Cryptography and Security (cs.CR)

Abstract: Phone scams remain a difficult problem to tackle due to the combination of protocol limitations, legal enforcement challenges and advances in technology enabling attackers to hide their identities and reduce costs. Scammers use social engineering techniques to manipulate victims into revealing their personal details, purchasing online vouchers or transferring funds, causing significant financial losses. This paper aims to establish a methodology with which to semi-automatically analyze scam calls and infer information about scammers, their scams and their strategies at scale. Obtaining data for the study of scam calls is challenging, as true scam victims do not in general record their conversations. Instead, we draw from the community of ``scam baiters'' on YouTube: individuals who interact knowingly with phone scammers and publicly publish their conversations. These can not be considered as true scam calls, however they do provide a valuable opportunity to study scammer scripts and techniques, as the scammers are unaware that they are not speaking to a true scam victim for the bulk of the call. We applied topic and time series modeling alongside emotion recognition to scammer utterances and found clear evidence of scripted scam progressions that matched our expectations from close reading. We identified social engineering techniques associated with identified script stages including the apparent use of emotion as a social engineering tool. Our analyses provide new insights into strategies used by scammers and presents an effective methodology to infer such at scale. This work serves as a first step in building a better understanding of phone scam techniques, forming the ground work for more effective detection and prevention mechanisms that draw on a deeper understanding of the phone scam phenomenon.

Abstract: This paper investigates the challenges and opportunities of implementing the African Union Convention on Cyber Security and Personal Data Protection (AUDPC) across Africa. Focusing on legal, regulatory, technical, infrastructural, capacity building, awareness, Harmonization, and cross-border cooperation challenges, the paper identifies key findings that highlight the diverse legal systems and traditions, the lack of comprehensive data protection laws, the need to balance national security and data privacy, the digital divide, cybersecurity threats, implications of emerging technologies on data privacy, limited resources for data protection authorities, and the need for capacity building in data privacy and protection. The paper also emphasizes the importance of Harmonization and cross-border cooperation in aligning data protection frameworks and collaborating with international partners and global organizations. To address these challenges and facilitate the successful implementation of the AUDPC, the paper proposes a set of recommendations, including strengthening legal and regulatory frameworks, enhancing technical and infrastructural capacities, fostering capacity-building and awareness initiatives, promoting Harmonization and cross-border cooperation, and engaging with global data protection trends and developments.

Abstract: A major security threat to an integrated circuit (IC) design is the Hardware Trojan attack which is a malicious modification of the design. Previously several papers have investigated into side-channel analysis to detect the presence of Hardware Trojans. The side channel analysis were prescribed in these papers as an alternative to the conventional logic testing for detecting malicious modification in the design. It has been found that these conventional logic testing are ineffective when it comes to detecting small Trojans due to decrease in the sensitivity due to process variations encountered in the manufacturing techniques. The main paper under consideration in this survey report focuses on proposing a new technique to detect Trojans by using multiple-parameter side-channel analysis. The novel idea will be explained thoroughly in this survey report. We also look into several other papers, which talk about single parameter analysis and how they are implemented. We analyzed the short comings of those single parameter analysis techniques and we then show how this multi-parameter analysis technique is better. Finally we will talk about the combined side-channel analysis and logic testing approach in which there is higher detection coverage for hardware Trojan circuits of different types and sizes.

Abstract: Over-the-Air (OTA) software updates are becoming essential for electric/electronic vehicle architectures in order to reduce recalls amid the increasing software bugs and vulnerabilities. Current OTA update architectures rely heavily on direct cellular repository-to-vehicle links, which makes the repository a communication bottleneck, and increases the cellular bandwidth utilization cost as well as the software download latency. In this paper, we introduce ScalOTA, an end-to-end scalable OTA software update architecture and secure protocol for modern vehicles. For the first time, we propose using a network of update stations, as part of Electric Vehicle charging stations, to boost the download speed through these stations, and reduce the cellular bandwidth overhead significantly. Our formalized OTA update protocol ensures proven end-to-end chain-of-trust including all stakeholders: manufacturer, suppliers, update stations, and all layers of in-vehicle Electric Control Units (ECUs). The empirical evaluation shows that ScalOTA reduces the bandwidth utilization and download latency up to an order of magnitude compared with current OTA update systems.

