Freenet is a well-known anonymous communication system that enables file sharing among users. It employs a probabilistic hops-to-live (HTL) decrement approach to hide the originator among nodes in a multi-hop path. Therefore, all nodes shall exhibit identical behaviors to preserve anonymity. However, we discover that the path folding mechanism in Freenet violates this principle due to behavior discrepancy between downloaders and intermediate nodes. The path folding mechanism is designed to help Freenet evolve into a navigable small-world network. A delayed path folding message by a successor node may incur a timeout event at its predecessor, and an intermediate node reacts differently to such timeout with a downloader. Therefore, malicious nodes can deliberately trigger the timeout event to identify downloaders. The complex implementation of the path folding timeout detection mechanism in Freenet complicates our de-anonymization attack. We thoroughly analyze the underlying cause and develop three strategies to manipulate three types of messages respectively at the malicious node, minimizing the false positive rate. We conduct extensive real-world experiments to verify the feasibility and effectiveness of our attack. They show that our attack achieves a true positive rate of 100\% and false positive rate of near 0\% under two different Freenet download modes.

Deep neural network (DNN) based website fingerprinting (WF) attacks can achieve an attack success rate (ASR) of over 90%, seriously threatening the privacy of Tor users. At present, adversarial example (AE) based defenses have demonstrated great potential to defend against WF attacks. However, existing AE-based defenses require knowing complete traffic trace for adversarial perturbation calculation, which is unrealistic in practice. Moreover, they may become ineffective once adversarial training (AT) is adopted by attackers. To mitigate these two problems, we propose a defense called ALERT. It generates adversarial perturbations without knowing traffic traces. Moreover, ALERT can effectively resist AT-aided WF attacks. The key idea of ALERT is to produce universal perturbations that vary from user to user. We conduct extensive experiments to evaluate ALERT. In the closed world, ALERT significantly surpasses four representative WF defenses, including the state-of-the-art (SOTA) defense AWA. Specifically, ALERT reduces the ASR of the SOTA DF attack to 12.68% and uses only 20.13% of communication bandwidth. In the open world, ALERT uses only 19.91% of bandwidth, reduces the True Positive Rate (TPR) of the DF attack to 37.46%, obviously outperforming the other defenses.

Despite the proven capabilities of deep neural networks (DNNs) for radio frequency (RF) fingerprinting, their security vulnerabilities have been largely overlooked. Unlike the extensively studied image domain, few works have explored the threat of backdoor attacks on RF signals. In this paper, we analyze the susceptibility of DNN-based RF fingerprinting to backdoor attacks, focusing on a more practical scenario where attackers lack access to control model gradients and training processes. We propose leveraging explainable machine learning techniques and autoencoders to guide the selection of positions and values, enabling the creation of effective backdoor triggers in a model-agnostic manner. To comprehensively evaluate our backdoor attack, we employ four diverse datasets with two protocols (Wi-Fi and LoRa) across various DNN architectures. Given that RF signals are often transformed into the frequency or time-frequency domains, this study also assesses attack efficacy in the time-frequency domain. Furthermore, we experiment with potential defenses, demonstrating the difficulty of fully safeguarding against our attacks.

Today's software development landscape has witnessed a shift towards microservices based architectures. Using this approach, large software systems are implemented by combining loosely-coupled services, each responsible for specific task and defined with separate scaling properties. Auto-scaling is a primary capability of cloud computing which allows systems to adapt to fluctuating traffic loads by dynamically increasing (scale-up) and decreasing (scale-down) the number of resources used. We observe that when microservices which utilize separate auto-scaling mechanisms operate in tandem to process traffic, they may perform ineffectively, especially under overload conditions, due to DDoS attacks. This can result in throttling (Denial of service -- DoS) and over-provisioning of resources (Economic Denial of Sustainability -- EDoS). This paper demonstrates how an attacker can exploit the tandem behavior of microservices with different auto-scaling mechanisms to create an attack we denote as the Tandem Attack. We demonstrate the attack on a typical Serverless architecture and analyze its economical and performance damages. One intriguing finding is that some attacks may make a cloud customer paying for service-denied requests. We conclude that independent scaling of loosely coupled components might form an inherent difficulty and end-to-end controls might be needed.

