No Arabic abstract
IoT security and privacy has raised grave concerns. Efforts have been made to design tools to identify and understand vulnerabilities of IoT systems. Most of the existing protocol security analysis techniques rely on a well understanding of the underlying communication protocols. In this paper, we systematically present the first manual reverse engineering framework for discovering communication protocols of embedded Linux based IoT systems. We have successfully applied our framework to reverse engineer a number of IoT systems. As an example, we present a detailed use of the framework reverse-engineering the WeMo smart plug communication protocol by extracting the firmware from the flash, performing static and dynamic analysis of the firmware and analyzing network traffic. The discovered protocol exposes severe design flaws that allow attackers to control or deny the service of victim plugs. Our manual reverse engineering framework is generic and can be applied to both read-only and writable Embedded Linux filesystems.
In contrast to software reverse engineering, there are hardly any tools available that support hardware reversing. Therefore, the reversing process is conducted by human analysts combining several complex semi-automated steps. However, countermeasures against reversing are evaluated solely against mathematical models. Our research goal is the establishment of cognitive obfuscation based on the exploration of underlying psychological processes. We aim to identify problems which are hard to solve for human analysts and derive novel quantification metrics, thus enabling stronger obfuscation techniques.
We put forward reverse engineering protocols to shape in time the components of the magnetic field to manipulate a single spin, two independent spins with different gyromagnetic factors, and two interacting spins in short amount of times. We also use these techniques to setup protocols robust against the exact knowledge of the gyromagnetic factors for the one spin problem, or to generate entangled states for two or more spins coupled by dipole-dipole interactions.
Key-agreement protocols whose security is proven in the random oracle model are an important alternative to protocols based on public-key cryptography. In the random oracle model, the parties and the eavesdropper have access to a shared random function (an oracle), but the parties are limited in the number of queries they can make to the oracle. The random oracle serves as an abstraction for black-box access to a symmetric cryptographic primitive, such as a collision resistant hash. Unfortunately, as shown by Impagliazzo and Rudich [STOC 89] and Barak and Mahmoody [Crypto 09], such protocols can only guarantee limited secrecy: the key of any $ell$-query protocol can be revealed by an $O(ell^2)$-query adversary. This quadratic gap between the query complexity of the honest parties and the eavesdropper matches the gap obtained by the Merkles Puzzles protocol of Merkle [CACM 78]. In this work we tackle a new aspect of key-agreement protocols in the random oracle model: their communication complexity. In Merkles Puzzles, to obtain secrecy against an eavesdropper that makes roughly $ell^2$ queries, the honest parties need to exchange $Omega(ell)$ bits. We show that for protocols with certain natural properties, ones that Merkles Puzzle has, such high communication is unavoidable. Specifically, this is the case if the honest parties queries are uniformly random, or alternatively if the protocol uses non-adaptive queries and has only two rounds. Our proof for the first setting uses a novel reduction from the set-disjointness problem in two-party communication complexity. For the second setting we prove the lower bound directly, using information-theoretic arguments.
Blockchain has received tremendous attention as a secure, distributed, and anonymous framework for the Internet of Things (IoT). As a distributed system, blockchain trades off scalability for distribution, which limits the technologys adaptation for large scale networks such as IoT. All transactions and blocks must be broadcast and verified by all participants which limits scalability and incurs computational and communication overheads. The existing solutions to scale blockchains have so far led to partial recentralization, limiting the technologys original appeal. In this paper, we introduce a distributed yet scalable Verification and Communication architecture for blockchain referred to as Vericom. Vericom concurrently achieves high scalability and distribution using hash function outputs to shift blockchains from broadcast to multicast communication. Unlike conventional blockchains where all nodes must verify new transactions/blocks, Vericom uses the hash of IoT traffic to randomly select a set of nodes to verify transactions/blocks which in turn reduces the processing overhead. Vericom incorporates two layers: i) transmission layer where a randomized multicasting method is introduced along with a backbone network to route traffic, i.e., transactions and blocks, from the source to the destination, and ii) verification layer where a set of randomly selected nodes are allocated to verify each transaction or block. The performance evaluation shows that Vericom reduces the packet and processing overhead as compared with conventional blockchains. In the worst case, packet overhead in Vericom scales linearly with the number of nodes while the processing overhead remains scale-independent.
This full research paper focuses on skill acquisition in Hardware Reverse Engineering (HRE) - an important field of cyber security. HRE is a prevalent technique routinely employed by security engineers (i) to detect malicious hardware manipulations, (ii) to conduct VLSI failure analysis, (iii) to identify IP infringements, and (iv) to perform competitive analyses. Even though the scientific community and industry have a high demand for HRE experts, there is a lack of educational courses. We developed a university-level HRE course based on general cognitive psychological research on skill acquisition, as research on the acquisition of HRE skills is lacking thus far. To investigate how novices acquire HRE skills in our course, we conducted two studies with students on different levels of prior knowledge. Our results show that cognitive factors (e.g., working memory), and prior experiences (e.g., in symmetric cryptography) influence the acquisition of HRE skills. We conclude by discussing implications for future HRE courses and by outlining ideas for future research that would lead to a more comprehensive understanding of skill acquisition in this important field of cyber security.