-
Chain of trust: Unraveling references among Common Criteria certified products
Authors:
Adam Janovsky,
Łukasz Chmielewski,
Petr Svenda,
Jan Jancar,
Vashek Matyas
Abstract:
With 5394 security certificates of IT products and systems, the Common Criteria for Information Technology Security Evaluation have bred an ecosystem entangled with various kind of relations between the certified products. Yet, the prevalence and nature of dependencies among Common Criteria certified products remains largely unexplored. This study devises a novel method for building the graph of r…
▽ More
With 5394 security certificates of IT products and systems, the Common Criteria for Information Technology Security Evaluation have bred an ecosystem entangled with various kind of relations between the certified products. Yet, the prevalence and nature of dependencies among Common Criteria certified products remains largely unexplored. This study devises a novel method for building the graph of references among the Common Criteria certified products, determining the different contexts of references with a supervised machine-learning algorithm, and measuring how often the references constitute actual dependencies between the certified products. With the help of the resulting reference graph, this work identifies just a dozen of certified components that are relied on by at least 10% of the whole ecosystem -- making them a prime target for malicious actors. The impact of their compromise is assessed and potentially problematic references to archived products are discussed.
△ Less
Submitted 25 April, 2024; v1 submitted 22 April, 2024;
originally announced April 2024.
-
sec-certs: Examining the security certification practice for better vulnerability mitigation
Authors:
Adam Janovsky,
Jan Jancar,
Petr Svenda,
Łukasz Chmielewski,
Jiri Michalik,
Vashek Matyas
Abstract:
Products certified under security certification frameworks such as Common Criteria undergo significant scrutiny during the costly certification process. Yet, critical vulnerabilities, including private key recovery (ROCA, Minerva, TPM-Fail...), get discovered in certified products with high assurance levels. Furthermore, assessing which certified products are impacted by such vulnerabilities is co…
▽ More
Products certified under security certification frameworks such as Common Criteria undergo significant scrutiny during the costly certification process. Yet, critical vulnerabilities, including private key recovery (ROCA, Minerva, TPM-Fail...), get discovered in certified products with high assurance levels. Furthermore, assessing which certified products are impacted by such vulnerabilities is complicated due to the large amount of unstructured certification-related data and unclear relationships between the certificates. To address these problems, we conducted a large-scale automated analysis of Common Criteria and FIPS 140 certificates. We trained unsupervised models to learn which vulnerabilities from NIST's National Vulnerability Database impact existing certified products and how certified products reference each other. Our tooling automates the analysis of tens of thousands of certification-related documents, extracting machine-readable features where manual analysis is unattainable. Further, we identify the security requirements that are associated with products being affected by fewer and less severe vulnerabilities (on average). This indicates which aspects of certification correlate with higher security. We demonstrate how our tool can be used for better vulnerability mitigation on four case studies of known, high-profile vulnerabilities. All tools and continuously updated results are available at https://seccerts.org.
△ Less
Submitted 29 November, 2023;
originally announced November 2023.
-
Want to Raise Cybersecurity Awareness? Start with Future IT Professionals
Authors:
Lydia Kraus,
Valdemar Švábenský,
Martin Horák,
Vashek Matyáš,
Jan Vykopal,
Pavel Čeleda
Abstract:
As cyber threats endanger everyone, from regular users to computing professionals, spreading cybersecurity awareness becomes increasingly critical. Therefore, our university designed an innovative cybersecurity awareness course that is freely available online for students, employees, and the general public. The course offers simple, actionable steps that anyone can use to implement defensive count…
▽ More
As cyber threats endanger everyone, from regular users to computing professionals, spreading cybersecurity awareness becomes increasingly critical. Therefore, our university designed an innovative cybersecurity awareness course that is freely available online for students, employees, and the general public. The course offers simple, actionable steps that anyone can use to implement defensive countermeasures. Compared to other resources, the course not only suggests learners what to do, but explains why and how to do it. To measure the course impact, we administered it to 138 computer science undergraduates within a compulsory information security and cryptography course. They completed the course as a part of their homework and filled out a questionnaire after each lesson. Analysis of the questionnaire responses revealed that the students valued the course highly. They reported new learning, perspective changes, and transfer to practice. Moreover, they suggested suitable improvements to the course. Based on the results, we have distilled specific insights to help security educators design similar courses. Lessons learned from this study are relevant for cybersecurity instructors, course designers, and educational managers.
