% 2025-12-06 19:58:28,784 INFO | No collection ID found % 2025-12-06 19:58:28,784 INFO | Using configuration: % 2025-12-06 19:58:28,784 INFO | Group ID: 5517584 % 2025-12-06 19:58:28,784 INFO | Key: oUjc[omitted...] % 2025-12-06 19:58:28,784 INFO | Format: bibtex % 2025-12-06 19:58:28,784 INFO | Collection ID: None % 2025-12-06 19:58:28,784 INFO | Inclusion Strategy: all % 2025-12-06 19:58:28,784 INFO | Add IDs: False % 2025-12-06 19:58:29,311 INFO | Requested https://api.zotero.org/groups/5517584/collections?limit=100 % 2025-12-06 19:58:29,312 INFO | No collection provided, assuming group root-level wanted % 2025-12-06 19:58:29,313 INFO | Including sub-collections: % 2025-12-06 19:58:29,313 INFO | webrtc: K8MHUG8J % 2025-12-06 19:58:29,313 INFO | _publications: 6XKEUPZ9 % 2025-12-06 19:58:29,313 INFO | _publications/sven: HBX6LT24 % 2025-12-06 19:58:29,313 INFO | quic: 4BWB5URR % 2025-12-06 19:58:29,313 INFO | quic/quic-statelearning: IBJ3BZD7 % 2025-12-06 19:58:29,313 INFO | manufacturing: JTB37HRX % 2025-12-06 19:58:29,313 INFO | manufacturing/digital-twins: CCAKVCDM % 2025-12-06 19:58:29,313 INFO | manufacturing/drones: 9WF5299I % 2025-12-06 19:58:29,313 INFO | manufacturing/protocols: 62S2RVZF % 2025-12-06 19:58:29,313 INFO | manufacturing/protocols/opc-ua-spec: TG6WKIYF % 2025-12-06 19:58:29,313 INFO | manufacturing/modid-prior-work: 9PCN8DFB % 2025-12-06 19:58:29,313 INFO | manufacturing/robots: TKKD8A9U % 2025-12-06 19:58:29,313 INFO | manufacturing/overview: U6A63VPU % 2025-12-06 19:58:29,313 INFO | manufacturing/cad: 66DFZ732 % 2025-12-06 19:58:29,313 INFO | parser-and-documents: AYITN7W7 % 2025-12-06 19:58:29,313 INFO | parser-and-documents/json: S22BZN8V % 2025-12-06 19:58:29,313 INFO | _papers: L4YKF2E2 % 2025-12-06 19:58:29,313 INFO | _papers/acsac_tls-attacker-artifact: 54KASXGD % 2025-12-06 19:58:29,314 INFO | wireless: BUQNY7HP % 2025-12-06 19:58:29,314 INFO | _papers/stekrübe: S32ZIPF5 % 2025-12-06 19:58:29,314 INFO | parser-and-documents/unicode: WE3LCUDT % 2025-12-06 19:58:29,314 INFO | parser-and-documents/office: W9X6HPPC % 2025-12-06 19:58:29,314 INFO | parser-and-documents/yaml: JYQQJ4AH % 2025-12-06 19:58:29,314 INFO | parser-and-documents/parsers: PQHESYJY % 2025-12-06 19:58:29,314 INFO | crypto: NIRQEFPF % 2025-12-06 19:58:29,314 INFO | fuzzing: 7JBRMTLG % 2025-12-06 19:58:29,314 INFO | ML: CAJCP8VL % 2025-12-06 19:58:29,314 INFO | statelearning: YVLQDY3Z % 2025-12-06 19:58:29,314 INFO | quic/quic-amplification: 9FBEUEF4 % 2025-12-06 19:58:29,314 INFO | quic/quic-sessiontickets: G7RL9YTT % 2025-12-06 19:58:29,314 INFO | standards: CNI4CRVD % 2025-12-06 19:58:29,314 INFO | web: U82UQLYP % 2025-12-06 19:58:29,314 INFO | CDNs: E28B45AH % 2025-12-06 19:58:29,314 INFO | tls: VK896V2H % 2025-12-06 19:58:29,314 INFO | manufacturing/3d-printing: IK3T8EMC % 2025-12-06 19:58:29,314 INFO | censorship: XR6BBRYH % 2025-12-06 19:58:29,719 INFO | Requested https://api.zotero.org/groups/5517584/collections/AYITN7W7/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:29,735 INFO | Requested https://api.zotero.org/groups/5517584/collections/L4YKF2E2/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,626 INFO | Requested https://api.zotero.org/groups/5517584/collections/S22BZN8V/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,630 INFO | Requested https://api.zotero.org/groups/5517584/collections/IBJ3BZD7/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,651 INFO | Requested https://api.zotero.org/groups/5517584/collections/6XKEUPZ9/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,673 INFO | Requested https://api.zotero.org/groups/5517584/collections/JTB37HRX/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,673 INFO | Requested https://api.zotero.org/groups/5517584/collections/G7RL9YTT/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,679 INFO | Requested https://api.zotero.org/groups/5517584/collections/7JBRMTLG/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,686 INFO | Requested https://api.zotero.org/groups/5517584/collections/WE3LCUDT/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,708 INFO | Requested https://api.zotero.org/groups/5517584/collections/JYQQJ4AH/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,728 INFO | Requested https://api.zotero.org/groups/5517584/collections/BUQNY7HP/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,743 INFO | Requested https://api.zotero.org/groups/5517584/collections/E28B45AH/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,758 INFO | Requested https://api.zotero.org/groups/5517584/collections/9FBEUEF4/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,769 INFO | Requested https://api.zotero.org/groups/5517584/collections/66DFZ732/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,771 INFO | Requested https://api.zotero.org/groups/5517584/collections/U82UQLYP/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,830 INFO | Requested https://api.zotero.org/groups/5517584/collections/NIRQEFPF/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,833 INFO | Requested https://api.zotero.org/groups/5517584/collections/PQHESYJY/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,843 INFO | Requested https://api.zotero.org/groups/5517584/collections/9WF5299I/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,844 INFO | Requested https://api.zotero.org/groups/5517584/collections/HBX6LT24/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,863 INFO | Requested https://api.zotero.org/groups/5517584/collections/9PCN8DFB/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,872 INFO | Requested https://api.zotero.org/groups/5517584/collections/W9X6HPPC/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,883 INFO | Requested https://api.zotero.org/groups/5517584/collections/TG6WKIYF/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,888 INFO | Requested https://api.zotero.org/groups/5517584/collections/YVLQDY3Z/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,940 INFO | Requested https://api.zotero.org/groups/5517584/collections/CCAKVCDM/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:31,980 INFO | Requested https://api.zotero.org/groups/5517584/collections/U6A63VPU/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:32,043 INFO | Requested https://api.zotero.org/groups/5517584/collections/54KASXGD/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:32,092 INFO | Requested https://api.zotero.org/groups/5517584/collections/CNI4CRVD/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:32,150 INFO | Requested https://api.zotero.org/groups/5517584/collections/62S2RVZF/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:32,510 INFO | Requested https://api.zotero.org/groups/5517584/collections/4BWB5URR/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:32,611 INFO | Requested https://api.zotero.org/groups/5517584/collections/K8MHUG8J/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:32,977 INFO | Requested https://api.zotero.org/groups/5517584/collections/CAJCP8VL/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:33,218 INFO | Requested https://api.zotero.org/groups/5517584/collections/S32ZIPF5/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:33,303 INFO | Requested https://api.zotero.org/groups/5517584/collections/IK3T8EMC/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:33,386 INFO | Requested https://api.zotero.org/groups/5517584/collections/VK896V2H/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:33,424 INFO | Requested https://api.zotero.org/groups/5517584/collections/TKKD8A9U/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:33,520 INFO | Requested https://api.zotero.org/groups/5517584/collections/S32ZIPF5/items/top?start=100&format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:33,942 INFO | Requested https://api.zotero.org/groups/5517584/collections/XR6BBRYH/items/top?format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:35,464 INFO | Requested https://api.zotero.org/groups/5517584/collections/XR6BBRYH/items/top?start=100&format=bibtex&itemType=-attachment&limit=100 % 2025-12-06 19:58:35,466 WARNING | Duplicate entry found, deduplicating: baumer_TLSattackerDynamicFramework_2024 % 2025-12-06 19:58:35,466 WARNING | Duplicate entry found, deduplicating: hebrok_WeReallyNeed_2023 % 2025-12-06 19:58:35,466 WARNING | Duplicate entry found, deduplicating: knapp_IndustrialNetworkSecurity_2015 % 2025-12-06 19:58:35,466 WARNING | Duplicate entry found, deduplicating: radoy_SearchPartitioningOracle_2024 % 2025-12-06 19:58:35,466 WARNING | Duplicate entry found, deduplicating: hebrok_WeReallyNeed_2023 % 2025-12-06 19:58:35,466 WARNING | Duplicate entry found, deduplicating: rescorla_TransportLayerSecurity_2018 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: somorovsky_AllYourClouds_2011 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: radoy_SearchPartitioningOracle_2024 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: moller_CrossLanguageDifferentialTesting_2024 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: jager_HowBreakXML_2011 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: rasheed_LaughterWildStudy_2019 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: bhargavan_SymbolicAnalysisPrivacy_2022 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: arfaoui_PrivacyTLSProtocol_2019 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: gellert_FormalSecurityAnalysis_2021 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: nawrocki_InterplayTLSCertificates_2022 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: iyengared._QUICUDPbasedMultiplexed_2021 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: eronen_TransportLayerSecurity_2008 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: salowey_TransportLayerSecurity_2006 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: rfc5216 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: hancke_HowZoomWeb_2019 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: delignat-lavaud_NetworkbasedOriginConfusion_2015 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: vissers_ManeuveringCloudsBypassing_2015 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: shobiri_CDNsDarkSide_2023 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: janbeglou_EffectivenessDNSBasedSecurity_2014 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: guo_AbusingCDNsFun_2018 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: liang_WhenHTTPSMeets_2014 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: fiterau-brostean_AnalysisDTLSImplementations_2020 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: hebrok_WeReallyNeed_2023 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: zhang_TalkingFamiliarStrangers_2020 % 2025-12-06 19:58:35,467 WARNING | Duplicate entry found, deduplicating: springall_MeasuringSecurityHarm_2016 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: bhargavan_SymbolicAnalysisPrivacy_2022 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: lepochat_TrancoResearchorientedTop_2019 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: somorovsky_SystematicFuzzingTesting_2016 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: dunsche_GreatPowerCome_2024 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: merget_ScalableScanningAutomatic_2019 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: zirngibl_It9000Analyzing_2021 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: durumeric_ZMapFastInternetwide_2013 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: radoy_SearchPartitioningOracle_2024 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: brinkmann_ALPACAApplicationLayer_2021 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: arfaoui_PrivacyTLSProtocol_2019 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: gellert_FormalSecurityAnalysis_2021 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: maehren_TLSAnvilAdaptingCombinatorial_2022 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: bock_ReturnBleichenbacherOracle_2018 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: tls-attacker % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: drees_AutomatedDetectionSide_2021 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: xu_DigitalTwinsDefect_2025 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: baumann_CyberphysicalSystemControl_2017 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: rossel_SecurityAnalysis3MF_2023 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: muller_SoKExploitingNetwork_2017 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: mahesh_SurveyCybersecurityDigital_2021 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: google_HTTPSEncryptionWeb_ % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: lepochat_TrancoResearchorientedTop_2019 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: zirngibl_FirstLookSVCB_2023 % 2025-12-06 19:58:35,468 WARNING | Duplicate entry found, deduplicating: durumeric_ZMapFastInternetwide_2013 % 2025-12-06 19:58:35,469 WARNING | Duplicate entry found, deduplicating: niere_PosterCircumventingGFW_2023 % 2025-12-06 19:58:35,469 WARNING | Duplicate entry found, deduplicating: langley_QUICTransportProtocol_2017 % 2025-12-06 19:58:35,469 INFO | Removed 57 duplicates % 2025-12-06 19:58:35,469 INFO | Returning 683 entries @misc{brisset_BringingDAVEAll_2025, title = {Bringing {DAVE} to {All} {Discord} {Platforms}}, url = {https://discord.com/blog/bringing-dave-to-all-discord-platforms}, abstract = {From March 1st, 2026, all clients and apps must be updated to utilize DAVE’s end-to-end encryption support for voice and video calls. In this blog, we explore the challenges we encountered bringing E2EE to browsers, and share what you may need to do to ensure your app can still connect to voice calls in 2026.}, language = {en-GB}, urldate = {2025-12-04}, author = {Brisset, Clément}, month = sep, year = {2025}, } @misc{birarda_MeetDAVEDiscords_2024, title = {Meet {DAVE}: {Discord}’s {New} {End}-to-{End} {Encryption} for {Audio} \& {Video}}, shorttitle = {Meet {DAVE}}, url = {https://discord.com/blog/meet-dave-e2ee-for-audio-video}, abstract = {We’re rolling out end-to-end encryption for voice and video calls! We’d like to share why we’re bringing E2EE A/V to Discord, share our design and implementation goals, and provide a high-level technical overview of how it works.}, language = {en-GB}, urldate = {2025-12-04}, author = {Birarda, Stephen}, month = sep, year = {2024}, } @misc{worldwidewebconsortium_WebRTCEncodedTransform_2025, title = {{WebRTC} {Encoded} {Transform}}, url = {https://www.w3.org/TR/webrtc-encoded-transform/}, urldate = {2025-12-04}, author = {{World Wide Web Consortium}}, month = nov, year = {2025}, } @inproceedings{ling_FirstLookZoombombing_2021, title = {A {First} {Look} at {Zoombombing}}, url = {https://ieeexplore.ieee.org/abstract/document/9519457}, doi = {10.1109/SP40001.2021.00061}, abstract = {Online meeting tools like Zoom and Google Meet have become central to our professional, educational, and personal lives. This has opened up new opportunities for large scale harassment. In particular, a phenomenon known as zoombombing has emerged, in which aggressors join online meetings with the goal of disrupting them and harassing their participants. In this paper, we conduct the first data-driven analysis of calls for zoombombing attacks on social media. We identify ten popular online meeting tools and extract posts containing meeting invitations to these platforms on a mainstream social network, Twitter, and on a fringe community known for organizing coordinated attacks against online users, 4chan. We then perform manual annotation to identify posts that are calling for zoombombing attacks, and apply thematic analysis to develop a codebook to better characterize the discussion surrounding calls for zoombombing. During the first seven months of 2020, we identify over 200 calls for zoombombing between Twitter and 4chan, and analyze these calls both quantitatively and qualitatively. Our findings indicate that the vast majority of calls for zoombombing are not made by attackers stumbling upon meeting invitations or bruteforcing their meeting ID, but rather by insiders who have legitimate access to these meetings, particularly students in high school and college classes. This has important security implications because it makes common protections against zoombombing, e.g., password protection, ineffective. We also find instances of insiders instructing attackers to adopt the names of legitimate participants in the class to avoid detection, making countermeasures like setting up a waiting room and vetting participants less effective. Based on these observations, we argue that the only effective defense against zoombombing is creating unique join links for each participant.}, urldate = {2025-11-12}, booktitle = {2021 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})}, author = {Ling, Chen and Balcı, Utkucan and Blackburn, Jeremy and Stringhini, Gianluca}, month = may, year = {2021}, note = {ISSN: 2375-1207}, keywords = {Blogs, Manuals, Meetings, Online-harassment, Privacy, Real-time systems, Social networking (online), Tools, Trolling, Zoombombing}, pages = {1452--1467}, } @misc{hart_WebRTCVsMoQ_2025, title = {{WebRTC} vs. {MoQ} by {Use} {Case}}, url = {https://webrtchacks.com/webrtc-vs-moq-by-use-case/}, abstract = {WebRTC vs. MoQ by use case—1:1 calls, Voice AI, meetings, and live 1→many. See where MoQ, WebRTC, and HLS each win with details.}, language = {en-US}, urldate = {2025-11-10}, journal = {webrtcHacks}, author = {Hart, Chad}, month = nov, year = {2025}, } @techreport{jennings_WebRTCRealTimeCommunication_2025, title = {{WebRTC}: {Real}-{Time} {Communication} in {Browsers}}, url = {https://www.w3.org/TR/webrtc/}, urldate = {2025-10-02}, institution = {World Wide Web Consortium}, author = {Jennings, Cullen and Castelli, Florent and Boström, Henrik and Bruaroey, Jan-Ivar}, year = {2025}, } @misc{hancke_NotGuideSDP_2020, title = {Not a {Guide} to {SDP} {Munging}}, url = {https://webrtchacks.com/not-a-guide-to-sdp-munging/}, abstract = {What SDP munging is, where in your WebRTC code you're allowed to do it and why you shouldn't do it.}, language = {en-US}, urldate = {2025-10-16}, journal = {webrtcHacks}, author = {Hancke, Philipp}, month = feb, year = {2020}, } @techreport{petit-huguenin_SessionTraversalUtilities_2020, type = {Request for {Comments}}, title = {Session {Traversal} {Utilities} for {NAT} ({STUN})}, url = {https://datatracker.ietf.org/doc/rfc8489}, abstract = {Session Traversal Utilities for NAT (STUN) is a protocol that serves as a tool for other protocols in dealing with NAT traversal. It can be used by an endpoint to determine the IP address and port allocated to it by a NAT. It can also be used to check connectivity between two endpoints and as a keep-alive protocol to maintain NAT bindings. STUN works with many existing NATs and does not require any special behavior from them. STUN is not a NAT traversal solution by itself. Rather, it is a tool to be used in the context of a NAT traversal solution. This document obsoletes RFC 5389.}, number = {RFC 8489}, urldate = {2025-10-13}, institution = {Internet Engineering Task Force}, author = {Petit-Huguenin, Marc and Salgueiro, Gonzalo and Rosenberg, Jonathan and Wing, Dan and Mahy, Rohan and Matthews, Philip}, month = feb, year = {2020}, doi = {10.17487/RFC8489}, note = {Num Pages: 67}, } @techreport{reddy.k_TraversalUsingRelays_2020, type = {Request for {Comments}}, title = {Traversal {Using} {Relays} around {NAT} ({TURN}): {Relay} {Extensions} to {Session} {Traversal} {Utilities} for {NAT} ({STUN})}, shorttitle = {Traversal {Using} {Relays} around {NAT} ({TURN})}, url = {https://datatracker.ietf.org/doc/rfc8656}, abstract = {If a host is located behind a NAT, it can be impossible for that host to communicate directly with other hosts (peers) in certain situations. In these situations, it is necessary for the host to use the services of an intermediate node that acts as a communication relay. This specification defines a protocol, called "Traversal Using Relays around NAT" (TURN), that allows the host to control the operation of the relay and to exchange packets with its peers using the relay. TURN differs from other relay control protocols in that it allows a client to communicate with multiple peers using a single relay address. The TURN protocol was designed to be used as part of the Interactive Connectivity Establishment (ICE) approach to NAT traversal, though it can also be used without ICE. This document obsoletes RFCs 5766 and 6156.}, number = {RFC 8656}, urldate = {2025-10-13}, institution = {Internet Engineering Task Force}, author = {Reddy.K, Tirumaleswar and Johnston, Alan and Matthews, Philip and Rosenberg, Jonathan}, month = feb, year = {2020}, doi = {10.17487/RFC8656}, note = {Num Pages: 79}, } @techreport{petit-huguenin_SessionDescriptionProtocol_2021, type = {Request for {Comments}}, title = {Session {Description} {Protocol} ({SDP}) {Offer}/{Answer} {Procedures} for {Interactive} {Connectivity} {Establishment} ({ICE})}, url = {https://datatracker.ietf.org/doc/rfc8839}, abstract = {This document describes Session Description Protocol (SDP) Offer/Answer procedures for carrying out Interactive Connectivity Establishment (ICE) between the agents. This document obsoletes RFCs 5245 and 6336.}, number = {RFC 8839}, urldate = {2025-10-13}, institution = {Internet Engineering Task Force}, author = {Petit-Huguenin, Marc and Nandakumar, Suhas and Holmberg, Christer and Keränen, Ari and Shpount, Roman}, month = jan, year = {2021}, doi = {10.17487/RFC8839}, note = {Num Pages: 38}, } @misc{laine_AiortcAiortc_2025, title = {aiortc/aiortc}, copyright = {BSD-3-Clause}, url = {https://github.com/aiortc/aiortc}, abstract = {WebRTC and ORTC implementation for Python using asyncio}, urldate = {2025-10-13}, publisher = {aiortc}, author = {Lainé, Jeremy and {aiortc Contributors}}, month = oct, year = {2025}, keywords = {asyncio, data-channel, ortc, python, webrtc, webrtc-libraries}, } @techreport{mcgrew_DatagramTransportLayer_2010, type = {Request for {Comments}}, title = {Datagram {Transport} {Layer} {Security} ({DTLS}) {Extension} to {Establish} {Keys} for the {Secure} {Real}-time {Transport} {Protocol} ({SRTP})}, url = {https://datatracker.ietf.org/doc/rfc5764}, abstract = {This document describes a Datagram Transport Layer Security (DTLS) extension to establish keys for Secure RTP (SRTP) and Secure RTP Control Protocol (SRTCP) flows. DTLS keying happens on the media path, independent of any out-of-band signalling channel present. [STANDARDS-TRACK]}, number = {RFC 5764}, urldate = {2025-10-10}, institution = {Internet Engineering Task Force}, author = {McGrew, David and Rescorla, Eric}, month = may, year = {2010}, doi = {10.17487/RFC5764}, note = {Num Pages: 26}, } @techreport{tuxen_DatagramTransportLayer_2011, type = {Request for {Comments}}, title = {Datagram {Transport} {Layer} {Security} ({DTLS}) for {Stream} {Control} {Transmission} {Protocol} ({SCTP})}, url = {https://datatracker.ietf.org/doc/rfc6083}, abstract = {This document describes the usage of the Datagram Transport Layer Security (DTLS) protocol over the Stream Control Transmission Protocol (SCTP). DTLS over SCTP provides communications privacy for applications that use SCTP as their transport protocol and allows client/server applications to communicate in a way that is designed to prevent eavesdropping and detect tampering or message forgery. Applications using DTLS over SCTP can use almost all transport features provided by SCTP and its extensions. [STANDARDS-TRACK]}, number = {RFC 6083}, urldate = {2025-10-10}, institution = {Internet Engineering Task Force}, author = {Tüxen, Michael and Rescorla, Eric and Seggelmann, Robin}, month = jan, year = {2011}, doi = {10.17487/RFC6083}, note = {Num Pages: 9}, } @techreport{stewart_StreamControlTransmission_2022, type = {Request for {Comments}}, title = {Stream {Control} {Transmission} {Protocol}}, url = {https://datatracker.ietf.org/doc/rfc9260}, abstract = {This document describes the Stream Control Transmission Protocol (SCTP) and obsoletes RFC 4960. It incorporates the specification of the chunk flags registry from RFC 6096 and the specification of the I bit of DATA chunks from RFC 7053. Therefore, RFCs 6096 and 7053 are also obsoleted by this document. In addition, RFCs 4460 and 8540, which describe errata for SCTP, are obsoleted by this document. SCTP was originally designed to transport Public Switched Telephone Network (PSTN) signaling messages over IP networks. It is also suited to be used for other applications, for example, WebRTC. SCTP is a reliable transport protocol operating on top of a connectionless packet network, such as IP. It offers the following services to its users: The design of SCTP includes appropriate congestion avoidance behavior and resistance to flooding and masquerade attacks.