The Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security (TLS), have become the de facto means of providing strong cryptographic protection for network traffic. Their near universal integration with web browsers arguably makes them the most visible pieces of security infrastructure for average users. While vulnerabilities are occasionally found in specific implementations, SSL/TLS are widely viewed as robust means of providing confidentiality, integrity and server authentication. However, these guarantees are built on tenuous assumptions about the ability to authenticate the server-side of a transaction by using digital certificates signed by a trusted third-party certification authority (CA). The security community has long been critical of the Public Key Infrastructure for X.509 (PKIX) and its CAbased

Abstract. The security guarantees provided by SSL/TLS depend on the correct authentication of servers through certificates signed by a trusted authority. How-ever, as recent incidents have demonstrated, trust in these authorities is not well placed. Increasingly, certificate authorities (by coercion or compromise) have been creating forged certificates for a range of adversaries, allowing seemingly secure communications to be intercepted via man-in-the-middle (MITM) attacks. A variety of solutions have been proposed, but their complexity and deployment costs have hindered their adoption. In this paper, we propose Direct Validation of Certificates (DVCert), a novel protocol that, instead of relying on third-parties for certificate validation, allows domains to directly and securely vouch for their certificates using previously established user authentication credentials. By rely-ing on a robust cryptographic construction, this relatively simple means of en-hancing server identity validation is not only efficient and comparatively easy to deploy, but it also solves other limitations of third-party solutions. Our extensive experimental analysis in both desktop and mobile platforms shows that DVCert transactions require little computation time on the server (e.g., less than 1 ms) and are unlikely to degrade server performance or user experience. In short, we provide a robust and practical mechanism to enhance server authentication and protect web applications from MITM attacks against SSL/TLS. 1

Abstract—Activity-tracking applications, where people record and upload information about their location-based activities (e.g., the routes of their activities), are increasingly popular. Such applications enable users to share information and compete with their friends on activity-based social networks but also, in some cases, to obtain discounts on their health insurance premiums by proving they conduct regular fitness activities. However, they raise privacy and security issues: the service providers know the exact locations of their users; the users can report fake location information, for example, to unduly brag about their performance. In this paper, we present SecureRun, a secure privacy-preserving system for reporting location-based activity summaries (e.g., the total distance covered and the elevation gain). SecureRun is based on a combination of cryptographic techniques and geometric algorithms, and it relies on existing Wi-Fi access-point networks deployed in urban areas. We evaluate SecureRun by using real data-sets from the FON hotspot community networks and from the Garmin Connect activity-based social network, and we show that it can achieve tight (up to a median accuracy of more than 80%) verifiable lower-bounds of the distance covered and of the elevation gain, while protecting the location privacy of the users with respect to both the social network operator and the access point network operator(s). The results of our online survey, targeted at RunKeeper users recruited through the Amazon Mechanical Turk platform, highlight the lack of awareness and significant concerns of the participants about the privacy and security issues of activity-tracking applications. They also show a good level of satisfaction regarding SecureRun and its performance.

Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection

The performance of SIP proxies is critical for the robust operation of many applications. However, the use of even light-weight au-thentication schemes can significantly degrade throughput in these systems. In particular, systems in which multiple proxies share a remote authentication database can experience reduced perfor-mance due to latency. In this paper, we investigate how the ap-plication of parallel execution and batching can be used to maxi-mize throughput while carefully balancing demands for bandwidth and call failure rates. Through the use of a modified version of OpenSER, a high-performance SIP proxy, we demonstrate that the traditional recommendation of simply launching a large number of parallel processes not only incurs substantial overhead and in-creases dropped calls, but can actually decrease call throughput. An alternative technique that we implement, request batching, fails to achieve similarly high proxy throughput. Through a carefully selected mix of batching and parallelization, we reduce the band-width required to maximize authenticated signaling throughput by the proxy by more than 75%. This mix also keeps the call loss rates below 1 % at peak performance. Through this, we signifi-cantly reduce the cost and increase the throughput of authentication for large-scale networks supporting SIP applications.

