CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University
Center for Education and Research in Information Assurance and Security

Reports and Papers Archive

Browse All Papers »       Submit A Paper »

Meaning-Based Machine Learning

CERIAS TR 2015-7
Courtney Falk, Lauren Stuart
Download: PDF

Meaning-Based Machine Learning (MBML) is a research program intended to show how training machine learning (ML) algorithms on meaningful data produces more accurate results than that of using unstructured data.

Added 2015-04-01

Evaluating Public Cloud Providers

CERIAS TR 2015-6
Courtney Falk
Download: PDF

Security for public cloud providers is an ongoing concern.  Programs like FedRAMP look to certify a minimum level of compliance.  This project aims to build a tool to help decision makers compare different clouds solutions and weigh the risks against their own organizational needs.

Added 2015-04-01

Semantic Phishing Detection

CERIAS TR 2015-5
Courtney Falk
Download: PDF

Our goal is to improve the detection of phishing attack emails by using natural language processing (NLP) technology that models the semantic meaning behind the email text.

Added 2015-04-01

Cyber Forensics: The Need for An Official Governing Body

CERIAS TR 2015-4
Ibrahim Waziri Jr, Rachel Sitarz
Download: PDF

In this paper we identified and addressed some of the key challenges in digital forensics. An intensive review was conducted of the major challenges that have already been identified. At the end, the findings proposed a solution and how having a standardized body that governs the digital forensics community could make a difference.

Added 2015-03-23

Identifying the Cyber Attack Surface of the Advanced Metering Infrastructure

Chris Foreman and Dheeraj Gurugubelli

As AMI is deployed throughout the power grid, identifying the attack surface is a necessary step in achieving cyber security in smart grids and AMI. An important first step to attaining cyber security is to define and illustrate the Cyber Attack Surface with respect to hardware and network configurations, protocols, and software.

Added 2015-03-15

Defending against Password Exposure using Deceptive Covert Communication

CERIAS TR 2015-3
Mohammed H. Almeshekah, Mikhail J. Atallah and Eugene H. Spafford
Download: PDF

The use of deception to enhance security has showed promising result as a defensive technique. In this paper we present an authentication scheme that better protects users’ passwords than in currently deployed password-based schemes, without taxing the users’ memory or damaging the user-friendliness of the lo- gin process. Our scheme maintains comparability with traditional password- based authentication, without any additional storage requirements, giving service providers the ability to selectively enroll users and fall-back to traditional methods if needed. The scheme utilizes the ubiquity of smartphones; however, unlike previous proposals it does not require registration or connectivity of the phones used. In addition, no long-term secrets are stored in any user’s phone, mitigating the consequences of losing it. Our design significantly increases the difficulty of launching a phishing attack by automating the decisions of whether a website should be trusted and introducing additional risk at the adversary side of being detected and deceived. In addition, the scheme is resilient against Man-in-the-Browser (MitB) attacks and compromised client machines. We also introduce a covert communication between the user’s client and the service provider. This can be used to covertly and securely communicate the user context that comes with the use of this mechanism. The scheme also incorporate the use of deception that make it possible to dismantle a large-scale attack infrastructure before it succeeds. As an added feature, the scheme gives service providers the ability to have full-transaction authentication.

Added 2015-02-13

ErsatzPasswords – Ending Password Cracking

CERIAS TR 2015-2
Mohammed H. Almeshekah, Christopher N. Gutierrez, Mikhail J. Atallah and Eugene H. Spafford
Download: PDF

In this work we present a simple, yet effective and practical, scheme to improve the security of stored password hashes rendering their cracking detectable and insuperable at the same time. We utilize a machine-dependent function, such as a physically unclonable function (PUF) or a hardware security module (HSM) at the authentication server. The scheme can be easily integrated with legacy systems without the need of any additional servers, changing the structure of the hashed password file or any client modifications. When using the scheme the structure of the hashed passwords file, etc/shadow or etc/master.passwd, will appear no different than in the traditional scheme.1 However,when an attacker exfiltrates the hashed passwords file and tries to crack it, the only passwords he will get are the ersatzpasswords — the “fake passwords”. When an attempt to login using these ersatzpasswords is detected an alarm will be triggered in the system that someone attempted to crack the password file. Even with an adversary who knows the scheme, cracking cannot be launched without physical access to the authentication server. The scheme also includes a secure backup mechanism in the event of a failure of the hardware dependent function. We discuss our implementation and provide some discussion in comparison to the traditional authentication scheme.

