Department of Computer Science and Technology

Security Group

2017 seminars

Expand all Collapse all

View original page

28 November 14:00Bayes, not Naive: Security Bounds on Website Fingerprinting Defenses / Giovanni Cherubin, Information Security Group (ISG), Royal Holloway, University of London

LT2, Computer Laboratory, William Gates Building

Website Fingerprinting attacks allow an adversary to predict which web pages a victim visits, even when she browses through Tor/VPN, by using Machine Learning classification techniques on the encrypted traffic she produces. To date, the standard method for evaluating Website Fingerprinting defences is testing them against state-of-the-art attacks; this generated a 10 years-long arms race.

This talk presents a practical method for deriving security bounds for Website Fingerprinting defences, which is based on an original application of Machine Learning theory. The method gives, with respect to the set of features used by an adversary, a lower bound estimate of the smallest error the adversary can achieve, for any classifier he may use. This result i) allows practitioners to evaluate and compare defences in terms of their security, and ii) it favours the shift of WF research to a classifier-agnostic identification of optimal features.

View original page

17 October 14:00Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing / Changyu Dong, School of Computing, Newcastle University

LT2, Computer Laboratory, William Gates Building

Cloud computing has become an irreversible trend. There is a pressing need for verifiability: the cloud providers are external parties whose interests may not fully align with those of its clients, therefore they cannot be fully trusted. To exercise due diligence and gain greater confidence in computation outsourced to the cloud, clients need to be able to verify the correctness of the results returned. However, existing verifiable computation techniques all have a high overhead, thus if being deployed in the clouds, would render cloud computing more expensive than the on-premises counterpart, and would diminish the motivation for using the clouds.

In this talk, I will present our recent attempt to achieve verifiability at a reasonable cost, by leveraging game theory and smart contracts, which is a newly developed paradigm on top of the blockchain technology. In a nutshell, a client lets two clouds compute the same task, and uses smart contracts to stimulate tension, betrayal and distrust between the clouds, so that rational clouds will not collude and cheat. In the absence of collusion, verification of correctness can be done easily by crosschecking the results from the two clouds. We provide a formal analysis of the games induced by the contracts, and prove that the contracts will be effective under certain reasonable assumptions. By resorting to game theory and smart contracts, we are able to avoid heavy cryptographic protocols. The client only needs to pay two clouds to compute in the clear, and a small transaction fee to use the smart contracts. We also conducted a feasibility study that involves implementing the contracts in Solidity and running them on the official Ethereum network.

The talk is based on a recent paper in CCS 2017, the full version of the paper can be accessed through https://arxiv.org/abs/1708.01171.

View original page

10 October 14:00Analysis and Classification of Android Malware / Lorenzo Cavallaro, Information Security Group (ISG), Royal Holloway, University of London

LT2, Computer Laboratory, William Gates Building

Mobile devices and their application marketplaces drive the entire economy of today's mobile landscape. Android platforms alone have produced staggering revenues, exceeding five billion USD, which has attracted cybercriminals and increased malware in Android markets at an alarming rate. To better understand this slew of threats, in this talk I first introduce CopperDroid, an automatic VMI based dynamic analysis system to reconstruct the behaviors of Android malware, developed within the Systems Security Research Lab at Royal Holloway, University of London.

The novelty of CopperDroid lies in its agnostic approach to identify interesting OS- and high-level Android-specific behaviors often expressed through complex inter-component interactions involving Android objects. CopperDroid's analysis generates detailed behavioral profiles that abstract a large stream of low-level-often uninteresting-events into concise, high-level semantics, which is well-suited to provide insightful behavioral traits and open the possibility to further research directions.

To this end, I then show our research efforts to investigate the efficacy of behavioral profiles of different abstractions to differentiate between families of Android malware. In addition, in a significant departure from traditional classification techniques, we further apply a statistical classification approach to include samples showing poor behavior counts and depict a means to achieve near-perfect accuracy by considering a prediction set of top few matches than a singular choice. Despite the promising results, malware evolves rapidly and it thus becomes hard-if not impossible-to generalize learning models to reflect future, previously-unseen behaviors.

I conclude my talk by introducing Transcend, a framework to identify aging classification models in vivo during deployment, much before the machine learning model's performance starts to degrade. Our approach uses a statistical comparison of samples seen during deployment with those used to train the model, thereby building metrics for prediction quality. I show how Transcend can be used to identify concept drift based on two separate case studies on Android and Windows malware, raising a red flag before the model starts making consistently poor decisions due to out-of-date training.


