Global ETD Search

11	Side-Channel Attacks on Encrypted 5G/4G Voice Calls Shaan Shekhar (18463575) 01 May 2024 (has links) <p dir="ltr">5G/4G voice calls are encrypted for the purpose of confidentiality, secrecy and privacy. Although protected by well-examined security measures we unveil several vulnerabilities previously unreported in the 5G/4G voice calls that unintentionally leak 5G/4G call state information despite encryption protection and device proof of concept attacks in this thesis. Unlike existing attacks, these new attacks are significantly more threatening because they are completely contactless without requiring any malware, access or compromise on the victim's phones, the 5G/4G network and the other call party. Instead, the attacker only needs to deploy a radio sniffer to eavesdrop on 5G/4G communication and infer confidential call information.</p><p dir="ltr">Interestingly, such confidentiality breaches are technically feasible due to recent 5G/4G call enhancement technologies standardized in the 3GPP specifications and adopted by mobile network operators. While effective in enhancing 5G/4G call quality and efficiency, they, unfortunately, expose extra call information, which can be exploited to infer call states and launch side-channel attacks precisely. Another major contributor to this attack is the IVR technology, which uses a computer-operated telephone system to help companies answer customer calls. In this thesis, we focus on snooping Pay-over-the-Phone transactions done over IVR calls and optionally inferring the company involved in the transaction. The attacks exploit technologies designed to enhance the call quality and efficiency and develop several attack modules to (1) detect voice calls over encrypted 5G/4G traffic, (2) infer the use of IVR over limited call information leaked in the air, and (3) spy on sensitive payment transactions in real-time. We have implemented this proof-of-concept attack using an SDR-based sniffer only. We have validated its effectiveness and assessed damages in various experiments with 5G operators in the US. Lastly, we have discussed the lessons learned from the attacks and the future work that can be done to improve the efficiency of the attacks and make them more threatening.</p> System and network security Voice Call Security Phone Call Security Side Channel Attacks Inference Attacks
12	Cybersecurity Learning Modules for Programming in Java and Computer Networking Courses Kenneth Andrew Guernsey (20421209) 17 December 2024 (has links) <p dir="ltr">As the world becomes increasingly reliant on technology, the role of software and systems in everyday life has increased exponentially. From mobile applications to critical infrastructure systems, software runs at the core of most modern systems. However, with this widespread usage comes the increased risk of cyber threats silently embedded in these systems. As software systems grow in complexity and scale, vulnerabilities become more difficult to detect and mitigate. The growing number of cyberattacks in recent years highlights the importance of not only building functional systems but also ensuring they are secure from the development stages. This emphasizes the need for a strong focus on secure coding practices as a vital component of both the software development process and education. Every computer engineering or computer science student is required to take programming courses as part of their curriculum. These courses teach fundamental programming aspects and skills, but lack the educational material about writing secure code. Many vulnerabilities that are present in software systems are caused by human error, and are introduced in code. This makes it imperative that students must be introduced to secure coding practices and general cybersecurity awareness while they are learning a new programming language. In this research we focus on the development of educational modules for secure software development and secure networking. A total of six secure coding modules were created, and a total of four secure networking modules were created. These modules provide clarity on a variety of vulnerabilities that may be introduced in code, such as lack of input validation, integer overflow, SQL injection, and SlowHTTP attacks. The module are designed as supplemental work that is performed concurrently with the regular curriculum, reinforcing the general information with security aspects. The goal of the modules are to increase the general cybersecurity awareness in students, and teach them how to mitigate to common vulnerabilities in code.</p> Software and application security System and network security cybersecurity knowledge needs
