-
Addressing Network Packet-based Cheats in Multiplayer Games: A Secret Sharing Approach
Authors:
Yaqi Cai,
Konstantinos Markantonakis,
Carlton Shepherd
Abstract:
Multiplayer online gaming has witnessed an explosion in popularity over the past two decades. However, security issues continue to give rise to in-game cheating, deterring honest gameplay, detracting from user experience, and ultimately bringing financial harm to game developers. In this paper, we present a new approach for detecting network packet-based cheats, such as forgery and timing cheats,…
▽ More
Multiplayer online gaming has witnessed an explosion in popularity over the past two decades. However, security issues continue to give rise to in-game cheating, deterring honest gameplay, detracting from user experience, and ultimately bringing financial harm to game developers. In this paper, we present a new approach for detecting network packet-based cheats, such as forgery and timing cheats, within the context of multiplayer games using an application of secret sharing. Our developed protocols are subjected to formal verification using AVISPA, and we present simulation results using a Python-based implementation. We show that our proposal is practical in addressing some widely used attacks in online gaming.
△ Less
Submitted 18 January, 2025;
originally announced January 2025.
-
Control-Flow Attestation: Concepts, Solutions, and Open Challenges
Authors:
Zhanyu Sha,
Carlton Shepherd,
Amir Rafi,
Konstantinos Markantonakis
Abstract:
Control-flow attestation unifies the worlds of control-flow integrity and platform attestation by measuring and reporting a target's run-time behaviour to a verifier. Trust assurances in the target are provided by testing whether its execution follows an authorised control-flow path. The problem has been explored in various settings, such as assessing the trustworthiness of cloud platforms, cyber-…
▽ More
Control-flow attestation unifies the worlds of control-flow integrity and platform attestation by measuring and reporting a target's run-time behaviour to a verifier. Trust assurances in the target are provided by testing whether its execution follows an authorised control-flow path. The problem has been explored in various settings, such as assessing the trustworthiness of cloud platforms, cyber-physical systems, and Internet of Things devices. Despite a significant number of proposals being made in recent years, the area remains fragmented, with different adversarial behaviours, verification paradigms, and deployment challenges being addressed. In this paper, we present the first survey of control-flow attestation, examining the core ideas and solutions in state-of-the-art schemes. In total, we survey over 30 papers published between 2016--2024, consolidate and compare their key features, and pose several challenges and recommendations for future research in the area.
△ Less
Submitted 4 December, 2024; v1 submitted 12 August, 2024;
originally announced August 2024.
-
A First Look at Digital Rights Management Systems for Secure Mobile Content Delivery
Authors:
Amir Rafi,
Carlton Shepherd,
Konstantinos Markantonakis
Abstract:
Digital rights management (DRM) solutions aim to prevent the copying or distribution of copyrighted material. On mobile devices, a variety of DRM technologies have become widely deployed. However, a detailed security study comparing their internal workings, and their strengths and weaknesses, remains missing in the existing literature. In this paper, we present the first detailed security analysis…
▽ More
Digital rights management (DRM) solutions aim to prevent the copying or distribution of copyrighted material. On mobile devices, a variety of DRM technologies have become widely deployed. However, a detailed security study comparing their internal workings, and their strengths and weaknesses, remains missing in the existing literature. In this paper, we present the first detailed security analysis of mobile DRM systems, addressing the modern paradigm of cloud-based content delivery followed by major platforms, such as Netflix, Disney+, and Amazon Prime. We extensively analyse the security of three widely used DRM solutions -- Google Widevine, Apple FairPlay, and Microsoft PlayReady -- deployed on billions of devices worldwide. We then consolidate their features and capabilities, deriving common features and security properties for their evaluation. Furthermore, we identify some design-level shortcomings that render them vulnerable to emerging attacks within the state of the art, including micro-architectural side-channel vulnerabilities and an absence of post-quantum security. Lastly, we propose mitigations and suggest future directions of research.
△ Less
Submitted 3 August, 2023; v1 submitted 1 August, 2023;
originally announced August 2023.
