Loading…
25th USENIX Security Symposium has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Monday, August 8
 

8:00am

9:00am

Welcome
Monday August 8, 2016 9:00am - 9:15am
Texas Ballroom 2–3

9:00am

9:00am

Retelling the Retail Security Story
In retail, everyone is a Target, but that doesn’t mean what it used to. Anyone who provides commercial services to consumers – gaming, hospitality, travel, food and beverage, and more – is in the attackers’ sights for increasingly creative gambits. In this talk, we’ll look at the colliding worlds of cybersecurity and traditional fraud; how automation and scale are benefiting both offense and defense; why chip cards may not matter that much; and how retailers are collaborating in a cutthroat market so that you can have secure shoes and caramel lattes.

Speakers

Monday August 8, 2016 9:00am - 10:00am
Texas Ballroom 1

9:15am

Large-Scale Automated Vulnerability Addition and the Search for Truth
Work on automating vulnerability discovery has long been hampered by a shortage of ground-truth corpora with which to evaluate tools and techniques. This lack of ground truth prevents authors and users of tools alike from being able to measure such fundamental quantities as miss and false alarm rates. In this talk, we detail LAVA, a novel dynamic taint analysis-based technique for producing ground-truth corpora by quickly and automatically injecting large numbers of realistic bugs into program source code. Every LAVA bug is accompanied by an input that triggers it whereas normal inputs are extremely unlikely to do so. These vulnerabilities are synthetic but, we argue, still realistic, in the sense that they are embedded deep within programs and are triggered by real inputs. LAVA has already been used to inject thousands of bugs into programs of between 10K and 2M LOC, and we have begun to use the resulting corpora to evaluate bug finding tools.

Speakers

Monday August 8, 2016 9:15am - 10:30am
Texas Ballroom 2–3

9:30am

Keynote Address
Speakers

Monday August 8, 2016 9:30am - 10:30am
Texas Ballroom 5-7

10:00am

Break with Refreshments
Monday August 8, 2016 10:00am - 10:30am
Texas Ballroom Foyer

10:30am

10:30am

Acceleration Attacks on PBKDF2: Or, What Is inside the Black-Box of oclHashcat?

The Password Based Key Derivation Function v2 (PBKDF2) is an important cryptographic primitive that has practical relevance to many widely deployed security systems. We investigate accelerated attacks on PBKDF2 with commodity GPUs, reporting the fastest attack on the primitive to date, outperforming the previous stateof- the-art oclHashcat. We apply our attack to Microsoft .NET framework, showing that a consumer-grade GPU can break an ASP.NET password in less than 3 hours, and we discuss the application of our attack toWiFi Protected Access (WPA2).

We consider both algorithmic optimisations of crypto primitives and OpenCL kernel code optimisations and empirically evaluate the contribution of individual optimisations on the overall acceleration. In contrast to the common view that GPU acceleration is primarily driven by massively parallel hardware architectures, we demonstrate that a proportionally larger contribution to acceleration is made through effective algorithmic optimisations. Our work also contributes to understanding what is going on inside the black box of oclHashcat.



Monday August 8, 2016 10:30am - 11:00am
Texas Ballroom 1

11:00am

Can Knowledge of Technical Debt Help Identify Software Vulnerabilities?
Software vulnerabilities originating from design decisions are hard to find early and time consuming to fix later. We investigated whether the problematic design decisions themselves might be relatively easier to find, based on the concept of “technical debt,” i.e., design or implementation constructs that are expedient in the short term but make future changes and fixes more costly. If so, can knowing which components contain technical debt help developers identify and manage certain classes of vulnerabilities? This paper provides our approach for using knowledge of technical debt to identify software vulnerabilities that are difficult to find using only static analysis of the code. We present initial findings from a study of the Chromium open source project that motivates the need to examine a combination of evidence: quantitative static analysis of anomalies in code, qualitative classification of design consequences in issue trackers, and software development indicators in the commit history.


Monday August 8, 2016 11:00am - 11:30am
Texas Ballroom 2–3

11:00am

DNS-sly: Avoiding Censorship through Network Complexity
We design DNS-sly, a counter-censorship system which enables a covert channel between a DNS client and server. To achieve covertness and deniability in the upstream direction, DNS-sly applies user personalization, adapting to individual behaviors. In the downstream direction, it utilizes CDN-related DNS responses to embed data, while retaining statistical covertness. We show DNS-sly achieves downstream throughput of up to 600 Bytes of raw hidden data per click on a regular Web page, making it a practical system in the context of a covert Web proxy service. We implement DNS-sly and evaluate it in a known censorship environment, demonstrating its real-world usability.


Monday August 8, 2016 11:00am - 11:30am
Texas Ballroom 5-7

11:00am

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

We investigate nonce reuse issues with the GCM block cipher mode as used in TLS and focus in particular on AES-GCM, the most widely deployed variant. With an Internet-wide scan we identified 184 HTTPS servers repeating nonces, which fully breaks the authenticity of the connections. Affected servers include large corporations, financial institutions, and a credit card company. We present a proof of concept of our attack allowing to violate the authenticity of affected HTTPS connections which in turn can be utilized to inject seemingly valid content into encrypted sessions. Furthermore, we discovered over 70,000 HTTPS servers using random nonces, which puts them at risk of nonce reuse, in the unlikely case that large amounts of data are sent via the same session.



Speakers
HB

Hanno Böck

Writer, Freelance
PJ

Philipp Jovanovic

École polytechnique fédérale de Lausanne (EPFL)
avatar for Juraj Somorovsky

Juraj Somorovsky

Security Consultant, Ruhr-University Bochum
Juraj Somorovsky finished his PhD in the area of XML Security in 2013. In his thesis „On the Insecurity of XML Security“ he analyzes various attacks on Web Services and presents practical countermeasures against these attacks, which were applied in XML Security specifications... Read More →


Monday August 8, 2016 11:00am - 11:30am
Texas Ballroom 1

11:30am

Chappie Swarm: Persona-Driven Web Corpus Generation
A common issue amongst security researchers is the lack of publicly available network traffic traces. In this paper we present Chappie Swarm, which seeks to emulate human behavior in regard to internet browsing. The experimenter can unleash a number of automated chappies which will assume pre-defined personas, and then actively go out and query websites while simultaneously recording their browsing behavior, and saving the network trace as a packet capture file. Unlike other traffic generators, Chappie Swarm distinguishes itself fundamentally by utilizing this ”persona” approach, while also not needing to be ”seeded” by a previously recorded traffic capture.


Monday August 8, 2016 11:30am - 12:00pm
Texas Ballroom 2–3

11:30am

Matryoshka: Hiding Secret Communication in Plain Sight
We want to enable a pair of communicating users to exchange secret messages while hiding the fact that secret communication is taking place. We propose a linguistic steganography approach, where each human message is hidden in another human-like message. A hard open question is how to keep the steganographic message small – existing related tools tend to blow up its size, thereby revealing the use of steganography. We encrypt by compressing each message, mapping it to a plausible sequence of words (using a language model), and letting the human user edit the outcome to produce a human-like message; we decrypt with a Viterbi-like state decoder. Our approach aims in producing text that a human can edit and fix with minimal effort. As a first step, we build a prototype of our system that helps users encrypt English messages (into English messages), and we report on first experiments on Mechanical Turk.


Monday August 8, 2016 11:30am - 12:00pm
Texas Ballroom 5-7

11:30am

How to Break Microsoft Rights Management Services

Rights Management Services (RMS) are used to enforce access control in a distributed environment, and to cryptographically protect companies’ assets by restricting access rights, for example, to view-only, edit, print, etc., on a per-document basis. One of the most prominent RMS implementations is Microsoft RMS. It can be found in Active Directory (AD) and Azure. Previous research concentrated on generic weaknesses of RMS, but did not present attacks on real world systems.

We provide a security analysis of Microsoft RMS and present two working attacks: (1.)We completely remove the RMS protection of a Word document on which we only have a view-only permission, without having the right to edit it. This shows that in contrast to claims made by Microsoft, Microsoft RMS can only be used to enforce all-or-nothing access. (2.) We extend this attack to be stealthy in the following sense: We show how to modify the content of an RMS write-protectedWord document issued by our victim. The resulting document still claims to be write protected, and that the modified content was generated by the victim. We show that these attacks are not limited to local instances of Microsoft AD, and can be extended to Azure RMS and Office 365. We responsibly disclosed our findings to Microsoft. They acknowledged our findings (MSRC Case 33210).


Speakers
MG

Martin Grothe

Ruhr-University Bochum
avatar for Christian Mainka

Christian Mainka

Security Consultant, Horst Görtz Institute for IT Security, Chair for Network and Data Security, Ruhr-University Bochum
Christian Mainka is a Security Researcher at the Ruhr University Bochum, Chair for Network and Data Security. Since 2009, he focuses on XML and Web Services technologies and develops his penetration testing tool WS-Attacker and has published several papers in the field of XML security... Read More →
JS

Jörg Schwenk

Ruhr-University Bochum


Monday August 8, 2016 11:30am - 12:00pm
Texas Ballroom 1

12:00pm

Honey Sheets: What Happens to Leaked Google Spreadsheets?
Cloud-based documents are inherently valuable, due to the volume and nature of sensitive personal and business content stored in them. Despite the importance of such documents to Internet users, there are still large gaps in the understanding of what cybercriminals do when they illicitly get access to them by for example compromising the account credentials they are associated with. In this paper, we present a system able to monitor user activity on Google spreadsheets. We populated 5 Google spreadsheets with fake bank account details and fake funds transfer links. Each spreadsheet was configured to report details of accesses and clicks on links back to us. To study how people interact with these spreadsheets in case they are leaked, we posted unique links pointing to the spreadsheets on a popular paste site. We then monitored activity in the accounts for 72 days, and observed 165 accesses in total. We were able to observe interesting modifications to these spreadsheets performed by illicit accesses. For instance, we observed deletion of some fake bank account information, in addition to insults and warnings that some visitors entered in some of the spreadsheets. Our preliminary results show that our system can be used to shed light on cybercriminal behavior with regards to leaked online documents.

Speakers

Monday August 8, 2016 12:00pm - 12:30pm
Texas Ballroom 2–3

12:00pm

GhostPost: Seamless Restoration of Censored Social Media Posts

The control of voices within a country is as important to a censor as blocking information from outside. This control must extend to social media. Screening every post prior to publication is not practical; instead, censors find and delete objectionable content after it has been posted. This paper presents GhostPost, a distributed system that conveniently and safely restores deleted posts on any social media platform, with an implementation for Sina Weibo. Our simulations show that even if the censor deletes most posts within two hours (roughly the capability of Sina Weibo’s censor), it cannot prevent a well established GhostPost deployment from preserving a majority of the posts our users would want to see.

Speakers
FD

Fred Douglas

University of Illinois Urbana-Champaign


Monday August 8, 2016 12:00pm - 12:30pm
Texas Ballroom 5-7

12:00pm

Putting LTE Security Functions to the Test: A Framework to Evaluate Implementation Correctness

Long Term Evolution (LTE) is the most recent generation of mobile communications promising increased transfer rates and enhanced security features. It is todays communication technology for mobile Internet as well as considered for the use in critical infrastructure, making it an attractive target to a wide range of attacks. We evaluate the implementation correctness of LTE security functions that should protect personal data from compromise.

In this paper, we focus on two security aspects: user data encryption and network authentication. We develop a framework to analyze various LTE devices with respect to the implementations of their security-related functions. Using our framework, we identify several security flaws partially violating the LTE specification. In particular, we show that i) an LTE network can enforce to use no encryption and ii) none of the tested devices informs the user when user data is sent unencrypted. Furthermore, we present iii) a Man-in-the-Middle (MitM) attack against an LTE device that does not fulfill the network authentication requirements. The discovered security flaws undermine the data protection objective of LTE and represent a threat to the users of mobile communication. We outline several countermeasures to cope with these vulnerabilities and make proposals for a long-term solution.



Monday August 8, 2016 12:00pm - 12:30pm
Texas Ballroom 1

12:30pm

Eavesdropping One-Time Tokens Over Magnetic Secure Transmission in Samsung Pay
We have discovered a security vulnerability in the Samsung Pay app. The magnetic secure transmission in Samsung Pay emits too many magnetic signals that are excessively strong. Thus, we built a low-cost receiver to eavesdrop on the emitted magnetic signals. Using this receiver, we successfully eavesdropped the one-time token for a payment made on the Samsung Pay app around 0.6m ~ 2.0m from where the payment was taking place, depending on the orientation of the magnetic field emitting antenna in the victim device. We verified that the collected one-time token could be used away from the victim device if the collected payment information was quickly transmitted over the Internet.


Monday August 8, 2016 12:30pm - 1:00pm
Texas Ballroom 1

12:30pm

Lunch
Monday August 8, 2016 12:30pm - 2:00pm
Zilker Ballroom 1 and Foyer

1:00pm

Lunch
Monday August 8, 2016 1:00pm - 2:00pm
Zilker Ballroom 1 and Foyer

2:00pm

Evaluating Malware Mitigation by Android Market Operators
All Android markets are confronted with malicious apps, but they differ in how effective they deal with them. In this study, we evaluate the mitigation efforts of Google Play and four third-party markets. We define three metrics and measure how sensitive they are to different detection results from anti-virus vendors. Malware presence in three third-party markets – Liqucn, eoeMarket and Mumayi – is around ten times higher than in Google Play and Freeware Lovers. Searching for certain keywords in Google Play leads leads to a fifty times higher malware rate than those for popular apps. Finally, we measure malware survival times and find that Google Play seems to be the only market that effectively removes malware, though it contains a cluster of apps flagged as adware and malware over long time periods. This points to different incentives for app markets, anti-virus vendors and users.


Monday August 8, 2016 2:00pm - 2:30pm
Texas Ballroom 2–3

2:00pm

Censors’ Delay in Blocking Circumvention Proxies
Censors of the Internet must continually discover and block new circumvention proxy servers. We seek to understand this process; specifically, the length of the delay between when a proxy first becomes discoverable and when it is actually blocked. We measure this delay in the case of obfuscated Tor bridges, by testing their reachability before and after their introduction into Tor Browser. We test from sites in the U.S., China, and Iran, over a period of five months. China’s national firewall blocked new bridges after a varying delay of between 2 and 36 days. Blocking occurred only after end-user software releases, despite bridges being potentially discoverable earlier through other channels. While the firewall eventually discovered the bridges of Tor Browser, those that appeared only in Orbot, a version of Tor for mobile devices, remained unblocked. Our findings highlight the fact that censors can behave in ways that defy intuition, presenting difficulties for threat modeling but also opportunities for evasion.

Speakers
LT

Lynn Tsai

University of California, Berkeley


Monday August 8, 2016 2:00pm - 2:30pm
Texas Ballroom 5-7

2:00pm

How to Phone Home with Someone Else’s Phone: Information Exfiltration Using Intentional Sound Noise on Gyroscopic Sensors
We show how a low-power device, such as a surveillance bug, can take advantage of a nearby mobile phone to exfiltrate arbitrary secrets across the Internet at a data rate of hundreds to thousands of bits per second, all without the phone owner’s awareness or permission. All the attack requires is for the phone to browse to an attacker-controlled website. This feat is carried out by exploiting a particular characteristic of the phone’s gyroscope which was discovered by Son et al. We discuss the theoretical principles behind our attack, evaluate it on several different mobile devices, and discuss potential countermeasures and mitigations. Finally, we suggest how this attack vector can be used benevolently for the purpose of safer and easier two-factor authentication.


Monday August 8, 2016 2:00pm - 2:30pm
Texas Ballroom 1

2:30pm

A Cybersecurity Test and Evaluation Facility for the Next Generation Air Transportation System (NextGen)
The Federal Aviation Administration (FAA) is developing the Cybersecurity Test and Evaluation Facility (CyTF) for the FAA Air Transportation System as it transitions to the Next Generation Air Transportation System (NextGen). This paper describes the goals, capabilities, architecture, current implementation, initial experience, lessons learned and future implementation of the CyTF. The FAA Air Transportation System is an attractive cybersecurity threat target and the FAA must proactively and continually adjust its cybersecurity capabilities to match the changing cybersecurity threat landscape. The CyTF is providing an adaptable cybersecurity research and development environment independent of the operational system to satisfy research, test and evaluation needs. The CyTF has a number of complex requirements: testing cybersecurity tools and technologies prior to their integration into the Air Transportation System, the evaluation of individual FAA Air Transportation subsystems security, security of end-to-end services involving multiple subsystems, procedures to respond and recover from a cybersecurity event and cybersecurity training of the FAA workforce. One of the major lessons learned, described in the paper, has been how to address some aspects of the CyTF’s complex requirements.


Monday August 8, 2016 2:30pm - 3:00pm
Texas Ballroom 2–3

2:30pm

The Politics of Routing: Investigating the Relationship between AS Connectivity and Internet Freedom
The Internet’s importance in promoting free and open communication has led to widespread crackdowns on its use in countries around the world. In this study, we investigate the relationship between national policies around freedom of speech and Internet topology in various countries. We combine techniques from network measurement and machine learning to identify features of Internet structure at the national level that are the best indicators of a country’s level of freedom. We find that IP density and path lengths to other countries are the best indicators of a country’s freedom. We also find that our methods predict the freedom category (Free/Partly Free/Not Free) of a country with 95% accuracy.

Speakers
NM

Najmeh Miramirkhani (Stony Brook University)

Stony Brook University
I am a PhD student at PragSec Lab in Computer Science Department of Stony Brook University where I am fortunate to work under the supervision of Nick Nikiforakis. My research interests revolve around cyber crime and web security and my current research is focused on: • Malware Analysis... Read More →


Monday August 8, 2016 2:30pm - 3:00pm
Texas Ballroom 5-7

2:30pm

Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic
Smartphone apps have changed the way we interact with online services, but highly specialized apps come at a cost to privacy. In this paper we will demonstrate that a passive eavesdropper is capable of identifying finegrained user activities within the wireless network traffic generated by apps. Despite the widespread use of fully encrypted communication, our technique, called NetScope, is based on the intuition that the highly specific implementation of each app leaves a fingerprint on its traffic behavior (e.g., transfer rates, packet exchanges, and data movement). By learning the subtle traffic behavioral differences between activities (e.g., “browsing” versus “chatting” in a dating app), NetScope is able to perform robust inference of users’ activities, for both Android and iOS devices, based solely on inspecting IP headers. Our evaluation with 35 widely popular app activities (ranging from social networking and dating to personal health and presidential campaigns) shows that NetScope yields high detection accuracy (78.04% precision and 76.04% recall on average).


Monday August 8, 2016 2:30pm - 3:00pm
Texas Ballroom 1

3:00pm

Providing SCADA Network Data Sets for Intrusion Detection Research

High profile attacks such as Stuxnet and the cyber at-tack on the Ukrainian power grid have increased re-search in Industrial Control System (ICS) and Supervi-sory Control and Data Acquisition (SCADA) network security. However, due to the sensitive nature of these networks, there is little publicly available data for re-searchers to evaluate the effectiveness of the proposed solution. The lack of representative data sets makes evaluation and independent validation of emerging se-curity solutions difficult and slows down progress to-wards effective and reusable solutions.

This paper presents our work to generate representative labeled data sets for SCADA networks that security researcher can use freely. The data sets include packet captures including both malicious and non-malicious Modbus traffic and accompanying CSV files that con-tain labels to provide the ground truth for supervised machine learning.

To provide representative data at the network level, the data sets were generated in a SCADA sandbox, where electrical network simulators were used to introduce realism in the physical component. Also, real attack tools, some of them custom built for Modbus networks, were used to generate the malicious traffic. Even though they do not fully replicate a production network, these data sets represent a good baseline to validate detection tools for SCADA systems.



Monday August 8, 2016 3:00pm - 3:30pm
Texas Ballroom 2–3

3:00pm

3:00pm

Hardware-Assisted Rootkits: Abusing Performance Counters on the ARM and x86 Architectures

In this paper, a novel hardware-assisted rootkit is introduced, which leverages the performance monitoring unit (PMU) of a CPU. By configuring hardware performance counters to count specific architectural events, this research effort proves it is possible to transparently trap system calls and other interrupts driven entirely by the PMU. This offers an attacker the opportunity to redirect control flow to malicious code without requiring modifications to a kernel image.