13	<b>Classifying and Identifying BGP Hijacking attacks on the internet</b> Kai Chiu Oscar Wong (18431700) 26 April 2024 (has links) <p dir="ltr">The Internet is a large network of globally interconnected devices p used to facilitate the exchange of information across different parties. As usage of the Internet is expected to grow in the future, the underlying infrastructure must be secure to ensure traffic reaches its intended destination without any disruptions. However, the primary routing protocol used on the Internet, the Border Gateway Protocol (BGP), while scalable and can properly route traffic between large networks, does not inherently have any security mechanisms built within the protocol. This leads to devices that use BGP over the internet to be susceptible to BGP Hijacking attacks, which involve maliciously injected routes into BGP’s Routing Information Base (RIB) to intentionally redirect traffic to another destination. Attempts to solve these issues in the past have been challenging due to the prevalence of devices that use BGP on the existing Internet infrastructure and the lack of backward compatibility for proposed solutions. The goal of this research is to categorize the different types of BGP Hijacking attacks that are possible on a network, identify indicators that an ongoing BGP Hijacking attack based on received routes from the Internet locally without access to machines from other locations or networks, and subsequently leverage these indicators to protect local networks from external BGP Hijacking attacks.</p> Network engineering System and network security Networking and communications BGP network security analysis routing attacks BGP Hijacking
14	Adversarial Attacks Against Network Intrusion Detection Systems Sanidhya Sharma (19203919) 26 July 2024 (has links) <p dir="ltr">The explosive growth of computer networks over the past few decades has significantly enhanced communication capabilities. However, this expansion has also attracted malicious attackers seeking to compromise and disable these networks for personal gain. Network Intrusion Detection Systems (NIDS) were developed to detect threats and alert users to potential attacks. As the types and methods of attacks have grown exponentially, NIDS have struggled to keep pace. A paradigm shift occurred when NIDS began using Machine Learning (ML) to differentiate between anomalous and normal traffic, alleviating the challenge of tracking and defending against new attacks. However, the adoption of ML-based anomaly detection in NIDS has unraveled a new avenue of exploitation due to the inherent inadequacy of machine learning models - their susceptibility to adversarial attacks.</p><p dir="ltr">In this work, we explore the application of adversarial attacks from the image domain to bypass Network Intrusion Detection Systems (NIDS). We evaluate both white-box and black-box adversarial attacks against nine popular ML-based NIDS models. Specifically, we investigate Projected Gradient Descent (PGD) attacks on two ML models, transfer attacks using adversarial examples generated by the PGD attack, the score-based Zeroth Order Optimization attack, and two boundary-based attacks, namely the Boundary and HopSkipJump attacks. Through comprehensive experiments using the NSL-KDD dataset, we find that logistic regression and multilayer perceptron models are highly vulnerable to all studied attacks, whereas decision trees, random forests, and XGBoost are moderately vulnerable to transfer attacks or PGD-assisted transfer attacks with approximately 60 to 70% attack success rate (ASR), but highly susceptible to targeted HopSkipJump or Boundary attacks with close to a 100% ASR. Moreover, SVM-linear is highly vulnerable to both transfer attacks and targeted HopSkipJump or Boundary attacks achieving around 100% ASR, whereas SVM-rbf is highly vulnerable to transfer attacks with a 77% ASR but only moderately to targeted HopSkipJump or Boundary attacks with a 52% ASR. Finally, both KNN and Label Spreading models exhibit robustness against transfer-based attacks with less than 30% ASR but are highly vulnerable to targeted HopSkipJump or Boundary attacks with a 100% ASR with a large perturbation. Our findings may provide insights for designing future NIDS that are robust against potential adversarial attacks.</p> Data security and protection System and network security Machine Learning Deep Learning Network Intrusion Detection Systems
15	<b>USER-CENTERED DATA ACCESS CONTROL TECHNIQUES FOR SECURE AND PRIVACY-AWARE MOBILE SYSTEMS</b> Reham Mohamed Sa Aburas (18857674) 25 June 2024 (has links) <p dir="ltr">The pervasive integration of mobile devices in today’s modern world, e.g., smartphones, IoT, and mixed-reality devices, has transformed various domains, enhancing user experiences, yet raising concerns about data security and privacy. Despite the implementation of various measures, such as permissions, to protect user privacy-sensitive data, vulnerabilities persist. These vulnerabilities pose significant threats to user privacy, including the risk of side-channel attacks targeting low-permission sensors. Additionally, the introduction of new permissions, such as the App Tracking Transparency framework in iOS, seeks to enhance user transparency and control over data sharing practices. However, these framework designs are accompanied by ambiguous developer guidelines, rendering them susceptible to deceptive patterns. These patterns can influence user perceptions and decisions, undermining the intended purpose of these permissions. Moreover, the emergence of new mobile technologies, e.g., mixed-reality devices, presents novel challenges in ensuring secure data sharing among multiple users in collaborative environments, while preserving usability.