NEC orchestrating a brighter world
NEC Laboratories Europe

Security
Publications

Jannik Albrecht, Sebastien Andreina, Frederik Armknecht, Ghassan Karame, Giorgia Marson, Julian Willingmann: “Larger-scale Nakamoto-style Blockchains Don't Necessarily Offer Better Security”, the 45th IEEE Symposium on Security and Privacy 2024

Paper Details

Abstract:

Extensive research on Nakamoto-style consensus protocols has shown that network delays degrade the security of these protocols. Established results indicate that, perhaps surprisingly, maximal security is achieved when the network is as small as two nodes due to increased delays in larger networks. This contradicts the very foundation of blockchains, namely that decentralization improves security.

In this paper, we take a closer look at how the network scale affects security of Nakamoto-style blockchains. We argue that a crucial aspect has been neglected in existing security models: the larger the network, the harder it is for an attacker to control a significant amount of power. To this end, we introduce a probabilistic corruption model to express the increasing difficulty for an attacker to corrupt resources in larger networks. Based on our model, we analyze the impact of the number of nodes on the (maximum) network delay and the fraction of adversarial power. In particular, we show that (1) increasing the number of nodes eventually violates security, but (2) relying on a small number of nodes does not provide decent security provisions either. We then validate our analysis by means of an empirical evaluation emulating hundreds of thousands of nodes in deployments such as Bitcoin, Monero, Cardano, and Ethereum Classic. Based on our empirical analysis, we concretely analyze the impact of various real-world parameters and configurations on the consistency bounds in existing deployments and on the adversarial power that can be tolerated while providing security. As far as we are aware, this is the first work that analytically and empirically explores the real-world tradeoffs achieved by current popular Nakamoto-style deployments.

Accepted at: The 45th IEEE Symposium on Security and Privacy 2024

In collaboration with: Ruhr University Bochum, University of Mannheim

Paper link: https://arxiv.org/pdf/2404.09895

Daniel Schadt, Christoph Coijanovic, Christiane Weis, Thorsten Strufe: PolySphinx: Extending the Sphinx Mix Format with Better Multicast Support,” the 45th IEEE Symposium on Security and Privacy 2024

Paper Details

Abstract:

Mix networks are a well-known technique to hide communication metadata, but incur a high overhead especially in group communication settings. This hinders their adoption in real-world usage, as group communication makes up a big part of modern communication patterns. In this paper, we introduce “PolySphinx”, a mix format that is a step towards efficient anonymous multicasting and allows a mix node to replicate the message payload to multiple recipients. We prove that PolySphinx does not compromise on the anonymity offered to users, while considerably reducing the latency of group messages: In a group with 25 members, the average latency drops from 6.1 s using the state-of-the-art Rollercoaster approach to 4.1s using PolySphinx.

Accepted at: The 45th IEEE Symposium on Security and Privacy 2024

In collaboration with: Karlsruhe Institute of Technology

Paper link: https://www.computer.org/csdl/proceedings-article/sp/2024/313000a044/1RjEaiu0Ehy

Pascal Zimmer, Sébastien Andreina, Giorgia Azzurra Marson, Ghassan Karame: “Closing the Gap: Achieving Better Accuracy-Robustness Tradeoffs Against Query-Based Attacks”, the 38th Annual AAAI Conference on Artificial Intelligence 2024

Paper Details

Abstract:

Although promising, existing defenses against query-based attacks share a common limitation: they offer increased robustness against attacks at the price of a considerable accuracy drop on clean samples. In this work, we show how to efficiently establish, at test-time, a solid tradeoff between robustness and accuracy when mitigating query-based attacks. Given that these attacks necessarily explore low-confidence regions, our insight is that activating dedicated defenses, such as RND (Qin et al., NeurIPS 2021) and Random Im- age Transformations (Xie et al., ICLR 2018), only for low-confidence inputs is sufficient to prevent them. Our approach is independent of training and supported by theory. We verify the effectiveness of our approach for various existing defenses by conducting extensive experiments on CIFAR-10, CIFAR-100, and ImageNet. Our results confirm that our proposal can indeed enhance these defenses by providing better tradeoffs between robustness and accuracy when compared to state-of-the-art approaches while being completely training-free.

