DECIM: Detecting Endpoint Compromise In Messaging

Yu, Jiangshan; Ryan, Mark; Cremers, Cas

doi:10.1109/tifs.2017.2738609

Cited by 15 publications

(9 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, another researcher proposed a model Hybridroid [7] based on static and dynamic analysis that detect privacy leakage with the 97.8% precision in android applications. In addition DECIM [51], assure additional safety layer even attackers bypass the security of all keys in message transfer protocol. The grabby android applications [52] that drain mobile phone resources in which battery, storage, CPU, memory and data are vibrant.…”

Section: Threat Clustersmentioning

confidence: 99%

Mobile malware attacks: Review, taxonomy & future directions

Qamar

Karim

Chang

2019

Future Generation Computer Systems

139

View full text Add to dashboard Cite

A pervasive increase in the adoption rate of smartphones with Android OS is noted in recent years. Android's popular and attractive environment not only captured the attention of users but also increased security concerns. As a result, Android malware detection is one of the sizzling topics in the mobile security domain. This paper provides a comprehensive review of state-of-the-art mobile malware attacks, vulnerabilities, detection techniques and security solutions over the period of 2013-2019 that majorly targeted Android platform. We have presented various well-organized and in-depth taxonomies that uncover mobile malware detection approaches based on their analysis techniques, working platform, data acquisition, operational impact, obtained results and artificial intelligence component involved. Another taxonomy comprises of mobile malware attack vector is presented to look threat clusters and loopholes to locate their malicious widespread impact on communities. Furthermore, we have discussed and classified forensic analysis efforts in mobile malware detection perspective. From intruder point of view, we have compared various evasion techniques that are used prominently by the malware authors to hinder detection efforts. Finally, future work directions are presented as guidelines for academia and industry alike to help them reduce or even avoid the harmful impact of these annoying efforts.

show abstract

Section: Threat Clustersmentioning

confidence: 99%

Mobile malware attacks: Review, taxonomy & future directions

Qamar

Karim

Chang

2019

Future Generation Computer Systems

139

View full text Add to dashboard Cite

show abstract

“…Furthermore, the privacy problem is transferred to applications or protocols that use CT as a basis or follow the same architectural design. One such application is DECIM [45], which aims to detect the compromise of endpoints in messaging scenarios. DECIM provides a key management protocol based on CT and enables users to refresh and manage keys in a transparent manner.…”

Section: B Privacy Challenges With Ctmentioning

confidence: 99%

Revisiting User Privacy for Certificate Transparency

Kales

Omolola

Ramacher

2019

2019 IEEE European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

Public key infrastructure (PKI) based on certificate authorities is one of the cornerstones of secure communication over the internet. Certificates issued as part of this PKI provide authentication of web servers among others. Yet, the PKI ecosystem is susceptible to certificate misissuance and misuse attacks. To prevent those attacks, Certificate Transparency (CT) facilitates auditing of issued certificates and detecting certificates issued without authorization. Users that want to verify inclusion of certificates on CT log servers contact the CT server directly to retrieve inclusion proofs. This direct contact with the log server creates a privacy problem since the users' browsing activities could be recorded by the log server owner. Lueks and Goldberg (FC 2015) suggested the use of Private Information Retrieval (PIR) in order to protect the users' privacy in the CT ecosystem. With the immense amount of certificates included on CT log servers, their approach runs into performance issues, however. Nevertheless, we build on this approach and extend it using multi-tier Merkle trees, and render it practical using multi-server PIR protocols based on distributed point functions (DPFs). Our approach leads to a scalable design suitable to handle the increasing number of certificates and is, in addition, generic allowing instantiations using secure accumulators and PIRs. We implement and test this mechanism for privacy-preserving membership proof retrieval and show that it can be integrated without disrupting existing CT infrastructure. Most importantly, even for larger CT logs containing 2 31 certificates, our approach using sub-accumulators can provide privacy with a performance overhead of less than 9 milliseconds in total. 3 https://www.section.io/blog/chrome-ct-compliance/ 4 Precertificates are certificates provided to the log before the issuance of the actual certificate. They contain a special critical poison extension that renders the certificate unusable in TLS connections.

show abstract

“…Transparency overlays and related public log-based systems [3,4,8,17,24,25] are designed to make participants' behaviour public through the use of a third-party log, enabling misuse detection on the basis of acausal observations. To avoid having to trust the log maintainer, transparency overlays set up the log structure so that the maintainer must be able to prove that any two authenticated log states are consistent with each other.…”

Section: Improving Detection In Transparency Overlaysmentioning

confidence: 99%

Automatically Detecting the Misuse of Secrets: Foundations, Design Principles, and Applications

Milner

Cremers

et al. 2017

2017 IEEE 30th Computer Security Foundations Symposium (CSF)

Self Cite

View full text Add to dashboard Cite

We develop foundations and several constructions for security protocols that can automatically detect, without false positives, if a secret (such as a key or password) has been misused. Such constructions can be used, e.g., to automatically shut down compromised services, or to automatically revoke misused secrets to minimize the effects of compromise. Our threat model includes malicious agents, (temporarily or permanently) compromised agents, and clones. Previous works have studied domain-specific partial solutions to this problem. For example, Google's Certificate Transparency aims to provide infrastructure to detect the misuse of a certificate authority's signing key, logs have been used for detecting endpoint compromise, and protocols have been proposed to detect cloned RFID/smart cards. Contrary to these existing approaches, for which the designs are interwoven with domain-specific considerations and which usually do not enable fully automatic response (i.e., they need human assessment), our approach shows where automatic action is possible. Our results unify, provide design rationales, and suggest improvements for the existing domain-specific solutions. Based on our analysis, we construct several mechanisms for the detection of misuse. Our mechanisms enable automatic response, such as revoking keys or shutting down services, thereby substantially limiting the impact of a compromise. In several case studies, we show how our mechanisms can be used to substantially increase the security guarantees of a wide range of systems, such as web logins, payment systems, or electronic door locks. For example, we propose and formally verify an improved version of Cloudflare's Keyless SSL protocol that enables key misuse detection.

show abstract

DECIM: Detecting Endpoint Compromise In Messaging

Cited by 15 publications

References 17 publications

Mobile malware attacks: Review, taxonomy & future directions

Mobile malware attacks: Review, taxonomy & future directions

Revisiting User Privacy for Certificate Transparency

Automatically Detecting the Misuse of Secrets: Foundations, Design Principles, and Applications

Contact Info

Product

Resources

About