</p><p dir="ltr">In this dissertation, I focus on developing user-centered methods for enhancing the security and privacy of mobile system, navigating through the complexities of unsolicited data access strategies and exploring innovative approaches to secure device authentication and data sharing methodologies.</p><p dir="ltr">To achieve this, first, I introduce my work on the iStelan system, a three-stage side-channel attack. This method exploits the low-permission magnetometer sensor in smartphones to infer user sensitive touch data and application usage patterns. Through an extensive user study, I demonstrate the resilience of iStelan across different scenarios, surpassing the constraints and limitations of prior research efforts.</p><p dir="ltr">Second, I present my analysis and study on the App Tracking Transparency permission in iOS. Specifically, my work focuses on analyzing and detecting the dark patterns employed by app developers in the permission alerts to obtain user consent. I demonstrate my findings on the dark patterns observed in permission alerts on a large-scale of apps collected from Apple’s store, using both static and dynamic analysis methods. Additionally, I discuss the application of a between-subject user study to evaluate users’ perceptions and understanding when exposed to different alert patterns.</p><p dir="ltr">Lastly, I introduce StareToPair, a group pairing system that leverages multi-modal sensing technologies in mixed-reality devices to enable secure data sharing in collaborative settings. StareToPair employs a sophisticated threat model capable of addressing various real-world scenarios, all while ensuring high levels of scalability and usability.</p><p dir="ltr">Through rigorous investigation, theoretical analysis and user studies, my research endeavors enhance the field of security and privacy for mobile systems. The insights gained from these studies offer valuable guidance for future developments in mobile systems, ultimately contributing to the design of user-centered secure and privacy-aware mobile ecosystems.</p> Data security and protection System and network security Mobile computing Mobile Security & Privacy Usable Security
16	Dependable Wearable Systems Edgardo A Barsallo Yi (11656702) 09 December 2021 (has links) <div>As wearable devices, like smartwatches and fitness monitors, gain popularity and are being touted for clinical purposes, evaluating the resilience and security of wearable operating systems (OSes) and their corresponding ecosystems becomes essential. One of the most dominant OSes for wearable devices is Wear OS, created by Google. Wear OS and Android (its counterpart OS for mobile devices) share similar features, but the unique characteristics and uses of wearable devices posses new challenges. For example, wearable applications are generally more dependent on device sensors, have complex communication patterns (both intra-device and inter-device), and are context-aware. Current research efforts on the Wear OS are more focused on the efficiency and performance of the OS itself, overlooking the resilience or security of the OS or its ecosystem.</div><div> </div><div>This dissertation introduces a systematic analysis to evaluate the Wear OS's resilience and security. The work is divided into two main parts. First, we focus our efforts on developing novel tools to evaluate the robustness of the wearable OS and uncover vulnerabilities and failures in the wearable ecosystem. We provide an assessment and propose techniques to improve the system's overall reliability. Second, we turn our attention to the security and privacy of smart devices. We assess the privacy and security of highly interconnected devices. We demonstrate the feasibility of privacy attacks under these scenarios and propose a defense mechanism to mitigate these attacks.</div><div> </div><div>For the resilience part, we evaluate the overall robustness of the Wear OS ecosystem using a fuzz testing-based tool [DSN2018]. We perform an extensive fault injection study by mutating inter-process communication messages and UI events on a set of popular wearable and mobile applications. The results of our study show similarities in the root cause of failures between Wear OS and Android; however, the distribution of exception differ in both OSes. Further, our study evidence that input validation has improved in the Android ecosystem with respect to prior studies. Then, we study the impact of the state of a wearable device on the overall reliability of the applications running in Wear OS [MobiSys2020]. We use distinguishable characteristics of wearable apps, such as sensor activation and mobile-wearable communication patterns, to derive a state model and use this model to target specific fuzz injection campaigns against a set of popular wearable apps. Our experiments revealed an abundance of improper exception handling on wearable applications and error propagation across mobile and wearable devices. Furthermore, our results unveiled a flawed design of the wearable OS, which caused the device to reboot due to excessive sensor use.