-
Investigating Black-Box Function Recognition Using Hardware Performance Counters
Authors:
Carlton Shepherd,
Benjamin Semal,
Konstantinos Markantonakis
Abstract:
This paper presents new methods and results for recognising black-box program functions using hardware performance counters (HPC), where an investigator can invoke and measure function calls. Important use cases include analysing compiled libraries, e.g. static and dynamic link libraries, and trusted execution environment (TEE) applications. We develop a generic approach to classify a comprehensiv…
▽ More
This paper presents new methods and results for recognising black-box program functions using hardware performance counters (HPC), where an investigator can invoke and measure function calls. Important use cases include analysing compiled libraries, e.g. static and dynamic link libraries, and trusted execution environment (TEE) applications. We develop a generic approach to classify a comprehensive set of hardware events, e.g. branch mis-predictions and instruction retirements, to recognise standard benchmarking and cryptographic library functions. This includes various signing, verification and hash functions, and ciphers in numerous modes of operation. Three architectures are evaluated using off-the-shelf Intel/X86-64, ARM, and RISC-V CPUs. Next, we show that several known CVE-numbered OpenSSL vulnerabilities can be detected using HPC differences between patched and unpatched library versions. Further, we demonstrate that standardised cryptographic functions within ARM TrustZone TEE applications can be recognised using non-secure world HPC measurements, applying to platforms that insecurely perturb the performance monitoring unit (PMU) during TEE execution. High accuracy was achieved in all cases (86.22-99.83%) depending on the application, architectural, and compilation assumptions. Lastly, we discuss mitigations, outstanding challenges, and directions for future research.
△ Less
Submitted 28 November, 2022; v1 submitted 25 April, 2022;
originally announced April 2022.
-
A New Approach to Complex Dynamic Geofencing for Unmanned Aerial Vehicles
Authors:
Vihangi Vagal,
Konstantinos Markantonakis,
Carlton Shepherd
Abstract:
The anticipated widespread use of unmanned aerial vehicles (UAVs) raises significant safety and security concerns, including trespassing in restricted areas, colliding with other UAVs, and disrupting high-traffic airspaces. To mitigate these risks, geofences have been proposed as one line of defence, which limit UAVs from flying into the perimeters of other UAVs and restricted locations. In this p…
▽ More
The anticipated widespread use of unmanned aerial vehicles (UAVs) raises significant safety and security concerns, including trespassing in restricted areas, colliding with other UAVs, and disrupting high-traffic airspaces. To mitigate these risks, geofences have been proposed as one line of defence, which limit UAVs from flying into the perimeters of other UAVs and restricted locations. In this paper, we address the concern that existing geometric geofencing algorithms lack accuracy during the calculation of complex geofences, particularly in dynamic urban environments. We propose a new algorithm based on alpha shapes and Voronoi diagrams, which we integrate into an on-drone framework using an open-source mapping database from OpenStreetMap. To demonstrate its efficacy, we present performance results using Microsoft's AirSim and a low-cost commercial UAV platform in a real-world urban environment.
△ Less
Submitted 18 October, 2021;
originally announced October 2021.
-
A Side-channel Analysis of Sensor Multiplexing for Covert Channels and Application Profiling on Mobile Devices
Authors:
Carlton Shepherd,
Jan Kalbantner,
Benjamin Semal,
Konstantinos Markantonakis
Abstract:
Mobile devices often distribute measurements from physical sensors to multiple applications using software multiplexing. On Android devices, the highest requested sampling frequency is returned to all applications, even if others request measurements at lower frequencies. In this paper, we comprehensively demonstrate that this design choice exposes practically exploitable side-channels using frequ…
▽ More
Mobile devices often distribute measurements from physical sensors to multiple applications using software multiplexing. On Android devices, the highest requested sampling frequency is returned to all applications, even if others request measurements at lower frequencies. In this paper, we comprehensively demonstrate that this design choice exposes practically exploitable side-channels using frequency-key shifting. By carefully modulating sensor sampling frequencies in software, we show how unprivileged malicious applications can construct reliable spectral covert channels that bypass existing security mechanisms. Additionally, we present a novel variant that allows an unprivileged malicious application to profile other active, sensor-enabled applications at a coarse-grained level. Both methods do not impose any special assumptions beyond accessing standard mobile services available to developers. As such, our work reports side-channel vulnerabilities that exploit subtle yet insecure design choices in Android sensor stacks.
△ Less
Submitted 9 October, 2023; v1 submitted 12 October, 2021;
originally announced October 2021.
-
Physical Fault Injection and Side-Channel Attacks on Mobile Devices: A Comprehensive Analysis
Authors:
Carlton Shepherd,
Konstantinos Markantonakis,
Nico van Heijningen,
Driss Aboulkassimi,
Clément Gaine,
Thibaut Heckmann,
David Naccache
Abstract:
Today's mobile devices contain densely packaged system-on-chips (SoCs) with multi-core, high-frequency CPUs and complex pipelines. In parallel, sophisticated SoC-assisted security mechanisms have become commonplace for protecting device data, such as trusted execution environments, full-disk and file-based encryption. Both advancements have dramatically complicated the use of conventional physical…
▽ More
Today's mobile devices contain densely packaged system-on-chips (SoCs) with multi-core, high-frequency CPUs and complex pipelines. In parallel, sophisticated SoC-assisted security mechanisms have become commonplace for protecting device data, such as trusted execution environments, full-disk and file-based encryption. Both advancements have dramatically complicated the use of conventional physical attacks, requiring the development of specialised attacks. In this survey, we consolidate recent developments in physical fault injections and side-channel attacks on modern mobile devices. In total, we comprehensively survey over 50 fault injection and side-channel attack papers published between 2009-2021. We evaluate the prevailing methods, compare existing attacks using a common set of criteria, identify several challenges and shortcomings, and suggest future directions of research.
