Skip to Content

Research Proposal

Add your abstract and contact information and we will be in touch

Thanks We will be in touch soon

Contact us

Leave a massage and we’ll get back to you

You can also reach us at:

Cyber Security Research Center @ Ben-Gurion University of the Negev
P.O.B. 653
Beer Sheva, 84105,
Israel

+972 8 6428005
+972 8 6428121
cyber-labs bgu.ac.il

Cyber Security Research Center Seminar, Semester B

 1.5.18

Prof. Ehud Gudes

(Dept. of Computer Science)

Security and Privacy Aspects of Social Networks

The talk will take place on Tuesdays at 11:00-12:00

 in building 37, Room 201 , Ben-Gurion University of the Negev.

MOSQUITO Attack Allows Air-Gapped Computers to Covertly Exchange Data

The team of security researchers—who last month demonstrated how attackers could steal data from air-gapped computers protected inside a Faraday cage—are back with its new research showing how two (or more) air-gapped PCs placed in the same room can covertly exchange data via ultrasonic waves. Air-gapped computers are believed to be the most secure setup wherein the systems remain isolated from the Internet and local networks, requiring physical access to access data via a USB flash drive or other removable media. Dubbed MOSQUITO, the new technique, discovered by a team of researchers at Israel’s Ben Gurion University, works by r...

Read More ...

Police Issue Warning After Cameras At Women’s Apparel Shop Hacked

‘Assume every camera on a network can be hacked,’ cautioned the police cybercrimes unit. Aviral Peeping Tom who hacked into th...

Read More ...

How dangerous are IOT devices? | Yuval Elovici | TEDxBGU

Prof. Elovici is Head of the Cyber Security Research Center at Ben Gurion University Think of your typical day: you wake up, do yo...

Read More ...

Researchers find 29 types of USB attacks, recommend never plugging into a USB you don’t own

If you ever find a lost charger, don’t use it. If you need power and are tempted to plug into a public USB port, don’t...

Read More ...

New research: Most IoT devices can be hacked into botnets

A team of Israeli researchers have discovered that the average IoT devices you buy on store shelves can be compromised within 30 m...

Read More ...

Israel Developing Cutting Edge Artificial Intelligence Crime-fighting Tools

“Today, we are on the threshold of the next big breakthrough: analyzing big data to discover hidden patterns to predict and prev...

Read More ...

Mind The Gap: This Researcher Steals Data With Noise, Light, And Magnets

THE FIELD OF cybersecurity is obsessed with preventing and detecting breaches, finding every possible strategy to keep hackers fr...

Read More ...

Cyber@BGU Presenting at World Economic Forum Annual Meeting

Enhancing offensive capacity by creating attack toolboxes | Yuval Elovici  AI helps to defend against cyber attacks – but can also be used by attackers, to identify targets and create cheaper, more scalable attacks. Yuval Elovici, a Professor at the Department of Information Systems Engineering at Ben-Gurion University of the Negev, discusses the possibilities and their implications.     Reinforcing defences against intelligent aggression | Bracha Shapira  Traditional security systems can no longer cope with the increasing sophistication of cyber attacks – it has become a big-data problem that requires artificial intelligence....

Read More ...

Desktop Scanners Can Be Hijacked to Perpetrate Cyberattacks, According to BGU and Weizmann Institute Researchers

A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a n...

Read More ...

Cameras can Steal Data from Computer Hard Drive LED Lights

Researchers at BGU’s Cyber Security Research Center have demonstrated that data can be stolen from an isolated “air-gapped” computer’s hard drive reading the pulses of light on the LED drive using various types of cameras and light sensors. In the new paper, the researchers demonstrated how data can be received by a Quadcopter drone flight, even outside a window with line-of-sight of the transmitting computer. Click here to watch a video of the demonstration. Air-gapped computers are isolated — separated both logically and physically from public networks — ostensibly so that they cannot be hacked over th...

Read More ...

The team of security researchers—who last month demonstrated how attackers could steal data from air-gapped computers protected inside a Faraday cage—are back with its new research showing how two (or more) air-gapped PCs placed in the same room can covertly exchange data via ultrasonic waves.

Air-gapped computers are believed to be the most secure setup wherein the systems remain isolated from the Internet and local networks, requiring physical access to access data via a USB flash drive or other removable media.

Dubbed MOSQUITO, the new technique, discovered by a team of researchers at Israel’s Ben Gurion University, works by reversing connected speakers (passive speakers, headphones, or earphones) into microphones by exploiting a specific audio chip feature.

Two years ago, the same team of researchers demonstrated how attackers could covertly listen to private conversations in your room just by reversing your headphones (connected to the infected computer) into a microphone, like a bug listening device, using malware.Now, with its latest research [PDF], the team has taken their work to the next level and found a way to convert some speakers/headphones/earphones that are not originally designed to perform as microphones into a listening device—when the standard microphone is not present, muted, taped, or turned off.