The distinction between mobile applications built for specific plat-forms and that run in mobile browsers is increasingly being blurred. As HTML5 becomes universally deployed and mobile web apps directly take advantage of device features such as the camera, mi-crophone and geolocation information, this difference will vanish almost entirely. In spite of this increasing similarity, the permission systems protecting mobile device resources for native1 and web apps are dramatically different. In this position paper, we argue that the increasing indistinguishability between such apps coupled with the dynamic nature of mobile web apps calls for reconsidering the current permission model for mobile web apps. We first discuss factors associated with securing mobile web apps in comparison to traditional apps. We then propose a mechanism that presents a holistic view of the permissions required by a web app and pro-vides a simple, single-stop permission management process. We then briefly discuss issues surrounding the use and deployment of this technique. In so doing, we argue that in the absence of an in-cloud security model for mobile web apps, client side defenses are limited. Our model can provide users with a better chance of making informed security decisions and may also aid researchers in assessing security of mobile web apps.

Authentication is an important mechanism for the reliable operation of any Voice over IP (VoIP) infrastructure. Digest authentication has become the most widely adopted VoIP authentication protocol due to its simple properties. However, even this lightweight protocol can have a significant impact on the performance and scalability of a VoIP infrastructure. In this paper, we present Proxychain – a novel VoIP authentication protocol based on a modified hash chain construction. Proxychain not only improves performance and scalability, but also offers additional security properties such as mutual authentication. Through experimental analysis we demonstrate an improvement of greater than 1700 % of the maximum call throughput possible with Digest authentication in the same architecture. We show that the more efficient authentication mechanisms of Proxychain can be used to improve the overall security of a carrier-scale VoIP network. 1

Anonymous communications systems generally trade off perfor-mance for strong cryptographic guarantees of privacy. However, a number of applications with moderate performance requirements (e.g., chat) may require both properties. In this paper, we develop a new architecture that provides provably unlinkable and efficient communications using a single intermediary node. Nodes partici-pating in these Mix-In-Place Networks (MIPNets) exchange mes-sages through a mailbox in an Oblivious Proxy (OP). Clients lever-age Secure Function Evaluation (SFE) to send and receive their messages from the OP while blindly but reversibly modifying the appearance of all other messages (i.e., mixing in place) in the mail-box. While an Oblivious Proxy will know that a client participated in exchanges, it can not be certain which, if any, messages that client transmitted or received. We implement and measure our pro-posed design using a modified version of Fairplay and note reduc-tions in execution times of greater than 98 % over the naïve applica-tion of garbled circuits. We then develop a chat application on top of the MIPNet architecture and demonstrate its practical use for as many as 100 concurrent users. Our results demonstrate the poten-tial to use SFE-enabled “mixing ” in a single proxy as a means of providing provable deniability for applications with near real-time performance requirements. 1.

Abstract. IP phones are an essential component of any VoIP infrastructure. The hardware constraints and newness of these devices, as compared to mature desktop or server systems, lead to software development focused primarily on features and functionality rather than security and dependability. While several automated tools exist to test the security of IP phones, these tools have limitations and can not provide a strong guarantee that a particular IP phone is secure. Our work evaluates the attack resilience of a widely deployed IP phone, the Cisco 7960G, employing techniques such as: vulnerability scans, fuzz tests, and static binary analysis. While the first two techniques found no vulnerabilities, the static analysis of the firmware image revealed critical vulnerabilities and fundamental software design flaws. We conclude that security designs proven useful in desktop and server software architectures should similarly appear as part of the software design for devices such as IP phones. Key words: VoIP security, IP phone, static binary analysis, embedded system security 1

Contextual information about users is increasingly shared on mobile social networks. Examples of such information include users ’ locations, events, activities, and the co-presence of others in proximity. When disclosing personal information, users take into account several factors to balance privacy, utility and convenience – they want to share the “right ” amount and type of information at each time, thus revealing a selective sharing behavior depending on the context, with a minimum amount of user interaction. In this article, we present SPISM, a novel information-sharing system that decides (semi-)automatically, based on personal and contextual features, whether to share information with others and at what granularity, whenever it is requested. SPISM makes use of (active) machine-learning techniques, including cost-sensitive multi-class classifiers based on support vector machines. SPISM provides both ease of use and privacy features: It adapts to each user’s behavior and predicts the level of detail for each sharing decision. Based on a personalized survey about information sharing, which involves 70 participants, our results provide insight into the most influential features behind a sharing decision, the reasons users share different types of information and their confidence in such decisions. We show that SPISM outperforms other kinds of policies; it achieves a median proportion of correct sharing decisions of 72 % (after only 40 manual decisions). We also show that SPISM can be optimized to gracefully balance utility and privacy, but at the cost of a slight decrease in accuracy. Finally, we assess the potential of a one-size-fits-all version of SPISM.