- Israel
Amir Herzberg
University of Connecticut, Computer Science and Engineering, Faculty Member
Research Interests:
Research Interests:
We present a practical off-path TCP-injection attack for connections between current, non-buggy browsers and web-servers. The attack allows web-cache poisoning with malicious objects; these objects can be cached for long time period,... more
We present a practical off-path TCP-injection attack for connections between current, non-buggy browsers and web-servers. The attack allows web-cache poisoning with malicious objects; these objects can be cached for long time period, exposing any user of that cache to XSS, CSRF and phishing attacks. In contrast to previous TCP-injection attacks, we assume neither vulnerabilities such as client-malware nor predictable choice of client port or IP-ID. We only exploit subtle details of HTTP and TCP specifications, and features of legitimate (and common) browser implementations. An empirical evaluation of our techniques with current versions of browsers shows that connections with popular websites are vulnerable. Our attack is modular, and its modules may improve other off-path attacks on TCP communication. We present practical patches against the attack; however, the best defense is surely adoption of TLS, that ensures security even against the stronger Man-in-the-Middle attacker.
Research Interests:
Research Interests:
Research Interests:
This report documents the program and the outcomes of Dagstuhl Seminar 15102 “Secure Routing for Future Communication Networks”. Routing is a fundamental mechanism in communication networks, and its security is critical to ensure... more
This report documents the program and the outcomes of Dagstuhl Seminar 15102 “Secure Routing for Future Communication Networks”. Routing is a fundamental mechanism in communication networks, and its security is critical to ensure availability and prevent attacks; however, devel-oping and deploying secure routing mechanism is still a challenge. Significant research effort is required to advance routing security in key areas: intra-domain routing, inter-domain routing, routing in new Internet architectures, and routing in mobile and wireless networks. The seminar covered these general aspects along with the following important guiding questions. How to systematise the topic area of routing security? What are evolutionary or revolutionary options towards more secure routing systems? How to secure inter-domain routing? How to secure intra-domain routing and routing in mobile/wireless settings? How to achieve data plane/forwarding security?
Research Interests:
We present practical poisoning and name-server block-ing attacks on standard DNS resolvers, by off-path, spoofing adversaries. Our attacks exploit large DNS responses that cause IP fragmentation; such long re-sponses are increasingly... more
We present practical poisoning and name-server block-ing attacks on standard DNS resolvers, by off-path, spoofing adversaries. Our attacks exploit large DNS responses that cause IP fragmentation; such long re-sponses are increasingly common, mainly due to the use of DNSSEC. In common scenarios, where DNSSEC is partially or incorrectly deployed, our poisoning attacks allow ‘com-plete ’ domain hijacking. When DNSSEC is fully de-ployed, attacker can force use of fake name server; we show exploits of this allowing off-path traffic analy-sis and covert channel. When using NSEC3 opt-out, attacker can also create fake subdomains, circumvent-ing same origin restrictions. Our attacks circumvent resolver-side defenses, e.g., port randomisation, IP ran-domisation and query randomisation. The (new) name server (NS) blocking attacks force re-solver to use specific name server. This attack allows Degradation of Service, traffic-analysis and covert chan-nel, and also facilitates DNS poisoning. We ...
Everyone is concerned about the Internet security, yet most traffic is not cryptographically protected. The usual justifi-cation is that most attackers are only off-path and cannot in-tercept traffic; hence, challenge-response mechanisms... more
Everyone is concerned about the Internet security, yet most traffic is not cryptographically protected. The usual justifi-cation is that most attackers are only off-path and cannot in-tercept traffic; hence, challenge-response mechanisms suffice to ensure authenticity. Usually, the challenges re-use exist-ing ‘unpredictable ’ header fields to protect widely-deployed protocols such as TCP and DNS. We argue that this practice may often only give an illu-sion of security. We present recent off-path TCP injection and DNS poisoning attacks, enabling attackers to circum-vent existing challenge-response defenses. Both TCP and DNS attacks are non-trivial, yet very efficient and practical. The attacks foil widely deployed security mechanisms, such as the Same Origin Policy, and allow a wide range of exploits, e.g., long-term caching of malicious objects and scripts. We hope that this article will motivate adoption of crypto-graphic mechanisms such as SSL/TLS, IPsec and DNSSEC, and of correct...
