Supporting Password-Security Decisions with Data

Ur, Blase Eric

01 September 2016

Despite decades of research into developing abstract security advice and improving interfaces, users still struggle to make passwords. Users frequently create passwords that are predictable for attackers or make other decisions (e.g., reusing the same password across accounts) that harm their security. In this thesis, I use data-driven methods to better understand how users choose passwords and how attackers guess passwords. I then combine these insights into a better password-strength meter that provides real-time, data-driven feedback about the user’s candidate password. I first quantify the impact on password security and usability of showing users different passwordstrength meters that score passwords using basic heuristics. I find in a 2,931-participant online study that meters that score passwords stringently and present their strength estimates visually lead users to create stronger passwords without significantly impacting password memorability. Second, to better understand how attackers guess passwords, I perform comprehensive experiments on password-cracking approaches. I find that simply running these approaches in their default configuration is insufficient, but considering multiple well-configured approaches in parallel can serve as a proxy for guessing by an expert in password forensics. The third and fourth sections of this thesis delve further into how users choose passwords. Through a series of analyses, I pinpoint ways in which users structure semantically significant content in their passwords. I also examine the relationship between users’ perceptions of password security and passwords’ actual security, finding that while users often correctly judge the security impact of individual password characteristics, wide variance in their understanding of attackers may lead users to judge predictable passwords as sufficiently strong. Finally, I integrate these insights into an open-source password-strength meter that gives users data-driven feedback about their specific password. I evaluate this meter through a ten-participant laboratory study and 4,509-participant online study.

Usable security

computer security

passwords

authentication

An analysis of the impact of emerging technology on organisations’ internal controls

11 September 2013

M.Comm. (Computer Auditing) / This study presents an evaluation of emerging information communication technology (ICT) solutions to the security internal control systems in South African organisations. Information systems have enabled companies to communicate more efficiently, gain competitive advantage and get a larger market share. These information systems therefore need to be protected securely as they are the vehicles and containers for critical information assets in decision-making processes. Therefore, this research study seeks to provide an overview of the emerging ICT solutions used to conduct business transactions, and share and communicate information. It identifies and analyses the new security risk associated with the emerging technology, and, finally, outlines the ICT security frameworks that can be used to identify, assess and evaluate organisations‟ security internal controls.

Computer auditing

Information security

Computer security

Sekerheid in elektroniese data-uitruiling

17 November 2014

M.Sc. (Computer Science) / Please refer to full text to view abstract

Electronic data interchange

Computer security

Data protection

Repurposing Software Defenses with Specialized Hardware

Sinha, Kanad

January 2019

Computer security has largely been the domain of software for the last few decades. Although this approach has been moderately successful during this period, its problems have started becoming more apparent recently because of one primary reason — performance. Software solutions typically exact a significant toll in terms of program slowdown, especially when applied to large, complex software. In the past, when chips became exponentially faster, this growing burden could be accommodated almost for free. But as Moore’s law winds down, security-related slowdowns become more apparent, increasingly intolerable, and subsequently abandoned. As a result, the community has started looking elsewhere for continued protection, as attacks continue to become progressively more sophisticated. One way to mitigate this problem is to complement these defenses in hardware. Despite lacking the semantic perspective of high-level software, specialized hardware typically is not only faster, but also more energy-efficient. However, hardware vendors also have to factor in the cost of integrating security solutions from the perspective of effectiveness, longevity, and cost of development, while allaying the customer’s concerns of performance. As a result, although numerous hardware solutions have been proposed in the past, the fact that so few of them have actually transitioned into practice implies that they were unable to strike an optimal balance of the above qualities. This dissertation proposes the thesis that it is possible to add hardware features that complement and improve program security, traditionally provided by software, without requiring extensive modifications to existing hardware microarchitecture. As such, it marries the collective concerns of not only users and software developers, who demand performant but secure products, but also that of hardware vendors, since implementation simplicity directly relates to reduction in time and cost of development and deployment. To support this thesis, this dissertation discusses two hardware security features aimed at securing program code and data separately and details their full system implementations, and a study of a negative result where the design was deemed practically infeasible, given its high implementation complexity. Firstly, the dissertation discusses code protection by reviving instruction set randomization (ISR), an idea originally proposed for countering code injection and considered impractical in the face of modern attack vectors that employ reuse of existing program code (also known as code reuse attacks). With Polyglot, we introduce ISR with strong AES encryption along with basic code randomization that disallows code decryption at runtime, thus countering most forms of state-of-the-art dynamic code reuse attacks, that read the code at runtime prior to building the code reuse payload. Through various optimizations and corner case workarounds, we show how Polyglot enables code execution with minimal hardware changes while maintaining a small attack surface and incurring nominal overheads even when the code is strongly encrypted in the binary and memory. Next, the dissertation presents REST, a hardware primitive that allows programs to mark memory regions invalid for regular memory accesses. This is achieved simply by storing a large, pre-determined random value at those locations with a special store instruction and then, detecting incoming values at the data cache for matches to the predetermined value. Subsequently, we show how this primitive can be used to protect data from common forms of spatial and temporal memory safety attacks. Notably, because of the simplicity of the primitive, REST requires trivial microarchitectural modifications and hence, is easy to implement, and exhibits negligible performance overheads. Additionally, we demonstrate how it is able to provide practical heap safety even for legacy binaries. For the above proposals, we also detail their hardware implementations on FPGAs, and discuss how each fits within a complete multiprocess system. This serves to give the reader an idea of usage and deployment challenges on a broader scale that goes beyond just the technique’s effectiveness within the context of a single program. Lastly, the dissertation discusses an alternative to the virtual address space, that randomizes the sequence of addresses in a manner invisible to even the program, thus achieving transparent randomization of the entire address space at a very fine granularity. The biggest challenge is to achieve this with minimal microarchitectural changes while accommodating linear data structures in the program (e.g., arrays, structs), both of which are fundamentally based on a linear address space. As a result, this modified address space subsumes the benefits of most other spatial randomization schemes, with the additional benefit of ideally making traversal from one data structure to another impossible. Our study of this idea concludes that although valuable, current memory safety techniques are cheaper to implement and secure enough, so that there are no perceivable use cases for this model of address space safety.

