# USENIX Security 2023 <https://www.usenix.org/conference/usenixsecurity23/summer-accepted-papers> ###### tags: `Reading sessions` --- ## [**Inducing Authentication Failures to Bypass Credit Card PINs**](https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/information-security-group-dam/research/publications/pub2023/mastercard-usenix23.pdf) * By David Basin, Patrick Schaller, and Jorge Toro-Pozo * [MM] In the Mastercard contactless transaction, the payment terminal validates the card offline using a PKI, where the root CA’s PK is looked up from a terminal’s internal list. The index of this root PK in the list is determined from card-supplied data that can be arbitrarily modified. We have observed that if this index is modified to an invalid one (e.g. one that is out of bounds) then the terminal does not perform any PKI checks during the transaction. This flawed failure mode in the protocol makes critical data, whose integrity is only protected offline, vulnerable to adversarial modification. Such critical data includes the card’s list of supported methods for cardholder verification. * As a proof-of-concept exploit, we developed a man-in-the-middle attack that modifies this cardholder verification support to make the payment terminal believe that the card (under attack) does not support PIN verification. We realized two versions of this attack; 1) **downgrade from PIN to (paper) signature**, and **complete removal of the cardholder verification support.** * We have successfully tested both versions of the attack with Mastercard and Maestro cards, in several real-world payment terminals. * It would be interesting to study similar behaviour for the online transactions, rather than offline. ###### tags: `EMV` `PINBypass` `Mastercard` ## [**Combating Robocalls with Phone Virtual Assistant Mediated Interaction**](https://www.usenix.org/system/files/sec23summer_308-pandit-prepub.pdf) * By Sharbani Pandit, Krishanu Sarker, Roberto Perdisci, Mustaque Ahamad, Diyi Yang * [MD] The article proposes a solution to the problem of robocalls. The proposed solution is a NLP-based virtual assistant for smartphones that automatically screens incoming calls to determine whether the call is from a human or a robocaller. The virtual assistant interrupts the user only when the call is determined to be from a human, preserving the phone call user experience. The article also reports security analysis and user studies that support the effectiveness of this solution in blocking current and future robocallers while preserving user experience. * [FH] This paper proposed an NLP based solution to distinguish if a caller is a human or a robot. This is very similar to the idea in CAPTCHA. The proposed solution excludes the threat of using an AI as the attacker. By comparison, CAPTCH mainly deals with an AI attacker (which is more challenging). The NLP model used in this work is relatively simple as the questions are drawn from a list. The idea of using NLP to engage the caller in a conversation seems new and interesting. ###### tags: ``caller ID spoofing``, ``CAPTCHA`` ## [**How fast do you heal? A taxonomy for post-compromise security in secure-channel establishment**](https://www.usenix.org/system/files/sec23summer_243-blazy-prepub.pdf) * By Olivier Blazy, Ioana Boureanu, Pascal Lafourcade, Cristina Onete, and Léo Robert * [MD] In this paper, the authors have established a novel formal definition called "Secure-Channel Establishment schemes with Key-Evolution (SCEKE)" that covers the two-party protocols allowing for key-evolution. They have also developed a framework to quantify the post-compromise security of SCEKE protocols based on the stages required so that the security of the protocol is recovered. They have considered different types of adversaries with varying strengths and abilities in developing their framework. To illustrate this framework, they have compared three SCEKE protocols: Signal, SAID and 5GAKA. ###### tags: `` `` ## [**paper 4**](https://link) * By authors * [AA] Short review by AA * [BB] Short rview by BB ###### tags: `` `` ---