</div><div><br></div><div>For the security and privacy part, we assess user awareness toward privacy risks under scenarios with multiple interconnected devices. Our results show that a significant majority of the users have no reservation while granting permission to their devices. Furthermore, users tend to be more conservative while granting permission on their wearables. Based on the results of our study, we demonstrate the practicability of leaking sensitive information inferred from the user by orchestrating an attack using multiple devices. Finally, we introduce a tool based on NLP (Natural Language Processing) techniques that can aid the user in detecting this type of attack.</div> System and network security Mobile computing mobile wearable System Security robustness analysis Resiliency Computer System Security Mobile Technologies
17	DEFEATING CYBER AND PHYSICAL ATTACKS IN ROBOTIC VEHICLES Hyungsub Kim (17540454) 05 December 2023 (has links) <p dir="ltr">The world is increasingly dependent on cyber-physical systems (CPSs), e.g., robotic vehicles (RVs) and industrial control systems (ICSs). CPSs operate autonomously by processing data coming from both “cyberspace”—such as user commands—and “physical space”—such as sensors that measure the physical environment in which they operate. However, even after decades of research, CPSs remain susceptible to threats from attackers, primarily due to the increased complexity created by interaction with cyber and physical space (e.g., the cascading effects that changes in one space can impact on the other). In particular, the complexity causes two primary threats that increase the risk of causing physical damage to RVs: (1) logic bugs causing undesired physical behavior from the developers expectations; and (2) physical sensor attacks—such as GPS or acoustic noise spoofing—that disturb an RV’s sensor readings. Dealing with these threats requires addressing the interplay between cyber and physical space. In this dissertation, we systematically analyze the interplay between cyber and physical space, thereby tackling security problems created by such complexity. We present novel algorithms to detect logic bugs (PGFuzz in Chapter 2), help developers fix them (PGPatch in Chapter 3), and test the correctness of the patches attempting to address them (PatchVerif in Chapter 4). Further, we explain algorithms to discover the root causes and formulate countermeasures against physical sensor attacks that target RVs in Chapter 5.</p> Hardware security Software and application security System and network security Cybersecurity Robotic vehicle Cyber–physical system Logic bug Physical sensor attack
18	REHOSTING EMBEDDED APPLICATIONS AS LINUX APPLICATIONS FOR DYNAMIC ANALYSIS Jayashree Srinivasan (17683698) 20 December 2023 (has links) <p dir="ltr">Dynamic analysis of embedded firmware is a necessary capability for many security tasks, e.g., vulnerability detection. Rehosting is a technique that enables dynamic analysis by facilitating the execution of firmware in a host environment decoupled from the actual hardware. Current rehosting techniques focus on high-fidelity execution of the entire firmware. Consequently, these techniques try to execute firmware in an emulated environment, with precise models of hardware (i.e., peripheral) interactions. However, these techniques are hard to scale and have various drawbacks. </p><p dir="ltr">Therefore, a novel take on rehosting is proposed by focusing on the application components and their interactions with the firmware without the need to model hardware dependencies. This is achieved by rehosting the embedded application as a Linux application. In addition to avoiding precise peripheral modeling, such a rehosting technique enables the use of existing dynamic analysis techniques on these embedded applications. The feasibility of this approach is demonstrated first by manually performing the rehosting on real-world embedded applications. The challenges in each of the phases – retargeting to x86-64, peripheral handling, and fuzzing the rehosted applications are elaborated. Furthermore, automated steps for retargeting to the x86-64 and peripheral handling are developed. The peripheral handling achieves 89% accuracy if reserved regions are also considered. The testing of these rehosted applications found 2 previously unknown defects in driver components.</p> Software and application security System and network security Cybersecurity Firmware Rehosting Real-Time Systems RTOS Dynamic Analysis Embedded Systems Embedded Systems Security
