Jonathan Voris

Vibrate-to-unlock: Mobile phone assisted user authentication to multiple personal RFID tags

Personal RFID tags store valuable information private to their users that can easily be subject to eavesdropping, unauthorized reading, owner tracking, and cloning. RFID tags are also susceptible to relay attacks and likely to get lost and stolen. In this paper, we introduce the problem of user authentication to RFID tags. This allows users to control when and where their RFID tags can be accessed. We present a novel approach for user authentication to multiple RFID tags called “Vibrate-to-Unlock” (VtU). This technique uses a mobile phone as an authentication token, forming an unidirectional tactile communication channel between users and their RFID tags. Authenticating to an RFID tag involves touching a vibrating phone to the tag or an object carrying the tag, such as a wallet. We discuss the design and implementation of this new method on Intels WISP tags. We also report on a preliminary usability evaluation of our VtU prototype.

Data remanence effects on memory-based entropy collection for RFID systems

Random number generation is a fundamental security primitive. This relatively simple requirement is beyond the capacity of passive RFID (radio frequency identification) tags, however. A recent proposal, fingerprint extraction and random number generation in SRAM (FERNS), uses onboard RAM as a randomness source. Unfortunately, practical considerations prevent this approach from reaching its full potential. First, the amount of RAM available for utilization as a randomness generator may be severely restricted due to competition with other system functionalities. Second, RAM is subject to data remanence; there is a period after losing power during which stored data remains intact in memory. Thus, after memory has been used for entropy collection once it will require time without power before it can be reused. This may lead to unacceptable delays in a usable security application. In this paper, the practical considerations that must be taken into account when using RAM as an entropy source are demonstrated. The implementation of a true random number generator on Intel’s WISP (wireless identification and sensing platform) RFID tag is also presented, which is the first to the authors’ best knowledge. By relating this to the requirements of some popular RFID authentication protocols, the practicality of utilizing memory-based randomness techniques on resource-constrained devices is assessed.

Still and silent: motion detection for enhanced RFID security and privacy without changing the usage model

Personal RFID devices - found, e.g., in access cards and contactless credit cards - are vulnerable to unauthorized reading, owner tracking and different types of relay attacks. We observe that accessing a personal RFID device fundamentally requires moving it in some manner (e.g., swiping an RFID access card in front of a reader). Determining whether or not the device is in motion can therefore provide enhanced security and privacy; the device will respond only when it is in motion, instead of doing so promiscuously. We investigate extending the concept of min-entropy from the realm of random number generation to achieve motion detection on an RFID device equipped with an accelerometer. Our approach is quite simple and well-suited for use on low-cost devices because the min-entropy of an accelerometers distribution can be efficiently approximated. As opposed to alternative methods, our approach does not require any changes to the usage model expected of personal RFID devices.

Lost in Translation: Improving Decoy Documents via Automated Translation

Detecting insider attacks continues to prove to be one of the most difficult challenges in securing sensitive data. Decoy information and documents represent a promising approach to detecting malicious masqueraders, however, false positives can interfere with legitimate work and take up user time. We propose generating foreign language decoy documents that are sprinkled with untranslatable enticing proper nouns such as company names, hot topics, or apparent login information. Our goal is for this type of decoy to serve three main purposes. First, using a language that is not used in normal business practice gives real users a clear signal that the document is fake, so they waste less time examining it. Second, an attacker, if enticed, will need to exfiltrate the documents contents in order to translate it, providing a cleaner signal of malicious activity. Third, we consume significant adversarial resources as they must still read the document and decide if it contains valuable information, which is made more difficult as it will be somewhat scrambled through translation. In this paper, we expand upon the rationale behind using foreign language decoys. We present a preliminary evaluation which shows how they significantly increase the cost to attackers in terms of the amount of time that it takes to determine if a document is real and potentially contains valuable information or is entirely bogus, confounding their goal of exfiltrating important sensitive information.