Since some speakers/headphones/earphones respond well to the near-ultrasonic range (18kHz to 24kHz), researchers found that such hardware can be reversed to perform as microphones.

Moreover, when it comes to a secret communication, it’s obvious that two computers can’t exchange data via audible sounds using speakers and headphones. So, inaudible ultrasonic waves offer the best acoustic covert channel for speaker-to-speaker communication.

Video Demonstrations of MOSQUITO Attack


Ben Gurion’s Cybersecurity Research Center, directed by 38-year-old Mordechai Guri, used ultrasonic transmissions to make two air-gapped computers talk to each other despite the high degree of isolation.

The attack scenarios demonstrated by researchers in the proof-of-concept videos involve two air-gap computers in the same room, which are somehow (using removable media) infected with malware but can not exchange data between them to accomplish attacker’s mission.

The attack scenarios include speaker-to-speaker communication, speaker-to-headphones communication, and headphones-to-headphones communication.

“Our results show that the speaker-to-speaker communication can be used to covertly transmit data between two air-gapped computers positioned a maximum of nine meters away from one another,” the researchers say.

“Moreover, we show that two (microphone-less) headphones can exchange data from a distance of three meters apart.”

However, by using loudspeakers, researchers found that data can be exchanged over an air-gap computer from a distance of eight meters away with an effective bit rate of 10 to 166 bit per second.

It’s not the first time when Ben-Gurion researchers have come up with a covert technique to target air-gapped computers. Their previous research of hacking air-gap computers include:

  • aIR-Jumper attack steals sensitive data from air-gapped PCs with the help of infrared-equipped CCTV cameras that are used for night vision.
  • USBee can be used to steal data from air-gapped computers using radio frequency transmissions from USB connectors.
  • DiskFiltration can steal data using sound signals emitted from the hard disk drive (HDD) of air-gapped computers.
  • BitWhisper relies on heat exchange between two computers to stealthily siphon passwords and security keys.
  • AirHopper turns a computer’s video card into an FM transmitter to capture keystrokes.
  • Fansmitter technique uses noise emitted by a computer fan to transmit data.
  • GSMem attack relies on cellular frequencies.

Source: The Hacker News

‘Assume every camera on a network can be hacked,’ cautioned the police cybercrimes unit.

Aviral Peeping Tom who hacked into the closed-circuit TV surveillance camera at a women’s bathing suit shop has led to a warning from the Israel Police Cybercrimes Unit that similar systems may be compromised and violate the privacy of unsuspecting persons.

According to police, an unidentified 41-year-old man was arrested on Wednesday after he allegedly used his computer to hack into the CCTV system at a high-end boutique in northern Tel Aviv and recorded customers as they undressed and tried on bathing suits.

While details of the incident remain unclear due to a gag order, police said the suspect subsequently posted the videos to a social media page.

“When the footage became public earlier this week, the national Cybercrimes Unit opened an investigation and arrested the suspect on Wednesday,” said police spokesman Micky Rosenfeld, adding that a Tel Aviv Magistrate’s Court judge ordered the suspect be remanded through Sunday.

Following the hacking, the Cybercrimes Unit recommended a number of preventive measures that should be taken by the public and by store owners to protect their privacy in similar situations.

“Take into account and assume that every camera that is on a network system can be hacked,” the unit warned in a statement. “Therefore, clothing store owners should ensure no cameras are placed in changing rooms or other sensitive locations.”

Additionally, the unit recommended that those who implement CCTV systems use complex passwords for accessing surveillance footage to make it difficult to hack into such video, and not connect the network systems used by the cameras to a public computer.

According to cyber-researchers at Ben-Gurion University of the Negev in Beersheba, security cameras infected with malicious software can use infrared light to receive covert signals and leak sensitive information.

The technique, called “aIR-Jumper,” also enables the creation of bidirectional covert optical communication between air-gapped internal networks that are isolated and disconnected from the Internet without remote access to the organization.

 

Source: The Jerusalem Post

Prof. Elovici is Head of the Cyber Security Research Center at Ben Gurion University Think of your typical day: you wake up, do your morning routine, open the fridge, maybe turn on the heat, boiler for the shower? Get in the car and drive to work. We hear the term Internet of Things get thrown around a lot and it seems as a society we are developing some sort of phobia from ‘smart’ devices.

On the TEDxBGU stage Prof. Elovici will take us through a typical day just a few years from now and make us realize the power of connectivity, for good or – for bad. This talk was given at a TEDx event using the TED conference format but independently organized by a local community.

