اشترك بالحزمة الذهبية واحصل على وصول غير محدود شمرا أكاديميا
تسجيل مستخدم جديدImpersonation with the Echo Protocol
57
0
0.0
(
0
)
اسأل ChatGPT حول البحث
ﻻ يوجد ملخص باللغة العربية
The Echo protocol tries to do secure location verification using physical limits imposed by the speeds of light and sound. While the protocol is able to guarantee that a certain object is within a certain region, it cannot ensure the authenticity of further messages from the object without using cryptography. This paper describes an impersonation attack against the protocol based on this weakness. It also describes a couple of approaches which can be used to defend against the attack.
قيم البحث
اقرأ أيضاً
We present a new benchmark (ProFuzzBench) for stateful fuzzing of network protocols. The benchmark includes a suite of representative open-source network servers for popular protocols, and tools to automate experimentation. We discuss challenges and
potential directions for future research based on this benchmark.
In this paper we provide evidence of an emerging criminal infrastructure enabling impersonation attacks at scale. Impersonation-as-a-Service (ImpaaS) allows attackers to systematically collect and enforce user profiles (consisting of user credentials
, cookies, device and behavioural fingerprints, and other metadata) to circumvent risk-based authentication system and effectively bypass multi-factor authentication mechanisms. We present the ImpaaS model and evaluate its implementation by analysing the operation of a large, invite-only, Russian ImpaaS platform providing user profiles for more than $260000$ Internet users worldwide. Our findings suggest that the ImpaaS model is growing, and provides the mechanisms needed to systematically evade authentication controls across multiple platforms, while providing attackers with a reliable, up-to-date, and semi-automated environment enabling target selection and user impersonation against Internet users as scale.
There are numerous opportunities for adversaries to observe user behavior remotely on the web. Additionally, keystroke biometric algorithms have advanced to the point where user identification and soft biometric trait recognition rates are commercial
ly viable. This presents a privacy concern because masking spatial information, such as IP address, is not sufficient as users become more identifiable by their behavior. In this work, the well-known Chaum mix is generalized to a scenario in which users are separated by both space and time with the goal of preventing an observing adversary from identifying or impersonating the user. The criteria of a behavior obfuscation strategy are defined and two strategies are introduced for obfuscating typing behavior. Experimental results are obtained using publicly available keystroke data for three different types of input, including short fixed-text, long fixed-text, and long free-text. Identification accuracy is reduced by 20% with a 25 ms random keystroke delay not noticeable to the user.
This paper investigates the impact of authentication on effective capacity (EC) of an underwater acoustic (UWA) channel. Specifically, the UWA channel is under impersonation attack by a malicious node (Eve) present in the close vicinity of the legiti
mate node pair (Alice and Bob); Eve tries to inject its malicious data into the system by making Bob believe that she is indeed Alice. To thwart the impersonation attack by Eve, Bob utilizes the distance of the transmit node as the feature/fingerprint to carry out feature-based authentication at the physical layer. Due to authentication at Bob, due to lack of channel knowledge at the transmit node (Alice or Eve), and due to the threshold-based decoding error model, the relevant dynamics of the considered system could be modelled by a Markov chain (MC). Thus, we compute the state-transition probabilities of the MC, and the moment generating function for the service process corresponding to each state. This enables us to derive a closed-form expression of the EC in terms of authentication parameters. Furthermore, we compute the optimal transmission rate (at Alice) through gradient-descent (GD) technique and artificial neural network (ANN) method. Simulation results show that the EC decreases under severe authentication constraints (i.e., more false alarms and more transmissions by Eve). Simulation results also reveal that the (optimal transmission rate) performance of the ANN technique is quite close to that of the GD method.
This work considers a line-of-sight underwater acoustic sensor network (UWASN) consisting of $M$ underwater sensor nodes randomly deployed according to uniform distribution within a vertical half-disc (the so-called trusted zone). The sensor nodes re
port their sensed data to a sink node on water surface on a shared underwater acoustic (UWA) reporting channel in a time-division multiple-access (TDMA) fashion, while an active-yet-invisible adversary (so-called Eve) is present in the close vicinity who aims to inject malicious data into the system by impersonating some Alice node. To this end, this work first considers an additive white Gaussian noise (AWGN) UWA channel, and proposes a novel, multiple-features based, two-step method at the sink node to thwart the potential impersonation attack by Eve. Specifically, the sink node exploits the noisy estimates of the distance, the angle of arrival, and the location of the transmit node as device fingerprints to carry out a number of binary hypothesis tests (for impersonation detection) as well as a number of maximum likelihood hypothesis tests (for transmitter identification when no impersonation is detected). We provide closed-form expressions for the error probabilities (i.e., the performance) of most of the hypothesis tests. We then consider the case of a UWA with colored noise and frequency-dependent pathloss, and derive a maximum-likelihood (ML) distance estimator as well as the corresponding Cramer-Rao bound (CRB). We then invoke the proposed two-step, impersonation detection framework by utilizing distance as the sole feature. Finally, we provide detailed simulation results for both AWGN UWA channel and the UWA channel with colored noise. Simulation results verify that the proposed scheme is indeed effective for a UWA channel with colored noise and frequency-dependent pathloss.
سجل دخول لتتمكن من نشر تعليقات
التعليقات
جاري جلب التعليقات
سجل دخول لتتمكن من متابعة معايير البحث التي قمت باختيارها
