Journal of Computer Security - Volume 27, issue 1

Authors: Maffei, Matteo | Malavolta, Giulio | Reinert, Manuel | Schröder, Dominique

Article Type: Research Article

Abstract: Cloud storage has rapidly become a cornerstone of many IT infrastructures, constituting a seamless solution for the backup, synchronization, and sharing of large amounts of data. Putting user data in the direct control of cloud service providers, however, raises security and privacy concerns related to the integrity of outsourced data, the accidental or intentional leakage of sensitive information, the profiling of user activities and so on. Furthermore, even if the cloud provider is trusted, users having access to outsourced files might be malicious and misbehave. These concerns are particularly serious in sensitive applications like personal health records and credit score …systems. To tackle this problem, we present Π GORAM , a definitional framework for Group Oblivious RAM, in which we formalize several security and privacy properties such as secrecy, integrity, anonymity, and obliviousness. Π GORAM allows per entry access control, as selected by the data owner. Π GORAM is the first framework to define such a wide range of security and privacy properties for outsourced storage. Regarding obliviousness, we tackle two different attacker models: our first definition protects against an honest-but-curious server while our second definition protects against such a server colluding with malicious clients. In the latter model, we prove a server-side computational lower bound of Ω ( n ) where n is the number of entries in the database, i.e., every operations requires to process a constant fraction of the database. Furthermore, we present two constructions: a pure cryptographic instantiation, which achieves an O ( n ) amortized communication and computation complexity and a construction based on a trusted proxy with logarithmic communication and server-side computational complexity. The second construction bypasses the previously established lower bound leveraging a trusted party. Both schemes achieve secrecy, integrity, and obliviousness with respect to a server colluding with malicious clients, but not anonymity due to the deployed access control mechanism. In the former model, we present a cryptographic system that achieves secrecy, integrity, obliviousness, and anonymity. In the process of designing an efficient construction, we developed three new, generally applicable cryptographic schemes, namely, batched zero-knowledge proof of shuffle correctness, the hash-and-proof paradigm, which even improves upon the former, and an accountability technique based on chameleon signatures, which we consider of independent interest. We implemented our constructions in Amazon Elastic Compute Cloud (EC2) and ran a performance evaluation demonstrating the scalability and efficiency of our construction. Show more

Keywords: Group ORAM, oblivious RAM, cloud storage, provable security, privacy-enhancing technologies

DOI: 10.3233/JCS-171030

Citation: Journal of Computer Security, vol. 27, no. 1, pp. 1-47, 2019

Authors: Salva, Sébastien | Regainia, Loukmen

Article Type: Research Article

Abstract: Design Patterns are now widely accepted and used in software engineering; they represent generic and reusable solutions to common problems in software design. Security patterns are specialised patterns whose purpose is to help design applications that should meet security requirements. The enthusiasm surrounding security patterns has made emerge several catalogues listing up to 180 different patterns at the moment. This growing number brings an increased difficulty in choosing the most appropriate patterns for a given design problem. We propose a security pattern classification to facilitate the security pattern choice and a classification method based on data integration. The classification exposes …relationships among software attacks, security principles and security patterns. It expresses the pattern combinations that are countermeasures to a given attack. This classification is semi-automatically inferred by means of a data-store integrating disparate publicly available security data. The data-store is also used to generate Attack Defense Trees . In our context, these illustrate, for a given attack, its sub-attacks, steps, techniques and the related defenses given under the form of security pattern combinations. Such trees make the pattern classification more readable even for beginners in security patterns. Finally, we evaluate on human subjects the benefits of using a pattern classification established for Web applications, which covers 215 attacks, 66 security principles and 26 security patterns. Show more

Keywords: Attack, security patterns, classification, security principles, attack defense tree