△ Less
Submitted 22 March, 2022; v1 submitted 10 May, 2021;
originally announced May 2021.
-
A DLT-based Smart Contract Architecture for Atomic and Scalable Trading
Authors:
J. Kalbantner,
K. Markantonakis,
D. Hurley-Smith,
C. Shepherd,
B. Semal
Abstract:
Distributed Ledger Technology (DLT) has an enormous potential but also downsides. One downside of many DLT systems, such as blockchain, is their limited transaction throughput that hinders their adoption in many use cases (e.g., real-time payments). State channels have emerged as a potential solution to enhance throughput by allowing transactions to process off-chain. While current proposals can i…
▽ More
Distributed Ledger Technology (DLT) has an enormous potential but also downsides. One downside of many DLT systems, such as blockchain, is their limited transaction throughput that hinders their adoption in many use cases (e.g., real-time payments). State channels have emerged as a potential solution to enhance throughput by allowing transactions to process off-chain. While current proposals can increase scalability, they require high collateral and lack support for dynamic systems that require asynchronous state transitions. Additionally, the latency of channel initialisations can cause issues especially if fast interactions are required. In this paper, we propose an atomic, scalable and privacy-preserving protocol that enables secure and dynamic updates. We develop a smart contract-based Credit-Note System (CNS) that allows participants to lock funds before a state channel initialisation, which enhances flexibility and efficiency. We formalise our model using the Universal Composability (UC) framework and demonstrate that it achieves the stated design goals of privacy, scalability, and atomicity. Moreover, we implement a dispute process in the state channel to counter availability attacks. Finally, we analyse the protocol in the context of an asynchronous smart grid-based marketplace.
△ Less
Submitted 6 May, 2021;
originally announced May 2021.
-
Return-Oriented Programming on RISC-V
Authors:
Georges-Axel Jaloyan,
Konstantinos Markantonakis,
Raja Naeem Akram,
David Robin,
Keith Mayes,
David Naccache
Abstract:
This paper provides the first analysis on the feasibility of Return-Oriented Programming (ROP) on RISC-V, a new instruction set architecture targeting embedded systems. We show the existence of a new class of gadgets, using several Linear Code Sequences And Jumps (LCSAJ), undetected by current Galileo-based ROP gadget searching tools. We argue that this class of gadgets is rich enough on RISC-V to…
▽ More
This paper provides the first analysis on the feasibility of Return-Oriented Programming (ROP) on RISC-V, a new instruction set architecture targeting embedded systems. We show the existence of a new class of gadgets, using several Linear Code Sequences And Jumps (LCSAJ), undetected by current Galileo-based ROP gadget searching tools. We argue that this class of gadgets is rich enough on RISC-V to mount complex ROP attacks, bypassing traditional mitigation like DEP, ASLR, stack canaries, G-Free, as well as some compiler-based backward-edge CFI, by jumping over any guard inserted by a compiler to protect indirect jump instructions. We provide examples of such gadgets, as well as a proof-of-concept ROP chain, using C code injection to leverage a privilege escalation attack on two standard Linux operating systems. Additionally, we discuss some of the required mitigations to prevent such attacks and provide a new ROP gadget finder algorithm that handles this new class of gadgets.
△ Less
Submitted 15 March, 2021;
originally announced March 2021.
-
LIRA-V: Lightweight Remote Attestation for Constrained RISC-V Devices
Authors:
Carlton Shepherd,
Konstantinos Markantonakis,
Georges-Axel Jaloyan
Abstract:
This paper presents LIRA-V, a lightweight system for performing remote attestation between constrained devices using the RISC-V architecture. We propose using read-only memory and the RISC-V Physical Memory Protection (PMP) primitive to build a trust anchor for remote attestation and secure channel creation. Moreover, we show how LIRA-V can be used for trusted communication between two devices usi…
▽ More
This paper presents LIRA-V, a lightweight system for performing remote attestation between constrained devices using the RISC-V architecture. We propose using read-only memory and the RISC-V Physical Memory Protection (PMP) primitive to build a trust anchor for remote attestation and secure channel creation. Moreover, we show how LIRA-V can be used for trusted communication between two devices using mutual attestation. We present the design, implementation and evaluation of LIRA-V using an off-the-shelf RISC-V microcontroller and present performance results to demonstrate its suitability. To our knowledge, we present the first remote attestation mechanism suitable for constrained RISC-V devices, with applications to cyber-physical systems and Internet of Things (IoT) devices.