The approach is demonstrated as a kernel-mode rootkit on both the ARM and Intel x86-64 architectures that is capable of intercepting system calls while evading current kernel patch protection implementations such as PatchGuard. A proof-of-concept Android rootkit is developed targeting ARM (Krait) chipsets found in millions of smartphones worldwide, and a similar Windows rootkit is developed for the Intel x86-64 architecture. The prototype PMU-assisted rootkit adds minimal overhead to Android, and less than 10% overhead to Windows OS. Further analysis into performance counters also reveals that the PMU can be used to trap returns from secure world on ARM as well as returns from System Management Mode on x86-64.


Speakers

Monday August 8, 2016 3:00pm - 3:30pm
Texas Ballroom 1

3:30pm

Adblocking and Counter Blocking: A Slice of the Arms Race
Adblocking tools like Adblock Plus continue to rise in popularity, potentially threatening the dynamics of advertising revenue streams. In response, a number of publishers have ramped up efforts to develop and deploy mechanisms for detecting and/or counter-blocking adblockers (which we refer to as anti-adblockers), effectively escalating the online advertising arms race. In this paper, we develop a scalable approach for identifying third-party services shared across multiple websites and use it to provide a first characterization of antiadblocking across the Alexa Top-5K websites. We map websites that perform anti-adblocking as well as the entities that provide anti-adblocking scripts. We study the modus operandi of these scripts and their impact on popular adblockers. We find that at least 6.7% of websites in the Alexa Top-5K use anti-adblocking scripts, acquired from 12 distinct entities – some of which have a direct interest in nourishing the online advertising industry.


Monday August 8, 2016 3:30pm - 4:00pm
Texas Ballroom 5-7

3:30pm

3:35pm

4:00pm

Privacy and Security Issues in BAT Web Browsers
In this position paper, we summarize our technical analysis of the security and privacy vulnerabilities in three web browsers developed by China’s three biggest web companies: UC Browser, QQ Browser and Baidu Browser; developed by UCWeb (owned by Alibaba), Tencent and Baidu, respectively. We found them to consistently contain sensitive data leaks and remote code execution vulnerabilities in their update processes. Despite the massive user bases of these browsers, particularly in China, there has been limited attention paid to the applications by the information security research community. This lack of attention is problematic, as it is known that the insecure transmission of personal user data by UC Browser has been used by the intelligence community to perform surveillance. We conclude by evaluating explanations for why this class of apps has such uniform security and privacy issues, and recommend researchers better engage software development companies in developing and newly industrialized economies.

Speakers
avatar for Ron Deibert

Ron Deibert

Director, Citizen Lab, University of Toronto
Ron Deibert, (OOnt, PhD, University of British Columbia) is Professor of Political Science, and Director of the Citizen Lab at the Munk School of Global Affairs, University of Toronto. The Citizen Lab is an interdisciplinary research and development laboratory working at the intersection... Read More →


Monday August 8, 2016 4:00pm - 4:30pm
Texas Ballroom 5-7

4:00pm

AVLeak: Fingerprinting Antivirus Emulators through Black-Box Testing

To fight the ever-increasing proliferation of novel malware, antivirus (AV) vendors have turned to emulationbased automated dynamic malware analysis. Malware authors have responded by creating malware that attempts to evade detection by behaving benignly while being running in an emulator. Malware may detect emulation by looking for emulator “fingerprints” such as unique environmental values, timing inconsistencies, or bugs in CPU emulation.

Due to their immense complexity and the expert knowledge required to effectively analyze them, reverseengineering AV emulators to discover fingerprints is an extremely challenging task. As an alternative, researchers have demonstrated fingerprinting attacks using simple black-box testing, but these techniques are slow, inefficient, and generally awkward to use.

We propose a novel black-box technique to efficiently extract emulator fingerprints without reverseengineering. To demonstrate our technique, we implemented an easy-to-use tool and API called AVLeak. We present an evaluation of AVLeak against several current consumer AVs and show emulator fingerprints derived from our experimentation. We also propose a classification of fingerprints as they apply to consumer AV emulators. Finally, we discuss the defensive implications of our work, and future directions of research in emulator evasion and exploitation.



Monday August 8, 2016 4:00pm - 4:30pm
Texas Ballroom 1

4:00pm

4:30pm

Mini Break
Monday August 8, 2016 4:30pm - 4:45pm
Texas Ballroom Foyer

4:30pm

malWASH: Washing Malware to Evade Dynamic Analysis

Hiding malware processes from fingerprinting is challenging. Current techniques like metamorphic algorithms and diversity generate different instances of a program, protecting it against static detection. Unfortunately, all existing techniques are prone to detection through behavioral analysis – a runtime analysis that records behavior (e.g., through system call invocations), and can detect executing diversified programs like malware.

We present malWASH, a dynamic diversification engine that executes an arbitrary program without being detected by dynamic analysis tools. Target programs are chopped into small components that are then executed in the context of other processes, hiding the behavior of the original program in a stream of benign behavior of a large number of processes. A scheduler connects these components and transfers state between the different processes. The execution of the benign processes is not impacted. Furthermore, malWASH ensures that the executing program remains persistent, complicating the removal process.


Speakers

Monday August 8, 2016 4:30pm - 5:00pm
Texas Ballroom 1

4:45pm

5:00pm

Non-Deterministic Timers for Hardware Trojan Activation (or How a Little Randomness Can Go the Wrong Way)
The security of digital Integrated Circuits (ICs) is essential to the security of a computer system that comprises them. A particularly pernicious attack is the insertion of a hardware backdoor, that is triggered in the field using a timer that is also inserted in the hardware. Prior work has addressed deterministic timer-based triggers—those that are designed to trigger at a specific time with probability 1. We address open questions related to the feasibility of realizing non-deterministic timer-based triggers in hardware — those that are designed with a random component. We show that such timers can be realized in hardware in a manner that is impractical to detect or disable using existing countermeasures of which are aware. We discuss our design, implementation and analysis of such a timer. We show that the attacker can have surprisingly fine-grained control over the time-window within which the timer triggers. Our timer has several other appealing features as well, from the attacker’s standpoint. For example, it is practical and effective with only a few bits of Non-Volatile (NV) memory and a small time-window within which volatile state needs to be maintained. Our work raises the bar considerably for defense mechanisms for hardware security.


Monday August 8, 2016 5:00pm - 5:30pm
Texas Ballroom 1

8:00pm

Birds-of-a-Feather Sessions (BoFs)

View the current schedule and scheduling instructions on the USENIX Security '16 BoFs page.


Monday August 8, 2016 8:00pm - 11:00pm
TBA
 
Tuesday, August 9
 

8:00am

8:45am

Welcome and Discussion Format
Speakers
DM

Damon McCoy

New York University
FR

Franziska Roesner

University of Washington


Tuesday August 9, 2016 8:45am - 9:00am
Texas Ballroom 2–3

9:00am

Learning From Others’ Mistakes: Penetration Testing IoT Devices in the Classroom
This paper shows how it is possible to use commercial off-the-shelf IoT devices in a taught cyber security course. We argue that the current level of IoT device security makes testing them an excellent exercise for students. We have developed a course based around this idea that teaches students basic penetration testing techniques and then sets two rounds of group assignments in which they get hands-on experience with performing a security analysis of an IoT device. In the first round, the students get devices which we know are vulnerable. In the second round, the groups are mixed and they get devices with no previously known vulnerabilities. This approach enables us to provide them enough guidance in the first round to get the experience needed to perform the analysis independently in the second round. This seems to have been successful because our student teams found previously unknown vulnerabilities in five devices in the second round of tests.

Speakers
avatar for Dr Tom Chothia

Dr Tom Chothia

Senior Lecturer in Cyber Security, Birmingham University
Dr Tom Chothia is a Senior Lecturer in cyber security at the University of Birmingham. He leads research projects on industrial control systems security (including rail), analysis of COTS devices, automated firmware analysis, protocol analysis and supply chain security. His work on... Read More →


Tuesday August 9, 2016 9:00am - 9:25am
Texas Ballroom 5-7

9:00am

Exciting Research Directions in User Authentication Online
While we haven't been able to quite kill the password (yet), there have been many advancements in both the type of technology that people routinely use and the penetration of that technology into new areas of the world. For example, while several years ago few users wore computers on their body, now many people have fitness bands with long life times and biometric sensors. In fact, biometrics themselves used to require non-standard hardware, but now almost every new smartphone has a fingerprint reader. While previously the Internet was limited to only first-world and second-world countries, it is now starting to heavily penetrate areas of the world which have never heard of passwords and have a different mindset around authentication altogether. Finally, in a recent trend, websites began to accept phone numbers as user identifiers instead of e-mail addresses. What does all of this mean for privacy, for security, for anonymity, and what type of research opportunities arise? Let's discuss all of this and more.

Speakers

Tuesday August 9, 2016 9:00am - 10:00am
Texas Ballroom 2–3

9:00am

Stagefright: An Android Exploitation Case Study

Last year, Joshua disclosed multiple vulnerabilities in Android's multimedia processing library libstagefright. This disclosure went viral under the moniker "Stagefright," garnered national press, and ultimately helped spur widespread change throughout the mobile ecosystem. Since initial disclosure, a multitude of additional vulnerabilities have been disclosed affecting the library.

In the course of his research, Joshua developed and shared multiple exploits for the issues he disclosed with Google. In response to Joshua and others' findings, the Android Security Team made many security improvements. Some changes went effective immediately, some later, and others still are set to ship with the next version of Android—Nougat.


Speakers

Tuesday August 9, 2016 9:00am - 10:00am
Texas Ballroom 1

9:25am

A Tool for Teaching Reverse Engineering
Tigress is a freely available source-to-source, C language code obfuscator. The tool allows users to obfuscate existing programs or programs randomly generated by Tigress itself. Tigress is highly flexible, providing a large number of standard obfuscating code transformations, and many variants of each transformation. Tigress may be used in many contexts, but in this paper we describe its use in teaching code reverse engineering techniques. In order to make Tigress easily available and usable to educators and students, we have integrated Tigress into a web application. In addition to directly benefiting education, this new web application offers unique ways to advance research on code obfuscation and reverse engineering.

Speakers
CT

Clark Taylor

University of Arizona, Lawrence Livermore National Laboratory


Tuesday August 9, 2016 9:25am - 9:50am
Texas Ballroom 5-7

10:00am

Break with Refreshments
Tuesday August 9, 2016 10:00am - 10:30am
Texas Ballroom Foyer

10:00am

Fillory of PHY: Toward a Periodic Table of Signal Corruption Exploits and Polyglots in Digital Radio

Boundaries between layers of digital radio protocols have been breached by techniques like packet-in-packet: an attacker controlling the application layer payloads can, in fact, inject frames into lower layers such as PHY and LNK. But can a digital transmitter designed for a particular PHY inject frames into a different, noncompatible PHY network?

We present several case studies of such cross-protocol injection, and show that non-compatible radio PHYs sharing the same frequencies need not merely collide and jam each other, but can instead unexpectedly cross-talk. We propose a methodology for discovering such crosstalking PHYs systematically rather that serendipitously. No PHY is an island.


Speakers
SB

Sergey Bratus

Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He sees state-of-the-art hacking as a distinct research and engineering discipline that, although not yet recognized as such, harbors deep insights into the nature of computing. He has a Ph.D... Read More →
avatar for Travis Goodspeed

Travis Goodspeed

Travis Goodspeed is ecstatic to live in Knoxville again, where he drives an Ectomobile and a '64 Studebaker.  He collects reverse engineering tricks.


Tuesday August 9, 2016 10:00am - 10:30am
Texas Ballroom 1

10:10am

On the Design of Security Games: From Frustrating to Engaging Learning

Hands-on cyber security training is generally accepted as an enjoyable and effective way of developing and practising skills that complement the knowledge gained by traditional education. At the same time, experience from organizing and participating in these events show that there is still room for making a larger impact on the learners, and providing more engaging and beneficial learning. In particular, the area of the game and exercise design is not sufficiently well-developed. There is no comprehensive methodology or best practices that can be used to prepare, test, and carry out events.

We present the concept of a security game and lessons learned from a prototype game played by 260 participants. Based on the lessons, we describe the enhancements to the game design and a user study evaluating new game features. The results of the study show the importance of logging events which describe the course of the game. It also suggests what type of information can be predicted from the game logs and what can be found by other methods such as surveys.



Tuesday August 9, 2016 10:10am - 10:30am
Texas Ballroom 5-7

10:10am

10:30am

Break with Refreshments
Tuesday August 9, 2016 10:30am - 11:00am
Texas Ballroom Foyer

10:30am

SoK: XML Parser Vulnerabilities

The Extensible Markup Language (XML) has become a widely used data structure for web services, Single- Sign On, and various desktop applications. The core of the entire XML processing is the XML parser. Attacks on XML parsers, such as the Billion Laughs and the XML External Entity (XXE) Attack are known since 2002. Nevertheless even experienced companies such as Google, and Facebook were recently affected by such vulnerabilities.

In this paper we systematically analyze known attacks on XML parsers and deal with challenges and solutions of them. Moreover, as a result of our in-depth analysis we found three novel attacks.

We conducted a large-scale analysis of 30 different XML parsers of six different programming languages. We created an evaluation framework that applies different variants of 17 XML parser attacks and executed a total of 1459 attack vectors to provide a valuable insight into a parser’s configuration. We found vulnerabilities in 66 % of the default configuration of all tested parses. In addition, we comprehensively inspected parser features to prevent the attacks, show their unexpected side effects, and propose secure configurations.


Speakers
avatar for Christian Mainka

Christian Mainka

Security Consultant, Horst Görtz Institute for IT Security, Chair for Network and Data Security, Ruhr-University Bochum
Christian Mainka is a Security Researcher at the Ruhr University Bochum, Chair for Network and Data Security. Since 2009, he focuses on XML and Web Services technologies and develops his penetration testing tool WS-Attacker and has published several papers in the field of XML security... Read More →
avatar for Vladislav Mladenov

Vladislav Mladenov

Ruhr University Bochum
Vladislav Mladenov is a PhD Student at the Ruhr University Bochum, Chair for Network and Data Security. He is interested in the security of XML-based services. Additionally, he investigates different Single Sign-On protocols like OAuth, OpenID, OpenID Connect and SAML. Other topics... Read More →
JS

Jörg Schwenk

Ruhr-University Bochum
CS

Christopher Späth

RUB
Christopher Späth is a PhD Student at the Ruhr University Bochum, Chair for Network and Data Security. He wrote his master thesis about the security implications of DTD attacks against a wide range of XML parsers. His first contact with XML security was back in 2011, when he wrote... Read More →


Tuesday August 9, 2016 10:30am - 11:00am
Texas Ballroom 1

10:30am

Implications of Adversarial Learning for Security and Privacy

While machine learning is a powerful tool for data analysis and processing, traditional machine learning methods were not designed to operate in the presence of adversaries. They are based on statistical assumptions about the distribution of the input data, and they rely on training data derived from the input data to construct models for analyses. Adversaries may exploit these characteristics to disrupt analytics, cause analytics to fail, or engage in malicious activities that fail to be detected.

While these vulnerabilities pose a challenge to using machine learning for security applications, they may also pose opportunities to disrupt privacy invasive learning systems. We will discuss techniques, challenges, and future research directions for reverse engineering analytics, secure learning and learning-based security applications.



Tuesday August 9, 2016 10:30am - 11:30am
Texas Ballroom 2–3

11:00am

Break with Refreshments
Tuesday August 9, 2016 11:00am - 11:30am
Texas Ballroom Foyer

11:00am

11:30am

Abusing Public Third-Party Services for EDoS Attacks
Cloud computing has been widely adopted nowadays as it provides economical, elastic and scalable services to customers. The cloud resources are offered in an on demand manner and the consumers are charged based on their resource usage, known as “pay-as-you-go.” Such a cloud utility scheme opens the door to Economic Denial of Sustainability (EDoS) attacks in which the cloud consumers would suffer from financial losses. In this paper, we uncover the severity of EDoS attacks through demonstrating that EDoS attacks can be easily conducted at very low costs. In specific, we show that attackers can launch amplification attacks against the cloud consumers by abusing the free public third-party services provided by the Internet giants such as Google, Microsoft, Facebook and LinkedIn. Through studying the characteristics of 10 main public third-party services, we reveal that all of them can be abused to launch EDoS attacks and the amplification factor can reach up to 135K. To combat against the uncovered attacks, we propose several mitigation strategies for the third-party service providers as well as the cloud consumers.


Tuesday August 9, 2016 11:30am - 12:00pm
Texas Ballroom 1

11:30am

Security and Privacy for Augmented Reality
A new wave of Augmented Reality systems are starting to ship to developers and the public. These systems overlay computer-generated objects on a user’s senses to seamlessly blend the real and virtual worlds. Capabilities that once cost hundreds of thousands of dollars are becoming available for an order of magnitude less and the cost looks set to drop. With these new systems come new application models, new app stores, and new security challenges. Let’s talk about what we can build, what we can break, and what new techniques we need as a community to address these challenges.

Speakers

Tuesday August 9, 2016 11:30am - 12:30pm
Texas Ballroom 2–3

12:00pm

DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work

Since its creation in 2009, Bitcoin has used a hashbased proof-of-work to generate new blocks, and create a single public ledger of transactions. The hash-based computational puzzle employed by Bitcoin is instrumental to its security, preventing Sybil attacks and making doublespending attacks more difficult. However, there have been concerns over the efficiency of this proof-of-work puzzle, and alternative “useful” proofs have been proposed.

In this paper, we present DDoSCoin, which is a cryptocurrency with a malicious proof-of-work. DDoSCoin allows miners to prove that they have contributed to a distributed denial of service attack against specific target servers. This proof involves making a large number of TLS connections to a target server, and using cryptographic responses to prove that a large number of connections has been made. Like proof-of-work puzzles, these proofs are inexpensive to verify, and can be made arbitrarily difficult to solve.


Speakers
BV

Benjamin VanderSloot

University of Michigan
EW

Eric Wustrow

University of Colorado Boulder


Tuesday August 9, 2016 12:00pm - 12:30pm
Texas Ballroom 1

12:15pm

12:30pm

2:00pm

Self-Efficacy in Cybersecurity Tasks and Its Relationship with Cybersecurity Competition and Work-Related Outcomes

Research on cybersecurity competitions is still in its nascent state, and many questions remain unanswered, including how effective these competitions actually are at influencing career decisions and attracting a diverse participant base. The present research aims to address these questions through surveying a sample of ex-cybersecurity competition participants from New York University’s Cyber-Security Awareness Week (CSAW). 195 survey respondents reported on their self-esteem, general self-efficacy, and perceived efficacy in cyber-security-related tasks, along with important competi-tion- and career-related variables such as reasons for participating, competition performance, appeal and ef-fectiveness of competitions, job satisfaction, and per-ceived organizational fit. Correlational analyses showed that confidence in cybersecurity-related tasks was posi-tively related to interest in cybersecurity, performance within the competition, job satisfaction within a cyber-security job, and perceived organizational fit within cybersecurity organizations. Specific self-efficacy was better at predicting competition performance than gen-eral self-efficacy or self-esteem, but was unrelated to participants’ positive image of competitions and wheth-er or not the cybersecurity competitions influenced their career decisions. Instead, general self-efficacy was a better predictor of positive competition experience even more-so than performance within the competition. Overall, the results show that participants with self-confidence in their cybersecurity-relevant skills are more likely to do well in the competition and be satis-fied when entering a cybersecurity career, but any par-ticipant with high general self-efficacy will likely still have a positive experience when participating in com-petitions.




Tuesday August 9, 2016 2:00pm - 2:25pm
Texas Ballroom 5-7

2:00pm

A Rising Tide: Design Exploits in Industrial Control Systems
Security is an emergent property. It is the outcome of an interaction between many sub-components and processes. One of the biggest problems of ICS security today is that systems undergo security assessments without recognizing the environment in which they are used. This has led to a situation where many systems have undergone cyber security assessments without addressing the ICS component, leading to a false sense of security. While Industrial Control System (ICS) vulnerability researchers and vendors became quite practiced at finding and fixing implementation bugs, many have minimal experience with design bugs. In the near future, we can expect the attacker community to leverage this weakness, as it did with earlier technologies. Therefore, ICS vendors must begin focusing better on the design of the environment and protocols, and ICS audits must begin now to focus on design. This paper a joint effort of the authors who independently researched design vulnerabilities in ICS with the goal of attracting more attention to ICS-specific design vulnerabilities.