This report documents the program and the outcomes of Dagstuhl Seminar 15102 "Secure Routing for Future Communication Networks". Routing is a fundamental mechanism in communication networks, and its security is critical to... more
This report documents the program and the outcomes of Dagstuhl Seminar 15102 "Secure Routing for Future Communication Networks". Routing is a fundamental mechanism in communication networks, and its security is critical to ensure availability and prevent attacks; however, developing and deploying secure routing mechanism is still a challenge. Significant research effort is required to advance routing security in key areas: intra-domain routing, inter-domain routing, routing in new Internet architectures, and routing in mobile and wireless networks. The seminar covered these general aspects along with the following important guiding questions. How to systematise the topic area of routing security? What are evolutionary or revolutionary options towards more secure routing systems? How to secure inter-domain routing? How to secure intra-domain routing and routing in mobile/wireless settings? How to achieve data plane/forwarding security?
Research Interests:
Applied cryptographic protocols have to meet a rich set of security requirements under diverse environments and against diverse adversaries. However, currently used security specifications, based on either simulation [10,24] (e.g., ‘ideal... more
Applied cryptographic protocols have to meet a rich set of security requirements under diverse environments and against diverse adversaries. However, currently used security specifications, based on either simulation [10,24] (e.g., ‘ideal functionality’ in UC) or games [7,26], are monolithic, combining together different aspects of protocol requirements, environment and assumptions. Such specifications are complex, error-prone, and foil reusability, modular analysis and incremental design. We present the Modular Security Specifications (MoSS) framework, which cleanly separates each security requirement (goal) which a protocol should achieve, from the environment and model (assumptions) under which the requirement should be ensured. This modularity allows us to reuse individual models and requirements across different protocols and tasks, and to compare protocols for the same task, either under different assumptions (models) or satisfying different sets of requirements. MoSS is flexi...
Research Interests:
In this work, we study Certificate Transparency (CT), an important standardized extension of classical Web-PKI, deployed and integrated into major browsers. We evaluate the properties of the published design of CT-v1 (RFC 6962), and... more
In this work, we study Certificate Transparency (CT), an important standardized extension of classical Web-PKI, deployed and integrated into major browsers. We evaluate the properties of the published design of CT-v1 (RFC 6962), and identify five major concerns, which persist in drafts for CT-v2. Most significantly, CT-v1 fails to achieve the main goal of the original CT publications, namely security with No Trusted Third Party (NTTP) and it does not ensure transparency for revocation status. Several recent works [1, 4, 6, 10, 19, 21, 25] address some of these issues but at the cost of significant, non-evolutionary deviation from the existing standards and ecosystem. In response, we present CTng, a redesign of CT. CTng achieves security, including transparency of certificate and of revocation status, with No Trusted Third Party, while preserving client’s privacy, allowing offline client validation of certificates, and facilitating resiliency to DoS. CTng is efficient and practical, ...
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
We present the malicious CAPTCHA attack, allowing a rogue website to trick users into unknowingly disclosing their private information. The rogue site displays the private information to the user in obfuscated manner, as if it is a... more
We present the malicious CAPTCHA attack, allowing a rogue website to trick users into unknowingly disclosing their private information. The rogue site displays the private information to the user in obfuscated manner, as if it is a CAPTCHA challenge; the user is unaware that solving the CAPTCHA, results in disclosing private information. This circumvents the Same Origin Policy (SOP), whose goal is to prevent access by rogue sites to private information, by exploiting the fact that many websites allow display of private information (to the user), upon requests from any (even rogue) website. Information so disclosed includes name, phone number, email and physical addresses, search history, preferences, partial credit card numbers, and more. The vulnerability is common and the attack works for many popular sites, including nine out of the ten most popular websites. We evaluated the attack using IRB-approved, ethical user experiments.
Research Interests:
Traditional botnet attacks leverage large and distributed numbers of compromised internet-connected devices to target and overwhelm other devices with internet packets. But with increasing consumer adoption of high-wattage internet-facing... more
Traditional botnet attacks leverage large and distributed numbers of compromised internet-connected devices to target and overwhelm other devices with internet packets. But with increasing consumer adoption of high-wattage internet-facing “smart devices", a new “power botnet" attack emerges, where such devices are used to target and overwhelm power grid devices with unusual load demand. We introduce a specific variant of this attack, the power-botnet weardown-attack , which does not intend to cause blackouts or short-term acute instability, but instead forces expensive mechanical components to activate more frequently, necessitating costly replacements or repairs. Specifically, we target the on-load tap-changer (OLTC) transformer, which involves a mechanical switch that responds to change in load demand. In our analysis and simulations, such power botnets can halve the lifespan of an OLTC, or in the most extreme cases, reduce it to 2 . 5% of its original lifespan. Notably,...
