OAuth has become a highly influential protocol due to its swift and wide adoption in the industry. The initial objective of the protocol was specific: it serves the authorization needs for websites. What motivates our work is the realization that the protocol has been significantly repurposed and re-targeted over the years: (1) all major identity providers, e.g., Facebook, Google and Microsoft, have re-purposed OAuth for user authentication; (2) developers have re-targeted OAuth to the mobile platforms, in addition to the traditional web platform. Therefore, we believe that it is necessary and timely to conduct an in-depth study to demystify OAuth for mobile application developers.Our work consists of two pillars: (1) an in-house study of the OAuth protocol documentation that aims to identify what might be ambiguous or unspecified for mobile developers; (2) a field-study of over 600 popular mobile applications that highlights how well developers fulfill the authentication and authorization goals in practice. The result is really worrisome: among the 149 applications that use OAuth, 89 of them (59.7%) were incorrectly implemented and thus vulnerable. In the paper, we pinpoint the key portions in each OAuth protocol flow that are security critical, but are confusing or unspecified for mobile application developers. We then show several representative cases to concretely explain how real implementations fell into these pitfalls. Our findings have been communicated to vendors of the vulnerable applications. Most vendors positively confirmed the issues, and some have applied fixes. We summarize lessons learned from the study, hoping to provoke further thoughts about clear guidelines for OAuth usage in mobile applications.
Context-based pairing solutions increase the usability of IoT device pairing by eliminating any human involvement in the pairing process. This is possible by utilizing on-board sensors (with same sensing modalities) to capture a common physical context (e.g., ambient sound via each device's microphone). However, in a smart home scenario, it is impractical to assume that all devices will share a common sensing modality. For example, a motion detector is only equipped with an infrared sensor while Amazon Echo only has microphones. In this paper, we develop a new context-based pairing mechanism called Perceptio that uses time as the common factor across differing sensor types. By focusing on the event timing, rather than the specific event sensor data, Perceptio creates event fingerprints that can be matched across a variety of IoT devices. We propose Perceptio based on the idea that devices co-located within a physically secure boundary (e.g., single family house) can observe more events in common over time, as opposed to devices outside. Devices make use of the observed contextual information to provide entropy for Perceptio's pairing protocol. We design and implement Perceptio, and evaluate its effectiveness as an autonomous secure pairing solution. Our implementation demonstrates the ability to sufficiently distinguish between legitimate devices (placed within the boundary) and attacker devices (placed outside) by imposing a threshold on fingerprint similarity. Perceptio demonstrates an average fingerprint similarity of 94.9% between legitimate devices while even a hypothetical impossibly well-performing attacker yields only 68.9% between itself and a valid device.
We investigate the problem of modeling node capture attacks in heterogeneous wireless ad hoc and mesh networks. Classical adversarial models such as the Dolev-Yao model are known to be unsuitable for describing node capture attacks. By defining the amortized initialization overhead cost as well as the cost of capturing a node, we show that finding the node capture attack yielding the minimum cost can be formulated as an integer-programming minimization problem. Hence, there is no polynomial solution to find the minimum cost node capture attack. We show that depending on the adversary's knowledge of the constraint matrix in the integer-programming problem, different greedy heuristics can be developed for node capture attacks. We also show under what conditions privacy-preserving key establishment protocols can help to prevent minimum cost node capture attacks. Individual node storage randomization is investigated as a technique to mitigate the effect of attacks which are not prevented by the use of privacy-preserving protocols. It is shown that probabilistic heuristic attacks can be performed effectively even under storage randomization.
Abstract-We formalize a model for node capture attacks in which an adversary collects information about the network via eavesdropping on the wireless medium and captures nodes based on the learned information. We show that attacks in this adversary model correspond to NP-hard optimization problems and discuss the behavior of a reasonable heuristic algorithm. We show that the goals of node capture attacks can be decomposed into a collection of primitive events, the impact of which can be evaluated and recombined to yield an overall evaluation of the attack. We demonstrate the use of the attack decomposition model for derivation of attack metrics and discuss the potential use of this decomposition technique for the purposes of defense against node capture attacks.
Abstract-Availability of service in many wireless networks depends on the ability for network users to establish and maintain communication channels using control messages from base stations and other users. An adversary with knowledge of the underlying communication protocol can mount an efficient denial of service attack by jamming the communication channels used to exchange control messages. The use of spread spectrum techniques can deter an external adversary from such control channel jamming attacks. However, malicious colluding insiders or an adversary who captures or compromises system users are not deterred by spread spectrum, as they know the required spreading sequences. For the case of internal adversaries, we propose a framework for control channel access schemes using the random assignment of cryptographic keys to hide the location of control channels. We propose and evaluate metrics to quantify the probabilistic availability of service under control channel jamming by malicious or compromised users and show that the availability of service degrades gracefully as the number of colluding insiders or compromised users increases. We propose an algorithm called GUIDE for the identification of compromised users in the system based on the set of control channels that are jammed. We evaluate the estimation error using the GUIDE algorithm in terms of the false alarm and miss rates in the identification problem. We discuss various design trade-offs between robustness to control channel jamming and resource expenditure.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.