Abstract: Extended Asynchronous DRAM Refresh (eADR) proposed by Intel extends the persistence domain from the Non-Volatile Memory (NVM) to CPU caches and offers the persistence guarantee. Due to allowing lazy persistence and decreasing the amounts of instructions, eADR-based NVM systems significantly improve performance. Existing designs however fail to provide efficient encryption schemes to ensure data confidentiality in eADR-based NVM systems. It is challenging to guarantee both data persistence and confidentiality in a cost-efficient manner due to the transient persistence property of caches in eADR. Once the system crashes, eADR flushes the unencrypted data from the cache into NVM, in which security issues occur due to no encryption. To bridge the gap between persistence and confidentiality, we propose cost-efficient BBE and Sepencr encryption schemes that efficiently match different eADR execution models from ideal to practice. Under the ideal eADR execution model, BBE supports the encryption module via the battery of eADR upon crashes. Under the practical eADR execution model, Sepencr generates the one-time paddings (OTPs) at the system startup to encrypt the cached data in case the system crashes. Our evaluation results show that compared with an intuitive in-cache encryption scheme in eADR-based systems, our designs significantly reduce performance overheads while efficiently ensuring data confidentiality.

Abstract: Possible manipulation of user transactions by miners in a permissionless blockchain systems is a growing concern. This problem is a pervasive and systemic issue, known as Miner Extractable Value (MEV), incurs highs costs on users of decentralised applications. Furthermore, transaction manipulations create other issues in blockchain systems such as congestion, higher fees, and system instability. Detecting transaction manipulations is difficult, even though it is known that they originate from the pre-consensus phase of transaction selection for a block building, at the base layer of blockchain protocols. In this paper we summarize known transaction manipulation attacks. We then present L{\O}, an accountable base layer protocol specifically designed to detect and mitigate transaction manipulations. L{\O} is built around accurate detection of transaction manipulations and assignment of blame at the granularity of a single mining node. L{\O} forces miners to log all the transactions they receive into a secure mempool data structure and to process them in a verifiable manner. Overall, L{\O} quickly and efficiently detects reordering, injection or censorship attempts. Our performance evaluation shows that L{\O} is also practical and only introduces a marginal performance overhead.

Abstract: As the prevalence of data analysis grows, safeguarding data privacy has become a paramount concern. Consequently, there has been an upsurge in the development of mechanisms aimed at privacy-preserving data analyses. However, these approaches are task-specific; designing algorithms for new tasks is a cumbersome process. As an alternative, one can create synthetic data that is (ideally) devoid of private information. This paper focuses on privacy-preserving data synthesis (PPDS) by providing a comprehensive overview, analysis, and discussion of the field. Specifically, we put forth a master recipe that unifies two prominent strands of research in PPDS: statistical methods and deep learning (DL)-based methods. Under the master recipe, we further dissect the statistical methods into choices of modeling and representation, and investigate the DL-based methods by different generative modeling principles. To consolidate our findings, we provide comprehensive reference tables, distill key takeaways, and identify open problems in the existing literature. In doing so, we aim to answer the following questions: What are the design principles behind different PPDS methods? How can we categorize these methods, and what are the advantages and disadvantages associated with each category? Can we provide guidelines for method selection in different real-world scenarios? We proceed to benchmark several prominent DL-based methods on the task of private image synthesis and conclude that DP-MERF is an all-purpose approach. Finally, upon systematizing the work over the past decade, we identify future directions and call for actions from researchers.

Abstract: In LFSR-based stream ciphers, the knowledge of the feedback equation of the LFSR plays a critical role in most attacks. In word-based stream ciphers such as those in the SNOW series, even if the feedback configuration is hidden, knowing the characteristic polynomial of the state transition matrix of the LFSR enables the attacker to create a feedback equation over $GF(2)$. This, in turn, can be used to launch fast correlation attacks. In this work, we propose a method for hiding both the feedback equation of a word-based LFSR and the characteristic polynomial of the state transition matrix. Here, we employ a $z$-primitive $\sigma$-LFSR whose characteristic polynomial is randomly sampled from the distribution of primitive polynomials over $GF(2)$ of the appropriate degree. We propose an algorithm for locating $z$-primitive $\sigma$-LFSR configurations of a given degree. Further, an invertible matrix is generated from the key. This is then employed to generate a public parameter which is used to retrieve the feedback configuration using the key. If the key size is $n$- bits, the process of retrieving the feedback equation from the public parameter has a average time complexity $\mathbb{O}(2^{n-1})$. The proposed method has been tested on SNOW 2.0 and SNOW 3G for resistance to fast correlation attacks. We have demonstrated that the security of SNOW 2.0 and SNOW 3G increases from 128 bits to 256 bits.