Research Interests:
Research Interests:
Email's main (and initial) use is professional and personal communication. Email is very efficient, convenient and low-cost, especially when automatically sent by programs to many recipients ('bulk email'). Therefore, email is... more
Email's main (and initial) use is professional and personal communication. Email is very efficient, convenient and low-cost, especially when automatically sent by programs to many recipients ('bulk email'). Therefore, email is also used to distribute other messages: from unsolicited offerings and ads, to malicious content such as viruses and scams. Users are rarely interested in these messages; the result it that the vast majority of email messages are undesirable and discarded. These unwanted messages are often referred to as spam. Spam is very annoying to users, and wastes considerable time and resources of email users and service providers. There are few conventions for content labels, used to identify advertising or other potentially undesired messages. For example, some anti-spam legislation requires advertisers to use special prefixes such as 'ADV:' in the subject line [42, 43]. Messages that present correct content labels are not problematic, since they ca...
Research Interests:
Strict regulations and security practices of critical cyber-physical systems, such as nuclear plants, require complete isolation between their data-acquisition zone and their safety and security zones. Isolation methods range from... more
Strict regulations and security practices of critical cyber-physical systems, such as nuclear plants, require complete isolation between their data-acquisition zone and their safety and security zones. Isolation methods range from firewall devices, to 'data diodes' that only allow one-way communication. In this work we explore a possible threat bypassing existing isolation methods by communicating through the physical process. Specifically, we show how a corrupt actuator in one zone can send covert information to a sensor in a different zone, breaking the isolation. This may allow an attack where the actuator is intentionally malfunctioning, and the sensor is intentionally masking the malfunction. Furthermore, we show that under certain assumptions, such communication can be provably covert. Namely, it cannot be efficiently detected, by current and future detection systems. This has important implications for the design of security and safety mechanisms for critical cyber-ph...
Research Interests:
Encryption is often conceived as a committing process, in the sense that the ciphertext may serve as a commitment to the plaintext. But this does not follow from the standard definitions of secure encryption. We define and construct... more
Encryption is often conceived as a committing process, in the sense that the ciphertext may serve as a commitment to the plaintext. But this does not follow from the standard definitions of secure encryption. We define and construct symmetric and asymmetric committing encryption schemes, enabling publicly verifiable non-repudiation. Committing encryption eliminates key-spoofing attacks and has also the robustness to be signed afterwards. Our constructions are very efficient and practical. In particular, we show that most popular asymmetric encryption schemes, e.g. RSA, are committing encryption schemes; we also have an (efficient) construction given an arbitrary asymmetric encryption scheme. Our construction of symmetric committing encryption retains the efficiency of the symmetric encryption for realtime operations, although it uses few public key signatures in the setup phase. Finally, we investigate how to achieve both confidentiality and non-repudiation, and present a publicly v...
Research Interests:
Online Social Networks (OSNs) have rapidly become a prominent and widely used service, offering a wealth of personal and sensitive information with significant security and privacy implications. Hence, OSNs are also an important - and... more
Online Social Networks (OSNs) have rapidly become a prominent and widely used service, offering a wealth of personal and sensitive information with significant security and privacy implications. Hence, OSNs are also an important - and popular - subject for research. To perform research based on real-life evidence, however, researchers may need to access OSN data, such as texts and files uploaded by users and connections among users. This raises significant ethical problems. Currently, there are no clear ethical guidelines, and researchers may end up (unintentionally) performing ethically questionable research, sometimes even when more ethical research alternatives exist. For example, several studies have employed `fake identities` to collect data from OSNs, but fake identities may be used for attacks and are considered a security issue. Is it legitimate to use fake identities for studying OSNs or for collecting OSN data for research? We present a taxonomy of the ethical challenges f...
Research Interests:
Practical software hardening schemes are heuristic and are not proven to be secure. One technique to enhance security is robust combiners. An algorithm C is a robust combiner for speci cation S, e.g., privacy, if for any two... more
Practical software hardening schemes are heuristic and are not proven to be secure. One technique to enhance security is robust combiners. An algorithm C is a robust combiner for speci cation S, e.g., privacy, if for any two implementations X and Y , of a cryptographic scheme, the combined scheme C(X, Y ) satis es S provided either X or Y satisfy S. We present the rst robust combiner for software hardening, speci cally for obfuscation [2]. Obfuscators are software hardening techniques that are employed to protect execution of programs in remote, hostile environment. Obfuscators protect the code (and secret data) of the program that is sent to the remote host for execution. Robust combiners are particularly important for software hardening, where there is no standard whose security is established. In addition, robust combiners for software hardening are interesting from software engineering perspective since they introduce new techniques of software only fault tolerance.
