Showing papers by "Tadayoshi Kohno published in 2011"
Proceedings Article•
08 Aug 2011TL;DR: This work discovers that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft.
Abstract: Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model--requiring prior physical access--has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.
1,370 citations
TL;DR: TaintEraser is a new tool that tracks the movement of sensitive user data as it flows through off-the-shelf applications while precisely scrubbing user-defined sensitive data that would otherwise have been exposed to restricted output channels.
Abstract: We present TaintEraser, a new tool that tracks the movement of sensitive user data as it flows through off-the-shelf applications. TaintEraser uses application-level dynamic taint analysis to let users run applications in their own environment while preventing unwanted information exposure. It is made possible by techniques we developed for accurate and efficient tainting: (1) Semantic-aware instruction-level tainting is critical to track taint accurately, without explosion or loss. (2) Function summaries provide an interface to handle taint propagation within the kernel and reduce the overhead of instruction-level tracking. (3) On-demand instrumentation enables fast loading of large applications. Together, these techniques let us analyze large, multi-threaded, networked applications in near real-time. In tests on Internet Explorer, Yahoo! Messenger, and Windows Notepad, Taint- Eraser generated no false positives and instrumented fewer than 5% of the executed instructions while precisely scrubbing user-defined sensitive data that would otherwise have been exposed to restricted output channels. Our research provides the first evidence that it is viable to track taint accurately and efficiently for real, interactive applications running on commodity hardware.
175 citations
17 Oct 2011
TL;DR: The power supplies of modern TVs produce discernible electromagnetic interference (EMI) signatures that are indicative of the video content being displayed, and these signatures are measured over time and across multiple instances of the same TV model.
Abstract: We conduct an extensive study of information leakage over the powerline infrastructure from eight televisions (TVs) spanning multiple makes, models, and underlying technologies. In addition to being of scientific interest, our findings contribute to the overall debate of whether or not measurements of residential powerlines reveal significant information about the activities within a home. We find that the power supplies of modern TVs produce discernible electromagnetic interference (EMI) signatures that are indicative of the video content being displayed. We measure the stability of these signatures over time and across multiple instances of the same TV model, as well as the robustness of these signatures in the presence of other noisy electronic devices connected to the same powerline.
69 citations
TL;DR: The security issues as they pertain to an insulin pump system that includes an embedded system of components, which include the insulin pump, continuous glucose management system, blood glucose monitor, and other associated devices are described.
Abstract: Insulin therapy has enabled patients with diabetes to maintain blood glucose control to lead healthier lives. Today, rather than injecting insulin manually using syringes, a patient can use a devic...
67 citations
10 Apr 2011
TL;DR: The results show that Keypad overcomes the challenges posed by slow networks or disconnection, providing clients with usable forensics and control for their (increasingly) missing mobile devices.
Abstract: This paper presents Keypad, an auditing file system for theft-prone devices, such as laptops and USB sticks. Keypad provides two important properties. First, Keypad supports fine-grained file auditing: a user can obtain explicit evidence that no files have been accessed after a device's loss. Second, a user can disable future file access after a device's loss, even in the absence of device network connectivity. Keypad achieves these properties by weaving together encryption and remote key storage. By encrypting files locally but storing encryption keys remotely, Keypad requires the involvement of an audit server with every protected file access. By alerting the audit server to refuse to return a particular file's key, the user can prevent new accesses after theft.We describe the Keypad architecture, a prototype implementation on Linux, and our evaluation of Keypad's performance and auditing fidelity. Our results show that Keypad overcomes the challenges posed by slow networks or disconnection, providing clients with usable forensics and control for their (increasingly) missing mobile devices.
55 citations
Patent•
08 Apr 2011TL;DR: The auditing file system as mentioned in this paper supports fine-grained file auditing: a user may obtain reliable, explicit evidence that no files have been accessed after a device's loss, even in the absence of device network connectivity.
Abstract: Systems and methods for providing an auditing file system for theft-prone devices are disclosed. The auditing file system supports fine-grained file auditing: a user may obtain reliable, explicit evidence that no files have been accessed after a device's loss. A user may also disable future file access after a device's loss, even in the absence of device network connectivity. In one embodiment, files are encrypted locally but the encryption keys are stored remotely, so that an audit server is queried for encryption keys to access protected files. By configuring the audit server to refuse to return a particular file's key, the user can prevent new accesses after the device is lost.
40 citations
TL;DR: Privacy-preserving attribution of IP packets can help balance forensics with an individual's right to privacy.
Abstract: Privacy-preserving attribution of IP packets can help balance forensics with an individual's right to privacy.
35 citations
09 Mar 2011
TL;DR: It is argued that students would benefit from developing a mindset focused on the broader societal and contextual issues surrounding computer security systems and risks, and science fiction prototyping was used to facilitate such social and contextual thinking in a recent undergraduate computer security course.
Abstract: Computer security courses typically cover a breadth of technical topics, including threat modeling, applied cryptography, software security, and Web security. The technical artifacts of computer systems - and their associated computer security risks and defenses - do not exist in isolation, however; rather, these systems interact intimately with the needs, beliefs, and values of people. This is especially true as computers become more pervasive, embedding themselves not only into laptops, desktops, and the Web, but also into our cars, medical devices, and toys. Therefore, in addition to the standard technical material, we argue that students would benefit from developing a mindset focused on the broader societal and contextual issues surrounding computer security systems and risks. We used science fiction (SF) prototyping to facilitate such societal and contextual thinking in a recent undergraduate computer security course. We report on our approach and experiences here, as well as our recommendations for future computer security and other computer science courses.
27 citations
01 Mar 2011
TL;DR: The Sensor Tricorder is designed, a system that enables people to query third party sensors with their smartphones in order to learn about the data collection activities and privacy policies of the applications using the sensors.
Abstract: As rich sensing applications become pervasive, people increasingly find themselves with limited ability to determine what sensor data the applications are collecting about them and how the applications are using the sensor data. Openness and transparency serve as our guiding principles in designing the Sensor Tricorder, a system that enables people to query third party sensors with their smartphones in order to learn about the data collection activities and privacy policies of the applications using the sensors. We leverage the increasing ubiquity of QR Codes in mobile applications and utilize them in a novel way. Our prototype system uses active QR Codes to visually communicate dynamic data such as the sensor activities and application privacy policies to smartphone users. Based on our experiences in building this prototype, we identify the key properties that sensor platforms must provide to support transparency and openness and highlight the main challenges involved in realizing these properties.
6 citations