Bio


Lorenzo Cavallaro is a Reader (Associate Professor) of Information Security in the School of Mathematics and Information Security at Royal Holloway, University of London. In 2014, he established and is since leading the Systems Security Research Lab (S2Lab, http://s2lab.isg.rhul.ac.uk), whose underpinning research builds on program analysis and machine learning to address threats against the security of computing systems. Prior joining Royal Holloway, University of London in 2012 as a Lecturer (Assistant Professor), Lorenzo held Post-Doctoral (UC Santa Barbara, Vrije Universiteit Amsterdam) and visiting scholar (Stony Brook University) positions, as well as a PhD in Computer Science awarded from the University of Milan in 2008. He sits on the technical program committees of and has published in top-tier and well-known venues (e.g., ACM CCS, NDSS, IEEE TIFS, ACSAC, RAID, USENIX WOOT) as well as being PI in a number of research projects primarily funded by the UK EPSRC, the EU, Royal Holloway, and McAfee. Lorenzo teaches Malicious Software (undergraduate) and Software Security (graduate), a passion he also nurtured through the participation to (e.g., DEF CON 2008-09) and co-organization of (e.g., DIMVA 2011, UCSB iCTF 2008-09, ISG Open Day 2016) CTF-like computer security exercises.

View original pageRecording

04 October 14:00Conditional Linear Cryptanalysis / Eli Biham, Computer Science Department, Technion - Israel Institute of Technology

LT2, Computer Laboratory, William Gates Building

In this talk we will discuss some new techniques in linear cryptanalysis, that can improve the bias of linear approximations. These techniques can also create some new kinds of linear approximations, that were hard to find previously. When used in attacks, these techniques can reduce the complexity of some known attacks. In particular, they improve over Matsui's attack on DES.
This is a joint work with Stav Perle.

View original page

28 September 14:00Protecting Analog Sensor Security / Kevin Fu, Associate Professor in Electrical Engineering and Computer Science, University of Michigan

LT2, Computer Laboratory, William Gates Building

Why are undergraduates taught to hold the digital abstraction as sacrosanct and unquestionable? Why do microprocessors blindly trust input from sensors, and what can be done to establish trust in unusual input channels in cyberphysical systems? Risks of analog sensor security pose challenges to autonomous vehicles, medical devices, and the Internet of Things. Analog sensor security builds upon classic research in fault injection and side channels. Paradoxically, analog security can reduce risks by detecting an adversary via the physics of computation. I will explain approaches for computers to distinguish real signals from fake signals, as well as technology that exploits beneficial side channels in AC power outlets to detect malware. I'll explain modulation attacks based on Ghost Talk [Foo Kune et al., IEEE S&P] and WALNUT [Trippel et al., IEEE Euro S&P] whereby intentional electromagnetic and acoustic interference causes chosen failures and unintentional demodulation systems ranging from fitbits and implantable medical devices to drones and phones. This work brings some closure to my curiosity on why a cordless phone would ring whenever I executed certain memory operations on the video graphics chip of an Apple IIGS.

Bio:
Kevin is Associate Professor in EECS at the University of Michigan where he directs the Security and Privacy Research Group (SPQR.eecs.umich.edu) and the Archimedes Center for Medical Device Security (secure-medicine.org). He was named a Sloan Research Fellow, MIT Technology Review TR35 Innovator of the Year, and Fed100 Award recipient. He received best paper awards from USENIX Security, IEEE S&P, and ACM SIGCOMM. Fu has testified in the U.S. House and Senate on matters of information security and has written commissioned work on trustworthy medical device software for the U.S. National Academy of Medicine. He is a member the Computing Community Consortium Council and ACM Committee on Computers and Public Policy. Kevin previously served as program chair of USENIX Security, a member of the U.S. NIST Information Security and Privacy Advisory Board, and a visiting scientist at the U.S. Food & Drug Administration. Fu received his B.S., M.Eng., and Ph.D. from MIT. He earned a certificate of artisanal bread making from the French Culinary Institute.

