###### tags: `Reading sessions` [toc] # 2024 <https://sp2024.ieee-security.org/> ## [FlowMur: A Stealthy and Practical Audio Backdoor Attack with Limited Knowledge](https://ieeexplore.ieee.org/document/10646645) - By Jiahe Lan; Jie Wang; Baochen Yan; Zheng Yan; Elisa Bertino - [HL] The paper proposes an attack method that enables attackers to compromise a voice dataset by embedding a trigger based on the Signal-to-Noise Ratio (SNR). Unlike traditional backdoor attacks, which place the trigger in a fixed position, this approach dynamically adjusts the trigger's position using AI technique, to make the backdoor reaches a higher stealthy level. ## [Investigating Voter Perceptions of Printed Physical Audit Trails for Online Voting](https://www.computer.org/csdl/proceedings-article/sp/2024/313000a136/1Ub23TAHex2) * By Karola Marky, Nina Gerber, Henry John Krumb, Mohamed Khamis, and Max Mühlhäuser * [LH] The paper proposes a new hybrid online voting system. Once a vote is cast, a physical receipt is printed in a secure facility and put into a physical ballot box. Verifiability is assured through live streaming to the public, although the system is not completely E2E verifiable. The encryption scheme is only said to "follow guidelines from the literature", and no other details are given. * The protocol was evaluated in a study of 150 participants. Two implementations of an audit trail were trialled: one printing paper receipts, and another 3D printing tokens. There was no evidence that the introduction of either trail impacts the perceived security of their system, although paper was preferred due to its efficiency in printing. ## [Thwarting Last-Minute Voter Coercion](https://www.computer.org/csdl/pds/api/csdl/proceedings/download-article/1Ub23l2sxS8/pdf) * By Rosario Giustolisi, Maryam Sheikhi Garjan and Carsten Schuermann * [LH] The paper aims to propose a new voting protocol that avoids the problem of last-minute voter coercion for Internet voting (the adversary coerces the voter at the end of the voting phase). * There are two key insights: * The voting server generates "noisy ballots" to obfuscate the encrypted ballots cast by voters without needing to know the original vote. * The voting server and the voter are the only two parties that can distinguish between a noisy ballot and the ballot cast by the voter. * For each ballot, the voting server maintains a cast-ballot record (CBR), which lists all ballots associated with a voter (noisy or not). The voter and the voting server track a list of indices associated with the CBR. When voting under coercion, the voter must supply an incorrect list of indices to comply with the coercer. If there is a mismatch between the lists of the voting server and the voter, then a noisy ballot is created to "cancel out" the coerced vote (the intuition for this is not very clear from the paper). The ballots and list of indices are encrypted using exponential ElGamal and published to a bulletin board. NIZKPs prove that the server is following the procedure correctly whilst maintaining secrecy of the ballots and list of indices. Tally servers are in charge of tallying votes and publishing the winner to the bulletin board. * A proof-of-concept called Loki is described. The protocol is proved to satisfy ballot secrecy under the model of Bernhard et al. and verifiability under the notion of strong verifiability. ## [Injection Attacks Against End-to-End Encrypted Applications](https://www.computer.org/csdl/proceedings-article/sp/2024/313000a082/1RjEaQAIfkc) * [MD] Recent advancements in E2E encrypted messaging applications have introduced backup features that allow users to recover their messages when transitioning to a new device. These backups are encrypted and stored in services like Google Drive or iCloud, posing potential vulnerabilities. The paper explores a new threat model targeting this setting. The primary focus is on how an adversary can inject adversarial content into an application state by sending chosen messages to a target client. This state is then encrypted and synchronized to a storage visible to the adversary. By observing the lengths of the resulting cloud-stored ciphertexts, the attacker can infer confidential information. **Threat Model:** The attacker in this model: * Sends adversarial messages to the target user to inject content into their application state. * Observes the target user’s encrypted backups to deduce information. The paper examines two widely-used messaging applications, WhatsApp and Signal, demonstrating proof-of-concept attacks that can recover information from encrypted messages or attachments. # 2023 <https://sp2023.ieee-security.org/program.html> ## [One Key to Rule Them All: Secure Group Pairing for Heterogeneous IoT Devices](https://beerkay.github.io/papers/Berkay2023IoTCupidOakland.pdf) * By Habiba Farrukh, Muslum Ozgur Ozmen, Faik Kerem Ors, Z. Berkay Celik * [MD] This paper addresses the challenges associated with existing pairing solutions for heterogeneous IoT devices without requiring human intervention. Specifically, these solutions suffer from high pairing times, the inability to pair sensors that sense continuous physical quantities, and a lack of support for group pairing. The proposed solution is called IoTCUPID and comprised of three phases: 1. Firstly, it uses a novel window-based derivation technique to detect events sensed by both instant and continuous sensors. 