owned this note
owned this note
Published
Linked with GitHub
# Other venues
The page covers papers that are not yet formally published or published in venues other than commonly recongized.
###### tags: `Reading sessions`
[TOC]
---
## [**Three Lessons from Threema Analysis of a Secure Messenger**](https://breakingthe3ma.app/#hero)
* By Kenneth G. Paterson, Matteo Scarlata, Kien Tuong Truong
* [FH] This paper presents 7 attacks on Threema, an E2E secure communication app used by the Swiss government, the Swiss Army and many others (10 million users). The root causes are the use of propritary (unfortunately insecure) key exchange protocols. the paper is well presented.
* Threema E2E protocol: it uses static Diffie-Hellman, hence no forward secrecy. It uses random nonces to prevent replay attakcs, but the nounces need to be saved locally in a database.
* Threema client-to-server protocol: uses ideas similar to TLS, but the client has a long-term key pair. Threema uses its own custom AKE protocol (not full mixing ephemeral and static keys).
* Registration protocol: a user registers a key pair and proves the possession of a private key by decrypting a string sent by the server. They could have used a zero-knowledge proof protocol.
* [BB] Short rview by BB
###### tags: ``E2E secure communication``, ``attacks``
## [**Modern EMV and NFC cardholder verification issues The Cryptogram Confusion Attack**](https://www.paymentvillage.org/blog/modern-emv-and-nfc-cardholder-verification-issues)
* By Payment villeages
* [FH] Two attacks against NFC contactless cards
* A cryptgram confusion attack, which allows using a locked contactless card to make payment.
* A PIN code brute-force attack, which allows unlimited testing of the PIN through a combination of offline PIN check and the Chip & Signature verification scheme.
###### tags: ``card payment security``, ``attacks``
## [**How to take over Amazon Kindle with an malicious e-book - DEFCON29**](https://youtu.be/1jM_r-pe8Ss)
* By Slava Makkaveev
* [FH] The attack exploits the vulnerability of the document viewer app of Amazon Kindle and it's poor priviledge management of the App Manager module.
* The pdf document viewer of Kindle works as image viewer where each page of the pdf is rendered as an image. Along with the readable contents, these pdf pages also contains refignment informations. These refinement information helps the viewer to understand the amount of memory required to display the page.
* By modifying/setting incorrect refignment information the attacker makes the viewer believe that it needs less memory that the actual size of the content. This results in overflow of memory(similar to buffer overflow) and the attacker can write in any memory location of the memory.
* Also for Kindle devices, the Address Space Layout Randomization (ASLR) was not randomized. The attacker takes advantage of these vulnerability and can fugure out the memory location to execute the malicious program.
* The App Manager in Kindle has got the root priviledge. Hence if the user tries to open the malicious document, with the help of App Manager's root priviledge the malicious code get's executed
* In the DEFCON29 demonstration, Slava Makkaveev showed that an attacker can steal amazon account cookies, device private keys etc.
###### tags: ``Amazon Kindle Security``, ``attacks``
---
## [**Hybrid Post-Quantum Signatures in Hardware Security Keys - 4th ACNS Workshop on Secure Cryptographic Implementation 2023,**](https://eprint.iacr.org/2022/1225.pdf)
* Diana Ghinea et al
* [SS] FIDO provides user-friendly password-less authentication using some devices such as Yubico. The core idea is to rely on security devices (con- trolled via biometrics and/or PINs) which can then be used to register and later seamlessly authenticate to online services. The new FIDO2 protocols are: W3C’s Web Authentication (WebAuthn) and FIDO Alliance’s Client-to-Authenticator Protocol v2.0 (CTAP21).
This work has worked on the PQC migration of FIDO2 where they have presented a hybrid signature. They won the ACNS (Applied Cryptography and Network Security) 2023 "best workshop paper" award. This new hybrid implementation is now part of the OpenSK, Google's open-source security keys implementation that supports the FIDO2 standards.
They consider PQC signature scheme Falcon and Dilithium, the two winners of NIST PQC competition. Dilithium is faster than Falcon, however has larger key sizes. They have optimized Dilithium to get key sizes closer to Falcon. On the other hand, other winner SPHINCS+ has much larger signature size and so it is infeasible for the embedded devices, and the performance cost of signing compared to lattice schemes is significantly worse, so they have ruled out its consideration.
This work is based on the open source security key OpenSK [31]. OpenSK is a firmware that implements CTAP 2.1. It works as an application on top of the embedded operating system TockOS. This immediately puts the restriction that the firmware including Dilithium, namely the key generation and signing algorithm, to fit 64 kB of RAM.
Following are the CTAP requirements:
-- User presence and user verification tokens usually timeout after 30 seconds, but are guaranteed to be valid for at least 10 seconds. So they aim for commands to finish within 10 seconds.
-- The size of a CTAP message over USB cannot exceed 7609 B
A hybrid signature scheme combines a classical signature algorithm with a post-quantum secure signature algorithm (in a construction commonly known as a combiner). They combine the classic signature ECDSA with the post-quantum signature Dilithium (with their optimization). This hybrid scheme ensures that the security guarantees of each underlying scheme are maintained even when one of the scheme becomes insecure. For the message m, the signature is S = (S1, S2), S1 comes from ECDSA and S2 comes from Dilithium: S1 = Sign(m, sk1), S2 = Sign(m, S1, sk2).
The optimization are of the following types: first, a high speed mode, which follows the original implementation with the exception that the key size is reduced. Second, a low memory footprint mode. One example of optimization is to generate the matrix from the 32 bit seed when required, not to store it all the time.
Implementation done in all modes on the Nordic nRF52840 development kit. They have given performance comparison with pure Dilithium and hybrid signature.
## [TI2Net: Temporal Identity Inconsistency Network for Deepfake Detection](https://openaccess.thecvf.com/content/WACV2023/papers/Liu_TI2Net_Temporal_Identity_Inconsistency_Network_for_Deepfake_Detection_WACV_2023_paper.pdf)
* Baoping Liu, Bo Liu, Ming Ding, Tianqing Zhu, Xin Yu;
* [HL] The paper introduced TI2Net, concentrating detect temporal identity inconsistencies. TI2Net is a reference-agnostic detector and can be applied to previously unseen datasets.
Creativity:
For a given identity within a video clip, the identity information in all frames is initially encoded into **identity vectors(**Identity features encoded by the **identity encoder** → which is being pretrained but not updated during joint training to ensure the whole framework will focus on temporal information extraction)
* Methodlogy: Video frames sequencies is transformed to identity encoder, then the differencing component will do the differencing operation to the raw video frames. Differencings will be taken as the input features to the RNN and use triplet loss to enhance the classification.
* Evaluation: TI2Net AUC for cross dataset is 65-76% avg accuracy for 70.75%