The border gateway protocol (BGP) is the default inter domain routing protocol used on the internet for exchanging information between autonomous systems. Available literature suggests that BGP is vulnerable to sessio...The border gateway protocol (BGP) is the default inter domain routing protocol used on the internet for exchanging information between autonomous systems. Available literature suggests that BGP is vulnerable to session hijacking attacks. There are a number of proposals aimed at improving BGP security which have not been fully implemented. This paper examines a number of approaches for securing BGP through a comparative study and identifies the reasons why these proposals have not been implemented commercially. This paper analyses the architecture of internet routing and the design of BGP while focusing on the problem of BGP session hijacking attacks. Using Graphical Network Simulator 3 (GNS-3), a session hijack is demonstrated and a solution which involves the implementation of route filtering, policy-maps and route-maps on CISCO routers representing ASes is carried out. In the end, a workable industry standard framework for securing and protecting BGP sessions and border routers from exploitation with little or no modification to the existing routing infrastructure is demonstrated.展开更多
Traffic hijacking is a common attack perpetrated on networked systems, where attackers eavesdrop on user transactions, manipulate packet data, and divert traffic to illegitimate locations. Similar attacks can also be ...Traffic hijacking is a common attack perpetrated on networked systems, where attackers eavesdrop on user transactions, manipulate packet data, and divert traffic to illegitimate locations. Similar attacks can also be unleashed in a NoC (Network on Chip) based system where the NoC comes from a third-party vendor and can be engrafted with hardware Trojans. Unlike the attackers on a traditional network, those Trojans are usually small and have limited capacity. This paper targets such a hardware Trojan;Specifically, the Trojan aims to divert traffic packets to unauthorized locations on the NoC. To detect this kind of traffic hijacking, we propose an authentication scheme in which the source and destination addresses are tagged. We develop a custom design for the packet tagging and authentication such that the implementation costs can be greatly reduced. Our experiments on a set of applications show that on average the detection circuitry incurs about 3.37% overhead in area, 2.61% in power, and 0.097% in performance when compared to the baseline design.展开更多
Activity hijacking is one of the most powerful attacks in Android. Though promising, all the prior activity hijacking attacks suffer from some limitations and have limited attack capabilities. They no longer pose secu...Activity hijacking is one of the most powerful attacks in Android. Though promising, all the prior activity hijacking attacks suffer from some limitations and have limited attack capabilities. They no longer pose security threats in recent Android due to the presence of effective defense mechanisms. In this work, we propose the first automated and adaptive activity hijacking attack, named VenomAttack, enabling a spectrum of customized attacks (e.g., phishing, spoofing, and DoS) on a large scale in recent Android, even the state-of-the-art defense mechanisms are deployed. Specifically, we propose to use hotpatch techniques to identify vulnerable devices and update attack payload without re-installation and re-distribution, hence bypassing offline detection. We present a newly-discovered flaw in Android and a bug in derivatives of Android, each of which allows us to check if a target app is running in the background or not, by which we can determine the right attack timing via a designed transparent activity. We also propose an automated fake activity generation approach, allowing large-scale attacks. Requiring only the common permission INTERNET, we can hijack activities at the right timing without destroying the GUI integrity of the foreground app. We conduct proof-of-concept attacks, showing that VenomAttack poses severe security risks on recent Android versions. The user study demonstrates the effectiveness of VenomAttack in real-world scenarios, achieving a high success rate (95%) without users’ awareness. That would call more attention to the stakeholders like Google.展开更多
