All sessions will be held in Grand Ballroom I–IV unless otherwise noted.
Papers are available for download below to registered attendees now and to everyone beginning August 13, 2018. Paper abstracts are available to everyone now. Copyright to the individual works is retained by the author[s].
Downloads for Registered Attendees
(Sign in to your USENIX account to download these files.)
Monday, August 13, 2018
8:00 am–9:00 am
Grand Ballroom Foyer
9:00 am–9:10 am
Program Co-Chairs: Christian Rossow, CISPA, and Yves Younan, Cisco Talos
9:10 am–10:10 am
David Evans, University of Virginia
The history of security includes a long series of arms races, where a new technology emerges and is subsequently developed and exploited by both defenders and attackers. Over the past few years, "Artificial Intelligence" has re-emerged as a potentially transformative technology, and deep learning in particular has produced a barrage of amazing results. We are in the very early stages of understanding the potential of this technology in security, but more worryingly, seeing how it may be exploited by malicious individuals and powerful organizations. In this talk, I'll look at what lessons might be learned from previous security arms races, consider how asymmetries in AI may be exploited by attackers and defenders, touch on some recent work in adversarial machine learning, and hopefully help progress-loving Luddites figure out how to survive in a world overrun by AI doppelgängers, GAN gangs, and gibbon-impersonating pandas.
David Evans is a Professor of Computer Science at the University of Virginia where he leads the Security Research Group. He is the author of an open computer science textbook and a children's book on combinatorics and computability. He won the Outstanding Faculty Award from the State Council of Higher Education for Virginia, and was Program Co-Chair for the 24th ACM Conference on Computer and Communications Security (CCS 2017) and the 30th (2009) and 31st (2010) IEEE Symposia on Security and Privacy. He has SB, SM and PhD degrees in Computer Science from MIT and has been a faculty member at the University of Virginia since 1999.
10:10 am–10:40 am
Break with Refreshments
Grand Ballroom Foyer
10:40 am–11:40 am
Pwning Machine Learning
Session Chair: Lorenzo Cavallaro, Royal Holloway, University of London
Kevin Eykholt, University of Michigan; Ivan Evtimov and Earlence Fernandes, University of Washington; Bo Li, UC Berkeley; Amir Rahmati, Samsung Research America and Stony Brook University; Florian Tramer, Stanford University; Atul Prakash, University of Michigan; Tadayoshi Kohno, University of Washington; Dawn Song, UC Berkeley
Deep neural networks (DNNs) are vulnerable to adversarial examples—maliciously crafted inputs that cause DNNs to make incorrect predictions. Recent work has shown that these attacks generalize to the physical domain, to create perturbations on physical objects that fool image classifiers under a variety of real-world conditions. Such attacks pose a risk to deep learning models used in safety-critical cyber-physical systems. In this work, we extend physical attacks to more challenging object detection models, a broader class of deep learning algorithms widely used to detect and label multiple objects within a scene. Improving upon a previous physical attack on image classifiers, we create perturbed physical objects that are either ignored or mislabeled by object detection models. We implement a Disappearance Attack, in which we cause a Stop sign to “disappear” according to the detector—either by covering the sign with an adversarial Stop sign poster, or by adding adversarial stickers onto the sign. In a video recorded in a controlled lab environment, the state-of-the-art YOLO v2 detector failed to recognize these adversarial Stop signs in over 85% of the video frames. In an outdoor experiment, YOLO was fooled by the poster and sticker attacks in 72.5% and 63.5% of the video frames respectively. We also use Faster R-CNN, a different object detection model, to demonstrate the transferability of our adversarial perturbations. The created poster perturbation is able to fool Faster R-CNN in 85.9% of the video frames in a controlled lab environment, and 40.2% of the video frames in an outdoor environment. Finally, we present preliminary results with a new Creation Attack, wherein innocuous physical stickers fool a model into detecting nonexistent objects.