Source: TEDx Talks YouTube

If you ever find a lost charger, don’t use it. If you need power and are tempted to plug into a public USB port, don’t do it.

It’s long been known that you should never insert an unknown USB drive to your computer because it could be loaded with malware. However, new research from Ben-Gurion University has exposed 29 types of USB attacks, and extends to your smartphone. It shows that you should never use a USB charger you find lying around or plug into a public USB port. Both can be compromised by attackers, as we talked about with one of the researchers on the project, Ran Yahalom.

Yahalom is the co-author of a journal article on the research with Dr. Nir Nissim, head of the Malware Lab of the Cyber Security Research Center at Ben-Gurion University, and Yuval Elovici, head of BGU’s Cyber Security Research Center (CSRC).

Yahalom said, “There are many non-trivial USB-based attacks. Some are carried out by the host, the computer connecting the USB peripheral. The most common ones are infected, or malicious. Once connected, they have access and take control of your computer.

“Microcontrollers are another attacks category. Microcontrollers can impersonate a USB peripheral. For example, you can program a teensy microcontroller or an Arduino [board] to act like a keyboard or a mouse. Once you program a keyboard and connect, it actually starts injecting key presses. It’s actually like having someone working on your computer.”

Yahalom added, “A more complicated category to implement doesn’t require any implantation. Someone can use an off-the-shelf product to find a way to reprogram firmware, update firmware, a legitimate process, supported by our protocol. It does bidding.

“A client bought the product benign but once reprogrammed by firmware update, it’s malicious and it’s owned and operated by someone else who has control.

“We surveyed 29 attacks, updated last year. New methods of likely developed and published attacks increase that number. The microcontroller, a reprogrammable microcontroller used to impersonate peripherals as well as an actually the firmware update. Academic circles call this ‘bad USB.’ It’s a family of attacks based on reprogramming the firmware.”

He continued, “The other are electrical attacks. In 2015, showed how to generate or build an electrical component enclosed in a flash drive casing. It looks like a flash drive, but it’s not a flash drive, it conducts a power surge attack once connected, and, fry the entire computer. New developments in this area of attack are also likely.

“If you go into a coffee shop and use charger there, or an airport or a train station, any charger that is not your own, you don’t know what that piece of hardware really does,” Yahalom stresses. “It may not be a charger, but a microcontroller hidden inside a charger casing. It could be something else. You don’t know. Once put into your phone, anything could happen.

I demonstrated how to connect a keyboard to a phone. But it doesn’t look like a keyboard, it looks like a charger, but it’s actually a microcontroller I reprogrammed. I programmed it to act as a keyboard, so it impersonates a keyboard and it looks like a charger. It’s connected to the socket, but without an electrical part of that charger, it’s just a microcontroller. I showed how to connect it to and lock the phone, a sort of ‘ransomware.'”

And Yahalom means “ransom” as in, “‘If you want the pin number, then to pay me,’ which can really happen. There are other types of attacks, where someone reprograms your phone and you wouldn’t even know. You’re carrying spyware, without knowledge of it, just because you injected something you weren’t aware of.

“The general rule of thumb is: treat technology as something you don’t naturally trust. As users, we have a tendency to trust technology, to trust peripherals, i.e., you trust your flash drive, you trust your keyboard, but you trust it because you’re not aware. Treat it as a syringe: You wouldn’t find a syringe in the parking lot, pick it up, and inject it to yourself. Because you’re aware you could be infected. You have no knowledge of what could happen, but are afraid because it could be dangerous. This is exactly the same thing.”

“Now that we’re moving from the cyber world to the physical world, it becomes increasingly clearer and we must get the word out,” he said.

“Bring your own charger.

“Use your own hardware.

“Don’t trust Wi-Fi networks.

“Educate yourself about different levels of security. For example, 3G is commonly believed to be more secure than Wi-Fi, since Wi-Fi’s easier to hack.”

In conclusion, Yahalom said, “These are important rules that will keep you safe. Anything like that, that you can do. Again, you don’t stop using technology because, obviously, that’s not the idea. Until manufacturers secure hardware and regulators enforce laws to keep us safe, we need to be extra aware and follow the simple rules.

Just be careful. Don’t trust anything.”

 

Source: TechRepublic

A team of Israeli researchers have discovered that the average IoT devices you buy on store shelves can be compromised within 30 minutes and added to a botnet.

As Internet of Things devices multiply exponentially, it looks like security still isn’t improving. A team of Ben-Gurion University researchers recently went out and bought a bunch of off-the-shelf devices to see how easily they could compromise them—and then use that information to attack other devices like them over the internet. In an interview with TechRepublic, BGU senior lecturer Yossi Oren explained what they found.

You can watch the video interview above or read the transcript below.