Border Gateway Protocol(BGP)is a standard inter-domain routing protocol for the Internet that conveys network layer reachability information and establishes routes to different destinations.The BGP protocol exhibits s...Border Gateway Protocol(BGP)is a standard inter-domain routing protocol for the Internet that conveys network layer reachability information and establishes routes to different destinations.The BGP protocol exhibits security design defects,such as an unconditional trust mechanism and the default acceptance of BGP route announcements from peers by BGP neighboring nodes,easily triggering prefix hijacking,path forgery,route leakage,and other BGP security threats.Meanwhile,the traditional BGP security mechanism,relying on a public key infrastructure,faces issues like a single point of failure and a single point of trust.The decentralization,anti-tampering,and traceability advantages of blockchain offer new solution ideas for constructing secure and trusted inter-domain routing mechanisms.In this paper,we summarize the characteristics of BGP protocol in detail,sort out the BGP security threats and their causes.Additionally,we analyze the shortcomings of the traditional BGP security mechanism and comprehensively evaluate existing blockchain-based solutions to address the above problems and validate the reliability and effectiveness of blockchain-based BGP security methods in mitigating BGP security threats.Finally,we discuss the challenges posed by BGP security problems and outline prospects for future research.展开更多
In this work we propose a centrality measure for networks, which we refer to as Laplacian centrality, that provides a general framework for the centrality of a vertex based on the idea that the importance (or centrali...In this work we propose a centrality measure for networks, which we refer to as Laplacian centrality, that provides a general framework for the centrality of a vertex based on the idea that the importance (or centrality) of a vertex is related to the ability of the network to respond to the deactivation or removal of that vertex from the network. In particular, the Laplacian centrality of a vertex is defined as the relative drop of Laplacian energy caused by the deactivation of this vertex. The Laplacian energy of network G with?n?vertices is defined as , where ?is the eigenvalue of the Laplacian matrix of G. Other dynamics based measures such as that of Masuda and Kori and PageRank compute the importance of a node by analyzing the way paths pass through a node while our measure captures this information as well as the way these paths are “redistributed” when the node is deleted. The validity and robustness of this new measure are illustrated on two different terrorist social network data sets and 84 networks in James Moody’s Add Health in school friendship nomination data, and is compared with other standard centrality measures.展开更多
The gradual deployment of Low-Earth Orbit(LEO)mega constellations with inter-satellite links(ISLs)promises ubiquitous,low-latency,and high-throughput satellite network services.However,networked LEO satellites with IS...The gradual deployment of Low-Earth Orbit(LEO)mega constellations with inter-satellite links(ISLs)promises ubiquitous,low-latency,and high-throughput satellite network services.However,networked LEO satellites with ISLs are also at risk of routing attacks such as hijacking.Existing defenses against route hijacking in terrestrial networks can hardly work for the LEO satellite network due to its high spatiotemporal dynamics.To deal with it,we propose RPD,a high-risk routing path detection method for LEO mega-constellation networks.RPD detects abnormal high-risk LEO network paths by checking the consistency between the path delay and the geographical distance.This is efficiently achieved by combining in-band measurements and out-of-band statistical processing to detect the anomaly of the clustering feature in the reference delay matrix.RPD avoids the recalculation of the header cryptographic marks when the handover occurs,thus greatly reducing the cost and improving the performance of highrisk path detection.Experiments showed that the proposed RPD mechanism achieves an average detection accuracy of 91.64%under normal network conditions,and maintain about 89%even when congestion occurs in multiple areas of the network and measurement noise is considered.In addition,RPD does not require any cryptographic operation on the intermediate node,only minimal communication cost with excellent scalability and deployability.展开更多
类比构词(Word—Formation by Analogy)是英语中一种有趣而又实用的构词方式。其构词特点是,以某个同类词为模式,在语义上进行联想类比,替换其中某个词素,构造出与之对应或类似的新词来。例如,work aholic(工作迷)系仿alcoholi...类比构词(Word—Formation by Analogy)是英语中一种有趣而又实用的构词方式。其构词特点是,以某个同类词为模式,在语义上进行联想类比,替换其中某个词素,构造出与之对应或类似的新词来。例如,work aholic(工作迷)系仿alcoholic(嗜酒者)而造,而seajack(海上劫持)和skyjack(空中劫持)则是类比hijack(拦路抢劫)而成,故都属类比词。展开更多
类比构词(Wora—Formation by Analogy)是英语中一种有趣而又实用的构词方式。其构词特点是,以某个同类词为模式,在语义上进行联想类比,替换其中某个词素,构造出与之对应或类似的新词来。例如,workaholic(工作迷)系仿alco—ho...类比构词(Wora—Formation by Analogy)是英语中一种有趣而又实用的构词方式。其构词特点是,以某个同类词为模式,在语义上进行联想类比,替换其中某个词素,构造出与之对应或类似的新词来。例如,workaholic(工作迷)系仿alco—holic(嗜酒者)而造,而seajack(海上劫持)和skyjack(空中劫持)则是类比hijack(拦路抢劫)而成,故都属类比词。展开更多