View original page

27 June 14:00abraCARDabra: understanding carding forums / Jeremiah Onaolapo, University College London

LT2, Computer Laboratory, William Gates Building

*Abstract:*
Underground online forums enable trades of illicit services and stolen goods. Carding forums, in particular, are known for trading stolen financial information. To tackle payment card fraud, it is therefore important to understand the characteristics of these forums and the activity of miscreants using them. To this end, we studied five underground forums, collected data from them for three months, and analysed the data. This analysis revolves around the products available on those forums, their prices, and the trio of seller prolificacy, seller specialisation, and reputation. Interesting parallels between the underground carding economy and legitimate markets will also be discussed.

View original page

20 June 14:00Anti-surveillance: Can Applied Cryptography, Law Enforcement, and Formal Methods be Friends? / Dr. Markulf Kohlweiss, Microsoft Research, Cambridge

LT2, Computer Laboratory, William Gates Building

*Abstract:*

In recent decades, intelligence, law-enforcement, business, and political organizations have developed a growing dependence on data. In the words of the NSA there is a desire to ‘sniff it all, collect it all, know It all, process it all, exploit it all’. Edward Snowden claimed that cryptography has a unique role in preventing this excessive collection. But what kind of cryptography has seen an increase in deployment? Which is still floundering and for what reasons? I will look at these questions by relating them to two of my research interests: anonymous credentials and the TLS protocol.

* Anonymous credentials and e-cash, conceived in the 80’s and later the topic of my PhD, did not see broad deployment. With the success of bit-coin and theoretical breakthroughs in zero-knowledge arguments the deployment of fully anonymous crypto-currencies is now for the first time explored by the Zcash alt-coin.

* The TLS protocol is the cryptographic work horse of the internet and is today used to encrypt more than half of internet traffic. This has put increased stress on its performance and security as its crumbling cryptography was optimized and patched. This in turn has led to the development of new cryptographic algorithms and the new TLS 1.3 standard. I will talk about the efforts of the Everest project to formally verify these.

These two areas are very different, but they both feed into fears of law enforcement of ‘going dark’ and new calls for key escrow. I will argue that a principled stance on preventing key escrow and trapdoors backed up by formal and cryptographic analysis is necessary to prevent slipping back into the routine subversion of cryptographic protections of the pre-Snowden days. At the same time, I offer a compromise: A novel mechanism that enables targeted surveillance while enforcing hard limitations on its scope in a publicly verifiable way.

*Bio:*

Dr. Markulf Kohlweiss is a researcher at Microsoft Research Cambridge in the Programming Principles and Tools group. He did his PhD at the COSIC (Computer Security and Industrial Cryptography) group at the K.U. Leuven, and his master thesis at IBM Research Zurich. Dr. Kohlweiss' research focus is on privacy-enhancing cryptography and formal reasoning about cryptographic protocols. More specifically, he examines the interplay of cryptography and real-world security systems through collaborative projects on verifiable computation and SSL/TLS. For the latter he is a co-recipient of the Levchin Prize awarded to the miTLS team.

View original page

13 June 14:00What could we actually do about radicalisation, both online and offline? / Lydia Wilson, University of Oxford

LT2, Computer Laboratory, William Gates Building

*Abstract:*

The Islamic State was declared three years ago this month, and is
still managing to be an effective enemy in Iraq and Syria in the face
of a combined coalition of over 70 countries, including the largest
armies in the world. They are also staging ever more attacks globally,
recently in Indonesia, Iran and the UK, either directly or through
inspiring independent actors. Their military success has been
surprising to some, but they boast some of the most committed fighters
in the world, which is far more decisive in battle as has been
commented on throughout history, and indeed in the Qur’an (“if there
are 20 among you, patient and persevering, they will vanquish 200.”
8:65). Much has been written and said on the ISIS phenomenon, but few
have researched the motivations of the fighters through their own
words. If they were listened to more, rather than dismissed as “crazy”
or “evil”, we would have more understanding of how to proceed. As it
is, our media and politicians are falling into every trap being set
through reinforcing the “them and us” narrative ISIS - and so many
other extremist groups - thrive on, through targeting Muslim
populations either negatively (through assigning blame and
responsibility) or positively (by assigning funding to Muslim-only
populations). This talk first presents the research on motivations to
join ISIS and other extremist groups, motivations which are largely to
do with identity and belonging, before suggesting what that means for
preventing joining and also for giving openings to leave and become
integrated into their home countries.

