Artemios G. Voyiatzis

Merged Mining: Curse or Cure?

Merged mining refers to the concept of mining more than one cryptocurrency without necessitating additional proof-of-work effort. Although merged mining has been adopted by a number of cryptocurrencies already, to this date little is known about the effects and implications. We shed light on this topic area by performing a comprehensive analysis of merged mining in practice. As part of this analysis, we present a block attribution scheme for mining pools to assist in the evaluation of mining centralization. Our findings disclose that mining pools in merge-mined cryptocurrencies have operated at the edge of, and even beyond, the security guarantees offered by the underlying Nakamoto consensus for extended periods. We discuss the implications and security considerations for these cryptocurrencies and the mining ecosystem as a whole, and link our findings to the intended effects of merged mining.

USBlock: Blocking USB-Based Keypress Injection Attacks

The Universal Serial Bus (USB) is becoming a prevalent attack vector. Rubber Ducky and BadUSB are two recent classes of a whole spectrum of attacks carried out using fully-automated keypress injections through innocent-looking USB devices. So far, defense mechanisms are insufficient and rely on user participation in the trust decision.

Lightweight Address Hopping for Defending the IPv6 IoT

The rapid deployment of IoT systems on the public Internet is not without concerns for the security and privacy of consumers. Security in IoT systems is often poorly engineered and engineering for privacy does notseemtobea concern for vendors at all. Thecombination of poor security hygiene and access to valuable knowledge renders IoT systems a much-sought target for attacks. IoT systems are not only Internet-accessible but also play the role of servers according to the established client-server communication model and are thus configured with static and/or easily predictable IPv6 addresses, rendering them an easy target for attacks. We present 6HOP, a novel addressing scheme for IoT devices. Our proposal is lightweight in operation, requires minimal administration overhead, and defends against reconnaissance attacks, address based correlation as well as denial-of-service attacks. 6HOP therefore exploits the ample address space available in IPv6 networks and provides effective protection this way.

A Trust-based Resilient Routing Mechanism for the Internet of Things

Local-area networks comprising the Internet of Things (IoT) consist mainly of devices that have limited processing capabilities and face energy constraints. This has an implication on developing security mechanisms, as they require significant computing resources. In this paper, we design a trust-based routing solution with IoT devices in mind. Specifically, we propose a trust-based approach for managing the reputation of every node of an IoT network. The approach is based on the emerging Routing Protocol for Low power and Lossy networks (RPL). The proposed solution is simulated for its routing resilience and compared with two other variants of RPL.

Whom You Gonna Trust? A Longitudinal Study on TLS Notary Services

TLS is currently the most widely-used protocol on the Internet to facilitate secure communications, in particular secure web browsing. TLS relies on X.509 certificates as a major building block to establish a secure communication channel. Certificate Authorities (CAs) are trusted third parties that validate the TLS certificates and establish trust relationships between communication entities. To counter prevalent attack vectors - like compromised CAs issuing fraudulent certificates and active man-in-the-middle (MitM) attacks - TLS notary services were proposed as a solution to verify the legitimacy of certificates using alternative communication channels.

Secure cyber-physical production systems: Solid steps towards realization

Sophisticated production systems include plenty of information technology (IT) in order to gain more efficiency. However, this on-going development bears the drawback of lacking security. Cyber-physical production systems (CPPS) are likely to be struck by a cyber-launched attack; but might also be themselves the origin of an attack targeting IT infrastructures or other production systems. Far from an ideal solution, the involved engineering disciplines appear to work in parallel despite aiming for the same goal: securing the production systems. In this paper, we highlight small measures that are able to achieve large effects on CPPS security: (1) Extending interoperability testing by security testing gains robustness against intentionally malformed inputs; (2) the extension of todays models so that they enable the description of malicious actions would allow to assess system behavior in presence of an attack; and (3) a layered approach on CPPS security enables to address malicious activities at an adequate, semantic layer without the need for precarious shadow systems.

A Performance Assessment of Network Address Shuffling in IoT Systems

While the large scale distribution and unprecedented connectivity of embedded systems in the Internet of Things (IoT) has enabled various useful application scenarios, it also poses a risk to users and infrastructure alike. Recent incidents, like the Mirai botnet, have shown that these devices are often not sufficiently protected against attacks and can therefore be abused for malicious purposes, like distributed denial of service (DDoS) attacks. While it may be an impossible task to completely secure all systems against attacks, moving target defense (MTD) has been proposed as an alternative to prevent attackers from finding devices and endpoints and eventually launching their attacks against them. One of these approaches is network-based moving target defense which relies on the obfuscation and change of network level information, like IP addresses and ports. Since most of these approaches have been developed with desktop applications in mind, their usefulness in IoT applications has not been investigated.

Timestamp hiccups: Detecting manipulated filesystem timestamps on NTFS

Redundant capacity in filesystem timestamps is recently proposed in the literature as an effective means for information hiding and data leakage. Here, we evaluate the steganographic capabilities of such channels and propose techniques to aid digital forensics investigation towards identifying and detecting manipulated filesystem timestamps. Our findings indicate that different storage media and interfaces exhibit different timestamp creation patterns. Such differences can be utilized to characterize file source media and increase the analysis capabilities of the incident response process.

Notary-Assisted Certificate Pinning for Improved Security of Android Apps

The security provided to Internet applications by the TLS protocol relies on the trust we put on Certificate Authorities (CAs) issuing valid identity certificates. TLS certificate pinning is a proposed approach to defend against man-in-the-middle (MitM) attacks that are realized using valid albeit fraudulent certificates. Yet, the implementation of certificate pinning for mobile applications, and especially for Google Android apps, is cumbersome and error-prone, resulting in inappropriate connection handling and privacy leaks of user information. We propose the use of TLS notary-assisted certificate pinning at the Android Runtime level. Our approach defends against a wide range of MitM attacks without needing to update the application using TLS. Furthermore, by relying on the collective knowledge of the trusted TLS notaries, we increase both the security and the usability, while at the same time we remove the burden for the user making trust decisions about system security issues. We describe a proof-of-concept implementation demonstrating its capabilities and discuss the next steps necessary towards general availability of our solution.