Oren said, “So together with my team, we tried to find out how difficult it is to buy an IoT camera and get into its secrets—find out passwords, connections, all sorts of information. What we discovered is that you need about 30 minutes after you unbox the camera, until you can find its default password, and also the services it’s running. And then use this information to add this camera and all the cameras of the same make and model into a botnet, which you control. And it’s very, very concerning.”

“We investigated 16 different devices—baby monitors, doorbells, cameras, temperature sensors, [etc.] And out of these 16 devices, we were able to find the password for 14 of them. So, that’s a good percentage. What we did is we took these cameras apart in our lab and we looked for what is called a debug port. This is a connector, which developers and engineers use when they are building this camera to make sure it’s built properly. And because it’s very expensive to print out a new circuit board once you’re finished developing, all of these cameras actually had these debug ports still in the hardware. Once you connect to there, you have backstage access to the camera. Sometimes, there is a password you need to crack, so we had to do that.”

Oren said, “One device is the later generation version of a very popular thermostat, [It] actually didn’t have this diagnostic port because it’s a very well-selling device. They actually had the engineering time to create a new version without this port and another two devices had a port, but [were] protected by passwords which were unable to crack in one hour. It could be that if we would spend a week on it, we would be able to crack it.

“Right now, devices you are buying today are very, very easy to attack and the problem is that once you attack it once, all of these devices can be attacked remotely. So you only need to do this one time—this process of taking them apart. And one problem, a big problem, with IoT devices when you compare them to computers and phones is that these devices are mostly going to be installed in some corner, in some alley, in some doorway, and not touched for 10 or 20 years. Think of street lights or traffic lights. And this means that you might be still using these devices after their manufacturer has gone out of business and nobody will ever issue firmware updates. You compare this to phones, where you find a vulnerability and the next week later, your phone restarts and voila, it’s patched. So, these devices are going to be here to stay and this means that probably consumers or network providers or something are going to be responsible for keeping these devices secure. This is very concerning based on what consumers have been able to demonstrate so far.”

Oren concluded, “You only need physical access once. Once you buy one copy of a make and model of a camera and you attack it in your lab, you get information which will allow you to attack this make and model anywhere remotely. So out of the devices we surveyed, nine of them were able to be accessed over the network. The access was protected by a password, this password we discovered using our methods. So once you get this password, anywhere in the world, you can access [the device].”

Ben-Gurion University graduate student and researcher Yael Mathov speaks about how easily she and her teammates were able to compromise off-the-shelf IoT devices.
Image: Jason Hiner/TechRepublic

 

Source: TechRepublic

“Today, we are on the threshold of the next big breakthrough: analyzing big data to discover hidden patterns to predict and prevent crime.”

Ben-Gurion University of the Negev and the Israel Police aim to develop advanced cyber, big-data and artificial intelligence tools that may eventually be able to predict and prevent crime.
In a joint initiative with the police, the university launched the Center for Computational Criminology this week at BGU’s Advanced Technologies Park in the presence of Police Commissioner Insp.-Gen. Roni Alsheikh and BGU president Prof. Rivka Carmi.

“The last, most significant scientific breakthrough to change law enforcement was DNA testing,” said Prof. Lior Rokach, head of the new center, chairman of the Department of Software and Information Systems Engineering, and a leading expert on artificial intelligence.

“Today, we are on the threshold of the next big breakthrough: analyzing big data to discover hidden patterns to predict and prevent crime,” he said. “The AI revolution of the past few years will prove to be even more significant than DNA testing for law enforcement, providing them with unprecedented investigative tools and new sources of evidence.”

According to the university, cybercrime has risen precipitously in recent years as criminals and even rogue governments have capitalized on the anonymity of cyberspace to cloak their activities while reaping sizable profits.

Additionally, the use of social media-based evidence has also been on the uptick in recent years as more and more information is shared online.

As part of the initiative, BGU researchers will work side by side with the Israel Police’s cyber investigators to develop new artificial-intelligence and machine-learning tools for law enforcement.

Alsheikh said that the police’s Cyber Unit, which was created to lead the national effort to combat cybercrime, would collaborate with the university’s cybersecurity experts to improve police enforcement and prevention capabilities.

“The cooperation will enable the police to bring technology to bear more effectively in enforcing the law and fighting crime – whether [committed by] cybercriminals or traditional criminals – by turning a threat into an opportunity,” Alsheikh said.

Ben-Gurion has in recent years become a recognized international leader in cybersecurity and big data research with a national initiative to promote Beersheba as the “Cyber Capital of Israel.”

The Center joins Cyber@BGU (CBG), a shared research platform for the most innovative and technologically challenging cyber-related projects run in collaboration with multi-national companies and government organizations.

