More Like this

1. Demo: Combating Caller ID Spoofing on 4G Phones Via CEIVE

   https://doi.org/10.1145/3241539.3267725  

   Deng, Haotian; Peng, Chunyi (January 2018, Proceedings of the 24th Annual International Conference on Mobile Computing and Networking)

   We present the demonstration of CEIVE (Callee-only inference and verification), an effective and practical defense against caller ID spoofing. CEIVE is a victim callee only solution without requiring additional infrastructure support or changes on telephony systems; It is ready to deploy and easy to use. Given an incoming call, CEIVE leverages a callback session and its associated call signaling observed at the phone to infer the call state of the other party. It further compares with the anticipated call state of the incoming call, thus quickly verifying whether the incoming call comes from the originating number or not. In this demo, we demonstrate CEIVE installed on Android phones combating both basic and advanced caller ID spoofing attacks. 

   more » « less
2. Nascent: Tackling Caller-ID Spoofing in 4G Networks via Efficient Network-Assisted Validation

   https://doi.org/10.1109/INFOCOM.2019.8737567  

   Sheoran, Amit; Fahmy, Sonia; Peng, Chunyi; Modi, Navin (April 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications)

   Caller-ID spoofing deceives the callee into believing a call is originating from another user. Spoofing has been strategically used in the now-pervasive telephone fraud, causing substantial monetary loss and sensitive data leakage. Unfortunately, caller-ID spoofing is feasible even when user authentication is in place. State-of-the-art solutions either exhibit high overhead or require extensive upgrades, and thus are unlikely to be deployed in the near future. In this paper, we seek an effective and efficient solution for 4G (and conceptually 5G) carrier networks to detect (and block) caller-ID spoofing. Specifically, we propose Nascent, Network-assisted caller ID authentication, to validate the caller-ID used during call setup which may not match the previously-authenticated ID. Nascent functionality is split between data-plane gateways and call control session functions. By leveraging existing communication interfaces between the two and authentication data already available at the gateways, Nascent only requires small, standard-compatible patches to the existing 4G infrastructure. We prototype and experimentally evaluate three variants of Nascent in traditional and Network Functions Virtualization (NFV) deployments. We demonstrate that Nascent significantly reduces overhead compared to the state-of-the-art, without sacrificing effectiveness. 

   more » « less
3. UCBlocker: Unwanted Call Blocking Using Anonymous Authentication

   Du, Changlai; Yu, Hexuan; Xiao, Yang; Hou, Y. Thomas; Keromytis, Angelos D.; Lou, Wenjing (August 2023, 32nd USENIX Security Symposium (USENIX Security 23))

   Telephone users are receiving more and more unwanted calls including spam and scam calls because of the transfer-without-verification nature of global telephone networks, which allows anyone to call any other numbers. To avoid unwanted calls, telephone users often ignore or block all incoming calls from unknown numbers, resulting in the missing of legitimate calls from new callers. This paper takes an end-to-end perspective to present a solution to block unwanted calls while allowing users to define the policies of acceptable calls. The proposed solution involves a new infrastructure based on anonymous credentials, which enables anonymous caller authentication and policy definition. Our design decouples caller authentication and call session initiation and introduces a verification code to interface and bind the two processes. This design minimizes changes to telephone networks, reduces latency to call initiation, and eliminates the need for a call-time data channel. A prototype of the system is implemented to evaluate its feasibility. 

   more » « less
4. Drift with Devil: Security of Multi-Sensor Fusion based Localization in High-Level Autonomous Driving under GPS Spoofing

   Shen, Junjie; Won, Jun Yeon; Chen, Zeyuan; Chen, Qi Alfred (January 2020, Usenix Security Symposium)

   null (Ed.)

   For high-level Autonomous Vehicles (AV), localization is highly security and safety critical. One direct threat to it is GPS spoofing, but fortunately, AV systems today predominantly use Multi-Sensor Fusion (MSF) algorithms that are generally believed to have the potential to practically defeat GPS spoofing. However, no prior work has studied whether today’s MSF algorithms are indeed sufficiently secure under GPS spoofing, especially in AV settings. In this work, we perform the first study to fill this critical gap. As the first study, we focus on a production-grade MSF with both design and implementation level representativeness, and identify two AV-specific attack goals, off-road and wrong-way attacks. To systematically understand the security property, we first analyze the upper-bound attack effectiveness, and discover a take-over effect that can fundamentally defeat the MSF design principle. We perform a cause analysis and find that such vulnerability only appears dynamically and non-deterministically. Leveraging this insight, we design FusionRipper, a novel and general attack that opportunistically captures and exploits take-over vulnerabilities. We evaluate it on 6 real-world sensor traces, and find that FusionRipper can achieve at least 97% and 91.3% success rates in all traces for off-road and wrongway attacks respectively. We also find that it is highly robust to practical factors such as spoofing inaccuracies. To improve the practicality, we further design an offline method that can effectively identify attack parameters with over 80% average success rates for both attack goals, with the cost of at most half a day. We also discuss promising defense directions. 

   more » « less
5. Optimal Attack and Defense for Reinforcement Learning

   https://doi.org/10.1609/aaai.v38i13.29346  

   McMahan, Jeremy; Wu, Young; Zhu, Xiaojin; Xie, Qiaomin (March 2024, Proceedings of the AAAI Conference on Artificial Intelligence)

   To ensure the usefulness of Reinforcement Learning (RL) in real systems, it is crucial to ensure they are robust to noise and adversarial attacks. In adversarial RL, an external attacker has the power to manipulate the victim agent's interaction with the environment. We study the full class of online manipulation attacks, which include (i) state attacks, (ii) observation attacks (which are a generalization of perceived-state attacks), (iii) action attacks, and (iv) reward attacks. We show the attacker's problem of designing a stealthy attack that maximizes its own expected reward, which often corresponds to minimizing the victim's value, is captured by a Markov Decision Process (MDP) that we call a meta-MDP since it is not the true environment but a higher level environment induced by the attacked interaction. We show that the attacker can derive optimal attacks by planning in polynomial time or learning with polynomial sample complexity using standard RL techniques. We argue that the optimal defense policy for the victim can be computed as the solution to a stochastic Stackelberg game, which can be further simplified into a partially-observable turn-based stochastic game (POTBSG). Neither the attacker nor the victim would benefit from deviating from their respective optimal policies, thus such solutions are truly robust. Although the defense problem is NP-hard, we show that optimal Markovian defenses can be computed (learned) in polynomial time (sample complexity) in many scenarios. 

   more » « less