Computer science

Computer engineering

Computer security

A survey of the mathematics of cryptology

Gebbie, Stewart

03 March 2009

Herein I cover the basics of cryptology and the mathematical techniques used in the field. Aside from an overview of cryptology the text provides an in-depth look at block cipher algorithms and the techniques of cryptanalysis applied to block ciphers. The text also includes details of knapsack cryptosystems and pseudo-random number generators.

cryptology

algorithms

telecommunication systems

computer security

A Lightweight Secure Development Process for Developers / En resurseffektiv säkerhetsprocess för utvecklare

Hellström, Jesper, Moberg, Anton

January 2019

Following a secure development process when developing software can greatly increase the security of the software. Several secure development processes have been developed and are available for companies and organizations to adopt. However, the processes can be expensive and complex to adopt in terms of expertise, education, time, and other resources.In this thesis, a software service, developed by a small IT-consulting company, was tested with security tools and manual code review to find security vulnerabilities. These vulnerabilities showed that there was room for security improvement in the software development life cycle. Therefore, a lightweight secure development process that can be used by developers, is proposed. The secure development process called Lightweight Developer-Oriented Security Process (LDOSP) is based on activities from other secure development processes and the choice of these activities were based on interviews with representatives of the IT-consulting company. The interviews showed that the process would need to be lightweight, time- and cost-efficient, and possible to be performed by a developer without extensive security experience. LDOSP contains 11 activities spread across different phases of the software development life cycle and an exemplification of the process was made to simplify the adoption of LDOSP.

computer security

security

Computer Sciences

Datavetenskap (datalogi)

Protecting mobile agents against malicious hosts.

