Thabet Kacem

A whitebox approach for automated security testing of Android applications on the cloud

By changing the way software is delivered to end-users, markets for mobile apps create a false sense of security: apps are downloaded from a market that can potentially be regulated. In practice, this is far from truth and instead, there has been evidence that security is not one of the primary design tenets for the mobile app stores. Recent studies have indicated mobile markets are harboring apps that are either malicious or vulnerable leading to compromises of millions of devices. The key technical obstacle for the organizations overseeing these markets is the lack of practical and automated mechanisms to assess the security of mobile apps, given that thousands of apps are added and updated on a daily basis. In this paper, we provide an overview of a multi-faceted project targeted at automatically testing the security and robustness of Android apps in a scalable manner. We describe an Android-specific program analysis technique capable of generating a large number of test cases for fuzzing an app, as well as a test bed that given the generated test cases, executes them in parallel on numerous emulated Androids running on the cloud.

Integrity and authenticity of ADS-B broadcasts

We propose a novel approach to provide authenticity and integrity of Automatic Dependent Surveillance-Broadcast (ADS-B) messages. We employ a key-management schema for authentication and rely on a keyed-hashed message authentication code (HMAC) for integrity. Our approach avoids scalability and compatibility issues, as we neither change the packet format nor its size.

Detecting malicious ADS-B broadcasts using wide area multilateration

Automatic Dependent Surveillance Broadcast (ADS-B) is an emerging radio technology capable of extending or replacing current RADAR-based surveillance for air traffic management. However, due to its reliance on unencrypted radio transmissions, ADS-B is exploitable using relatively inexpensive and open source tools. This paper demonstrates how multilateration technique can be applied to detect some types of malicious ADS-B transmissions, based on known GPS errors (used by ADS-B transmitters) and clock precision inaccuracies (used by multilateration systems). As it requires the measurement of radio signals time of arrival (TOA) at different sensors to calculate the transmitters location, the placement of those sensors play an important role to determine the accuracy of the estimates. In this direction, this paper also presents a method based on genetic algorithms in order to determine the position of sensors that gives improved coverage and reduced error.

Key distribution mechanism in secure ADS-B networks

Automatic Dependent Surveillance Broadcast (ADS-B) has been gaining attention as a replacement and strengthening of primary and secondary RADAR systems. Nevertheless, there have been several security concerns about this protocol because messages are sent in clear text, which makes it vulnerable to several attacks. In recent work, we addressed these concerns using a hash-based message authentication code (HMAC) that provides ADS-B with integrity and authentication capabilities. In this paper, we further develop this concept by proposing a key distribution mechanism that provides the proper infrastructure for the added safety and security features. The proposed mechanism addresses several common usage scenarios, including those that arise from air space being shared by manned and unmanned aerial vehicles.

A Framework for Automated Security Testing of Android Applications on the Cloud

App markets are stirring a paradigm shift in the way software is provisioned to the end users. The benefits of this model are plenty, including the ability to rapidly and effectively acquire, introduce, maintain, and enhance software used by the consumers. This paradigm shift, however, has given rise to a new set of security challenges. In parallel with the emergence of app markets, we have witnessed increased security threats that are exploiting this model of provisioning software. The key obstacle is the ability to rapidly assess the security and robustness of applications submitted to the market. The problem is that security testing is generally a manual, expensive, and cumbersome process. This is precisely the challenge that we have begun to address in a project targeted at the development of a framework that aids the analysts in testing the security of Android apps. The framework is comprised of a tool-suite that given an application automatically generates and executes numerous test cases, and provides a report of uncovered security vulnerabilities to the human analyst.

Zero Configuration Networking: Implementation, performance, and security

The ubiquitous access to wired and wireless networks is making information access possible from anywhere, anytime, and any device. Today, end-users are also highly mobile, often equipped with a range of portable devices, and they expect service availability when they require it. In addition, they do not want to be burdened by complex configurations before they can discover and use services. The Zero Configuration (Zeroconf) Networking technology promises to alleviate this configuration burden by allowing users to discover services and devices with little end-user intervention. We compare two popular implementations of Zeroconf namely, Avahi and Mono.Zeroconf running on Linux and Windows XP operating systems, respectively. We evaluate their performance using service discovery time as the performance metric. Our empirical results show that Linux Avahi yields almost 99% improvements in service discovery time over Windows Mono.Zeroconf. We also discuss security solutions that can be deployed to enhance the security of Zeroconf networks. We further investigate the performance of the IP Security (IPSec) protocol when used by our Mono.Zeroconf implementation running on the Windows XP platform. With IPSec, service discovery time increases by almost 45% with our prototype implementation.

Secure ADS-B design & evaluation

Automatic Dependent Surveillance Broadcast (ADSB) is a newer air traffic surveillance protocol that is expected to strengthen and replace current RADAR-based surveillance systems, which has brought worldwide attention. However, its nature of clear text broadcast introduces many vulnerabilities to the system. We proposed a solution that uses keyed-hash message authentication code (HMAC) to address the authenticity and integrity deficiencies of ADS-B protocol Previously. In this paper we extend it by improving the HMAC computation procedure at the transmitter and the HMAC verification procedure at the receiver. In addition, this new approach is also evaluated under some types of attacks, comparing its performance against unmodified ADS-B transmissions.

An ADS-B Intrusion Detection System

Advances in radio and RADAR research have considerably contributed to the emergence of novel air traffic control (ATC) protocols. In particular, Automatic Dependent Surveillance Broadcast (ADS-B) has proven to be a viable option that could complement and extend current technologies. Despite the benefits offered by ADS-B, such as more precise location, easier deployment, and lower costs, cyber-security issues have arisen due to the open, clear-text broadcasting of ADS-B messages making it vulnerable to many attacks. In this paper, we propose an intrusion detection system (IDS) specifically designed to detect malicious or questionable ADS-B messages. We leverage prior work on cyber-defense mechanisms against ADS-B attacks and physical aspects of aircraft motion to classify received ADS-B traffic as potential attacks and retain digital artifacts that might support post-attack forensic investigations.

Secure ADS-B framework “ADS-Bsec”

In this paper, we leverage previous work on securing Automatic Dependent Surveillance Broadcast (ADS-B) to propose a secure ADS-B framework that substantially enhances the original safety and security solutions. The enhancements are obtained by feeding real flight data along with malicious data at the secure ADS-B sender and observing the outcome at the secure ADS-B receiver that we developed as part of our research on ADS-Bsec. To evaluate our ideas, we built a trajectory predictor module based on Base of Aircraft Data (BADA) and, together with well-defined departure and arrival airports, generated a synthetic, yet realistic aircraft data set. The experiments focus on describing how our system reacts to known ADS-B attacks, and the results obtained so far and presented in this paper are consistent with our expectations of enhancements in both safety and security of ADS-B operations.