Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next-generation air transportation systems. As the heart of modern air traffic ...control, it will play an essential role in the protection of two billion passengers per year, in addition to being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, particularly with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts that have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures that have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.
We investigate whether a classifier can continuously authenticate users based on the way they interact with the touchscreen of a smart phone. We propose a set of 30 behavioral touch features that can ...be extracted from raw touchscreen logs and demonstrate that different users populate distinct subspaces of this feature space. In a systematic experiment designed to test how this behavioral pattern exhibits consistency over time, we collected touch data from users interacting with a smart phone using basic navigation maneuvers, i.e., up-down and left-right scrolling. We propose a classification framework that learns the touch behavior of a user during an enrollment phase and is able to accept or reject the current user by monitoring interaction with the touch screen. The classifier achieves a median equal error rate of 0% for intrasession authentication, 2%-3% for intersession authentication, and below 4% when the authentication test was carried out one week after the enrollment phase. While our experimental findings disqualify this method as a standalone authentication mechanism for long-term authentication, it could be implemented as a means to extend screen-lock time or as a part of a multimodal biometric authentication system.
Key management in wireless sensor networks faces several unique challenges. The scale, resource limitations, and new threats such as node capture suggest the use of in-network key generation. ...However, the cost of such schemes is often high because their security is based on computational complexity. Recently, several research contributions justified experimentally that the wireless channel itself can be used to generate information-theoretic secure keys. By exchanging sampling messages during device movement, a bit string is derived known only to the two involved entities. Yet, movement is not the only option to generate randomness: the channel response strongly depends on the signal frequency as well. In this work, we introduce a key generation protocol based on the frequency-selectivity of multipath fading channels. The practical advantage of this approach is that it does not require device movement during key establishment. Thus the frequent case of a sensor network with static nodes is supported. We show the protocol's applicability by implementing it on MICAz motes, and evaluating its robustness and security through experiments and analysis. The error correction property of the protocol mitigates the effects of measurement errors and temporal effects, giving rise to an agreement rate of over 97 %.
Generating secret keys using physical properties of the wireless channel has recently become a popular research area. The main security assumption of these protocols is that a sufficiently distant ...adversary is unable to guess a generated secret due to the unpredictable behavior of multipath signal propagation. In this paper, we introduce a practical and efficient man-in-the-middle attack against such protocols. Using this attack, we demonstrate: (i) intentional sabotaging of key generation schemes, which leads to a high key disagreement rate, and (ii) a key recovery that reveals up to 47% of the generated secret bits. We analyze statistical countermeasures (often proposed in related work) and show that attempting to detect such attacks results in a high false positive rate, questioning the overall benefit of such schemes. We implement and experimentally validate the attacks using off-the-shelf hardware, without assuming any technological advantage for the adversary.
Level of customer electricity debts is a relevant information for the electricity production company, as it represents uncollected revenue for the provided service. Higher level of debts may affect ...the provider’s financial stability and the ability to invest and maintain their network. On the other hand, high levels of debt may indicate larger macroeconomic problems, such as the lower standard of the citizens or high unemployment. In this paper, a Machine Learning approach for electricity debt prediction was applied, using Support Vector Regression method and data from the Montenegrin electricity provider. The obtained results indicate an excellent model performance, proving that the chosen method is an outstanding choice for this task, compared to other machine learning methods. The forecast of electricity user debts using machine learning techniques adds a new research area to the existing research, as the previous literature mostly concentrated on the prediction of electric load, consumption, and demand. The risk of default may be larger in lower income nations, as is the case in this research, therefore risk prediction and mitigation are crucial for the power supplier in these countries. The results obtained in this research on the test set are 1.63% and 0.854, for Relative Error and R2, respectively, showing excellent predictive performance. Additionally, correlation coefficient is close to 1 in cross-validation and on unknown data. Thus, it can be confirmed that the debt prediction was efficient.