Giuseppe Garofalo, Vera Rimmer, Tim Van hamme, Davy Preuveneers, and Wouter Joosen, imec-DistriNet, KU Leuven
Face recognition systems are becoming a prevalent authentication solution on smartphones. This work is the first to deploy a poisoning attack against an authentication system based on a state-of-the-art face recognition technique. The attack is executed against the underlying SVM learning model that classifies face templates extracted by the FaceNet deep neural network. We demonstrate how an intelligent attacker can undermine the reliability of the authentication system through injecting a single intelligently crafted adversarial image to its training data. The most successful attacks within our evaluation framework trigger an authentication error of more than $50\%$. Our research illustrates the urge to evaluate and protect face authentication against adversarial machine learning.
12:30 pm–2:00 pm
Grand Ballroom VI
2:00 pm–3:30 pm
(Not so) Secure Hardware
Session Chair: Collin Mulliner, 3BLabs
Esmaeil Mohammadian Koruyeh, Khaled N. Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh, University of California, Riverside
Awarded Best Paper!
The recent Spectre attacks exploit speculative execution, a pervasively used feature of modern microprocessors, to allow the exfiltration of sensitive data across protection boundaries. In this paper, we introduce a new Spectre-class attack that we call SpectreRSB. In particular, rather than exploiting the branch predictor unit, SpectreRSB exploits the return stack buffer (RSB), a common predictor structure in modern CPUs used to predict return addresses. We show that both local attacks (within the same process such as Spectre 1) and attacks on SGX are possible by constructing proof of concept attacks. We also analyze additional types of the attack on the kernel or across address spaces and show that under some practical and widely used conditions they are possible. Importantly, none of the known defenses including Retpoline and Intel’s microcode patches stop all SpectreRSB attacks. We believe that future system developers should be aware of this vulnerability and consider it in developing defenses against speculation attacks. In particular, on Core-i7 Skylake and newer processors (but not on Intel’s Xeon processor line), a patch called RSB refilling is used to address a vulnerability when the RSB underfills; this defense interferes with SpectreRSB’s ability to launch attacks that switch into the kernel. We recommend that this patch should be used on all machines to protect against SpectreRSB.
Satohiro Wakabayashi, Seita Maruyama, Tatsuya Mori, and Shigeki Goto, Waseda University; Masahiro Kinugawa, National Institute of Technology, Sendai College; Yu-ichi Hayashi, Nara Institute of Science and Technology
Awarded Best Student Paper!
Radio-frequency (RF) retroreflector attack (RFRA) is an active electromagnetic side-channel attack that aims to leak the target's internal signals by irradiating the targeted device with a radio wave, where an attacker has embedded a malicious circuit (RF retroreflector) in the device in advance. As the retroreflector consists of small and cheap electrical elements, such as a field-effect transistor (FET) chip and a wire that can work as a dipole antenna, the reflector can be embedded into various kinds of electric devices that carry unencrypted, sensitive information;, e.g., keyboard, display monitor, microphone, speaker, USB, and so on. Only a few studies have addressed the RFRA. However, they did not evaluate the conditions for a successful attack scientifically, and therefore, assessing the feasibility of the RFRA remains an open issue. In the present study, we aim to evaluate the conditions for a successful RFRA, empirically, through extensive experiments. Understanding attack limitations should help to develop effective countermeasures against it. In particular, as the conditions for a successful attack, we studied the distance between the attacker and the target, and the target signal frequencies. Through the extensive experiments, using off-the-shelf hardware, including software-defined radio (SDR) equipment, we revealed that the required conditions for a successful attack are (1) up to a 10-Mbps of a target signal and (2) up to a distance of 10 meters. We also demonstrated that a USB keyboard, using USB low-speed (1.5 Mbps), is attackable, and we succeeded to eavesdrop typing. We conclude that the RFRA threat is realistic.
Julian Fietkau, Starbug, and Jean-Pierre Seifert, Technische Universität Berlin
Biometric authentication is a trending topic in securing modern devices. Examples of this can be found in many widely deployed systems such as Apple's Touch ID or Microsoft's Windows Hello face recognition. Miniaturization and increased processing power are thereby leading to new applications not imaginable a couple of years ago. Such a solution is the new fingerprint smart card built by a Norwegian company that must not be named. Their biometric match-on-card platform is designed to provide a convenient solution for access, identity, and payment applications and aims to replace PIN authentication for the next generation of payment cards by VISA and Mastercard. In this paper, we are going to analyze how this company has implemented their already available demo kit for access control in hardware and software. We will point out critical weaknesses in its architecture and algorithm and show how these could be misused for payment, access and identity fraud by attackers able to steal or clone the device. Thereby, we combine software and hardware hacking techniques as well as extraction methods, to acquire fingerprints from photos and latent prints, to successfully spoof the system in various ways. This works in particular without the error-prone creation of physical dummies due to the exploitation of the insecure on-device communication. The attacks presented require little effort and low-cost equipment that can be already refinanced by abusing a single card at all. Finally, we will discuss countermeasures and ideas to improve the security of this and future implementations for match-on-card fingerprint authentication.
