitates the detection of system and software defects and vulnerabilities, it also facilitates the determination of the impact of settings on device operations. This later capability facilitates the modeling of the devices in a cybersecurity risk assessment and analysis system. This paper describes and assesses the performance of the proposed fuzzer technology. It also details how the fuzzer operates as part of the broader cybersecurity risk assessment and analysis system.

Abstract: Welch--Gong (WG) is a hardware-oriented LFSR-based stream cipher. WG-7 is a version of the eStream submission Welch--Gong, used for RFID encryption and authentication purposes. It offers 80-bit cryptographic security. In modern days, almost all ciphers achieve the security by exploiting the nonlinear feedback structure. In this paper, we investigate the security of the nonlinear feedback-based initialization phase of the WG-7 stream cipher using the conventional bit-based division property of cube attack, by considering the cipher in a non-blackbox polynomial setting. In our work, we mount the cube attack using mixed-integer-linear-programming(MILP) models. The results of our attack enable us to recover the secret key of WG-7 after 20 rounds of initialization utilizing $2^{10}$ keystream bits in $2^{73}$ time. We show that our proposed attack takes significantly lower data complexity. To the best of our knowledge, our attack is the first one that investigates the security of the nonlinear feedback-based initialization phase of WG-7 cipher.

Abstract: Establishing and maintaining secure communications in the Internet of Things (IoT) is vital to protect smart devices. Zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA) enable IoT devices to establish and maintain secure communications without user interaction by utilizing devices' ambient context, e.g., audio. For autonomous operation, ZIP and ZIA require the context to have enough entropy to resist attacks and complete in a timely manner. Despite the low-entropy context being the norm, like inside an unoccupied room, the research community has yet to come up with ZIP and ZIA schemes operating under such conditions. We propose HARDZIPA, a novel approach that turns commodity IoT actuators into injecting devices, generating high-entropy context. Here, we combine the capability of IoT actuators to impact the environment, e.g., emitting a sound, with a pseudorandom number generator (PRNG) featured by many actuators to craft hard-to-predict context stimuli. To demonstrate the feasibility of HARDZIPA, we implement it on off-the-shelf IoT actuators, i.e., smart speakers, lights, and humidifiers. We comprehensively evaluate HARDZIPA, collecting over 80 hours of various context data in real-world scenarios. Our results show that HARDZIPA is able to thwart advanced active attacks on ZIP and ZIA schemes, while doubling the amount of context entropy in many cases, which allows two times faster pairing and authentication.

Abstract: The immutable and trustable characteristics of blockchain enable smart contracts to be applied in various fields. Unfortunately, smart contracts are subject to various vulnerabilities, which are frequently exploited by attackers, causing financial damage to users.In this paper, we study the problem of vulnerable smart contract function locating. We construct a novel Multi-Relational Nested contract Graph (MRNG) to better characterize the rich syntactic and semantic information in the smart contract code, including the relationships between data and instructions. An MRNG represents a smart contract, where each node represents a function in the smart contract and each edge describes the calling relationship between the functions. In addition, we create a Multi-Relational Function Graph (MRFG) for each function, which characterizes the corresponding function code. That is, each function is characterized as an MRFG, which corresponds to a node in the MRNG. Each MRFG uses different types of edges to represent the different control and data relationships between nodes within a function. We also propose a Multi-Relational Nested Graph Convolutional Network (MRN-GCN) to process the MRNG. MRN-GCN first extracts and aggregates features from each MRFG, using the edge-enhanced graph convolution network and self-attention mechanism. The extracted feature vector is then assigned to the corresponding node in the MRNG to obtain a new Featured Contract Graph (FCG) for the smart contract. Graph convolution is used to further extract features from the FCG. Finally, a feed forward network with a Sigmoid function is used to locate the vulnerable functions. Experimental results on the real-world smart contract datasets show that model MRN-GCN can effectively improve the accuracy, precision, recall and F1-score performance of vulnerable smart contract function locating.

Abstract: Given a collection of vectors $x^{(1)},\dots,x^{(n)} \in \{0,1\}^d$, the selection problem asks to report the index of an "approximately largest" entry in $x=\sum_{j=1}^n x^{(j)}$. Selection abstracts a host of problems--in machine learning it can be used for hyperparameter tuning, feature selection, or to model empirical risk minimization. We study selection under differential privacy, where a released index guarantees privacy for each vectors. Though selection can be solved with an excellent utility guarantee in the central model of differential privacy, the distributed setting lacks solutions. Specifically, strong privacy guarantees with high utility are offered in high trust settings, but not in low trust settings. For example, in the popular shuffle model of distributed differential privacy, there are strong lower bounds suggesting that the utility of the central model cannot be obtained. In this paper we design a protocol for differentially private selection in a trust setting similar to the shuffle model--with the crucial difference that our protocol tolerates corrupted servers while maintaining privacy. Our protocol uses techniques from secure multi-party computation (MPC) to implement a protocol that: (i) has utility on par with the best mechanisms in the central model, (ii) scales to large, distributed collections of high-dimensional vectors, and (iii) uses $k\geq 3$ servers that collaborate to compute the result, where the differential privacy holds assuming an honest majority. Since general-purpose MPC techniques are not sufficiently scalable, we propose a novel application of integer secret sharing, and evaluate the utility and efficiency of our protocol theoretically and empirically. Our protocol is the first to demonstrate that large-scale differentially private selection is possible in a distributed setting.

Abstract: In applications such as end-to-end encrypted instant messaging, secure email, and device pairing, users need to compare key fingerprints to detect impersonation and adversary-in-the-middle attacks. Key fingerprints are usually computed as truncated hashes of each party's view of the channel keys, encoded as an alphanumeric or numeric string, and compared out-of-band, e.g. manually, to detect any inconsistencies. Previous work has extensively studied the usability of various verification strategies and encoding formats, however, the exact effect of key fingerprint length on the security and usability of key fingerprint verification has not been rigorously investigated. We present a 162-participant study on the effect of numeric key fingerprint length on comparison time and error rate. While the results confirm some widely-held intuitions such as general comparison times and errors increasing significantly with length, a closer look reveals interesting nuances. The significant rise in comparison time only occurs when highly similar fingerprints are compared, and comparison time remains relatively constant otherwise. On errors, our results clearly distinguish between security non-critical errors that remain low irrespective of length and security critical errors that significantly rise, especially at higher fingerprint lengths. A noteworthy implication of this latter result is that Signal/WhatsApp key fingerprints provide a considerably lower level of security than usually assumed.

Abstract: Key-value stores typically leave access control to the systems for which they act as storage engines. Unfortunately, attackers may circumvent such read access controls via timing attacks on the key-value store, which use differences in query response times to glean information about stored data. To date, key-value store timing attacks have aimed to disclose stored values and have exploited external mechanisms that can be disabled for protection. In this paper, we point out that key disclosure is also a security threat -- and demonstrate key disclosure timing attacks that exploit mechanisms of the key-value store itself. We target LSM-tree based key-value stores utilizing range filters, which have been recently proposed to optimize LSM-tree range queries. We analyze the impact of the range filters SuRF and prefix Bloom filter on LSM-trees through a security lens, and show that they enable a key disclosure timing attack, which we call prefix siphoning. Prefix siphoning successfully leverages benign queries for non-present keys to identify prefixes of actual keys -- and in some cases, full keys -- in scenarios where brute force searching for keys (via exhaustive enumeration or random guesses) is infeasible.