January 2000

by Sau-Koon Ng. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2000. / Includes bibliographical references (leaves 100-112). / Abstracts in English and Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Evolution of the mobile agent paradigm --- p.1 / Chapter 1.2 --- Terminology --- p.5 / Chapter 1.3 --- Beneficial aspects --- p.7 / Chapter 1.3.1 --- Autonomy --- p.7 / Chapter 1.3.2 --- Client customization --- p.8 / Chapter 1.3.3 --- Attendant and real time interactions --- p.8 / Chapter 1.4 --- Fundamental deployment bottleneck: security concern --- p.9 / Chapter 1.4.1 --- Risking the mobile agent hosts --- p.10 / Chapter 1.4.2 --- Risking the mobile agents --- p.11 / Chapter 1.4.3 --- The difficult problem --- p.12 / Chapter 1.5 --- Contribution of this thesis --- p.13 / Chapter 1.6 --- Structure of the thesis --- p.14 / Chapter 2 --- Understanding attacks and defense --- p.15 / Chapter 2.1 --- Introduction --- p.15 / Chapter 2.2 --- Understanding attacks --- p.16 / Chapter 2.2.1 --- The meaning of an attack --- p.16 / Chapter 2.2.2 --- An abstract model of attacks --- p.17 / Chapter 2.2.3 --- A survey of various attacks --- p.21 / Chapter 2.3 --- Understanding defense --- p.25 / Chapter 2.3.1 --- The meaning of defense --- p.25 / Chapter 2.3.2 --- Security requirements of defense --- p.26 / Chapter 2.3.3 --- A survey of protection schemes --- p.28 / Chapter 2.4 --- Concluding remarks --- p.40 / Chapter 3 --- Confidentiality in mobile agent systems --- p.42 / Chapter 3.1 --- Introduction --- p.42 / Chapter 3.2 --- Motivations --- p.43 / Chapter 3.2.1 --- Program comprehension --- p.44 / Chapter 3.2.2 --- Black-box testing --- p.45 / Chapter 3.3 --- Theory --- p.46 / Chapter 3.3.1 --- Assumptions --- p.46 / Chapter 3.3.2 --- Entropy of mobile agents --- p.46 / Chapter 3.3.3 --- Intention spreading by insertion --- p.49 / Chapter 3.3.4 --- Intention shrinking by splitting --- p.52 / Chapter 3.3.5 --- Nested spreading and shrinking --- p.55 / Chapter 3.4 --- Implementation possibilities --- p.55 / Chapter 3.4.1 --- Addition of irrelevant variables and conditional statements --- p.55 / Chapter 3.4.2 --- Splitting the cost function --- p.60 / Chapter 3.5 --- Security analysis --- p.63 / Chapter 3.5.1 --- Human inspection --- p.63 / Chapter 3.5.2 --- Automatic program comprehension --- p.64 / Chapter 3.6 --- Related work --- p.66 / Chapter 3.6.1 --- Time limited blackbox security --- p.66 / Chapter 3.6.2 --- Computing with encrypted function --- p.66 / Chapter 3.7 --- Applicability --- p.67 / Chapter 3.8 --- Further considerations --- p.68 / Chapter 3.8.1 --- Weaknesses --- p.68 / Chapter 3.8.2 --- Relationship with other approaches --- p.69 / Chapter 3.8.3 --- Further development --- p.71 / Chapter 3.9 --- Concluding remarks --- p.71 / Chapter 4 --- Anonymity in mobile agent systems --- p.73 / Chapter 4.1 --- Introduction --- p.73 / Chapter 4.2 --- Solutions to anonymity --- p.74 / Chapter 4.2.1 --- Mixing --- p.75 / Chapter 4.2.2 --- Group signatures --- p.76 / Chapter 4.3 --- Anonymous agents --- p.78 / Chapter 4.3.1 --- Anonymous connection --- p.78 / Chapter 4.3.2 --- Anonymous communication --- p.79 / Chapter 4.4 --- Concluding remarks --- p.84 / Chapter 5 --- Open issues --- p.86 / Chapter 5.1 --- Introduction --- p.86 / Chapter 5.2 --- Security issues --- p.86 / Chapter 5.2.1 --- Reachable problems --- p.87 / Chapter 5.2.2 --- Difficult problems --- p.88 / Chapter 5.3 --- Performance issues --- p.88 / Chapter 5.3.1 --- Complexity and strength --- p.89 / Chapter 5.3.2 --- An optimizing protocol --- p.90 / Chapter 5.4 --- Concluding remarks --- p.94 / Chapter 6 --- Conclusions --- p.96

Mobile agents (Computer software)

Computer security

Strong proxy signature scheme with proxy signer privacy protection.