3:30 pm–4:00 pm
Break with Refreshments
Grand Ballroom Foyer
4:00 pm–5:30 pm
Reversing and Abusing Protocols
Session Chair: Julien Vanegue, Bloomberg LP and Cornell University
Johannes Pohl and Andreas Noack, University of Applied Sciences Stralsund
Proprietary wireless protocols used by IoT devices are designed under size and energy constraints, often neglecting the security. Therefore, attacks like opening wireless door locks or stealing cars are realistic threats. Software Defined Radios (SDR) propose a generic way to investigate such protocols as they can send and receive on nearly arbitrary frequencies. Most tools for SDR, however, focus on the HF side and offer little support for analyzing the actual protocol logic so custom tools or excel spreadsheets must be used. In this paper, we present the Universal Radio Hacker (URH), an open source tool which is designed for protocol analysis from the ground up and implements a full workflow including interfaces for SDRs, intuitive demodulation, customizable decodings, fuzzing support and a simulation component. URH splits the process down into the phases Interpretation, Analysis, Generation and Simulation, whereby results from one phase can be transferred to the other. The software offers all features needed for protocol investigation without overwhelming users with complexity. URH is developed with theoretic oriented researchers in mind who want to focus on protocol logic and try to avoid diving into the depths of HF and Digital Signal Processing.
Rom Ogen, Omer Shvartz, Kfir Zvi, and Yossi Oren, Ben-Gurion University of the Negev
NEMESYS: Network Message Syntax Reverse Engineering by Analysis of the Intrinsic Structure of Individual Messages
Stephan Kleber, Henning Kopp, and Frank Kargl, Institute of Distributed Systems, Ulm University
Protocol reverse engineering based on traffic traces allows to analyze observable network messages. Thereby, message formats of unknown protocols can be inferred. We present a novel method to infer structure from network messages of binary protocols. The method derives field boundaries from the distribution of value changes throughout individual messages. None of many previous approaches exploits features of structure which are contained within each single message. Our method exploits this intrinsic structure instead of comparing multiple messages with each other. We implement our approach in the tool NEMESYS: NEtwork Message SYntax analysiS. Additionally, we introduce the Format Match Score: the first quantitative measure of the quality of a message format inference. We apply the Format Match Score to NEMESYS and a previous approach and compare the results to mutually validate our new format inference method and the measure of its quality.
Tuesday, August 14, 2018
8:00 am–9:00 am
Grand Ballroom Foyer
9:00 am–10:00 am
Dino Dai Zovi
The landscape of offensive security research has changed significantly since the mid-90's when it just started moving out of the underground and into the professional security world. We can divide its history into three periods based on two landmark events a decade apart: the first BlackHat Briefings conference in 1997 and the first USENIX Workshop on Offensive Technologies in 2007. As I have been involved in offensive security research through much of this timeline, I'll share some perspectives on how the targets, research, and mindsets have changed across these periods. I'll also discuss how to best put offensive security research to work to help guide security engineering. Finally, I'll conclude with some thoughts on what offensive security research will look like 10 years from now.
Dino Dai Zovi is an information security industry veteran and entrepreneur. Dino is also a regular speaker at information security conferences having presented his independent research at conferences around the world including DEFCON, BlackHat, and CanSecWest. He is a co-author of the books The iOS Hacker's Handbook (Wiley, 2012), The Mac Hacker’s Handbook (Wiley, 2009) and The Art of Software Security Testing (Addison-Wesley, 2006). He is best known in the information security community for winning the first PWN2OWN contest at CanSecWest 2007.