}, number = {RFC 9260}, urldate = {2025-10-10}, institution = {Internet Engineering Task Force}, author = {Stewart, Randall R. and Tüxen, Michael and Nielsen, karen}, month = jun, year = {2022}, doi = {10.17487/RFC9260}, note = {Num Pages: 133}, } @techreport{jesup_WebRTCDataChannel_2021, type = {Request for {Comments}}, title = {{WebRTC} {Data} {Channel} {Establishment} {Protocol}}, url = {https://datatracker.ietf.org/doc/rfc8832}, abstract = {The WebRTC framework specifies protocol support for direct interactive rich communication using audio, video, and data between two peers' web browsers. This document specifies a simple protocol for establishing symmetric data channels between the peers. It uses a two-way handshake and allows sending of user data without waiting for the handshake to complete.}, number = {RFC 8832}, urldate = {2025-10-10}, institution = {Internet Engineering Task Force}, author = {Jesup, Randell and Loreto, Salvatore and Tüxen, Michael}, month = jan, year = {2021}, doi = {10.17487/RFC8832}, note = {Num Pages: 12}, } @misc{microsoftcorporation_FastReliableEndtoend_2025, title = {Fast and reliable end-to-end testing for modern web apps {\textbar} {Playwright}}, url = {https://playwright.dev/}, abstract = {Cross-browser end-to-end testing for modern web apps}, language = {en}, urldate = {2025-10-10}, author = {{Microsoft Corporation}}, month = oct, year = {2025}, } @misc{mdncontributors_EstablishingConnectionWebRTC_2025, title = {Establishing a connection: {The} {WebRTC} perfect negotiation pattern - {Web} {APIs} {\textbar} {MDN}}, shorttitle = {Establishing a connection}, url = {https://developer.mozilla.org/en-US/docs/Web/API/WebRTC_API/Perfect_negotiation}, abstract = {This article introduces WebRTC perfect negotiation, describing how it works and why it's the recommended way to negotiate a WebRTC connection between peers, and provides sample code to demonstrate the technique.}, language = {en-US}, urldate = {2025-10-10}, journal = {MDN Web Docs}, author = {{MDN Contributors}}, month = may, year = {2025}, } @techreport{begen_SDPSessionDescription_2021, type = {Request for {Comments}}, title = {{SDP}: {Session} {Description} {Protocol}}, shorttitle = {{SDP}}, url = {https://datatracker.ietf.org/doc/rfc8866}, abstract = {This memo defines the Session Description Protocol (SDP). SDP is intended for describing multimedia sessions for the purposes of session announcement, session invitation, and other forms of multimedia session initiation. This document obsoletes RFC 4566.}, number = {RFC 8866}, urldate = {2025-10-10}, institution = {Internet Engineering Task Force}, author = {Begen, Ali C. and Kyzivat, Paul and Perkins, Colin and Handley, Mark J.}, month = jan, year = {2021}, doi = {10.17487/RFC8866}, note = {Num Pages: 57}, } @article{sabbagh_HowSignificantRussias_2024, chapter = {World news}, title = {How significant is {Russia}’s apparent interception of military talks on {Ukraine}?}, issn = {0261-3077}, url = {https://www.theguardian.com/world/2024/mar/04/what-are-the-implications-of-russias-apparent-interception-of-military-talks-on-ukraine}, abstract = {Key questions answered after extraordinary leak of secret call involving Germany’s air force chief}, language = {en-GB}, urldate = {2025-10-10}, journal = {The Guardian}, author = {Sabbagh, Dan}, month = mar, year = {2024}, keywords = {Germany, Ministry of Defence, Russia, UK news, Ukraine, WikiLeaks}, } @misc{jones_GermanyConfirmsRussias_2024, title = {Germany confirms {Russia}'s military {WebEx} meeting leak}, url = {https://www.theregister.com/2024/03/04/germany_confirms_russia_leak_genuine/}, abstract = {Officials can't tell whether the tape was edited, but fear Kremlin has more juicy bits to release in the future}, language = {en}, urldate = {2025-10-10}, journal = {The Register}, author = {Jones, Connor}, month = mar, year = {2024}, } @inproceedings{garcia_TestingFrameworkWebRTC_2016, address = {Xi'an, People's Republic of China}, title = {Testing {Framework} for {WebRTC} {Services}}, isbn = {978-1-63190-104-1}, url = {http://eudl.eu/doi/10.4108/eai.18-6-2016.2264212}, doi = {10.4108/eai.18-6-2016.2264212}, abstract = {WebRTC is the umbrella term for several emergent technologies aimed to exchange real-time media in the Web. WebRTC is gaining the attention of practitioners quickly, and therefore the mechanisms to provide quality assurance for WebRTC services are becoming more and more demanded. WebRTC has been conceived as a peer-to-peer architecture where browsers can directly communicate. This model can be extended using a media server to provide extra features such as group communications, media recording, and so on. In this context, the open source initiative kurento.org provides a WebRTC media server and a set of APIs aimed to simplify the development of advanced WebRTC applications. Among these APIs, Kurento provides a high level testing infrastructure to assess WebRTC services in terms of functionality, performance, and quality-of-experience. This paper presents a detailed description of the testing services provided by this framework.}, language = {en}, urldate = {2025-10-09}, booktitle = {Proceedings of the 9th {EAI} {International} {Conference} on {Mobile} {Multimedia} {Communications}}, publisher = {ACM}, author = {García, Boni and López-Fernández, Luis and Gallego, Micael and Gortázar, Francisco}, year = {2016}, } @misc{ludwig_JingleRTPSessions_2025, type = {{XMPP} {Extension} {Protocol}}, title = {Jingle {RTP} {Sessions}}, copyright = {This XMPP Extension Protocol is copyright © 1999 – 2024 by the XMPP Standards Foundation (XSF).}, url = {https://xmpp.org/extensions/xep-0167.html}, abstract = {This specification defines a Jingle application type for negotiating one or more sessions that use the Real-time Transport Protocol (RTP) to exchange media such as voice or video. The application type includes a straightforward mapping to Session Description Protocol (SDP) for interworking with SIP media endpoints.}, language = {en}, urldate = {2025-10-09}, author = {Ludwig, Scott and Saint-Andre, Peter and Egan, Sean and McQueen, Robert and Cionoiu, Diana}, month = jul, year = {2025}, note = {Publisher: XMPP Standards Foundation}, } @misc{beda_JingleICEUDPTransport_2021, type = {{XMPP} {Extension} {Protocol}}, title = {Jingle {ICE}-{UDP} {Transport} {Method}}, copyright = {This XMPP Extension Protocol is copyright © 1999 – 2024 by the XMPP Standards Foundation (XSF).}, url = {https://xmpp.org/extensions/xep-0176.html}, abstract = {This specification defines a Jingle transport method that results in sending media data using raw datagram associations via the User Datagram Protocol (UDP). This transport method is negotiated via the Interactive Connectivity Establishment (ICE) methodology, which provides robust NAT traversal for media traffic.}, language = {en}, urldate = {2025-10-09}, author = {Beda, Joe and Ludwig, Scott and Saint-Andre, Peter and Hildebrand, Joe and Egan, Sean and McQueen, Robert}, month = mar, year = {2021}, note = {Publisher: XMPP Standards Foundation}, } @misc{crete_JingleRTPFeedback_2022, type = {{XMPP} {Extension} {Protocol}}, title = {Jingle {RTP} {Feedback} {Negotiation}}, copyright = {This XMPP Extension Protocol is copyright © 1999 – 2024 by the XMPP Standards Foundation (XSF).}, url = {https://xmpp.org/extensions/xep-0293.html}, abstract = {This specification defines an XMPP extension to negotiate the use of the Extended RTP Profile for Real-time Transport Control Protocol (RTCP)-Based Feedback (RTP/AVPF) with Jingle RTP sessions}, language = {en}, urldate = {2025-10-09}, author = {Crête, Olivier}, month = aug, year = {2022}, note = {Publisher: XMPP Standards Foundation}, } @misc{ludwig_Jingle_2018, type = {{XMPP} {Extension} {Protocol}}, title = {Jingle}, copyright = {This XMPP Extension Protocol is copyright © 1999 – 2024 by the XMPP Standards Foundation (XSF).}, url = {https://xmpp.org/extensions/xep-0166.html}, abstract = {This specification defines an XMPP protocol extension for initiating and managing peer-to-peer media sessions between two XMPP entities in a way that is interoperable with existing Internet standards. The protocol provides a pluggable model that enables the core session management semantics (compatible with SIP) to be used for a wide variety of application types (e.g., voice chat, video chat, file transfer) and with a wide variety of transport methods (e.g., TCP, UDP, ICE, application-specific transports).}, language = {en}, urldate = {2025-10-09}, author = {Ludwig, Scott and Beda, Joe and Saint-Andre, Peter and McQueen, Robert and Egan, Sean and Hildebrand, Joe}, month = sep, year = {2018}, note = {Publisher: XMPP Standards Foundation}, } @inproceedings{heitmann_SecurityAnalysisBigBlueButton_2024, address = {Cham}, title = {Security {Analysis} of {BigBlueButton} and {eduMEET}}, isbn = {978-3-031-54776-8}, doi = {10.1007/978-3-031-54776-8_8}, abstract = {Video conferencing systems have become an indispensable part of our world. Using video conferencing systems implies the expectation that online meetings run as smoothly as in-person meetings. Thus, online meetings need to be just as secure and private as in-person meetings, which are secured against disruptive factors and unauthorized persons by physical access control mechanisms.}, language = {en}, booktitle = {Applied {Cryptography} and {Network} {Security}}, publisher = {Springer Nature Switzerland}, author = {Heitmann, Nico and Siewert, Hendrik and Moog, Sven and Somorovsky, Juraj}, editor = {Pöpper, Christina and Batina, Lejla}, year = {2024}, pages = {190--216}, } @techreport{jaju_WebTransport_2025, title = {{WebTransport}}, url = {https://www.w3.org/TR/webtransport/}, urldate = {2025-10-02}, author = {Jaju, Nidhi and Vasiliev, Victor and Bruaroey, Jan-Ivar}, year = {2025}, } @techreport{nandakumar_MediaQUICTransport_2025, type = {Internet {Draft}}, title = {Media over {QUIC} {Transport}}, url = {https://datatracker.ietf.org/doc/draft-ietf-moq-transport-14}, abstract = {This document defines the core behavior for Media over QUIC Transport (MOQT), a media transport protocol designed to operate over QUIC and WebTransport, which have similar functionality. MOQT allows a producer of media to publish data and have it consumed via subscription by a multiplicity of endpoints. It supports intermediate content distribution networks and is designed for high scale and low latency distribution.}, number = {draft-ietf-moq-transport-14}, urldate = {2025-10-02}, institution = {Internet Engineering Task Force}, author = {Nandakumar, Suhas and Vasiliev, Victor and Swett, Ian and Frindell, Alan}, month = sep, year = {2025}, note = {Num Pages: 102}, } @misc{hancke_HowZoomWeb_2019, title = {How {Zoom}'s web client avoids using {WebRTC} ({DataChannel} {Update})}, url = {https://webrtchacks.com/zoom-avoids-using-webrtc/}, abstract = {A look into Zoom's web client architecture and how they avoid using WebRTC with WebSockets and WebAssembly}, language = {en-US}, urldate = {2024-08-29}, journal = {webrtcHacks}, author = {Hancke, Philipp}, month = sep, year = {2019}, } @article{baumer_TLSAttackerDynamicFramework_2024a, title = {{TLS}-{Attacker}: {A} {Dynamic} {Framework} for {Analyzing} {TLS} {Implementations}}, abstract = {TLS-Attacker is an open-source framework for analyzing Transport Layer Security (TLS) implementations. The framework allows users to specify custom protocol flows and provides modification hooks to manipulate message contents. Since its initial publication in 2016 by Juraj Somorovsky, TLS-Attacker has been used in numerous studies published at well-established conferences and helped to identify vulnerabilities in well-known open-source TLS libraries. To enable automated analyses, TLS-Attacker has grown into a suite of projects, each designed as a building block that can be applied to facilitate various analysis methodologies. The framework still undergoes continuous improvements with feature extensions, such as DTLS 1.3 or the addition of new dialects such as QUIC, to continue its effectiveness and relevancy as a security analysis framework.}, language = {en}, author = {Bäumer, Fabian and Brinkmann, Marcus and Erinola, Nurullah and Hebrok, Sven and Heitmann, Nico and Lange, Felix and Maehren, Marcel and Merget, Robert and Niere, NIklas and Radoy, Maximilian and Schmidt, Conrad and Schwenk, Jörg and Somorovsky, Juraj}, year = {2024}, } @inproceedings{baumer_TLSattackerDynamicFramework_2024, address = {Hawaii}, title = {{TLS}-{Attacker}: a dynamic framework for analyzing {TLS} implementations}, booktitle = {Proceedings of cybersecurity artifacts competition and impact award ({ACSAC} ’24)}, author = {Bäumer, Fabian and Brinkmann, Marcus and Erinola, Nurullah and Hebrok, Sven and Heitmann, Nico and Lange, Felix and Maehren, Marcel and Merget, Robert and Niere, Niklas and Radoy, Maximilian Manfred and Schmidt, Conrad and Schwenk, Jörg and Somorovsky, Juraj}, year = {2024}, keywords = {somorovskyvorarbeit}, } @inproceedings{hebrok_WeReallyNeed_2023, title = {We {Really} {Need} to {Talk} {About} {Session} {Tickets}: {A} {Large}-{Scale} {Analysis} of {Cryptographic} {Dangers} with {TLS} {Session} {Tickets}}, isbn = {978-1-939133-37-3}, shorttitle = {We {Really} {Need} to {Talk} {About} {Session} {Tickets}}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/hebrok}, language = {en}, booktitle = {32nd {USENIX} {Security} {Symposium} ({USENIX} {Security} 23)}, author = {Hebrok, Sven and Nachtigall, Simon and Maehren, Marcel and Erinola, Nurullah and Merget, Robert and Somorovsky, Juraj and Schwenk, Jörg}, year = {2023}, keywords = {somorovskyvorarbeit, tls}, pages = {4877--4894}, } @inproceedings{hebrok_STEKSharingNot_2025, title = {{STEK} {Sharing} is {Not} {Caring}: {Bypassing} {TLS} {Authentication} in {Web} {Servers} using {Session} {Tickets}}, isbn = {978-1-939133-52-6}, shorttitle = {{STEK} {Sharing} is {Not} {Caring}}, url = {https://www.usenix.org/conference/usenixsecurity25/presentation/hebrok}, language = {en}, urldate = {2025-09-04}, author = {Hebrok, Sven and Storm, Tim Leonhard and Cramer, Felix Matthias and Radoy, Maximilian and Somorovsky, Juraj}, year = {2025}, pages = {8017--8034}, } @inproceedings{radoy_SearchPartitioningOracle_2024, address = {Bydgoszcz, Poland}, title = {In {Search} of {Partitioning} {Oracle} {Attacks} {Against} {TLS} {Session} {Tickets}}, isbn = {978-3-031-70896-1}, doi = {10.1007/978-3-031-70896-1_16}, booktitle = {29th {European} {Symposium} on {Research} in {Computer} {Security}}, author = {Radoy, Maximilian and Hebrok, Sven and Somorovsky, Juraj}, year = {2024}, note = {To appear}, keywords = {AES-GCM, ChaCha20-Poly1305, Partitioning Oracle Attacks, Session Tickets, TLS}, } @inproceedings{maehren_TLSAnvilAdaptingCombinatorial_2022, address = {Boston, MA}, title = {{TLS}-{Anvil}: {Adapting} combinatorial testing for {TLS} libraries}, isbn = {978-1-939133-31-1}, url = {https://www.usenix.org/conference/usenixsecurity22/presentation/maehren}, booktitle = {31st {USENIX} security symposium ({USENIX} security 22)}, publisher = {USENIX Association}, author = {Maehren, Marcel and Nieting, Philipp and Hebrok, Sven and Merget, Robert and Somorovsky, Juraj and Schwenk, Jörg}, month = aug, year = {2022}, pages = {215--232}, } @article{niere_PosterCircumventingGFW_2023, title = {Poster: {Circumventing} the {GFW} with {TLS} {Record} {Fragmentation}}, url = {https://dl.acm.org/doi/10.1145/3576915.3624372}, doi = {10.1145/3576915.3624372}, abstract = {State actors around the world censor the HTTPS protocol to block access to certain websites. While many circumvention strategies utilize the TCP layer only little emphasis has been placed on the analysis of TLS-a complex protocol and integral building block of HTTPS. In contrast to the TCP layer, circumvention methods on the TLS layer do not require root privileges since TLS operates on the application layer. With this proposal, we want to motivate a deeper analysis of TLS in regard to censorship circumvention techniques. To prove the existence of such techniques, we present TLS record fragmentation as a novel circumvention technique and circumvent the Great Firewall of China (GFW) using this technique. We hope that our research fosters collaboration between censorship and TLS researchers.}, journal = {CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security}, author = {Niere, Niklas and Hebrok, Sven and Somorovsky, Juraj and Merget, Robert}, month = nov, year = {2023}, note = {ISBN: 9798400700507 Publisher: Association for Computing Machinery, Inc}, keywords = {Censorship, China, Fragmentation, GFW, TLS}, pages = {3528--3530}, } @misc{internetarchive_HTTPArchiveState_2025, title = {{HTTP} {Archive}: {State} of the {Web}}, shorttitle = {{HTTP} {Archive}}, url = {https://httparchive.org/reports/state-of-the-web}, abstract = {This report captures a long view of the web, including the adoption of techniques for efficient network utilization and usage of web standards like HTTPS.}, language = {en}, urldate = {2025-04-01}, author = {{Internet Archive}}, month = apr, year = {2025}, } @misc{marx_WhyHTTP3_2023a, title = {Why {HTTP}/3 is {Eating} the {World}}, url = {https://pulse.internetsociety.org/blog/why-http-3-is-eating-the-world}, abstract = {In this series, I’ll provide some context on what problems HTTP/3 solves, how it performs, why it’s seen such swift ado…}, language = {en}, urldate = {2025-04-01}, journal = {Internet Society Pulse}, author = {Marx, Robin}, month = jun, year = {2023}, } @inproceedings{zirngibl_FirstLookSVCB_2023, address = {Delft, Netherlands}, title = {A {First} {Look} at {SVCB} and {HTTPS} {DNS} {Resource} {Records} in the {Wild}}, copyright = {https://doi.org/10.15223/policy-029}, isbn = {979-8-3503-2720-5}, url = {https://ieeexplore.ieee.org/document/10190683/}, doi = {10.1109/EuroSPW59978.2023.00058}, abstract = {The Internet Engineering Task Force is standardizing new DNS resource records, namely SVCB and HTTPS. Both records inform clients about endpoint and service properties such as supported application layer protocols, IP address hints or Encrypted Client Hello (ECH) information. Therefore, they allow clients to reduce required DNS queries and potential retries during connection establishment and thus help to improve the quality of experience and privacy of the client. The latter is achieved by reducing visible metadata, which is further improved with encrypted DNS and ECH.}, language = {en}, urldate = {2024-06-13}, booktitle = {2023 {IEEE} {European} {Symposium} on {Security} and {Privacy} {Workshops} ({EuroS}\&{PW})}, publisher = {IEEE}, author = {Zirngibl, Johannes and Sattler, Patrick and Carle, Georg}, month = jul, year = {2023}, keywords = {Cloud computing, DNS, HTTPS, IP networks, Internet measurement, Metadata, Privacy, Protocols, SVCB, Servers, Standardization}, pages = {470--474}, } @inproceedings{zirngibl_It9000Analyzing_2021, address = {New York, NY, USA}, series = {{IMC} '21}, title = {It's over 9000: analyzing early {QUIC} deployments with the standardization on the horizon}, isbn = {978-1-4503-9129-0}, shorttitle = {It's over 9000}, url = {https://dl.acm.org/doi/10.1145/3487552.3487826}, doi = {10.1145/3487552.3487826}, abstract = {After nearly five years and 34 draft versions, standardization of the new connection oriented transport protocol QUIC was finalized in May 2021. Designed as a fundamental network protocol with increased complexity due to the combination of functionality from multiple network stack layers, it has the potential to drastically influence the Internet ecosystem. Nevertheless, even in its early stages, the protocol attracted a variety of parties including large providers. Our study shows, that more than 2.3 M IPv4 and 300k IPv6 addresses support QUIC hosting more than 30 M domains. Using our newly implemented stateful QUIC scanner (QScanner) we are able to successfully scan 26 M targets. We show that TLS as an integral part is similarly configured between QUIC and TLS over TCP stacks for the same target. In comparison, we identify 45 widely varying transport parameter configurations, e.g., with differences in the order of magnitudes for performance relevant parameters. Combining these configurations with HTTP Server header values and associated domains reveals two large edge deployments from Facebook and Google. Thus, while found QUIC deployments are located in 4667 autonomous systems, numerous of these are again operated by large providers. In our experience, IETF QUIC already sees an advanced deployment status mainly driven by large providers. We argue that the current deployment state and diversity of existing implementations and seen configurations solidifies the importance of QUIC as a future research topic. In this work, we provide and evaluate a versatile tool set, to identify QUIC capable hosts and their properties. Besides the stateful QScanner we present and analyze a newly implemented IPv4 and IPv6 ZMap module. We compare it to additional detection methods based on HTTP Alternative Service Header values from HTTP handshakes and DNS scans of the newly drafted HTTPS DNS resource record. While each method reveals unique deployments the latter would allow lightweight scans to detect QUIC capable targets but is drastically biased towards Cloudflare.}, urldate = {2024-05-08}, booktitle = {Proceedings of the 21st {ACM} {Internet} {Measurement} {Conference}}, publisher = {Association for Computing Machinery}, author = {Zirngibl, Johannes and Buschmann, Philippe and Sattler, Patrick and Jaeger, Benedikt and Aulbach, Juliane and Carle, Georg}, month = nov, year = {2021}, keywords = {IETF QUIC, TLS, internet measurement, server deployment}, pages = {261--275}, } @article{smith_QCSDQUICClientSide_, title = {{QCSD}: {A} {QUIC} {Client}-{Side} {Website}-{Fingerprinting} {Defence} {Framework}}, abstract = {Website fingerprinting attacks, which analyse the metadata of encrypted network communication to identify visited websites, have been shown to be effective on privacy-enhancing technologies including virtual private networks (VPNs) and encrypted proxies. Despite this, VPNs are still undefended against these attacks, leaving millions of users vulnerable. Proposed defences against website fingerprinting require cooperation between the client and a remote endpoint to reshape the network traffic, thereby hindering deployment. We observe that the rapid and wide-spread deployment of QUIC and HTTP/3 creates an exciting opportunity to build website-fingerprinting defences directly into client applications, such as browsers, without requiring any changes to web servers, VPNs, or the deployment of new network services. We therefore design and implement the QCSD framework, which leverages QUIC and HTTP/3 to emulate existing website-fingerprinting defences by bidirectionally adding cover traffic and reshaping connections solely from the client. As case studies, we emulate both the FRONT and Tamaraw defences solely from the client and collected several datasets of live-defended traffic on which we evaluated modern machine-learning based attacks. Our results demonstrate the promise of this approach in shaping connections towards client-orchestrated defences, thereby removing a primary barrier to the deployment of website-fingerprinting defences.