Endadul Hoque

ERAP: ECC Based RFID Authentication Protocol

RFID tags are a new generation of small devices used for identification in many applications today. RFID authentication plays an important role in applications where security and privacy is a major concern. As an example, RFID has gained appreciation as an emerging technology to thwart counterfeiting problems. Public key cryptography (PKC) provides an impeccable solution to the counterfeiting problem. One recent family of public key cryptosystem is elliptic curve cryptography (ECC) which is a better choice than RSA cryptographic system because of its shorter key length. In this paper, we propose a secure, mutual offline authentication protocol which is based on ECC. Finally, we present security analysis of our proposed authentication protocol.

Turret: A Platform for Automated Attack Finding in Unmodified Distributed System Implementations

Security and performance are critical goals for distributed systems. The increased design complexity, incomplete expertise of developers, and limited functionality of existing testing tools often result in bugs and vulnerabilities that prevent implementations from achieving their design goals in practice. Many of these bugs, vulnerabilities, and misconfigurations manifest after the code has already been deployed making the debugging process difficult and costly. In this paper, we present Turret, a platform for automatically finding performance attacks in unmodified implementations of distributed systems. Turret does not require the user to provide any information about vulnerabilities and runs the implementation in the same operating system setup as the deployment, with an emulated network. Turret uses a new attack finding algorithm and several optimizations that allow it to find attacks in a matter of minutes. We ran Turret on 5 different distributed system implementations specifically designed to tolerate insider attacks, and found 30 performance attacks, 24 of which were not previously reported to the best of our knowledge.

Towards Secure Trust Bootstrapping in Pervasive Computing Environment

The deployment of small handheld devices in a pervasive environment inevitably raises security concerns while sharing services. Trust models play a major role in guarding against privacy violations and security breaches. Though assignment of initial trust is an important issue, little work has been done in this area. Most of the prior research on trust models assume a constant level of the initial trust value. However, in a pervasive smart space, trust is context dependent. The need for security varies from context to context. In addition, some services, being shared in this environment, require high security while sharing. To ensure this, security levels should be incorporated in the initial trust calculation. In this paper, we propose a new initial trust model called ICSTB(integration of context security in trust bootstrapping). The model categorizes services or contexts in different security levels based on their security needs, and these security needs are considered in trust bootstrapping.

Taming epidemic outbreaks in mobile adhoc networks

The openness of the smartphone operating systems has increased the number of applications developed, but it has also introduced a new propagation vector for mobile malware. We model the propagation of mobile malware among humans carrying smartphones using epidemiology theory and study the problem as a function of the underlying mobility models. We define the optimal approach to heal an infected system with the help of a set of static healers that distribute patches as the T-Cover problem, which is NP-COMPLETE. We then propose three families of healer protocols that allow for a trade-off between the recovery time and the energy consumed for deploying patches. We show through simulations using the NS-3 simulator that despite lacking knowledge of the exact future, our healers obtain a recovery time within a 7.4×~10× bound of the oracle solution that has knowledge of the future arrival time of all the infected nodes.

Preserving privacy in wireless sensor networks using reliable data aggregation

An important topic addressed by the wireless sensor networks community over the last several years is the in-network data aggregation. It is significant as well as a challenging issue to provide reliable data aggregation scheme while preserving data privacy. However, in WSNs, achieving ideal data accuracy is complicated due to collision, heavy network traffic, processing delays and/or several attacks. The problem of gathering accurate integrated data will be further intensified if the environment is adverse. Hence how to attain data privacy and perfect data accuracy are two major challenges for data aggregation in wireless sensor networks. To address this problem, we propose in this paper a new privacy preserving data aggregation scheme. We present REBIVE (REliaBle prIVate data aggrEgation scheme). In REBIVE the data accuracy maintenance and data privacy protection mechanisms work cooperatively. Different from past research, our proposed solution have the following features: providing privacy preservation technique for individual sensor data and aggregated sensor data; maintaining perfect data accuracy for realistic environments; being highly efficient; and being robust to popular attacks launched in WSNs.

SymCerts: Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation Implementations