10:00 am–11:00 am
Session Chair: Aurélien Francillon, EURECOM
Bitter Harvest: Systematically Fingerprinting Low- and Medium-interaction Honeypots at Internet Scale
Alexander Vetterl and Richard Clayton, University of Cambridge
The current generation of low- and medium interaction honeypots uses off-the-shelf libraries to provide the transport layer. We show that this architecture is fatally flawed because the protocols are implemented subtly differently from the systems being impersonated. We present a generic technique for systematically fingerprinting low- and medium interaction honeypots at Internet scale with just one packet and an ERR (Equal Error Rate) of 0.0183. We conduct Internet-wide scans and identify 7,605 honeypot instances across nine different honeypot implementations for the most important network protocols SSH, Telnet, and HTTP. For SSH honeypots we also determined their patch level and find that they are poorly maintained -- 27% of the honeypots have not been updated within the last 31 months and only 39% incorporate improvements from 7 months ago. We believe our findings to be a `class break' in that trivial patches cannot address the issue.
Robert Gawlik and Thorsten Holz, Ruhr-Universität Bochum
Since the end of the 20th century, it has become clear that web browsers will play a crucial role in accessing Internet resources such as the World Wide Web. They evolved into complex software suites that are able to process a multitude of data formats. Just-In-Time (JIT) compilation was incorporated to speed up the execution of script code, but is also used besides web browsers for performance reasons. Attackers happily welcomed JIT in their own way, and until today, JIT compilers are an important target of various attacks. This includes for example JIT-Spray, JIT-based code-reuse attacks and JIT-specific flaws to cir- cumvent mitigation techniques in order to simplify the exploitation of memory-corruption vulnerabilities. Fur- thermore, JIT compilers are complex and provide a large attack surface, which is visible in the steady stream of critical bugs appearing in them. In this paper, we survey and systematize the jungle of JIT compilers of major (client-side) programs, and pro- vide a categorization of offensive techniques for abusing JIT compilation. Thereby, we present techniques used in academic as well as in non-academic works which try to break various defenses against memory-corruption vul- nerabilities. Additionally, we discuss what mitigations arouse to harden JIT compilers to impede exploitation by skilled attackers wanting to abuse Just-In-Time compilers.
11:00 am–11:30 am
Break with Refreshments
Grand Ballroom Foyer
11:30 am–12:30 pm
Deny Your Service!
Session Chair: Mathy Vanhoef, KU Leuven
Jonas Bushart, CISPA, Saarland University
Shrew attacks or pulsing attacks are low-bandwidth network-level/layer-3 denial-of-service attacks. They target TCP connections by selectively inducing packet loss to affect latency and throughput. We combine the recently presented DNS CNAME-chaining attack with temporal lensing, a variant of pulsing attacks, to create a new, harder to block attack. For an attack, thousands of DNS resolvers have to be coordinated. We devise an optimization problem to find the perfect attack and solve it by using a genetic algorithm. The results show pulses created with our attack are 14 times higher than the attacker's average bandwidth. Finally, we present countermeasures applicable to pulsing and CNAME-chaining, which also apply to this attack.
Matthias Niedermaier, Hochschule Augsburg; Jan-Ole Malchow, Freie Universität Berlin; Florian Fischer, Hochschule Augsburg; Daniel Marzin, Freie Universität Berlin; Dominik Merli, Hochschule Augsburg; Volker Roth, Freie Universität Berlin; Alexander von Bodisco, Hochschule Augsburg
In this work, we show that the electrical side of a Programmable Logic Controller (PLC), that is, the controlled process, can be influenced by packet flooding. This differs from already known Denial of Service (DoS) attacks as the target is the actual process and not network connectivity. We conducted our experiments with 16 devices from six vendors, giving a good overview of the current market. Except for one device, all are susceptible to network flooding attacks. In three cases, an attack even lead to a DoS on the electrical side, completely disrupting any controlled process. In addition, we show that well-known scanning tools have measurable impacts on PLCs. These findings should be taken into consideration by administrators and researchers planning scanning activities.
12:30 pm–2:00 pm
Grand Ballroom VI
2:00 pm–3:00 pm
Beautiful Crypto Magic
Session Chair: Matthew Van Gundy, Cisco ASIG
Mathy Vanhoef and Frank Piessens, imec-DistriNet, KU Leuven
We show how to efficiently simulate cryptographic primitives during symbolic execution. This allows analysis of security protocol implementations, and revealed several flaws in implementations of WPA2's 4-way handshake.