}, language = {en}, author = {Smith, Jean-Pierre and Dolfi, Luca and Mittal, Prateek}, } @techreport{huitema_DNSDedicatedQUIC_2022, type = {Request for {Comments}}, title = {{DNS} over {Dedicated} {QUIC} {Connections}}, url = {https://datatracker.ietf.org/doc/rfc9250}, abstract = {This document describes the use of QUIC to provide transport confidentiality for DNS. The encryption provided by QUIC has similar properties to those provided by TLS, while QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides more efficient packet-loss recovery than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC 7858, and latency characteristics similar to classic DNS over UDP. This specification describes the use of DoQ as a general-purpose transport for DNS and includes the use of DoQ for stub to recursive, recursive to authoritative, and zone transfer scenarios.}, number = {RFC 9250}, urldate = {2024-10-31}, institution = {Internet Engineering Task Force}, author = {Huitema, Christian and Dickinson, Sara and Mankin, Allison}, month = may, year = {2022}, doi = {10.17487/RFC9250}, note = {Num Pages: 27}, } @inproceedings{reen_DPIFuzzDifferentialFuzzing_2020, address = {Austin USA}, title = {{DPIFuzz}: {A} {Differential} {Fuzzing} {Framework} to {Detect} {DPI} {Elusion} {Strategies} for {QUIC}}, isbn = {978-1-4503-8858-0}, shorttitle = {{DPIFuzz}}, url = {https://dl.acm.org/doi/10.1145/3427228.3427662}, doi = {10.1145/3427228.3427662}, abstract = {QUIC is an emerging transport protocol that has the potential to replace TCP in the near future. As such, QUIC will become an important target for Deep Packet Inspection (DPI). Reliable DPI is essential, e.g., for corporate environments, to monitor traffic entering and leaving their networks. However, elusion strategies threaten the validity of DPI systems, as they allow attackers to carefully design traffic to fool and thus evade on-path DPI systems. While such elusion strategies for TCP are well documented, it is unclear if attackers will be able to elude QUIC-based DPI systems. In this paper, we systematically explore elusion methodologies for QUIC. To this end, we present DPIFuzz: a differential fuzzing framework which can automatically detect strategies to elude stateful DPI systems for QUIC. We use DPIFuzz to generate and mutate QUIC streams in order to compare (and find differences in) the server-side interpretations of five popular open-source QUIC implementations. We show that DPIFuzz successfully reveals DPI elusion strategies, such as using packets with duplicate packet numbers or exploiting the diverging handling of overlapping stream offsets by QUIC implementations. DPIFuzz additionally finds four security-critical vulnerabilities in these QUIC implementations.}, language = {en}, urldate = {2024-06-03}, booktitle = {Annual {Computer} {Security} {Applications} {Conference}}, publisher = {ACM}, author = {Reen, Gaganjeet Singh and Rossow, Christian}, month = dec, year = {2020}, pages = {332--344}, } @inproceedings{nawrocki_QUICsandQuantifyingQUIC_2021, address = {Virtual Event}, title = {{QUICsand}: quantifying {QUIC} reconnaissance scans and {DoS} flooding events}, isbn = {978-1-4503-9129-0}, shorttitle = {{QUICsand}}, url = {https://dl.acm.org/doi/10.1145/3487552.3487840}, doi = {10.1145/3487552.3487840}, abstract = {In this paper, we present first measurements of Internet background radiation originating from the emerging transport protocol QUIC. Our analysis is based on the UCSD network telescope, correlated with active measurements. We find that research projects dominate the QUIC scanning ecosystem but also discover traffic from non-benign sources. We argue that although QUIC has been carefully designed to restrict reflective amplification attacks, the QUIC handshake is prone to resource exhaustion attacks, similar to TCP SYN floods. We confirm this conjecture by showing how this attack vector is already exploited in multi-vector attacks: On average, the Internet is exposed to four QUIC floods per hour and half of these attacks occur concurrently with other common attack types such as TCP/ICMP floods.}, language = {en}, urldate = {2024-06-03}, booktitle = {Proceedings of the 21st {ACM} {Internet} {Measurement} {Conference}}, publisher = {ACM}, author = {Nawrocki, Marcin and Hiesgen, Raphael and Schmidt, Thomas C. and Wählisch, Matthias}, month = nov, year = {2021}, pages = {283--291}, } @article{siby_EvaluatingPracticalQUIC_, title = {Evaluating practical {QUIC} website fingerprinting defenses for the masses}, abstract = {Website fingerprinting (WF) is a well-known threat to users’ web privacy. New Internet standards, such as QUIC, include padding to support defenses against WF. Previous work on QUIC WF only analyzes the effectiveness of defenses when users are behind a VPN. Yet, this is not how most users browse the Internet. In this paper, we provide a comprehensive evaluation of QUIC-padding-based defenses against WF when users directly browse the web, i.e., without VPNs, HTTPS proxies, or other tunneling protocols. We confirm previous claims that network-layer padding cannot provide effective protection against powerful adversaries capable of observing all traffic traces. We show that the claims hold even against adversaries with constraints on traffic visibility and processing power. We then show that the current approach to web development, in which the use of third-party resources is the norm, impedes the effective use of padding-based defenses as it requires first and third parties to coordinate in order to thwart traffic analysis. We show that even when coordination is possible, in most cases, protection comes at a high cost.}, language = {en}, journal = {Proceedings on Privacy Enhancing Technologies}, author = {Siby, Sandra and Barman, Ludovic and Wood, Christopher and Fayed, Marwan and Sullivan, Nick and Troncoso, Carmela}, } @techreport{schinazi_CompatibleVersionNegotiation_2023, type = {Request for {Comments}}, title = {Compatible {Version} {Negotiation} for {QUIC}}, url = {https://datatracker.ietf.org/doc/rfc9368}, abstract = {QUIC does not provide a complete version negotiation mechanism but instead only provides a way for the server to indicate that the version the client chose is unacceptable. This document describes a version negotiation mechanism that allows a client and server to select a mutually supported version. Optionally, if the client's chosen version and the negotiated version share a compatible first flight format, the negotiation can take place without incurring an extra round trip. This document updates RFC 8999.}, number = {RFC 9368}, urldate = {2024-06-13}, institution = {Internet Engineering Task Force}, author = {Schinazi, David and Rescorla, Eric}, month = may, year = {2023}, doi = {10.17487/RFC9368}, note = {Num Pages: 15}, } @inproceedings{teyssier_EmpiricalApproachEvaluate_2023, address = {Niagara Falls, ON, Canada}, title = {An {Empirical} {Approach} to {Evaluate} the {Resilience} of {QUIC} {Protocol} {Against} {Handshake} {Flood} {Attacks}}, copyright = {https://doi.org/10.15223/policy-029}, isbn = {978-3-903176-59-1}, url = {https://ieeexplore.ieee.org/document/10327907/}, doi = {10.23919/CNSM59352.2023.10327907}, abstract = {QUIC is a new transport protocol aiming to enhance web connection performance and security. It was gaining popularity quickly in recent years and has been adopted by a number of prominent tech companies, including Facebook, Amazon, and Google. However, the resilience of QUIC Protocol against various cyber attacks has not been fully tested yet. In this paper, we investigate the resilience of QUIC Protocol against handshake flood attacks. We conducted comprehensive experiments to evaluate the resource consumptions of both the attacker and the target during incomplete handshake attacks, including CPU, memory, and bandwidth. The DDoS amplification factor was measured and analyzed based on the results. We compared the results against TCP Syn Cookies under Syn flood attacks. We show that the QUIC Protocol design has a much larger DDoS amplification factor compared to the TCP Syn Cookies, which means QUIC is more vulnerable to handshake DDoS attacks. Also, the CPU resource of QUIC servers is most likely the bottleneck during the handshake flood attacks. To the best of our knowledge, this is the first study to thoroughly investigate resilience of QUIC to handshake DDoS attacks.}, language = {en}, urldate = {2024-06-11}, booktitle = {2023 19th {International} {Conference} on {Network} and {Service} {Management} ({CNSM})}, publisher = {IEEE}, author = {Teyssier, Benjamin and Joarder, Y A and Fung, Carol}, month = oct, year = {2023}, pages = {1--9}, } @inproceedings{jager_SecurityTLSQUIC_2015, address = {Denver Colorado USA}, title = {On the {Security} of {TLS} 1.3 and {QUIC} {Against} {Weaknesses} in {PKCS}\#1 v1.5 {Encryption}}, isbn = {978-1-4503-3832-5}, url = {https://dl.acm.org/doi/10.1145/2810103.2813657}, doi = {10.1145/2810103.2813657}, abstract = {Encrypted key transport with RSA-PKCS\#1 v1.5 is the most commonly deployed key exchange method in all current versions of the Transport Layer Security (TLS) protocol, including the most recent version 1.2. However, it has several well-known issues, most importantly that it does not provide forward secrecy, and that it is prone to side channel attacks that may enable an attacker to learn the session key used for a TLS session. A long history of attacks shows that RSA-PKCS\#1 v1.5 is extremely difficult to implement securely. The current draft of TLS version 1.3 dispenses with this encrypted key transport method. But is this sufficient to protect against weaknesses in RSA-PKCS\#1 v1.5? We describe attacks which transfer the potential weakness of prior TLS versions to two recently proposed protocols that do not even support PKCS\#1 v1.5 encryption, namely Google’s QUIC protocol and TLS 1.3. These attacks enable an attacker to impersonate a server by using a vulnerable TLS-RSA server implementation as a “signing oracle” to compute valid signatures for messages chosen by the attacker.}, language = {en}, urldate = {2024-06-03}, booktitle = {Proceedings of the 22nd {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {ACM}, author = {Jager, Tibor and Schwenk, Jörg and Somorovsky, Juraj}, month = oct, year = {2015}, pages = {1185--1196}, } @inproceedings{nawrocki_InterplayTLSCertificates_2022, address = {Roma Italy}, title = {On the interplay between {TLS} certificates and {QUIC} performance}, isbn = {978-1-4503-9508-3}, url = {https://dl.acm.org/doi/10.1145/3555050.3569123}, doi = {10.1145/3555050.3569123}, abstract = {In this paper, we revisit the performance of the QUIC connection setup and relate the design choices for fast and secure connections to common Web deployments. We analyze over 1M Web domains with 272k QUIC-enabled services and find two worrying results. First, current practices of creating, providing, and fetching Web certificates undermine reduced round trip times during the connection setup since sizes of 35\% of server certificates exceed the amplification limit. Second, non-standard server implementations lead to larger amplification factors than QUIC permits, which increase even further in IP spoofing scenarios. We present guidance for all involved stakeholders to improve the situation.}, language = {en}, urldate = {2024-06-05}, booktitle = {Proceedings of the 18th {International} {Conference} on emerging {Networking} {EXperiments} and {Technologies}}, publisher = {ACM}, author = {Nawrocki, Marcin and Tehrani, Pouyan Fotouhi and Hiesgen, Raphael and Mücke, Jonas and Schmidt, Thomas C. and Wählisch, Matthias}, month = nov, year = {2022}, pages = {204--213}, } @article{luo_BLEEMPacketSequence_, title = {{BLEEM}: {Packet} {Sequence} {Oriented} {Fuzzing} for {Protocol} {Implementations}}, abstract = {Protocol implementations are essential components in network infrastructures. Flaws hidden in the implementations can easily render devices vulnerable to adversaries. Therefore, guaranteeing their correctness is important. However, commonly used vulnerability detection techniques, such as fuzz testing, face increasing challenges in testing these implementations due to ineffective feedback mechanisms and insufficient protocol state-space exploration techniques. This paper presents BLEEM, a packet-sequence-oriented black-box fuzzer for vulnerability detection of protocol implementations. Instead of focusing on individual packet generation, BLEEM generates packets on a sequence level. It provides an effective feedback mechanism by analyzing the system output sequence noninvasively, supports guided fuzzing by resorting to state-space tracking that encompasses all parties timely, and utilizes interactive traffic information to generate protocol-logic-aware packet sequences. We evaluate BLEEM on 15 widely-used implementations of well-known protocols (e.g., TLS and QUIC). Results show that, compared to the state-of-the-art protocol fuzzers such as Peach, BLEEM achieves substantially higher branch coverage (up to 174.93\% improvement) within 24 hours. Furthermore, BLEEM exposed 15 security-critical vulnerabilities in prominent protocol implementations, with 10 CVEs assigned.}, language = {en}, author = {Luo, Zhengxiong and Yu, Junze and Zuo, Feilong and Liu, Jianzhong and Jiang, Yu and Chen, Ting and Roychoudhury, Abhik and Sun, Jiaguang}, } @incollection{günther_0RTTKeyExchange_2017, address = {Cham}, title = {0-{RTT} {Key} {Exchange} with {Full} {Forward} {Secrecy}}, volume = {10212}, isbn = {978-3-319-56616-0 978-3-319-56617-7}, url = {http://link.springer.com/10.1007/978-3-319-56617-7_18}, abstract = {Reducing latency overhead while maintaining critical security guarantees like forward secrecy has become a major design goal for key exchange (KE) protocols, both in academia and industry. Of particular interest in this regard are 0-RTT protocols, a class of KE protocols which allow a client to send cryptographically protected payload in zero round-trip time (0-RTT) along with the very first KE protocol message, thereby minimizing latency. Prominent examples are Google’s QUIC protocol and the upcoming TLS protocol version 1.3. Intrinsically, the main challenge in a 0-RTT key exchange is to achieve forward secrecy and security against replay attacks for the very first payload message sent in the protocol. According to cryptographic folklore, it is impossible to achieve forward secrecy for this message, because the session key used to protect it must depend on a non-ephemeral secret of the receiver. If this secret is later leaked to an attacker, it should intuitively be possible for the attacker to compute the session key by performing the same computations as the receiver in the actual session.}, language = {en}, urldate = {2024-06-07}, booktitle = {Advances in {Cryptology} – {EUROCRYPT} 2017}, publisher = {Springer International Publishing}, author = {Günther, Felix and Hale, Britta and Jager, Tibor and Lauer, Sebastian}, editor = {Coron, Jean-Sébastien and Nielsen, Jesper Buus}, year = {2017}, doi = {10.1007/978-3-319-56617-7_18}, note = {Series Title: Lecture Notes in Computer Science}, pages = {519--548}, } @inproceedings{joarder_SurveySecurityIssues_2022a, address = {Rio de Janeiro, Brazil}, title = {A {Survey} on the {Security} {Issues} of {QUIC}}, copyright = {https://doi.org/10.15223/policy-029}, isbn = {9798350397222}, url = {https://ieeexplore.ieee.org/document/9955622/}, doi = {10.1109/CSNet56116.2022.9955622}, abstract = {A newly established multiplexed network protocol – QUIC, which is based on User Datagram Protocol (UDP), has emerged in recent years and gained a large share of Internet traffic quickly. Initially proposed by Google, the goal of QUIC is to achieve a higher Internet communication performance and eventually replace the Transmission Control Protocol (TCP) + Transport Layer Security (TLS) + HTTP/2 architecture. In particular, the 3rd version of the Hypertext Transfer Protocol – HTTP/3.0 is built on top of QUIC. A good number of research papers have been published recently to evaluate the performance and security of the QUIC protocol. In this paper, we conduct a comprehensive survey on the QUIC security issues and analyze its future research directions regarding security prospective. We investigate several topics including the QUIC protocol structure, QUIC security model, security issues related to QUIC protocol, and future research directions on QUIC Security. To the best of our knowledge, it is the one of first surveys that focus on the security of the QUIC protocol.}, language = {en}, urldate = {2024-06-03}, booktitle = {2022 6th {Cyber} {Security} in {Networking} {Conference} ({CSNet})}, publisher = {IEEE}, author = {Joarder, Y A and Fung, Carol}, month = oct, year = {2022}, pages = {1--8}, } @inproceedings{lychev_HowSecureQuick_2015, address = {San Jose, CA}, title = {How {Secure} and {Quick} is {QUIC}? {Provable} {Security} and {Performance} {Analyses}}, isbn = {978-1-4673-6949-7}, shorttitle = {How {Secure} and {Quick} is {QUIC}?}, url = {https://ieeexplore.ieee.org/document/7163028/}, doi = {10.1109/SP.2015.21}, abstract = {QUIC is a secure transport protocol developed by Google and implemented in Chrome in 2013, currently representing one of the most promising solutions to decreasing latency while intending to provide security properties similar with TLS. In this work we shed some light on QUIC’s strengths and weaknesses in terms of its provable security and performance guarantees in the presence of attackers. We first introduce a security model for analyzing performancedriven protocols like QUIC and prove that QUIC satisfies our definition under reasonable assumptions on the protocol’s building blocks. However, we find that QUIC does not satisfy the traditional notion of forward secrecy that is provided by some modes of TLS, e.g., TLS-DHE. Our analyses also reveal that with simple bit-flipping and replay attacks on some public parameters exchanged during the handshake, an adversary could easily prevent QUIC from achieving minimal latency advantages either by having it fall back to TCP or by causing the client and server to have an inconsistent view of their handshake leading to a failure to complete the connection. We have implemented these attacks and demonstrated that they are practical. Our results suggest that QUIC’s security weaknesses are introduced by the very mechanisms used to reduce latency, which highlights the seemingly inherent trade off between minimizing latency and providing ‘good’ security guarantees.}, language = {en}, urldate = {2024-06-05}, booktitle = {2015 {IEEE} {Symposium} on {Security} and {Privacy}}, publisher = {IEEE}, author = {Lychev, Robert and Jero, Samuel and Boldyreva, Alexandra and Nita-Rotaru, Cristina}, month = may, year = {2015}, pages = {214--231}, } @inproceedings{teyssier_QUICShieldRapidDetection_2023, address = {NY, USA}, title = {{QUICShield}: {A} {Rapid} {Detection} {Mechanism} {Against} {QUIC}-{Flooding} {Attacks}}, copyright = {https://doi.org/10.15223/policy-029}, isbn = {9798350318807}, shorttitle = {{QUICShield}}, url = {https://ieeexplore.ieee.org/document/10474735/}, doi = {10.1109/VCC60689.2023.10474735}, abstract = {QUIC is a modern transport layer internet protocol designed to be more efficient and secure than TCP (Transmission control protocol). However, QUIC remains vulnerable to handshake flooding attacks due to its similar design to TCP in the handshaking process. This paper introduces an innovative defence mechanism, QUICShield, which enables rapid detection and protection from QUIC-flooding DDoS attacks across different IP spoofing scenarios. QUICShield is a Bloom filter-based technique that provides rapid change detection to distinguish between incomplete or invalid handshakes and legitimate connections while accounting for common handshake errors. It utilizes the probabilistic data structure of Bloom Filter to detect malicious traffic effectively and incorporates change detection techniques to adapt to evolving attack patterns. Also, it addresses the unique challenges of QUIC-Flooding attacks, which exploit the protocol’s stateless nature and the inclusion of cryptographic computations to overwhelm a target’s computational resources. Existing defence mechanisms against DDoS attacks primarily focus on TCP SYNFlooding. Although these approaches are effective in the TCP domain, they are inadequate in addressing the specific vulnerabilities related to the QUIC protocol. Our QUICShield technique fills this gap by offering a customized solution for QUIC-based systems. It neutralizes malicious traffic, maintains legitimate connections, and adapts to IP spoofing in the QUIC protocol networks. Furthermore, QUICShield defends against QUIC-Flooding DDoS attacks, with real attack emulation demonstrating improved detection of previously ineffective invalid packets, boosting network resilience against security threats.}, language = {en}, urldate = {2024-06-05}, booktitle = {2023 {IEEE} {Virtual} {Conference} on {Communications} ({VCC})}, publisher = {IEEE}, author = {Teyssier, Benjamin and Joarder, Y A and Fung, Carol}, month = nov, year = {2023}, pages = {43--48}, } @inproceedings{marx_QUICDebuggability_2018, address = {Heraklion Greece}, title = {Towards {QUIC} debuggability}, isbn = {978-1-4503-6082-1}, url = {https://dl.acm.org/doi/10.1145/3284850.3284851}, doi = {10.1145/3284850.3284851}, abstract = {QUIC has been called the mother of all web protocols, as it deeply integrates aspects of TCP (reliability, flow control, congestion control, loss recovery), TLS (handshake, encryption keys) and HTTP/2 (streams, prioritization) together into one cross-layer implementation over UDP. However, such ambition comes at the cost of high complexity, which in turn leads to misinterpretations, bugs and unwanted behaviour in implementations. This was also witnessed in the recently standardized HTTP/2 protocol. We posit that QUIC should thus take a proactive approach in ensuring its testability and debuggability. To that end, this work introduces the first version of a common logging format for QUIC endpoints, called qlog. This format allows the capture of internal QUIC state that is not visible on the network. It is easily deployable and empowers the creation of reusable (visual) tools to aid in interpreting QUIC’s behaviour. We implement and evaluate three such tools (a timeline, sequence diagram and congestion/flow control graph) in the proposed QUICvis toolset and show their usefulness in comparing behaviours across three competing QUIC implementations, as well as in performing root cause analysis on bugs and issues. We hope this work will foster the discussion on QUIC debuggability and that it will raise community awareness.