2. Secondly, it groups the events by employing a fuzzy clustering algorithm to extract inter-event timings. 3. Lastly, it establishes group keys between devices with identical inter-event timings through a partitioned group password-authenticated key exchange scheme. The paper evaluates IOTCUPID in smart home and office environments with 11 heterogeneous devices demonstrating that it is highly effective in pairing all devices with only 2 group keys, and with minimal pairing overhead. * [BB] Short rview by BB ###### tags: `` `` # 2022 <https://www.ieee-security.org/TC/SP2022/program.html> ###### tags: `Reading sessions` --- ## [**Multi-Server Verifiable Computation of Low-Degree Polynomials**](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9833792) * Authors: Liang Feng Zhang and Huaxiong Wang * [SS] This paper falls under the privacy preserving distributed verifiable computing framework. This papers gives a solution to the problem where a user has an input x and she wants to compute F(x) for a degree d polynimial using multiple servers that keeps the input privacy, further the user is able to verify the correctness of F(x). The servers do not communicate with each other. The security properties are: * t-privacy : any t-servers do not learn about x * t-secrecy : any t-server cannot force the client to get a wrong output for F(x). * There are five schemes. The crux of the schemes is that x is shared among k-servers using Shamit vector secret sharing scheme using the polynomial c(u). The k-servers will send evaluations on k points such that these will allow client to obtain the polynomial F(c(u)) in tern this will give F(x) = F(c(0)). * This is a nice work based on simple idea, but scaleability is problematic: The number of servers required by our schemes is linear in the degree d of the outsourced polynomial. ###### tags: `` verifiable computing`` ## [**Device Fingerprinting with Peripheral Timestamps**](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwiGu5O9kIv9AhUJgFwKHQKoAR4QFnoECAsQAQ&url=https%3A%2F%2Fvmonaco.com%2Fpapers%2FDevice%2520Fingerprinting%2520with%2520Peripheral%2520Timestamps.pdf&usg=AOvVaw3XgBZzOOJDd2WhcOPSkPZw) * Authors: John V. Monaco * [LH] The paper finds that each device has a unique fingerprint due to the behaviour of the hardware and software components responsible for processing the input that the device gives (such as the device itself polling a sensor for physical changes, the communication protocol, the OS scheduler and the browser event loop). * They try to capture the unique behaviour with a "dual clock model" that compares two clocks through a single time source. A reference clock $C^{R}$ measures the times at which a slower subject clock $C^{S}$ ticks. The fingerprints are formed from the phase of the subject clock (specifically a phase image, that captures dominant frequency, skew, drift and jitter). * The fingerprints are not directly comparable; instead, they use a CNN to extract meaningful features from the phase images, allowing device identification and device verification (verification is the problem of determining if two phase images are from the same device). * Their results for device verification appear to be quite good, with ~87% verification accuracy formed from 2 minutes of typing across a population of 100k devices. With user profiling, this jumps to ~97%. This could be used as an additional authentication measure or to track users on the internet. They also consider using their CNN for system profiling (e.g. predicting device type or OS) and find good results compared to a baseline that always returns the mode. * The use case for their work is clear, and the authors consider possible alteration of the device fingerprints over time (e.g. as software updates or new peripherals are connected) as an exploration for future work. Though, the need for a dual clock is unclear. ###### tags: `authentication` `fingerprinting` `machine learning` # 2017 <https://link> ## [**IoT Goes Nuclear: Creating a ZigBee Chain Reaction**](https://ieeexplore.ieee.org/document/7958578) * By Eyal Ronen, Adi Shamir, Achi-Or Weingarten, Colin O’Flynn * [MM] The paper discusses the vulnerability of IoT devices and focuses on Philips Hue smart lights, which use the Zigbee industry standard for IoT. The lights are connected to a central controller through the Zigbee Light Link protocol in a Personal Area Network. The authors reverse-engineered the system to identify weaknesses and developed a worm that spreads through the standard Zigbee wireless interface. * The first challenge was to take control of a pre-installed smart light. They bypass the Proximity Test by exploiting a vulnerability in the specification. * Performed an attack on an office building by using a drone equipped with fully automated attack equipment from a distance of 400 meters. The lights in the building were then signalled SOS in Morse code, which was funny! * The second challenge was to spread the infection to other nearby smart lights, which was done by breaking the encryption. The authors developed a new side channel attack to extract the global AES-CCM key. * Demonstrated that a single infected bulb could spread the infection throughout a city within minutes * The authors note that Zigbee radio frequency protocol is not monitored and does not use TCP/IP packets, making it difficult to stop with standard internet security protocols. Additionally, Zigbee and WiFi share the same radio frequencies, which can disrupt WiFi communication as well.