Research Interests:
Research Interests:
We introduce the Anonymous Post-Office Protocol (AnonPoP), a practical strongly-anonymous messaging system. Its design effectively combines known techniques such as (synchronous) mix-cascade and constant sending rate, with several new... more
We introduce the Anonymous Post-Office Protocol (AnonPoP), a practical strongly-anonymous messaging system. Its design effectively combines known techniques such as (synchronous) mix-cascade and constant sending rate, with several new techniques including request-pool, bad-server isolation and per-epoch mailboxes. AnonPoP offers strong anonymity against strong, globally-eavesdropping adversaries, that may also control multiple servers, including all-but-one servers in a mix-cascade. Significantly, AnonPoP’s anonymity holds even when clients may occasionally disconnect, which is essential for supporting mobile clients.
Research Interests:
We present practical poisoning and name-server block- ing attacks on standard DNS resolvers, by off-path, spoofing adversaries. Our attacks exploit large DNS responses that cause IP fragmentation; such long re- sponses are increasingly... more
We present practical poisoning and name-server block- ing attacks on standard DNS resolvers, by off-path, spoofing adversaries. Our attacks exploit large DNS responses that cause IP fragmentation; such long re- sponses are increasingly common, mainly due to the use of DNSSEC. In common scenarios, where DNSSEC is partially or incorrectly deployed, our poisoning attacks allow 'com- plete' domain hijacking. When DNSSEC is fully de- ployed, attacker can force use of fake name server; we show exploits of this allowing off-path traffic analy- sis and covert channel. When using NSEC3 opt-out, attacker can also create fake subdomains, circumvent- ing same origin restrictions. Our attacks circumvent resolver-side defenses, e.g., port randomisation, IP ran- domisation and query randomisation. The (new) name server (NS) blocking attacks force re- solver to use specific name server. This attack allows Degradation of Service, traffic-analysis and covert chan- nel, and also facilitates DN...
Research Interests:
We show that fragmented IPv4 and IPv6 traffic is vulnerable to DoS, interception and modification attacks by a blind (spoofing-only) attacker. We demonstrated a weak attacker causing over 94% loss rate and intercepting more than 80% of... more
We show that fragmented IPv4 and IPv6 traffic is vulnerable to DoS, interception and modification attacks by a blind (spoofing-only) attacker. We demonstrated a weak attacker causing over 94% loss rate and intercepting more than 80% of data between peers. All attacks are practical, and validated experimentally on popular industrial and open-source products, with realistic network setups (involving NAT or tunneling). The interception attack requires a zombie behind the same NAT or tunnel-gateway as the victim destination; the other attacks only require a puppet (adversarial applet/script in sandbox). The complexity of our attacks depends on the predictability of the IP Identifier (ID) field and are simpler for implementations, e.g. Windows, which use globally-incrementing IP IDs. Most of our effort went into extending the attacks for implementations, e.g. Linux, which use per-destination-incrementing IP IDs.
Research Interests:
We study and extend Route Origin Validation (ROV), the basis for the IETF defenses of interdomain routing. We focus on two important hijack attacks: subprefix hijacks and non-routed prefix hijacks. For both attacks, we show that, with... more
We study and extend Route Origin Validation (ROV), the basis for the IETF defenses of interdomain routing. We focus on two important hijack attacks: subprefix hijacks and non-routed prefix hijacks. For both attacks, we show that, with partial deployment, ROV provides disappointing security benefits. We also present a new attack, superprefix hijacks, which completely circumvent ROV’s defense for non-routed prefix hijacks. We then present ROV++, a novel extension of ROV, with significantly improved security benefits even with partial adoption. For example, with uniform 5% adoption for edge ASes (ASes with no customers or peers), ROV prevents less than 5% of subprefix hijacks, while ROV++ prevents more than 90% of subprefix hijacks. ROV++ also defends well against non-routed prefix attacks and the novel superprefix attacks. We evaluated several ROV++ variants, all sharing the improvements in defense; this includes “Lite”, software-only variants, deployable with existing routers. Our ev...
