OAuth has become a highly influential protocol due to its swift and wide adoption in the industry. The initial objective of the protocol was specific: it serves the authorization needs for websites. What motivates our work is the realization that the protocol has been significantly repurposed and re-targeted over the years: (1) all major identity providers, e.g., Facebook, Google and Microsoft, have re-purposed OAuth for user authentication; (2) developers have re-targeted OAuth to the mobile platforms, in addition to the traditional web platform. Therefore, we believe that it is necessary and timely to conduct an in-depth study to demystify OAuth for mobile application developers.Our work consists of two pillars: (1) an in-house study of the OAuth protocol documentation that aims to identify what might be ambiguous or unspecified for mobile developers; (2) a field-study of over 600 popular mobile applications that highlights how well developers fulfill the authentication and authorization goals in practice. The result is really worrisome: among the 149 applications that use OAuth, 89 of them (59.7%) were incorrectly implemented and thus vulnerable. In the paper, we pinpoint the key portions in each OAuth protocol flow that are security critical, but are confusing or unspecified for mobile application developers. We then show several representative cases to concretely explain how real implementations fell into these pitfalls. Our findings have been communicated to vendors of the vulnerable applications. Most vendors positively confirmed the issues, and some have applied fixes. We summarize lessons learned from the study, hoping to provoke further thoughts about clear guidelines for OAuth usage in mobile applications.
Context-based pairing solutions increase the usability of IoT device pairing by eliminating any human involvement in the pairing process. This is possible by utilizing on-board sensors (with same sensing modalities) to capture a common physical context (e.g., ambient sound via each device's microphone). However, in a smart home scenario, it is impractical to assume that all devices will share a common sensing modality. For example, a motion detector is only equipped with an infrared sensor while Amazon Echo only has microphones. In this paper, we develop a new context-based pairing mechanism called Perceptio that uses time as the common factor across differing sensor types. By focusing on the event timing, rather than the specific event sensor data, Perceptio creates event fingerprints that can be matched across a variety of IoT devices. We propose Perceptio based on the idea that devices co-located within a physically secure boundary (e.g., single family house) can observe more events in common over time, as opposed to devices outside. Devices make use of the observed contextual information to provide entropy for Perceptio's pairing protocol. We design and implement Perceptio, and evaluate its effectiveness as an autonomous secure pairing solution. Our implementation demonstrates the ability to sufficiently distinguish between legitimate devices (placed within the boundary) and attacker devices (placed outside) by imposing a threshold on fingerprint similarity. Perceptio demonstrates an average fingerprint similarity of 94.9% between legitimate devices while even a hypothetical impossibly well-performing attacker yields only 68.9% between itself and a valid device.
We investigate the problem of modeling node capture attacks in heterogeneous wireless ad hoc and mesh networks. Classical adversarial models such as the Dolev-Yao model are known to be unsuitable for describing node capture attacks. By defining the amortized initialization overhead cost as well as the cost of capturing a node, we show that finding the node capture attack yielding the minimum cost can be formulated as an integer-programming minimization problem. Hence, there is no polynomial solution to find the minimum cost node capture attack. We show that depending on the adversary's knowledge of the constraint matrix in the integer-programming problem, different greedy heuristics can be developed for node capture attacks. We also show under what conditions privacy-preserving key establishment protocols can help to prevent minimum cost node capture attacks. Individual node storage randomization is investigated as a technique to mitigate the effect of attacks which are not prevented by the use of privacy-preserving protocols. It is shown that probabilistic heuristic attacks can be performed effectively even under storage randomization.
Abstract-We formalize a model for node capture attacks in which an adversary collects information about the network via eavesdropping on the wireless medium and captures nodes based on the learned information. We show that attacks in this adversary model correspond to NP-hard optimization problems and discuss the behavior of a reasonable heuristic algorithm. We show that the goals of node capture attacks can be decomposed into a collection of primitive events, the impact of which can be evaluated and recombined to yield an overall evaluation of the attack. We demonstrate the use of the attack decomposition model for derivation of attack metrics and discuss the potential use of this decomposition technique for the purposes of defense against node capture attacks.