Added 2015-02-13

The Weakness of WinRAR Encrypted Archives to Compression Side-channel Attacks

CERIAS TR 2015-01
Kristine Arthur-Durett
Download: PDF

This paper explores the security of WinRAR encrypted archives.  Previous works concerning potential attacks against encrypted archives are studied and evaluated for practical implementation.  These attacks include passive actions examining the effects of compression ratios of archives and the files contained, the study of temporary artifacts and active man-in-the-middle attacks on communication between individuals.  An extensive overview of the WinRAR software and the functions implemented within it is presented to aid in understanding the intricacies of attacks against archives.
  Several attacks are chosen from the literature to execute on WinRAR v5.10.  Select file types are identified through the examination of compression ratios.  The appearance of a file in an archive is determined through both the appearance of substrings in the known area of an archive and the comparison of compression ratios.
  Finally, the author outlines a revised version of an attack that takes advantage of the independence between the compression and encryption algorithms.  While a previous version of this attack only succeeded in removing the encryption from an archive, the revised version is capable of fully recovering an original document from a encrypted compressed archive.  The advantages and shortcomings of these attacks are discussed and some countermeasures are briefly mentioned.

Added 2015-01-05

The Indiana Cybersecurity Services Center (INCSC): A Cost-Benefit Analysis for K-12 Schools

CERIAS TR 2014-9
Vargas Silva, Hans
Download: PDF

The aim of this thesis is to determine if there are greater benefits than costs associated in the participation of public K-12 school corporations in the Indiana Cybersecurity Services Center (INCSC). This thesis is an ex-ante cost-benefit analysis policy assessment of the INCSC. The study consisted of a sample of 6 school corporations from which 5 were classified as small and 1 was large. Three methods were considered for data collection; however conducting interviews was the most effective method due to the interaction with IT personnel from each organization in order to analyze current costs related to 4 areas of interest: (a) networking hardware; (b) Antivirus software; (c) computer hardware; (d) IT personnel. These costs were compared to those potential costs if products and/or services would be procured through the INCSC.

School corporations, with the goal to enhance their level of information security, would only receive benefit from participating in the INCSC when procuring networking equipment and Antivirus software. The author also recommends exploring the costs and legal implications of data breaches as well as considering insurance products.

—- Vargas Silva, Hans C. M.S. Purdue University, Decenber 2014. The Indiana Cybersecurity Services Center (INCSC): A Cost-Benefit Analysis for K-12 Schools. Mayor Professor: Melissa Dark.

Added 2014-12-31

DBMask: Fine-Grained Access Control on Encrypted Relational Databases

CERIAS TR 2013-21
Mohamed Nabeel, Muhammad I. Sarfraz, Jianneng Cao, Elisa Bertino
Download: PDF

For efficient data management and economic benefits, organizations are increasingly moving towards the paradigm of “database as a service” where their data are managed by a database management system (DBMS) hosted in a public cloud. However, data are the most valuable asset in an organization, and inappropriate data disclosure puts the organization’s business at risk. Therefore, data are usually encrypted in order to preserve their confidentiality. Past research has extensively investigated query processing on encrypted data. However, a naive encryption scheme negates the benefits provided by the use of a DBMS. In particular, past research efforts do not have adequately addressed flexible access control on encrypted data at different granularity levels which is critical when data are shared among different users and applications. Previous access control approaches in the best case only support as minimum granularity level the table column, by which the authorization is associated with an entire column within a table. Other approaches only support access control granularity at the database level, meaning that authorizations are associated with the entire database, and thus either a user can access the entire database or cannot access any data item. In this paper, we propose DBMask, a novel solution that supports fine-grained access control, including row and cell level access control, when evaluating SQL queries on encrypted data. Our solution does not require modification to the database engine, and thus maximizes the reuse of the existing DBMS infrastructures. Our experimental results show that our solution is efficient and scalable to large datasets.