Among others, the CBG includes the Cyber Security Research Center, a joint initiative with the Israel National Cyber Bureau and Telekom Innovation Laboratories, in partnership with Deutsche Telekom.

Carmi said that “putting that expertise to work for the State of Israel is a privilege,” which comes on the heels of the government’s decision to place the national Computer Emergency Response Team at the Advanced Technologies Park.

 

Source: The Jerusalem Post

THE FIELD OF cybersecurity is obsessed with preventing and detecting breaches, finding every possible strategy to keep hackers from infiltrating your digital inner sanctum. But Mordechai Guri has spent the last four years fixated instead on exfiltration: How spies pull information out once they’ve gotten in. Specifically, he focuses on stealing secrets sensitive enough to be stored on an air-gapped computer, one that’s disconnected from all networks and sometimes even shielded from radio waves. Which makes Guri something like an information escape artist.

More, perhaps, than any single researcher outside of a three-letter agency, Guri has uniquely fixated his career on defeating air gaps by using so-called “covert channels,” stealthy methods of transmitting data in ways that most security models don’t account for. As the director of the Cybersecurity Research Center at Israel’s Ben Gurion University, 38-year-old Guri’s team has invented one devious hack after another that takes advantage of the accidental and little-noticed emissions of a computer’s components—everything from light to sound to heat.

Guri and his fellow Ben-Gurion researchers have shown, for instance, that it’s possible to trick a fully offline computer into leaking data to another nearby device via the noise its internal fan generates, by changing air temperatures in patterns that the receiving computer can detect with thermal sensors, or even by blinking out a stream of information from a computer hard drive LED to the camera on a quadcopter drone hovering outside a nearby window. In new research published today, the Ben-Gurion team has even shown that they can pull data off a computer protected by not only an air gap, but also a Faraday cage designed to block all radio signals.

An Exfiltration Game

“Everyone was talking about breaking the air gap to get in, but no one was talking about getting the information out,” Guri says of his initial covert channel work, which he started at Ben-Gurion in 2014 as a PhD student. “That opened the gate to all this research, to break the paradigm that there’s a hermetic seal around air-gapped networks.”

Guri’s research, in fact, has focused almost exclusively on siphoning data out of those supposedly sealed environments. His work also typically makes the unorthodox assumption that an air-gapped target has already been infected with malware by, say, a USB drive, or other temporary connection used to occasionally update software on the air-gapped computer or feed it new data. Which isn’t necessarily too far a leap to make; that is, after all, how highly targeted malware like the NSA’s Stuxnet and Flamepenetrated air-gapped Iranian computers a decade ago, and how Russia’s “agent.btz” malware infected classified Pentagon networks around the same time.

Mordechai Guri

Guri’s work aims to show that once that infection has happened, hackers don’t necessarily need to wait for another traditional connection to exfiltrate stolen data. Instead, they can use more insidious means to leak information to nearby computers—often to malware on a nearby smartphone, or another infected computer on the other side of the air gap.

Guri’s team has “made a tour de force of demonstrating the myriad ways that malicious code deployed in a computer can manipulate physical environments to exfiltrate secrets,” says Eran Tromer, a research scientist at Columbia. Tromer notes, however, that the team often tests their techniques on consumer hardware that’s more vulnerable than stripped-down machines built for high security purposes. Still, they get impressive results. “Within this game, answering this question of whether you can form an effective air gap to prevent intentional exfiltration, they’ve made a resounding case for the negative.”

A Magnetic Houdini

On Wednesday, Guri’s Ben-Gurion team revealed a new technique they call MAGNETO, which Guri describes as the most dangerous yet of the dozen covert channels they’ve developed over the last four years. By carefully coordinating operations on a computer’s processor cores to create certain frequencies of electrical signals, their malware can electrically generate a pattern of magnetic forces powerful enough to carry a small stream of information to nearby devices.

The team went so far as to built an Android app they call ODINI, named for the escape artist Harry Houdini, to catch those signals using a phone’s magnetometer, the magnetic sensor that enables its compass and remains active even when the phone is in airplane mode. Depending on how close that smartphone “bug” is to the target air-gapped computer, the team could exfiltrate stolen data at between one and 40 bits a second—even at the slowest rate, fast enough to steal a password in a minute, or a 4096-bit encryption key in a little over an hour, as shown in the video below:

Plenty of other electromagnetic covert channel techniques have in the past used the radio signals generated by computers’ electromagnetism to spy on their operations—the NSA’s decades-old implementation of the technique, which the agency called Tempest, has even been declassified. But in theory, the radio signals on which those techniques depend would be blocked by the metal shielding of Faraday cages around computers, or even entire Faraday rooms used in some secure environments.

