USENIX Security Conference 2011

I am attending the USENIX security conference this week. Sessions are available online. Here are my notes from sessions that I found interesting (bold for extra):

Network Security in the Medium Term: 2061–2561 AD, Charles Stross

Stross is one of my favorite science fiction authors. The main direction of the talk was the future political importance of information security. This is due to the intrusiveness of future information breaches once lifelogging, bioinformatics and other very intimate technologies are adopted.

Fast and Precise Sanitizer Analysis with BEK, Pieter Hooimeijer, et al

  • Compared different HTML sanitizers using an automated harness. Sanitizers from MS included (4), as well as new implementations (3).
  • Four of these were equivalent.
  • Only one protected against all the examples from the XSS Cheat Sheet

Toward Secure Embedded Web Interfaces, Baptiste Gourdin, et al

  • 50 security vulnerabilities reported to CERT
  • All manufacturers had vulnerabilities (XSS, CSRf, …)
  • Author proposes WebDroid security distribution for embedded web interfaces (framework as “firewall”)

Comprehensive Experimental Analyses of Automotive Attack Surfaces, Stephen Checkoway, et al

  • Cars have an instrument bus
  • access to the bus gives complete control
  • can disable breaks, engine, even while in motion
  • attack surface:
    • bus extends to media ports and charging
    • bluetooth
    • remote keyless entry
    • wifi
    • digital radio
    • telematics: automated crash reporting / roadside assistance
  • completely compromised by author: bluetooth, media ports, more
    • crafted cdrom (iso-9660, wma)
    • strcpy in bluetooth stack – craft trojan in android
    • bruteforce pin for pairing (hours)
    • undetectable to users
    • telematics compromise through cellular interface
  • compromise is silent and attacks can be triggered later

Privacy in the Age of Augmented Reality, Alessandro Acquisti, et al

  • De-identified faces matched to identified (FB, …)
  • 10% of FB profiles are pseudonymous
  • Experiments:
    • Unidentified: dating site photos
    • Identified: FB profiles
    • Only match to highest ranked matched from matching algorithm:
    • 10% success rate for re-identification
    • Against pittpatt (acquired by google)
    • 30% success
    • Predicting SSN from DOB, etc.
    • 5 digits matched in four attempts
    • iPhone app for real-time re-identification
  • PPI – personally predictable information

Secure In-Band Wireless Pairing, Shyamnath Gollakota, et al

  • Authors present a method for secure wireless pairing
  • No secondary channel (display, keyboard, infrared, …)
  • secure against MITM
  • Tamper evident message
  • cannot be altered, hidden, prevented without being detected
  • patterns of silence based on hash of message
  • sync pattern longer than any collision

TRESOR Runs Encryption Securely Outside RAM, Tilo Müller and Felix C. Freiling:

  • Prevents cold book attack
  • Uses AES-NI instruction set

A Study of Android Application Security, William Enck, et al

  • Decompiled and statically analyzed 21 millions lines of free Android apps
  • Pervasive misuse of private info and bad security practices
  • High market penetration of ad networks

Permission Re-Delegation: Attacks and Defenses, Adrienne Porter Felt, et al

  • I call this “cross app request forgery” 😉
  • A large fraction of apps mistakenly expose sensitive functionality through intents
  • Malicious apps can abuse this
  • For example, turn on BT, Wifi, GPS
  • Suggests a way to mitigate through dynamic privilege reduction

Telex: Anticensorship in the Network Infrastructure, Eric Wustrow, et al

  • Telex converts innocuous, unblocked websites into proxies, without their explicit collaboration
  • Trigger routing to a proxy while accessing an “innocent” web site by putting a special nonce in the TLS negotiation
  • Could be used to bypass state censorship
  • To be deployed by ISPs on routers
  • Idea: consider deploying on web servers

Three Researchers, Five Conjectures: An Empirical Analysis of TOM-Skype Censorship and Surveillance, Jeffrey Knockel, et al

  • Detailed analysis of Chinese censorship through the compromised version of Skype used in China (with Skype’s cooperation)
  • Application uses a list of keywords to flag conversations for surveillance
  • Keywords triggering surveillance include mostly political and location words
  • Conjectures by authors include:
    “Censorship is effective, despite attempts to evade it.” ,
    “Censored memes spread differently than uncensored memes.”,
    “Keyword based censorship is more effective when the censored keywords are unknown and on-line activity is, or is believed to be, under constant surveillance.”,
    “The types of keywords censored in peer-to-peer communications are fundamentally different than the types of keywords censored in client-server communications.”,
    “Neologisms are an effective technique in evading keyword based censorship, but censors frequently learn of their existence.”
  • Complete lists with translations of the censorship and surveillance keywords for TOM-Skype are available at