△ Less
Submitted 22 March, 2022; v1 submitted 17 February, 2021;
originally announced February 2021.
-
Deep Learning Application in Security and Privacy -- Theory and Practice: A Position Paper
Authors:
Julia A. Meister,
Raja Naeem Akram,
Konstantinos Markantonakis
Abstract:
Technology is shaping our lives in a multitude of ways. This is fuelled by a technology infrastructure, both legacy and state of the art, composed of a heterogeneous group of hardware, software, services and organisations. Such infrastructure faces a diverse range of challenges to its operations that include security, privacy, resilience, and quality of services. Among these, cybersecurity and pri…
▽ More
Technology is shaping our lives in a multitude of ways. This is fuelled by a technology infrastructure, both legacy and state of the art, composed of a heterogeneous group of hardware, software, services and organisations. Such infrastructure faces a diverse range of challenges to its operations that include security, privacy, resilience, and quality of services. Among these, cybersecurity and privacy are taking the centre-stage, especially since the General Data Protection Regulation (GDPR) came into effect. Traditional security and privacy techniques are overstretched and adversarial actors have evolved to design exploitation techniques that circumvent protection. With the ever-increasing complexity of technology infrastructure, security and privacy-preservation specialists have started to look for adaptable and flexible protection methods that can evolve (potentially autonomously) as the adversarial actor changes its techniques. For this, Artificial Intelligence (AI), Machine Learning (ML) and Deep Learning (DL) were put forward as saviours. In this paper, we look at the promises of AI, ML, and DL stated in academic and industrial literature and evaluate how realistic they are. We also put forward potential challenges a DL based security and privacy protection technique has to overcome. Finally, we conclude the paper with a discussion on what steps the DL and the security and privacy-preservation community have to take to ensure that DL is not just going to be hype, but an opportunity to build a secure, reliable, and trusted technology infrastructure on which we can rely on for so much in our lives.
△ Less
Submitted 1 December, 2018;
originally announced December 2018.
-
An evaluation of the security of the Bitcoin Peer-to- Peer Network
Authors:
James Tapsell,
Raja Naeem Akram,
Konstantinos Markantonakis
Abstract:
Bitcoin is a decentralised digital currency that relies on cryptography rather than trusted third parties such as central banks for its security. Underpinning the operation of the currency is a peer-to-peer (P2P) network that facilitates the execution of transactions by end users, as well as the transaction confirmation process known as bitcoin mining. The security of this P2P network is vital for…
▽ More
Bitcoin is a decentralised digital currency that relies on cryptography rather than trusted third parties such as central banks for its security. Underpinning the operation of the currency is a peer-to-peer (P2P) network that facilitates the execution of transactions by end users, as well as the transaction confirmation process known as bitcoin mining. The security of this P2P network is vital for the currency to function and subversion of the underlying network can lead to attacks on bitcoin users including theft of bitcoins, manipulation of the mining process and denial of service (DoS). As part of this paper the network protocol and bitcoin core software are analysed, with three bitcoin message exchanges (the connection handshake, GETHEADERS/HEADERS and MEMPOOL/INV) found to be potentially vulnerable to spoofing and use in distributed denial of service (DDoS) attacks. Possible solutions to the identified weaknesses and vulnerabilities are evaluated, such as the introduction of random nonces into network messages exchanges.
△ Less
Submitted 28 May, 2018; v1 submitted 25 May, 2018;
originally announced May 2018.
-
E-Voting with Blockchain: An E-Voting Protocol with Decentralisation and Voter Privacy
Authors:
Freya Sheer Hardwick,
Apostolos Gioulis,
Raja Naeem Akram,
Konstantinos Markantonakis
Abstract:
Technology has positive impacts on many aspects of our social life. Designing a 24hour globally connected architecture enables ease of access to a variety of resources and services. Furthermore, technology like Internet has been a fertile ground for innovation and creativity. One of such disruptive innovation is blockchain -- a keystone of cryptocurrencies. The blockchain technology is presented a…
▽ More
Technology has positive impacts on many aspects of our social life. Designing a 24hour globally connected architecture enables ease of access to a variety of resources and services. Furthermore, technology like Internet has been a fertile ground for innovation and creativity. One of such disruptive innovation is blockchain -- a keystone of cryptocurrencies. The blockchain technology is presented as a game changer for many of the existing and emerging technologies/services. With its immutability property and decentralised architecture, it is taking centre stage in many services as an equalisation factor to the current parity between consumers and large corporations/governments. One of such potential applications of the blockchain is in e-voting schemes. The objective of such a scheme would be to provide a decentralised architecture to run and support a voting scheme that is open, fair and independently verifiable. In this paper, we propose potentially a new e-voting protocol that utilises the blockchain as a transparent ballot box. The protocol has been designed with adhering to the fundamental e-voting properties in mind as well as offering a degree of decentralisation and allowing for the voter to change/update their vote (within the permissible voting period). The paper highlights the pros and cons of using blockchain for such a proposal from practical point view in both development/deployment and usage contexts. Concluding the paper with a potential roadmap for blockchain technology to be able to support complex applications.