View original page

23 May 14:00Improving the Impact of Smartphone Apps / Vincent Taylor, University of Oxford

LT2, Computer Laboratory, William Gates Building

*Abstract:*

Smartphones continue their explosive growth to ubiquity, and as their popularity increases, so does the attention they attract from adversaries. Adversaries need not be the typical attacker on the network. App developers, malicious or not, and third-party library developers also contribute to security concerns.

Several classes of Android vulnerabilities have been highlighted in the literature but it remains unclear whether Android app developers heed warnings and write secure apps. Additionally, it is not known how permission usage or the vulnerabilities contained within apps change as apps get updated. We statically analyse a corpus of 30,000 apps for which we have app versions two years apart, to understand how vulnerabilities in apps and the permissions apps use have changed over the period. Worryingly, we show that many popular apps contain vulnerabilities, and that in many cases, app updates only serve to increase the number of vulnerabilities contained within apps. Apps are also seen to get more permission hungry over time.

These observations motivate the question of whether users can feasibly replace undesirable apps, since app stores contain many groups of functionally-similar apps. As a case study, we focus on replacing general-purpose apps that are permission-hungry. We study 50,000 Google Play Store search results for 2500 general-purpose searches each yielding 20 functionally-similar apps. We describe a framework, called SecuRank, which exploits contextual permission usage analysis to identify and penalise over-privileged apps. We show that SecuRank can be used to recommend safer alternative apps to users. Moreover, we show that run-time permissions do not necessarily solve the problem of permission-hungry apps.

Many users do not realise that one or more of the apps they use leave them at risk. We describe a system that can be used to identify apps from only their (encrypted) network traffic. This system can be used to transparently and non-invasively identify apps that are potentially undesirable so that their users can be notified. We test our system using a sample of 110 apps and show that apps can be accurately fingerprinted and later re-identified by their network traffic.


*Bio:*

Vincent read for his bachelor's and master's degrees at the University of the West Indies, Mona. As an undergraduate, he did a double-major in Computer Science and Electronics and focused on network security during his master's degree. He is now reading for his D.Phil. in Cyber Security at the University of Oxford. Vincent is interested in smartphone privacy/security, networking and network security at Layer 2/3 of the OSI model. He holds Cisco CCENT/CCNA/CCNP certifications in Routing and Switching. He has experience in web server administration and web application penetration testing. Vincent enjoys communicating via amateur radio and builds and maintains websites for non-profit organizations pro bono in his spare time.

View original page

28 March 14:00Free-Form Gesture Passwords: Security, Memorability, Usability / Janne Lindqvist, assistant professor of electrical and computer engineering, Rutgers University

LT2, Computer Laboratory, William Gates Building

*Abstract:*
We have proposed gesture passwords as a ubiquitous authentication
technology, especially targeting mobile device unlocking. Gesture
passwords present a fascinating design space for authentication. They
are distinct from graphical passwords, which resemble text-based
passwords in the sense that they allow for the password to be exactly
reproduced. In contrast, a gesture password cannot be exactly matched:
it must be recognized despite not being input by the user the same way
every time. In this talk, we will present the results of several lab and
field studies (MobiSys’14, CHI’16, CHI’17, UbiComp’17) on studying
usability and security of gesture passwords. We will also present the
first approach for measuring the security of gestures with guessing
attacks that model real-world attacker behavior. Our dictionary attack,
tested on newly collected user data, achieves a cracking rate of 47.71%
after two weeks of computation using 10^9 guesses. This is a difference
of 35.78 percentage points compared to the 11.93% cracking rate of a
benchmark brute-force attack. More details of these works are available
at http://securegestures.org/.

*Bio:*
Janne Lindqvist is an assistant professor of electrical and computer
engineering at Rutgers University. His work is frequently featured in
the popular media with close to thousand mentions so far including
several times in Scientific American, IEEE Spectrum, MIT Technology
Review, NPR, WHYY Radio, Yahoo! News, International Business Times,
Daily Mail, and recently also in ABC News Radio, CBS Radio News,
Fortune, Computerworld, Der Spiegel, London Times, Slashdot, The
Register, Wired (UK). Janne directs the Rutgers Human-Computer
Interaction and Security Engineering Lab. Janne’s work focuses on hard
real-world problems, and currently his group and his colleagues work
includes usable and secure authentication, mobile privacy,
physical-world crowdsourcing, measuring implicit racism in situ, social
protocols for wireless networking, and ecological field studies on
non-suicidal self-injurious behavior. His awards include the Best Paper
Award from MobiCom’12, the Best Paper Nominee Award from UbiComp’14, and
Sustainable Jersey Creation & Innovation Award 2014.