Traditional symbolic execution engines cannot handle cryptographic primitives, because analyzing them results in complex symbolic expressions that cannot be handled by the SMT solver. We prevent this by simulating their behaviour under the Dolev-Yao model. This enables efficient symbolic execution of security protocols implementations, making it possible to detect common programming mistakes in them. We also show how to detect misuse of cryptographic primitives. That is, we can detect trivial timing side-channels, and we can identify decryption oracles where unauthenticated decrypted data influences the program's behaviour. We apply our technique on three client-side implementations of WPA2's 4-way handshake. This uncovered timing side-channels when verifying authentication tags, a denial-of-service attack, a stack-based buffer overflow, and also revealed a non-trivial decryption oracle. We confirmed all vulnerabilities in practice, and discuss them in detail.
Aram Verstegen, Roel Verdult, and Wouter Bokslag, FactorIT B.V.
Cryptographic guess-and-determine (GD) attacks are occasionally mentioned in the literature, but most articles describe conceptual attack optimization while implementation details are seldom discussed. Therefore, we present in this paper not only a conceptual attack optimization, but also a fully detailed design strategy to optimize a general bit-sliced exhaustive search implementation. To demonstrate the applicability of our contribution we present a highly optimized practical brute-force attack on the Hitag2 stream cipher using a guess-and-determine approach. Our implementation explores the full 48-bit search space on a consumer desktop PC with one GPU in approximately 1 minute. The work is specifically effective to recover secret keys from the widely deployed Hitag2 Remote Keyless Entry (RKE) system. Compared to the most practical Hitag2 RKE attack published in the literature, our implementation is more than 500 times faster. Furthermore, our approach has a 100% success rate with only two captured RF frames and is extremely practical compared to previously published unrealistic sat-solver, cube cryptanalysis and correlation attacks which require hundreds of traces or truly random nonces. We fully release our source code as reference material for related research in the future.
3:00 pm–4:00 pm
Break with Refreshments
Grand Ballroom Foyer
4:00 pm–5:30 pm
Breaking da Web
Session Chair: Daniel Gruss, TU Graz
Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Jörg Schwenk, Ruhr University Bochum
In 2014, the European Commission released the eIDAS regulation to target the compatibility of cross-country electronic services within the European Union. eIDAS (electronic IDentification, Authentication, and Trust Ser- vices) defines implementation standards and technologies for electronic signatures, digital certificates, Single Sign-On (SSO), and trust services. It is based on well-established standards, such as SAML, to achieve high security and compatibility between EU countries. In this paper, we present the first security study of authentication schemes used in eID services. Our security analysis shows that 7 of the 15 European eID services were vulnerable to XML-based attacks which enabled efficient Denial-of-Service (DoS) and Server Side Request Forgery (SSRF) attacks. On 5 of the 15 eID services, we were even able to exfiltrate locally stored files and send these files to an arbitrary domain. To support the developers and security teams of eID services, we implemented a Burp Suite extension to execute fully-automated or semi-automated tests. Additionally, we summarize best practices related to eID-based authentication and SSO in general.
Michael Smith, Craig Disselkoen, and Shravan Narayan, UC San Diego; Fraser Brown, Stanford University; Deian Stefan, UC San Diego
Michael Lescisin and Qusay Mahmoud, University of Ontario Institute of Technology
Since its creation, SSL/TLS has been the go-to solution for securing unencrypted web protocols - most commonly HTTP. The design of SSL/TLS, however, merely provides data stream encryption and authentication properties which often leads to the incorrect conclusion that by simply wrapping an unencrypted HTTP connection to a server with SSL/TLS, user privacy and web application behaviour integrity are guaranteed. Such type of information leak is unique in the sense that while certain web security vulnerabilities such as SQL injections have been well researched and thus there are known design patterns to avoid and penetration testing tools based on detecting known-to-be insecure design patterns, the state of research for the types of information leaks described in this paper still lags behind. In this paper, we discuss three design patterns that often result in side-channel information leaks along with three real-world websites which posses these vulnerabilities. Based on these three vulnerable design patterns we present a set of tools for detecting these types of side-channel information leaks given a training set of captured encrypted network traffic sessions.