Luka Malisa

On Limitations of Friendly Jamming for Confidentiality

Wireless communication provides unique security challenges, but also enables novel ways to defend against attacks. In the past few years, a number of works discussed the use of friendly jamming to protect the confidentiality of the communicated data as well as to enable message authentication and access control. In this work, we analytically and experimentally evaluate the confidentiality that can be achieved by the use of friendly jamming, given an attacker with multiple receiving antennas. We construct a MIMO-based attack that allows the attacker to recover data protected by friendly jamming and refine the conditions for which this attack is most effective. Our attack shows that friendly jamming cannot provide strong confidentiality guarantees in all settings. We further test our attack in a setting where friendly jamming is used to protect the communication to medical implants.

Detecting Mobile Application Spoofing Attacks by Leveraging User Visual Similarity Perception

Mobile application spoofing is an attack where a malicious mobile app mimics the visual appearance of another one. A common example of mobile application spoofing is a phishing attack where the adversary tricks the user into revealing her password to a malicious app that resembles the legitimate one. In this paper, we propose a novel spoofing detection approach, tailored to the protection of mobile app login screens, using screenshot extraction and visual similarity comparison. We use deception rate as a novel similarity metric for measuring how likely the user is to consider a potential spoofing app as one of the protected applications. We conducted a large-scale online study where participants evaluated spoofing samples of popular mobile app login screens, and used the study results to implement a detection system that accurately estimates deception rate. We show that efficient detection is possible with low overhead.

Enforcing Location and Time-Based Access Control on Cloud-Stored Data

Recent incidents of data-breaches from the cloud suggest that users should not trust the cloud provider to enforce access control on their data. We focus on mitigating trust to the cloud in scenarios where granting access to data not only considers user identities (as in conventional access policies), but also contextual information such as the users location and time of access. Previous work in this context assumes a fully trusted cloud that is further capable of locating users. We introduce LoTAC, a novel framework that seamlessly integrates the operation of a cloud provider and a localization infrastructure to enforce location- and time-based access control to cloud-stored data. In LoTAC, the two entities operate independently and are only trusted to offer their basic services: the cloud provider is used and trusted only to reliably store data, the localization infrastructure is used and trusted only to accurately locate users. Furthermore, neither the cloud provider nor the localization infrastructure can access the data, even if they collude. LoTAC protocols require no changes to the cloud provider and minimal changes to the localization infrastructure. We evaluate our protocols using a cellular network as the localization infrastructure and show that they incur in low communication and computation costs and scale well with a large number of users and policies.

Mobile Application Impersonation Detection Using Dynamic User Interface Extraction

In this paper we present a novel approach for detection of mobile app impersonation attacks. Our system uses dynamic code analysis to extract user interfaces from mobile apps and analyzes the extracted screenshots to detect impersonation. As the detection is based on the visual appearance of the application, as seen by the user, our approach is robust towards the attack implementation technique and resilient to simple detection avoidance methods such as code obfuscation. We analyzed over 150,000 mobile apps and detected over 40,000 cases of impersonation. Our work demonstrates that impersonation detection through user interface extraction is effective and practical at large scale.

Hacking in the Blind: (Almost) Invisible Runtime User Interface Attacks

We describe novel, adaptive user interface attacks, where the adversary attaches a small device to the interface that connects user input peripherals to the target system. The device executes the attack when the authorized user is performing safety-, or security-critical operations, by modifying or blocking user input, or injecting new events. Although the adversary fully controls the user input channel, to succeed he needs to overcome a number of challenges, including the inability to directly observe the state of the user interface and avoiding being detected by the legitimate user. We present new techniques that allow the adversary to do user interface state estimation and fingerprinting, and thus attack a new range of scenarios that previous UI attacks do not apply to. We evaluate our attacks on two different types of platforms: e-banking on general-purpose PCs, and dedicated medical terminals. Our evaluation shows that such attacks can be implemented efficiently, are hard for the users to detect, and would lead to serious violations of input integrity.