Accepted at: The 38th Annual AAAI Conference on Artificial Intelligence 2024

In collaboration with: Ruhr-Universität Bochum, CASA – Cyber Security in the Age of Large-Scale Adversaries

Paper link: https://arxiv.org/pdf/2312.10132

David Balbás, Dario Fiore, Maria Isabel González Vasco, Damien Robissout, Claudio Soriente: "Modular Sumcheck Proofs with Applications to Machine Learning and Image Processing", the ACM Conference on Computer and Communications Security (CCS) 2023

Paper Details

Abstract:

Cryptographic proof systems provide integrity, fairness, and privacy in applications that outsource data processing tasks. However, general-purpose proof systems do not scale well to large inputs. At the same time, ad-hoc solutions for concrete applications - e.g., machine learning or image processing - are more efficient but lack modularity, hence they are hard to extend or to compose with other tools of a data-processing pipeline. In this paper, we combine the performance of tailored solutions with the versatility of general-purpose proof systems. We do so by introducing a modular framework for verifiable computation of sequential operations. The main tool of our framework is a new information-theoretic primitive called Verifiable Evaluation Scheme on Fingerprinted Data (VE) that captures the properties of diverse sumcheck-based interactive proofs, including the well-established GKR protocol. Thus, we show how to compose VEs for specific functions to obtain verifiability of a data-processing pipeline. We propose a novel VE for convolution operations that can handle multiple input-output channels and batching, and we use it in our framework to build proofs for (convolutional) neural networks and image processing. We realize a prototype implementation of our proof systems, and show that we achieve up to 5x faster proving time and 10x shorter proofs compared to the state-of-the-art, in addition to asymptotic improvements.

Presented at: ACM Conference on Computer and Communications Security (CCS) 2023

In collaboration with: IMDEA Software InstituteUniversidad Politécnica de MadridUniversidad Carlos III de Madrid

Paper link: https://eprint.iacr.org/2023/1342.pdf

Michael Rodler, David Paaßen, Wenting Li, Lukas Bernhard, Thorsten Holz, Ghassan Karame, Lucas Davi: "EF-CF: High Performance Smart Contract Fuzzing for Exploit Generation", the 8th IEEE European Symposium on Security and Privacy 2023

Paper Details

Abstract:

Smart contracts are increasingly being used to manage large numbers of high-value cryptocurrency accounts. There is a strong demand for automated, efficient, and comprehensive methods to detect security vulnerabilities in a given contract. While the literature features a plethora of analysis methods for smart contracts, the existing proposals do not address the increasing complexity of contracts. Existing analysis tools suffer from false alarms and missed bugs in today’s smart contracts that are increasingly defined by complexity and interdependencies. To scale accurate analysis to modern smart contracts, we introduce EF-CF, a high-performance fuzzer for Ethereum smart contracts. In contrast to previous work, EF-CF efficiently and accurately models complex smart contract interactions, such as reentrancy and cross-contract interactions, at a very high fuzzing throughput rate. To achieve this, EF-CF transpiles smart contract bytecode into native C++ code, thereby enabling the reuse of existing, optimized fuzzing toolchains. Furthermore, EF-CF increases fuzzing efficiency by employing a structure-aware mutation engine for smart contract transaction sequences and using a contract’s ABI to generate valid transaction inputs. In a comprehensive evaluation, we show that EF-CF scales better—without compromising accuracy—to complex contracts compared to state-of-the-art approaches, including other fuzzers, symbolic/concolic execution, and hybrid approaches. Moreover, we show that EF-CF can automatically generate transaction sequences that exploit reentrancy bugs to steal Ether.

Presented at: The 8th IEEE European Symposium on Security and Privacy 2023

In collaboration with: Amazon Web ServicesUniversity of Duisburg-EssenRuhr University BochumCISPA Helmholtz Center for Information Security 

Paper link: https://arxiv.org/pdf/2304.06341

Samira Briongos, Ghassan Karame, Claudio Soriente, Annika Wilde: “No Forking Way: Detecting Cloning Attacks on Intel SGX Applications”, Annual Computer Security Applications Conference (ACSAC) 2023

Paper Details

Abstract:

Forking attacks against TEEs like Intel SGX can be carried out either by rolling back the application to a previous state, or by cloning the application and by partitioning its inputs across the cloned instances. Current solutions to forking attacks require Trusted Third Parties (TTP) that are hard to find in real-world deployments. In the absence of a TTP, many TEE applications rely on monotonic counters to mitigate forking attacks based on rollbacks; however, they have no protection mechanism against forking attack based on cloning. In this paper, we analyze 72 SGX applications and show that approximately 20% of those are vulnerable to forking attacks based on cloning—including those that rely on monotonic counters.