△ Less
Submitted 3 July, 2018; v1 submitted 25 May, 2018;
originally announced May 2018.
-
Fair and Transparent Blockchain based Tendering Framework - A Step Towards Open Governance
Authors:
Freya Sheer Hardwick,
Raja Naeem Akram,
Konstantinos Markantonakis
Abstract:
Society is in constant transition to keep up with technological advancement, we are seeing traditional paradigms being increasingly challenged. The fundamentals of governance are one such paradigm. As society's values have shifted, so have expectations of government shifted from the traditional model to something commonly referred to as 'open governance'. Though a disputed term, we take open gover…
▽ More
Society is in constant transition to keep up with technological advancement, we are seeing traditional paradigms being increasingly challenged. The fundamentals of governance are one such paradigm. As society's values have shifted, so have expectations of government shifted from the traditional model to something commonly referred to as 'open governance'. Though a disputed term, we take open governance to mean a concept, which encourages and facilitates openness, accountability, and responsiveness to citizens. For the success of open governance initiatives, there are some technologies, such as the internet, that are crucial. These technologies enable access to both the data and to engagement activities between citizens and government. There are also other technologies, like blockchain and smart contacts, which could be utilised to assist open governance. A sound starting point would be moving from a system where information is tediously released by a government, on an 'as they please' basis, to an infrastructure where critical actions are captured with strong integrity, non-repudiation and evidential guarantees. With an added dimension that facilitates these actions record be accessible to public scrutiny in near real-time. One candidate technology for capturing such actions is blockchain. The blockchains utility is being recognised through smart contracts - potentially a vital building block to realising open and transparent government activities. In this paper, we employ the concept of smart contracts to government tendering activities. The proposed scheme is based on smart contracts, enabling a fair, transparent and independently verifiable (auditable) government tendering scheme. The scheme is then implemented on the Ethereum platform to evaluate the performance and financial cost implications, along with an evaluation of the potential security and auditability challenges.
△ Less
Submitted 15 May, 2018;
originally announced May 2018.
-
Consumer Centric Data Control, Tracking and Transparency -- A Position Paper
Authors:
James Tapsell,
Raja Naeem Akram,
Konstantinos Markantonakis
Abstract:
Personal data related to a user's activities, preferences and services, is considered to be a valuable commodity not only for a wide range of technology-oriented companies like Google, Amazon and Apple but also for more traditional companies like travel/transport, banking, entertainment and marketing industry. This has resulted in more targeted and to a great extend personalised services for indiv…
▽ More
Personal data related to a user's activities, preferences and services, is considered to be a valuable commodity not only for a wide range of technology-oriented companies like Google, Amazon and Apple but also for more traditional companies like travel/transport, banking, entertainment and marketing industry. This has resulted in more targeted and to a great extend personalised services for individuals -- in most cases at a minimal financial cost to them. The operational reality upon which a user authorises companies to collect his/her personal data to receive, in return, more personalised/targeted/context-aware services and hassle-free activities (for users) is widely deployed. It becomes evident that the security, integrity and accessibility of the collected data are of paramount importance. These characteristics are becoming more entrenched in the era of Internet-of-Things (IoT), autonomous vehicles and seamless travel. In this position paper, we examine the challenges faced by both users and organisations in dealing with the Personal Identifiable Information (PII). Furthermore, we expand on the implications of the General Data Protection Regulation (GDPR) specifically for the management of the PII. Subsequently, we extend the discussion to future technologies, especially the IoT and integrated transport systems for better customer experience -- and their ramification on the data governance and PII management. Finally, we propose a framework that balances user's privacy and data control with an organisation's objective of delivering quality, targeted and efficient services to their customers using the "collected user data". This framework is referred to as "Consumer Oriented Data Control \& Auditability" (CODCA) and defines the technologies that are adapted to privacy concerns and legal/regulation-frameworks.
△ Less
Submitted 12 May, 2018;
originally announced May 2018.
-
Remote Credential Management with Mutual Attestation for Trusted Execution Environments
Authors:
Carlton Shepherd,
Raja N. Akram,
Konstantinos Markantonakis
Abstract:
Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TE…
▽ More
Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation. The proposed protocols are agnostic to the underlying TEE implementation and subjected to formal verification using Scyther, which found no attacks.