Website Fingerprinting (WF) attack, a type of traffic analysis attack, enables a local and passive eavesdropper, situated between the Tor client and the Tor entry node, to deduce which websites the client is visiting. Currently, deep learning (DL) based WF attacks have overcome a number of proposed WF defenses, demonstrating superior performance compared to traditional machine learning (ML) based WF attacks. To mitigate this threat, we present FUZZD, a fuzz-testing-based traffic morphing WF defense technique. FUZZD employs fine-grained neuron information within WF classifiers to design a joint optimization function and then apply gradient ascent to maximize both neuron value and misclassification possibility in DL-based WF classifiers. During each traffic mutation cycle, we propose a gradient based dummy traffic injection pattern generation approach, continuously mutating the traffic until a pattern emerges that can successfully deceive the classifier. Finally, the pattern present in successful variant traces are extracted and applied as defense strategies to Tor traffic. Extensive evaluations reveal that FUZZD can effectively decrease the accuracy of DL-based WF classifiers (e.g., DF and Var-CNN) to a mere 4.43%, while only incurring an 11.04% bandwidth overhead. This highlights the potential efficacy of our approach in mitigating WF attacks.

We study a Stackelberg game between an attacker and a defender on large Active Directory (AD) attack graphs where the defender employs a set of honeypots to stop the attacker from reaching high value targets. Contrary to existing works that focus on small and static attack graphs, AD graphs typically contain hundreds of thousands of nodes and edges and constantly change over time. We consider two types of attackers: a simple attacker who cannot observe honeypots, and a competent attacker who can. To jointly solve the game, we propose a mixed-integer programming (MIP) formulation. We observed that the optimal blocking plan for static graphs performs poorly in dynamic graphs. To solve the dynamic graph problem, we re-design the mixed-integer programming formulation by combining m MIP (dyMIP(m)) instances to produce a near optimal blocking plan. Furthermore, to handle the large number of dynamic graph instances, we use a clustering algorithm to efficiently find the m-most representative graph instances for a constant m (dyMIP(m)). We prove a lower-bound on the optimal blocking strategy for dynamic graphs and show that our dyMIP(m) algorithms produce close to optimal results for a range of AD graphs under realistic conditions.

High-precision time synchronization is a vital prerequisite for many modern applications and technologies, including Smart Grids, Time-Sensitive Networking, and 5G networks. Although the Precision Time Protocol (PTP) can accomplish this requirement in trusted environments, it becomes unreliable in the presence of specific cyber attacks. Mainly, time delay attacks pose the highest threat to the protocol, enabling attackers to diverge targeted clocks undetected. Current solutions cannot sufficiently mitigate sophisticated delay attacks creating an urgent demand for effective countermeasures. This work proposes an approach to detect and counteract time delay attacks against PTP based on cyclic path asymmetry analysis via redundant paths. We provide a method to find redundant paths in arbitrary networks and exploit this redundancy to reveal undesirable asymmetries on the synchronization path. Furthermore, we present PTPsec, a secure PTP protocol implementation based on the latest IEEE 1588 standard. By integrating our solution into the existing protocol, we improve PTP to support reliable attack detection and mitigation. We validate our approach on a hardware testbed, which includes an attacker capable of performing static and incremental delay attacks at a microsecond precision. Our experimental results show that both attack scenarios can be reliably detected with effectively zero response time.

Counting distinct elements (also named flow cardinality) of large data streams in the network are of primary importance since it can be used for many practical monitoring applications, including DDoS attack and malware spread detection. However, modern intrusion detection systems are struggling to reduce both memory and computational overhead for such measurements. Many algorithms are designed to estimate flow cardinality, in which HyperLogLog has been proved the most efficient due to its high accuracy and low memory usage. While HyperLogLog provides good performance on flow cardinality estimation, it has inherent algorithmic vulnerabilities that lead to both security and robustness issues. To overcome these issues, we first investigate two possible threats in HyperLogLog, and propose corresponding detection and protection solutions. Leveraging proposed solutions, we introduce CARBINE, an approach that aims at identifying and eliminating the threats that most probably mislead the output of HyperLogLog. We implement our CARBINE to evaluate the threat detection performance, especially in case of a practical network scenario under volumetric DDoS attack. The results show that our CARBINE can effectively detect different kinds of threats while performing even higher accuracy and update speed than original HyperLogLog.