Context-Aware Defenses to RFID Unauthorized Reading and Relay Attacks

Many RFID tags store valuable information privy to their users that can easily be subject to unauthorized reading, leading to owner tracking, or impersonation. RFID tags are also susceptible to different forms of relay attacks. This paper presents novel sensing-enabled defenses to unauthorized reading and relay attacks against RFID systems without necessitating any changes to the traditional RFID usage model. Specifically, this paper proposes the use of cyber-physical interfaces, on-board tag sensors, to (automatically) acquire useful contextual information about the tags environment (or its owner, or the tag itself). First, such context recognition is leveraged for the purpose of selective tag unlocking-the tag will respond selectively to reader interrogations. In particular, novel mechanisms based on an owners posture recognition are presented. Second, context recognition is used as a basis for transaction verification in order to provide protection against a severe form of relay attacks involving malicious RFID readers. A new mechanism is developed that can determine the proximity between a valid tag and a valid reader by correlating certain (specifically audio) sensor data extracted from the two devices. Our evaluation of the proposed mechanisms demonstrate their feasibility in significantly raising the bar against RFID attacks.

Sensing-enabled defenses to RFID unauthorized reading and relay attacks without changing the usage model

Many RFID tags store valuable information privy to their users that can easily be subject to unauthorized reading, leading to owner tracking or impersonation. RFID tags are also susceptible to different forms of relay attacks. This paper presents novel sensing-enabled defenses to unauthorized reading and relay attacks against RFID systems without necessitating any changes to the traditional RFID usage model. More specifically, the paper proposes the use of on-board tag sensors to (automatically) acquire useful contextual information about the tags environment (or its owner, or the tag itself). It suggests how this information can be used to achieve two security functionalities. First, such context recognition can be leveraged for the purpose of selective tag unlocking - the tag will respond selectively to reader interrogations, i.e., only when it is deemed safe to do so. Second, context recognition can be used as a basis for transaction verification in order to provide protection against a severe form of relay attacks involving malicious RFID readers. To demonstrate the feasibility of the overall idea, a novel selective unlocking mechanism based on owners posture recognition is presented. The evaluation of the proposed mechanism shows its effectiveness in significantly raising the bar against many different RFID attacks.

Treat 'em like other devices: user authentication of multiple personal RFID tags

User-to-tag authentication can prevent a variety of potential attacks on personal RFID tags. In this poster, a new RFID authentication scheme is presented that allows a user to control when a tag responds to queries by leveraging a mobile phone. The design and implementation of this approach is presented along with a study of its usability.

Bait and Snitch: Defending Computer Systems with Decoys

Threats against computer networks continue to multiply, but existing security solutions are persistently unable to keep pace with these challenges. In this paper we present a new paradigm for securing computational resources which we call decoy technology. This technique involves seeding a system with data that appears authentic but is in fact spurious. Attacks can be detected by monitoring this phony information for access events. Decoys are capable of detecting malicious activity, such as insider and masquerade attacks, that are beyond the scope of traditional security measures. They can be used to address confidentiality breaches either proactively or after they have

Fox in the trap: thwarting masqueraders via automated decoy document deployment

Organizations face a persistent challenge detecting malicious insiders as well as outside attackers who compromise legitimate credentials and then masquerade as insiders. No matter how good an organizations perimeter defenses are, eventually they will be compromised or betrayed from the inside. Monitored decoy documents (honey files with enticing names and content) are a promising approach to aid in the detection of malicious masqueraders and insiders. In this paper, we present a new technique for decoy document distribution that can be used to improve the scalability of insider detection. We develop a placement application that automates the deployment of decoy documents and we report on two user studies to evaluate its effectiveness. The first study indicates that our automated decoy distribution tool is capable of strategically placing decoy files in a way that offers comparable security to optimal manual deployment. In the second user study, we measure the frequency that normal users access decoy documents on their own systems and show that decoy files do not significantly interfere with normal user tasks.

Exploring Extrinsic Motivation for Better Security: A Usability Study of Scoring-Enhanced Device Pairing

We explore the use of extrinsic motivation to improve the state of user-centered security mechanisms. Specifically, we study applications of scores as user incentives in the context of secure device pairing. We develop a scoring functionality that can be integrated with traditional pairing approaches. We then report on a usability study that we performed to evaluate the effect of scoring on the performance of users in comparison operations. Our results demonstrate that individuals are likely to commit fewer errors and show more acceptance when working with the scoring based pairing approach. Framing pairing as a game and providing feedback to users in the form of a score is an efficient way to improve pairing security, particularly among users such as children who may not be aware of the consequences of their decisions while performing security tasks.