Buffer overflow poses a serious threat to the memory security of modern operating systems.It overwrites the con-tents of other memory areas by breaking through the buffer capacity limit,destroys the system execution e...Buffer overflow poses a serious threat to the memory security of modern operating systems.It overwrites the con-tents of other memory areas by breaking through the buffer capacity limit,destroys the system execution environ-ment,and provides implementation space for various system attacks such as program control flow hijacking.That makes it a wide range of harms.A variety of security technologies have been proposed to deal with system security problems including buffer overflow.For example,No eXecute(NX for short)is a memory management technology commonly used in Harvard architecture.It can refuse the execution of code which residing in a specific memory,and can effectively suppress the abnormal impact of buffer overflow on control flow.Therefore,in recent years,it has also been used in the field of system security,deriving a series of solutions based on NX technology,such as ExecShield,DEP,StackGuard,etc.However,these security solutions often rely too much on the processor archi-tecture so that the protection coverage is insufficient and the accuracy is limited.Especially in the emerging system architecture field represented by RiSC-V,there is still a lack of effective solutions for buffer overflow vulnerabilities.With the continuous rapid development of the system architecture,it is urgent to develop defense methods that are applicable to different system application environments and oriented to all executable memory spaces to meet the needs of system security development.Therefore,we propose BOP,A new system memory security design method based on RISC-V extended instructions,to build a RISC-V buffer overflow detection and defense system and deal with the buffer overflow threat in RIsC-V.According to this method,NX technology can be combined with program control flow analysis,and Nx bit mechanism can be used to manage the executability of memory space,so as to achieve a more granular detection and defense of buffer overflow attacks that may occur in RISC-V system environment.In addition,The memory management and control function of BOP is not only very suitable for solving the security problems in the existing single architecture system,but also widely applicable to the combina-tion of multiple heterogeneous systems.展开更多
The Android operating system provides a rich Inter-Component Communication(ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method...The Android operating system provides a rich Inter-Component Communication(ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method is proposed to model and detect inter-component communication behavior in Android applications. Firstly,we generate data flow graphs and data facts for each component through component-level data flow analysis.Secondly, our approach treats ICC just like method calls. After analyzing the fields and data dependencies of the intent, we identify the ICC caller and callee, track the data flow between them, and construct the ICC model. Thirdly,the behavior model of Android applications is constructed by a formal mapping method for component data flow graph based on Pi calculus. The runtime sensitive path trigger detection algorithm is then given. Communicationbased attacks are detected by analyzing intent abnormity. Finally, we analyze the modeling and detection efficiency,and compare it with relevant methods. Analysis of 57 real-world applications partly verifies the effectiveness of the proposed method.展开更多
This paper aims at analyzing the security issues that lie in the application layer (AL) protocols when users connect to the Internet via a wireless local area network (WLAN) through an access point. When adversaries l...This paper aims at analyzing the security issues that lie in the application layer (AL) protocols when users connect to the Internet via a wireless local area network (WLAN) through an access point. When adversaries launch deauthentication flood attacks cutting users' connection, the connection managers will automatically research the last access point's extended service set identifier (ESSID) and then re-establish connection. However, such re-connection can lead the users to a fake access point with the same ESSID set by attackers. As the attackers hide behind users' access points, they can pass AL's authentication and security schemes, e.g. secure socket layer (SSL). We have proved that they can even spy on users' account details, passwords, data and privacy.展开更多
文摘The border gateway protocol (BGP) is the default inter domain routing protocol used on the internet for exchanging information between autonomous systems. Available literature suggests that BGP is vulnerable to session hijacking attacks. There are a number of proposals aimed at improving BGP security which have not been fully implemented. This paper examines a number of approaches for securing BGP through a comparative study and identifies the reasons why these proposals have not been implemented commercially. This paper analyses the architecture of internet routing and the design of BGP while focusing on the problem of BGP session hijacking attacks. Using Graphical Network Simulator 3 (GNS-3), a session hijack is demonstrated and a solution which involves the implementation of route filtering, policy-maps and route-maps on CISCO routers representing ASes is carried out. In the end, a workable industry standard framework for securing and protecting BGP sessions and border routers from exploitation with little or no modification to the existing routing infrastructure is demonstrated.