Guri’s technique, by contrast, communicates not via electromagnetically induced radio waves but with strong magnetic forces that can penetrate even those Faraday barriers, like metal-lined walls or a smartphone kept in a Faraday bag. “The simple solution to other techniques was simply to put the computer in a Faraday cage and all the signals are jailed,” Guri says. “We’ve shown it doesn’t work like that.”

Secret Messages, Drones, and Blinking Lights

For Guri, that Faraday-busting technique caps off an epic series of data heist tricks, some of which he describes as far more “exotic” than his latest. The Ben-Gurion team started, for instance, with a technique called AirHopper, which used a computer’s electromagnetism to transmit FM radio signals to a smartphone, a kind of modern update to the NSA’s Tempest technique. Next, they proved with a tool called BitWhisper that the heat generated by a piece of malware manipulating a computer’s processor can directly—if slowly—communicate data to adjacent, disconnected computers.

In 2016, his team switched to acoustic attacks, showing that they could use the noise generated by a hard drive’s spinning or a computer’s internal fan to send 15 to 20 bits a minute to a nearby smartphone. The fan attack, they show in the video below, works even when music is playing nearby:

More recently, Guri’s team began playing with light-based exfiltration. Last year, they published papers on using the LEDs of computers and routers to blink out Morse-code like messages, and even used the infrared LEDs on surveillance cameras to transmit messages that would be invisible to humans. In the video below, they show that LED-blinked message being captured by a drone outside a facility’s window. And compared to previous methods, that light-based transmission is relatively high bandwidth, sending a megabyte of data in a half an hour. If the exfiltrator is willing to blink the LED at a slightly slower rate, the malware can even send its signals with flashes so fast they’re undetectable for human eyes.

Guri says he remains so fixated on the specific challenge of air gap escapes in part because it involves thinking creatively about how the mechanics of every component of a computer can be turned into a secret beacon of communication. “It goes way beyond typical computer science: electrical engineering, physics, thermodynamics, acoustic science, optics,” he says. “It requires thinking ‘out of the box,’ literally.”

And the solution to the exfiltration techniques he and his team have demonstrated from so many angles? Some of his techniques can be blocked with simple measures, from more shielding to greater amounts of space between sensitive devices to mirrored windows that block peeping drones or other cameras from capturing LED signals. The same sensors in phones that can receive those sneaky data transmissions can also be used to detect them. And any radio-enabled device like a smartphone, Guri warns, should be kept as far as possible from air-gapped devices, even if those phones are carefully stored in a Faraday bag.

But Guri notes that some even more “exotic” and science fictional exfiltration methods may not be so easy to prevent in the future, particularly as the internet of things becomes more intertwined with our daily lives. What if, he speculates, it’s possible to squirrel away data in the memory of a pacemaker or insulin pump, using the radio connections those medical devices use for communications and updates? “You can’t tell someone with a pacemaker not to go to work,” Guri says.

An air gap, in other words, may be the best protection that the cybersecurity world can offer. But thanks to the work of hackers like Guri—some with less academic intentions—that space between our devices may never be entirely impermeable again.

Gap Attacks

Source: Wired

Enhancing offensive capacity by creating attack toolboxes | Yuval Elovici

 AI helps to defend against cyber attacks – but can also be used by attackers, to identify targets and create cheaper, more scalable attacks. Yuval Elovici, a Professor at the Department of Information Systems Engineering at Ben-Gurion University of the Negev, discusses the possibilities and their implications.

 

 

Reinforcing defences against intelligent aggression | Bracha Shapira

 Traditional security systems can no longer cope with the increasing sophistication of cyber attacks – it has become a big-data problem that requires artificial intelligence. Bracha Shapira, Professor in the Software and Information Systems Engineering Department at Ben-Gurion University of the Negev, shows how machine learning can help.

 

 

Designing adaptive attacks to identify and target defensive vulnerabilities | Lior Rokach

 As hackers adopt machine learning algorithms, we are experiencing an AI arms race. Lior Rokach, Professor of Software and Information Systems Engineering at Ben-Gurion University of the Negev, explores the potential for adversarial attacks and the implications for the AI community.

Source: World Economic Forum YouTube

A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from BGU and the Weizmann Institute of Science.

“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says Ben Nassi, a graduate student in BGU’s Department of Software and Information Systems Engineering as well as a researcher at BGU’s Cyber Security Research Center (CSRC).  “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”

The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.

 

In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.

To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.

“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.

Prof. Adi Shamir of the Department of Applied Mathematics at the Weizmann Institute conceived of the project to identify new network vulnerabilities by establishing a clandestine channel in a computer network.

