Workshop Program

We present FLEXTLS, a tool for rapidly prototyping and testing implementations of the Transport Layer Security (TLS) protocol. FLEXTLS is built upon MITLS, a verified implementation of TLS, and hence protocol scenarios written in FLEXTLS can benefit from robust libraries for messaging and cryptography. Conversely, attack scripts in FLEXTLS can be used to evaluate and communicate the impact of new protocol vulnerabilities.

FLEXTLS was used to discover recent attacks on TLS implementations, such as SKIP and FREAK, as well as to program the first proof-of-concept demos for FREAK and Logjam. It is also being used to experiment with proposed designs of the upcoming version 1.3 of TLS. Our goal is to create a common platform where protocol analysts and practitioners can easily test TLS implementations and share protocol designs, attacks or proofs.

In this paper, we demonstrate that the BitTorrent protocol family is vulnerable to distributed reflective denial-of-service (DRDoS) attacks. Specifically, we show that an attacker can exploit BitTorrent protocols (Micro Transport Protocol (uTP), Distributed Hash Table (DHT), Message Stream Encryption (MSE))and BitTorrent Sync (BTSync) to reflect and amplify traffic from peers. We validate the efficiency, robustness and evadability of the exposed BitTorrent vulnerabilities in a P2P lab testbed. We further substantiate the lab results by crawling more than 2.1 million IP addresses over Mainline DHT (MLDHT) and analyzing more than 10,000 BitTorrent handshakes. Our experiments reveal that an attacker is able to exploit BitTorrent peers to amplify the traffic up to a factor of 50 times and in case of BTSync up to 120 times. Additionally, we observe that the most popular BitTorrent clients are the most vulnerable ones.

In recent years, to find a universal root solution for Android becomes harder and harder due to rare vulnerabilities in the Linux kernel base and also the exploit mitigations applied on the devices by various vendors.

In this paper, we will present our universal root solution. The related vulnerability CVE-2015-3636, a typical use-after-free bug in Linux kernel is discussed in detail. Exploiting such a use-after-free in Linux kernel is truly difficult due to the separated allocation from the kernel allocator. We will show how we leverage this kernel use-after-free bug to achieve privilege promotion on most popular Android devices on market which have a version not less than 4.3, including the first 64bit root case in the world. In short, we will present a generic way to exploit use-after-free vulnerabilities in Linux kernel, which means one exploit applies to devices of all brands. All the current mitigations in the kernel like PXN are circumvented by this approach. And most importantly our unique and undocumented exploitation technique targeting kernel use-after-free bugs features stability and accuracy.

We developed a novel, proof-of-concept side-channel attack framework called RouteDetector, which identifies a route for a train trip by simply reading smart device sensors: an accelerometer, magnetometer, and gyroscope. All these sensors are commonly used by many apps without requiring any permissions. The key technical components of RouteDetector can be summarized as follows. First, by applying a machine-learning technique to the data collected from sensors, RouteDetector detects the activity of a user, i.e., "walking," "in moving vehicle," or "other." Next, it extracts departure/arrival times of vehicles from the sequence of the detected human activities. Finally, by correlating the detected departure/arrival times of the vehicle with timetables/route maps collected from all the railway companies in the rider’s country, it identifies potential routes that can be used for a trip. We demonstrate that the strategy is feasible through field experiments and extensive simulation experiments using timetables and route maps for 9,090 railway stations of 172 railway companies.

Embedded systems are becoming increasingly sophisticated, inter-connected, and pervasive. Unfortunately, securing these systems remains challenging. While powerful dynamic analysis tools have been developed for traditional software, the unique characteristics of embedded systems make it difficult to apply these well-known techniques; prior work has been limited either to small systems or short segments of code. In this paper, we demonstrate a system that is capable of emulating and instrumenting embedded systems in near-real-time, enabling a variety of dynamic analysis techniques. Our approach uses a custom, low-latency FPGA bridge between the host’s PCI Express bus and the system under test, allowing the emulator full access to the system’s peripherals. This provides the emulator with a faithful representation of the environment the firmware normally executes in, enabling additional dynamic analysis techniques such as concolic execution. We discuss the design decisions and engineering tradeoffs made and evaluate our system against prior work.

