Alessio Merlo

Would You Mind Forking This Process? A Denial of Service Attack on Android (and Some Countermeasures)

We present a previously undisclosed vulnerability of Android OS which can be exploited by mounting a Denial-of-Service attack that makes devices become totally unresponsive. We discuss the characteristics of the vulnerability – which affects all versions of Android – and propose two different fixes, each involving little patching implementing a few architectural countermeasures. We also provide experimental evidence of the effectiveness of the exploit as well as of the proposed countermeasures.

A survey on energy-aware security mechanisms

The increasing adoption of mobile devices as the preferred tool to access the Internet imposes to deepen the investigation of security aspects. In parallel, their power constrained nature must be explicitly considered in order to analyze security in an effective and comprehensive manner. This aspect, which is often neglected in the literature, allows investigating two important behaviors of mobile devices: (i) evaluate if all the layers accounting for privacy and security can be re-engineered or optimized to save power, and (ii) understand the effectiveness of draining energy to conduct attacks.In this perspective, this paper surveys and highlights the most recent work on energy-awareness and security. Also, it summarizes the current state of the art on general techniques to save energy, as well as tools to perform measurements. The major contributions of this survey are, thus, a review of past work aimed at minimizing the energy footprint of security mechanisms, and the identification of promising research trends, such as detecting attacks via anomalous power consumption.

Bring your own device, securely

Modern mobile devices offer users powerful computational capabilities and complete customization. As a matter of fact, today smartphones and tablets have remarkable hardware profiles and a cornucopia of applications. Yet, the security mechanisms offered by most popular mobile operating systems offer only limited protection to the threats posed by malicious applications that may be inadvertently installed by the users and therefore they do not meet the security standards required in corporate environments. In this paper we propose a security framework for mobile devices that ensures that only applications complying with the organization security policy can be installed. This is done by inferring behavioral models from applications and by validating them against the security policy. We also present BYODroid, a prototype implementation of our proposed security framework for the Android OS.

A Denial of Service Attack to UMTS Networks Using SIM-Less Devices

One of the fundamental security elements in cellular networks is the authentication procedure performed by means of the Subscriber Identity Module that is required to grant access to network services and hence protect the network from unauthorized usage. Nonetheless, in this work we present a new kind of denial of service attack based on properly crafted SIM-less devices that, without any kind of authentication and by exploiting some specific features and performance bottlenecks of the UMTS network attachment process, are potentially capable of introducing significant service degradation up to disrupting large sections of the cellular network coverage. The knowledge of this attack can be exploited by several applications both in security and in network equipment manufacturing sectors.

Formal Modeling and Reasoning about the Android Security Framework

Android OS is currently the most widespread mobile operating system and is very likely to remain so in the near future. The number of available Android applications will soon reach the staggering figure of 500,000, with an average of 20,000 applications being introduced in the Android Market over the last 6 months. Since many applications e.g., home banking applications deal with sensitive data, the security of Android is receiving a growing attention by the research community. However, most of the work assumes that Android meets some given high-level security goals e.g.i¾?sandboxing of applications. Checking whether these security goals are met is therefore of paramount importance. Unfortunately this is also a very difficult task due to the lack of a detailed security model encompassing not only the interaction among applications but also the interplay between the applications and the functionalities offered by Android. To remedy this situation in this paper we propose a formal model of Android OS that allows one to formally state the high-level security goals as well as to check whether these goals are met or to identify potential security weaknesses.

Breaking and fixing the Android Launching Flow

The security model of the Android OS is based on the effective combination of a number of well-known security mechanisms (e.g. statically defined permissions for applications, the isolation offered by the Dalvik Virtual Machine, and the well-known Linux discretionary access control model). Although each security mechanism has been extensively tested and proved to be effective in isolation, their combination may suffer from unexpected security flaws. We show that this is actually the case by presenting a severe vulnerability in Android related to the application launching flow. This vulnerability is based on a security flaw affecting a kernel-level socket (namely, the Zygote socket). We also present an exploit of the vulnerability that allows a malicious application to mount a severe Denial-of-Service attack that makes the Android devices become totally unresponsive. Besides explaining the vulnerability (which affects all versions of Android up to version 4.0.3) we propose two fixes. One of the two fixes has been adopted in the official release of Android, starting with version 4.1. We empirically assess the impact of the vulnerability as well as the efficacy of the countermeasures on the end user. We conclude by extending our security analysis to the whole set of sockets, showing that other sockets do not suffer from the same vulnerability as the Zygote one.

From model-checking to automated testing of security protocols: bridging the gap

Model checkers have been remarkably successful in finding flaws in security protocols. In this paper we present an approach to binding specifications of security protocols to actual implementations and show how it can be effectively used to automatically test implementations against putative attack traces found by the model checker. By using our approach we have been able to automatically detect and reproduce an attack witnessing an authentication flaw in the SAML-based Single Sign-On for Google Apps.

Towards energy-aware intrusion detection systems on mobile devices

This paper investigates the correlations between the energy consumption of Android devices and the presence of threats (e.g. battery-drain attacks). In particular, this paper proposes a model for the energy consumption of single hardware components of a mobile device during normal usage and under attack. The model has been implemented in a kernel module and used to build up an energetic signature of both legal and malicious behaviors of WiFi hardware component in different Android devices. Such activity allows us to build a tentative database of signatures that can be used to detect attacks by means of the actual energy consumption of a mobile device. The proposed power consumption model and kernel module can be applied also to other hardware components, so to obtain very precise energetic signatures.

What is Green Security

Green Security is a new research field defining and investigating security solutions under an energy-aware perspective. Green Security aims at: 1) evaluating the actual security mechanisms in order to assess their energy consumption; 2) building new security mechanisms by considering energy costs from the design phase. In this paper, we first provide a definition of Green Security and formalism to model it, then we provide a use case showing how it is possible to model the energy consumption of two Intrusion Detection System (IDS) strategies, finally we leverage this model to assess the energy leakage due to the late discovery of bad packets.

The energy impact of security mechanisms in modern mobile devices

The massive uptake of mobile devices is raising concerns about their security. Yet there may be a difficult trade-off to be made between security and power consumption. Luca Caviglione of the Institute of Intelligent Systems for Automation, National Research Council of Italy and Alessio Merlo, University of Genoa and eCampus University, undertook a power consumption analysis of some security-related aspects deployed within a sample Android mobile phone and examined whether security does have an energy cost associated with it. The availability of powerful and cost-effective wireless interfaces makes the modern Internet accessible according to the ‘anywhere, anytime’ paradigm. In addition, the explosion of Web 2.0 applications enables people to interact with an increased degree of social connectivity. And, in a simple and cost-effective manner, modern end-user devices allow people to produce and share contents, interact with the surrounding environment – for example, via Global Positioning System (GPS) or Near Field Communication (NFC) mechanisms – and enjoy multimedia material such as music and video. To be effective, such a rich set of features must be supported by an adequate supply of on-board power, which is mostly provided via batteries. Even though battery technology and silicon efficiency have made important advances in the past few years, excessive power drain still remains the major weakness when designing and using mobile appliances. Luca Caviglione of the Institute of Intelligent Systems for Automation, National Research Council of Italy and Alessio Merlo, University of Genoa and eCampus University, undertook a power consumption analysis of some security-related aspects deployed within a sample Android mobile phone and examined whether security does have an energy cost associated with it.