The X.509 Public-Key Infrastructure has long been used in the SSL/TLS protocol to achieve authentication. A recent trend of Internet-of-Things (IoT) systems employing small footprint SSL/TLS libraries for secure communication has further propelled its prominence. The security guarantees provided by X.509 hinge on the assumption that the underlying implementation rigorously scrutinizes X.509 certificate chains, and accepts only the valid ones. Noncompliant implementations of X.509 can potentially lead to attacks and/or interoperability issues. In the literature, black-box fuzzing has been used to find flaws in X.509 validation implementations, fuzzing, however, cannot guarantee coverage and thus severe flaws may remain undetected. To thoroughly analyze X.509 implementations in small footprint SSL/TLS libraries, this paper takes the complementary approach of using symbolic execution. We observe that symbolic execution, a technique proven to be effective in finding software implementation flaws, can also be leveraged to expose noncompliance in X.509 implementations. Directly applying an off-the-shelf symbolic execution engine on SSL/TLS libraries is, however, not practical due to the problem of path explosion. To this end, we propose the use of SymCerts, which are X.509 certificate chains carefully constructed with a mixture of symbolic and concrete values. Utilizing SymCerts and some domain-specific optimizations, we symbolically execute the certificate chain validation code of each library and extract path constraints describing its accepting and rejecting certificate universes. These path constraints help us identify missing checks in different libraries. For exposing subtle but intricate noncompliance with X.509 standard, we cross-validate the constraints extracted from different libraries to find further implementation flaws. Our analysis of 9 small footprint X.509 implementations has uncovered 48 instances of noncompliance. Findings and suggestions provided by us have already been incorporated by developers into newer versions of their libraries.

Closing the Pandora's box: Defenses for thwarting epidemic outbreaks in mobile adhoc networks

The openness of the Android operating system increased the number of applications developed, but it also introduced a new propagation vector for mobile malware. We model the propagation of mobile malware using epidemiology theory and study the problem as a function of the underlying mobility models. We define the optimal approach to heal an infected system with the help of a set of static healers that distribute patches, as the T-COVER problem and show that it is NP-HARD. We then propose two families of healer protocols that trade-off time recovery and energy consumed by sending patches. The first one uses randomization to ensure a small recovery time but may result in healers sending more patches than needed. The second one uses system feedback to optimize energy consumed by sending patches, but it may result in a larger recovery time. We show through simulations using the NS-3 simulator that despite lacking knowledge of the future, our protocols obtain a recovery time within a 10x bound of the oracle solution that knows the arrival time of the infected nodes.

Automated Adversarial Testing of Unmodified Wireless Routing Implementations

Numerous routing protocols have been designed and subjected to model checking and simulations. However, model checking the design or testing the simulator-based prototype of a protocol does not guarantee that the implementation is free of bugs and vulnerabilities. Testing implementations beyond their basic functionality (also known as adversarial testing) can increase protocol robustness. We focus on automated adversarial testing of real-world implementations of wireless routing protocols. In our previous work we created Turret, a platform that uses a network emulator and virtualization to test unmodified binaries of general distributed systems. Based on Turret, we create Turret-W designed specifically for wireless routing protocols. Turret-W includes new functionalities such as differentiating routing messages from data messages to enable evaluation of attacks on the control plane and the data plane separately, support for several additional protocols (e.g., those that use homogeneous/heterogenous packet formats, those that run on geographic forwarding (not just IP), those that operate at the data link layer instead of the network layer), support for several additional attacks (e.g., replay attacks) and for establishment of adversarial side-channels that allow for collusion. Turret-W can test not only general routing attacks, but also wireless specific attacks such as wormhole. Using Turret-W on publicly available implementations of five representative routing protocols, we (re-)discovered 37 attacks and 3 bugs. All these bugs and 5 of the total attacks were not previously reported to the best of our knowledge.

Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach

In this work, we propose an automated method to find attacks against TCP congestion control implementations that combines the generality of implementation-agnostic fuzzing with the precision of runtime analysis. It uses a model-guided approach to generate abstract attack strategies by leveraging a state machine model of congestion control to find vulnerable state machine paths that an attacker could exploit to increase or decrease the throughput of a connection. These abstract strategies are then mapped to concrete attack strategies, which consist of sequences of actions such as injection or modification of acknowledgements. We design and implement a virtualized platform, TCPwn, that consists of a proxy-based attack injector to inject these concrete attack strategies. We evaluated 5 TCP implementations from 4 Linux distributions and Windows 8.1. Overall, we found 11 classes of attacks, of which 8 are new.

Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs

Network protocol implementations must comply with their specifications that include properties describing the correct operational behavior of the protocol in response to different temporal orderings of network events. Due to inconsistent interpretations of the specification, developers can unknowingly introduce semantic bugs, which cause the implementations to violate the respective properties. Detecting such bugs in stateful protocols becomes significantly difficult as their operations depend on their internal state machines and the complex interactions between the protocol logic. In this paper, we present an automated tool to help developers analyze their protocol implementations and detect semantic bugs violating the temporal properties of the protocols. Given an implementation, our tool (1) extracts the implemented finite state machine (FSM) of the protocol from the source code by symbolically exploring the code and (2) determines whether the extracted FSM violates given temporal properties by using an off-the-shelf model checker. We demonstrated the efficacy of our tool by applying it on 6 protocol implementations. We detected 11 semantic bugs (2 with security implications) when we analyzed these implementations against properties obtained from their publicly available specifications.