Speakers
avatar for Marina Krotofil

Marina Krotofil

Lead Security Researcher, Honeywell Industrial Cyber Security Lab
I am a researcher in the area of Industrial Control Systems (ICS) security and critical infrastructures. Specifically I am specializing in cyber-physical security: attacks directed at causing physical impact. I am working on discovering unique attack vectors, design vulnerabilities... Read More →


Tuesday August 9, 2016 2:00pm - 2:30pm
Texas Ballroom 1

2:00pm

New Challenges in Usable Security

Certain usable security problems—like password selection, or warning behavior—are well-studied and oft-discussed at conferences. What problems aren't we addressing as a community? Where is more research needed, and why aren't more researchers working on those problems? In this discussion, the audience will work together to brainstorm for new research topics in the area of usable security.

To kick off the discussion, I'll start by talking about the need for more research on global and underserved communities. Until recently, most research has focused on university students. I'll share previously unpublished Chrome data that illustrates how different groups of people use and experience the Internet very differently. How can we do better at capturing diverse perspectives in user research? Then, it'll be your turn to pitch questions as we open up the floor for discussion. Should we be focusing more on the Internet of Things, self-driving software, or something else altogether...?


Speakers

Tuesday August 9, 2016 2:00pm - 3:00pm
Texas Ballroom 2–3

2:25pm

Development of Peer Instruction Questions for Cybersecurity Education
Cybersecurity classes should be focused on building practical skills along with the development of the open mindset that is essential to tackle the dynamic cybersecurity landscape. Unfortunately, traditional lecture-style teaching is a poor match for this task. Peer instruction is a non-traditional, active learning approach that has proven to be effective in many fundamental courses of computer science. The main challenge for faculty in adopting peer instruction is the development of conceptual questions. This paper presents a methodology for developing peer instruction questions systematically for cybersecurity courses. The method consists of four stages: concept identification, concept trigger, question presentation, and question development. The paper further provides an analysis of 172 questions developed over the period of ten months by the authors for two cybersecurity courses: introduction to computer security and network penetration testing. Finally, it discusses four examples of peer instruction questions in the context of the aforementioned methodology.

Speakers
IA

Irfan Ahmed

Assistant Professor, University of New Orleans
avatar for Golden G. Richard III

Golden G. Richard III

Professor, University of New Orleans
I'm a computer science professor who teaches and performs research in digital forensics, reverse engineering, malware analysis, and operating systems internals and also a private digital forensics investigator. I'm also a concert photographer @ High ISO Music: www.highisomusic... Read More →
CB

Cynthia B. Lee

Stanford University
VR

Vassil Roussev

University of New Orleans


Tuesday August 9, 2016 2:25pm - 2:50pm
Texas Ballroom 5-7

2:30pm

This Ain't Your Dose: Sensor Spoofing Attack on Medical Infusion Pump

Sensors measure physical quantities of the environment for sensing and actuation systems, and are widely used in many commercial embedded systems such as smart devices, drones, and medical devices because they offer convenience and accuracy. As many sensing and actuation systems depend entirely on data from sensors, these systems are naturally vulnerable to sensor spoofing attacks that use fabricated physical stimuli. As a result, the systems become entirely insecure and unsafe.

In this paper, we propose a new type of sensor spoofing attack based on saturation. A sensor shows a linear characteristic between its input physical stimuli and output sensor values in a typical operating region. However, if the input exceeds the upper bound of the operating region, the output is saturated and does not change as much as the corresponding changes of the input. Using saturation, our attack can make a sensor to ignore legitimate inputs. To demonstrate our sensor spoofing attack, we target two medical infusion pumps equipped with infrared (IR) drop sensors to control precisely the amount of medicine injected into a patients’ body. Our experiments based on analyses of the drop sensors show that the output of them could be manipulated by saturating the sensors using an additional IR source. In addition, by analyzing the infusion pumps’ firmware, we figure out the vulnerability in the mechanism handling the output of the drop sensors, and implement a sensor spoofing attack that can bypass the alarm systems of the targets. As a result, we show that both over-infusion and under-infusion are possible: our spoofing attack can inject up to 3.33 times the intended amount of fluid or 0.65 times of it for a 10 minute period.



Tuesday August 9, 2016 2:30pm - 3:00pm
Texas Ballroom 1

2:50pm

Finding the Balance Between Guidance and Independence in Cybersecurity Exercises

In order to accomplish cyber security tasks, one needs to know how to analyze complex data and when and how to use tools. Many hands-on exercises for cybersecurity courses have been developed to teach these skills. There is a spectrum of ways that these exercises can be taught. On one end of the spectrum are prescriptive exercises, in which students follow step-by- step instructions to run scripted exploits, perform penetration testing, do security audits, etc. On the other end of the spectrum are open-ended exercises and capture-the- flag activities, where little guidance is given on how to proceed.

This paper reports on our experience with trying to find a balance between these extremes in the context of one of the suite of cybersecurity exercises that we have developed in the EDURange framework. The particular exercise that we present teaches students about dynamic analysis of binaries using strace. We have found that students are most successful in these exercises when they are given the right amount of prerequisite knowledge and guidance as well as some opportunity to find creative solutions. Our scenarios are specifically designed to develop analysis skills and the security mindset in students and to complement the theoretical aspects of the discipline and develop practical skills.



Tuesday August 9, 2016 2:50pm - 3:10pm
Texas Ballroom 5-7

3:00pm

3:00pm

Sampling Race: Bypassing Timing-Based Analog Active Sensor Spoofing Detection on Analog-Digital Systems

Sensors and actuators are essential components of cyberphysical systems. They establish the bridge between cyber systems and the real world, enabling these systems to appropriately react to external stimuli. Among the various types of sensors, active sensors are particularly well suited to remote sensing applications, and are widely adopted for many safety critical systems such as automobiles, unmanned aerial vehicles, and medical devices. However, active sensors are vulnerable to spoofing attacks, despite their critical role in such systems. They cannot adopt conventional challenge-response authentication procedures with the object of measurement, because they cannot determine the response signal in advance, and their emitted signal is transparently delivered to the attacker as well.

Recently, PyCRA, a physical challenge-response authentication scheme for active sensor spoofing detection has been proposed. Although it is claimed to be both robust and generalizable, we discovered a fundamental vulnerability that allows an attacker to circumvent detection. In this paper, we show that PyCRA can be completely bypassed, both by theoretical analysis and by real-world experiment. For the experiment, we implemented authentication mechanism of PyCRA on a real-world medical drop counter, and successfully bypassed it, with only a low-cost microcontroller and a couple of crude electrical components. This shows that there is currently no effective robust and generalizable defense scheme against active sensor spoofing attacks.



Tuesday August 9, 2016 3:00pm - 3:30pm
Texas Ballroom 1

3:10pm

Gamification for Teaching and Learning Computer Security in Higher Education

In many cases students in higher education are driven by assessments and achievements rather than the “learning journey” that can be achieved through full engagement with provided material. Novel approaches are needed to improve engagement in and out of class time, and to achieve a greater depth of learning. Gamification, “the use of game design elements in nongame contexts”, has been applied to higher education to improve engagement, and research also suggests that serious games can be used for gamesbased learning, providing simulated learning environments and increasing motivation.

This paper presents the design and evaluation of a gamified computer security module, with a unique approach to assessed learning activities. Learning activities (many developed as open educational resources (OER)) and an assessment structure were developed. A new free and open source software (FOSS) virtual learning environment (VLE) was implemented, which enables the use of three types of experience points (XP), and a semiautomated marking scheme for timely, clear, transparent, and feedbackoriented marking.

The course and VLE were updated and evaluated over two years. Qualitative and descriptive results were positive and encouraging. However, ultimately the increased satisfaction was not found to have statistical significance on quantitative measurements of motivation, and the teaching workload of the gamified module was noteworthy.


Speakers

Tuesday August 9, 2016 3:10pm - 3:30pm
Texas Ballroom 5-7

3:30pm

3:30pm

Everything You Wanted to Know about Privacy Law (but Were Afraid to Ask)
This panel will feature one or more legal experts in privacy and national security ready to answer your questions about a range of issues relevant to information security, including constitutional, statutory, administrative, and common law. There will be no opening remarks so please bring lots of questions! Please note that the panelists will not dispense individual legal advice.

Speakers

Tuesday August 9, 2016 3:30pm - 4:30pm
Texas Ballroom 2–3

4:00pm

Teaching Computer Science With Cybersecurity Education Built-in
Despite the remarkable cybersecurity education efforts from traditional approaches such as offering dedicated courses and even degree programs or tracks, the computer science curricula of many institutions still severely fall short in promoting cybersecurity education. We advocate to further explore the security integration approach to complement other approaches and better promote cybersecurity education. We contribute to this approach by concretely exploring a viable implementation solution and evaluating its effectiveness. Specifically, we explore to discuss relevant cybersecurity topics in upper and graduate level non-security courses to engage students in learning cybersecurity knowledge and skills from the perspectives of different computer science sub-areas, and help them understand the correlation and interplay between cybersecurity and other sub-areas of computer science. Our experience in six class sessions of five non-security courses is very encouraging: the majority of students found the discussed cybersecurity topics interesting, useful, and relevant; they would like to have cybersecurity topics discussed in other non-cybersecurity courses in the future; they improved their understanding of the discussed content. We hope our experience can be helpful for other educators to adopt and further explore the security integration approach in the future.

Speakers

Tuesday August 9, 2016 4:00pm - 4:20pm
Texas Ballroom 5-7

4:00pm

Truck Hacking: An Experimental Analysis of the SAE J1939 Standard

Consumer vehicles have been proven to be insecure; the addition of electronics to monitor and control vehicle functions have added complexity resulting in safety critical vulnerabilities. Heavy commercial vehicles have also begun adding electronic control systems similar to consumer vehicles. We show how the openness of the SAE J1939 standard used across all US heavy vehicle industries gives easy access for safety-critical attacks and that these attacks aren't limited to one specific make, model, or industry.

We test our attacks on a 2006 Class-8 semi tractor and 2001 school bus. With these two vehicles, we demonstrate how simple it is to replicate the kinds of attacks used on consumer vehicles and that it is possible to use the same attack on other vehicles that use the SAE J1939 standard. We show safety critical attacks that include the ability to accelerate a truck in motion, disable the driver's ability to accelerate, and disable the vehicle's engine brake. We conclude with a discussion for possibilities of additional attacks and potential remote attack vectors.



Tuesday August 9, 2016 4:00pm - 4:30pm
Texas Ballroom 1

4:20pm

A "Divergent"-Themed CTF and Urban Race for Introducing Security and Cryptography

There is a recognized shortage of students who are interested in learning computer and network security. One of the underlying reasons for this is a lack of awareness and motivation to study the subject. In order to tackle this problem, we have developed an introductory cryptography and security curriculum that attempts to inspire students to pursue this career path.

Towards this end, the curriculum we have designed motivates the importance of the field and contains a variety of activities intended not only to teach students basic concepts, but also allow them to develop technical skills in a fun and engaging manner. In particular, we employ a novel set of capture-the-flag (CTF) exercises and a physical activity based on an urban race, both of which are tied into a fictional story that students act out. The storyline follows a book series that many young adults of this generation are familiar with: the Divergent books written by Veronica Roth [1]. Using this approach, we have successfully delivered our curriculum at multiple schools throughout Oregon.


Speakers
WF

Wu-chang Feng

Portland State University


Tuesday August 9, 2016 4:20pm - 4:40pm
Texas Ballroom 5-7

4:30pm

Wrap-Up
Speakers
DM

Damon McCoy

New York University
FR

Franziska Roesner

University of Washington


Tuesday August 9, 2016 4:30pm - 5:00pm
Texas Ballroom 2–3

4:30pm

Controlling UAVs with Sensor Input Spoofing Attacks

There has been a recent surge in interest in autonomous robots and vehicles. From the Google self-driving car, to autonomous delivery robots, to hobbyist UAVs, there is a staggering variety of proposed deployments for autonomous vehicles. Ensuring that such vehicles can plan and execute routes safely is crucial.

The key insight of our paper is that the sensors that autonomous vehicles use to navigate represent a vector for adversarial control. With direct knowledge of how sensor algorithms operate, the adversary can manipulate the victim’s environment to form an implicit control channel on the victim. We craft an attack based on this idea, which we call asensor input spoofing attack.

We demonstrate a sensor input spoofing attack against the popular Lucas-Kanade method for optical flow sensing and characterize the ability of an attacker to trick optical flow via simulation. We also demonstrate the effectiveness of our optical flow sensor input spoofing attack against two consumer-grade UAVs, the AR.Drone 2.0 and the APM 2.5 ArduCopter. Finally, we introduce a method for defending against such an attack on opticalflow sensors, both using the RANSAC algorithm and a more robust weighted RANSAC algorithm to synthesize sensor outputs.



Tuesday August 9, 2016 4:30pm - 5:00pm
Texas Ballroom 1

4:40pm

Mentoring Talent in IT Security–A Case Study
Talent management is usually not well-supported by traditional curricula, because university courses are typically designed for a large number of average students and not for the few outstanding ones. In this paper, we share our experiences on running a talent mentoring program in IT security at our university. We describe the whole process from increasing awareness of IT security among students, via maintaining a community of practice where they can improve their skills, to finally connect them to well-established IT companies. We also introduce avatao, a platform to support hands-on IT security practice. Our methods could serve as a blueprint to establish a successful talent management program in IT security in a typical academic environment.


Tuesday August 9, 2016 4:40pm - 5:00pm
Texas Ballroom 5-7

5:00pm

The Use of Cyber-Defense Exercises in Undergraduate Computing Education
This paper describes the placement of a large-scale cyberdefense exercise within the computer science and information technology curricula at an undergraduate institution, the United States Military Academy. Specifically, we describe the US National Security Agency Cyber-Defense Exercise as an example of a large-scale design, implement, and defend exercise. Furthermore, we provide evidence that the exercise inspires students to evaluate and create within the field of computer security. Our evidence includes examples of student research projects which benefited from unique opportunities for innovation. Finally, we provide the exercise documents that governed the 2016 Cyber-Defense Exercise and packet captures from our portion of the network.


Tuesday August 9, 2016 5:00pm - 5:15pm
Texas Ballroom 5-7

5:00pm

5:10pm

Scalable and Lightweight CTF Infrastructures Using Application Containers (Pre-recorded Presentation)
Attack-defence Capture The Flag (CTF) competitions are effective pedagogic platforms to teach secure coding practices due to the interactive and real-world experiences they provide to the contest participants. Two of the key challenges that prevent widespread adoption of such contests are: 1) The game infrastructure is highly resource intensive requiring dedication of significant hardware resources and monitoring by organizers during the contest and 2) the participants find the gameplay to be complicated, requiring performance of multiple tasks that overwhelms inexperienced players. In order to address these, we propose a novel attack-defence CTF game infrastructure which uses application containers. The results of our work showcase effectiveness of these containers and supporting tools in not only reducing the resources organizers need but also simplifying the game infrastructure. The work also demonstrates how the supporting tools can be leveraged to help participants focus more on playing the game i.e. attacking and defending services and less on administrative tasks. The results from this work indicate that our architecture can accommodate over 150 teams with 15 times fewer resources when compared to existing infrastructures of most contests today.


Tuesday August 9, 2016 5:10pm - 5:30pm
Texas Ballroom 5-7

6:00pm

Welcome Happy Hour

Mingle with other workshop and conference attendees while ­enjoying beer, soda, and snacks.


Tuesday August 9, 2016 6:00pm - 7:00pm
Texas Ballroom Foyer

7:00pm

Student Social and Networking Event
Come for the refreshments, stay for the opportunity to meet and network with other students and young professionals. This event is free, but space is limited. Pre-registration is required.

Tuesday August 9, 2016 7:00pm - 9:00pm
Hill Country Ballroom

8:00pm

Birds-of-a-Feather Sessions (BoFs)

View the current schedule and scheduling instructions on the USENIX Security '16 BoFs page.


Tuesday August 9, 2016 8:00pm - 11:00pm
TBA

9:00pm

Board Game Night

Join us for some good old-fashioned board games. We'll have some on hand, but bring your own games, too!


Tuesday August 9, 2016 9:00pm - 11:00pm
Hill Country Ballroom
 
Wednesday, August 10
 

7:30am

Continental Breakfast
Wednesday August 10, 2016 7:30am - 9:00am
Zilker Ballroom Foyer

8:25am

Daily Lightning Talks
Wednesday August 10, 2016 8:25am - 8:45am
Zilker Ballroom 2–4

8:45am

Opening Remarks and Awards
Speakers
SS

Stefan Savage

UCSD
http://cseweb.ucsd.edu/~savage/


Wednesday August 10, 2016 8:45am - 9:00am
Zilker Ballroom 2–4

9:00am

Crashing Drones and Hijacked Cameras: CyberTrust Meets CyberPhysical
Cyber-physical systems are engineered systems that require tight conjoining of and coordination between the computational (discrete) and the physical (continuous). Cyber-physical systems are rapidly penetrating every aspect of our lives, with potential impact on sectors critical to national security and competitiveness, including aerospace, automotive, chemical production, civil infrastructure, energy, finance, healthcare, manufacturing, materials, and transportation. As these systems fulfill the promise of the Internet of Things, smart cities, household robots, and personalized medicine, we need to ensure they are trustworthy: reliable, secure, and privacy-preserving. This talk will look at cyber-physical systems from the lens of trustworthy computing. Throughout my talk, I will raise research challenges for how to make cyber-physical systems trustworthy.

Speakers
LC

Lili Cheng

CVP, Conversational AI, Microsoft


Wednesday August 10, 2016 9:00am - 10:30am
Zilker Ballroom 2–4

10:30am

Break with Refreshments
Wednesday August 10, 2016 10:30am - 11:00am
Zilker Ballroom Foyer

11:00am

Flip Feng Shui: Hammering a Needle in the Software Stack
Speakers
HB

Herbert Bos

Full professor, Vrije Universiteit Amsterdam
avatar for Bart Preneel

Bart Preneel

Full professor, imec-COSIC, KU Leuven
Professor Bart Preneel of KU Leuven heads the  imec-COSIC (COmputer Security and Industrial Cryptography) research group. His main research areas are information security and privacy with a focus on cryptographic algorithms and protocols and efficient and secure implementations.  He has authored more than 400 scientific publications and... Read More →


Wednesday August 10, 2016 11:00am - 11:30am
Zilker Ballroom 2

11:00am

Verifying Constant-Time Implementations

The constant-time programming discipline is an effective countermeasure against timing attacks, which can lead to complete breaks of otherwise secure systems. However, adhering to constant-time programming is hard on its own, and extremely hard under additional efficiency and legacy constraints. This makes automated verification of constant-time code an essential component for building secure software.

We propose a novel approach for verifying constanttime security of real-world code. Our approach is able to validate implementations that locally and intentionally violate the constant-time policy, when such violations are benign and leak no more information than the public outputs of the computation. Such implementations, which are used in cryptographic libraries to obtain important speedups or to comply with legacy APIs, would be declared insecure by all prior solutions.

We implement our approach in a publicly available, cross-platform, and fully automated prototype, ct-verif, that leverages the SMACK and Boogie tools and verifies optimized LLVM implementations. We present verification results obtained over a wide range of constant-time components from the NaCl, OpenSSL, FourQ and other off-the-shelf libraries. The diversity and scale of our examples, as well as the fact that we deal with top-level APIs rather than being limited to low-level leaf functions, distinguishes ct-verif from prior tools.

Our approach is based on a simple reduction of constant-time security of a program P to safety of a product program Qthat simulates two executions of P. We formalize and verify the reduction for a core high-level language using the Coq proof assistant.



Wednesday August 10, 2016 11:00am - 11:30am
Zilker Ballroom 3

11:00am

2016 Test of Time Award Panel
Wednesday August 10, 2016 11:00am - 12:30pm
Zilker Ballroom 4

11:30am

One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation

Row hammer attacks exploit electrical interactions between neighboring memory cells in high-density dynamic random-access memory (DRAM) to induce memory errors. By rapidly and repeatedly accessing DRAMs with specific patterns, an adversary with limited privilege on the target machine may trigger bit flips in memory regions that he has no permission to access directly. In this paper, we explore row hammer attacks in cross-VM settings, in which a malicious VM exploits bit flips induced by row hammer attacks to crack memory isolation enforced by virtualization. To do so with high fidelity, we develop novel techniques to determine the physical address mapping in DRAM modules at runtime (to improve the effectiveness of double-sided row hammer attacks), methods to exhaustively hammer a large fraction of physical memory from a guest VM (to collect exploitable vulnerable bits), and innovative approaches to break Xen paravirtualized memory isolation (to access arbitrary physical memory of the shared machine). Our study also suggests that the demonstrated row hammer attacks are applicable in modern public clouds where Xen paravirtualization technology is adopted. This shows that the presented cross-VM row hammer attacks are of practical importance.




