So this is the last day of the conference and is usually the time for some of the less interesting papers to be presented (like my ISSA paper this year). But instead, the sessions proved to be by far the most interesting with some really amazing results/approaches/concepts with sometimes frightening possible consequences. That said, there were still some boring talks - so I will just ignore them.
I missed the first paper of the day by opting for an extended breakfast (and because I woke up slightly late) but I am glad I didn't miss the second - a talk on a different reputation mechanism for online auctions - in particular looking at the idea of trying to find out if some power sellers (basically people who make a living out of eBay) are actively colluding to push up prices. While their investigation was based on real world data (100k+ auction bids IIRC), the results are still largely theoretical as they haven't proved conclusively if their suspicions are correct. The approach and analysis was still very cool.
The next talk was equally interesting - the paper investigated the correctness of results generated in the clients of P2P grid applications like SETI@HOME. The results are slightly negative in the sense that correctness cannot be guaranteed but they did introduce a lot of formalisms that can be used to reduce possible errors. Their approach is particularly interesting as correctness of client results (in terms of a dishonest client) have been effectively ignored by the HPC community.
The next few talks were rather uninteresting, although a key exchange mechanism using password authentication (PAKE) was quite interesting. The last talk of session 2 on proxy resigning (a very counter intuitive concept in the first place) was very interesting and the paper does present some challenges that need to be solved. I am however not a cryptographer - and I don't think I could solve the challenge.
The next 7 papers were all brilliant. The first paper was an investigation into automation of LSM kernel hooks for Linux. Very interesting as some of the reasons we did not use LSM in the kernel level DRM controller are addressed although I am not sure if LSM would be a better option to the current approach. The next two papers were essentially buffer overflow prevention techniques. The first from Microsoft Research (which used Linux for some of the testing) presented a mechanism to prevent buffer overflow attacks without patching the defect! A very cool approach although architecture bound; but they did have a cool demo. The second was an approach to ovecome buffer overflow attacks that use format string attacks with C/C++ programs. Again - no need to modify source code - but this is not for binaries - code needs to be recompiled.
And then we come to the last session focusing on attacks and some really good work. The first paper was an improvement for dictionary attack targeting hashed password files with no salt values (apache, windows). Currently the attack focuses on human memorable passwords (which are the most common passwords) and most importantly the attack takes a few seconds!
The second paper was probably the coolest and an attack that has no real solution. The paper discussed keyboard logging through simply recording the sound of keys being pressed! Ok, at the moment, it is limited to a limited number of keys - but they have an amazing 90%+ character recognition, and with some funky Markov models they manage to get over 85% word recognition. Go check out http://www.keyboard-emanations.org for more detail!
So while the first two papers attacked individual users, the third paper brought down the Internet with minimal effort by exploiting effectively a flaw in TCP. In TCP, data flow is controlled using ACKs. However, it is this very fact that is used confuse an honest client to flood the network and thus create a DoS attack. Although the attack is very much theoretical, it does seem very much plausible. And all current servers utilising TCP are vulnerable!
And then the last paper - again very interesting, although I think it is very much limited to the USA as opposed to its global claims. Basically, it is an attack on GSM networks using SMS flooding, but I think many of the features of the attack depends on how GSM networks are set up - and would not really affect the rest of the world. Hmmm .... maybe there's a paper in there - a paper on examining the practicality of their attack in the rest of the world.
No comments:
Post a Comment