Like all beautiful things, the International Summer School on Smart & Mobile Device Security and Privacy is also approaching to its end.
For the last two days of lectures, the floor was given directly to the attending students. During this Ph.D. Forum, promisingly nicknamed “The Grill”, everybody was given the chance of presenting their own research work by giving a ten minutes presentation and exposing themselves to the comments and (thorough and well-meant) critique. Most of the students have been talking about issues related with mobile security, addressed at different levels: starting from hardware, malicious software detection (through static or dynamic means), using machine learning techniques to detect malicious activity, to the analysis of permissions in order to detect possible attacks.
To conclude with the lecturers, prof. Prakash from University of Michigan gave us a general overview of the Android security model, showing us the most known attacking strategies, such as exploiting communication channels established by applications, or using side channels. He concluded by depicting some of the most used defence strategies.
On Friday, prof. Poovendran from University of Washington moved to a slightly different topic, talking about control-theoretic modelling and mitigation of cyberattacks. He showed us some techniques to detect compromised nodes in networks, meaning some nodes are physically captured by an adversary that wants to inject false messages in the network, thus compromising the good behaviour of the system. In order to defend the network from such attacks, different possibilities exist, based on so called “witnesses”: periodically all nodes of a network send broadcast messages containing their ID and location and their neighbours act as witnesses, understanding if the sender is a cloned node or a safe one.
Finally, the works have been concluded by prof. Prakash, giving us a very interesting talk about a new solution to avoid app phishing attacks on smartphones, called TIVO “Trusted Visual I7O Paths for Android”. When enabled, TIVO allows users to associate a secret image to each installed application. Then, each time the application is running and displays a keyboard (possibly to input sensitive data, like username and password), TIVO displays the application’s icon, the application’s name and, if set, the secret image picked by the user itself. This should make it much harder for malicious apps to intercept login screens and do phishing attacks.
The participant of the summer school at Palazzo Bo, in Padua.
And that’s all from Padua and from SMDSP, folks! A special thank goes out to the University of Padua, to the organizers and lecturers of this very interesting Summer School and of course to all the participating students for making this a really nice week.
See you next year in Padua!
Silvia Malatini & Lorenz Cuno Klopfenstein