Abstract-Availability of service in many wireless networks depends on the ability for network users to establish and maintain communication channels using control messages from base stations and other users. An adversary with knowledge of the underlying communication protocol can mount an efficient denial of service attack by jamming the communication channels used to exchange control messages. The use of spread spectrum techniques can deter an external adversary from such control channel jamming attacks. However, malicious colluding insiders or an adversary who captures or compromises system users are not deterred by spread spectrum, as they know the required spreading sequences. For the case of internal adversaries, we propose a framework for control channel access schemes using the random assignment of cryptographic keys to hide the location of control channels. We propose and evaluate metrics to quantify the probabilistic availability of service under control channel jamming by malicious or compromised users and show that the availability of service degrades gracefully as the number of colluding insiders or compromised users increases. We propose an algorithm called GUIDE for the identification of compromised users in the system based on the set of control channels that are jammed. We evaluate the estimation error using the GUIDE algorithm in terms of the false alarm and miss rates in the identification problem. We discuss various design trade-offs between robustness to control channel jamming and resource expenditure.
Abstract-Joint analysis of security and routing protocols in wireless networks reveals vulnerabilities of secure network traffic that remain undetected when security and routing protocols are analyzed independently. We formulate a class of continuous metrics to evaluate the vulnerability of network traffic as a function of security and routing protocols used in wireless networks. We develop two complementary vulnerability definitions using set theoretic and circuit theoretic interpretations of the security of network traffic, allowing a network analyst or an adversary to determine weaknesses in the secure network. We formalize node capture attacks using the vulnerability metric as a nonlinear integer programming minimization problem and propose the GNAVE algorithm, a Greedy Node capture Approximation using Vulnerability Evaluation. We discuss the availability of security parameters to the adversary and show that unknown parameters can be estimated using probabilistic analysis. We demonstrate vulnerability evaluation using the proposed metrics and node capture attacks using the GNAVE algorithm through detailed examples and simulation.
A promising solution for trust establishment in wireless sensor networks is the assignment of cryptographic seeds (keys, secrets, etc.) to sensor nodes prior to network deployment, known as key predistribution. In this article, we propose a canonical seed assignment model for key predistribution characterizing seed assignment in terms of the probability distribution describing the number of nodes receiving each seed and the algorithm for seed assignment. In addition, we present a sampling framework for seed assignment algorithms in the canonical model. We propose a probabilistic k-connectivity model for randomly deployed secure networks using spatial statistics and geometric random graph theory. We analyze key predistribution schemes in the canonical model in terms of network connectivity and resilience to node capture. The analytical results can be used to determine the average or worst-case connectivity or resilience to node capture for a key predistribution scheme. Furthermore, we demonstrate the design of new key predistribution schemes and the inclusion of existing schemes in the canonical model. Finally, we present a general approach to analyze the addition of nodes to an existing secure network and derive results for a well-known scheme.
Abstract-Jamming attackers can dramatically increase attack efficiency and stealth by randomly or periodically cycling the jamming transmission on and off, attacks respectively known as random and periodic jamming. In this paper, we analyze the impact of such attacks on the IEEE 802.15.4 communication protocol, commonly used in wireless sensor networking applications, and show that the cycling behavior introduces a narrow spectral component into the received signal. We propose the inclusion of a digital filter at the receiver side to effectively eliminate this spectral component, and we discuss the benefits involved in this filter design. We evaluate the impacts of random and periodic jamming with and without the proposed filter, through implementation in software defined radios. Through our evaluation, we observe over 90% reduction in packet error rate with the proposed digital filter.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
Copyright © 2024 scite LLC. All rights reserved.
Made with đź’™ for researchers
Part of the Research Solutions Family.