}, language = {en}, urldate = {2024-06-05}, booktitle = {Proceedings of the {Workshop} on the {Evolution}, {Performance}, and {Interoperability} of {QUIC}}, publisher = {ACM}, author = {Marx, Robin and Lamotte, Wim and Reynders, Jonas and Pittevils, Kevin and Quax, Peter}, month = dec, year = {2018}, pages = {1--7}, } @inproceedings{tatschner_QuicSecurityOverview_2023, address = {Benevento Italy}, title = {A {Quic}(k) {Security} {Overview}: {A} {Literature} {Research} on {Implemented} {Security} {Recommendations}}, isbn = {9798400707728}, shorttitle = {A {Quic}(k) {Security} {Overview}}, url = {https://dl.acm.org/doi/10.1145/3600160.3605164}, doi = {10.1145/3600160.3605164}, abstract = {Built on top of UDP, the relatively new QUIC protocol serves as the baseline for modern web protocol stacks. Equipped with a rich feature set, the protocol is defined by a 151 pages strong IETF standard complemented by several additional documents. Enabling fast updates and feature iteration, most QUIC implementations are implemented as user space libraries leading to a large and fragmented ecosystem. This work addresses the research question, “if a complex standard with a large number of different implementations leads to an insecure ecosystem?”. The relevant RFC documents were studied and “Security Consideration” items describing conceptional problems were extracted. During the research, 13 popular production ready QUIC implementations were compared by evaluating 10 security considerations from RFC9000. While related studies mostly focused on the functional part of QUIC, this study confirms that available QUIC implementations are not yet mature enough from a security point of view.}, language = {en}, urldate = {2024-06-05}, booktitle = {Proceedings of the 18th {International} {Conference} on {Availability}, {Reliability} and {Security}}, publisher = {ACM}, author = {Tatschner, Stefan and Peters, Sebastian N. and Emeis, David and Morris, John and Newe, Thomas}, month = aug, year = {2023}, pages = {1--8}, } @inproceedings{gbur_QUICforgeClientsideRequest_2023, address = {San Diego, CA, USA}, title = {{QUICforge}: {Client}-side {Request} {Forgery} in {QUIC}}, isbn = {978-1-891562-83-9}, shorttitle = {{QUICforge}}, url = {https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_s72_paper.pdf}, doi = {10.14722/ndss.2023.23072}, abstract = {The QUIC protocol is gaining more and more traction through its recent standardization and the rising interest by various big tech companies, developing new implementations. QUIC promises to make security and privacy a first-class citizen; yet, challenging these claims is of utmost importance. To this end, this paper provides an initial analysis of client-side request forgery attacks that directly emerge from the QUIC protocol design and not from common vulnerabilities. In particular, we investigate three request forgery attack modalities with respect to their capabilities to be used for protocol impersonation and traffic amplification. We analyze the controllable attack space of the respective protocol messages and demonstrate that one of the attack modalities can indeed be utilized to impersonate other UDP-based protocols, e.g., DNS requests. Furthermore, we identify traffic amplification vectors. Although the QUIC protocol specification states anti-amplification limits, our evaluation of 13 QUIC server implementations shows that in some cases these mitigations are missing or insufficiently implemented. Lastly, we propose mitigation approaches for protocol impersonation and discuss ambiguities in the specification.}, language = {en}, urldate = {2024-06-05}, booktitle = {Proceedings 2023 {Network} and {Distributed} {System} {Security} {Symposium}}, publisher = {Internet Society}, author = {Gbur, Yuri and Tschorsch, Florian}, year = {2023}, } @inproceedings{piraux_ObservingEvolutionQUIC_2018, address = {Heraklion Greece}, title = {Observing the {Evolution} of {QUIC} {Implementations}}, isbn = {978-1-4503-6082-1}, url = {https://dl.acm.org/doi/10.1145/3284850.3284852}, doi = {10.1145/3284850.3284852}, abstract = {The QUIC protocol combines features that were initially found inside the TCP, TLS and HTTP/2 protocols. The IETF is currently finalising a complete specification of this protocol. More than a dozen of independent implementations have been developed in parallel with these standardisation activities.}, language = {en}, urldate = {2024-06-03}, booktitle = {Proceedings of the {Workshop} on the {Evolution}, {Performance}, and {Interoperability} of {QUIC}}, publisher = {ACM}, author = {Piraux, Maxime and De Coninck, Quentin and Bonaventure, Olivier}, month = dec, year = {2018}, pages = {8--14}, } @inproceedings{zirngibl_QUICHunterFinding_2024, address = {Berlin, Heidelberg}, title = {{QUIC} {Hunter}: {Finding} {QUIC} {Deployments} and {Identifying} {Server} {Libraries} {Across} the {Internet}}, isbn = {978-3-031-56251-8}, shorttitle = {{QUIC} {Hunter}}, url = {https://doi.org/10.1007/978-3-031-56252-5_13}, doi = {10.1007/978-3-031-56252-5_13}, abstract = {The diversity of QUIC implementations poses challenges for Internet measurements and the analysis of the QUIC ecosystem. While all implementations follow the same specification and there is general interoperability, differences in performance, functionality, but also security (e.g., due to bugs) can be expected. Therefore, knowledge about the implementation of an endpoint on the Internet can help researchers, operators, and users to better analyze connections, performance, and security. In this work, we improved the detection rate of QUIC scans to find more deployments and provide an approach to effectively identify QUIC server libraries based on CONNECTION\_CLOSE frames and transport parameter orders. We performed Internet-wide scans and identified at least one deployment for 18 QUIC libraries. In total, we can identify the libraries with 8.0 M IPv4 and 2.5 M IPv6 addresses. We provide a comprehensive view of the landscape of competing QUIC libraries.}, urldate = {2024-06-03}, booktitle = {Passive and {Active} {Measurement}: 25th {International} {Conference}, {PAM} 2024, {Virtual} {Event}, {March} 11–13, 2024, {Proceedings}, {Part} {II}}, publisher = {Springer-Verlag}, author = {Zirngibl, Johannes and Gebauer, Florian and Sattler, Patrick and Sosnowski, Markus and Carle, Georg}, year = {2024}, pages = {273--290}, } @inproceedings{mcmillan_FormalSpecificationTesting_2019, address = {Beijing China}, title = {Formal specification and testing of {QUIC}}, isbn = {978-1-4503-5956-6}, url = {https://dl.acm.org/doi/10.1145/3341302.3342087}, doi = {10.1145/3341302.3342087}, abstract = {QUIC is a new Internet secure transport protocol currently in the process of IETF standardization. It is intended as a replacement for the TLS/TCP stack and will be the basis of HTTP/3, the next official version of the hypertext transfer protocol. As a result, it is likely, in the near future, to carry a substantial fraction of traffic on the Internet. We describe our experience applying a methodology of compositional specification-based testing to QUIC. We develop a formal specification of the wire protocol, and use this specification to generate automated randomized testers for implementations of QUIC. The testers effectively take one role of the QUIC protocol, interacting with the other role to generate full protocol executions, and verifying that the implementations conform to the formal specification. This form of testing generates significantly more diverse stimuli and stronger correctness criteria than interoperability testing, the primary method used to date to validate QUIC and its implementations. As a result, numerous implementation errors have been found. These include some vulnerabilities at the protocol and implementation levels, such as an off-path denial of service scenario and an information leak similar to the “heartbleed” vulnerability in OpenSSL.}, language = {en}, urldate = {2024-06-03}, booktitle = {Proceedings of the {ACM} {Special} {Interest} {Group} on {Data} {Communication}}, publisher = {ACM}, author = {McMillan, Kenneth L. and Zuck, Lenore D.}, month = aug, year = {2019}, pages = {227--240}, } @incollection{gagliardi_AnalysisQUICSession_2020, address = {Cham}, title = {Analysis of {QUIC} {Session} {Establishment} and {Its} {Implementations}}, volume = {12024}, isbn = {978-3-030-41701-7 978-3-030-41702-4}, url = {https://link.springer.com/10.1007/978-3-030-41702-4_11}, abstract = {In the recent years, the major web companies have been working to improve the user experience and to secure the communications between their users and the services they provide. QUIC is such an initiative, and it is currently being designed by the IETF. In a nutshell, QUIC originally intended to merge features from TCP/SCTP, TLS 1.3 and HTTP/2 into one big protocol. The current specification proposes a more modular definition, where each feature (transport, cryptography, application, packet reemission) are defined in separate internet drafts.}, language = {en}, urldate = {2024-06-03}, booktitle = {Information {Security} {Theory} and {Practice}}, publisher = {Springer International Publishing}, author = {Gagliardi, Eva and Levillain, Olivier}, editor = {Laurent, Maryline and Giannetsos, Thanassis}, year = {2020}, doi = {10.1007/978-3-030-41702-4_11}, note = {Series Title: Lecture Notes in Computer Science}, pages = {169--184}, } @article{chatzoglou_RevisitingQUICAttacks_2023, title = {Revisiting {QUIC} attacks: a comprehensive review on {QUIC} security and a hands-on study}, volume = {22}, issn = {1615-5262, 1615-5270}, shorttitle = {Revisiting {QUIC} attacks}, url = {https://link.springer.com/10.1007/s10207-022-00630-6}, doi = {10.1007/s10207-022-00630-6}, abstract = {Built on top of UDP, the recently standardized QUIC protocol primarily aims to gradually replace the TCP plus TLS plus HTTP/2 model. For instance, HTTP/3 is designed to exploit QUIC’s features, including reduced connection establishment time, multiplexing without head of line blocking, always-encrypted end-to-end security, and others. This work serves two key objectives. Initially, it offers the first to our knowledge full-fledged review on QUIC security as seen through the lens of the relevant literature so far. Second and more importantly, through extensive fuzz testing, we conduct a hands-on security evaluation against the six most popular QUIC-enabled production-grade servers. This assessment identified several effective and practical zero-day vulnerabilities, which, if exploited, can quickly overwhelm the server resources. This finding is a clear indication that the fragmented production-level implementations of this contemporary protocol are not yet mature enough. Overall, the work at hand provides the first wholemeal appraisal of QUIC security from both a literature review and empirical standpoint, and it is therefore foreseen to serve as a reference for future research in this timely area.}, language = {en}, number = {2}, urldate = {2024-06-03}, journal = {International Journal of Information Security}, author = {Chatzoglou, Efstratios and Kouliaridis, Vasileios and Karopoulos, Georgios and Kambourakis, Georgios}, month = apr, year = {2023}, pages = {347--365}, } @misc{ang_AutomatedBlackboxNoncompliance_2025, title = {An {Automated} {Blackbox} {Noncompliance} {Checker} for {QUIC} {Server} {Implementations}}, url = {http://arxiv.org/abs/2505.12690}, doi = {10.48550/arXiv.2505.12690}, abstract = {We develop QUICtester, an automated approach for uncovering non-compliant behaviors in the ratified QUIC protocol implementations (RFC 9000/9001). QUICtester leverages active automata learning to abstract the behavior of a QUIC implementation into a finite state machine (FSM) representation. Unlike prior noncompliance checking methods, to help uncover state dependencies on event timing, QUICtester introduces the idea of state learning with event timing variations, adopting both valid and invalid input configurations, and combinations of security and transport layer parameters during learning. We use pairwise differential analysis of learned behaviour models of tested QUIC implementations to identify non-compliance instances as behaviour deviations in a property-agnostic way. This exploits the existence of the many different QUIC implementations, removing the need for validated, formal models. The diverse implementations act as cross-checking test oracles to discover non-compliance. We used QUICtester to analyze 186 learned models from 19 QUIC implementations under the five security settings and discovered 55 implementation errors. Significantly, the tool uncovered a QUIC specification ambiguity resulting in an easily exploitable DoS vulnerability, led to 5 CVE assignments from developers, and two bug bounties thus far.}, language = {en}, urldate = {2025-06-24}, publisher = {arXiv}, author = {Ang, Kian Kai and Farrelly, Guy and Pope, Cheryl and Ranasinghe, Damith C.}, month = may, year = {2025}, note = {arXiv:2505.12690 [cs]}, keywords = {Computer Science - Cryptography and Security, Computer Science - Networking and Internet Architecture, Computer Science - Software Engineering}, } @article{_MenloReportEthical_, title = {The {Menlo} {Report}: {Ethical} {Principles} {Guiding} {Information} and {Communication} {Technology} {Research}}, url = {https://www.dhs.gov/sites/default/files/publications/CSD-MenloPrinciplesCORE-20120803_1.pdf}, language = {en}, month = aug, year = {2012}, } @article{silva_NotEveryDigital_2025, title = {Not every digital model is a digital twin: an epidemic of misconception}, volume = {47}, issn = {1806-3691}, shorttitle = {Not every digital model is a digital twin}, url = {https://doi.org/10.1007/s40430-025-05923-0}, doi = {10.1007/s40430-025-05923-0}, abstract = {The growing popularity of emerging technologies—particularly in equipment monitoring and diagnostic applications—has led to the increasing use of appealing and modern-sounding terms such as virtual sensing, artificial intelligence, and, more recently, digital twins. However, this letter aims to raise awareness of the widespread misconceptions surrounding the concept of digital twins, which both specialists and non-specialists often misapply. The key question is: Are all methods labeled by their authors as "digital twins" truly digital twins? This letter presents a brief overview of the terminology and definitions involved to clarify and promote the correct use of the term digital twin—reserving it only for cases where there is a true virtual counterpart that maintains real-time, bidirectional communication with its physical system.}, language = {en}, number = {11}, urldate = {2025-11-10}, journal = {Journal of the Brazilian Society of Mechanical Sciences and Engineering}, author = {Silva, Samuel da}, month = sep, year = {2025}, keywords = {Digital model, Digital shadow, Digital twins, Monitoring \& Control}, pages = {594}, } @misc{airehenbuwa_AdvancingSecurityDigital_2025, title = {Advancing {Security} with {Digital} {Twins}: {A} {Comprehensive} {Survey}}, shorttitle = {Advancing {Security} with {Digital} {Twins}}, url = {https://arxiv.org/abs/2505.17310v1}, abstract = {The proliferation of electronic devices has greatly transformed every aspect of human life, such as communication, healthcare, transportation, and energy. Unfortunately, the global electronics supply chain is vulnerable to various attacks, including piracy of intellectual properties, tampering, counterfeiting, information leakage, side-channel, and fault injection attacks, due to the complex nature of electronic products and vulnerabilities present in them. Although numerous solutions have been proposed to address these threats, significant gaps remain, particularly in providing scalable and comprehensive protection against emerging attacks. Digital twin, a dynamic virtual replica of a physical system, has emerged as a promising solution to address these issues by providing backward traceability, end-to-end visibility, and continuous verification of component integrity and behavior. In this paper, we present a comprehensive survey of the application of digital twins based on their functional role and application domains. We comprehensively present recent digital twin-based security implementations, including their role in cyber-physical systems, Internet of Things, and cryptographic systems, detection of counterfeit electronics, intrusion detection, fault injection, and side-channel leakage. To the best of our knowledge, it is the first study to consolidate these security use cases into a unified reference. The paper also explores the integration of large language models with digital twins for enhanced security and discusses current challenges, solutions, and future research directions.}, language = {en}, urldate = {2025-06-12}, author = {Airehenbuwa, Blessing and Hasan, Touseef and Sarkar, Souvika and Guin, Ujjwal}, month = may, year = {2025}, doi = {https://doi.org/10.48550/arXiv.2505.17310}, } @article{empl_DigitalTwinsSecurity_2025, title = {Digital {Twins} in {Security} {Operations}: {State} of the {Art} and {Future} {Perspectives}}, issn = {0360-0300}, shorttitle = {Digital {Twins} in {Security} {Operations}}, url = {https://dl.acm.org/doi/10.1145/3746279}, doi = {10.1145/3746279}, abstract = {In an era of rapid technological advancements, digital twins are gaining attention in industry and research. These virtual representations of real-world entities, enabled by the Internet of Things (IoT), offer advanced simulation and analysis capabilities. Their application spans various sectors, from smart manufacturing to healthcare, highlighting their versatility. However, the rise of digital technologies has also escalated cybersecurity concerns. Historical cyberattacks underscore the urgency for enhanced security operations. In this context, digital twins represent a novel approach to cybersecurity. Industry and academic research are increasingly exploring their potential to protect their assets. Despite growing interest and applications, more comprehensive research synthesis needs to be done, particularly in security operations based on digital twins. Our paper aims to fill this gap through a structured literature review aggregating knowledge from 201 publications. We focus on defining the digital twin in cybersecurity, exploring its applications, and outlining implementations and challenges. To maintain transparency, our data is documented and is publicly available. This survey serves as a crucial guide for academic and industry stakeholders, fostering digital twins in security operations.}, urldate = {2025-07-07}, journal = {ACM Comput. Surv.}, author = {Empl, Philip and Koch, David and Dietz, Marietheres and Pernul, Günther}, month = jul, year = {2025}, note = {Just Accepted}, } @article{ren_MultimodalDigitalTwins_2026, title = {Multi-modal digital twins for industrial anomaly detection: {Framework}, method, and application}, volume = {97}, issn = {0736-5845}, shorttitle = {Multi-modal digital twins for industrial anomaly detection}, url = {https://www.sciencedirect.com/science/article/pii/S073658452500122X}, doi = {10.1016/j.rcim.2025.103068}, abstract = {Anomaly detection plays a key role in maintaining the reliable and stable operation of industrial systems, especially in high-reliability fields. Conventional single-modal data cannot provide comprehensive information about the detected object, resulting in false or missed detection. To address the challenges of complex anomaly patterns and heterogeneous data in industrial scenarios, we propose MMDT-IAD, a multi-modal digital twin (DT)-based anomaly detection framework that integrates edge–cloud collaboration. By lever- aging physical, geometric, visual, and semantic modalities, MMDT-IAD constructs a comprehensive virtual representation of monitored objects and enables real-time, scalable detection across distributed industrial environments. Next, to enable efficient fusion of heterogeneous DT modalities, we propose a One-Primary- Three-Auxiliary (1P3A) cross-modal decision fusion strategy. Finally, we apply the MMDT-IAD frame-work to the anomaly detection of aviation electrical connector pins, and present a detailed application process. The experimental results prove the effectiveness of the MMDT-IAD framework in detecting abnormal pins. Moreover, we discuss the generality of MMDT-IAD framework considering several common industrial anomalies. These results highlight the potential of MMDT-IAD framework and 1P3A method to significantly improve anomaly detection in other complex industrial scenarios.}, urldate = {2025-06-26}, journal = {Robotics and Computer-Integrated Manufacturing}, author = {Ren, Cheng and Li, Ming and Chen, Cailian and Guan, Xinping and Huang, George Q.}, month = feb, year = {2026}, keywords = {Aviation manufacturing, Digital twin, Industrial anomaly detection, Multi-modal}, pages = {103068}, } @article{lattanzi_DigitalTwinSmart_2021, title = {Digital twin for smart manufacturing: a review of concepts towards a practical industrial implementation}, volume = {34}, issn = {0951-192X}, shorttitle = {Digital twin for smart manufacturing}, url = {https://doi.org/10.1080/0951192X.2021.1911003}, doi = {10.1080/0951192X.2021.1911003}, abstract = {Latest trends and developments in digital technologies have enabled a new manufacturing model. Digital systems can monitor, optimize and control processes by creating a virtual copy of the physical world and making decentralized decisions. This paradigm relies on the development of a digital counterpart, the Digital Twin, for each production resource taking part to the whole manufacturing process. Although real applications of Digital Twin may differ in technical and operational details, in the past years, a huge effort has been done in order to identify and define focal functionalities and properties, as well as main challenges for the practical implementation within real factories. This paper is intended to review and analyse principles, ideas and technological solutions of the Digital Twin vision for production processes focusing on the practical industrial implementation. The purpose of this document is therefore to summarize the current state-of-art on Digital Twin concepts, and to draw their up-to-date state for application and deployment in real industrial processes. Finally, future directions for further research are discussed.}, number = {6}, urldate = {2025-06-25}, journal = {International Journal of Computer Integrated Manufacturing}, author = {Lattanzi, Luca and , Roberto, Raffaeli and , Margherita, Peruzzini and and Pellicciari, Marcello}, month = jun, year = {2021}, note = {Publisher: Taylor \& Francis \_eprint: https://doi.org/10.1080/0951192X.2021.1911003}, keywords = {Digital twin, digital twin industrial architecture, industrial implementation, industry 4.0, smart manufacturing}, pages = {567--597}, } @article{corradini_DesignTestingDigital_2022, title = {Design and testing of a digital twin for monitoring and quality assessment of material extrusion process}, volume = {51}, issn = {2214-8604}, url = {https://www.sciencedirect.com/science/article/pii/S2214860422000392}, doi = {10.1016/j.addma.2022.102633}, abstract = {In this paper are illustrated conception, realization and validation of an original solution for the digital twin of a material extrusion 3D printer, the most popular additive manufacturing machine. The system is composed by three main modules: a core containing the simulation engine, a data interface managing incoming data and a graphical interface enabling user remote control. It receives as input the process data collected by several sensors and the same part program (G-Code file) used by the real machine; thus, the system provides various real time functions for process monitoring, condition monitoring and geometrical accuracy control. Alongside detecting load on critical components and checking wear and tear, it can also systematically sort data collected or calculated during operation to help in optimizing printing parameters. Through interaction with the print host software, the twin is able to intervene directly in the current process to pause printing in case of anomalies and to assist users along a recovery procedure. An index of quality of the printed piece is obtained by comparing the CAD model of the printed part and a 3D model of the deposited material powered by the data coming from the machine. The system has been tested on a custom-made Cartesian printer: a number of prints were made with different speeds and accelerations to assess the impact of these settings on the average quality, and a more in-depth study was carried out on the digital models of the prints to investigate the origin of the defects detected. The programs and devices used do not rely on commercial solutions, so that the system is easily replicable.