△ Less
Submitted 26 November, 2018; v1 submitted 27 April, 2018;
originally announced April 2018.
-
EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs
Authors:
Carlton Shepherd,
Raja Naeem Akram,
Konstantinos Markantonakis
Abstract:
Remote mobile and embedded devices are used to deliver increasingly impactful services, such as medical rehabilitation and assistive technologies. Secure system logging is beneficial in these scenarios to aid audit and forensic investigations particularly if devices bring harm to end-users. Logs should be tamper-resistant in storage, during execution, and when retrieved by a trusted remote verifie…
▽ More
Remote mobile and embedded devices are used to deliver increasingly impactful services, such as medical rehabilitation and assistive technologies. Secure system logging is beneficial in these scenarios to aid audit and forensic investigations particularly if devices bring harm to end-users. Logs should be tamper-resistant in storage, during execution, and when retrieved by a trusted remote verifier. In recent years, Trusted Execution Environments (TEEs) have emerged as the go-to root of trust on constrained devices for isolated execution of sensitive applications. Existing TEE-based logging systems, however, focus largely on protecting server-side logs and offer little protection to constrained source devices. In this paper, we introduce EmLog -- a tamper-resistant logging system for constrained devices using the GlobalPlatform TEE. EmLog provides protection against complex software adversaries and offers several additional security properties over past schemes. The system is evaluated across three log datasets using an off-the-shelf ARM development board running an open-source, GlobalPlatform-compliant TEE. On average, EmLog runs with low run-time memory overhead (1MB heap and stack), 430--625 logs/second throughput, and five-times persistent storage overhead versus unprotected logs.
△ Less
Submitted 18 December, 2017; v1 submitted 11 December, 2017;
originally announced December 2017.
-
Security, Privacy and Safety Evaluation of Dynamic and Static Fleets of Drones
Authors:
Raja Naeem Akram,
Konstantinos Markantonakis,
Keith Mayes,
Oussama Habachi,
Damien Sauveron,
Andreas Steyven,
Serge Chaumette
Abstract:
Inter-connected objects, either via public or private networks are the near future of modern societies. Such inter-connected objects are referred to as Internet-of-Things (IoT) and/or Cyber-Physical Systems (CPS). One example of such a system is based on Unmanned Aerial Vehicles (UAVs). The fleet of such vehicles are prophesied to take on multiple roles involving mundane to high-sensitive, such as…
▽ More
Inter-connected objects, either via public or private networks are the near future of modern societies. Such inter-connected objects are referred to as Internet-of-Things (IoT) and/or Cyber-Physical Systems (CPS). One example of such a system is based on Unmanned Aerial Vehicles (UAVs). The fleet of such vehicles are prophesied to take on multiple roles involving mundane to high-sensitive, such as, prompt pizza or shopping deliveries to your homes to battlefield deployment for reconnaissance and combat missions. Drones, as we refer to UAVs in this paper, either can operate individually (solo missions) or part of a fleet (group missions), with and without constant connection with the base station. The base station acts as the command centre to manage the activities of the drones. However, an independent, localised and effective fleet control is required, potentially based on swarm intelligence, for the reasons: 1) increase in the number of drone fleets, 2) number of drones in a fleet might be multiple of tens, 3) time-criticality in making decisions by such fleets in the wild, 4) potential communication congestions/lag, and 5) in some cases working in challenging terrains that hinders or mandates-limited communication with control centre (i.e., operations spanning long period of times or military usage of such fleets in enemy territory). This self-ware, mission-focused and independent fleet of drones that potential utilises swarm intelligence for a) air-traffic and/or flight control management, b) obstacle avoidance, c) self-preservation while maintaining the mission criteria, d) collaboration with other fleets in the wild (autonomously) and e) assuring the security, privacy and safety of physical (drones itself) and virtual (data, software) assets. In this paper, we investigate the challenges faced by fleet of drones and propose a potential course of action on how to overcome them.
△ Less
Submitted 18 August, 2017;
originally announced August 2017.