Wednesday August 10, 2016 11:30am - 12:00pm
Zilker Ballroom 2

11:30am

Secure, Precise, and Fast Floating-Point Operations on x86 Processors

Floating-point computations introduce several side channels. This paper describes the first solution that closes these side channels while preserving the precision of non-secure executions. Our solution exploits microarchitectural features of the x86 architecture along with novel compilation techniques to provide low overhead.

Because of the details of x86 execution, the evaluation of floating-point side channel defenses is quite involved, but we show that our solution is secure, precise, and fast. Our solution closes more side channels than any prior solution. Despite the added security, our solution does not compromise on the precision of the floating-point operations. Finally, for a set of microkernels, our solution is an order of magnitude more efficient than the previous solution.


Speakers
AR

Ashay Rane

The University of Texas at Austin


Wednesday August 10, 2016 11:30am - 12:00pm
Zilker Ballroom 3

12:00pm

PIkit: A New Kernel-Independent Processor-Interconnect Rootkit
The goal of rootkit is often to hide malicious software running on a compromised machine. While there has been significant amount of research done on different rootkits, we describe a new type of rootkit that is kernel-independent – i.e., no aspect of the kernel is modified and no code is added to the kernel address space to install the rootkit. In this work, we present PIkit – Processor-Interconnect rootkit that exploits the vulnerable hardware features within multi-socket servers that are commonly used in datacenters and high-performance computing. In particular, PIkit exploits the DRAM address mapping table structure that determines the destination node of a memory request packet in the processorinterconnect. By modifying this mapping table appropriately, PIkit enables access to victim’s memory address region without proper permission. Once PIkit is installed, only user-level code or payload is needed to carry out malicious activities. The malicious payload mostly consists of memory read and/or write instructions that appear like “normal” user-space memory accesses and it becomes very difficult to detect such malicious payload. We describe the design and implementation of PIkit on both an AMD and an Intel x86 multi-socket servers that are commonly used. We discuss different malicious activities possible with PIkit and limitations of PIkit, as well as possible software and hardware solutions to PIkit.


Wednesday August 10, 2016 12:00pm - 12:30pm
Zilker Ballroom 2

12:00pm

überSpark: Enforcing Verifiable Object Abstractions for Automated Compositional Security Analysis of a Hypervisor
We present überSpark (üSpark), an innovative architecture for compositional verification of security properties of extensible hypervisors written in C and Assembly. üSpark comprises two key ideas: (i) endowing low-level system software with abstractions found in higher-level languages (e.g., objects, interfaces, function-call semantics for implementations of interfaces, access control on interfaces, concurrency and serialization), enforced using a combination of commodity hardware mechanisms and lightweight static analysis; and (ii) interfacing with platform hardware by programming in Assembly using an idiomatic style (called CASM) that is verifiable via tools aimed at C, while retaining its performance and low-level access to hardware. After verification, the C code is compiled using a certified compiler while the CASM code is translated into its corresponding Assembly instructions. Collectively, these innovations enable compositional verification of security invariants without sacrificing performance. We validate üSpark by building and verifying security invariants of an existing open-source commodity x86 micro-hypervisor and several of its extensions, and demonstrating only minor performance overhead with low verification costs.


Wednesday August 10, 2016 12:00pm - 12:30pm
Zilker Ballroom 3

12:30pm

Lunch (on your own)
Wednesday August 10, 2016 12:30pm - 2:00pm
TBA

12:30pm

Networking Luncheon for Women in Advanced Computing (WiAC)
Let's talk about women in advanced computing. All registered attendees—of all genders—are welcome to attend. This event is free, but space is limited. Pre-registration is required.

Wednesday August 10, 2016 12:30pm - 2:00pm
Hill Country Ballroom

2:00pm

Undermining Information Hiding (and What to Do about It)

In the absence of hardware-supported segmentation, many state-of-the-art defenses resort to “hiding” sensitive information at a random location in a very large address space. This paper argues that information hiding is a weak isolation model and shows that attackers can find hidden information, such as CPI’s SafeStacks, in seconds—by means of thread spraying. Thread spraying is a novel attack technique which forces the victim program to allocate many hidden areas. As a result, the attacker has a much better chance to locate these areas and compromise the defense. We demonstrate the technique by means of attacks on Firefox, Chrome, and MySQL. In addition, we found that it is hard to remove all sensitive information (such as pointers to the hidden region) from a program and show how residual sensitive information allows attackers to bypass defenses completely.

We also show how we can harden information hiding techniques by means of an Authenticating Page Mapper (APM) which builds on a user-level page-fault handler to authenticate arbitrary memory reads/writes in the virtual address space. APM bootstraps protected applications with a minimum-sized safe area. Every time the program accesses this area, APM authenticates the access operation, and, if legitimate, expands the area on demand. We demonstrate that APM hardens information hiding significantly while increasing the overhead, on average, 0.3% on baseline SPEC CPU 2006, 0.0% on SPEC with SafeStack and 1.4% on SPEC with CPI.


Speakers
HB

Herbert Bos

Full professor, Vrije Universiteit Amsterdam
RG

Robert Gawlik

Ruhr-Universität Bochum
BK

Benjamin Kollenda

Ruhr-University Bochum


Wednesday August 10, 2016 2:00pm - 2:30pm
Zilker Ballroom 2

2:00pm

zxcvbn: Low-Budget Password Strength Estimation

For over 30 years, password requirements and feedback have largely remained a product of LUDS: counts of lower- and uppercase letters, digits and symbols. LUDS remains ubiquitous despite being a conclusively burdensome and ineffective security practice.

zxcvbn is an alternative password strength estimator that is small, fast, and crucially no harder than LUDS to adopt. Using leaked passwords, we compare its estimations to the best of four modern guessing attacks and show it to be accurate and conservative at low magnitudes, suitable for mitigating online attacks. We find 1.5 MB of compressed storage is sufficient to accurately estimate the best-known guessing attacks up to 105 guesses, or 104 and 103 guesses, respectively, given 245 kB and 29 kB. zxcvbn can be adopted with 4 lines of code and downloaded in seconds. It runs in milliseconds and works as-is on web, iOS and Android.



Wednesday August 10, 2016 2:00pm - 2:30pm
Zilker Ballroom 3

2:00pm

Making HTTPS the Default in the World's Largest Bureaucracy
The US government is in the process of requiring secure connections to its public web services through HTTPS and HSTS. It is a lot of hard work by a lot of good people working in an enterprise of enterprises of enterprises, and it is not strongly centrally coordinated. This talk will discuss the technical and political challenges that have come up during the process, offer a glimpse into the US government's evolving relationship with technology, and share some lessons that may be useful to those pushing for change in their own bureaucracies.

Speakers

Wednesday August 10, 2016 2:00pm - 3:30pm
Zilker Ballroom 4

2:30pm

Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
Human-chosen text passwords, today’s dominant form of authentication, are vulnerable to guessing attacks. Unfortunately, existing approaches for evaluating password strength by modeling adversarial password guessing are either inaccurate or orders of magnitude too large and too slow for real-time, client-side password checking. We propose using artificial neural networks to model text passwords’ resistance to guessing attacks and explore how different architectures and training methods impact neural networks’ guessing effectiveness. We show that neural networks can often guess passwords more effectively than state-of-the-art approaches, such as probabilistic context-free grammars and Markov models. We also show that our neural networks can be highly compressed—to as little as hundreds of kilobytes— without substantially worsening guessing effectiveness. Building on these results, we implement in JavaScript the first principled client-side model of password guessing, which analyzes a password’s resistance to a guessing attack of arbitrary duration with sub-second latency. Together, our contributions enable more accurate and practical password checking than was previously possible.

Speakers
LB

Lujo Bauer

Carnegie Mellon University
NC

Nicolas Christin

Carnegie Mellon University
LF

Lorrie Faith Cranor

Carnegie Mellon University
SK

Saranga Komanduri

Carnegie Mellon University
WM

William Melicher

Carnegie Mellon University
SM

Sean M. Segreti

Sean is a PhD student at Carnegie Mellon University, where he conducts and publishes studies on password security and usability. He and Blase Ur will be representing the entire passwords research group at CMU, which comprises three faculty and more than 10 students.
avatar for Blase Ur

Blase Ur

Ph.D. Student, University of Chicago
Blase is a PhD student at Carnegie Mellon University, where he conducts and publishes studies on password security and usability. He and Sean Segreti will be representing the entire passwords research group at CMU, which comprises three faculty and more than 10 students.


Wednesday August 10, 2016 2:30pm - 3:00pm
Zilker Ballroom 3

2:30pm

Poking Holes in Information Hiding

ASLR is no longer a strong defense in itself, but it still serves as a foundation for sophisticated defenses that use randomization for pseudo-isolation. Crucially, these defenses hide sensitive information (such as shadow stacks and safe regions) at a random position in a very large address space. Previous attacks on randomization-based information hiding rely on complicated side channels and/or probing of the mapped memory regions. Assuming no weaknesses exist in the implementation of hidden regions, the attacks typically lead to many crashes or other visible side-effects. For this reason, many researchers still consider the pseudo-isolation offered by ASLR sufficiently strong in practice.

We introduce powerful new primitives to show that this faith in ASLR-based information hiding is misplaced, and that attackers can break ASLR and find hidden regions on 32 bit and 64 bit Linux systems quickly with very few malicious inputs. Rather than building on memory accesses that probe the allocated memory areas, we determine the sizes of theunallocated holes in the address space by repeatedly allocating large chunks of memory. Given the sizes, an attacker can infer the location of the hidden region with few or no side-effects. We show that allocation oracles are pervasive and evaluate our primitives on real-world server applications.


Speakers

Wednesday August 10, 2016 2:30pm - 3:00pm
Zilker Ballroom 2

3:00pm

An Empirical Study of Textual Key-Fingerprint Representations

Many security protocols still rely on manual fingerprint comparisons for authentication. The most well-known and widely used key-fingerprint representation are hexadecimal strings as used in various security tools. With the introduction of end-to-end security in WhatsApp and other messengers, the discussion on how to best represent key-fingerprints for users is receiving a lot of interest.

We conduct a 1047 participant study evaluating six different textual key-fingerprint representations with regards to their performance and usability. We focus on textual fingerprints as the most robust and deployable representation.

Our findings show that the currently used hexadecimal representation is more prone to partial preimage attacks in comparison to others. Based on our findings, we make the recommendation that two alternative representations should be adopted. The highest attack detection rate and best usability perception is achieved with a sentence-based encoding. If language-based representations are not acceptable, a simple numeric approach still outperforms the hexadecimal representation.


Speakers
YA

Yasemin Acar

Leibniz University Hannover
SF

Sascha Fahl

Leibniz University Hannover
MS

Matthew Smith

Professor, Rheinische Friedrich-Wilhelms-Universität Bonn & Fraunhofer FKIE


Wednesday August 10, 2016 3:00pm - 3:30pm
Zilker Ballroom 3

3:00pm

What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses

Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still at the core of exploiting memory corruption vulnerabilities. Most notably, in JIT-ROP, an attacker dynamically searches for suitable gadgets in executable code pages, even if they have been randomized. JIT-ROP seemingly requires that (i) code isreadable (to find gadgets at run time) and (ii) executable (to mount the overall attack). As a response, Execute-no-Read (XnR) schemes have been proposed to revoke the read privilege of code, such that an adversary can no longer inspect the code after finegrained code randomizations have been applied.

We revisit these “inherent” requirements for mounting JIT-ROP attacks. We show that JIT-ROP attacks can be mounted without ever reading any code fragments, but instead by injecting predictable gadgets via a JIT compiler by carefully triggering useful displacement values in control flow instructions. We show that defenses deployed in all major browsers (Chrome, MS IE, Firefox) do not protect against such gadgets, nor do the current XnR implementations protect against code injection attacks. To extend XnR’s guarantees against JIT-compiled gadgets, we propose a defense that replaces potentially dangerous direct control flow instructions with indirect ones at an overall performance overhead of less than 2% and a code-size overhead of 26% on average.



Wednesday August 10, 2016 3:00pm - 3:30pm
Zilker Ballroom 2

3:30pm

Break with Refreshments
Wednesday August 10, 2016 3:30pm - 4:00pm
Zilker Ballroom Foyer

4:00pm

Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing
While showing great promise, Bitcoin requires users to wait tens of minutes for transactions to commit, and even then, offering only probabilistic guarantees. This paper introduces ByzCoin, a novel Byzantine consensus protocol that leverages scalable collective signing to commit Bitcoin transactions irreversibly within seconds. ByzCoin achieves Byzantine consensus while preserving Bitcoin’s open membership by dynamically forming hash power-proportionate consensus groups that represent recently-successful block miners. ByzCoin employs communication trees to optimize transaction commitment and verification under normal operation while guaranteeing safety and liveness under Byzantine faults, up to a near-optimal tolerance of f faulty group members among 3f +2 total. ByzCoin mitigates double spending and selfish mining attacks by producing collectively signed transaction blocks within one minute of transaction submission. Tree-structured communication further reduces this latency to less than 30 seconds. Due to these optimizations, ByzCoin achieves a throughput higher than Paypal currently handles, with a confirmation latency of 15-20 seconds.

Speakers
BF

Bryan Ford

École polytechnique fédérale de Lausanne (EPFL)
NG

Nicolas Gailly

École polytechnique fédérale de Lausanne (EPFL)
LG

Linus Gasser

École polytechnique fédérale de Lausanne (EPFL)
PJ

Philipp Jovanovic

École polytechnique fédérale de Lausanne (EPFL)
EK

Eleftherios Kokoris-Kogias

École polytechnique fédérale de Lausanne (EPFL)


Wednesday August 10, 2016 4:00pm - 4:30pm
Zilker Ballroom 3

4:00pm

Off-Path TCP Exploits: Global Rate Limit Considered Dangerous
In this paper, we report a subtle yet serious side channel vulnerability (CVE-2016-5696) introduced in a recent TCP specification. The specification is faithfully implemented in Linux kernel version 3.6 (from 2012) and beyond, and affects a wide range of devices and hosts. In a nutshell, the vulnerability allows a blind off-path attacker to infer if any two arbitrary hosts on the Internet are communicating using a TCP connection. Further, if the connection is present, such an off-path attacker can also infer the TCP sequence numbers in use, from both sides of the connection; this in turn allows the attacker to cause connection termination and perform data injection attacks. We illustrate how the attack can be leveraged to disrupt or degrade the privacy guarantees of an anonymity network such as Tor, and perform web connection hijacking. Through extensive experiments, we show that the attack is fast and reliable. On average, it takes about 40 to 60 seconds to finish and the success rate is 88% to 97%. Finally, we propose changes to both the TCP specification and implementation to eliminate the root cause of the problem.

Speakers
SV

Srikanth V. Krishnamurthy

University of California, Riverside
ZQ

Zhiyun Qian

University of California, Riverside


Wednesday August 10, 2016 4:00pm - 4:30pm
Zilker Ballroom 2

4:00pm

When Governments Attack: Malware Targeting Activists, Lawyers, and Journalists
Targeted malware campaigns against activists, lawyers, and journalists are becoming extremely commonplace. These attacks range in sophistication from simple spear-phishing campaigns using off the shelf malware, to APT-level attacks employing exploits, large budgets, and increasingly sophisticated techniques. Activists, lawyers and journalists are, for the most part, completely unprepared to deal with cyber-attacks; most of them don't even have a single security professional on staff. In this session, Eva Galperin of the Electronic Frontier Foundation will discuss the technical and operational details of malware campaigns against activists, journalists, and lawyers around the world, including EFF employees and clients, as well as what the security community can do to protect these highly vulnerable populations.

Speakers

Wednesday August 10, 2016 4:00pm - 6:00pm
Zilker Ballroom 4

4:30pm

Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution

We describe a highly optimized protocol for general purpose secure two-party computation (2PC) in the presence of malicious adversaries. Our starting point is a protocol of Kolesnikov et al. (TCC 2015). We adapt that protocol to the online/offline setting, where two parties repeatedly evaluate the same function (on possibly different inputs each time) and perform as much of the computation as possible in an offline preprocessing phase before their inputs are known. Along the way we develop several significant simplifications and optimizations to the protocol.

We have implemented a prototype of our protocol and report on its performance. When two parties on Amazon servers in the same region use our implementation to securely evaluate the AES circuit 1024 times, the amortized cost per evaluation is 5.1ms offline + 1.3ms online. The total offline+online cost of our protocol is in fact less than the online cost of any reported protocol with malicious security. For comparison, our protocol’s closest competitor (Lindell & Riva, CCS 2015) uses 74ms offline + 7ms online in an identical setup.

Our protocol can be further tuned to trade performance for leakage. As an example, the performance in the above scenario improves to 2.4ms offline + 1.0ms online if we allow an adversary to learn a single bit about the honest party’s input with probability 2−20 (but not violate any other security property, e.g. correctness).



Wednesday August 10, 2016 4:30pm - 5:00pm
Zilker Ballroom 3

4:30pm

Website-Targeted False Content Injection by Network Operators
It is known that some network operators inject false content into users’ network traffic. Yet all previous works that investigate this practice focus on edge ISPs (Internet Service Providers), namely, those that provide Internet access to end users. Edge ISPs that inject false content affect their customers only. However, in this work we show that not only edge ISPs may inject false content, but also non-edge network operators. These operators can potentially alter the traffic of all Internet users who visit predetermined websites. We expose this practice by inspecting a large amount of traffic originating from several networks. Our study is based on the observation that the forged traffic is injected in an out-of-band manner: the network operators do not update the network packets in-path, but rather send the forged packetswithout dropping the legitimate ones. This creates a race between the forged and the legitimate packets as they arrive to the end user. This race can be identified and analyzed. Our analysis shows that the main purpose of content injection is to increase the network operators’ revenue by inserting advertisements to websites. Nonetheless, surprisingly, we have also observed numerous cases of injected malicious content. We publish representative samples of the injections to facilitate continued analysis of this practice by the security community.


Wednesday August 10, 2016 4:30pm - 5:00pm
Zilker Ballroom 2

5:00pm

Egalitarian Computing

In this paper we explore several contexts where an adversary has an upper hand over the defender by using special hardware in an attack. These include password processing, hard-drive protection, cryptocurrency mining, resource sharing, code obfuscation, etc.

We suggest memory-hard computing as a generic paradigm, where every task is amalgamated with a certain procedure requiring intensive access to RAM both in terms of size and (very importantly) bandwidth, so that transferring the computation to GPU, FPGA, and even ASIC brings little or no cost reduction. Cryptographic schemes that run in this framework become egalitarian in the sense that both users and attackers are equal in the price-performance ratio conditions.

Based on existing schemes like Argon2 and the recent generalized-birthday proof-of-work, we suggest a generic framework and two new schemes:

  • MTP, a memory-hard Proof-of-Work based on the memory-hard function with fast verification and short proofs. It can be also used for memory-hard time-lock puzzles.
  • MHE, the concept of memory-hard encryption, which utilizes available RAM to strengthen the encryption for the low-entropy keys (allowing to bring back 6 letter passwords).


Wednesday August 10, 2016 5:00pm - 5:30pm
Zilker Ballroom 3

5:00pm

The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO

Blackhat Search Engine Optimization (SEO) has been widely used to promote spam or malicious web sites. Traditional blackhat SEO campaigns often target hot keywords and establish link networks by spamming popular forums or compromising vulnerable sites. However, such SEO campaigns are actively disrupted by search engines providers, making the operational cost much higher in recent years. In this paper, we reveal a new type of blackhat SEO infrastructure (called “spider pool”) which seeks a different operational model. The owners of spider pools use cheap domains with low PR (PageRank) values to construct link networks and poison longtail keywords. To get better rankings of their promoted content, the owners have to reduce the indexing latencies by search engines. To this end, they abusewildcard DNS to create virtually infinite sites and construct complicated loop structure to force search-engine crawlers to visit them relentlessly.