△ Less
Submitted 14 July, 2023;
originally announced July 2023.
-
Will You Trust This TLS Certificate? Perceptions of People Working in IT (Extended Version)
Authors:
Martin Ukrop,
Lydia Kraus,
Vashek Matyas
Abstract:
Flawed TLS certificates are not uncommon on the Internet. While they signal a potential issue, in most cases they have benign causes (e.g., misconfiguration or even deliberate deployment). This adds fuzziness to the decision on whether to trust a connection or not. Little is known about perceptions of flawed certificates by IT professionals, even though their decisions impact high numbers of end u…
▽ More
Flawed TLS certificates are not uncommon on the Internet. While they signal a potential issue, in most cases they have benign causes (e.g., misconfiguration or even deliberate deployment). This adds fuzziness to the decision on whether to trust a connection or not. Little is known about perceptions of flawed certificates by IT professionals, even though their decisions impact high numbers of end users. Moreover, it is unclear how much the content of error messages and documentation influences these perceptions. To shed light on these issues, we observed 75 attendees of an industrial IT conference investigating different certificate validation errors. We also analyzed the influence of reworded error messages and redesigned documentation. We find that people working in IT have very nuanced opinions, with trust decisions being far from binary. The self-signed and the name-constrained certificates seem to be over-trusted (the latter also being poorly understood). We show that even small changes in existing error messages can positively influence resource use, comprehension, and trust assessment. At the end of the article, we summarize lessons learned from conducting usable security studies with IT professionals.
△ Less
Submitted 23 July, 2022;
originally announced July 2022.
-
A Longitudinal Study of Cryptographic API: a Decade of Android Malware
Authors:
Adam Janovsky,
Davide Maiorca,
Dominik Macko,
Vashek Matyas,
Giorgio Giacinto
Abstract:
Cryptography has been extensively used in Android applications to guarantee secure communications, conceal critical data from reverse engineering, or ensure mobile users' privacy. Various system-based and third-party libraries for Android provide cryptographic functionalities, and previous works mainly explored the misuse of cryptographic API in benign applications. However, the role of cryptograp…
▽ More
Cryptography has been extensively used in Android applications to guarantee secure communications, conceal critical data from reverse engineering, or ensure mobile users' privacy. Various system-based and third-party libraries for Android provide cryptographic functionalities, and previous works mainly explored the misuse of cryptographic API in benign applications. However, the role of cryptographic API has not yet been explored in Android malware. This paper performs a comprehensive, longitudinal analysis of cryptographic API in Android malware. In particular, we analyzed $603\,937$ Android applications (half of them malicious, half benign) released between $2012$ and $2020$, gathering more than 1 million cryptographic API expressions. Our results reveal intriguing trends and insights on how and why cryptography is employed in Android malware. For instance, we point out the widespread use of weak hash functions and the late transition from insecure DES to AES. Additionally, we show that cryptography-related characteristics can help to improve the performance of learning-based systems in detecting malicious applications.
△ Less
Submitted 6 July, 2022; v1 submitted 11 May, 2022;
originally announced May 2022.