19	<b>SECURE AUTHENTICATION AND PRIVACY-PRESERVING TECHNIQUES IN VEHICULAR AD-HOC NETWORKS</b> Aala Oqab Alsalem (17075812) 28 April 2024 (has links) <p dir="ltr">VANET is formed by vehicles, road units, infrastructure components, and various con- nected objects.It aims mainly to ensure public safety and traffic control. New emerging applications include value-added and user-oriented services. While this technological ad- vancement promises ubiquitous deployment of the VANET, security and privacy challenges must be addressed. Thence, vehicle authentication is a vital process to detect malicious users and prevent them from harming legitimate communications. Hover, the authentication pro- cess uses sensitive information to check the vehicle’s identity. Sharing this information will harm vehicle privacy. In this thesis, we aim to deal with this issues:</p><ul><li>How can we ensure vehicle authentication and avoid sensitive and identity information leaks simultaneously?</li><li>When nodes are asked to provide identity proof, how can we ensure that the shared information is only used by an authorized entity?</li><li>Can we define an effective scheme to distinguish between legitimate and malicious network nodes?This dissertation aims to address the preservation of vehicle private information used within the authentication mechanism in VANET communications.The VANET characteristics are thoroughly presented and analyzed. Security require- ments and challenges are identified. Additionally, we review the proposed authentication techniques and the most well-known security attacks while focusing on the privacy preser- vation need and its challenges.To fulfill, the privacy preservation requirements, we proposed a new solution called Active Bundle AUthentication Solution based on SDN for Vehicular Networks (ABAUS). We intro- duce the Software Defined Networks (SDN) as an authentication infrastructure to guarantee the authenticity of each participant. Furthermore, we enhance the preservation of sensitive data by the use of an active data Bundle (ADB) as a self-protecting security mechanism. It ensures data protection throughout the whole data life cycle. ABAUS defines a dedicated registration protocol to verify and validate the different members of the network.</li></ul><p dir="ltr">first solution focused on legitimate vehicle identification and sensitive data pro- tection. A second scheme is designed to recognize and eliminate malicious users called BEhaviour-based REPutation scheme for privacy preservation in VANET using blockchain technology (BEREP). Dedicated public blockchains are used by a central trust authority to register vehicles and store their behavior evaluation and a trust scoring system allows nodes to evaluate the behavior of their communicators and detect malicious infiltrated users.</p><p dir="ltr">By enhancing sensitive data preservation during the authentication process and detect- ing malicious attempts, our proposed work helps to tackle serious challenges in VANET communications.</p> Data security and protection System and network security Vehicular Ad hoc Networks Software Defined Networks Privacy Preservation Network Security Authentication
20	ENHANCING SECURITY IN DOCKER WEB SERVERS USING APPARMOR AND BPFTRACE Avigyan Mukherjee (15306883) 19 April 2023 (has links) <p>Dockerizing web servers has gained significant popularity due to its lightweight containerization approach, enabling rapid and efficient deployment of web services. However, the security of web server containers remains a critical concern. This study proposes a novel approach to enhance the security of Docker-based web servers using bpftrace to trace Nginx and Apache containers under attack, identifying abnormal syscalls, connections, shared library calls, and file accesses from normal ones. The gathered metrics are used to generate tailored AppArmor profiles for improved mandatory access control policies and enhanced container security. BPFtrace is a high-level tracing language allowing for real-time analysis of system events. This research introduces an innovative method for generating AppArmor profiles by utilizing BPFtrace to monitor system alerts, creating customized security policies tailored to the specific needs of Docker-based web servers. Once the profiles are generated, the web server container is redeployed with enhanced security measures in place. This approach increases security by providing granular control and adaptability to address potential threats. The evaluation of the proposed method is conducted using CVE’s found in the open source literature affecting nginx and apache web servers that correspond to the classification system that was created. The Apache and Nginx containers was attacked with Metasploit, and benchmark tests including ltrace evaluation in accordance with existing literature were conducted. The results demonstrate the effectiveness of the proposed approach in mitigating security risks and strengthening the overall security posture of Docker-based web servers. This is achieved by limiting memcpy and memset shared library calls identified using bpftrace and applying rlimits in 9 AppArmor to limit their rate to normal levels (as gauged during testing) and deny other harmful file accesses and syscalls. The study’s findings contribute to the growing body of knowledge on container security and offer valuable insights for practitioners aiming to develop more secure web server deployments using Docker. </p> Data security and protection System and network security Networking and communications Docker security Webserver Containerization

Search results