-
Serverless Protocols for Inventory and Tracking with a UAV
Authors:
Collins Mtita,
Maryline Laurent,
Damien Sauveron,
Raja Naeem Akram,
Konstantinos Markantonakis,
Serge Chaumette
Abstract:
It is widely acknowledged that the proliferation of Unmanned Aerial Vehicles (UAVs) may lead to serious concerns regarding avionics safety, particularly when end-users are not adhering to air safety regulations. There are, however, domains in which UAVs may help to increase the safety of airplanes and the management of flights and airport resources that often require substantial human resources. F…
▽ More
It is widely acknowledged that the proliferation of Unmanned Aerial Vehicles (UAVs) may lead to serious concerns regarding avionics safety, particularly when end-users are not adhering to air safety regulations. There are, however, domains in which UAVs may help to increase the safety of airplanes and the management of flights and airport resources that often require substantial human resources. For instance, Paris Charles de Gaulle airport (CDG) has more than 7,000 staff and supports 30,000 direct jobs for more than 60 million passengers per year (as of 2016). Indeed, these new systems can be used beneficially for several purposes, even in sensitive areas like airports. Among the considered applications are those that suggest using UAVs to enhance safety of on-ground airplanes; for instance, by collecting (once the aircraft has landed) data recorded by different systems during the flight (like the sensors of the Aircraft Data Networks - ADN) or by examining the state of airplane structure. In this paper, our proposal is to use UAVs, under the control of the airport authorities, to inventory and track various tagged assets, such as luggage, supplies required for the flights, and maintenance tools. The aim of our proposal is to make airport management systems more efficient for operations requiring inventory and tracking, along with increasing safety (sensitive assets such as refueling tanks, or sensitive pieces of luggage can be tracked), thus raising financial profit.
△ Less
Submitted 17 August, 2017;
originally announced August 2017.
-
An Efficient, Secure and Trusted Channel Protocol for Avionics Wireless Networks
Authors:
Raja Naeem Akram,
Konstantinos Markantonakis,
Keith Mayes,
Pierre-Francois Bonnefoi,
Damien Sauveron,
Serge Chaumette
Abstract:
Avionics networks rely on a set of stringent reliability and safety requirements. In existing deployments, these networks are based on a wired technology, which supports these requirements. Furthermore, this technology simplifies the security management of the network since certain assumptions can be safely made, including the inability of an attacker to access the network, and the fact that it is…
▽ More
Avionics networks rely on a set of stringent reliability and safety requirements. In existing deployments, these networks are based on a wired technology, which supports these requirements. Furthermore, this technology simplifies the security management of the network since certain assumptions can be safely made, including the inability of an attacker to access the network, and the fact that it is almost impossible for an attacker to introduce a node into the network. The proposal for Avionics Wireless Networks (AWNs), currently under development by multiple aerospace working groups, promises a reduction in the complexity of electrical wiring harness design and fabrication, a reduction in the total weight of wires, increased customization possibilities, and the capacity to monitor otherwise inaccessible moving or rotating aircraft parts such as landing gear and some sections of the aircraft engines. While providing these benefits, the AWN must ensure that it provides levels of safety that are at minimum equivalent to those offered by the wired equivalent. In this paper, we propose a secure and trusted channel protocol that satisfies the stated security and operational requirements for an AWN protocol. There are three main objectives for this protocol. First, the protocol has to provide the assurance that all communicating entities can trust each other, and can trust their internal (secure) software and hardware states. Second, the protocol has to establish a fair key exchange between all communicating entities so as to provide a secure channel. Finally, the third objective is to be efficient for both the initial start-up of the network and when resuming a session after a cold and/or warm restart of a node. The proposed protocol is implemented and performance measurements are presented based on this implementation. In addition, we formally verify our proposed protocol using CasperFDR.
△ Less
Submitted 16 August, 2016; v1 submitted 14 August, 2016;
originally announced August 2016.
-
Security and Performance Comparison of Different Secure Channel Protocols for Avionics Wireless Networks
Authors:
Raja Naeem Akram,
Konstantinos Markantonakis,
Keith Mayes,
Pierre-Francois Bonnefoi,
Damien Sauveron,
Serge Chaumette
Abstract:
The notion of Integrated Modular Avionics (IMA) refers to inter-connected pieces of avionics equipment supported by a wired technology, with stringent reliability and safety requirements. If the inter-connecting wires are physically secured so that a malicious user cannot access them directly, then this enforces (at least partially) the security of the network. However, substituting the wired netw…
▽ More
The notion of Integrated Modular Avionics (IMA) refers to inter-connected pieces of avionics equipment supported by a wired technology, with stringent reliability and safety requirements. If the inter-connecting wires are physically secured so that a malicious user cannot access them directly, then this enforces (at least partially) the security of the network. However, substituting the wired network with a wireless network - which in this context is referred to as an Avionics Wireless Network (AWN) - brings a number of new challenges related to assurance, reliability, and security. The AWN thus has to ensure that it provides at least the required security and safety levels offered by the equivalent wired network. Providing a wired-equivalent security for a communication channel requires the setting up of a strong, secure (encrypted) channel between the entities that are connected to the AWN. In this paper, we propose three approaches to establish such a secure channel based on (i) pre-shared keys, (ii) trusted key distribution, and (iii) key-sharing protocols. For each of these approaches, we present two representative protocol variants. These protocols are then implemented as part of a demo AWN and they are then compared based on performance measurements. Most importantly, we have evaluated these protocols based on security and operational requirements that we define in this paper for an AWN.