We carried out a comprehensive study to understand this emerging threat. As a starting point, we infiltrated a spider pool service and built a detection system to explore all the recruited SEO domains to learn how they were orchestrated. Exploiting the unique features of the spider pool, we developed a scanner which examined over 13 million domains under 22 TLDs/SLDs and discovered over 458K SEO domains. Finally, we measured the spider-pool ecosystem on top of these domains and analyzed the crawling results from 21 spider pools. The measurement result reveals their infrastructure features, customer categories and impact on search engines. We hope our study could inspire new mitigation methods and improve the ranking or indexing metrics from search engines.


Speakers
ZL

Zhou Li

IEEE Member
KZ

Kehuan Zhang

The Chinese University of Hong Kong


Wednesday August 10, 2016 5:00pm - 5:30pm
Zilker Ballroom 2

5:30pm

A Comprehensive Measurement Study of Domain Generating Malware

Recent years have seen extensive adoption of domain generation algorithms (DGA) by modern botnets. The main goal is to generate a large number of domain names and then use a small subset for actual C&C communication. This makes DGAs very compelling for botmasters to harden the infrastructure of their botnets and make it resilient to blacklisting and attacks such as takedown efforts. While early DGAs were used as a backup communication mechanism, several new botnets use them as their primary communication method, making it extremely important to study DGAs in detail.

In this paper, we perform a comprehensive measurement study of the DGA landscape by analyzing 43 DGAbased malware families and variants. We also present a taxonomy for DGAs and use it to characterize and compare the properties of the studied families. By reimplementing the algorithms, we pre-compute all possible domains they generate, covering the majority of known and active DGAs. Then, we study the registration status of over 18 million DGA domains and show that corresponding malware families and related campaigns can be reliably identified by pre-computing future DGA domains. We also give insights into botmasters’ strategies regarding domain registration and identify several pitfalls in previous takedown efforts of DGA-based botnets. We will share the dataset for future research and will also provide a web service to check domains for potential DGA identity.


Speakers

Wednesday August 10, 2016 5:30pm - 6:00pm
Zilker Ballroom 2

5:30pm

Post-quantum Key Exchange—A New Hope
At IEEE Security & Privacy 2015, Bos, Costello, Naehrig, and Stebila proposed an instantiation of Peikert’s ring-learning-with-errors–based (Ring-LWE) key exchange protocol (PQCrypto 2014), together with an implementation integrated into OpenSSL, with the affirmed goal of providing post-quantum security for TLS. In this work we revisit their instantiation and stand-alone implementation. Specifically, we propose new parameters and a better suited error distribution, analyze the scheme’s hardness against attacks by quantum computers in a conservative way, introduce a new and more efficient error-reconciliation mechanism, and propose a defense against backdoors and all-for-the-price-of-one attacks. By these measures and for the same lattice dimension, we more than double the security parameter, halve the communication overhead, and speed up computation by more than a factor of 8 in a portable C implementation and by more than a factor of 27 in an optimized implementation targeting current Intel CPUs. These speedups are achieved with comprehensive protection against timing attacks.


Wednesday August 10, 2016 5:30pm - 6:00pm
Zilker Ballroom 3

6:30pm

USENIX Security '16 Reception
Sponsored by Facebook
Don’t miss the USENIX Security ’16 Reception, featuring the 2016 Internet Defense Prize award presentation, dinner, drinks, and the chance to connect with other attendees, speakers, and conference organizers.

Wednesday August 10, 2016 6:30pm - 8:00pm
Zilker Ballroom 1

6:30pm

USENIX Security '16 Symposium Reception
Don’t miss the USENIX Security ’16 Reception, featuring the 2016 Internet Defense Prize award presentation, dinner, drinks, and the chance to connect with other attendees, speakers, and conference organizers.

Sponsors
avatar for Facebook

Facebook

Platinum Sponsor
Founded in 2004, Facebook's mission is to give people the power to share and make the world more open and connected. Our business focuses on creating value for people, marketers, and developers. People use Facebook to stay connected with friends and family, to discover what's going... Read More →


Wednesday August 10, 2016 6:30pm - 8:00pm
Zilker Ballroom 1

8:00pm

USENIX Security '16 Work-in-Progress Reports (WiPs)
This session offers short presentations about work in progress, new results, or timely topics. Speakers should submit a one- or two-paragraph abstract in PDF format via the Web submission system by noon CDT on August 10, 2016. Make sure to include your name, your affiliation, and the title of your talk. Include in your submission your requested number of minutes (up to 7 minutes); we cannot guarantee that all talks will get the requested number of minutes. The time limit will be strictly enforced.

Wednesday August 10, 2016 8:00pm - 9:00pm
Zilker Ballroom 2

8:00pm

Birds-of-a-Feather Sessions (BoFs)

View the current schedule and scheduling instructions on the USENIX Security '16 BoFs page.


Wednesday August 10, 2016 8:00pm - 11:00pm
TBA
 
Thursday, August 11
 

7:30am

Continental Breakfast
Thursday August 11, 2016 7:30am - 9:00am
Zilker Ballroom Foyer

8:30am

Daily Lightning Talks
We begin each day with a lightning talks session, offering a 60-second preview of the papers to be presented on the day. For authors, it’s an opportunity to provide more reasons why people should come to your talk. For attendees, it’s an opportunity to hear an elevator pitch for the papers you will have to miss today.

Thursday August 11, 2016 8:30am - 9:00am
Zilker Ballroom 2–4

9:00am

Automatically Detecting Error Handling Bugs Using Error Specifications

Incorrect error handling in security-sensitive code often leads to severe security vulnerabilities. Implementing correct error handling is repetitive and tedious especially in languages like C that do not support any exception handling primitives. This makes it very easy for the developers to unwittingly introduce error handling bugs. Moreover, error handling bugs are hard to detect and locate using existing bug-finding techniques because many of these bugs do not display any obviously erroneous behaviors (e.g., crash and assertion failure) but cause subtle inaccuracies.

In this paper, we design, implement, and evaluate EPEX, a tool that uses error specifications to identify and symbolically explore different error paths and reports bugs when any errors are handled incorrectly along these paths. The key insights behind our approach are: (i) real-world programs often handle errors only in a limited number of ways and (ii) most functions have simple and consistent error specifications. This allows us to create a simple oracle that can detect a large class of error handling bugs across a wide range of programs. We evaluated EPEX on 867,000 lines of C Code from four different open-source SSL/TLS libraries (OpenSSL, GnuTLS, mbedTLS, and wolfSSL) and 5 different applications that use SSL/TLS API (Apache httpd, cURL, Wget, LYNX, and Mutt). EPEx discovered 102 new error handling bugs across these programs—at least 53 of which lead to security flaws that break the security guarantees of SSL/TLS. EPEX has a low false positive rate (28 out of 130 reported bugs) as well as a low false negative rate (20 out of 960 reported correct error handling cases).




Thursday August 11, 2016 9:00am - 9:30am
Zilker Ballroom 2

9:00am

Defending against Malicious Peripherals with Cinch
Malicious peripherals designed to attack their host computers are a growing problem. Inexpensive and powerful peripherals that attach to plug-and-play buses have made such attacks easy to mount. Making matters worse, commodity operating systems lack coherent defenses, and users are often unaware of the scope of the problem. We present Cinch, a pragmatic response to this threat. Cinch uses virtualization to attach peripheral devices to a logically separate, untrusted machine, and includes an interposition layer between the untrusted machine and the protected one. This layer regulates interaction with devices according to user-configured policies. Cinch integrates with existing OSes, enforces policies that thwart real-world attacks, and has low overhead.


Thursday August 11, 2016 9:00am - 9:30am
Zilker Ballroom 3

9:00am

The Moral Character of Cryptographic Work
Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently political tool, and it confers on the field an intrinsically moral dimension. The Snowden revelations motivate a reassessment of the political and moral positioning of cryptography. They lead one to ask if our inability to effectively address mass surveillance constitutes a failure of our field. I believe that it does. I call for a community-wide effort to develop more effective means to resist mass surveillance. I plead for a reinvention of our disciplinary culture to attend not only to puzzles and math, but, also, to the societal implications of our work.

Speakers

Thursday August 11, 2016 9:00am - 10:30am
Zilker Ballroom 4

9:30am

APISan: Sanitizing API Usages through Semantic Cross-Checking

API misuse is a well-known source of bugs. Some of them (e.g., incorrect use of SSL API, and integer overflow of memory allocation size) can cause serious security vulnerabilities (e.g., man-in-the-middle (MITM) attack, and privilege escalation). Moreover, modern APIs, which are large, complex, and fast evolving, are error-prone. However, existing techniques to help finding bugs require manual effort by developers (e.g., providing specification or model) or are not scalable to large real-world software comprising millions of lines of code.

In this paper, we present APISAN, a tool that automatically infers correct API usages from source code without manual effort. The key idea in APISAN is to extract likely correct usage patterns in four different aspects (e.g., causal relation, and semantic relation on arguments) by considering semantic constraints. APISAN is tailored to check various properties with security implications. We applied APISAN to 92 million lines of code, including Linux Kernel, and OpenSSL, found 76 previously unknown bugs, and provided patches for all the bugs.


Speakers
YJ

Yeongjin Jang

Georgia Institute of Technology
TK

Taesoo Kim

Georgia Institute of Technology
CM

Changwoo Min

Georgia Institute of Technology
IY

Insu Yun

Georgia Tech


Thursday August 11, 2016 9:30am - 10:00am
Zilker Ballroom 2

9:30am

Making USB Great Again with USBFILTER
USB provides ubiquitous plug-and-play connectivity for a wide range of devices. However, the complex nature of USB obscures the true functionality of devices from the user, and operating systems blindly trust any physically-attached device. This has led to a number of attacks, ranging from hidden keyboards to network adapters, that rely on the user being unable to identify all of the functions attached to the host. In this paper, we present USBFILTER, which provides the first packet-level access control for USB and can prevent unauthorized interfaces from successfully connecting to the host operating system. USBFILTER can trace individual USB packets back to their respective processes and block unauthorized access to any device. By instrumenting the host’s USB stack between the device drivers and the USB controller, our system is able to filter packets at a granularity that previous works cannot — at the lowest possible level in the operating system. USBFILTER is not only able to block or permit specific device interfaces; it can also restrict interfaces to a particular application (e.g., only Skype can access my webcam). Furthermore, our experimental analysis shows that USBFILTER introduces a negligible (3-10μs) increase in latency while providing mediation of all USB packets on the host. Our system provides a level of granularity and extensibility that reduces the uncertainty of USB connectivity and ensures unauthorized devices are unable to communicate with the host.

Speakers

Thursday August 11, 2016 9:30am - 10:00am
Zilker Ballroom 3

10:00am

Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks
Spraying is a common payload delivery technique used by attackers to execute arbitrary code in presence of Address Space Layout Randomisation (ASLR). In this paper we present Graffiti, an efficient hypervisorbased memory analysis framework for the detection and prevention of spraying attacks. Compared with previous solutions, our system is the first to offer an efficient, complete, extensible, and OS independent protection against all spraying techniques known to date. We developed a prototype open source framework based on our approach, and we thoroughly evaluated it against all known variations of spraying attacks on two operating systems: Linux and Microsoft Windows. Our tool can be applied out of the box to protect any application, and its overhead can be tuned according to the application behavior and to the desired level of protection.

Speakers
DB

Davide Balzarotti

Professor, Eurecom Institute, France
Davide Balzarotti is a Professor in the Digital Security Department at Eurecom, in the French Riviera. His research interests cover most aspects of system security and in particular the areas of binary and malware analysis, reverse engineering, computer forensics, and web security... Read More →


Thursday August 11, 2016 10:00am - 10:30am
Zilker Ballroom 3

10:00am

On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software Vulnerabilities

Metadata manipulation attacks represent a new threat class directed against Version Control Systems, such as the popular Git. This type of attack provides inconsistent views of a repository state to different developers, and deceives them into performing unintended operations with often negative consequences. These include omitting security patches, merging untested code into a production branch, and even inadvertently installing software containing known vulnerabilities. To make matters worse, the attacks are subtle by nature and leave no trace after being executed.

We propose a defense scheme that mitigates these attacks by maintaining a cryptographically-signed log of relevant developer actions. By documenting the state of the repository at a particular time when an action is taken, developers are given a shared history, so irregularities are easily detected. Our prototype implementation of the scheme can be deployed immediately as it is backwards compatible and preserves current workflows and use cases for Git users. An evaluation shows that the defense adds a modest overhead while offering significantly stronger security. We performed responsible disclosure of the attacks and are working with the Git community to fix these issues in an upcoming version of Git.


Speakers
avatar for Justin Cappos

Justin Cappos

Professor, New York University
Justin Cappos is a professor in the Computer Science and Engineering department at New York University, who strives to provide service to society through technology. Justin's research philosophy focuses on solving real world security problems in practice. He and his students often... Read More →
avatar for Santiago

Santiago

PhD Candidate, New York University
Open source developer, arch linux packager and security team, member of the reproducible builds project. I do research on securing the devops pipeline and the software supply chain.I'm interested in helping you secure your software supply chain using in-toto.


Thursday August 11, 2016 10:00am - 10:30am
Zilker Ballroom 2

10:30am

Break with Refreshments
Thursday August 11, 2016 10:30am - 11:00am
Zilker Ballroom Foyer

11:00am

Request and Conquer: Exposing Cross-Origin Resource Size

Numerous initiatives are encouraging website owners to enable and enforce TLS encryption for the communication between the server and their users. Although this encryption, when configured properly, completely prevents adversaries from disclosing the content of the traffic, certain features are not concealed, most notably the size of messages. As modern-day web applications tend to provide users with a view that is tailored to the information they entrust these web services with, it is clear that knowing the size of specific resources, an adversary can easily uncover personal and sensitive information.

In this paper, we explore various techniques that can be employed to reveal the size of resources. As a result of this in-depth analysis, we discover several design flaws in the storage mechanisms of browsers, which allows an adversary to expose the exact size of any resource in mere seconds. Furthermore, we report on a novel size-exposing technique against Wi-Fi networks. We evaluate the severity of our attacks, and show their worrying consequences in multiple real-world attack scenarios. Furthermore, we propose an improved design for browser storage, and explore other viable solutions that can thwart size-exposing attacks.


Speakers
avatar for Tom Van Goethem

Tom Van Goethem

imec-DistriNet - KU Leuven
Tom Van Goethem is a PhD student at the University of Leuven with a keen interest in web security and privacy. In his research, Tom likes performing large-scale security experiments, whether to analyze the presence of good and bad practices on the web, or to demystify security claims... Read More →
WJ

Wouter Joosen

imec-DistriNet - KU Leuven
avatar for Frank Piessens

Frank Piessens

Full professor, imec-DistriNet, KU Leuven
Frank Piessens is a professor at the Department of Computer Science of the KU Leuven, Belgium. His research interests lie in software security, including security in operating systems and middleware, architectures, applications, Java and .NET, and software interfaces to security technologies. He... Read More →


Thursday August 11, 2016 11:00am - 11:30am
Zilker Ballroom 2

11:00am

Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos

In this paper, we introduce a novel approach to bypass modern face authentication systems. More specifically, by leveraging a handful of pictures of the target user taken from social media, we show how to create realistic, textured, 3D facial models that undermine the security of widely used face authentication solutions. Our framework makes use of virtual reality (VR) systems, incorporating along the way the ability to perform animations (e.g., raising an eyebrow or smiling) of the facial model, in order to trick liveness detectors into believing that the 3D model is a real human face. The synthetic face of the user is displayed on the screen of the VR device, and as the device rotates and translates in the real world, the 3D face moves accordingly. To an observing face authentication system, the depth and motion cues of the display match what would be expected for a human face.

We argue that such VR-based spoofing attacks constitute a fundamentally new class of attacks that point to a serious weaknesses in camera-based authentication systems: Unless they incorporate other sources of verifiable data, systems relying on color image data and camera motion are prone to attacks via virtual realism. To demonstrate the practical nature of this threat, we conduct thorough experiments using an end-to-end implementation of our approach and show how it undermines the security of several face authentication solutions that include both motion-based and liveness detectors.



Thursday August 11, 2016 11:00am - 11:30am
Zilker Ballroom 3

11:00am

Privacy and Threat in Practice: Mobile Messaging by Low-Income New Yorkers

Is a theoretically-secure system any good if it doesn’t address users’ real-world threat models? Is the security community today meeting the needs of a mass, global audience, or simply building tools and features for itself? Do we know how to understand what people really need?

We asked a group of straight-talking New Yorkers about the data-security threats they face. Their answers indicate a significant gap between their lived experience and the way our community thinks about security. To bridge this gap and get privacy-preserving systems into the hands of real people, we need more foundational research to understand user needs, not only late-stage usability studies in a lab.


Speakers

Thursday August 11, 2016 11:00am - 12:30pm
Zilker Ballroom 4

11:30am

Hidden Voice Commands

Voice interfaces are becoming more ubiquitous and are now the primary input method for many devices. We explore in this paper how they can be attacked with hidden voice commands that are unintelligible to human listeners but which are interpreted as commands by devices.

We evaluate these attacks under two different threat models. In the black-box model, an attacker uses the speech recognition system as an opaque oracle. We show that the adversary can produce difficult to understand commands that are effective against existing systems in the black-box model. Under the white-box model, the attacker has full knowledge of the internals of the speech recognition system and uses it to create attack commands that we demonstrate through user testing are not understandable by humans.

We then evaluate several defenses, including notifying the user when a voice command is accepted; a verbal challenge-response protocol; and a machine learning approach that can detect our attacks with 99.8% accuracy.


Speakers
NC

Nicholas Carlini

UC Berkeley
MS

Micah Sherr

Georgetown University
CS

Clay Shields

Georgetown University
TV

Tavish Vaidya

Georgetown University
DW

David Wagner

University of California, Berkeley


Thursday August 11, 2016 11:30am - 12:00pm
Zilker Ballroom 3

11:30am

Trusted Browsers for Uncertain Times

JavaScript in one origin can use timing channels in browsers to learn sensitive information about a user’s interaction with other origins, violating the browser’s compartmentalization guarantees. Browser vendors have attempted to close timing channels by trying to rewrite sensitive code to run in constant time and by reducing the resolution of reference clocks.

We argue that these ad-hoc efforts are unlikely to succeed. We show techniques that increase the effective resolution of degraded clocks by two orders of magnitude, and we present and evaluate multiple, new implicit clocks: techniques by which JavaScript can time events without consulting an explicit clock at all.

We show how “fuzzy time” ideas in the trusted operating systems literature can be adapted to building trusted browsers, degrading all clocks and reducing the bandwidth of all timing channels. We describe the design of a next-generation browser, called Fermata, in which all timing sources are completely mediated. As a proof of feasibility, we present Fuzzyfox, a fork of the Firefox browser that implements many of the Fermata principles within the constraints of today’s browser architecture. We show that Fuzzyfox achieves sufficient compatibility and performance for deployment today by privacysensitive users.

In summary:

  • We show how an attacker can measure durations in web browsers without querying an explicit clock.
  • We show how the concepts of “fuzzy time” can apply to web browsers to mitigate all clocks.
  • We present a prototype demonstrating the impact of some of these concepts.

Speakers
DK

David Kohlbrenner

University of California, San Diego
HS

Hovav Shacham

UC San Diego


Thursday August 11, 2016 11:30am - 12:00pm
Zilker Ballroom 2

12:00pm

FlowFence: Practical Data Protection for Emerging IoT Application Frameworks
Emerging IoT programming frameworks enable building apps that compute on sensitive data produced by smart homes and wearables. However, these frameworks only support permission-based access control on sensitive data, which is ineffective at controlling how apps use data once they gain access. To address this limitation, we present FlowFence, a system that requires consumers of sensitive data to declare their intended data flow patterns, which it enforces with low overhead, while blocking all other undeclared flows. FlowFence achieves this by explicitly embedding data flows and the related control flows within app structure. Developers use Flow- Fence support to split their apps into two components: (1) A set of Quarantined Modules that operate on sensitive data in sandboxes, and (2) Code that does not operate on sensitive data but orchestrates execution by chaining Quarantined Modules together via taint-tracked opaque handles—references to data that can only be dereferenced inside sandboxes. We studied three existing IoT frameworks to derive key functionality goals for Flow- Fence, and we then ported three existing IoT apps. Securing these apps using FlowFence resulted in an average increase in size from 232 lines to 332 lines of source code. Performance results on ported apps indicate that FlowFence is practical: A face-recognition based doorcontroller app incurred a 4.9% latency overhead to recognize a face and unlock a door.