January 2002

by Shum Kwan. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2002. / Includes bibliographical references (leaves 30-32). / Abstracts in English and Chinese. / Acknowledgement --- p.ii / Abstract --- p.iii / □ □ --- p.iv / Chapter 1 . --- Introduction --- p.1 / Chapter 1.1 --- Introduction to topic --- p.1 / Chapter 1.2 --- What is proxy signature? --- p.2 / Chapter 1.3 --- Terminologies in proxy signature --- p.2 / Chapter 1.4 --- Levels of delegation --- p.3 / Chapter 1.5 --- Previous work on Proxy Signature --- p.4 / Chapter 1.6 --- Our Contributions --- p.4 / Chapter 1.7 --- Thesis Organization --- p.4 / Chapter 2. --- Backgroun d --- p.6 / Chapter 2.1 --- Digital Signature --- p.6 / Chapter 2.2 --- Digital Certificate and CA --- p.6 / Chapter 2.3 --- Hash Functions --- p.7 / Chapter 2.4 --- Bit commitment --- p.7 / Chapter 3. --- Brief introduction to Our Result --- p.8 / Chapter 3.1 --- A Proxy Signature Scheme with Proxy Signer Privacy Protection --- p.8 / Chapter 3.2 --- Applications of Proxy Signature --- p.9 / Chapter 4. --- Detail Explanation of Certified Alias and its Application on Proxy Signature --- p.10 / Chapter 4.1 --- Introduction --- p.10 / Chapter 4.2 --- Protecting Signer Privacy Using Certified Alias Definition 4.2.3 --- p.10 / Chapter 4.3 --- Constructing Proxy signature Scheme by Consecutive Execution of Cryptographic Primitives (Scheme CE) --- p.11 / Chapter 4.4 --- Constructing Proxy signature Scheme by Direct Form Equations (Scheme DF) --- p.15 / Chapter 4.5 --- Comparison between scheme CE and scheme DF --- p.19 / Chapter 4.6 --- Chapter Summary --- p.20 / Chapter 5 . --- Applications of Proxy Signature with Proxy Signer Privacy Protection --- p.21 / Chapter 5.1 --- Secure Mobile agent Signature with Itinerary Privacy --- p.21 / Chapter 5.1.1 --- Introduction to Mobile Agent --- p.21 / Chapter 5.1.2 --- "Review on Lee, et al. strong non-designated proxy signature scheme for mobile agents" --- p.21 / Chapter 5.1.3 --- Constructing Signature scheme for Mobile Agent using Proxy signature with Proxy Signer Privacy Protection --- p.22 / Chapter 5.1.4 --- Remarks --- p.23 / Chapter 5.2 --- Group Signature with Unlimited Group Size --- p.24 / Chapter 5.2.1 --- Introduction to group signature --- p.24 / Chapter 5.2.2 --- Constructing group signature scheme using certified alias --- p.24 / Chapter 5.2.4 --- Remarks --- p.26 / Chapter 5.3 --- Chapter Summary --- p.27 / Chapter 6. --- Conclusions --- p.28 / Appendix: Paper derived from this thesis --- p.29 / Bibliography --- p.30

Digital signatures

Cryptography

Data protection

Computer security

An Anonymous and Distributed Approach to Improving Privacy in Cloud Computing: An Analysis of Privacy-Preserving Tools & Applications

Peters, Emmanuel Sean

January 2017

The seemingly limitless computing resources and power of the cloud has made it ubiquitous. However, despite its utility and widespread adoption in several everyday applications the cloud still suffers from several trust and privacy concerns. Many of these concerns are validated by the endless reports of cyber-attacks that compromise the private information of large numbers of users. A review of the literature reveals the following challenges with privacy in cloud computing: (1) Although there is a wealth of approaches that attempt to prevent cyber-attacks, these approach ignore the reality that system compromises are inevitable; every system can and will be compromised. (2) There are a handful of metrics for the security of systems, however, the current literature is lacking in privacy metrics that can be used to compare the privacy of across various systems. (3) One of the difficulties with addressing of privacy in cloud computing is the inevitable trade-off between privacy and utility; many privacy-preserving techniques sacrifice more utility than needed in an attempt to achieve the unattainable, perfect privacy. In this dissertation we present our contributions that address the aforementioned privacy challenges supported by the literature. We base our approach on the assumption that every system can and will be compromised; we focused on mitigating the adverse effects of a cyber-attack by limiting the amount of information that is compromised during an attack. Our contribution is twofold and includes (1) a set of tools for designing privacy-mitigating applications and measuring privacy and (2) two applications designed using the aforementioned tools. We will first describe three tools that we used to design two applications. These tools are: (1) The processing graph and its collection of creation protocols. The processing graph is the mechanism we used to partition data across multiple units of cloud-based storage and processing; it also manages the flow of processed information between components and is customizable based on the specific needs of the user; (2) A privacy metric based in information theory. We use this metric to compare the amount of information compromised when centralized and distributed systems are attacked; (3) The third tool is the extension of the double-locked box protocol in the cloud environment. The double-locked box protocol facilitates anonymous between two entities via an intermediary. We then present two applications that utilize the aforementioned tools to improve the privacy of storing and processing a user’s data. These applications are (1) the anonymous tax preparation application and (2) the distributed insurance clearinghouse and distributed electronic health record. We show how the creation protocols are used to establish progressing graphs to privately complete a user’s tax form and process a patient’s insurance claim form. We also highlight the future work in medical research that is made possible because of our contributions; our approach allows for medical research to be conducted on data without risking the identity of patients. For each application we perform a privacy analysis that employs the privacy metric; in these privacy analyses, we compare both applications to their centralized counterparts and show the reduction in the amount of information revealed during an attack. Based on our analysis, the anonymous tax preparation application reduces the amount of compromised information in the event of an attack by up 64%. Similarly, the distributed insurance clearinghouse reduces the amount of patient data revealed during an attack by up to 79%.