To address this problem, we present CloneBuster, the first practical clone-detection mechanism for Intel SGX that does not rely on a TTP and, as such, can be used directly to protect existing applications. CloneBuster allows enclaves to (self-) detect whether another enclave with the same binary is running on the same platform. To do so, CloneBuster relies on a cache-based covert channel for enclaves to signal their presence to (and detect the presence of) clones on the same machine. We show that CloneBuster is robust despite a malicious OS, only incurs a marginal impact on the application performance, and adds approximately 800 LoC to the TCB. When used in conjunction with monotonic counters, CloneBuster allows applications to benefit from a comprehensive protection against forking attacks.

Presented at: Annual Computer Security Applications Conference (ACSAC)

In collaboration with: Ruhr-Universität Bochum

Paper link: https://arxiv.org/pdf/2310.03002

 K. Sharad, G. Azzurra Marson, H. T. T. Truong, G. Karame, “On the Security of Randomized Defenses Against Adversarial Samples”, ACM AsiaCCS 2020

D. Perino, M. Varvello, C. Soriente. "Understanding Free Web Proxies: Performance, Behavior, and Usage", in ACM Transactions on the Web. September 2019

D. Basin, F. Klaedtke, E. Zalinescu:  “Runtime Verification over Out-oforder Streams”, accepted for publication in the ACM Transactions of Computational Logic.  August 2019

H. Truong, M. Almeida,G. Karame, C. Soriente,  "Towards Secure and Decentralized Sharing of IoT Data IEEE Blockchain 2019", Atlanta, USA

C. Iordanou, N. Kourtellis, J.M. Carrascosa, C. Soriente, R. Cuevas, N. Laoutaris: "Beyond content analysis: Detecting targeted ads via distributed counting", CoNEXT 2019

S. Matetic, K. Wuerst, M. Schneider, K. Kostianien, G. Karame, S. Capkun, “BITE: Bitcoin Lightweight Client Privacy using Trusted Execution”, In Proceedings of USENIX Security, 2019

C. Soriente, G. Karame, W. Li, S. Fedorov: ReplicaTEE: "Enabling Seamless Replication of SGX Enclaves in the Cloud", EuroS&P. March 2019

Paper Details

With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). The integration of SGX within the cloud considerably strengthens the threat model for cloud applications. However, cloud deployments depend on the ability of the cloud operator to add and remove application dynamically; this is no longer possible given the current model to deploy and provision enclaves that actively involves the application owner. In this paper, we propose ReplicaTEE, a solution that enables seamless commissioning and decommissioning of TEE-based applications in the cloud. ReplicaTEE leverages an SGX-based provisioning service that interfaces with a Byzantine Fault-Tolerant storage service to securely orchestrate enclave replication in the cloud, without the active intervention of the application owner. Namely, in ReplicaTEE, the application owner entrusts application secret to the provisioning service; the latter handles all enclave commissioning and decommissioning operations throughout the application lifetime. We analyze the security of ReplicaTEE and show that it is secure against attacks by a powerful adversary that can compromise a large fraction of the cloud infrastructure. We implement a prototype of ReplicaTEE in a realistic cloud environment and evaluate its performance. ReplicaTEE moderately increments the TCB by ≈800 LoC. Our evaluation shows that ReplicaTEE does not add significant overhead to existing SGX-based applications.

M. I. González Vasco,  A. P. Del Pozo, C. Soriente, “A key for John Doe: modeling and designing Anonymous PasswordAuthenticated Key Exchange protocols”, IEEE IEEE Transactions on Dependable and Secure Computing. May 2019

D. Dobre, G. Karame, W. Li, M. Majunkte, N. Suri, M. Vukolic, “Proofs of Writing for Robust Storage”,  IEEE Transactions on Parallel and Distributed Systems. June 2019

Top of this page