Thursday August 11, 2016 12:00pm - 12:30pm
Zilker Ballroom 3

12:00pm

Tracing Information Flows Between Ad Exchanges Using Retargeted Ads

Numerous surveys have shown that Web users are concerned about the loss of privacy associated with online tracking. Alarmingly, these surveys also reveal that people are also unaware of the amount of data sharing that occurs between ad exchanges, and thus underestimate the privacy risks associated with online tracking.

In reality, the modern ad ecosystem is fueled by a flow of user data between trackers and ad exchanges. Although recent work has shown that ad exchanges routinely perform cookie matching with other exchanges, these studies are based on brittle heuristics that cannot detect all forms of information sharing, especially under adversarial conditions.

In this study, we develop a methodology that is able to detect client- and server-side flows of information between arbitrary ad exchanges. Our key insight is to leverage retargeted ads as a tool for identifying information flows. Intuitively, our methodology works because it relies on the semantics of how exchanges serve ads, rather than focusing on specific cookie matching mechanisms. Using crawled data on 35,448 ad impressions, we show that our methodology can successfully categorize four different kinds of information sharing behavior between ad exchanges, including cases where existing heuristic methods fail.

We conclude with a discussion of how our findings and methodologies can be leveraged to give users more control over what kind of ads they see and how their information is shared between ad exchanges.


Speakers
WR

William Robertson

Northeastern University
CW

Christo Wilson

Northeastern University


Thursday August 11, 2016 12:00pm - 12:30pm
Zilker Ballroom 2

12:30pm

Lunch (on your own)
Thursday August 11, 2016 12:30pm - 2:00pm
TBA

2:00pm

ARMageddon: Cache Attacks on Mobile Devices

In the last 10 years, cache attacks on Intel x86 CPUs have gained increasing attention among the scientific community and powerful techniques to exploit cache side channels have been developed. However, modern smartphones use one or more multi-core ARM CPUs that have a different cache organization and instruction set than Intel x86 CPUs. So far, no cross-core cache attacks have been demonstrated on non-rooted Android smartphones. In this work, we demonstrate how to solve key challenges to perform the most powerful cross-core cache attacks Prime+Probe,Flush+ReloadEvict+Reload, and Flush+Flush on non-rooted ARM-based devices without any privileges. Based on our techniques, we demonstrate covert channels that outperform state-of-the-art covert channels on Android by several orders of magnitude. Moreover, we present attacks to monitor tap and swipe events as well as keystrokes, and even derive the lengths of words entered on the touchscreen. Eventually, we are the first to attack cryptographic primitives implemented in Java. Our attacks work across CPUs and can even monitor cache activity in the ARM TrustZone from the normal world. The techniques we present can be used to attack hundreds of millions of Android devices.



Speakers

Thursday August 11, 2016 2:00pm - 2:30pm
Zilker Ballroom 2

2:00pm

Stealing Machine Learning Models via Prediction APIs


Machine learning (ML) models may be deemed confidential due to their sensitive training data, commercial value, or use in security applications. Increasingly often, confidential ML models are being deployed with publicly accessible query interfaces. ML-as-a-service (“predictive analytics”) systems are an example: Some allow users to train models on potentially sensitive data and charge others for access on a pay-per-query basis.

The tension between model confidentiality and public access motivates our investigation of model extraction attacks. In such attacks, an adversary with black-box access, but no prior knowledge of an ML model’s parameters or training data, aims to duplicate the functionality of (i.e., “steal”) the model. Unlike in classical learning theory settings, ML-as-a-service offerings may accept partial feature vectors as inputs and include confidence values with predictions. Given these practices, we show simple, efficient attacks that extract target ML models with near-perfect fidelity for popular model classes including logistic regression, neural networks, and decision trees. We demonstrate these attacks against the online services of BigML and Amazon Machine Learning. We further show that the natural countermeasure of omitting confidence values from model outputs still admits potentially harmful model extraction attacks. Our results highlight the need for careful ML model deployment and new model extraction countermeasures.



Thursday August 11, 2016 2:00pm - 2:30pm
Zilker Ballroom 3

2:00pm

The Unfalsifiability of Security Claims
There is an inherent asymmetry in computer security: things can be declared insecure by observation, but not the reverse. There is no test that allows us to declare an arbitrary system or technique secure. This implies that claims of necessary conditions for security are unfalsifiable. This in turn implies an asymmetry in self-correction: while the claim that countermeasures are sufficient can always be refuted, the claim that they are necessary cannot. Thus, we ratchet upward: there are many ways to argue countermeasures in, but no possible observation argues one out. Once we go wrong we stay wrong and errors accumulate. I show that attempts to evade this difficulty lead to dead-ends and then explore implications.

Speakers

Thursday August 11, 2016 2:00pm - 3:30pm
Zilker Ballroom 4

2:30pm

DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks

In cloud computing environments, multiple tenants are often co-located on the same multi-processor system. Thus, preventing information leakage between tenants is crucial. While the hypervisor enforces software isolation, shared hardware, such as the CPU cache or memory bus, can leak sensitive information. For security reasons, shared memory between tenants is typically disabled. Furthermore, tenants often do not share a physical CPU. In this setting, cache attacks do not work and only a slow cross-CPU covert channel over the memory bus is known. In contrast, we demonstrate a high-speed covert channel as well as the first side-channel attack working across processors and without any shared memory. To build these attacks, we use the undocumented DRAM address mappings.

We present two methods to reverse engineer the mapping of memory addresses to DRAM channels, ranks, and banks. One uses physical probing of the memory bus, the other runs entirely in software and is fully automated. Using this mapping, we introduce DRAMA attacks, a novel class of attacks that exploit the DRAM row buffer that is shared, even in multi-processor systems. Thus, our attacks work in the most restrictive environments. First, we build a covert channel with a capacity of up to 2 Mbps, which is three to four orders of magnitude faster than memory-bus-based channels. Second, we build a side-channel template attack that can automatically locate and monitor memory accesses. Third, we show how using the DRAM mappings improves existing attacks and in particular enables practical Rowhammer attacks on DDR4. 1 Introduction



Speakers

Thursday August 11, 2016 2:30pm - 3:00pm
Zilker Ballroom 2

2:30pm

Oblivious Multi-Party Machine Learning on Trusted Processors

Privacy-preserving multi-party machine learning allows multiple organizations to perform collaborative data analytics while guaranteeing the privacy of their individual datasets. Using trusted SGX-processors for this task yields high performance, but requires a careful selection, adaptation, and implementation of machine-learning algorithms to provably prevent the exploitation of any side channels induced by data-dependent access patterns.

We propose data-oblivious machine learning algorithms for support vector machines, matrix factorization, neural networks, decision trees, and k-means clustering. We show that our efficient implementation based on Intel Skylake processors scales up to large, realistic datasets, with overheads several orders of magnitude lower than with previous approaches based on advanced cryptographic multi-party computation schemes.


Speakers
MC

Manuel Costa

Microsoft Research, Cambridge
AM

Aastha Mehta

Max Planck Institute for Software Systems (MPI-SWS)
OO

Olya Ohrimenko

Microsoft Research, Cambridge


Thursday August 11, 2016 2:30pm - 3:00pm
Zilker Ballroom 3

3:00pm

An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries
It is well-known that static disassembly is an unsolved problem, but how much of a problem is it in real software— for instance, for binary protection schemes? This work studies the accuracy of nine state-of-the-art disassemblers on 981 real-world compiler-generated binaries with a wide variety of properties. In contrast, prior work focuses on isolated corner cases; we show that this has led to a widespread and overly pessimistic view on the prevalence of complex constructs like inline data and overlapping code, leading reviewers and researchers to underestimate the potential of binary-based research. On the other hand, some constructs, such as function boundaries, are much harder to recover accurately than is reflected in the literature, which rarely discusses much needed error handling for these primitives. We study 30 papers recently published in six major security venues, and reveal a mismatch between expectations in the literature, and the actual capabilities of modern disassemblers. Our findings help improve future research by eliminating this mismatch.

Speakers

Thursday August 11, 2016 3:00pm - 3:30pm
Zilker Ballroom 2

3:00pm

Thoth: Comprehensive Policy Compliance in Data Retrieval Systems
Data retrieval systems process data from many sources, each subject to its own data use policy. Ensuring compliance with these policies despite bugs, misconfiguration, or operator error in a large, complex, and fast evolving system is a major challenge. Thoth provides an efficient, kernel-level compliance layer for data use policies. Declarative policies are attached to the systems’ input and output files, key-value tuples, and network connections, and specify the data’s integrity and confidentiality requirements. Thoth tracks the flow of data through the system, and enforces policy regardless of bugs, misconfigurations, compromises in application code, or actions by unprivileged operators. Thoth requires minimal changes to an existing system and has modest overhead, as we show using a prototype Thoth-enabled data retrieval system based on the popular Apache Lucene.

Speakers
PD

Peter Druschel

Max Planck Institute for Software Systems (MPI-SWS)
EE

Eslam Elnikety

Max Planck Institute for Software Systems (MPI-SWS)
DG

Deepak Garg

Max Planck Institute for Software Systems (MPI-SWS)
AM

Aastha Mehta

Max Planck Institute for Software Systems (MPI-SWS)
avatar for Anjo Vahldiek-Oberwagner

Anjo Vahldiek-Oberwagner

PhD-Student, Max Planck Institute for Software Systems


Thursday August 11, 2016 3:00pm - 3:30pm
Zilker Ballroom 3

3:30pm

4:00pm

Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage
Apple’s iMessage is one of the most widely-deployed end-to-end encrypted messaging protocols. Despite its broad deployment, the encryption protocols used by iMessage have never been subjected to rigorous cryptanalysis. In this paper, we conduct a thorough analysis of iMessage to determine the security of the protocol against a variety of attacks. Our analysis shows that iMessage has significant vulnerabilities that can be exploited by a sophisticated attacker. In particular, we outline a novel chosen ciphertext attack on Huffman compressed data, which allows retrospectivedecryption of some iMessage payloads in less than 218 queries. The practical implication of these attacks is that any party who gains access to iMessage ciphertexts may potentially decrypt them remotely and after the fact. We additionally describe mitigations that will prevent these attacks on the protocol, without breaking backwards compatibility. Apple has deployed our mitigations in the latest iOS and OS X releases.


Thursday August 11, 2016 4:00pm - 4:30pm
Zilker Ballroom 2

4:00pm

Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software
In this work, we explore the ecosystem of commercial pay-per-install (PPI) and the role it plays in the proliferation of unwanted software. Commercial PPI enables companies to bundle their applications with more popular software in return for a fee, effectively commoditizing access to user devices. We develop an analysis pipeline to track the business relationships underpinning four of the largest commercial PPI networks and classify the software families bundled. In turn, we measure their impact on end users and enumerate the distribution techniques involved. We find that unwanted ad injectors, browser settings hijackers, and “cleanup” utilities dominate the software families buying installs. Developers of these families pay $0.10–$1.50 per install—upfront costs that they recuperate by monetizing users without their consent or by charging exorbitant subscription fees. Based on Google Safe Browsing telemetry, we estimate that PPI networks drive over 60 million download attempts every week—nearly three times that of malware. While anti-virus and browsers have rolled out defenses to protect users from unwanted software, we find evidence that PPI networks actively interfere with or evade detection. Our results illustrate the deceptive practices of some commercial PPI operators that persist today.

Speakers
avatar for Elie Bursztein

Elie Bursztein

Anti-fraud and abuse research team lead, Google
Elie Bursztein leads Google's anti-abuse research, which helps protect users against Internet threats. Elie has contributed to applied-cryptography, machine learning for security, malware understanding, and web security; authoring over fifty research papers in the field for which... Read More →
DM

Damon McCoy

New York University
JP

Jean-Michel Picod

Reverse engineer, Google Switzerland


Thursday August 11, 2016 4:00pm - 4:30pm
Zilker Ballroom 3

4:00pm

Teaching Computer Security: Thoughts from the Field

Many researchers and engineers first learn about computer security in a classroom. In this interactive workshop, four professors will share lessons and opinions about how and when to teach security. What are the “right” security topics to teach? What is the best time in a curriculum to introduce students to security? And must the entire burden of security education fall on the computing disciplines? If you teach (or plan to teach in the future), come participate in this workshop.

David Evans is a Professor of Computer Science at the University of Virginia, where he leads the Security Research Group and teaches courses on just about everything in computing other than computer security. He is the author of anopen computer science textbook, a children's book on combinatorics and computability, and teacher of popular MOOC courses on introductory computer science and applied cryptography. He won the Outstanding Faculty Award from the State Council of Higher Education for Virginia, an All-University Teaching Award, and was Program Co-Chair for the 31st and 32nd IEEE Symposia on Security and Privacy. He has S.B., S.M. and Ph.D. degrees in Computer Science from MIT and has been a faculty member at the University of Virginia since 1999.

Zachary Peterson is an Associate Professor of Computer Science at Cal Poly, San Luis Obispo. He has a passion for creating new ways of engaging students of all ages in computer security, especially through the use of games and play. He has co-created numerous security games, including [d0x3d!], a network security board game, and is the co-founder of ASE, a new USENIX workshop dedicated to making advances in security education. He is the recent recipient of a Fulbright Scholarship which he will use to travel to University College, London, continuing some of his research in the use of digital and non-digital games for teaching computer security concepts to new, young, and non-technical audiences.

Colleen Lewis is a Professor of Computer Science at Harvey Mudd College who specializes in computer science education. Lewis has a Ph.D. in education and a M.S. and B.S. in computer science from the University of California, Berkeley. Her research seeks to identify effective teaching practices for creating equitable learning spaces where all students have the opportunity to learn. Lewis curates CSTeachingTips.org, an NSF-sponsored project for disseminating effective computer science teaching practices.

Tadayoshi Kohno is the Short-Dooley Professor of Computer Science & Engineering at the University of Washington, an Adjunct Associate Professor in the UW Electrical Engineering Department, and an Adjunct Associate Professor in the UW Information School. His research focuses on helping protect the security, privacy, and safety of users of current and future generation technologies. Kohno is the recipient of an Alfred P. Sloan Research Fellowship, a U.S. National Science Foundation CAREER Award, and a Technology Review TR-35 Young Innovator Award. Kohno has presented his research to the U.S. House of Representatives, has had his research profiled in the NOVA ScienceNOW "Can Science Stop Crime?" documentary and the NOVA "CyberWar Threat" documentary, and is a past chair of the USENIX Security Symposium. Kohno is also an alumnus of the U.S. Government’s Defense Science Study Group and a member of the National Academies Forum on Cyber Resilience, the IEEE Center for Secure Design, and the USENIX Security Steering Committee. Kohno received his Ph.D. from the University of California at San Diego.



Thursday August 11, 2016 4:00pm - 6:00pm
Zilker Ballroom 3

4:30pm

Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services

Potentially unwanted programs (PUP) such as adware and rogueware, while not outright malicious, exhibit intrusive behavior that generates user complaints and makes security vendors flag them as undesirable. PUP has been little studied in the research literature despite recent indications that its prevalence may have surpassed that of malware.

In this work we perform the first systematic study of PUP prevalence and its distribution through pay-perinstall (PPI) services, which link advertisers that want to promote their programs with affiliate publishers willing to bundle their programs with offers for other software. Using AV telemetry information comprising of 8 billion events on 3.9 million real hosts during a 19 month period, we discover that over half (54%) of the examined hosts have PUP installed. PUP publishers are highly popular, e.g., the top two PUP publishers rank 15 and 24 amongst all software publishers (benign and PUP). Furthermore, we analyze the who-installs-who relationships, finding that 65% of PUP downloads are performed by other PUP and that 24 PPI services distribute over a quarter of all PUP. We also examine the top advertiser programs distributed by the PPI services, observing that they are dominated by adware running in the browser (e.g., toolbars, extensions) and rogueware. Finally, we investigate the PUP-malware relationships in the form of malware installations by PUP and PUP installations by malware. We conclude that while such events exist, PUP distribution is largely disjoint from malware distribution.


Speakers
JC

Juan Caballero (IMDEA Software Institute)

Juan Caballero is an Associate Research Professor at the IMDEA Software Institute in Madrid, Spain. His research focuses on security issues in systems, software, and networks. He received his Ph.D. in Electrical and Computer Engineering from Carnegie Mellon University, USA. His research... Read More →


Thursday August 11, 2016 4:30pm - 5:00pm
Zilker Ballroom 3

4:30pm

Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys

We analyze the generation and management of 802.11 group keys. These keys protect broadcast and multicast Wi-Fi traffic. We discovered several issues and illustrate their importance by decrypting all group (and unicast) traffic of a typical Wi-Fi network.

First we argue that the 802.11 random number generator is flawed by design, and provides an insufficient amount of entropy. This is confirmed by predicting randomly generated group keys on several platforms. We then examine whether group keys are securely transmitted to clients. Here we discover a downgrade attack that forces usage of RC4 to encrypt the group key when transmitted in the 4-way handshake. The per-message RC4 key is the concatenation of a public 16-byte initialization vector with a secret 16-byte key, and the first 256 keystream bytes are dropped. We study this peculiar usage of RC4, and find that capturing 231 handshakes can be sufficient to recover (i.e., decrypt) a 128-bit group key. We also examine whether group traffic is properly isolated from unicast traffic. We find that this is not the case, and show that the group key can be used to inject and decrypt unicast traffic. Finally, we propose and study a new random number generator tailored for 802.11 platforms.


Moderators
Speakers
avatar for Frank Piessens

Frank Piessens

Full professor, imec-DistriNet, KU Leuven
Frank Piessens is a professor at the Department of Computer Science of the KU Leuven, Belgium. His research interests lie in software security, including security in operating systems and middleware, architectures, applications, Java and .NET, and software interfaces to security technologies. He... Read More →


Thursday August 11, 2016 4:30pm - 5:00pm
Zilker Ballroom 2

5:00pm

DROWN: Breaking TLS Using SSLv2

We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections.

We introduce two versions of the attack. The more general form exploits multiple unnoticed protocol flaws in SSLv2 to develop a new and stronger variant of the Bleichenbacher RSA padding-oracle attack. To decrypt a 2048-bit RSA TLS ciphertext, an attacker must observe 1,000 TLS handshakes, initiate 40,000 SSLv2 connections, and perform 250 offline work. The victim client never initiates SSLv2 connections. We implemented the attack and can decrypt a TLS 1.2 handshake using 2048- bit RSA in under 8 hours, at a cost of $440 on Amazon EC2. Using Internet-wide scans, we find that 33% of all HTTPS servers and 22% of those with browser-trusted certificates are vulnerable to this protocol-level attack due to widespread key and certificate reuse.

For an even cheaper attack, we apply our new techniques together with a newly discovered vulnerability in OpenSSL that was present in releases from 1998 to early 2015. Given an unpatched SSLv2 server to use as an oracle, we can decrypt a TLS ciphertext in one minute on a single CPU—fast enough to enable man-in-the-middle attacks against modern browsers. We find that 26% of HTTPS servers are vulnerable to this attack.

We further observe that the QUIC protocol is vulnerable to a variant of our attack that allows an attacker to impersonate a server indefinitely after performing as few as 217 SSLv2 connections and 258 offline work.

We conclude that SSLv2 is not only weak, but actively harmful to the TLS ecosystem.


Moderators
Speakers
avatar for J. Alex Halderman

J. Alex Halderman

Director, University of Michigan, Ann Arbor
His research focuses on computer security and privacy, with an emphasis on problems that broadly impact society and public policy. Topics that interest him include software security, network security, data privacy, anonymity, electronic voting, censorship resistance, computer... Read More →
EK

Emilia Kasper

Senior Software Engineer, Google
CP

Christof Paar

Ruhr-University Bochum
SS

Sebastian Schinzel

Münster University of Applied Sciences
avatar for Juraj Somorovsky

Juraj Somorovsky

Security Consultant, Ruhr-University Bochum
Juraj Somorovsky finished his PhD in the area of XML Security in 2013. In his thesis „On the Insecurity of XML Security“ he analyzes various attacks on Web Services and presents practical countermeasures against these attacks, which were applied in XML Security specifications... Read More →


Thursday August 11, 2016 5:00pm - 5:30pm
Zilker Ballroom 2

5:00pm

UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware

Although the concept of ransomware is not new (i.e., such attacks date back at least as far as the 1980s), this type of malware has recently experienced a resurgence in popularity. In fact, in the last few years, a number of high-profile ransomware attacks were reported, such as the large-scale attack against Sony that prompted the company to delay the release of the film “The Interview.” Ransomware typically operates by locking the desktop of the victim to render the system inaccessible to the user, or by encrypting, overwriting, or deleting the user’s files. However, while many generic malware detection systems have been proposed, none of these systems have attempted to specifically address the ransomware detection problem.

