ESORICS 2019
The 24th edition of The European Symposium on Research in Computer Security 2019 was held in Luxembourg in September 2019.
It was my first conference abroad as a Ph.D. student. Just in a week, I had an opportunity to meet many amazing and inspiring people from all over the world. The program was full of excellent talks, and I left the beautiful city full of excitement and inspiration. I was taking my notes whenever I could, but the result is about 25 pages long. So I decided to pick my top favorite presentations. The full papers are available online: part 1 and part 2.
The insecurity of Machine Learning: Problems and Solutions
The first keynote of the ESORICS conference was hosted by Professor Adi Shamir. He presented a very interesting problem in machine learning, also mentioned in my previous post. Imagine the deep neural network (DNN) that is trained to recognize the probable class of an image.
The potential output can be that in the picture, there is a tabby cat with the possibility of 88%. This level of certainty is a satisfying result, and in this case, a correct one, as it is shown in the second picture below. Now let’s say we change the image a little. So little that a human eye can not detect the difference. For example, 2% of pixels or even less. The DNN will “improve” its guess on this picture, now with 99% of certainty.
The cat is not a feline anymore. According to the AI, it is guacamole.
The DNNs are well known for their fairly good capability to learn a large range of tasks. But the very important fact that the algorithm inside them is not transparent makes them black boxes. Even in this case, we do not know why the DNNs are so sensitive to pixel changes. There is no silver bullet as the solution, either. We just know that it can be a serious problem in the future. For example, misinterpretation of the traffic sign by the car can have tragic consequences.
Electronic Voting: A Journey to Verifiability and Vote Privacy
Personal privacy in the online world was the next big topic on the ESORICS. One of the aspects of it was presented in another great keynote by Doctor Véronique Cortier. The electronic voting system has several advantages. It can provide more anonymity in the voting process (hiding the real numbers of votes). Voters can vote from everywhere with just access to the Internet or a voting machine. And in the ideal case, the voter can check her vote was counted without the option to prove how she voted. These, however, apply only when correctly implemented. The use of the weak keys can be problematic, how it was shown in Russia, for example.
But even with the maximum effort put in the system, can we be possibly sure it is truly safe to use? To add to the pile of possible problems, even the voting system is truly safe, attackers can focus on hacking the computer of voters rather than the voting system directly. And electronic voting should be trusted by voters, which is a challenging task by itself.
NetSpectre: Read Arbitrary Memory over Network
Michael Schwarz presented the work of his team from the Graz University of Technology, and Red Hat. Namely Martin Schwarzl, Moritz Lipp, Joh Masters, and Daniel Gruss. In this talk, Schwarz introduced the way how to modify the Spectre attacks for a remote system with no need for physical access nor code execution. They discovered the way how to mistrain a conditional branch with bounds check, like in the Spectre-PHT (aka Spectre Variant 1). This version is using the fact that during optimization, CPU with Pattern History Table (PHT) can speculate if the conditional reading will happen for caching memory in prior. When attackers ask repeatedly valid values within the bounds, the PHT will predict the next values will be also valid. That can lead to revealing data that would be otherwise not cached.
NetSpectre can exploits branches, even with limitations of the remote system — without code injections, accessing data only through public interface via network requests. Schwarz presented the way how we can expose that some values are cached or not by measuring the network roundtrip time. The variable is always cached after measurement, but this can be evicted via file download. In the paper is shown that downloading a 590 kilobytes files send from the victim to the attacker will evict variable with a probability greater or equal to 99%.
This attack can be used on web servers, FTP servers, and SSH daemons. Schwarz also presented the use of AVX units for 256-bit instructions and address-space layout randomization security (ASLR) mechanism for NetSpectre attacks. NetSpectre indeed requires a fast and stable network connection, but it can be improved, as well as the speed of the Internet. These can lead to much bigger threats in the future.
The full paper with more details can be found here. The slides are also available online. I would recommend following Michael Schwarz and his work as well. He was one of the discoverers behind the Meltdown exploits, and this month he successfully defended his Ph.D. thesis.
A Security Analysis of the Danish Deposit Return System
In Denmark, there is a return system for glasses and cans. The customers are paying extra fees when shopping for the products in these materials. When they return the empty container, the fee is refunded to them, usually in the form of a paper voucher. Ivan Garbacz, Rosario Giustolisi, Kasper Møller Nielsen, and Carsten Schuermann from the IT University of Copenhagen decided to test the security of the system. They focused on Danish supermarket chains Kvickly, Coop, and Netto.
They found out that Kvickly’s and Coop’s vouchers have a predictable barcode. Any two vouchers with the same return value have the same barcode, and the value is encoded inside of it. This means the vouchers cannot be sent to the store’s local computer to verify it is not a fake voucher. All you need to create a voucher with any value is a thermal printer. On the other hand, Netto is using vouchers with unique barcodes base on an internal counter, and it validates the return receives via cloud storage. But even this system is not completely secure, because of the assumption the attackers do not know the internal counter.
Changes can be made, and the authors made an effort to inform involved parties, but the willingness to take responsibility is low.
The full paper with more details can be found here.
Social events
I cannot write about ESORICS and not to mention the social events accompanying the main program of the conference. I was lucky to attend all of them, and I really enjoy them. I met and talk with so many people during the events, and it was an overall lively time.
My favorite event was a guided visit of the city. We were accompanied by an architect, very knowledgeable about the history of the city and the country as a whole. My homeland shares a lot of history with Luxembourg, and it was interesting to hear stories about Bohemian kings that were counts of Luxembourg as well.
We could also taste amazing wine and Crémants (a sparkling wine) in The Caves St. Martin and visit their wine cellars. We learned more about a delicate process of making Crémants, so popular drink of Luxembourg people that make me respect this delicious drink even more.
Note: I would like to thank the Department of Information Systems at the Faculty of Information Technology, the Brno University of Technology for providing financial support that allowed me to visit this great conference.
VGhhbmtzIGZvciByZWFkaW5nLCBhbmQgc2VlIHlvdSBsYXRlciE=