Added 2014-12-22

Privacy in Social Messaging and Identity Management

CERIAS TR 2014-8
Ruchith Fernando
Download: PDF

Messaging systems, where a user maintains a set of contacts and broadcasts messages to them, are very common. In a situation where a user only sends messages directly to a set of online contacts, a contact might miss a message if it is not available to receive it directly from the user. This work addresses the problem of a trusted contact’s obtaining a message that it missed, from other trusted contacts of the user, while maintaining the anonymity of all participating contacts. A protocol is presented to facilitate this communication. An experimental framework is developed to evaluate various possible configurations of the entities involved.

The techniques developed to address the above problem are extended to address the problem of a user’s authenticating with a service provider while ensuring that multiple sessions are unlinkable. The proposed approach achieves this by setting up an authenticated secure channel between the user and the service provider. Information exchanged for the setup of this secure channel is unique over multiple authentications. The proposed protocol is further enhanced to accommodate service provider policies that use credentials with relationship constraints among them. In such cases, the service provider will not be able to analyze and identify sets of users who authenticate with different credential subsets. The proposed credential revocation scheme allows an identity provider to revoke user credentials without compromising user privacy, even while relying on a public channel. Moreover, these protocols do not require the identity provider to remain online during authentication and revocation. Finally, details on how to adapt the proposed identity management system to privately manage healthcare records is presented as an application of the proposed system.

Added 2014-11-16

Assured Information Sharing Life Cycle

Joshi, A. ; Kargupta, H. ; Yesha, Y. ; Sachs, J. ; Bertino, E. ; Ninghui Li ; Clifton, C. ; Spafford

This paper describes our approach to assured information sharing. The research is being carried out under a MURI 9Multiuniversity Research Initiative) project funded by the air force office of scientific research (AFOSR). The main objective of our project is: define, design and develop an assured information sharing lifecycle (AISL) that realizes the DoD’s information sharing value chain. In this paper we describe the problem faced by the department of defense and our solution to developing an AISL system.

Added 2014-10-31

Audlib: a configurable, high-fidelity application audit mechanism

Benjamin A. Kuperman Eugene H. Spafford

In this paper, we introduce Audlib, an extendable tool for generating security-relevant information on Unix systems. Audlib is a wrapper environment that generates application level audit information from existing executable programs. Audlib is not a detection system, instead it is designed to supplement existing audit systems and work transparently with them. Audlib records information that is not presently available from existing kernel-level audit sources. Here, we describe the design of the Audlib framework and the information it provides. We compare auditing the actions of a web server with Audlib to existing kernel audit sources and show that we have 2–4 times the throughput of Linux auditd and less than half the performance overhead of Solaris BSM while collecting detailed information about the server’s execution. Although Audlib is focused on recording security information, this technique can be used to collect data for a wide variety of purposes including profiling, dependency analysis, and debugging. Copyright © 2010 John Wiley & Sons, Ltd.

Added 2014-10-31

Reverse-safe authentication protocol for secure USB memories

Kyungroul Lee, Kangbin Yim, andEugene H. Spafford

USB memory devices are both portable and easily accessible, and have thus become one of the most popular forms of external storage device. However, if a USB device is lost, stolen, or hacked, it may lead to leakage of critical information. It is a logical outcome that malicious individuals will try to steal their colleagues’ USB memories. Consequently, various USB products with built-in security functions have been developed. To our knowledge, there has been little or no security analysis and comparison of these devices. This paper explores technological and architectural approaches to secure USB memories while analyzing their vulnerabilities, especially for resistance to reverse engineering attacks on the authentication protocols and data decryption. In this analysis, we classify vulnerabilities of these devices into 12 categories to summarize the current security situations on USB memories. Additionally, we derive a more secure authentication protocol based on our analysis. It is expected for secure USB products, including USB memory devices, to be revised with enhanced authentication protocols as a result of this effort. Copyright © 2012 John Wiley & Sons, Ltd.

Added 2014-10-31

Future Biometric Systems and Privacy

Shimon Modi and Eugene H. Spafford
Added 2014-10-31