Several Michigan Papers Presented at 2016 USENIX Security Symposium

Five papers authored by CSE researchers were presented at the 2016 USENIX Security Symposium, which took place August 10-12 in Austin, TX. USENIX Security brings together researchers from both academia and industry interested in the latest advances in the security of computer systems and networks. The symposium is a premier venue for security and privacy research.

The five papers that were presented were:

FlowFence: Practical Data Protection for Emerging IoT Application Frameworks

Authors include: Prof. Atul Prakash and CSE students Earlence Fernandes, Justin Paupore, Amir Rahmati

In this paper, the researchers present FlowFence, a system that requires consumers of sensitive data to declare their intended data flow patterns, which it enforces with low overhead, while blocking all other undeclared flows. Emerging IoT programming frameworks only support permission based access control on sensitive data, making it possible for malicious apps to abuse permissions and leak data. FlowFence enables apps on emerging IoT frameworks to compute on sensitive data while preventing data abuse.

DROWN: Breaking TLS using SSLv2

Authors include: CSE student David Adrian and Prof. Alex Halderman

DROWN allows attackers to break encryption used to protect HTTPS websites and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. In the paper, the researchers introduce the attack, which exploits multiple unnoticed flaws in SSLv2, a 1990s-era predecessor to the modern TLS protocol, to develop a new and stronger variant of the Bleichenbacher attack. Today, many servers and clients use TLS, but they also support SSLv2, which leaves them vulnerable to the attack.

Fingerprinting Electronic Control Units for Vehicle Intrusion Detection

Authors: CSE student Kyong-Tak Cho and Prof. Kang G. Shin

Recently, researchers have demonstrated how to compromise in-vehicle Electronic Control Units (ECUs) and control the vehicle maneuver, so to counter these vulnerabilities with stronger protection, the researchers propose an anomaly-based intrusion detection system (IDS), called Clock-based IDS (CIDS). It measures and then exploits the intervals of periodic in-vehicle messages for fingerprinting ECUs, which allows quick identification of in-vehicle network intrusions.

Protecting Privacy of BLE Device Users

Authors Include: Prof. Kang G. Shin, CSE student Kassem Fawaz

The researchers studied the behavior of more than 200 types of BLE (Bluetooth Low Energy)-equipped devices and discovered the BLE protocol fails to hide the device’s presence from curious adversaries. In this paper, the researchers propose a new device-agnostic system, called BLE -Guardian, that protects the privacy of the users/environments equipped with BLE devices/IoTs. It enables the users and administrators to control those who discover, scan and connect to their devices.

You’ve Got Vulnerability: Exploring Effective Vulnerability Notifications

Authors include: CSE students Zakir Durumeric and Jakub Czyz

The researchers report on an extensive study of notifying thousands of parties of security issues present within their networks, with an aim of illuminating which fundamental aspects of notifications have the greatest impact on efficacy. Their findings indicate that notifications can have a significant positive effect on patching, with the best messaging regimen being directly notifying contacts with detailed information.

Two other papers were also presented at 10th USENIX Workshop on Offensive Technologies (WOOT ’16), which was a workshop a part of the USENIX Symposium.

The two papers presented were:

DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work

Authors Include: CSE student Benjamin VanderSloot

In this paper, the researchers present DDoSCoin, which is a cryptocurrency with a malicious proof-of-work. DDoSCoin allows miners to prove that they have contributed to a distributed denial of service attack against specific target servers. This proof involves making a large number of TLS connections to a target server, and using cryptographic responses to prove that a large number of connections has been made. Like proof-of-work puzzles, these proofs are inexpensive to verify, and can be made arbitrarily difficult to solve.

Truck Hacking: An Experimental Analysis of the SAE J1939 Standard

Authors Include: CS student Yelizaveta Burakova and CSE graduate student Leif Millar

The researchers show how the openness of the SAE J1939 standard used across all US heavy vehicle industries gives easy access for safety-critical attacks and that these attacks aren’t limited to one specific make, model, or industry. They test attacks on a 2006 Class-8 semi tractor and 2001 school bus. With these two vehicles, we demonstrate how simple it is to replicate the kinds of attacks used on consumer vehicles and that it is possible to use the same attack on other vehicles that use the SAE J1939 standard.