Ben Nassi’s Ph.D. research advisor is Prof. Yuval Elovici​, a member of the BGU Department of Software and Information Systems Engineering and director of the Deutsche Telekom Innovation ​Laboratories at BGU. Elovici is also director of the CSRC.​​

Source Link

Researchers at BGU’s Cyber Security Research Center have demonstrated that data can be stolen from an isolated “air-gapped” computer’s hard drive reading the pulses of light on the LED drive using various types of cameras and light sensors.

In the new paper, the researchers demonstrated how data can be received by a Quadcopter drone flight, even outside a window with line-of-sight of the transmitting computer. Click here to watch a video of the demonstration.

Air-gapped computers are isolated — separated both logically and physically from public networks — ostensibly so that they cannot be hacked over the Internet or within company networks. These computers typically contain an organization’s most sensitive and confidential information.

Led by Dr. Mordechai Guri (pictured above), Head of R&D at the Cyber Security Research Center, the research team utilized the hard-drive (HDD) activity LED lights that are found on most desktop PCs and laptops. The researchers found that once malware is on a computer, it can indirectly control the HDD LED, turning it on and off rapidly (thousands of flickers per second) — a rate that exceeds the human visual perception capabilities. As a result, highly sensitive information can be encoded and leaked over the fast LED signals, which are received and recorded by remote cameras or light sensors.

“Our method compared to other LED exfiltration is unique, because it is also covert,” Dr. Guri says. “The hard drive LED flickers frequently, and therefore the user won’t be suspicious about changes in its activity.”

Dr. Guri and the Cyber Security Research Center have conducted a number of studies to demonstrate how malware can infiltrate air-gapped computers and transmit data. Previously, they determined that computer speakers and fans, FM waves and heat are all methods that can be used to obtain data.

In addition to Dr. Guri, the other BGU researchers include Boris Zadov, who received his M.Sc. degree from the Department of Electrical and Computer Engineering and Prof. Yuval Elovici, director of the Cyber Security Research Center. Prof. Elovici is also a member of the University’s Department of Software and Information Systems Engineering and Director of Deutsche Telekom Laboratories at BGU.

Link to original

About Us

Cyber@BGU is an umbrella organization at Ben Gurion University, being home to various cyber security, big data analytics and AI applied research activities.Residing in newly established R&D center at the new Hi-Tech park of Beer Sheva (Israel’s Cyber Capital), Cyber@BGU serves as a platform for the most innovative and technologically challenging projects with various industrial and governmental partners.

Latest Publications

Incentivized Delivery Network of IoT Software Updates Based on Trustless Proof-of-Distribution

Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, Asaf Shabtai

IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B) AN IEEE EUROPEAN SYMPOSIUM ON SECURITY & PRIVACY AFFILIATED WORKSHOP 23 April 2018, University College London (UCL), London, UK

Incentivized Delivery Network of IoT Software Updates Based on Trustless Proof-of-Distribution

Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, Asaf Shabtai

IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B) AN IEEE EUROPEAN SYMPOSIUM ON SECURITY & PRIVACY AFFILIATED WORKSHOP 23 April 2018, University College London (UCL), London, UK

The Internet of Things (IoT) network of connected devices currently contains more than 11 billion devices and is estimated to double in size within the next four years. The prevalence of these devices makes them an ideal target for attackers. To reduce the risk of attacks vendors routinely deliver security updates (patches) for their devices. The delivery of security updates becomes challenging due to the issue of scalability as the number of devices may grow much quicker than vendors’ distribution systems. Previous studies have suggested a permissionless and decentralized blockchainbased network in which nodes can host and deliver security updates, thus the addition of new nodes scales out the network. However, these studies do not provide an incentive for nodes to join the network, making it unlikely for nodes to freely contribute their hosting space, bandwidth, and computation resources.
In this paper, we propose a novel decentralized IoT software update delivery network in which participating nodes (referred to as distributors) are compensated by vendors with digital currency for delivering updates to devices. Upon the release of a new security update, a vendor will make a commitment to provide digital currency to distributors that deliver the update; the commitment will be made with the use of smart contracts, and hence will be public, binding, and irreversible. The smart contract promises compensation to any distributor that provides proof-of-distribution, which is unforgeable proof that a single update was delivered to a single device. A distributor acquires the proof-of-distribution by exchanging a security update for a device signature using the Zero-Knowledge Contingent Payment (ZKCP) trustless data exchange protocol. Eliminating the need for trust between the security update distributor and the security consumer (IoT device) by providing fair compensation, can significantly increase the number of distributors, thus facilitating rapid scale out.