In this paper, we present a novel dynamic analysis system called UNVEIL that is specifically designed to detect ransomware. The key insight of the analysis is that in order to mount a successful attack, ransomware must tamper with a user’s files or desktop. UNVEIL automatically generates an artificial user environment, and detects when ransomware interacts with user data. In parallel, the approach tracks changes to the system’s desktop that indicate ransomware-like behavior. Our evaluation shows that UNVEIL significantly improves the state of the art, and is able to identify previously unknown evasive ransomware that was not detected by the antimalware industry.



Thursday August 11, 2016 5:00pm - 5:30pm
Zilker Ballroom 3

5:30pm

All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption

The goal of searchable encryption (SE) is to enable a client to execute searches over encrypted files stored on an untrusted server while ensuring some measure of privacy for both the encrypted files and the search queries. Most recent research has focused on developing efficient SE schemes at the expense of allowing some small, wellcharacterized “(information) leakage” to the server about the files and/or the queries. The practical impact of this leakage, however, remains unclear.

We thoroughly study file-injection attacks—in which the server sends files to the client that the client then encrypts and stores—on the query privacy of singlekeyword and conjunctive SE schemes. We show such attacks can reveal the client’s queries in their entirety using very few injected files, even for SE schemes having low leakage. We also demonstrate that natural countermeasures for preventing file-injection attacks can be easily circumvented. Our attacks outperform prior work significantly in terms of their effectiveness as well as in terms of their assumptions about the attacker’s prior knowledge.



Thursday August 11, 2016 5:30pm - 6:00pm
Zilker Ballroom 2

5:30pm

Towards Measuring and Mitigating Social Engineering Software Download Attacks

Most modern malware infections happen through the browser, typically as the result of a drive-by or social engineering attack. While there have been numerous studies on measuring and defending against drive-by downloads, little attention has been dedicated to studying social engineering attacks.

In this paper, we present the first systematic study of web-based social engineering (SE) attacks that successfully lure users into downloading malicious and unwanted software. To conduct this study, we collect and reconstruct more than two thousand examples of in-thewild SE download attacks from live network traffic. Via a detailed analysis of these attacks, we attain the following results: (i) we develop a categorization system to identify and organize the tactics typically employed by attackers to gain the user’s attention and deceive or persuade them into downloading malicious and unwanted applications; (ii) we reconstruct the web path followed by the victims and observe that a large fraction of SE download attacks are delivered via online advertisement, typically served from “low tier” ad networks; (iii) we measure the characteristics of the network infrastructure used to deliver such attacks and uncover a number of features that can be leveraged to distinguish between SE and benign (or non-SE) software downloads.


Speakers
avatar for Mustaque Ahamad

Mustaque Ahamad

Professor, Georgia Institute of Technology (Organization)
Mustaque Ahamad is a professor of Computer Science at the Georgia Institute of Technology. He served as director of the Georgia Tech Information Security Center from 2004-2012. His research interests include cyber security and distributed systems. He co-founded Pindrop Security and... Read More →
avatar for Manos Antonakakis

Manos Antonakakis

Assistant Professor, Georgia Institute of Technology
RP

Roberto Perdisci

See at http://roberto.perdisci.com/


Thursday August 11, 2016 5:30pm - 6:00pm
Zilker Ballroom 3

6:30pm

USENIX Security '16 Poster Session and Happy Hour
Check out the cool new ideas and the latest preliminary research on display at the Poster Session and Happy Hour. Take part in discussions with your colleagues over complimentary drinks and snacks. The list of accepted posters is now available.

Thursday August 11, 2016 6:30pm - 8:00pm
Zilker Ballroom 1

8:00pm

USENIX Security '16 Doctoral Colloquium

Moderator: Jaeyeon Jung, Microsoft Research
Panelists: Úlfar Erlingsson, Google; Rachel Greenstadt, Drexel University; Martin Johns, SAP; Thomas Ristenpart,Cornell Tech

What opportunities await security students graduating with a Ph.D.? On Thursday evening, students will have the opportunity to listen to informal panels of faculty and industrial researchers providing personal perspectives on their post-Ph.D. career search. Learn about the academic job search, the industrial research job search, research fundraising, dual-career challenges, life uncertainty, and other idiosyncrasies of the ivory tower. If you would like to speak in the Doctoral Colloquium, please email sec16dc@usenix.org.


Thursday August 11, 2016 8:00pm - 10:00pm
Zilker Ballroom 2

8:00pm

Birds-of-a-Feather Sessions (BoFs)

View the current schedule and scheduling instructions on the USENIX Security '16 BoFs page.


Thursday August 11, 2016 8:00pm - 11:00pm
TBA
 
Friday, August 12
 

7:30am

8:30am

Daily Lightning Talks
We begin each day with a lightning talks session, offering a 60-second preview of the papers to be presented on the day. For authors, it’s an opportunity to provide more reasons why people should come to your talk. For attendees, it’s an opportunity to hear an elevator pitch for the papers you will have to miss today.

Friday August 12, 2016 8:30am - 9:00am
Zilker Ballroom 2–4

9:00am

fTPM: A Software-Only Implementation of a TPM Chip

Commodity CPU architectures, such as ARM and Intel CPUs, have started to offer trusted computing features in their CPUs aimed at displacing dedicated trusted hardware. Unfortunately, these CPU architectures raise serious challenges to building trusted systems because they omit providing secure resources outside the CPU perimeter.

This paper shows how to overcome these challenges to build software systems with security guarantees similar to those of dedicated trusted hardware. We present the design and implementation of a firmware-based TPM 2.0 (fTPM) leveraging ARM TrustZone. Our fTPM is the reference implementation of a TPM 2.0 used in millions of mobile devices. We also describe a set of mechanisms needed for the fTPM that can be useful for building more sophisticated trusted applications beyond just a TPM.



Friday August 12, 2016 9:00am - 9:30am
Zilker Ballroom 3

9:00am

Specification Mining for Intrusion Detection in Networked Control Systems
This paper discusses a novel approach to specification-based intrusion detection in the field of networked control systems. Our approach reduces the substantial human effort required to deploy a specification-based intrusion detection system by automating the development of its specification rules. We observe that networked control systems often include comprehensive documentation used by operators to manage their infrastructures. Our approach leverages the same documentation to automatically derive the specification rules and continuously monitor network traffic. In this paper, we implement this approach for BACnet-based building automation systems and test its effectiveness against two real infrastructures deployed at the University of Twente and the Lawrence Berkeley National Laboratory (LBNL). Our implementation successfully identifies process control mistakes and potentially dangerous misconfigurations. This confirms the need for an improved monitoring of networked control system infrastructures.

Speakers
FK

Frank Kargl

Institute of Distributed Systems, Ulm University


Friday August 12, 2016 9:00am - 9:30am
Zilker Ballroom 2

9:00am

Finding and Fixing Security Bugs in Flash

Over the past couple of years, Adobe Flash has been repeatedly targeted by attackers in the wild. Despite an increasing number of bug fixes and mitigations implemented in the software, previously unknown 0-day vulnerabilities continue to be uncovered and used by malicious attackers. This presentation describes my team's work to reduce the number and impact of 0-day vulnerabilities in Adobe Flash.

It will start with an overview of how attackers have targeted Flash in the past, and then explain how some of the most common types of bugs work. It will then discuss how we find similar vulnerabilities. It will go through some examples of typical, and less typical bugs, showing how they violate the assumptions made by Flash Player, and how they can be exploited. This talk will also discuss recent Flash and platform mitigations, and how they impact the severity and discoverability of security bugs.

Natalie Silvanovich is a security researcher on Google Project Zero. She has spent the last seven years working in mobile security, both finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets, and has spoken at several conferences on the subject of Tamagotchi hacking. She is actively involved in hackerspaces and is a founding member of Kwartzlab Makerspace in Kitchener, Ontario, Canada.




Friday August 12, 2016 9:00am - 10:30am
Zilker Ballroom 4

9:30am

Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants
New and unseen polymorphic malware, zero-day attacks, or other types of advanced persistent threats are usually not detected by signature-based security devices, firewalls, or anti-viruses. This represents a challenge to the network security industry as the amount and variability of incidents has been increasing. Consequently, this complicates the design of learning-based detection systems relying on features extracted from network data. The problem is caused by different joint distribution of observation (features) and labels in the training and testing data sets. This paper proposes a classification system designed to detect both known as well as previouslyunseen security threats. The classifiers use statistical feature representation computed from the network traffic and learn to recognize malicious behavior. The representation is designed and optimized to be invariant to the most common changes of malware behaviors. This is achieved in part by a feature histogram constructed for each group of HTTP flows (proxy log records) of a user visiting a particular hostname and in part by a feature self-similarity matrix computed for each group. The parameters of the representation (histogram bins) are optimized and learned based on the training samples along with the classifiers. The proposed classification system was deployed on large corporate networks, where it detected 2,090 new and unseen variants of malware samples with 90% precision (9 of 10 alerts were malicious), which is a considerable improvement when compared to the current flow-based approaches or existing signaturebased web security devices.


Friday August 12, 2016 9:30am - 10:00am
Zilker Ballroom 2

9:30am

Sanctum: Minimal Hardware Extensions for Strong Software Isolation

Sanctum offers the same promise as Intel’s Software Guard Extensions (SGX), namely strong provable isolation of software modules running concurrently and sharing resources, but protects against an important class of additional software attacks that infer private information from a program’s memory access patterns. Sanctum shuns unnecessary complexity, leading to a simpler security analysis. We follow a principled approach to eliminating entire attack surfaces through isolation, rather than plugging attack-specific privacy leaks. Most of Sanctum’s logic is implemented in trusted software, which does not perform cryptographic operations using keys, and is easier to analyze than SGX’s opaque microcode, which does.

Our prototype targets a Rocket RISC-V core, an open implementation that allows any researcher to reason about its security properties. Sanctum’s extensions can be adapted to other processor cores, because we do not change any major CPU building block. Instead, we add hardware at the interfaces between generic building blocks, without impacting cycle time.

Sanctum demonstrates that strong software isolation is achievable with a surprisingly small set of minimally invasive hardware changes, and a very reasonable overhead.



Friday August 12, 2016 9:30am - 10:00am
Zilker Ballroom 3

10:00am

Ariadne: A Minimal Approach to State Continuity

Protected-module architectures such as Intel SGX provide strong isolation guarantees to sensitive parts of applications while the system is up and running. Unfortunately systems in practice crash, go down for reboots or lose power at unexpected moments in time. To deal with such events, additional security measures need to be taken to guarantee that stateful modules will either recover their state from the last stored state, or fail-stop on detection of tampering with that state. More specifically, protected-module architectures need to provide a security primitive that guarantees that (1) attackers cannot present a stale state as being fresh (i.e. rollback protection), (2) once a module accepted a specific input, it will continue execution on that input or never advance, and (3) an unexpected loss of power must never leave the system in a state from which it can never resume execution (i.e. liveness guarantee).

We propose Ariadne, a solution to the state-continuity problem that achieves the theoretical lower limit of requiring only a single bit flip of non-volatile memory per state update. Ariadne can be easily adapted to the platform at hand. In low-end devices where non-volatile memory may wear out quickly and the bill of materials (BOM) needs to be minimized, Ariadne can take optimal use of non-volatile memory. On SGX-enabled processors, Ariadne can be readily deployed to protect stateful modules (e.g., as used by Haven and VC3).


Speakers
avatar for Frank Piessens

Frank Piessens

Full professor, imec-DistriNet, KU Leuven
Frank Piessens is a professor at the Department of Computer Science of the KU Leuven, Belgium. His research interests lie in software security, including security in operating systems and middleware, architectures, applications, Java and .NET, and software interfaces to security technologies. He... Read More →
RS

Raoul Strackx

imec-DistriNet, KU Leuven


Friday August 12, 2016 10:00am - 10:30am
Zilker Ballroom 3

10:00am

Authenticated Network Time Synchronization

The Network Time Protocol (NTP) is used by many network-connected devices to synchronize device time with remote servers. Many security features depend on the device knowing the current time, for example in deciding whether a certificate is still valid. Currently, most services implement NTP without authentication, and the authentication mechanisms available in the standard have not been formally analyzed, require a pre-shared key, or are known to have cryptographic weaknesses. In this paper we present an authenticated version of NTP, called ANTP, to protect against desynchronization attacks. To make ANTP suitable for large-scale deployments, it is designed to minimize server-side public key operations by infrequently performing a key exchange using public key cryptography, then relying solely on symmetric cryptography for subsequent time synchronization requests; moreover, it does so without requiring server-side per-connection state. Additionally, ANTP ensures that authentication does not degrade accuracy of time synchronization. We measured the performance of ANTP by implementing it in OpenNTPD using OpenSSL. Compared to plain NTP, ANTP’s symmetric crypto reduces the server throughput (connections/second) for time synchronization requests by a factor of only 1.6. We analyzed the security of ANTP using a novel provable security framework that involves adversary control of time, and show that ANTP achieves secure time synchronization under standard cryptographic assumptions; our framework may also be used to analyze other candidates for securing NTP.

Keywords: time synchronization, Network Time Protocol (NTP), provable security, network security


Speakers
GZ

Greg Zaverucha

Software Engineer, Microsoft
Greg is a software engineer in the MSR Security and Cryptography group at Microsoft. He performs research in applied cryptography, implements cryptographic primitives, and helps product teams use cryptography securely. Prior to joining Microsoft, Greg worked on applied research, standardization... Read More →


Friday August 12, 2016 10:00am - 10:30am
Zilker Ballroom 2

10:30am

11:00am

OblivP2P: An Oblivious Peer-to-Peer Content Sharing System

Peer-to-peer (P2P) systems are predominantly used to distribute trust, increase availability and improve performance. A number of content-sharing P2P systems, for file-sharing applications (e.g., BitTorrent and Storj) and more recent peer-assisted CDNs (e.g., Akamai Netsession), are finding wide deployment. A major security concern with content-sharing P2P systems is the risk of long-term traffic analysis—a widely accepted challenge with few known solutions.

In this paper, we propose a new approach to protecting against persistent, global traffic analysis in P2P contentsharing systems. Our approach advocates for hiding data access patterns, making P2P systems oblivious. We propose OBLIVP2P— a construction for a scalable distributed ORAM protocol, usable in a real P2P setting. Our protocol achieves the following results. First, we show that our construction retains the (linear) scalability of the original P2P network w.r.t the number of peers. Second, our experiments simulating about 16,384 peers on 15 Deterlab nodes can process up to 7 requests of 512KB each per second, suggesting usability in moderately latency-sensitive applications as-is. The bottlenecks remaining are purely computational (not bandwidth). Third, our experiments confirm that in our construction, no centralized infrastructure is a bottleneck — essentially, ensuring that the network and computational overheads can be completely offloaded to the P2P network. Finally, our construction is highly parallelizable, which implies that remaining computational bottlenecks can be drastically reduced if OBLIVP2P is deployed on a network with many real machines.


Moderators
Speakers

Friday August 12, 2016 11:00am - 11:30am
Zilker Ballroom 3

11:00am

The Million-Key Question—Investigating the Origins of RSA Public Keys

Can bits of an RSA public key leak information about design and implementation choices such as the prime generation algorithm? We analysed over 60 million freshly generated key pairs from 22 open- and closedsource libraries and from 16 different smartcards, revealing significant leakage. The bias introduced by different choices is sufficiently large to classify a probable library or smartcard with high accuracy based only on the values of public keys. Such a classification can be used to decrease the anonymity set of users of anonymous mailers or operators of linked Tor hidden services, to quickly detect keys from the same vulnerable library or to verify a claim of use of secure hardware by a remote party. The classification of the key origins of more than 10 million RSA-based IPv4 TLS keys and 1.4 million PGP keys also provides an independent estimation of the libraries that are most commonly used to generate the keys found on the Internet.

Our broad inspection provides a sanity check and deep insight regarding which of the recommendations for RSA key pair generation are followed in practice, including closed-source libraries and smartcards.




Friday August 12, 2016 11:00am - 11:30am
Zilker Ballroom 2

11:00am

Report from the Field: A CDN's Role in Repelling Attacks against Banking Industry Web Sites

This talk describes several types of attacks aimed at content delivery networks (CDNs) and their customers, along with strategies for mitigating these attacks. The attacks range from simple but large-scale denial-of-service attacks, to efforts to deface web sites, to click fraud. The talk presents examples of real attack campaigns, and analyzes the effectiveness of the CDN operated by Akamai Technologies in protecting its customers from them.

Bruce Maggs received the S.B., S.M., and Ph.D. degrees in computer science from the Massachusetts Institute of Technology in 1985, 1986, and 1989, respectively. His advisor was Charles Leiserson. After spending one year as a Postdoctoral Associate at MIT, he worked as a Research Scientist at NEC Research Institute in Princeton from 1990 to 1993. In 1994, he moved to Carnegie Mellon, where he stayed until joining Duke University in 2009 as a Professor in the Department of Computer Science. While on a two-year leave-of-absence from Carnegie Mellon, Maggs helped to launch Akamai Technologies, serving as its first Vice President for Research and Development. He retains a part-time role at Akamai as Vice President for Research.


Speakers

Friday August 12, 2016 11:00am - 12:30pm
Zilker Ballroom 4

11:30am

AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice Channels

Telephones remain a trusted platform for conducting some of our most sensitive exchanges. From banking to taxes, wide swathes of industry and government rely on telephony as a secure fall-back when attempting to confirm the veracity of a transaction. In spite of this, authentication is poorly managed between these systems, and in the general case it is impossible to be certain of the identity (i.e., Caller ID) of the entity at the other end of a call. We address this problem with AuthLoop, the first system to provide cryptographic authentication solely within the voice channel. We design, implement and characterize the performance of an in-band modem for executing a TLS-inspired authentication protocol, and demonstrate its abilities to ensure that the explicit single-sided authentication procedures pervading the web are also possible on all phones. We show experimentally that this protocol can be executed with minimal computational overhead and only a few seconds of user time (≈9 instead of ≈97 seconds for a naïve implementation of TLS 1.2) over heterogeneous networks. In so doing, we demonstrate that strong end-to-end validation of Caller ID is indeed practical for all telephony networks.



Moderators
Speakers
LB

Logan Blue

University of Florida
BR

Bradley Reaves

North Carolina State University
PT

Patrick Traynor

University of Florida


Friday August 12, 2016 11:30am - 12:00pm
Zilker Ballroom 3

11:30am

Fingerprinting Electronic Control Units for Vehicle Intrusion Detection
As more software modules and external interfaces are getting added on vehicles, new attacks and vulnerabilities are emerging. Researchers have demonstrated how to compromise in-vehicle Electronic Control Units (ECUs) and control the vehicle maneuver. To counter these vulnerabilities, various types of defense mechanisms have been proposed, but they have not been able to meet the need of strong protection for safety-critical ECUs against in-vehicle network attacks. To mitigate this deficiency, we propose an anomaly-based intrusion detection system (IDS), called Clock-based IDS(CIDS). It measures and then exploits the intervals of periodic in-vehicle messages for fingerprinting ECUs. The thusderived fingerprints are then used for constructing a baseline of ECUs’ clock behaviors with the Recursive Least Squares (RLS) algorithm. Based on this baseline, CIDS uses Cumulative Sum (CUSUM) to detect any abnormal shifts in the identification errors — a clear sign of intrusion. This allows quick identification of in-vehicle network intrusions with a low false-positive rate of 0.055%. Unlike state-of-the-art IDSs, if an attack is detected, CIDS’s fingerprinting of ECUs also facilitates a rootcause analysis; identifying which ECU mounted the attack. Our experiments on a CAN bus prototype and on real vehicles have shown CIDS to be able to detect a wide range of in-vehicle network attacks.


Friday August 12, 2016 11:30am - 12:00pm
Zilker Ballroom 2

12:00pm

12:00pm

You Are Who You Know and How You Behave: Attribute Inference Attacks via Users' Social Friends and Behaviors

We propose new privacy attacks to infer attributes (e.g., locations, occupations, and interests) of online social network users. Our attacks leverage seemingly innocent user information that is publicly available in online social networks to infer missing attributes of targeted users. Given the increasing availability of (seemingly innocent) user information online, our results have serious implications for Internet privacy – private attributes can be inferred from users’ publicly available data unless we take steps to protect users from such inference attacks.