文摘Traffic hijacking is a common attack perpetrated on networked systems, where attackers eavesdrop on user transactions, manipulate packet data, and divert traffic to illegitimate locations. Similar attacks can also be unleashed in a NoC (Network on Chip) based system where the NoC comes from a third-party vendor and can be engrafted with hardware Trojans. Unlike the attackers on a traditional network, those Trojans are usually small and have limited capacity. This paper targets such a hardware Trojan;Specifically, the Trojan aims to divert traffic packets to unauthorized locations on the NoC. To detect this kind of traffic hijacking, we propose an authentication scheme in which the source and destination addresses are tagged. We develop a custom design for the packet tagging and authentication such that the implementation costs can be greatly reduced. Our experiments on a set of applications show that on average the detection circuitry incurs about 3.37% overhead in area, 2.61% in power, and 0.097% in performance when compared to the baseline design.
基金supported by the National Natural Science Foundation of China (Grant Nos. 62072309 and 6171101225).
文摘Activity hijacking is one of the most powerful attacks in Android. Though promising, all the prior activity hijacking attacks suffer from some limitations and have limited attack capabilities. They no longer pose security threats in recent Android due to the presence of effective defense mechanisms. In this work, we propose the first automated and adaptive activity hijacking attack, named VenomAttack, enabling a spectrum of customized attacks (e.g., phishing, spoofing, and DoS) on a large scale in recent Android, even the state-of-the-art defense mechanisms are deployed. Specifically, we propose to use hotpatch techniques to identify vulnerable devices and update attack payload without re-installation and re-distribution, hence bypassing offline detection. We present a newly-discovered flaw in Android and a bug in derivatives of Android, each of which allows us to check if a target app is running in the background or not, by which we can determine the right attack timing via a designed transparent activity. We also propose an automated fake activity generation approach, allowing large-scale attacks. Requiring only the common permission INTERNET, we can hijack activities at the right timing without destroying the GUI integrity of the foreground app. We conduct proof-of-concept attacks, showing that VenomAttack poses severe security risks on recent Android versions. The user study demonstrates the effectiveness of VenomAttack in real-world scenarios, achieving a high success rate (95%) without users’ awareness. That would call more attention to the stakeholders like Google.
基金the National Natural Science Foundation of China,GrantNumbers(62272007,62001007)the Natural Science Foundation of Beijing,GrantNumbers(4234083,4212018)The authors also acknowledge the support from King Khalid University for funding this research through the Large Group Project under Grant Number RGP.2/373/45.