△ Less
Submitted 17 August, 2016; v1 submitted 14 August, 2016;
originally announced August 2016.
-
Challenges of Security and Trust of Mobile Devices as Digital Avionics Component
Authors:
Raja Naeem Akram,
Konstantinos Markantonakis
Abstract:
Mobile devices are becoming part of modern digital avionics. Mobile devices can be applied to a range of scenarios, from Electronic Flight Bags to maintenance platforms, in order to manage and configure flight information, configure avionics networks or perform maintenance tasks (including offloading flight logs). It can be argued that recent developments show an increased use of personal mobile d…
▽ More
Mobile devices are becoming part of modern digital avionics. Mobile devices can be applied to a range of scenarios, from Electronic Flight Bags to maintenance platforms, in order to manage and configure flight information, configure avionics networks or perform maintenance tasks (including offloading flight logs). It can be argued that recent developments show an increased use of personal mobile devices playing an integral part in the digital avionics industry. In this paper, we look into different proposals for integrating mobile devices with various avionics networks -- either as part of the Bring Your Own Device (BYOD) or Corporate Owned Personally Enabled (COPE) paradigms. Furthermore, we will evaluate the security and trust challenges presented by these devices in their respective domains. This analysis will also include the issues related to communication between the mobile device and the aircraft network via either wired or wireless channels. Finally, the paper puts forward a set of guidelines with regards to the security and trust issues that might be crucial when enabling mobile devices to be part of aircraft networks.
△ Less
Submitted 2 May, 2016;
originally announced May 2016.
-
When Theory and Reality Collide: Demystifying the Effectiveness of Ambient Sensing for NFC-based Proximity Detection by Applying Relay Attack Data
Authors:
Iakovos Gurulian,
Carlton Shepherd,
Konstantinos Markantonakis,
Raja Naeem Akram,
Keith Mayes
Abstract:
Over the past decade, smartphones have become the point of convergence for many applications and services. There is a growing trend in which traditional smart-card based services like banking, transport and access control are being provisioned through smartphones. Smartphones with Near Field Communication (NFC) capability can emulate a contactless smart card; popular examples of such services incl…
▽ More
Over the past decade, smartphones have become the point of convergence for many applications and services. There is a growing trend in which traditional smart-card based services like banking, transport and access control are being provisioned through smartphones. Smartphones with Near Field Communication (NFC) capability can emulate a contactless smart card; popular examples of such services include Google Pay and Apple Pay. Similar to contactless smart cards, NFC-based smartphone transactions are susceptible to relay attacks. For contactless smart cards, distance-bounding protocols are proposed to counter such attacks; for NFC-based smartphone transactions, ambient sensors have been proposed as potential countermeasures. In this study, we have empirically evaluated the suitability of ambient sensors as a proximity detection mechanism for contactless transactions. To provide a comprehensive analysis, we also collected relay attack data to ascertain whether ambient sensors are able to thwart such attacks effectively. We initially evaluated 17 sensors before selecting 7 sensors for in-depth analysis based on their effectiveness as potential proximity detection mechanisms within the constraints of a contactless transaction scenario. Each sensor was used to record 1000 legitimate and relay (illegitimate) contactless transactions at four different physical locations. The analysis of these transactions provides an empirical foundation on which to determine whether ambient sensors provide a strong proximity detection mechanism for security-sensitive applications like banking, transport and high-security access control.
△ Less
Submitted 2 May, 2016;
originally announced May 2016.
-
Empirical Evaluation of Ambient Sensors as Proximity Detection Mechanism for Mobile Payments
Authors:
Raja Naeem Akram,
Iakovos Gurulian,
Carlton Shepherd,
Konstantinos Markantonakis,
Keith Mayes
Abstract:
Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In this paper, we, for the first time in academic liter…
▽ More
Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In this paper, we, for the first time in academic literature, empirically evaluate a comprehensive set of ambient sensors for their effectiveness as a proximity detection mechanism. We selected 15 out of a total of 17 sensors available via the Google Android platform for evaluation, with the other two sensors unavailable on widely-used handsets. In existing academic literature, only 5 sensors have been proposed with positive results as a potential proximity detection mechanism. Each sensor, where feasible, was used to record the measurements of 1000 contactless transactions at four different physical locations. A total of 252 random users, random sample of the university student population, were involved during the field trails. The analysis of these transactions provides an empirical foundation to categorically answer whether ambient sensors provide a strong proximity detection mechanism for security sensitive applications like banking, transport and high-security access control. After careful analysis, we conclude that no single evaluated mobile ambient sensor is suitable for such critical applications in realistic deployment scenarios. Lastly, we identify a number of potential avenues that may improve their effectiveness.
△ Less
Submitted 18 February, 2016; v1 submitted 26 January, 2016;
originally announced January 2016.