DOI: 10.3233/JCS-171063

Citation: Journal of Computer Security, vol. 27, no. 1, pp. 49-74, 2019

Authors: Demay, Grégory | Gaži, Peter | Maurer, Ueli | Tackmann, Björn

Article Type: Research Article

Abstract: Cryptographic security is usually defined as a guarantee that holds except when a bad event with negligible probability occurs, and nothing is guaranteed in that bad case. However, in settings where such failure can happen with substantial probability, one needs to provide guarantees even for the bad case. A typical example is where a (possibly weak) password is used instead of a secure cryptographic key to protect a session, the bad event being that the adversary correctly guesses the password. In a situation with multiple such sessions, a per-session guarantee is desired: any session for which the password has not …been guessed remains secure, independently of whether other sessions have been compromised. A new formalism for stating such gracefully degrading security guarantees is introduced and applied to analyze the examples of password-based message authentication and password-based encryption. While a natural per-message guarantee is achieved for authentication, the situation of password-based encryption is more delicate: a per-session confidentiality guarantee only holds against attackers for which the distribution of password-guessing effort over the sessions is known in advance. In contrast, for more general attackers without such a restriction, a strong, composable notion of security cannot be achieved. Show more

Keywords: Password-based encryption, simulation-based security, random oracle

DOI: 10.3233/JCS-181131

Citation: Journal of Computer Security, vol. 27, no. 1, pp. 75-111, 2019

Authors: Armknecht, Frederik | Benenson, Zinaida | Morgner, Philipp | Müller, Christian | Riess, Christian

Article Type: Research Article

Abstract: Smart heating applications promise to increase energy efficiency and comfort by collecting and processing room climate data. While it has been suspected that the sensed data may leak crucial personal information about the occupants, this belief has up until now not been supported by evidence. In this work, we investigate privacy risks arising from the collection of room climate measurements. We assume that an attacker has access to the most basic measurements only: temperature and relative humidity. We train machine learning classifiers to predict the presence and number of room occupants and to discriminate between different types of activities. …On data that was collected at three different locations, we show that occupancy can be detected from data measured by a single sensor with up to 93.5 % accuracy. One can even distinguish between the cases that no, one, or two persons are present with up to 66.4 % accuracy. Moreover, the four actions reading, working on a PC, standing, and walking, can be discriminated with up to 56.8 % accuracy, which is likewise clearly better than guessing (25 % ). Constraining the set of actions allows to achieve even higher prediction rates. For example, we discriminate standing and walking occupants with 96.3 % accuracy. In addition, we show that the accuracy can be increased in most cases if an attacker has access to measurements from two different sensors located in the same room. Our results provide evidence that even the leakage of such ‘inconspicuous’ data as temperature and relative humidity can seriously violate privacy. Show more

Keywords: Privacy, room climate, occupany detection, activity recognition

DOI: 10.3233/JCS-181133

Citation: Journal of Computer Security, vol. 27, no. 1, pp. 113-136, 2019

Authors: Blazy, Sandrine | Pichardie, David | Trieu, Alix

Article Type: Research Article

Abstract: Constant-time programming is an established discipline to secure programs against timing attackers. Several real-world secure C libraries such as NaCl, mbedTLS, or Open Quantum Safe, follow this discipline. We propose an advanced static analysis, based on state-of-the-art techniques from abstract interpretation, to report time leakage during programming. To that purpose, we analyze source C programs and use full context-sensitive and arithmetic-aware alias analyses to track the tainted flows. We give semantic evidence of the correctness of our approach on a core language. We also present a prototype implementation for C programs that is based on the CompCert compiler toolchain …and its companion Verasco static analyzer. We present verification results on various real-world constant-time programs and report on a successful verification of a challenging SHA-256 implementation that was out of scope of previous tool-assisted approaches. Show more

Keywords: Abstract interpretation, constant-time programming, timing attacks, verification of C implementations

DOI: 10.3233/JCS-181136

Citation: Journal of Computer Security, vol. 27, no. 1, pp. 137-163, 2019