文摘Border Gateway Protocol(BGP)is a standard inter-domain routing protocol for the Internet that conveys network layer reachability information and establishes routes to different destinations.The BGP protocol exhibits security design defects,such as an unconditional trust mechanism and the default acceptance of BGP route announcements from peers by BGP neighboring nodes,easily triggering prefix hijacking,path forgery,route leakage,and other BGP security threats.Meanwhile,the traditional BGP security mechanism,relying on a public key infrastructure,faces issues like a single point of failure and a single point of trust.The decentralization,anti-tampering,and traceability advantages of blockchain offer new solution ideas for constructing secure and trusted inter-domain routing mechanisms.In this paper,we summarize the characteristics of BGP protocol in detail,sort out the BGP security threats and their causes.Additionally,we analyze the shortcomings of the traditional BGP security mechanism and comprehensively evaluate existing blockchain-based solutions to address the above problems and validate the reliability and effectiveness of blockchain-based BGP security methods in mitigating BGP security threats.Finally,we discuss the challenges posed by BGP security problems and outline prospects for future research.
文摘In this work we propose a centrality measure for networks, which we refer to as Laplacian centrality, that provides a general framework for the centrality of a vertex based on the idea that the importance (or centrality) of a vertex is related to the ability of the network to respond to the deactivation or removal of that vertex from the network. In particular, the Laplacian centrality of a vertex is defined as the relative drop of Laplacian energy caused by the deactivation of this vertex. The Laplacian energy of network G with?n?vertices is defined as , where ?is the eigenvalue of the Laplacian matrix of G. Other dynamics based measures such as that of Masuda and Kori and PageRank compute the importance of a node by analyzing the way paths pass through a node while our measure captures this information as well as the way these paths are “redistributed” when the node is deleted. The validity and robustness of this new measure are illustrated on two different terrorist social network data sets and 84 networks in James Moody’s Add Health in school friendship nomination data, and is compared with other standard centrality measures.
基金supported by National Key Research and Development Plan of China under Grant 2022YFB3105203National Natural Science Foundation of China(62132009)+2 种基金key fund of National Natural Science Foundation of China(62272266)Tsinghua University-China Mobile Communications Group Co.,Ltd.Joint InstituteZhongguancun Laboratory。
文摘The gradual deployment of Low-Earth Orbit(LEO)mega constellations with inter-satellite links(ISLs)promises ubiquitous,low-latency,and high-throughput satellite network services.However,networked LEO satellites with ISLs are also at risk of routing attacks such as hijacking.Existing defenses against route hijacking in terrestrial networks can hardly work for the LEO satellite network due to its high spatiotemporal dynamics.To deal with it,we propose RPD,a high-risk routing path detection method for LEO mega-constellation networks.RPD detects abnormal high-risk LEO network paths by checking the consistency between the path delay and the geographical distance.This is efficiently achieved by combining in-band measurements and out-of-band statistical processing to detect the anomaly of the clustering feature in the reference delay matrix.RPD avoids the recalculation of the header cryptographic marks when the handover occurs,thus greatly reducing the cost and improving the performance of highrisk path detection.Experiments showed that the proposed RPD mechanism achieves an average detection accuracy of 91.64%under normal network conditions,and maintain about 89%even when congestion occurs in multiple areas of the network and measurement noise is considered.In addition,RPD does not require any cryptographic operation on the intermediate node,only minimal communication cost with excellent scalability and deployability.
文摘类比构词(Word—Formation by Analogy)是英语中一种有趣而又实用的构词方式。其构词特点是,以某个同类词为模式,在语义上进行联想类比,替换其中某个词素,构造出与之对应或类似的新词来。例如,work aholic(工作迷)系仿alcoholic(嗜酒者)而造,而seajack(海上劫持)和skyjack(空中劫持)则是类比hijack(拦路抢劫)而成,故都属类比词。
文摘类比构词(Wora—Formation by Analogy)是英语中一种有趣而又实用的构词方式。其构词特点是,以某个同类词为模式,在语义上进行联想类比,替换其中某个词素,构造出与之对应或类似的新词来。例如,workaholic(工作迷)系仿alco—holic(嗜酒者)而造,而seajack(海上劫持)和skyjack(空中劫持)则是类比hijack(拦路抢劫)而成,故都属类比词。
基金Strategic Priority Research Program of CAS(XDC05040000).