Mix networks, or mixnets, are one of the fundamental building blocks of anonymity systems. To defend against epistemic attacks, existing free-route mixnet designs require all clients to maintain a consistent, up-to-date view of the entire key directory. This, however, inevitably raises the performance concern under system scale-out: in a larger mixnet, a client will consume more bandwidth for updating keys in the background.

This paper presents Periscoping, a key distribution protocol for mixnets at scale. Periscoping relaxes the download-all requirement for clients. Instead, it allows a client to selectively download a constant number of entries of the key directory, while guaranteeing the privacy of selections. Periscoping achieves this goal via a novel Private Information Retrieval scheme, constructed based on constrained Pseudorandom Functions. Moreover, the protocol is integrated seamlessly into the mixnet operations, readily applicable to existing mixnet systems as an extension at a minimal cost. Our experiments show that, with millions of mixes, it can reduce the traffic load of a mixnet by orders of magnitude, at a minor computational and bandwidth overhead.

Machine learning has been adopted for efficient cooperative spectrum sensing. However, it incurs an additional security risk due to attacks leveraging adversarial machine learning to create malicious spectrum sensing values to deceive the fusion center, called adversarial spectrum attacks. In this paper, we propose an efficient framework for detecting adversarial spectrum attacks. Our design leverages the concept of the distance to the decision boundary (DDB) observed at the fusion center and compares the training and testing DDB distributions to identify adversarial spectrum attacks. We create a computationally efficient way to compute the DDB for machine learning based spectrum sensing systems. Experimental results based on realistic spectrum data show that our method, under typical settings, achieves a high detection rate of up to 99% and maintains a low false alarm rate of less than 1%. In addition, our method to compute the DDB based on spectrum data achieves 54%--64% improvements in computational efficiency over existing distance calculation methods. The proposed DDB-based detection framework offers a practical and efficient solution for identifying malicious sensing values created by adversarial spectrum attacks.

Recent works demonstrated that we can eavesdrop on audio by using radio frequency (RF) signals or videos to capture the physical surface vibrations of surrounding objects. They fall short when it comes to intercepting internally transmitted audio through wires. In this work, we first address this gap by proposing a new eavesdropping system, RF-Parrot, that can wirelessly capture the audio signal transmitted in earphone wires. Our system involves embedding a tiny field-effect transistor in the wire to create a battery-free retroreflector, with its reflective efficiency tied to the audio signal's amplitude. To capture full details of the analog audio signals, we engineered a novel retroreflector using a depletion-mode MOSFET, which can be activated by any voltage of the audio signals, ensuring no information loss. We also developed a theoretical model to demystify the nonlinear transmission of the retroreflector, identifying it as a convolution operation on the audio spectrum. Subsequently, we have designed a novel convolutional neural network-based model to accurately reconstruct the original audio. Our extensive experimental results demonstrate that the reconstructed audio bears a strong resemblance to the original audio, achieving an impressive 95% accuracy in speech command recognition.

Bluetooth Low Energy (BLE) is a prevalent technology in various applications due to its low power consumption and wide device compatibility. Despite its numerous advantages, the encryption methods of BLE often expose devices to potential attacks. To fortify security, we investigate the application of Physical-layer Key Generation (PKG), a promising technology that enables devices to generate a shared secret key from their shared physical environment. We propose a distinctive approach that capitalizes on the inherent characteristics of BLE to facilitate efficient PKG. We harness the constant tone extension within BLE protocols to extract comprehensive physical layer information and introduce an innovative method that employs Legendre polynomial quantization for PKG. This method facilitates the exchange of secret keys with a high key matching rate and a high key generation rate. The efficacy of our approach is validated through extensive experiments on a software-defined radio platform, underscoring its potential to enhance security in the rapidly expanding field of BLE applications.