}, urldate = {2025-06-25}, journal = {Additive Manufacturing}, author = {Corradini, Fabio and Silvestri, Marco}, month = mar, year = {2022}, keywords = {Condition monitoring, Digital twin, Material extrusion, Process monitoring, Quality assessment}, pages = {102633}, } @inproceedings{tripathy_DigitalTwinbasedCondition_2024, address = {New York, NY, USA}, series = {{eSAAM} '24}, title = {Digital {Twin}-based {Condition} {Monitoring} with {Distributed} {Data} {Mapping} of {OPC} {UA} and {ISO} 10303 {STEP} {Standard}}, isbn = {979-8-4007-0984-5}, url = {https://dl.acm.org/doi/10.1145/3685651.3685653}, doi = {10.1145/3685651.3685653}, abstract = {A digital twin (DT), the digital counterpart of a physical entity, process, or system, is a pivotal innovation driving the manufacturing industry’s digital transformation. DT plays a significant role in product lifecycle management (PLM) and product condition monitoring. However, the diversity of systems and processes involved poses challenges in DT and data management within PLM, particularly regarding efficiency, standardized data mapping, and latency. The paper presents a solution architecture to address these challenges and contribute towards an efficient and cost-effective product lifecycle management system. The architecture focuses on DT’s data management and communication aspects, utilizing the edge-based, decentralized Eclipse Arrowhead Framework and EDMtruePLM (Enterprise Data Management True Product Lifecycle Management) for standardized data management and condition monitoring of products. Integrating the ISO 10303 STEP standard for data modeling and the Open Platform Communications Unified Architecture (OPC UA) standard for communication is emphasized, improving the contextual significance of the data and the system’s interoperability. A use case implementation is presented, where a fischertechnik assembly line is monitored, capturing sensor data through the PLC’s OPC UA server. The sensor data is then aligned with the STEP standard and stored in the EDMTruePLM database for monitoring.}, urldate = {2025-06-25}, booktitle = {Proceedings of the 4th {Eclipse} {Security}, {AI}, {Architecture} and {Modelling} {Conference} on {Data} {Space}}, publisher = {Association for Computing Machinery}, author = {Tripathy, Aparajita and Chevuri, Rishyank and Tran, Tuan and Acharya, Sarthak and Deventer, Jan van and Paniagua, Cristina and Delsing, Jerker}, month = oct, year = {2024}, pages = {57--65}, } @article{erceylan_LeveragingDigitalTwins_2025, title = {Leveraging digital twins for advanced threat modeling in cyber-physical systems cybersecurity}, volume = {24}, issn = {1615-5270}, url = {https://doi.org/10.1007/s10207-025-01043-x}, doi = {10.1007/s10207-025-01043-x}, abstract = {Threat modeling is a critical proactive security technique for identifying threats and determining mitigations. However, traditional approaches often fall short for Industrial Control Systems (ICS), which automate operations in domains like manufacturing and energy and are a subset of Cyber-Physical Systems (CPS). CPS integrates computation, networking, and physical processes, with ICS requiring specialized cybersecurity approaches due to its operational and safety-critical nature. This study explores the use of digital twin technology as a promising cybersecurity tool for ICS, enabling testing and analysis without disrupting operations. By examining the capabilities of digital twins in analysis, simulation, and replication, the research evaluates their potential to enhance threat modeling across the CPS life-cycle. Insights from the European Cyber Security Organisation (ECSO) Technical Paper on Cybersecurity Scenarios and Digital Twins guide the exploration of their role in threat modeling. The study addresses four research questions: 1. What purposes do digital twins serve in cybersecurity? 2. What benefits do digital twins offer in cybersecurity? 3. How can digital twin technology be leveraged for threat modeling? 4. What advantages can the use of digital twins bring to threat modeling? Our findings reveal that digital twins enhance ICS threat modeling by enabling continuous, dynamic, and autonomous assessment, offering valuable insights for advancing cybersecurity strategies in ICS, CPS, and related domains.}, language = {en}, number = {3}, urldate = {2025-06-24}, journal = {International Journal of Information Security}, author = {Erceylan, Gizem and Akbarzadeh, Aida and Gkioulos, Vasileios}, month = jun, year = {2025}, keywords = {Cloud Computing, Cyber physical systems, Cyber-Physical Systems, Cyberpsychology, Cybersecurity, Data and Information Security, Digital twin, Industrial control systems, Internet of Things, Security Science and Technology, Threat modeling}, pages = {151}, } @article{jeremiah_ComprehensiveSurveyDigital_2024, title = {A comprehensive survey of digital twins: {Applications}, technologies and security challenges}, volume = {151}, issn = {1383-7621}, shorttitle = {A comprehensive survey of digital twins}, url = {https://www.sciencedirect.com/science/article/pii/S1383762124000572}, doi = {10.1016/j.sysarc.2024.103120}, abstract = {Alongside advancements in Artificial Intelligence (AI), significant progress has been made in big data processing, edge/cloud computing, and ubiquitous computing in the past two decades. These advancements catalyzed the development and adoption of Digital Twins (DT) across various domains, serving as virtual replicas of Physical Objects (POs). DTs provide advanced visualization and simulation capabilities, enabling effective estimation, optimization, and forecasting of PO's behaviors. However, the widespread adoption of DTs has introduced various security threats, vulnerabilities, and attacks. Despite ongoing research in DT applications and security, there is a lack of systematic review of the DT security literature across domains and architectural layers. This study fills this gap by systematically reviewing DT research, focusing on three interrelated aspects: DT applications, architectural layers, and security. We explore DT's architectural layers, functional requirements, application, and creation software to identify potential threats, attacks, and vulnerabilities specific to DT layers and application domains. We then systematize our findings under a unified security framework and pinpoint countermeasures against identified security challenges. Furthermore, our study explores DT's role in mitigating existing cyber threats, and we conclude our work by identifying open challenges and potential research directions.}, urldate = {2025-06-12}, journal = {Journal of Systems Architecture}, author = {Jeremiah, Sekione Reward and El Azzaoui, Abir and Xiong, Neal N. and Park, Jong Hyuk}, month = jun, year = {2024}, keywords = {DT enabling technologies, Digital twin, Digital twin modeling, Digital twin network, Digital twin security, Virtual twin}, pages = {103120}, } @article{mun_ComprehensiveSurveyDigital_2025, title = {A {Comprehensive} {Survey} on {Digital} {Twin}: {Focusing} on {Security} {Threats} and {Requirements}}, volume = {13}, issn = {2169-3536}, shorttitle = {A {Comprehensive} {Survey} on {Digital} {Twin}}, url = {https://ieeexplore.ieee.org/document/10974949}, doi = {10.1109/ACCESS.2025.3563621}, abstract = {Digital Twin (DT) aims to seamlessly replicate physical objects or processes in virtual environments, garnering attention for supporting diverse intelligent management services such as monitoring, analysis, and control. Integration with technologies like artificial intelligence (AI), big data, edge computing, and the Internet of Things (IoT) has propelled the development of DTs. However, the DT may not only introduce new potential security flaws but also inherit existing vulnerabilities from the technologies they incorporate and interact with due to their integration with diverse technologies. Despite its growing impact, research addressing the security concerns of DTs remains insufficient and still in its early stages. In this article, we provide a comprehensive and in-depth review of the current state of DTs, focusing on their security aspects. We first depict an overview of DTs, including the definition of the DT and various DT applications, and then present the architecture for DTs. Subsequently, we conduct a detailed examination of security attacks and threats across the functional layers of the DT architecture. In contrast to the previous surveys on DTs, we derive security properties and security functional requirements (SFRs) based on the Common Criteria (CC) standard for mitigating these attacks and threats. We also introduce technologies that enable the achievement of SFRs with a future research perspective. By addressing these critical security aspects, our article enhances the security and trustworthiness of DTs, contributing to their safe and reliable deployment in various domains.}, urldate = {2025-06-12}, journal = {IEEE Access}, author = {Mun, Hyeran and Han, Kyusuk and Damiani, Ernesto and Yeun, Hyun Ku and Kim, Tae-Yeon and Martino, Luigi and Yeun, Chan Yeob}, year = {2025}, keywords = {Aerospace electronics, Artificial intelligence, Digital twin (DT), Digital twins, Focusing, Internet of Things, Reviews, Security, Standards, Surveys, Transportation, common criteria (CC), cyber twin (CT), cybersecurity, privacy, security requirements, security threats}, pages = {73362--73390}, } @article{xu_DigitalTwinsDefect_2025, title = {Digital {Twins} for {Defect} {Detection} in {FDM} {3D} {Printing} {Process}}, volume = {13}, copyright = {http://creativecommons.org/licenses/by/3.0/}, issn = {2075-1702}, url = {https://www.mdpi.com/2075-1702/13/6/448}, doi = {10.3390/machines13060448}, abstract = {Additive manufacturing (AM, also known as 3D printing) is a bottom–up process where variations in process conditions can significantly influence the quality and performance of the printed parts. Digital twin (DT) technology can measure process parameters and printed part characteristics in real-time, achieving online monitoring, analysis, and optimization of the AM process. Existing DT research on AM focuses on simulating the printing process and lacks real-time defect detection and twinning of actual printed objects, which hinders the timely detection and correction of defects. This study developed a DT system for fused deposition modeling (FDM) AM technology that not only accurately simulates the printing process but also performs real-time quality monitoring of the printed parts. A laser profilometer and industrial camera were integrated into the printer to detect and collect real-time morphological data on the printed object. The custom-developed DT software could convert the morphological data of the printed parts into a DT model. By comparing the DT model of the printed object with its three-dimensional model, defect detection of the printed parts was achieved, where the quality of the printed parts was evaluated using a defect percentage index. This study combines DT and AM to achieve process quality monitoring, demonstrating the potential of DT technology in reducing printing defects and improving the quality of printed parts.}, language = {en}, number = {6}, urldate = {2025-06-12}, journal = {Machines}, author = {Xu, Chao and Lu, Shengbin and Zhang, Yulin and Zhang, Lu and Song, Zhengyi and Liu, Huili and Liu, Qingping and Ren, Luquan}, month = jun, year = {2025}, note = {Number: 6 Publisher: Multidisciplinary Digital Publishing Institute}, keywords = {defect detection, digital twin, fused deposition modeling, morphological data, online monitoring}, pages = {448}, } @inproceedings{nassi_SoKSecurityPrivacy_2021, title = {{SoK}: {Security} and {Privacy} in the {Age} of {Commercial} {Drones}}, shorttitle = {{SoK}}, url = {https://ieeexplore.ieee.org/document/9519393}, doi = {10.1109/SP40001.2021.00005}, abstract = {As the number of drones increases and the era in which they begin to fill the skies approaches, an important question needs to be answered: From a security and privacy perspective, are society and drones really prepared to handle the challenges that a large volume of flights will create? In this paper, we investigate security and privacy in the age of commercial drones. First, we focus on the research question: Are drones and their ecosystems protected against attacks performed by malicious entities? We list a drone’s targets, present a methodology for reviewing attack and countermeasure methods, perform a comprehensive review, analyze scientific gaps, present conclusions, and discuss future research directions. Then, we focus on the research question: Is society protected against attacks conducted using drones? We list targets within society, profile the adversaries, review threats, present a methodology for reviewing countermeasures, perform a comprehensive review, analyze scientific gaps, present conclusions, and discuss future research directions. Finally, we focus on the primary research question: From the security and privacy perspective, are society and drones prepared to take their relationship one step further? Our analysis reveals that the technological means required to protect drones and society from one another has not yet been developed, and there is a tradeoff between the security and privacy of drones and that of society. That is, the level of security and privacy cannot be optimized concurrently for both entities, because the security and privacy of drones cannot be optimized without decreasing the security and privacy of society, and vice versa.}, urldate = {2025-05-15}, booktitle = {2021 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})}, author = {Nassi, Ben and Bitton, Ron and Masuoka, Ryusuke and Shabtai, Asaf and Elovici, Yuval}, month = may, year = {2021}, note = {ISSN: 2375-1207}, keywords = {Drones, Ecosystems, Privacy, Security, Society}, pages = {1434--1451}, } @inproceedings{pratama_WingsCaseReverse_2024, title = {Behind {The} {Wings}: {The} {Case} of {Reverse} {Engineering} and {Drone} {Hijacking} in {DJI} {Enhanced} {Wi}-{Fi} {Protocol}}, shorttitle = {Behind {The} {Wings}}, url = {https://ieeexplore.ieee.org/abstract/document/10830741}, doi = {10.1109/PlatCon63925.2024.10830741}, abstract = {This research paper entails an examination of the Enhanced Wi-Fi protocol, focusing on its control command reverse-engineering analysis and subsequent demonstration of a hijacking attack. Our investigation discovered vulnerabilities in the Enhanced Wi-Fi control commands, rendering them susceptible to hijacking attacks. Notably, the study established that even readily available and cost-effective commercial off-the-shelf Wi-Fi routers could be leveraged as effective tools for executing such attacks. To illustrate this vulnerability, a proof-of-concept remote hijacking attack was carried out on a DJI Mini SE drone, whereby we intercepted the control commands to manipulate the drone's flight trajectory. The findings of this research emphasize the critical necessity of implementing robust security measures to safeguard unmanned aerial vehicles against potential hijacking threats. Considering that civilian drones are now used as war weapons, the study underscores the urgent need for further exploration and advancement in the domain of civilian drone security.}, urldate = {2025-05-15}, booktitle = {2024 {International} {Conference} on {Platform} {Technology} and {Service} ({PlatCon})}, author = {Pratama, Derry and Moon, Jaegeun and Ari Laksmono, Agus Mahardika and Yun, Dongwook and Iqbal, Muhammad and Jeong, Byeonguk and Ji, Jang Hyun and Kim, Howon}, month = aug, year = {2024}, note = {ISSN: 2766-4198}, keywords = {Autonomous aerial vehicles, Drones, Focusing, Rendering (computer graphics), Reverse engineering, Routing protocols, Security, Trajectory, Weapons, Wireless fidelity, component, formatting, insert, style, styling}, pages = {127--132}, } @article{kim_ChallengesDynamicAnalysis_2024, title = {Challenges in {Dynamic} {Analysis} of {Drone} {Firmware} and {Its} {Solutions}}, volume = {12}, issn = {2169-3536}, url = {https://ieeexplore.ieee.org/abstract/document/10589659}, doi = {10.1109/ACCESS.2024.3425604}, abstract = {With the advancement of Internet of Things (IoT) technology, its applications span various sectors such as public, industrial, private and military. In particular, the drone sector has gained significant attention for both commercial and military purposes. As a result, there has been a surge in research focused on vulnerability analysis of drones. However, most security research to mitigate threats to IoT devices has focused primarily on networks, firmware and mobile applications. Of these, the use of fuzzing to analyze the security of firmware requires emulation of the firmware. However, when it comes to drone firmware, the industry lacks emulation and automated fuzzing tools. This is largely due to challenges such as limited input interfaces, firmware encryption and signatures. While it may be tempting to assume that existing emulators and automated analyzers for IoT devices can be applied to drones, practical applications have proven otherwise. In this paper, we discuss the challenges of dynamically analyzing drone firmware and propose potential solutions. In addition, we demonstrate the effectiveness of our methodology by applying it to DJI drones, which have the largest market share.}, urldate = {2025-05-15}, journal = {IEEE Access}, author = {Kim, Yejun and Cho, Kwangsoo and Kim, Seungjoo}, year = {2024}, keywords = {Drones, Dynamical systems, Forensics, Fuzzing, Internet of Things, Microprogramming, Protocols, Security, dynamic analysis, firmware, fuzzing}, pages = {106593--106604}, } @article{marchetti_CybersecurityTestingDrones_2024, title = {Cybersecurity {Testing} in {Drones} {Domain}: {A} {Systematic} {Literature} {Review}}, volume = {12}, issn = {2169-3536}, shorttitle = {Cybersecurity {Testing} in {Drones} {Domain}}, url = {https://ieeexplore.ieee.org/abstract/document/10750190}, doi = {10.1109/ACCESS.2024.3495994}, abstract = {The widespread use of unmanned aerial vehicles (UAVs) drone cybersecurity testing is becoming an emerging and evolving research area for cybersecurity and privacy issues avoidance and prevention. This paper contributes to guiding the research activity by systematically surveying the commonly adopted solutions and proposals for cybersecurity testing in the drone research domain. It highlights the research challenges and issues, classifies the current proposal, methodologies, and techniques, and suggests future directions. After gathering a collection of papers using automated inquiry of well-known digital libraries and snowballing techniques, a classification schema has been proposed and applied to the identified research works. Furthermore, research questions have been identified and answered through the performed classification. The paper provides an outlook on cybersecurity testing in drone environments. It also lists current criticalities, challenges, gaps, and future directions useful to improve drone quality and increase cybersecurity. The analysis reveals that the collected results point to a meaningful evolution and innovative approaches in cybersecurity testing within current research activities.}, urldate = {2025-05-15}, journal = {IEEE Access}, author = {Marchetti, Eda and Waheed, Tauheed and Calabrò, Antonello}, year = {2024}, keywords = {Autonomous aerial vehicles, Computer security, Data privacy, Drones, Global Positioning System, Libraries, Proposals, Protection, Surveys, Testing, UAV, cybersecurity, testing}, pages = {171166--171184}, } @article{sciancalepore_PrivacyConfidentialityIssues_2024, title = {Privacy and {Confidentiality} {Issues} in {Drone} {Operations}: {Challenges} and {Road} {Ahead}}, volume = {38}, issn = {1558-156X}, shorttitle = {Privacy and {Confidentiality} {Issues} in {Drone} {Operations}}, url = {https://ieeexplore.ieee.org/abstract/document/10606517}, doi = {10.1109/MNET.2024.3432730}, abstract = {While drone-based civilian services and applications are appearing on the market at a high pace, recent efforts in the security and privacy community mainly focused on drone detection and neutralization when unauthorized invasions occur. Conversely, more attention must be paid to unveiling potential privacy and confidentiality threats to drone users and operators arising from using such a technology. Such threats, emerging from drones’ adoption for entertainment and business operations, are increasingly concerning due to the recently-introduced regulation on the Remote Identification of Unmanned Aircraft (Remote ID (RID)), mandating persistent disclosure of identity and location of the drone at run-time. This paper sheds some light on the aforementioned context, identifying several privacy and confidentiality threats connected to regular drone operations. Such threats originate from the nature of the drones’ ecosystem and actors and are magnified by the adoption of the RID regulation. For all the identified threats, we pinpoint similarities with issues faced in other research domains, potential solutions, and constraints owing to the drone technology, making the solutions conceived therein hardly applicable for drone-based services. The final result is a set of appealing research challenges, calling for joint efforts from Academia and industry.}, number = {6}, urldate = {2025-05-15}, journal = {IEEE Network}, author = {Sciancalepore, Savio}, month = nov, year = {2024}, keywords = {Aircraft, Autonomous aerial vehicles, Drones, Internet, Internet of Things, IoT, Privacy, Privacy Enhancing Technologies, Regulation, Remote monitoring, Security, Unmanned Aircraft, Wireless fidelity}, pages = {227--233}, } @inproceedings{schiller_DroneSecurityMysterious_2023, address = {San Diego, CA, USA}, title = {Drone {Security} and the {Mysterious} {Case} of {DJI}'s {DroneID}}, isbn = {978-1-891562-83-9}, url = {https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f217_paper.pdf}, doi = {10.14722/ndss.2023.24217}, abstract = {Consumer drones enable high-class aerial video photography, promise to reform the logistics industry, and are already used for humanitarian rescue operations and during armed conflicts. Contrasting their widespread adoption and high popularity, the low entry barrier for air mobility—a traditionally heavily regulated sector—poses many risks to safety, security, and privacy. Malicious parties could, for example, (mis-)use drones for surveillance, transportation of illegal goods, or cause economic damage by intruding the closed airspace above airports. To prevent harm, drone manufacturers employ several countermeasures to enforce safe and secure use of drones, e. g., they impose software limits regarding speed and altitude, or use geofencing to implement no-fly zones around airports or prisons. Complementing traditional countermeasures, drones from the market leader DJI implement a tracking protocol called DroneID, which is designed to transmit the position of both the drone and its operator to authorized entities such as law enforcement or operators of critical infrastructures.