To infer attributes of a targeted user, existing inference attacks leverage either the user’s publicly available social friends or the user’s behavioral records (e.g., the webpages that the user has liked on Facebook, the apps that the user has reviewed on Google Play), but not both. As we will show, such inference attacks achieve limited success rates. However, the problem becomes qualitatively different if we consider both social friends and behavioral records. To address this challenge, we develop a novel model to integrate social friends and behavioral records and design new attacks based on our model. We theoretically and experimentally demonstrate the effectiveness of our attacks. For instance, we observe that, in a real-world large-scale dataset with 1.1 million users, our attack can correctly infer the cities a user lived in for 57% of the users; via confidence estimation, we are able to increase the attack success rate to over 90% if the attacker selectively attacks a half of the users. Moreover, we show that our attack can correctly infer attributes for significantly more users than previous attacks.



Friday August 12, 2016 12:00pm - 12:30pm
Zilker Ballroom 3

12:30pm

Lunch (on your own)
Friday August 12, 2016 12:30pm - 2:00pm
TBA

2:00pm

2:00pm

Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud

Proofs of Retrievability (POR) and Data Possession (PDP) are cryptographic protocols that enable a cloud provider to prove that data is correctly stored in the cloud. PDP have been recently extended to enable users to check in a single protocol that additional file replicas are stored as well. To conduct multi-replica PDP, users are however required to process, construct, and upload their data replicas by themselves. This incurs additional bandwidth overhead on both the service provider and the user and also poses new security risks for the provider. Namely, since uploaded files are typically encrypted, the provider cannot recognize if the uploaded content are indeed replicas. This limits the business models available to the provider, since e.g., reduced costs for storing replicas can be abused by users who upload different files—while claiming that they are replicas.

In this paper, we address this problem and propose a novel solution for proving data replication and retrievability in the cloud, Mirror, which allows to shift the burden of constructing replicas to the cloud provider itself—thus conforming with the current cloud model. We show that Mirror is secure against malicious users and a rational cloud provider. Finally, we implement a prototype based on Mirror, and evaluate its performance in a realistic cloud setting. Our evaluation results show that our proposal incurs tolerable overhead on the users and the cloud provider.



Friday August 12, 2016 2:00pm - 2:30pm
Zilker Ballroom 3

2:00pm

AMD x86 Memory Encryption Technologies

This talk will introduce the audience to two new x86 ISA features developed by AMD which will provide new security enhancements by leveraging integrated memory encryption hardware. These features provide the ability to selectively encrypt some or all of system memory as well as the ability to run encrypted virtual machines, isolated from the hypervisor. The talk will cover technical details related to these features, including the ISA changes, security benefits, key management framework, and practical enablement.

The main objective of the talk is to educate the audience on the design and use of these features which are the first general-purpose memory encryption features to be integrated into the x86 architecture.

David Kaplan is a PMTS Security Architect at AMD who focuses on developing new security technologies across the AMD product line as part of the Security Architecture Research and Development center. He is the lead architect for the AMD memory encryption features and has worked on both CPU and SOC level security features for the last 4 years. David has over 9 years of experience at AMD with a background in x86 CPU development and has filed over 30 patents in his career so far.


Speakers

Friday August 12, 2016 2:00pm - 3:30pm
Zilker Ballroom 4

2:30pm

Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification

Large-scale discovery of thousands of vulnerableWeb sites has become a frequent event, thanks to recent advances in security research and the rise in maturity of Internet-wide scanning tools. The issues related to disclosing the vulnerability information to the affected parties, however, have only been treated as a side note in prior research.

In this paper, we systematically examine the feasibility and efficacy of large-scale notification campaigns. For this, we comprehensively survey existing communication channels and evaluate their usability in an automated notification process. Using a data set of over 44,000 vulnerable Web sites, we measure success rates, both with respect to the total number of fixed vulnerabilities and to reaching responsible parties, with the following highlevel results: Although our campaign had a statistically significant impact compared to a control group, the increase in the fix rate of notified domains is marginal.

If a notification report is read by the owner of the vulnerable application, the likelihood of a subsequent resolution of the issues is sufficiently high: about 40%. But, out of 35,832 transmitted vulnerability reports, only 2,064 (5.8%) were actually received successfully, resulting in an unsatisfactory overall fix rate, leaving 74.5% ofWeb applications exploitable after our month-long experiment. Thus, we conclude that currently no reliable notification channels exist, which significantly inhibits the success and impact of large-scale notification.


Speakers
avatar for Martin Johns

Martin Johns

Research Expert, SAP SE
Dr. Martin Johns is a research expert in the Security and Trust group within SAP SE, where he leads the Web application security team. Before joining SAP, Martin studied Mathematics and Computer Science at the Universities of Hamburg, Santa Cruz (CA), and Passau. During the 1990s... Read More →
avatar for Ben Stock

Ben Stock

CISPA, Saarland University
Dr.-Ing. Ben Stock is a postdoctoral researcher at the Center for IT-Security, Privacy, and Accountability at Saarland University. Prior to that, Ben finished his PhD at the University in Erlangen, researching the specifics of Client-Side Cross-Site Scripting. His research was published... Read More →


Friday August 12, 2016 2:30pm - 3:00pm
Zilker Ballroom 2

2:30pm

ZKBoo: Faster Zero-Knowledge for Boolean Circuits

In this paper we describe ZKBoo, a proposal for practically efficient zero-knowledge arguments especially tailored for Boolean circuits and report on a proof-ofconcept implementation. As an highlight, we can generate (resp. verify) a non-interactive proof for the SHA-1 circuit in approximately 13ms (resp. 5ms), with a proof size of 444KB.

Our techniques are based on the “MPC-in-the-head” approach to zero-knowledge of Ishai et al. (IKOS), which has been successfully used to achieve significant asymptotic improvements. Our contributions include:

  • A thorough analysis of the different variants of IKOS, which highlights their pros and cons for practically relevant soundness parameters;
  • A generalization and simplification of their approach, which leads to faster ∑-protocols (that can be made non-interactive using the Fiat-Shamir heuristic) for statements of the form “I know x such that y = Ø(x)” (where Ø is a circuit and y a public value);
  • A case study, where we provide explicit protocols, implementations and benchmarking of zero-knowledge protocols for the SHA-1 and SHA-256 circuits.


Friday August 12, 2016 2:30pm - 3:00pm
Zilker Ballroom 3

3:00pm

The Cut-and-Choose Game and Its Application to Cryptographic Protocols

The cut-and-choose technique plays a fundamental role in cryptographic-protocol design, especially for secure two-party computation in the malicious model. The basic idea is that one party constructs n versions of a message in a protocol (e.g., garbled circuits); the other party randomly checks some of them and uses the rest of them in the protocol. Most existing uses of cut-and-choose fix in advance the number of objects to be checked and in optimizing this parameter they fail to recognize the fact that checking and evaluating may have dramatically different costs.

In this paper, we consider a refined cost model and formalize the cut-and-choose parameter selection problem as a constrained optimization problem. We analyze “cut-and-choose games” and show equilibrium strategies for the parties in these games. We then show how our methodology can be applied to improve the efficiency of three representative categories of secure-computation protocols based on cut-and-choose. We show improvements of up to an-order-of-magnitude in terms of bandwidth, and 12–106% in terms of total time. Source code of our game solvers is available to download at https://github.com/cut-n-choose.




Friday August 12, 2016 3:00pm - 3:30pm
Zilker Ballroom 3

3:00pm

You've Got Vulnerability: Exploring Effective Vulnerability Notifications

Security researchers can send vulnerability notifications to take proactive measures in securing systems at scale. However, the factors affecting a notification’s efficacy have not been deeply explored. In this paper, we report on an extensive study of notifying thousands of parties of security issues present within their networks, with an aim of illuminating which fundamental aspects of notifications have the greatest impact on efficacy. The vulnerabilities used to drive our study span a range of protocols and considerations: exposure of industrial control systems; apparent firewall omissions for IPv6-based services; and exploitation of local systems in DDoS amplification attacks. We monitored vulnerable systems for several weeks to determine their rate of remediation. By comparing with experimental controls, we analyze the impact of a number of variables: choice of party to contact (WHOIS abuse contacts versus national CERTs versus US-CERT), message verbosity, hosting an information website linked to in the message, and translating the message into the notified party’s local language. We also assess the outcome of the emailing process itself (bounces, automated replies, human replies, silence) and characterize the sentiments and perspectives expressed in both the human replies and an optional anonymous survey that accompanied our notifications.

We find that various notification regimens do result in different outcomes. The best observed process was directly notifying WHOIS contacts with detailed information in the message itself. These notifications had a statistically significant impact on improving remediation, and human replies were largely positive. However, the majority of notified contacts did not take action, and even when they did, remediation was often only partial. Repeat notifications did not further patching. These results are promising but ultimately modest, behooving the security community to more deeply investigate ways to improve the effectiveness of vulnerability notifications.


Speakers
MB

Michael Bailey

University of Illinois, Urbana-Champaign
Michael Bailey is an associate professor of electrical and computer engineering. His research interests lie in the areas of the security and availability of complex distributed systems. His work informs both the development of such systems as well as the sciences of computer security... Read More →
ZD

Zakir Durumeric

University of Michigan, Ann Arbor
FL

Frank Li

UC Berkeley
DM

Damon McCoy

New York University
SS

Stefan Savage

UCSD
http://cseweb.ucsd.edu/~savage/


Friday August 12, 2016 3:00pm - 3:30pm
Zilker Ballroom 2

3:30pm

4:00pm

Identifying and Characterizing Sybils in the Tor Network
Being a volunteer-run, distributed anonymity network, Tor is vulnerable to Sybil attacks. Little is known about real-world Sybils in the Tor network, and we lack practical tools and methods to expose Sybil attacks. In this work, we developsybilhunter, a system for detecting Sybil relays based on their appearance, such as configuration; and behavior, such as uptime sequences. We used sybilhunter’s diverse analysis techniques to analyze nine years of archived Tor network data, providing us with new insights into the operation of real-world attackers. Our findings include diverse Sybils, ranging from botnets, to academic research, and relays that hijacked Bitcoin transactions. Our work shows that existing Sybil defenses do not apply to Tor, it delivers insights into realworld attacks, and provides practical tools to uncover and characterize Sybils, making the network safer for its users.


Friday August 12, 2016 4:00pm - 4:30pm
Zilker Ballroom 3

4:00pm

On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis
In contrast to the Android application layer, Android’s application framework’s internals and their influence on the platform security and user privacy are still largely a black box for us. In this paper, we establish a static runtime model of the application framework in order to study its internals and provide the first high-level classification of the framework’s protected resources. We thereby uncover design patterns that differ highly from the runtime model at the application layer. We demonstrate the benefits of our insights for security-focused analysis of the framework by re-visiting the important use-case of mapping Android permissions to framework/SDK API methods. We, in particular, present a novel mapping based on our findings that significantly improves on prior results in this area that were established based on insufficient knowledge about the framework’s internals. Moreover, we introduce the concept of permission locality to show that although framework services follow the principle of separation of duty, the accompanying permission checks to guard sensitive operations violate it.

Speakers
avatar for Erik Derr

Erik Derr

PhD Student, CISPA, Saarland University
Erik Derr is a PhD student in Computer Science working with Dr. Michael Backes at the Center for IT-Security, Privacy and Accountability (CISPA) in Germany. He received a BSc and MSc in Computer Science from Saarland University. His research focuses on mobile security and code an... Read More →
PM

Patrick McDaniel

Patrick McDaniel is a Professor in the Computer Science and Engineering Department at the Pennsylvania State University, co-director of the Systems and Internet Infrastructure Security Laboratory, IEEE Fellow, and Chair of the IEEE Technical Committee for Security and Privacy. Dr... Read More →


Friday August 12, 2016 4:00pm - 4:30pm
Zilker Ballroom 2

4:00pm

Security Competitions

Security competitions and, in particular, Capture-the-Flag (CTF), have emerged as an engaging way for people to learn about attacking and defending systems. In this panel, three veterans of the CTF world will share their experiences in playing and running security competitions, and talk about how integrating CTFs into your curriculum or training programs can help to identify and develop security awareness and expertise. Do CTF skills translate into the real world? Does learning how to attack have value in producing safer systems? Are CGC-inspired autonomous agents the future of systems security? All these questions and more will be on the table in this interactive session.

William Robertson is an Assistant Professor of Computer Science at Northeastern University in Boston. His research focuses on the security of operating systems, mobile devices, and the web, making use of techniques such as program analysis, anomaly detection, and security by design. He won DEFCON CTF in 2005 with Shellphish, and participated in the California Top-to-Bottom-Review (TTBR) and Ohio EVEREST reviews of electronic voting security that have had significant impact on public policy in the states of California and Ohio. He is the author of more than fifty peer-reviewed conference and journal articles, has chaired several conferences and workshops (DIMVA, WOOT, ACSAC), and regularly serves on the program committees of top-tier security conferences.

Sophia D’Antoine is a security engineer at Trail of Bits and a graduate of Rensselaer Polytechnic Institute. She is a regular speaker at security conferences around the world, including RECon, Blackhat, and CanSecWest. Her present work includes techniques for automated software exploitation and software obfuscation using LLVM. She spends too much time playing CTF, pwnable.kr and other wargames.


Moderators
Speakers
DL

Dave Levin

University of Maryland
WR

William Robertson

Northeastern University


Friday August 12, 2016 4:00pm - 6:00pm
Zilker Ballroom 4

4:30pm

k-fingerprinting: A Robust Scalable Website Fingerprinting Technique
Website fingerprinting enables an attacker to infer which web page a client is browsing through encrypted or anonymized network connections. We present a new website fingerprinting technique based on random decision forests and evaluate performance over standard web pages as well as Tor hidden services, on a larger scale than previous works. Our technique, k-fingerprinting, performs better than current state-of-the-art attacks even against website fingerprinting defenses, and we show that it is possible to launch a website fingerprinting attack in the face of a large amount of noisy data. We can correctly determine which of 30 monitored hidden services a client is visiting with 85% true positive rate (TPR), a false positive rate (FPR) as low as 0.02%, from a world size of 100,000 unmonitored web pages. We further show that error rates vary widely between web resources, and thus some patterns of use will be predictably more vulnerable to attack than others.

Speakers
GD

George Danezis

University College London


Friday August 12, 2016 4:30pm - 5:00pm
Zilker Ballroom 3

4:30pm

Practical DIFC Enforcement on Android
Smartphone users often use private and enterprise data with untrusted third party applications. The fundamental lack of secrecy guarantees in smartphone OSes, such as Android, exposes this data to the risk of unauthorized exfiltration. A natural solution is the integration of secrecy guarantees into the OS. In this paper, we describe the challenges for decentralized information flow control (DIFC) enforcement on Android. We propose contextsensitive DIFC enforcement via lazy polyinstantiation and practical and secure network export through domain declassification. Our DIFC system,Weir, is backwards compatible by design, and incurs less than 4 ms overhead for component startup. With Weir, we demonstrate practical and secure DIFC enforcement on Android.

Speakers

Friday August 12, 2016 4:30pm - 5:00pm
Zilker Ballroom 2

5:00pm

Protecting Privacy of BLE Device Users

Bluetooth Low Energy (BLE) has emerged as an attractive technology to enable Internet of Things (IoTs) to interact with others in their vicinity. Our study of the behavior of more than 200 types of BLE-equipped devices has led to a surprising discovery: the BLE protocol, despite its privacy provisions, fails to address the most basic threat of all—hiding the device’s presence from curious adversaries. Revealing the device’s existence is the stepping stone toward more serious threats that include user profiling/fingerprinting, behavior tracking, inference of sensitive information, and exploitation of known vulnerabilities on the device. With thousands of manufacturers and developers around the world, it is very challenging, if not impossible, to envision the viability of any privacy or security solution that requires changes to the devices or the BLE protocol.

In this paper, we propose a new device-agnostic system, called BLE-Guardian, that protects the privacy of the users/environments equipped with BLE devices/IoTs. It enables the users and administrators to control those who discover, scan and connect to their devices. We have implemented BLE-Guardian using Ubertooth One, an off-the-shelf open Bluetooth development platform, facilitating its broad deployment. Our evaluation with real devices shows that BLE-Guardian effectively protects the users’ privacy while incurring little overhead on the communicating BLE-devices.



Friday August 12, 2016 5:00pm - 5:30pm
Zilker Ballroom 3

5:00pm

Screen after Previous Screens: Spatial-Temporal Recreation of Android App Displays from Memory Images
Smartphones are increasingly involved in cyber and real world crime investigations. In this paper, we demonstrate a powerful smartphone memory forensics technique, called RetroScope, which recovers multiple previous screens of an Android app — in the order they were displayed — from the phone’s memory image. Different from traditional memory forensics, RetroScope enables spatial-temporal forensics, revealing the progression of the phone user’s interactions with the app (e.g., a banking transaction, online chat, or document editing session). RetroScope achieves near perfect accuracy in both the recreation and ordering of reconstructed screens. Further, RetroScope is app-agnostic, requiring no knowledge about an app’s internal data definitions or rendering logic. RetroScope is inspired by the observations that (1) app-internal data on previous screens exists much longer in memory than the GUI data structures that “package” them and (2) each app is able to perform context-free redrawing of its screens upon command from the Android framework. Based on these, RetroScope employs a novel interleaved re-execution engine to selectively reanimate an app’s screen redrawing functionality from within a memory image. Our evaluation shows that RetroScope is able to recover full temporally-ordered sets of screens (each with 3 to 11 screens) for a variety of popular apps on a number of different Android devices.

Speakers
avatar for Golden G. Richard III

Golden G. Richard III

Professor, University of New Orleans
I'm a computer science professor who teaches and performs research in digital forensics, reverse engineering, malware analysis, and operating systems internals and also a private digital forensics investigator. I'm also a concert photographer @ High ISO Music: www.highisomusic... Read More →
DX

Dongyan Xu

Purdue University
XZ

Xiangyu Zhang

Purdue University


Friday August 12, 2016 5:00pm - 5:30pm
Zilker Ballroom 2

5:30pm

Harvesting Inconsistent Security Configurations in Custom Android ROMs via Differential Analysis
Android customization offers substantially different experiences and rich functionalities to users. Every party in the customization chain, such as vendors and carriers, modify the OS and the pre-installed apps to tailor their devices for a variety of models, regions, and custom services. However, these modifications do not come at no cost. Several existing studies demonstrate that modifying security configurations during the customization brings in critical security vulnerabilities. Albeit these serious consequences, little has been done to systematically study how Android customization can lead to security problems, and how severe the situation is. In this work, we systematically identified security features that, if altered during the customization, can introduce potential risks. We conducted a large scale differential analysis on 591 custom images to detect inconsistent security features. Our results show that these discrepancies are indeed prevalent among our collected images. We have further identified several risky patterns that warrant further investigation. We have designed attacks on real devices and confirmed that these inconsistencies can indeed lead to actual security breaches.


Friday August 12, 2016 5:30pm - 6:00pm
Zilker Ballroom 2

5:30pm

Privacy in Epigenetics: Temporal Linkability of MicroRNA Expression Profiles

The decreasing cost of molecular profiling tests, such as DNA sequencing, and the consequent increasing availability of biological data are revolutionizing medicine, but at the same time create novel privacy risks. The research community has already proposed a plethora of methods for protecting genomic data against these risks. However, the privacy risks stemming from epigenetics, which bridges the gap between the genome and our health characteristics, have been largely overlooked so far, even though epigenetic data such as microRNAs (miRNAs) are no less privacy sensitive. This lack of investigation is attributed to the common belief that the inherent temporal variability of miRNAs shields them from being tracked and linked over time.

In this paper, we show that, contrary to this belief, miRNA expression profiles can be successfully tracked over time, despite their variability. Specifically, we show that two blood-based miRNA expression profiles taken with a time difference of one week from the same person can be matched with a success rate of 90%. We furthermore observe that this success rate stays almost constant when the time difference is increased from one week to one year. In order to mitigate the linkability threat, we propose and thoroughly evaluate two countermeasures: (i) hiding a subset of disease-irrelevant miRNA expressions, and (ii) probabilistically sanitizing the miRNA expression profiles. Our experiments show that the second mechanism provides a better trade-off between privacy and disease-prediction accuracy.



Friday August 12, 2016 5:30pm - 6:00pm
Zilker Ballroom 3