View original page

22 February 16:15CHERI - Architectural support for software memory protection and compartmentalisation / Robert N. M. Watson - University of Cambridge, Computer Laboratory

Lecture Theatre 1, Computer Laboratory

Capability Hardware Enhanced RISC Instructions (CHERI) extend a conventional RISC architecture with support for “capabilities” — pointers whose integrity is protected by the hardware, extended with protection metadata such as bounds and permissions, and constrained by security properties such as monotonicity. This low-level primitive is a foundation on which a broad range of software protection properties can be built and incrementally deployed: fine-grained, referential memory protection for C/C++-language programs; protections against control-flow attacks such as ROP and JOP; granular and efficient in-address-space isolation and software compartmentalisation; and safe interoperation between managed languages and native-code extensions. Prototyped via hardware-software co-design, and evaluated on FPGA over a six-year period with support from DARPA, the CHERI processor is able to run adapted versions of the FreeBSD operating system (CheriBSD) and open-source application stack, and is targeted by an extended version of the Clang/LLVM compiler. This talk introduces the CHERI architecture and potential applications, and will also describe current research directions.

View original page

21 February 14:00On the Privacy and Security of the Ultrasound Ecosystem / Vasilios Mavroudis, University College London

LT2, Computer Laboratory, William Gates Building

*Abstract*:
Ultrasound tracking systems are gaining traction in the marketing industry because of the high accuracy they offer, and the low deployment cost they come with. For instance, ultrasound cross-device tracking (uXDT) products use the ultrasonic spectrum as a communication channel to "pair" devices and enable marketers to "follow" users across the different devices.

Unfortunately, despite the novelty of the technology, security experts and the authorities (e.g., the Federal Trade Commission) have raised concerns about its privacy implications. Our work is the first comprehensive privacy and security analysis of the ultrasound tracking ecosystem.

In this talk, we will describe and demonstrate the practical security and privacy risks that loom in the ultrasound ecosystem. First, we will showcase how an adversary can exploit an ultrasound tracking framework to launch attacks against users. Subsequently, we will formally analyze the security shortcomings of the ecosystem, and then based on our findings introduce countermeasures that aim to alleviate existing and future threats.

*Bio*:
Vasilios Mavroudis is a doctoral researcher in the Information Security Group at University College London. His work focuses on privacy and security aspects of digital ecosystems, as he enjoys doing practically applicable research on the intersection of these two areas. His recent work includes an in-depth analysis of the ultrasound tracking ecosystem, as well as the development of a secure hardware platform from untrusted components. In the past, he has also worked on detection systems for evasive web-malware, and on mitigation techniques for telecommunication network attacks.

View original page

17 January 14:00Trends in Online Payment Security / Mohammed Aamir Ali, Newcastle University

LT2, Computer Laboratory, William Gates Building

*Abstract:*
In this talk I will review developments in online and electronic payment in the last two decades.  Since the world-wide web emerged in the early nineties we have seen dramatic changes in how we pay, including the proliferation of online payment, the introduction of mobile and contactless payment as well as the rise of bitcoin.   Security is a key concern in the design and use of these payment methods, but these cannot be understood without also considering legacy issues, usability concerns and business incentives.  I will start from a landscaping exercise conducted in 2015, mapping the current online credit card payment system.  I'll discuss the inherent vulnerabilities of the system, the competing incentives of the many parties that are involved in payment and the role of PCI DSS and other approaches to resolve security challenges.  This talk exposes attendees to the relevant industrial standards and approaches, introduces some cutting-edge research outcomes, and provides insight in the many competing concerns that impact on the online payment security.

*Bio:*
Mohammed Aamir Ali is currently a Ph.D. research student at the centre of cybercrime and computer security at Newcastle University, UK. His research centres around exploiting the potential vulnerabilities in the payment eco-system (i.e. NFC mobile payments, payment applications and online payments). Understanding the insidious tactics targeting the world of cyber systems gives Mohammed an in-depth insight into the methods and psychology of attackers. He has ongoing research which involves landscaping the developments and security challenges in the ecommerce.