}, language = {en}, urldate = {2025-05-15}, booktitle = {Proceedings 2023 {Network} and {Distributed} {System} {Security} {Symposium}}, publisher = {Internet Society}, author = {Schiller, Nico and Chlosta, Merlin and Schloegel, Moritz and Bars, Nils and Eisenhofer, Thorsten and Scharnowski, Tobias and Domke, Felix and Schönherr, Lea and Holz, Thorsten}, year = {2023}, } @inproceedings{abdullahi_SimulationBasedAnalysisOPC_2025, title = {Simulation-{Based} {Analysis} of {OPC} {UA} {Set}-{Up} {Vulnerability} and {Its} {Security} {Risks} in {Cyber}-{Physical} {Manufacturing} {Systems}}, url = {https://ieeexplore.ieee.org/document/11130040}, doi = {10.1109/CSR64739.2025.11130040}, abstract = {In the era of Industry 4.0 (I4.0), Cyber-Physical Systems (CPS) are pivotal in enhancing industrial processes by using the Open Platform Communication Unified Architecture (OPC-UA) as the standard communication protocol. OPC-UA is one of the few industrial protocols that incorporates security measures for preventing adversaries from compromising critical infrastructures. However, despite the protocol’s security features and widespread adoption, it continues to reveal cybersecurity challenges and setup vulnerabilities in several products and vendor implementation libraries. Many vendor implementations of OPC-UA are unaware of the security risks associated with noncompliance to the OPC-UA specification or the integration of OPC-UA with other insecure protocols. Therefore, this work demonstrates the weaknesses of OPC-UA in such vendor implementation contexts by analyzing the communication architecture of the adopted OPC-UA library. Specifically, we start by simulating a communication architecture set-up that mimics most vendor OPC-UA implementations, which includes Digital Twin, Cobots, Manufacturing Execution Systems (MES) and Enterprise Resource Planning (ERP) systems with OPC-UA as the main protocol between MES and Cobots. A suspicious Media Access Control (MAC) address is sniffed in the network, and a malicious packet is then injected by exploiting the final TCP layer of the OPC-UA rogue client closing session, which rendered the entire network vulnerable. To verify the security risk in our communication architecture, we investigate the impact of the vulnerability in the simulation setup by instigating a Denial of Service (DoS) attack through the gradual increase in the number of malicious packets at different loops while noting how the systems react. This reveal flaws in the system operation, ranging from unreliable data exchange to total system collapse. Finally, different mitigation strategies are proposed to avert the attack.}, urldate = {2025-09-01}, booktitle = {2025 {IEEE} {International} {Conference} on {Cyber} {Security} and {Resilience} ({CSR})}, author = {Abdullahi, Sani M. and Götz, Manuel and Lazarova-Molnar, Sanja}, month = aug, year = {2025}, keywords = {Collaborative robots, Digital twins, DoS, Libraries, Manufacturing systems, Media Access Control, OPC-UA, Prevention and mitigation, Protocols, Resilience, Standards, Systems operation, cobots, cyber-physical systems, digital twins, vulnerability}, pages = {1119--1126}, } @misc{rescorla_TransportLayerSecurity_2018, type = {Request for {Comments}}, title = {The {Transport} {Layer} {Security} ({TLS}) {Protocol} {Version} 1.3}, doi = {10.17487/RFC8446}, abstract = {This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.}, publisher = {Internet Engineering Task Force}, author = {Rescorla, Eric}, month = aug, year = {2018}, } @inproceedings{diemunsch_ComprehensiveFormalSecurity_2025, title = {A {Comprehensive} {Formal} {Security} {Analysis} of {OPC} {UA}}, isbn = {978-1-939133-52-6}, url = {https://www.usenix.org/conference/usenixsecurity25/presentation/diemunsch}, language = {en}, urldate = {2025-08-25}, author = {Diemunsch, Vincent and Hirschi, Lucca and Kremer, Steve}, year = {2025}, pages = {7077--7096}, } @techreport{jones_JSONWebToken_2015, type = {{RFC}}, title = {{JSON} web token ({JWT})}, url = {https://www.rfc-editor.org/rfc/rfc7519.txt}, number = {7519}, institution = {IETF}, author = {Jones, M. and Bradley, J. and Sakimura, N.}, month = may, year = {2015}, } @article{aldysty_HolisticReviewFuzzing_2025, title = {A {Holistic} {Review} of {Fuzzing} for {Vulnerability} {Assessment} in {Industrial} {Network} {Protocols}}, volume = {6}, issn = {2644-125X}, url = {https://ieeexplore.ieee.org/document/11002567}, doi = {10.1109/OJCOMS.2025.3569291}, abstract = {Industrial control systems (ICSs) are considered the backbone of the industry field due to their essential role in supervising and handling crucial manufacturing operations in critical infrastructures such as power grids, water supply systems, and manufacturing processes. ICS systems were not initially designed with robust security measures, making them vulnerable to potential attacks. Accordingly, these attacks can lead to severe consequences, including disrupting services, causing economic damage, and compromising public safety. Notably, the security of Industrial Control Systems depends on the robustness of Industrial Network Protocols (INPs). Therefore, exposing and addressing their vulnerabilities is essential to strengthening these critical infrastructures and proactively mitigating cyber threats. Fuzzing has emerged as a powerful technique for uncovering security flaws in network protocols by systematically generating malformed inputs to trigger unexpected behavior. In this paper, we address a critical area in industrial cybersecurity by examining recent advancements in fuzzing methods for industrial network protocols. Our work provides a comprehensive overview of the fuzzing process, identifies key vulnerabilities in INPs, especially within the widely used Modbus protocol, and highlights the need for more advanced fuzzing strategies. Thus, we present a systematic machine learning-based fuzzing framework tailored to the unique characteristics of industrial protocols, leveraging proven methodologies from existing literature. By evaluating the strengths and limitations of state-of-the-art approaches, we offer valuable insights into the key challenges associated with applying fuzzing to discover vulnerabilities in industrial protocols, such as maintaining message integrity, implementing intelligent log analysis, and addressing the lack of explainability in fuzzing outcomes. Crucially, we also explore how the capabilities of large language models (LLMs), including their comprehensive knowledge bases, contextual understanding, and knowledge consolidation, can be harnessed to overcome these challenges and enhance the effectiveness of fuzzing in industrial environments, which we demonstrate through a mini case study. Lastly, this paper provides actionable guidance for future research and development in securing industrial network protocols.}, urldate = {2025-06-12}, journal = {IEEE Open Journal of the Communications Society}, author = {Aldysty, Ahmed Reda and Moustafa, Nour and Lakshika, Erandi}, year = {2025}, keywords = {Fuzzing, III-V semiconductor materials, Indium phosphide, Industrial control, Machine learning, Measurement, Protocols, Security, Surveys, Systematics, industrial control systems, industrial network protocol, large language models, machine learning, network protocol fuzzing, vulnerability}, pages = {4437--4461}, } @inproceedings{baumann_CyberphysicalSystemControl_2017, title = {Cyber-physical {System} {Control} via {Industrial} {Protocol} {OPC} {UA}}, isbn = {978-1-61208-599-9}, abstract = {The integration of cyber-physical systems (CPS) is gaining more and more momentum due to the advent of Industry 4.0. Thereby, one of the main challenges is to facilitate the connection to arbitrary machinery in order to monitor and control these automatically. Such a control flexibilizes production processes by enabling quick adaptions of production steps. Therefore, in this work, a system is described that enables the control of a 3D printer via the industrial standardized Machine-to-Machine (M2M) communication protocol Open Platform Communications Unified Architecture (OPC UA). The system is implemented on the basis of a micro computing platform, in this case a Raspberry Pi 2, and utilises open-source libraries and tools. The implementation creates a cyber-physical system, consisting of a 3D printer, its control system, sensor data acquisition systems and their respective digital representation. With this control system, the usage of consumer-centric 3D printers, such as Fused Deposition Modeling (FDM) printers, in enterpriselike scenarios is enabled. This abstract and universal control mechanism facilitates research in 3D printing control structures and industrial application.}, language = {en}, author = {Baumann, Felix W and Odefey, Ulrich and Hudert, Sebastian and Falkenthal, Michael and Zimmermann, Michael}, year = {2017}, } @inproceedings{hildebrandt_InformationHidingIndustrial_2020, address = {New York, NY, USA}, series = {{IH}\&{MMSec} '20}, title = {Information {Hiding} in {Industrial} {Control} {Systems}: {An} {OPC} {UA} based {Supply} {Chain} {Attack} and its {Detection}}, isbn = {978-1-4503-7050-9}, shorttitle = {Information {Hiding} in {Industrial} {Control} {Systems}}, url = {https://dl.acm.org/doi/10.1145/3369412.3395068}, doi = {10.1145/3369412.3395068}, abstract = {Industrial Control Systems (ICS) help to automate various cyber-physical systems in our world. The controlled processes range from rather simple traffic lights and elevators to complex networks of ICS in car manufacturing or controlling nuclear power plants. With the advent of industrial Ethernet ICS are increasingly connected to networks of Information Technology (IT). Thus, novel attack vectors on ICS are possible. In IT networks information hiding and steganography is increasingly used in advanced persistent threats to conceal the infection of the systems allowing the attacker to retain control over the compromised networks. In parallel ICS are more and more a target for attacks as well. Here, simple automated attacks as well as targeted attacks of nation state actors with the intention of damaging components or infrastructures as a part of cyber crime have already been observed. Information hiding could bring such attacks to a new level by integrating backdoors and hidden/covert communication channels that allow for attacking specific processes whenever it is deemed necessary. This paper sheds light on potential attack vectors on Programmable Logic Controllers (PLCs) using OPC Unified Architecture (OPC UA) network protocol based communication. We implement an exemplary supply chain attack consisting of an OPC UA server (Bob, B) and a Siemens S7-1500 PLC as OPC UA client (Alice, A). The hidden storage channel is using source timestamps to embed encrypted control sequences allowing for setting digital outputs to arbitrary values. The attack is solely relying on the programming of the PLC and does not require firmware level access. Due to the potential harm to life caused by attacks on cyber-physical systems any presentation of novel attack vectors need to present suitable mitigation strategies. Thus, we investigate potential approaches for the detection of the hidden storage channel for a warden W as well as potential countermeasures in order to increase the warden-compliance. Our machine learning based detection approach using a One-Class-Classifier yields a detection performance of 89.5\% with zero false positives within an experiment with 46,159 OPC UA read responses without a steganographic message and 7,588 OPC UA read responses with an embedded steganographic message.}, urldate = {2025-03-21}, booktitle = {Proceedings of the 2020 {ACM} {Workshop} on {Information} {Hiding} and {Multimedia} {Security}}, publisher = {Association for Computing Machinery}, author = {Hildebrandt, Mario and Lamshöft, Kevin and Dittmann, Jana and Neubert, Tom and Vielhauer, Claus}, month = jun, year = {2020}, pages = {115--120}, } @inproceedings{puys_FormalAnalysisSecurity_2016, address = {Cham}, title = {Formal {Analysis} of {Security} {Properties} on the {OPC}-{UA} {SCADA} {Protocol}}, isbn = {978-3-319-45477-1}, doi = {10.1007/978-3-319-45477-1_6}, abstract = {Industrial systems are publicly the target of cyberattacks since Stuxnet [1]. Nowadays they are increasingly communicating over insecure media such as Internet. Due to their interaction with the real world, it is crucial to prove the security of their protocols. In this paper, we formally study the security of one of the most used industrial protocols: OPC-UA. Using ProVerif, a well known cryptographic protocol verification tool, we are able to check secrecy and authentication properties. We find several attacks on the protocols and provide countermeasures.}, language = {en}, booktitle = {Computer {Safety}, {Reliability}, and {Security}}, publisher = {Springer International Publishing}, author = {Puys, Maxime and Potet, Marie-Laure and Lafourcade, Pascal}, editor = {Skavhaug, Amund and Guiochet, Jérémie and Bitsch, Friedemann}, year = {2016}, keywords = {Formal Verification, Message Authentication Code, Security Property, Stream Transmission Control Protocol, Transmission Control Protocol}, pages = {67--75}, } @techreport{cheremushkin_OPCUASecurity_2018, title = {{OPC} {UA} security analysis}, url = {https://ics-cert.kaspersky.com/media/KL_OPCUA_MAY_2018_EN.pdf}, urldate = {2025-03-17}, institution = {Kaspersky Lab ICS CERT}, author = {Cheremushkin, Pavel and Temnikov, Sergey}, year = {2018}, } @inproceedings{dasilva_SurveyOPCUA_2023, address = {São Bernardo do Campo, Brazil}, title = {A {Survey} on {OPC} {UA} {Protocol}: {Overview}, {Challenges} and {Opportunities}}, copyright = {https://doi.org/10.15223/policy-029}, isbn = {979-8-3503-1418-2}, shorttitle = {A {Survey} on {OPC} {UA} {Protocol}}, url = {https://ieeexplore.ieee.org/document/10375053/}, doi = {10.1109/INDUSCON58041.2023.10375053}, urldate = {2025-03-17}, booktitle = {2023 15th {IEEE} {International} {Conference} on {Industry} {Applications} ({INDUSCON})}, publisher = {IEEE}, author = {Da Silva, Jonathan Tobias and Dias, Andre Luis and Da Silva, Ivan Nunes}, month = nov, year = {2023}, pages = {1523--1530}, } @article{shin_VulnerabilitiesOpenPlatform_2022, title = {Vulnerabilities of the {Open} {Platform} {Communication} {Unified} {Architecture} {Protocol} in {Industrial} {Internet} of {Things} {Operation}}, volume = {22}, copyright = {http://creativecommons.org/licenses/by/3.0/}, issn = {1424-8220}, url = {https://www.mdpi.com/1424-8220/22/17/6575}, doi = {10.3390/s22176575}, abstract = {Recently, as new threats from attackers are discovered, the damage and scale of these threats are increasing. Vulnerabilities should be identified early, and countermeasures should be implemented to solve this problem. However, there are limitations to applying the vulnerability discovery framework used in practice. Existing frameworks have limitations in terms of the analysis target. If the analysis target is abstract, it cannot be easily applied to the framework. Therefore, this study proposes a framework for vulnerability discovery and countermeasures that can be applied to any analysis target. The proposed framework includes a structural analysis to discover vulnerabilities from a scenario composition, including analysis targets. In addition, a proof of concept is conducted to derive and verify threats that can actually occur through threat modeling. In this study, the open platform communication integrated architecture used in the industrial control system and industrial Internet of Things environment was selected as an analysis target. We find 30 major threats and four vulnerabilities based on the proposed framework. As a result, the validity of malicious client attacks using certificates and DoS attack scenarios using flooding were validated, and we create countermeasures for these vulnerabilities.}, language = {en}, number = {17}, urldate = {2025-03-17}, journal = {Sensors}, author = {Shin, Dong-Hyuk and Kim, Ga-Yeong and Euom, Ieck-Chae}, month = jan, year = {2022}, note = {Number: 17 Publisher: Multidisciplinary Digital Publishing Institute}, keywords = {industrial Internet of Things, industrial control system, open platform communication (OPC) unified architecture (UA), vulnerability analysis, vulnerability discovery framework}, pages = {6575}, } @article{volkova_SecurityChallengesControl_2019, title = {Security {Challenges} in {Control} {Network} {Protocols}: {A} {Survey}}, volume = {21}, copyright = {https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html}, issn = {1553-877X, 2373-745X}, shorttitle = {Security {Challenges} in {Control} {Network} {Protocols}}, url = {https://ieeexplore.ieee.org/document/8472799/}, doi = {10.1109/COMST.2018.2872114}, number = {1}, urldate = {2025-03-17}, journal = {IEEE Communications Surveys \& Tutorials}, author = {Volkova, Anna and Niedermeier, Michael and Basmadjian, Robert and De Meer, Hermann}, year = {2019}, pages = {619--639}, } @inproceedings{huang_ResearchOPCUA_2010, address = {Taichung}, title = {Research on {OPC} {UA} security}, isbn = {978-1-4244-5045-9 978-1-4244-5046-6}, url = {https://ieeexplore.ieee.org/document/5514836/}, doi = {10.1109/ICIEA.2010.5514836}, urldate = {2025-03-17}, booktitle = {2010 5th {IEEE} {Conference} on {Industrial} {Electronics} and {Applications}}, publisher = {IEEE}, author = {Huang, Renjie and Liu, Feng and Pan, Dongbo}, month = jun, year = {2010}, pages = {1439--1444}, } @article{kohnhauser_SecurityIIoTDeployments_2021, title = {On the {Security} of {IIoT} {Deployments}: {An} {Investigation} of {Secure} {Provisioning} {Solutions} for {OPC} {UA}}, volume = {9}, copyright = {https://creativecommons.org/licenses/by-nc-nd/4.0/}, issn = {2169-3536}, shorttitle = {On the {Security} of {IIoT} {Deployments}}, url = {https://ieeexplore.ieee.org/document/9478911/}, doi = {10.1109/ACCESS.2021.3096062}, urldate = {2025-03-17}, journal = {IEEE Access}, author = {Kohnhauser, Florian and Meier, David and Patzer, Florian and Finster, Soren}, year = {2021}, pages = {99299--99311}, } @inproceedings{muhlbauer_OpenSourceOPCUA_2020, title = {Open-{Source} {OPC} {UA} {Security} and {Scalability}}, volume = {1}, url = {https://ieeexplore.ieee.org/abstract/document/9212091}, doi = {10.1109/ETFA46521.2020.9212091}, abstract = {OPC UA is widely adopted for remote-control in industrial environments. It has a central role for industrial control systems as it enables remote management. Compromising OPC UA can lead to compromising entire production facilities. Consequently, OPC UA requires a high level of security. Major commercial OPC UA implementations have compliance certificates ensuring that their security models obey the specification. However, open-source OPC UA implementations that have wide deployment mostly lack these certificates. In this work, we investigate the security models of the four most commonly used open-source implementations: open62541, node-opcua, UA-.NETStandard, and python-opcua. Furthermore, their scalabilities for the number of clients and OPC UA nodes are also analyzed.}, urldate = {2025-03-17}, booktitle = {2020 25th {IEEE} {International} {Conference} on {Emerging} {Technologies} and {Factory} {Automation} ({ETFA})}, author = {Mühlbauer, Nikolas and Kirdan, Erkin and Pahl, Marc-Oliver and Carle, Georg}, month = sep, year = {2020}, note = {ISSN: 1946-0759}, keywords = {Computer languages, Conferences, Fault diagnosis, Industrial control, OPC UA, Production facilities, Scalability, Security, open-source, scalability, security}, pages = {262--269}, } @techreport{vomdorp_SicherheitsanalyseOPCUA_2022, title = {Sicherheitsanalyse {OPC} {UA}}, url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/OPCUA/OPCUA_2022.html}, language = {de}, institution = {Bundesamt für Sicherheit in der Informationstechnik}, author = {vom Dorp, Johannes and Merschjohann, Sven and Meier, David and Patzer, Florian and Karch, Markus and Haas, Christian}, month = jun, year = {2022}, pages = {74}, } @inproceedings{erba_SecurityAnalysisVendor_2022, address = {Los Angeles CA USA}, title = {Security {Analysis} of {Vendor} {Implementations} of the {OPC} {UA} {Protocol} for {Industrial} {Control} {Systems}}, isbn = {978-1-4503-9876-3}, url = {https://dl.acm.org/doi/10.1145/3560826.3563380}, doi = {10.1145/3560826.3563380}, language = {en}, urldate = {2025-03-17}, booktitle = {Proceedings of the 4th {Workshop} on {CPS} \& {IoT} {Security} and {Privacy}}, publisher = {ACM}, author = {Erba, Alessandro and Müller, Anne and Tippenhauer, Nils Ole}, month = nov, year = {2022}, pages = {1--13}, } @misc{opcfoundation_OPC1000024UA_2022, title = {{OPC} 10000-24: {UA} {Part} 24: {Scheduler}}, url = {https://reference.opcfoundation.org/Scheduler/v105/docs/}, abstract = {This document specifies an OPC UA information model to expose information, at what dates and times specific actions are executed by the OPC UA Server. Those schedules can optionally also be manipulated via the information model.}, author = {{OPC Foundation}}, month = nov, year = {2022}, } @misc{opcfoundation_OPC1000023UA_2022, title = {{OPC} 10000-23: {UA} {Part} 23: {Common} {Reference} {Types}}, url = {https://reference.opcfoundation.org/Core/Part23/v105/docs/}, abstract = {This part of the OPC Unified Architecture defines an Information Model. The Information Model defines common ReferenceTypes.}, author = {{OPC Foundation}}, month = nov, year = {2022}, } @misc{opcfoundation_OPC1000022UA_2024, title = {{OPC} 10000-22: {UA} {Part} 22: {Base} {Network} {Model}}, url = {https://reference.opcfoundation.org/Core/Part22/v105/docs/}, abstract = {The Base Network Model (BNM) specifies an OPC UA Information Model for a basic set of network related components to be used in other Information Models.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC1000021UA_2024, title = {{OPC} 10000-21: {UA} {Part} 21: {Device} {Onboarding}}, url = {https://reference.opcfoundation.org/Onboarding/v105/docs/}, abstract = {This part defines the life cycle of Devices and Composites and mechanisms to verify their authenticity, set up their security and maintain their configuration.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC1000020UA_2023, title = {{OPC} 10000-20: {UA} {Part} 20: {File} {Transfer}}, url = {https://reference.opcfoundation.org/Core/Part20/v105/docs/}, abstract = {This part of the OPC Unified Architecture defines an Information Model. The Information Model describes the basic infrastructure to model file transfers.}, author = {{OPC Foundation}}, month = dec, year = {2023}, } @misc{opcfoundation_OPC1000019UA_2023, title = {{OPC} 10000-19: {UA} {Part} 19: {Dictionary} {References}}, url = {https://reference.opcfoundation.org/Core/Part19/v105/docs/}, abstract = {This specification defines an Information Model of the OPC Unified Architecture. The Information Model describes the basic infrastructure to reference from an OPC UA Information Model to external dictionaries like IEC Common Data Dictionary or ECLASS.}, author = {{OPC Foundation}}, month = dec, year = {2023}, } @misc{opcfoundation_OPC1000018UA_2024, title = {{OPC} 10000-18: {UA} {Part} 18: {Role}-{Based} {Security}}, url = {https://reference.opcfoundation.org/Core/Part18/v105/docs/}, abstract = {This part of the OPC Unified Architecture defines an Information Model. The Information Model describes the basic infrastructure to model role-based security.