We analyze the increasing threats against IoT devices. We show that Telnet-based attacks that target IoT devices have rocketed since 2014. Based on this observation, we propose an IoT honeypot and sandbox, which attracts and analyzes Telnet-based attacks against various IoT devices running on different CPU architectures such as ARM, MIPS, and PPC. By analyzing the observation results of our honeypot and captured malware samples, we show that there are currently at least 4 distinct DDoS malware families targeting Telnet-enabled IoT devices and one of the families has quickly evolved to target more devices with as many as 9 different CPU architectures.

A wireless router is a networking device that enables a user to set up a wireless connection to the Internet. A router can offer a secure channel by cryptographic means which provides authenticity and confidentiality. Nowadays, almost all routers use a secure channel by default that is based onWi-Fi Protected Access II (WPA2). This is a security protocol which is believed not to be susceptible to practical key recovery attacks. However, the passwords should have sufficient entropy to avert brute force attacks.

In this paper, we compose a strategy on how to reverse-engineer embedded routers. Furthermore, we describe a procedure that can instantly gather a complete wireless authentication trace which enables an offline password recovery attack. Finally, we present a number of use cases where we identify extremely weak password generating algorithms in various routers which are massively deployed in The Netherlands.

The algorithms are used to generate the default WPA2 password. Such a password is loaded during device initialization and hardware reset. Users that did not explicitly change their wireless password are most likely vulnerable to practical attacks which can recover their password within minutes. A stolen password allows an adversary to abuse someone else’s internet connection, for instance compromising the firewall, making a fraudulent transaction or performing other criminal activities. Together with the Dutch National Cyber Security Centre we have initiated a responsible disclosure procedure. However, since these routers are also used by many other companies in various countries, our findings seem to relate an international industry wide security issue.

Security requirements in the cloud have led to the development of new monitoring techniques that can be broadly categorized as virtual machine introspection (VMI) techniques. VMI monitoring aims to provide high-fidelity monitoring while keeping the monitor secure by leveraging the isolation provided by virtualization. This work shows that not all hypervisor activity is hidden from the guest virtual machine (VM), and the guest VM can detect when the hypervisor performs an action on the guest VM, such as a VMI monitoring check. We call this technique hypervisor introspection and demonstrate how a malicious insider could utilize this technique to evade a passive VMI system.

Copying data from devices into main memory is a computationally-trivial, yet time-intensive, task. In order to free the CPU to perform more interesting work, computers use direct memory access (DMA) engines—a special-purpose piece of hardware—to transfer data into and out of main memory. We show that the ability to chain together such memory transfers, as provided by commodity hardware, is sufficient to perform arbitrary computation. Further, when hardware peripherals can be accessed via memory-mapped I/O, they are accessible to "DMA programs." To demonstrate malicious behavior, we build a proof-of-concept DMA rootkit that modifies kernel objects in memory to perform privilege escalation for target processes.

Hands-free, voice-driven user input is gaining popularity, in part due to the increasing functionalities provided by intelligent digital assistances such as Siri, Cortana, and Google Now, and in part due to the proliferation of small devices that do not support more traditional, keyboard-based input.

In this paper, we examine the gap in the mechanisms of speech recognition between human and machine. In particular, we ask the question, do the differences in how humans and machines understand spoken speech lead to exploitable vulnerabilities? We find, perhaps surprisingly, that these differences can be easily exploited by an adversary to produce sound which is intelligible as a command to a computer speech recognition system but is not easily understandable by humans. We discuss how a wide range of devices are vulnerable to such manipulation and describe how an attacker might use them to defraud victims or install malware, among other attacks.

Several attacks against physical pin-tumbler locks require access to one or more key blanks to perform. These attacks include bumping, impressioning, rights-amplification, and teleduplication. To mitigate these attacks, many lock systems rely on restricted keyways and use blanks that are not sold to the general public, making it harder for attackers to obtain them. Often the key blank designs themselves are patented, further discouraging distribution or manufacture by even skilled machinists.

In this paper we investigate the impact that emerging rapid prototyping—or 3D printing—tools have on the security of these restricted keyway systems. We find that commodity 3D printers are able to produce key blanks and pre-cut keys with enough resolution to work in several commonly used pin-tumbler locks and that their material is strong enough to withstand the requirements to perform the aforementioned attacks. In addition, in order to demonstrate the low skill requirements necessary to perform these attacks, we develop a tool that automatically generates a 3D printable CAD model of a key blank using only a single picture of a lock’s keyway. This tool allows us to rapidly manufacture key blanks for restricted keyways that were previously difficult to make or buy. Finally, we discuss possible mitigations for these attacks that lock manufacturers, installers, and users can perform to protect their assets.