Mix networks are a key technology to achieve network anonymity, private messaging, voting and database lookups. However, simple mix networks are vulnerable to malicious mixes, which may drop or delay packets to facilitate traffic analysis... more
Mix networks are a key technology to achieve network anonymity, private messaging, voting and database lookups. However, simple mix networks are vulnerable to malicious mixes, which may drop or delay packets to facilitate traffic analysis attacks. Mix networks with provable robustness address this drawback through complex and expensive proofs of correct shuffling, but come at a great cost and make limiting or unrealistic systems assumptions. We present Miranda, a synchronous mix network mechanism, which is provably secure against malicious mixes attempting active attacks to de-anonymize users, while retaining the simplicity, efficiency and practicality of mix networks designs. Miranda derives a robust mix reputation through the first-hand experience of mix node unreliability, reported by clients or other mixes. As a result, each active attack – including dropping packets – leads to reduced connectivity for malicious mixes and reduces their ability to attack. We show, through experim...
We present DURP, a decentralized protocol for unobservable, anonymous reporting to an untrusted destination, with low latency and overhead. DURP provably ensures strong anonymity properties, as required for some applications (and not... more
We present DURP, a decentralized protocol for unobservable, anonymous reporting to an untrusted destination, with low latency and overhead. DURP provably ensures strong anonymity properties, as required for some applications (and not provided by existing systems and practical designs, e.g., Tor), specifically: − Provable unobservability against global eavesdropper and malicious participants. − Provable source anonymity against a malicious destination. − Probable-innocence against a malicious destination which is also a global eavesdropper. DURP design is a modular combination of two modules: a queuing module, ensuring fixed rates for certain events, together with an anonymization module, which can use either OnionRouting (DURP) or Crowds (DURP). We present analysis, backed by simulation results, of the network properties and performance of DURP, and show it has reasonable overhead. We also use the analysis results to create an optimized version of DURP.
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Abstract: We investigate how to construct secure cryptographic schemes, from few candidate schemes, some ofwhich may be insecure. Namely, tolerant constructions tolerate the insecurity of some of the componentschemes used in the... more
Abstract: We investigate how to construct secure cryptographic schemes, from few candidate schemes, some ofwhich may be insecure. Namely, tolerant constructions tolerate the insecurity of some of the componentschemes used in the construction. We define tolerant constructions, and investigate folklore, practicalcascade and parallel constructions. We prove cascade of encryption schemes provide tolerance forindistinguishability under chosen ciphertext attacks, including a weak adaptive variant....
Research Interests: Distributed Computing, Computer Networks, System Management, Environmental Management, Communication systems, and 15 moreComputer Security, Cryptography, Authentication, Computer Network, Protocols, Resource Management, Public key cryptography, Network Architecture, Cryptographic Protocols, Network Architectures, Ease of Use, Key Distribution, Message Authentication, Authentication Protocol, and Public Key
... This trust is unjustified, since the contents are controlled by the website, or by a Man in the Middle attacker (for unprotected sites). ... Available from http://www.w3.org/2005/Security/usability-ws/papers/02-hp-petname/. [DT05]... more
... This trust is unjustified, since the contents are controlled by the website, or by a Man in the Middle attacker (for unprotected sites). ... Available from http://www.w3.org/2005/Security/usability-ws/papers/02-hp-petname/. [DT05] Rachna Dhamija and J. Doug Tygar. ...
Online Social Networks (OSNs) have rapidly become a prominent and widely used service, offering a wealth of personal and sensitive information with significant security and privacy implications. Hence, OSNs are also an important - and... more
Online Social Networks (OSNs) have rapidly become a prominent and widely used service, offering a wealth of personal and sensitive information with significant security and privacy implications. Hence, OSNs are also an important - and popular - subject for research. To perform research based on real-life evidence, however, researchers may need to access OSN data, such as texts and files uploaded by users and connections among users. This raises significant ethical problems. Currently, there are no clear ethical guidelines, and researchers may end up (unintentionally) performing ethically questionable research, sometimes even when more ethical research alternatives exist. For example, several studies have employed `fake identities` to collect data from OSNs, but fake identities may be used for attacks and are considered a security issue. Is it legitimate to use fake identities for studying OSNs or for collecting OSN data for research? We present a taxonomy of the ethical challenges facing researchers of OSNs and compare different approaches. We demonstrate how ethical considerations have been taken into account in previous studies that used fake identities. In addition, several possible approaches are offered to reduce or avoid ethical misconducts. We hope this work will stimulate the development and use of ethical practices and methods in the research of online social networks.
Research Interests:
The draft versions of the Foundations of Cybersecurity : Applied Introduction to Cryptography. Updated versions, as well as powerpoint presentations, are available for download from: http://bit.ly/FOCScrypto. Comments, and especially... more
The draft versions of the Foundations of Cybersecurity : Applied Introduction to Cryptography. Updated versions, as well as powerpoint presentations, are available for download from: http://bit.ly/FOCScrypto. Comments, and especially corrections and suggestions, are appreciated; send email to the author.