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC1000017UA_2024, title = {{OPC} 10000-17: {UA} {Part} 17: {Alias} {Names}}, url = {https://reference.opcfoundation.org/Core/Part17/v105/docs/}, abstract = {This part of the OPC UA Standard provides a definition of AliasNames functionality. AliasNames provide a manner of configuring and exposing an alternate well-defined name for any Node in the system. This is analogous to the way domain names are used as an alias to IP addresses in IP networks. Like a DNS Server, an OPC UA Server that supports AliasNames provides a lookup Method that will translate an AliasName to a NodeId of the related Node on a Server. An aggregating Server can collect these AliasNames from multiple Servers and provide a lookup Method to allow Client applications to discover NodeIds on a system wide basis. An aggregating Server could also define AliasNames for Nodes in other Servers that do not support AliasNames. A GDS may be constructed that would automatically aggregate all AliasNames that are defined on any Server that has registered with the GDS. In this case the GDS also provides the lookup mechanism for Clients at a well-known endpoint and address. Examples for the use of AliasNames are in Annex A. The GDS functionality for AliasNames is formally defined in Annex B.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC1000016UA_2024, title = {{OPC} 10000-16: {UA} {Part} 16: {State} {Machines}}, url = {https://reference.opcfoundation.org/Core/Part16/v105/docs/}, abstract = {This part of the OPC Unified Architecture defines an Information Model. The Information Model describes the basic infrastructure to model state machines.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC1000015UA_2024, title = {{OPC} 10000-15: {UA} {Part} 15: {Safety}}, url = {https://reference.opcfoundation.org/Safety/v105/docs/}, abstract = {This document describes a safety communication layer (services and a protocol) for the exchange of SafetyData using OPC UA mechanisms. It identifies the principles for functional safety communications defined in IEC 617843 that are relevant for this safety communication layer. This safety communication layer is intended for implementation in safety devices only.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC1000014UA_2024, title = {{OPC} 10000-14: {UA} {Part} 14: {PubSub}}, url = {https://reference.opcfoundation.org/Core/Part14/v105/docs/}, abstract = {This part of OPC Unified Architecture (OPC UA) defines the PubSub communication model. It defines an OPC UA publish subscribe pattern which complements the client server pattern defined by the Services in OPC 10000-4. See OPC 10000-1 for an overview of the two models and their distinct uses.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC1000013UA_2022, title = {{OPC} 10000-13: {UA} {Part} 13: {Aggregates}}, url = {https://reference.opcfoundation.org/Core/Part13/v105/docs/}, abstract = {This specification is part of the overall OPC Unified Architecture specification series and defines the information model associated with Aggregates.}, author = {{OPC Foundation}}, month = nov, year = {2022}, } @misc{opcfoundation_OPC1000012UA_2024, title = {{OPC} 10000-12: {UA} {Part} 12: {Discovery} and {Global} {Services}}, url = {https://reference.opcfoundation.org/GDS/v105/docs/}, abstract = {This part specifies how OPC Unified Architecture (OPC UA) Clients and Servers interact with DiscoveryServers when used in different scenarios. It specifies the requirements for the LocalDiscoveryServer, LocalDiscoveryServer-ME and GlobalDiscoveryServer. It also defines information models for Certificate management, KeyCredential m anagement and AuthorizationServices.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC1000011UA_2024, title = {{OPC} 10000-11: {UA} {Part} 11: {Historical} {Access}}, url = {https://reference.opcfoundation.org/Core/Part11/v105/docs/}, abstract = {This document is part of the OPC Unified Architecture standards series and defines the Information Model associated with Historical Access (HA). It particularly includes additional and complementary descriptions of the NodeClasses and Attributes needed for Historical Access, additional standard Properties, and other information and behaviour.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC1000010UA_2021, title = {{OPC} 10000-10: {UA} {Part} 10: {Programs}}, url = {https://reference.opcfoundation.org/Core/Part10/v105/docs/}, abstract = {This part of OPC 10000 defines the Information Model associated with Programs in OPC Unified Architecture (OPC UA). This includes the description of the NodeClasses, standard Properties, Methods and Events and associated behaviour and information for Programs.}, author = {{OPC Foundation}}, month = oct, year = {2021}, } @misc{opcfoundation_OPC100009UA_2023, title = {{OPC} 10000-9: {UA} {Part} 9: {Alarms} and {Conditions}}, url = {https://reference.opcfoundation.org/Core/Part9/v105/docs/}, abstract = {This document specifies the representation of Alarms and Conditions in the OPC Unified Architecture. Included is the Information Model representation of Alarms and Conditions in the OPC UA address space. Other aspects of alarm systems like alarm philosophy, life cycle, alarm response times, alarm types and many other details are captured in standards such as IEC 62682 and ISA 18.2. The Alarms and Conditions Information Model in this specification, is designed in accordance with IEC 62682 and ISA 18.2. Annex C specifies how the model described in this document maps to EEMUA. Annex D specifies a recommended mapping between OPC Classic Alarm \& Events (A\&E) servers to the model described in this document.}, author = {{OPC Foundation}}, month = dec, year = {2023}, } @misc{opcfoundation_OPC100008UA_2024, title = {{OPC} 10000-8: {UA} {Part} 8: {DataAccess}}, url = {https://reference.opcfoundation.org/Core/Part8/v105/docs/}, abstract = {This part of OPC 10000 is part of the overall OPC Unified Architecture (OPC UA) standard series and defines the information model associated with Data Access (DA). It particularly includes additional VariableTypes and complementary descriptions of the NodeClasses and Attributes needed for Data Access, additional Properties, and other information and behaviour.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC100007UA_2022, title = {{OPC} 10000-7: {UA} {Part} 7: {Profiles}}, url = {https://reference.opcfoundation.org/Core/Part7/v105/docs/}, abstract = {This document specifies value and structure of Profiles in the OPC Unified Architecture.}, author = {{OPC Foundation}}, month = nov, year = {2022}, } @misc{opcfoundation_OPC100006UA_2024, title = {{OPC} 10000-6: {UA} {Part} 6: {Mappings}}, url = {https://reference.opcfoundation.org/Core/Part6/v105/docs/}, abstract = {This part of OPC Unified Architecture (OPC UA) specifies the mapping between the security model described in OPC 10000-2, the abstract service definitions specified in OPC 10000-4, the data structures defined in OPC 10000-5 and the physical network protocols that can be used to implement the OPC UA specification.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC100005UA_2024, title = {{OPC} 10000-5: {UA} {Part} 5: {Information} {Model}}, url = {https://reference.opcfoundation.org/Core/Part5/v105/docs/}, abstract = {This part of the OPC Unified Architecture defines the Information Model .The Information Model describes standardised Nodes of a Server’s AddressSpace. These Nodes are standardised types as well as standardised instances used for diagnostics or as entry points to server-specific Nodes. Thus, the Information Model defines the AddressSpace of an empty OPC UA Server. However, it is not expected that all Servers will provide all of these Nodes.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC100004UA_2024, title = {{OPC} 10000-4: {UA} {Part} 4: {Services}}, url = {https://reference.opcfoundation.org/Core/Part4/v105/docs/}, abstract = {This part of OPC 10000 defines the OPC Unified Architecture (OPC UA) Services. The Services defined are the collection of abstract Remote Procedure Calls (RPC) that are implemented by OPC UA Servers and called by OPC UA Clients. All interactions between OPC UA Clients and Servers occur via these Services. The defined Services are considered abstract because no particular RPC mechanism for implementation is defined in this document. OPC 10000-6 specifies one or more concrete mappings supported for implementation. For example, one mapping in OPC 10000-6 is to UA-TCP UA-SC UA-Binary. In that case the Services described in this document appear as OPC UA Binary encoded payload, secured with OPC UA Secure Conversation and transported via OPC UA TCP.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC100003UA_2024, title = {{OPC} 10000-3: {UA} {Part} 3: {Address} {Space} {Model}}, url = {https://reference.opcfoundation.org/Core/Part3/v105/docs/}, abstract = {This specification describes the OPC Unified Architecture (OPC UA) AddressSpace and its Objects. This Part is the OPC UA meta model on which OPC UA information models are based.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC100002UA_2024, title = {{OPC} 10000-2: {UA} {Part} 2: {Security}}, url = {https://reference.opcfoundation.org/Core/Part2/v105/docs/}, abstract = {This part describes the OPC Unified Architecture (OPC UA) security model. It describes the security threats of the physical, hardware, and software environments in which OPC UA is expected to run. It describes how OPC UA relies upon other standards for security. It provides definition of common security terms that are used in this and other parts of the OPC UA specification series. It provides an overview of general security features. It also relates these features to the security concepts that are specified in other parts of the OPC UA specification. It references services, mappings, and Profiles that are specified normatively in other parts of this multi-part specification. It provides suggestions or best practice guidelines on implementing security. Any seeming ambiguity between this document and one of the other normative documents in this series does not remove or reduce the requirement specified in the other normative document.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @misc{opcfoundation_OPC100001UA_2024, title = {{OPC} 10000-1: {UA} {Part} 1: {Overview} and {Concepts}}, url = {https://reference.opcfoundation.org/Core/Part1/v105/docs/}, abstract = {This part of OPC 10000 presents the concepts and overview of the OPC Unified Architecture (OPC UA). Reading this document is helpful to understand the remaining parts of the OPC 10000 series. Each of the other parts is briefly explained along with a suggested reading order.}, author = {{OPC Foundation}}, month = nov, year = {2024}, } @inproceedings{fiterau-brostean_AnalysisDTLSImplementations_2020, title = {Analysis of {DTLS} implementations using protocol state fuzzing}, isbn = {978-1-939133-17-5}, url = {https://www.usenix.org/conference/usenixsecurity20/presentation/fiterau-brostean}, booktitle = {29th {USENIX} security symposium ({USENIX} security 20)}, publisher = {USENIX Association}, author = {Fiterau-Brostean, Paul and Jonsson, Bengt and Merget, Robert and de Ruiter, Joeri and Sagonas, Konstantinos and Somorovsky, Juraj}, month = aug, year = {2020}, keywords = {somorovskyvorarbeit}, pages = {2523--2540}, } @inproceedings{rossel_SecurityImplicationsMalicious_2025, title = {Security {Implications} of {Malicious} {G}-{Codes} in {3D} {Printing}}, url = {https://ris.uni-paderborn.de/record/58657}, abstract = {The rapid growth of 3D printing technology has transformed a wide range of industries, enabling the on-demand production of complex objects, from aerospace components to medical devices. However, this technology also introduces significant security challenges. Previous research highlighted the security implications of G-Codes—commands used to control the printing process. These studies assumed powerful attackers and focused on manipulations of the printed models, leaving gaps in understanding the full attack potential. In this study, we systematically analyze security threats associated with 3D printing, focusing specifically on vulnerabilities caused by G-Code commands. We introduce attacks and attacker models that assume a less powerful adversary than traditionally considered, broadening the scope of potential security threats. Our findings show that even minimal access to the 3D printer can result in significant security breaches, such as unauthorized access to subsequent print jobs or persistent misconfiguration of the printer. We identify 278 potentially malicious G-Codes across the attack categories Information Disclosure, Denial of Service, and Model Manipulation. Our evaluation demonstrates the applicability of these attacks across various 3D printers and their firmware. Our findings underscore the need for a better standardization process of G-Codes and corresponding security best practices.}, urldate = {2025-03-19}, booktitle = {Proceedings of the 34th {USENIX} {Security} {Symposium} ({USENIX} '25)}, author = {Rossel, Jost and Mladenov, Vladislav and Wördenweber, Nico and Somorovsky, Juraj}, year = {2025}, keywords = {somorovskyvorarbeit}, } @book{somorovsky_InsecurityXMLSecurity_2013, title = {On the insecurity of {XML} security}, number = {Dissertation thesis}, author = {Somorovsky, Juraj}, year = {2013}, doi = {10.1515/itit-2014-1045}, } @inproceedings{somorovsky_AllYourClouds_2011, address = {New York, NY, USA}, series = {{CCSW} '11}, title = {All your clouds are belong to us: security analysis of cloud management interfaces}, isbn = {978-1-4503-1004-8}, shorttitle = {All your clouds are belong to us}, doi = {10.1145/2046660.2046664}, abstract = {Cloud Computing resources are handled through control interfaces. It is through these interfaces that the new machine images can be added, existing ones can be modified, and instances can be started or ceased. Effectively, a successful attack on a Cloud control interface grants the attacker a complete power over the victim's account, with all the stored data included.In this paper, we provide a security analysis pertaining to the control interfaces of a large Public Cloud (Amazon) and a widely used Private Cloud software (Eucalyptus).Our research results are alarming: in regards to the Amazon EC2 and S3 services, the control interfaces could be compromised via the novel signature wrapping and advanced XSS techniques. Similarly, the Eucalyptus control interfaces were vulnerable to classical signature wrapping attacks, and had nearly no protection against XSS. As a follow up to those discoveries, we additionally describe the countermeasures against these attacks, as well as introduce a novel "black box" analysis methodology for public Cloud interfaces.}, booktitle = {Proceedings of the 3rd {ACM} workshop on {Cloud} computing security workshop}, publisher = {Association for Computing Machinery}, author = {Somorovsky, Juraj and Heiderich, Mario and Jensen, Meiko and Schwenk, Jörg and Gruschka, Nils and Lo Iacono, Luigi}, month = oct, year = {2011}, pages = {3--14}, } @inproceedings{somorovsky_SystematicFuzzingTesting_2016, address = {New York, NY, USA}, series = {{CCS} '16}, title = {Systematic {Fuzzing} and {Testing} of {TLS} {Libraries}}, isbn = {978-1-4503-4139-4}, url = {https://doi.org/10.1145/2976749.2978411}, doi = {10.1145/2976749.2978411}, abstract = {We present TLS-Attacker, an open source framework for evaluating the security of TLS libraries. TLS-Attacker allows security engineers to create custom TLS message flows and arbitrarily modify message contents using a simple interface in order to test the behavior of their libraries. Based on TLS-Attacker, we present a two-stage fuzzing approach to evaluate TLS server behavior. Our approach automatically searches for cryptographic failures and boundary violation vulnerabilities. It allowed us to find unusual padding oracle vulnerabilities and overflows/overreads in widely used TLS libraries, including OpenSSL, Botan, and MatrixSSL. Our findings motivate developers to create comprehensive test suites, including positive as well as negative tests, for the evaluation of TLS libraries. We use TLS-Attacker to create such a test suite framework which finds further problems in Botan.}, urldate = {2024-05-09}, booktitle = {Proceedings of the 2016 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Somorovsky, Juraj}, month = oct, year = {2016}, keywords = {TLS, fuzzing, padding oracle attack, somorovskyvorarbeit}, pages = {1492--1504}, } @inproceedings{rossel_SecurityAnalysis3MF_2023, series = {{RAID} '23}, title = {Security {Analysis} of the {3MF} {Data} {Format}}, isbn = {979-8-4007-0765-0}, doi = {10.1145/3607199.3607216}, abstract = {3D printing is a well-established technology with rapidly increasing usage scenarios both in the industry and consumer context. The growing popularity of 3D printing has also attracted security researchers, who have analyzed possibilities for weakening 3D models or stealing intellectual property from 3D models. We extend these important aspects and provide the first comprehensive security analysis of 3D printing data formats. We performed our systematic study on the example of the 3D Manufacturing Format (3MF), which offers a large variety of features that could lead to critical attacks. Based on 3MF’s features, we systematized three attack goals: Data Exfiltration (dex), Denial of Service, and UI Spoofing (uis). We achieve these goals by exploiting the complexity of 3MF, which is based on the Open Packaging Conventions (OPC) format and uses XML to define 3D models. In total, our analysis led to 352 tests. To create and run these tests automatically, we implemented an open-source tool named 3MF Analyzer (tool), which helped us evaluate 20 applications.}, urldate = {2024-04-24}, booktitle = {Proceedings of the 26th {International} {Symposium} on {Research} in {Attacks}, {Intrusions} and {Defenses}}, publisher = {Association for Computing Machinery}, author = {Rossel, Jost and Mladenov, Vladislav and Somorovsky, Juraj}, month = oct, year = {2023}, keywords = {3D Manufacturing Format, 3D Printing, Additive Manufacturing, Data Format Security, somorovskyvorarbeit}, pages = {179--194}, } @inproceedings{muller_SoKExploitingNetwork_2017, title = {{SoK}: {Exploiting} {Network} {Printers}}, shorttitle = {{SoK}}, doi = {10.1109/SP.2017.47}, abstract = {The idea of a paperless office has been dreamed of for more than three decades. However, nowadays printers are still one of the most essential devices for daily work and common Internet users. Instead of removing them, printers evolved from simple devices into complex network computer systems, installed directly into company networks, and carrying considerable confidential data in their print jobs. This makes them to an attractive attack target. In this paper we conduct a large scale analysis of printer attacks and systematize our knowledge by providing a general methodology for security analyses of printers. Based on our methodology, we implemented an open-source tool called PRinter Exploitation Toolkit (PRET). We used PRET to evaluate 20 printer models from different vendors and found all of them to be vulnerable to at least one of the tested attacks. These attacks included, for example, simple DoS attacks or skilled attacks, extracting print jobs and system files. On top of our systematic analysis we reveal novel insights that enable attacks from the Internet by using advanced cross-site printing techniques, combined with printer CORS spoofing. Finally, we show how to apply our attacks to systems beyond typical printers like Google Cloud Print or document processing websites.}, urldate = {2024-08-27}, booktitle = {2017 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})}, author = {Müller, Jens and Mladenov, Vladislav and Somorovsky, Juraj and Schwenk, Jörg}, month = may, year = {2017}, note = {ISSN: 2375-1207}, keywords = {Page description languages, Ports (Computers), Printers, Printing, Protocols, Security, Tools, attacks, printers, somorovskyvorarbeit, web security}, pages = {213--230}, } @inproceedings{dunsche_GreatPowerCome_2024, title = {With {Great} {Power} {Come} {Great} {Side} {Channels}: {Statistical} {Timing} {Side}-{Channel} {Analyses} with {Bounded} {Type}-1 {Errors}}, url = {https://www.usenix.org/conference/usenixsecurity24/presentation/dunsche}, booktitle = {33rd {USENIX} {Security} {Symposium} ({USENIX} {Security} 24)}, author = {Dunsche, Martin and Maehren, Marcel and Erinola, Nurullah and Merget, Robert and Bissantz, Nicolai and Somorovsky, Juraj and Schwenk, Jörg}, year = {2024}, keywords = {somorovskyvorarbeit, tls}, } @inproceedings{niemietz_NotSmartSmart_2015, title = {Not so {Smart}: {On} {Smart} {TV} {Apps}}, shorttitle = {Not so {Smart}}, url = {https://ieeexplore.ieee.org/document/7411840}, doi = {10.1109/SIOT.2015.13}, abstract = {One of the main characteristics of Smart TVs are apps. Apps extend the Smart TV behavior with various functionalities, ranging from usage of social networks or payed streaming services, to buying articles on Ebay. These actions demand usage of critical data like authentication tokens and passwords, and thus raise a question on new attack scenarios and general security of Smart TV apps. In this paper, we investigate attack models for Smart TVs and their apps, and systematically analyze security of Smart TV devices. We point out that some popular apps, including Facebook, Ebay or Watchever, send login data over unencrypted channels. Even worse, we show that an arbitrary app installed on devices of the market share leader Samsung can gain access to the credentials of a Samsung Single Sign-On account. Therefore, such an app can hijack a complete user account including all his devices like smartphones and tablets connected with it. Based on our findings, we provide recommendations that are of general importance and applicable to areas beyond Smart TVs.}, urldate = {2025-03-17}, booktitle = {2015 {International} {Workshop} on {Secure} {Internet} of {Things} ({SIoT})}, author = {Niemietz, Marcus and Somorovsky, Juraj and Mainka, Christian and Schwenk, Jörg}, month = sep, year = {2015}, keywords = {somorovskyvorarbeit}, pages = {72--81}, } @inproceedings{detering_InSecurityJavaScriptObject_2017, address = {New York, NY, USA}, series = {{ROOTS}}, title = {On {The} ({In}-){Security} {Of} {JavaScript} {Object} {Signing} {And} {Encryption}}, isbn = {978-1-4503-5321-2}, url = {https://dl.acm.org/doi/10.1145/3150376.3150379}, doi = {10.1145/3150376.3150379}, abstract = {JavaScript Object Notation (JSON) has evolved to the de-facto standard file format in the web used for application configuration, cross- and same-origin data exchange, as well as in Single Sign-On (SSO) protocols such as OpenID Connect. To protect integrity, authenticity, and confidentiality of sensitive data, JavaScript Object Signing and Encryption (JOSE) was created to apply cryptographic mechanisms directly in JSON messages.We investigate the security of JOSE and present different applicable attacks on several popular libraries. We introduce JOSEPH (JavaScript Object Signing and Encryption Pentesting Helper) -- our newly developed Burp Suite extension, which automatically performs security analysis on targeted applications. JOSEPH's automatic vulnerability detection ranges from executing simple signature exclusion or signature faking techniques, which neglect JSON message integrity, up to highly complex cryptographic Bleichenbacher attacks, breaking the confidentiality of encrypted JSON messages. We found severe vulnerabilities in six popular JOSE libraries. We responsibly disclosed all weaknesses to the developers and helped them to provide fixes.