-
Biased RSA private keys: Origin attribution of GCD-factorable keys
Authors:
Adam Janovsky,
Matus Nemec,
Petr Svenda,
Peter Sekan,
Vashek Matyas
Abstract:
In 2016, Svenda et al. (USENIX 2016, The Million-key Question) reported that the implementation choices in cryptographic libraries allow for qualified guessing about the origin of public RSA keys. We extend the technique to two new scenarios when not only public but also private keys are available for the origin attribution - analysis of a source of GCD-factorable keys in IPv4-wide TLS scans and f…
▽ More
In 2016, Svenda et al. (USENIX 2016, The Million-key Question) reported that the implementation choices in cryptographic libraries allow for qualified guessing about the origin of public RSA keys. We extend the technique to two new scenarios when not only public but also private keys are available for the origin attribution - analysis of a source of GCD-factorable keys in IPv4-wide TLS scans and forensic investigation of an unknown source. We learn several representatives of the bias from the private keys to train a model on more than 150 million keys collected from 70 cryptographic libraries, hardware security modules and cryptographic smartcards. Our model not only doubles the number of distinguishable groups of libraries (compared to public keys from Svenda et al.) but also improves more than twice in accuracy w.r.t. random guessing when a single key is classified. For a forensic scenario where at least 10 keys from the same source are available, the correct origin library is correctly identified with average accuracy of 89% compared to 4% accuracy of a random guess. The technique was also used to identify libraries producing GCD-factorable TLS keys, showing that only three groups are the probable suspects.
△ Less
Submitted 14 September, 2020;
originally announced September 2020.
-
A Large-Scale Comparative Study of Beta Testers and Standard Users
Authors:
Vlasta Stavova,
Lenka Dedkova,
Martin Ukrop,
Vashek Matyas
Abstract:
Beta testers are the first end users outside a software company to use its product. They have been used for decades and are rightly credited not only with finding and reporting bugs, but also with improving general product usability through their feedback and/or the ways they use the product. In this paper, we investigate whether beta testers represent standard users well enough to allow for the e…
▽ More
Beta testers are the first end users outside a software company to use its product. They have been used for decades and are rightly credited not only with finding and reporting bugs, but also with improving general product usability through their feedback and/or the ways they use the product. In this paper, we investigate whether beta testers represent standard users well enough to allow for the extrapolation of testing data to standard users. We have investigated records of beta testers and standard users of home security solution developed by the IT security software provider ESET. With more than 600 000 participants from more than 180 countries, we present what we believe to be the first large-scale comparison between standard users and beta testers. We compared several aspects of both populations, such as hardware, operating system, country of origin and EULA reading time, all taken from system data. Other attributes, such as age, gender, privacy perception and computer proficiency self-evaluation, were available thanks to a user questionnaire. We conclude that - at least in our study - beta users represent standard users well in terms of hardware and operating system in large scale beta testing. However, populations differ significantly in the distribution of users and testers between countries. This may cause a problem when a testing includes localization and usability issues that may be influenced by regional differences.
△ Less
Submitted 16 November, 2018;
originally announced November 2018.
-
Practical Cryptographic Data Integrity Protection with Full Disk Encryption Extended Version
Authors:
Milan Broz,
Mikulas Patocka,
Vashek Matyas
Abstract:
Full Disk Encryption (FDE) has become a widely used security feature. Although FDE can provide confidentiality, it generally does not provide cryptographic data integrity protection. We introduce an algorithm-agnostic solution that provides both data integrity and confidentiality protection at the disk sector layer. Our open-source solution is intended for drives without any special hardware exten…
▽ More
Full Disk Encryption (FDE) has become a widely used security feature. Although FDE can provide confidentiality, it generally does not provide cryptographic data integrity protection. We introduce an algorithm-agnostic solution that provides both data integrity and confidentiality protection at the disk sector layer. Our open-source solution is intended for drives without any special hardware extensions and is based on per-sector metadata fields implemented in software. Our implementation has been included in the Linux kernel since the version 4.12. This is extended version of our article that appears in IFIP SEC 2018 conference proceedings.
△ Less
Submitted 1 July, 2018;
originally announced July 2018.