Link

EEG-triggered dynamic difficulty adjustment for multiplayer games

Adi Stein, Yair Yotam, Rami Puzis, Guy Shani, Meirav Taieb-Maimon

Entertainment Computing Volume 25, March 2018, Pages 14-25

EEG-triggered dynamic difficulty adjustment for multiplayer games

Adi Stein, Yair Yotam, Rami Puzis, Guy Shani, Meirav Taieb-Maimon

Entertainment Computing Volume 25, March 2018, Pages 14-25

In online games, gamers may become frustrated when playing against stronger players or get bored when playing against weaker players, thus losing interest in the game. Dynamic Difficulty Adjustment (DDA) has been suggested as an intelligent handicapping mechanism, by reducing the difficulty for the weaker player, or increasing the difficulty for the stronger player. A key question when using DDA, is when to activate the difficulty adjustment.

In this paper we suggest using the Emotiv EPOC EEG headset to monitor the personal excitement level of a player and use this information to trigger DDA when the player’s excitement decreases in order to ensure that the player is engaged and enjoying the game. We experiment with an open-source third-person shooter game, in a multiplayer adversarial setting. We conduct experiments, showing that the detected excitement patterns correlate to game events. Experiments designed to evaluate the DDA triggering mechanism confirm that DDA triggered based on EEG increases the players excitement and improves the gaming experience compared to the heuristic triggered DDA and the experience of playing a game without DDA.

Link

Taxonomy of mobile users’ security awareness‏

R Bitton, A Finkelshtein, L Sidi, R Puzis, L Rokach, A Shabtai

Computers & Security Volume 73, March 2018, Pages 266-293

Taxonomy of mobile users’ security awareness‏

R Bitton, A Finkelshtein, L Sidi, R Puzis, L Rokach, A Shabtai

Computers & Security Volume 73, March 2018, Pages 266-293

The popularity of smartphones, coupled with the amount of valuable and private information they hold, make them attractive to attackers interested in exploiting the devices to harvest sensitive information. Exploiting human vulnerabilities (i.e., social engineering) is an approach widely used to achieve this goal. Improving the security awareness of users is an effective method for mitigating social engineering attacks. However, while in the domain of personal computers (PCs) the security awareness of users is relatively high, previous studies have shown that for the mobile platform, the security awareness level is significantly lower. The skills required from a mobile user to interact safely with his/her smartphone are different from those that are required for safe and responsible PC use. Therefore, the awareness of mobile users to security risks is an important aspect of information security. An essential and challenging requirement of assessing security awareness is the definition of measureable criteria for a security aware user. In this paper, we present a hierarchical taxonomy for security awareness, specifically designed for mobile device users. The taxonomy defines a set of measurable criteria that are categorized according to different technological focus areas (e.g., applications and browsing) and within the context of psychological dimensions (e.g., knowledge, attitude, and behavior). We demonstrate the applicability of the proposed taxonomy by introducing an expert-based procedure for deriving mobile security awareness models for different attack classes (each class is an aggregation of social engineering attacks that exploit a similar set of human vulnerabilities). Each model reflects the contribution (weight) of each criterion to the mitigation of the corresponding attack class. Application of the proposed procedure, based on the input of 17 security experts, to derive mobile security awareness models of four different attack classes, confirms that the skills required from a smartphone user to mitigate an attack are different for different attack classes.

Link

Foundations of Homomorphic Secret Sharing

E. Boyle, N. Gilboa, Y. Ishai, R. Lin and S. Tessaro

9th Innovations in Theoretical Computer Science Conference (ITCS 2018)

Foundations of Homomorphic Secret Sharing

E. Boyle, N. Gilboa, Y. Ishai, R. Lin and S. Tessaro

9th Innovations in Theoretical Computer Science Conference (ITCS 2018)

Homomorphic secret sharing (HSS) is the secret sharing analogue of homomorphic encryption. An HSS scheme supports a local evaluation of functions on shares of one or more secret inputs, such that the resulting shares of the output are short. Some applications require the stronger notion of additive HSS, where the shares of the output add up to the output over some finite Abelian group. While some strong positive results for HSS are known under specific cryptographic assumptions, many natural questions remain open. We initiate a systematic study of HSS, making the following contributions. – A definitional framework. We present a general framework for defining HSS schemes that unifies and extends several previous notions from the literature, and cast known results within this framework. – Limitations. We establish limitations on information-theoretic multi-input HSS with short output shares via a relation with communication complexity. We also show that additive HSS for non-trivial functions, even the AND of two input bits, implies non-interactive key exchange, and is therefore unlikely to be implied by public-key encryption or even oblivious transfer. – Applications. We present two types of applications of HSS. First, we construct 2-round protocols for secure multiparty computation from a simple constant-size instance of HSS. As a corollary, we obtain 2-round protocols with attractive asymptotic efficiency features under the Decision Diffie Hellman (DDH) assumption. Second, we use HSS to obtain nearly optimal worst-case to average-case reductions in P. This in turn has applications to fine-grained average-case hardness and verifiable computation.

Link
Back to top