The apps installed on a smartphone can reveal much information about a user, such as their medical conditions, sexual orientation, or religious beliefs. In addition, the presence or absence of ...particular apps on a smartphone can inform an adversary, who is intent on attacking the device. In this paper, we show that a passive eavesdropper can feasibly identify smartphone apps by fingerprinting the network traffic that they send. Although SSL/TLS hides the payload of packets, side-channel data, such as packet size and direction is still leaked from encrypted connections. We use machine learning techniques to identify smartphone apps from this side-channel data. In addition to merely fingerprinting and identifying smartphone apps, we investigate how app fingerprints change over time, across devices, and across different versions of apps. In addition, we introduce strategies that enable our app classification system to identify and mitigate the effect of ambiguous traffic, i.e., traffic in common among apps, such as advertisement traffic. We fully implemented a framework to fingerprint apps and ran a thorough set of experiments to assess its performance. We fingerprinted 110 of the most popular apps in the Google Play Store and were able to identify them six months later with up to 96% accuracy. Additionally, we show that app fingerprints persist to varying extents across devices and app versions.
In this paper, we argue that current state-of-the-art methods of aircraft localization such as multilateration are insufficient, in particular for modern crowdsourced air traffic networks with ...random, unplanned deployment geometry. We propose an alternative, a grid-based localization approach using the k-nearest neighbor (k-NN) algorithm, to deal with the identified shortcomings. Our proposal does not require any changes to the existing air traffic protocols and transmitters, and is easily implemented using only low-cost, commercial-off-the-shelf hardware. Using an algebraic multilateration algorithm for comparison, we evaluate our approach using real-world flight data collected with our collaborative sensor network OpenSky. We quantify its effectiveness in terms of aircraft location accuracy, surveillance coverage, and the verification of false position data. Our results show that the grid-based k-NN approach can increase the effective air traffic surveillance coverage compared to multilateration by a factor of up to 2.5. As it does not suffer from dilution of precision to the same extent, it is more robust in noisy environments and performs better in pre-existing, unplanned receiver deployments. We further find that the mean aircraft location accuracy can be increased by up to 41% in comparison with multilateration while also being able to pinpoint the origin of potential spoofing attacks conducted from the ground.
Abstract In 2021, the largest US pipeline system for refined oil products suffered a 6-day shutdown due to a ransomware attack 1. In 2023, the sensitive systems of the US Marshals Service were ...attacked by a ransomware 2. One of the most effective ways to fight ransomware is to extract the secret keys. The challenge of detecting and identifying cryptographic primitives has been around for over a decade. Many tools have been proposed, but the vast majority of them use templates or signatures, and their support for different operating systems and processor architectures is rather limited; neither have there been enough tools capable of extracting the secret keys. In this paper, we present CipherTrace, a generic and automated system to detect and identify the class of cipher algorithms in binary programs, and additionally, locate and extract the secret keys and cryptographic states accessed by the cipher. We focus on product ciphers, and evaluate CipherTrace using four standard cipher algorithms, four different hashing algorithms, and five of the most recent and popular ransomware specimens. Our results show that CipherTrace is capable of fully dissecting Fixed S-Box block ciphers (e.g. AES and Serpent) and can extract the secret keys and other cryptographic artefacts, regardless of the operating system, implementation, or input- or key-size, and without using signatures or templates. We show a significant improvement in performance and functionality compared to the closely related works. CipherTrace helps in fighting ransomware, and aids analysts in their malware analysis and reverse engineering efforts.
Peeves Birnbach, Simon; Eberz, Simon; Martinovic, Ivan
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security,
11/2019
Conference Proceeding
With the rising availability of smart devices (e.g., smart thermostats, lights, locks, etc.), they are increasingly combined into "smart homes". A key component of smart homes are event sensors that ...report physical events (such as doors opening or the light turning on) which can be triggered automatically by the system or manually by the user. However, data from these sensors are not always trustworthy. Both faults in the event sensors and involvement of active attackers can lead to reporting of events that did not physically happen (event spoofing). This is particularly critical, as smart homes can trigger event chains (e.g., turning the radiator off when a window is opened) without involvement of the user. The goal of this paper is to verify physical events using data from an ensemble of sensors (such as accelerometers or air pressure sensors) that are commonly found in smart homes. This approach both protects against event sensor faults and sophisticated attackers. In order to validate our system's performance, we set up a "smart home" in an office environment. We recognize 22 event types using 48 sensors over the course of two weeks. Using data from the physical sensors, we verify the event stream supplied by the event sensors. We consider two threat models: a zero-effort attacker who spoofs events at arbitrary times and an opportunistic attacker who has access to a live stream of sensor data to better time their attack. We achieve perfect classification for 9 out of 22 events and achieve a 0% false alarm rate at a detection rate exceeding 99.9% for 15 events. We also show that even a strong opportunistic attacker is inherently limited to spoofing few select events and that doing so involves lengthy waiting periods.