文摘Buffer overflow poses a serious threat to the memory security of modern operating systems.It overwrites the con-tents of other memory areas by breaking through the buffer capacity limit,destroys the system execution environ-ment,and provides implementation space for various system attacks such as program control flow hijacking.That makes it a wide range of harms.A variety of security technologies have been proposed to deal with system security problems including buffer overflow.For example,No eXecute(NX for short)is a memory management technology commonly used in Harvard architecture.It can refuse the execution of code which residing in a specific memory,and can effectively suppress the abnormal impact of buffer overflow on control flow.Therefore,in recent years,it has also been used in the field of system security,deriving a series of solutions based on NX technology,such as ExecShield,DEP,StackGuard,etc.However,these security solutions often rely too much on the processor archi-tecture so that the protection coverage is insufficient and the accuracy is limited.Especially in the emerging system architecture field represented by RiSC-V,there is still a lack of effective solutions for buffer overflow vulnerabilities.With the continuous rapid development of the system architecture,it is urgent to develop defense methods that are applicable to different system application environments and oriented to all executable memory spaces to meet the needs of system security development.Therefore,we propose BOP,A new system memory security design method based on RISC-V extended instructions,to build a RISC-V buffer overflow detection and defense system and deal with the buffer overflow threat in RIsC-V.According to this method,NX technology can be combined with program control flow analysis,and Nx bit mechanism can be used to manage the executability of memory space,so as to achieve a more granular detection and defense of buffer overflow attacks that may occur in RISC-V system environment.In addition,The memory management and control function of BOP is not only very suitable for solving the security problems in the existing single architecture system,but also widely applicable to the combina-tion of multiple heterogeneous systems.
基金supported by the Hebei Provincial Natural Science Foundation(Nos.F2016203290 and F2017203307)the National Natural Science Foundation of China(No.61772450)+3 种基金the Doctoral Foundation of Yanshan University(Nos.BL18011 and B906)the Hebei Normal University of Science and Technology Scientific Research Foundation(No.2018YB019)the China Postdoctoral Science Foundation(No.2018M631764)the Hebei Province Science and Technology Planning Project(No.17210701D)
文摘The Android operating system provides a rich Inter-Component Communication(ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method is proposed to model and detect inter-component communication behavior in Android applications. Firstly,we generate data flow graphs and data facts for each component through component-level data flow analysis.Secondly, our approach treats ICC just like method calls. After analyzing the fields and data dependencies of the intent, we identify the ICC caller and callee, track the data flow between them, and construct the ICC model. Thirdly,the behavior model of Android applications is constructed by a formal mapping method for component data flow graph based on Pi calculus. The runtime sensitive path trigger detection algorithm is then given. Communicationbased attacks are detected by analyzing intent abnormity. Finally, we analyze the modeling and detection efficiency,and compare it with relevant methods. Analysis of 57 real-world applications partly verifies the effectiveness of the proposed method.
基金the National Science Council (No. NSC-99-2219-E-033-001)the Foundation of the Chung Yuan Christian University (1004) (No. CYCU-EECS.9801)
文摘This paper aims at analyzing the security issues that lie in the application layer (AL) protocols when users connect to the Internet via a wireless local area network (WLAN) through an access point. When adversaries launch deauthentication flood attacks cutting users' connection, the connection managers will automatically research the last access point's extended service set identifier (ESSID) and then re-establish connection. However, such re-connection can lead the users to a fake access point with the same ESSID set by attackers. As the attackers hide behind users' access points, they can pass AL's authentication and security schemes, e.g. secure socket layer (SSL). We have proved that they can even spy on users' account details, passwords, data and privacy.