Electrical engineering

Cloud computing

Computer security

Security Engineering of Hardware-Software Interfaces

Tang, Beng Chiew

January 2018

Hardware and software do not operate in isolation. Neither should they be regarded as such when securing systems. To seamlessly facilitate computing, they have to communicate via interfaces. Besides characterizing the means by which software can harness the exposed functionalities of hardware, these hardware-software interfaces define the degree and granularity of control and access that software possesses to the lower layers of the system stack. These mechanisms provide a rich source of hardware assistive technologies that can be tapped to enhance security as a full-system property. On the flip side, given the level of access software has to these hardware features, security-oblivious designs of hardware and their interfaces can expose systems to new vulnerabilities. Evidently, these hardware-software interfaces represent a crucial focal area in systems for the formulation, review and refinement of security measures. This dissertation advances the thesis that security as a full-system property can be improved by examining and leveraging the interworking of hardware and software. It advocates a full-system approach in architecture design by demonstrating how unanticipated ways in which hardware and software co-operate can induce unintended computing behavior and pose security risks. It develops novel techniques to repurpose commodity hardware support to create new defense primitives that exploit the synergy between hardware and software. It shows how commodity hardware-software interfaces play an instrumental role in security with the hardware's well-positioned access to runtime information. All these interface-oriented design principles, as this dissertation demonstrates, are widely applicable and practical as the highlighted three case studies span the three primary stages of a typical security attack, namely the act of inducing unintended system behavior, exploiting vulnerability to achieve initial system control, and executing malicious code for nefarious goals. First, the dissertation begins by scrutinizing the design of energy management mechanisms, a prevalent class of hardware-software interfaces found in almost all commodity systems. It shows, for the first time, that as we pursue increasingly aggressive cooperative hardware-software mechanisms to improve energy efficiency, doing so with no regard for security can create serious vulnerabilities. This dissertation highlights a multitude of issues in the current designs of energy management mechanisms. It further demonstrates how, with fine-grained software-based control of underlying hardware voltage and frequency regulators, attackers can exploit these issues to induce unintended computing behavior. It shows that beyond causing unintended system behavior, abusing these interfaces in security-oblivious energy management designs can violate all three key security properties in spite of hardware-enforced isolation: confidentiality (extracting AES keys), integrity (loading self-signed code), and clearly, availability (freezing the device). Second, the dissertation addresses an advanced class of dynamic code reuse exploits that rely on memory disclosure vulnerabilities to construct their initial payload code at runtime. This class of exploits bypasses even the finest-grained randomization-based defenses. While the concept of execute-only memory in existing defenses works well, it cannot be applied effectively in closed-source systems where perfect disassembly of compiled binaries is not possible. To tackle this problem, this dissertation first introduces the Destructive Code Read primitive---a defense technique that randomizes executable memory as it is being read as data---as a means to thwart memory disclosure exploits as well as to sidestep the problem of imperfect binary disassembly in COTS systems. It leverages the virtualization assistive hardware feature to timely mediate read operations into executable memory, thereby significantly lowering the cost of deploying the Destructive Code Read defense primitive. Tapping into the unique strengths of functionality closer to the hardware layer of the system stack, it extends the benefits of execute-only memory defenses to COTS systems. Finally, the dissertation builds on the insight that hardware, being the lowest part of the system stack, is uniquely positioned to augment traditionally software-only techniques. Besides being more performant and energy-efficient, hardware offers extensive visibility into code execution at the software layers. This dissertation shows that these hardware characteristics offer unprecedented insights into code execution, both benign and malicious. It demonstrates that the interaction of hardware and software can be modeled as microarchitectural events, which can in turn be leveraged to detect anomalous malicious code execution in the latter stages of a security attack. Using assistive debugging hardware features to efficiently audit these events, it further develops novel techniques to make sense of the noisy and lower-level microarchitectural events to detect in-flight shellcode execution and full-fledged anomalous malicious programs.

Computer science

Computer security

Hardware

Computer software