Abstract: Nowadays, systematic security risk analysis plays a vital role in the automotive domain. The demand for advanced driver assistance systems and connectivity of vehicles to the internet makes cyber-security a crucial requirement for vehicle manufacturers. This paper summarizes the risk analysis method stated in the recently released automotive security standard ISO/SAE 21434, which lays the high-level principles for threat analysis and risk assessment (TARA) methods. Following, we introduce a specific use case to compare different security analysis approaches which OEMs can benefit from to achieve compliance with the standard.

Abstract: Fuzzing has emerged as a powerful technique for finding security bugs in complicated real-world applications. American fuzzy lop (AFL), a leading fuzzing tool, has demonstrated its powerful bug finding ability through a vast number of reported CVEs. However, its random mutation strategy is unable to generate test inputs that satisfy complicated branching conditions (e.g., magic-byte comparisons, checksum tests, and nested if-statements), which are commonly used in image decoders/encoders, XML parsers, and checksum tools. Existing approaches (such as Steelix and Neuzz) on addressing this problem assume unrealistic assumptions such as we can satisfy the branch condition byte-to-byte or we can identify and focus on the important bytes in the input (called hot-bytes) once and for all. In this work, we propose an approach called \tool~which is designed based on the following principles. First, there is a complicated relation between inputs and branching conditions and thus we need not only an expressive model to capture such relationship but also an informative measure so that we can learn such relationship effectively. Second, different branching conditions demand different hot-bytes and we must adjust our fuzzing strategy adaptively depending on which branches are the current bottleneck. We implement our approach as an open source project and compare its efficiency with other state-of-the-art fuzzers. Our evaluation results on 10 real-world programs and LAVA-M dataset show that \tool~achieves sustained increases in branch coverage and discovers more bugs than other fuzzers.

Abstract: Tor is the most popular anonymous communication overlay network which hides clients' identities from servers by passing packets through multiple relays. To provide anonymity to both clients and servers, Tor onion services were introduced by increasing the number of relays between a client and a server. Because of the limited bandwidth of Tor relays, large numbers of users, and multiple layers of encryption at relays, onion services suffer from high end-to-end latency and low data transfer rates, which degrade user experiences, making onion services unsuitable for latency-sensitive applications. In this paper, we present a UDP-based framework, called DarkHorse, that improves the end-to-end latency and the data transfer overhead of Tor onion services by exploiting the connectionless nature of UDP. Our evaluation results demonstrate that DarkHorse is up to 3.62x faster than regular TCP-based Tor onion services and reduces the Tor network overhead by up to 47%.

Abstract: The various benefits of multi-tenanting, such as higher device utilization and increased profit margin, intrigue the cloud field-programmable gate array (FPGA) servers to include multi-tenanting in their infrastructure. However, this property makes these servers vulnerable to power side-channel (PSC) attacks. Logic designs such as ring oscillator (RO) and time-to-digital converter (TDC) are used to measure the power consumed by security critical circuits, such as advanced encryption standard (AES). Firstly, the existing works require higher minimum traces for disclosure (MTD). Hence, in this work, we improve the sensitivity of the TDC-based sensors by manually placing the FPGA primitives inferring these sensors. This enhancement helps to determine the 128-bit AES key using 3.8K traces. Secondly, the existing defenses use ROs to defend against PSC attacks. However, cloud servers such as Amazon Web Services (AWS) block design with combinatorial loops. Hence, we propose a placement-based defense. We study the impact of (i) primitive-level placement on the AES design and (ii) additional logic that resides along with the AES on the correlation power analysis (CPA) attack results. Our results showcase that the AES along with filters and/or processors are sufficient to provide the same level or better security than the existing defenses.

Abstract: Data exfiltration over the DNS protocol and its detection have been researched extensively in recent years. Prior studies focused on offline detection methods, which although capable of detecting attacks, allow a large amount of data to be exfiltrated before the attack is detected and dealt with. In this paper, we introduce Information-based Heavy Hitters (ibHH), a real-time detection method which is based on live estimations of the amount of information transmitted to registered domains. ibHH uses constant-size memory and supports constant-time queries, which makes it suitable for deployment on recursive DNS servers to further reduce detection and response time. In our evaluation, we compared the performance of the proposed method to that of leading state-of-the-art DNS exfiltration detection methods on real-world datasets comprising over 250 billion DNS queries. The evaluation demonstrates ibHH's ability to successfully detect exfiltration rates as slow as 0.7B/s, with a false positive alert rate of less than 0.004, with significantly lower resource consumption compared to other methods.