Keynote Address given by Charles Stross, Author of award-winning science fiction, at the 20th USENIX Security Symposium (USENIX Security '11), held August 8--12, 2011, in San Francisco, CA.
A science fiction writer takes a look at the medium-term implications the information processing revolution holds for human civilization.
Charles Stross, 46, is a full-time science fiction writer and resident of Edinburgh, Scotland. The winner of two Locus Reader Awards and winner in 2005 and 2010 of the Hugo Award for best novella, Stross's works have been translated into over a dozen languages. Like many writers, Stross has had a variety of careers, occupations, and job-shaped catastrophes in the past, from pharmacist through tech sector journalist to first code monkey on the team of a successful dot-com startup. He has degrees in pharmacy and computer science.
Comments Off
Refereed Paper presented by Stephen Checkoway (University of California, San Diego) at the 20th USENIX Security Symposium (USENIX Security '11), held August 8--12, 2011, in San Francisco, CA.
Authors: Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage, University of California, San Diego; Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno, University of Washington
Abstract: Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model โ requiring prior physical access โ has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.
Comments Off
Why (Special Agent) Johnny (Still) Can't Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System
Refereed Paper presented by Matt Blaze (University of Pennsylvania) at the 20th USENIX Security Symposium (USENIX Security '11), held August 8--12, 2011, in San Francisco, CA.
Awarded Outstanding Paper
Authors: Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze, University of Pennsylvania
Abstract: APCO Project 25 ("P25") is a suite of wireless communications protocols used in the US and elsewhere for public safety two-way (voice) radio systems. The protocols include security options in which voice and data traffic can be cryptographically protected from eavesdropping. This paper analyzes the security of P25 systems against both passive and active adversaries. We found a number of protocol, implementation, and user interface weaknesses that routinely leak information to a passive eavesdropper or that permit highly efficient and difficult to detect active attacks. We introduce new selective subframe jamming attacks against P25, in which an active attacker with very modest resources can prevent specific kinds of traffic (such as encrypted messages) from being received, while emitting only a small fraction of the aggregate power of the legitimate transmitter. We also found that even the passive attacks represent a serious practical threat. In a study we conducted over a two year period in several US metropolitan areas, we found that a significant fraction of the "encrypted" P25 tactical radio traffic sent by federal law enforcement surveillance operatives is actually sent in the clear, in spite of their users' belief that they are encrypted, and often reveals such sensitive data as the names of informants in criminal investigations.
Comments Off
Keynote Address given by Charles Stross, Author of award-winning science fiction, at the 20th USENIX Security Symposium (USENIX Security '11), held August 8--12, 2011, in San Francisco, CA.
A science fiction writer takes a look at the medium-term implications the information processing revolution holds for human civilization.
Charles Stross, 46, is a full-time science fiction writer and resident of Edinburgh, Scotland. The winner of two Locus Reader Awards and winner in 2005 and 2010 of the Hugo Award for best novella, Stross's works have been translated into over a dozen languages. Like many writers, Stross has had a variety of careers, occupations, and job-shaped catastrophes in the past, from pharmacist through tech sector journalist to first code monkey on the team of a successful dot-com startup. He has degrees in pharmacy and computer science.
Comments Off