}, urldate = {2025-03-17}, booktitle = {Proceedings of the 1st {Reversing} and {Offensive}-oriented {Trends} {Symposium}}, publisher = {Association for Computing Machinery}, author = {Detering, Dennis and Somorovsky, Juraj and Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, month = nov, year = {2017}, keywords = {somorovskyvorarbeit}, pages = {1--11}, } @inproceedings{jager_HowBreakXML_2011, address = {New York, NY, USA}, series = {{CCS} '11}, title = {How to break {XML} encryption}, isbn = {978-1-4503-0948-6}, url = {https://dl.acm.org/doi/10.1145/2046707.2046756}, doi = {10.1145/2046707.2046756}, abstract = {XML Encryption was standardized by W3C in 2002, and is implemented in XML frameworks of major commercial and open-source organizations like Apache, redhat, IBM, and Microsoft. It is employed in a large number of major web-based applications, ranging from business communications, e-commerce, and financial services over healthcare applications to governmental and military infrastructures. In this work we describe a practical attack on XML Encryption, which allows to decrypt a ciphertext by sending related ciphertexts to a Web Service and evaluating the server response. We show that an adversary can decrypt a ciphertext by performing only 14 requests per plaintext byte on average. This poses a serious and truly practical security threat on all currently used implementations of XML Encryption.In a sense the attack can be seen as a generalization of padding oracle attacks (Vaudenay, Eurocrypt 2002). It exploits a subtle correlation between the block cipher mode of operation, the character encoding of encrypted text, and the response behaviour of a Web Service if an XML message cannot be parsed correctly.}, urldate = {2024-08-20}, booktitle = {Proceedings of the 18th {ACM} conference on {Computer} and communications security}, publisher = {Association for Computing Machinery}, author = {Jager, Tibor and Somorovsky, Juraj}, month = oct, year = {2011}, pages = {413--422}, } @article{rossel_BreakingTrustBoundaries_2025, title = {Breaking {Trust} {Boundaries}: {A} {Case} {Study} on the {Security} {Implications} of {Robotic} {Simulation} {Software} in {Production} {Environments}}, abstract = {As industrial robots become increasingly prevalent in manufacturing, their security implications have become more relevant. This paper investigates the security vulnerabilities associated with using robotic simulation software in production environments, specifically the case of Fanuc’s Roboguide. The primary objective is to analyze how vulnerabilities of a simulation software can be exploited to breach trust boundaries within a company’s infrastructure. We systematically analyze Roboguide for security vulnerabilities and categorize the found vulnerabilities to determine which goals the attacker can achieve with different access levels to the infrastructure. We identified various vulnerabilities, including a chain of attacks that cause arbitrary code execution on the machine on which Roboguide runs and an attack affecting a physical robot from the internet. The implications of this study underscore the necessity for enhanced security measures in robotic simulation software. Ultimately, this research highlights the critical need for organizations to assess their security protocols and implement stricter safeguards to protect both their IT and OT environments from potential cyber threats.}, language = {en}, journal = {In submission}, author = {Rossel, Jost and Moog, Sven and Somorovsky, Juraj and Pottebaum, Jens and Gräßler, Iris}, year = {2025}, keywords = {somorovskyvorarbeit}, } @misc{fanuc_R30iAR30iAMate_2008, title = {R-{30iA}/{R}-{30iA} {Mate} {Controller} {Operator}'s {Manual} {\textbar} {Ethernet} {Function}}, author = {{FANUC}}, month = aug, year = {2008}, } @misc{mayoral-vilches_OpenStandardAssessing_2021, title = {Towards an open standard for assessing the severity of robot security vulnerabilities, the {Robot} {Vulnerability} {Scoring} {System} ({RVSS})}, doi = {10.48550/arXiv.1807.10357}, abstract = {Robots are typically not created with security as a main concern. Contrasting to typical IT systems, cyberphysical systems rely on security to handle safety aspects. In light of the former, classic scoring methods such as the Common Vulnerability Scoring System (CVSS) are not able to accurately capture the severity of robot vulnerabilities. The present research work focuses upon creating an open and free to access Robot Vulnerability Scoring System (RVSS) that considers major relevant issues in robotics including a) robot safety aspects, b) assessment of downstream implications of a given vulnerability, c) library and third-party scoring assessments and d) environmental variables, such as time since vulnerability disclosure or exposure on the web. Finally, an experimental evaluation of RVSS with contrast to CVSS is provided and discussed with focus on the robotics security landscape.}, urldate = {2025-04-28}, publisher = {arXiv}, author = {Mayoral-Vilches, Víctor and Gil-Uriarte, Endika and Ugarte, Irati Zamalloa and Mendia, Gorka Olalde and Pisón, Rodrigo Izquierdo and Kirschgens, Laura Alzola and Calvo, Asier Bilbao and Cordero, Alejandro Hernández and Apa, Lucas and Cerrudo, César}, month = nov, year = {2021}, keywords = {Computer Science - Cryptography and Security, Computer Science - Robotics}, } @misc{mayoral-vilches_IntroducingRobotVulnerability_2021, title = {Introducing the {Robot} {Vulnerability} {Database} ({RVD})}, doi = {10.48550/arXiv.1912.11299}, abstract = {Cybersecurity in robotics is an emerging topic that has gained significant traction. Researchers have demonstrated some of the potentials and effects of cyber attacks on robots lately. This implies safety related adverse consequences causing human harm, death or lead to significant integrity loss clearly overcoming the privacy concerns in classical IT world. In cybersecurity research, the use of vulnerability databases is a very reliable tool to responsibly disclose vulnerabilities in software products and raise willingness of vendors to address these issues. In this paper we argue, that existing vulnerability databases are of insufficient information density and show some biased content with respect to vulnerabilities in robots. This paper presents the Robot Vulnerability Database (RVD), a directory for responsible disclosure of bugs, weaknesses and vulnerabilities in robots. This article aims to describe the design and process as well as the associated disclosure policy behind RVD. Furthermore the authors present preliminary selected vulnerabilities already contained in RVD and call to the robotics and security communities for contribution to the endeavour of eliminating zero-day vulnerabilities in robotics.}, urldate = {2025-04-28}, publisher = {arXiv}, author = {Mayoral-Vilches, Víctor and Juan, Lander Usategui San and Dieber, Bernhard and Carbajo, Unai Ayucar and Gil-Uriarte, Endika}, month = nov, year = {2021}, keywords = {Computer Science - Cryptography and Security, Computer Science - Robotics}, } @techreport{maggi_RogueAutomationVulnerable_2020, title = {Rogue {Automation}: {Vulnerable} and {Malicious} {Code} in {Industrial} {Programming}}, url = {https://documents.trendmicro.com/assets/white_papers/wp-rogue-automation-vulnerable-and-malicious-code-in-industrial-programming.pdf}, institution = {Trend Micro Research}, author = {Maggi, Federico and Pogliani, Marcello}, month = aug, year = {2020}, } @misc{fanuc_KARELReferenceManual_2014, title = {{KAREL} {Reference} {Manual} ({SYSTEM} {R}-{30iA} and {R}-{30iB} {Controller})}, url = {https://therobotguyllc.com/wp-content/uploads/2015/05/KAREL-Programming-Guide.pdf}, language = {en}, author = {{FANUC}}, year = {2014}, } @misc{iso_83732021Robotics_2021, title = {8373:2021. {Robotics} — {Vocabulary}}, shorttitle = {{ISO} 8373}, url = {https://www.iso.org/standard/75539.html}, abstract = {Robotics — Vocabulary}, language = {en}, urldate = {2025-04-28}, author = {{ISO}}, month = nov, year = {2021}, } @book{knapp_IndustrialNetworkSecurity_2015, title = {Industrial {Network} {Security}: {Securing} {Critical} {Infrastructure} {Networks} for {Smart} {Grid}, {SCADA}, and {Other} {Industrial} {Control} {Systems}}, isbn = {978-0-12-420114-9}, author = {Knapp, Eric D. and Langill, Joel Thomas}, year = {2015}, doi = {10.1016/C2013-0-06836-3}, } @techreport{aljarboua_IndustrialRoboticsOpportunities_2019, title = {Industrial robotics: {Opportunities} for manufacturers of end effectors}, url = {https://www.mckinsey.com/industries/industrials-and-electronics/our-insights/industrial-robotics-opportunities-for-manufacturers-of-end-effectors}, urldate = {2025-06-05}, institution = {McKinsey\&Company}, author = {Aljarboua, Ziyad and Santhanam, Nick and Teulieres, Marc and Thomsen, Jannick and Tilley, Jonathan}, month = feb, year = {2019}, } @techreport{stigge_ReversingCRCTheory_2006, title = {Reversing {CRC} - {Theory} and {Practice}}, abstract = {The Cyclic Redundancy Check (CRC) was developed as a checksum algorithm for the detection of data corruption in the process of data transmission or storage. However, in some scenarios there's a CRC given which a set of data is expected to have, so the data itself has to be modi ed (at the end or at some chosen position) in a way that it computes to the given CRC checksum afterwards. We present methods providing solutions to this problem. Each algorithm is explained in theory and accompanied by an implementation for the CRC32 in the C programming language.}, language = {en}, number = {SAR-PR-2006-05}, institution = {Humboldt University Berlin}, author = {Stigge, Martin and Plötz, Henryk and Müller, Wolf and Redlich, Jens-Peter}, month = may, year = {2006}, } @misc{russinovich_AccessEnumSysinternals_2022, title = {{AccessEnum} - {Sysinternals}}, url = {https://learn.microsoft.com/en-us/sysinternals/downloads/accessenum}, abstract = {This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems.}, language = {en-us}, urldate = {2025-05-26}, author = {Russinovich, Mark}, month = sep, year = {2022}, } @misc{russinovich_ProcessExplorerSysinternals_2024, title = {Process {Explorer} - {Sysinternals}}, url = {https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer}, abstract = {Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more.}, language = {en-us}, urldate = {2025-05-20}, author = {Russinovich, Mark}, month = may, year = {2024}, } @inproceedings{demarinis_ScanningInternetROS_2019, title = {Scanning the {Internet} for {ROS}: {A} {View} of {Security} in {Robotics} {Research}}, shorttitle = {Scanning the {Internet} for {ROS}}, doi = {10.1109/ICRA.2019.8794451}, abstract = {Security is particularly important in robotics, as robots can directly perceive and affect the physical world. We describe the results of a scan of the entire IPv4 address space of the Internet for instances of the Robot Operating System (ROS), a widely used robotics software platform. We identified a number of hosts supporting ROS that are exposed to the public Internet, thereby allowing anyone to access robotic sensors and actuators. As a proof of concept, and with the consent of the relevant researchers, we were able to read image sensor information from and actuate a physical robot present in a research lab in an American university. This paper gives an overview of our findings, including our methodology, the geographic distribution of publicly-accessible platforms, the sorts of sensor and actuator data that is available, and the different kinds of robots and sensors that our scan uncovered. Additionally, we offer recommendations on best practices to mitigate these security issues in the future.}, urldate = {2025-04-28}, booktitle = {2019 {International} {Conference} on {Robotics} and {Automation} ({ICRA})}, author = {DeMarinis, Nicholas and Tellex, Stefanie and Kemerlis, Vasileios P. and Konidaris, George and Fonseca, Rodrigo}, month = may, year = {2019}, keywords = {Actuators, Internet, Robot sensing systems, Security, Service robots}, } @inproceedings{saha_CyRRACyberattackResilient_2022, title = {{CyRRA}: {Cyberattack} {Resilient} {Robotic} {Arm}}, shorttitle = {{CyRRA}}, doi = {10.1109/INDICON56171.2022.10040138}, abstract = {Introduction of the internet-based interconnections among the physical control systems has given rise to more complex process algorithms, and it is necessary to safeguard such systems from cyber attacks that specifically target the loopholes in the system operation. In this paper, we present the cybersecurity for the control system designed to act as a final-line of defense against remote hijacking of the system. CyRRA is implemented using the concept of external-feedback control system in the cyber-physical system (CPS), that includes both action-control system, and action-verification system. The intertwined operation methodology of the two will provide the CPS with multi-layer security features of a conventional user-end defense mechanisms. Additionally, by allowing the device to switch between: monitored and autonomous modes, while preserving the same level of versatility in each mode of device operation. Here we analyze the level of security provided by the IoT server domain (Blynk) over IEEE 802.11 standards; and introduce the security features against the fault injection attack, evil twin attack and the man-in-the-middle attack into the client-device against network vulnerabilities.}, urldate = {2025-02-27}, booktitle = {2022 {IEEE} 19th {India} {Council} {International} {Conference} ({INDICON})}, author = {Saha, Souparna and Saxena, Sahaj and Bhatia, Sajal}, month = nov, year = {2022}, note = {ISSN: 2325-9418}, keywords = {Control systems, Cyber-physical system, Cyber-physical systems, Manipulators, Process control, Servers, Switches, Systems operation, control system, cyberattacks, evil twin attack, fault injection attack, robotic arm}, } @inproceedings{quarta_ExperimentalSecurityAnalysis_2017, title = {An {Experimental} {Security} {Analysis} of an {Industrial} {Robot} {Controller}}, doi = {10.1109/SP.2017.20}, abstract = {Industrial robots, automated manufacturing, and efficient logistics processes are at the heart of the upcoming fourth industrial revolution. While there are seminal studies on the vulnerabilities of cyber-physical systems in the industry, as of today there has been no systematic analysis of the security of industrial robot controllers. We examine the standard architecture of an industrial robot and analyze a concrete deployment from a systems security standpoint. Then, we propose an attacker model and confront it with the minimal set of requirements that industrial robots should honor: precision in sensing the environment, correctness in execution of control logic, and safety for human operators. Following an experimental and practical approach, we then show how our modeled attacker can subvert such requirements through the exploitation of software vulnerabilities, leading to severe consequences that are unique to the robotics domain. We conclude by discussing safety standards and security challenges in industrial robotics.}, urldate = {2025-04-11}, booktitle = {2017 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})}, author = {Quarta, Davide and Pogliani, Marcello and Polino, Mario and Maggi, Federico and Zanchettin, Andrea Maria and Zanero, Stefano}, month = may, year = {2017}, note = {ISSN: 2375-1207}, keywords = {CPS, Internet, Production, Robot sensing systems, Safety, Security, Service robots, industrial robot, system security}, } @inproceedings{pogliani_DetectingInsecureCode_2020, title = {Detecting {Insecure} {Code} {Patterns} in {Industrial} {Robot} {Programs}}, isbn = {978-1-4503-6750-9}, doi = {10.1145/3320269.3384735}, abstract = {Industrial robots are complex and customizable machines that can be programmed with proprietary domain-specific languages. These languages provide not only movement instructions, but also access to low-level system resources such as the network or the file system. Although useful, these features can lead to taint-style vulnerabilities and can be misused to implement malware---on par with general-purpose programming languages.In this paper, we analyze the languages of \$8\$ leading industrial robot vendors, systematize their technical features, and discuss cases of vulnerable and malicious uses. We then describe a static source-code analyzer that we created to analyze robotic programs and discover insecure or potentially malicious code paths. We focused our proof-of-concept implementation on two popular languages, namely ABB's RAPID and KUKA's KRL. By evaluating our tool on a set of publicly available programs, we show that insecure patterns are found in real-world code; therefore, static source-code analysis is an effective security screening mechanism, for example to prevent commissioning insecure or malicious industrial task programs. Finally, we discuss remediation steps that developers and vendors can adopt to mitigate such issues.}, urldate = {2025-04-11}, booktitle = {Proceedings of the 15th {ACM} {Asia} {Conference} on {Computer} and {Communications} {Security}}, author = {Pogliani, Marcello and Maggi, Federico and Balduzzi, Marco and Quarta, Davide and Zanero, Stefano}, month = oct, year = {2020}, } @article{zhu_CybersecurityRoboticsChallenges_2021, title = {Cybersecurity in {Robotics}: {Challenges}, {Quantitative} {Modeling}, and {Practice}}, issn = {1935-8253, 1935-8261}, shorttitle = {Cybersecurity in {Robotics}}, doi = {10.1561/2300000061}, abstract = {Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice}, language = {English}, urldate = {2025-04-28}, journal = {Foundations and Trends® in Robotics}, author = {Zhu, Quanyan and Rass, Stefan and Dieber, Bernhard and Mayoral-Vilches, Víctor}, month = aug, year = {2021}, note = {Publisher: Now Publishers, Inc.}, } @article{yaacoub_RoboticsCyberSecurity_2022, title = {Robotics cyber security: vulnerabilities, attacks, countermeasures, and recommendations}, issn = {1615-5270}, shorttitle = {Robotics cyber security}, doi = {10.1007/s10207-021-00545-8}, abstract = {The recent digital revolution led robots to become integrated more than ever into different domains such as agricultural, medical, industrial, military, police (law enforcement), and logistics. Robots are devoted to serve, facilitate, and enhance the human life. However, many incidents have been occurring, leading to serious injuries and devastating impacts such as the unnecessary loss of human lives. Unintended accidents will always take place, but the ones caused by malicious attacks represent a very challenging issue. This includes maliciously hijacking and controlling robots and causing serious economic and financial losses. This paper reviews the main security vulnerabilities, threats, risks, and their impacts, and the main security attacks within the robotics domain. In this context, different approaches and recommendations are presented in order to enhance and improve the security level of robotic systems such as multi-factor device/user authentication schemes, in addition to multi-factor cryptographic algorithms. We also review the recently presented security solutions for robotic systems.}, language = {en}, urldate = {2025-04-28}, journal = {International Journal of Information Security}, author = {Yaacoub, Jean-Paul A. and Noura, Hassan N. and Salman, Ola and Chehab, Ali}, month = feb, year = {2022}, keywords = {Counter-terrorism/insurgency, Countermeasures, Risk analysis, Robotics, Robotics against COVID-19, Security attacks, Security systems}, } @article{pogliani_SecurityControlledManufacturing_2019, title = {Security of controlled manufacturing systems in the connected factory: the case of industrial robots}, issn = {2263-8733}, shorttitle = {Security of controlled manufacturing systems in the connected factory}, doi = {10.1007/s11416-019-00329-8}, abstract = {In modern factories, “controlled” manufacturing systems, such as industrial robots, CNC machines, or 3D printers, are often connected in a control network, together with a plethora of heterogeneous control devices. Despite the obvious advantages in terms of production and ease of maintenance, this trend raises non-trivial cybersecurity concerns. Often, the devices employed are not designed for an interconnected world, but cannot be promptly replaced: In fact, they have essentially become legacy systems, embodying design patterns where components and networks are accounted as trusted elements. In this paper, we take a holistic view of the security issues (and challenges) that arise in designing and securely deploying controlled manufacturing systems, using industrial robots as a case study—indeed, robots are the most representative instance of a complex automatically controlled industrial device. Following up to our previous experimental analysis, we take a broad look at the deployment of industrial robots in a typical factory network and at the security challenges that arise from the interaction between operators and machines; then, we propose actionable points to secure industrial cyber-physical systems, and we discuss the limitations of the current standards in industrial robotics to account for active attackers.}, language = {en}, urldate = {2025-04-25}, journal = {Journal of Computer Virology and Hacking Techniques}, author = {Pogliani, Marcello and Quarta, Davide and Polino, Mario and Vittone, Martino and Maggi, Federico and Zanero, Stefano}, month = sep, year = {2019}, keywords = {Cyberphysical systems, Cybersecurity, Industrial internet of things, Industrial robots, Industry 4.0}, } @article{khalid_SecurityFrameworkIndustrial_2018, title = {Security framework for industrial collaborative robotic cyber-physical systems}, issn = {0166-3615}, doi = {10.1016/j.compind.2018.02.009}, abstract = {The paper introduces a security framework for the application of human-robot collaboration in a futuristic industrial cyber-physical system (CPS) context of industry 4.0. The basic elements and functional requirements of a secure collaborative robotic cyber-physical system are explained and then the cyber-attack modes are discussed in the context of collaborative CPS whereas a defense mechanism strategy is proposed for such a complex system. The cyber-attacks are categorized according to the extent on controllability and the possible effects on the performance and efficiency of such CPS. The paper also describes the severity and categorization of such cyber-attacks and the causal effect on the human worker safety during human-robot collaboration. Attacks in three dimensions of availability, authentication and confidentiality are proposed as the basis of a consolidated mitigation plan. We propose a security framework based on a two-pronged strategy where the impact of this methodology is demonstrated on a teleoperation benchmark (NeCS-Car). The mitigation strategy includes enhanced data security at important interconnected adaptor nodes and development of an intelligent module that employs a concept similar to system health monitoring and reconfiguration.}, urldate = {2025-02-27}, journal = {Computers in Industry}, author = {Khalid, Azfar and Kirisci, Pierre and Khan, Zeashan Hameed and Ghrairi, Zied and Thoben, Klaus-Dieter and Pannek, Jürgen}, month = may, year = {2018}, keywords = {Cyber physical production system, Cyber security, Human-robot collaboration}, } @article{kayan_CASPERContextAwareIoT_2024, title = {{CASPER}: {Context}-{Aware} {IoT} {Anomaly} {Detection} {System} for {Industrial} {Robotic} {Arms}}, shorttitle = {{CASPER}}, doi = {10.1145/3670414}, abstract = {Industrial cyber-physical systems (ICPS) are widely employed in supervising and controlling critical infrastructures, with manufacturing systems that incorporate industrial robotic arms being a prominent example. The increasing adoption of ubiquitous computing technologies in these systems has led to benefits such as real-time monitoring, reduced maintenance costs, and high interconnectivity. This adoption has also brought cybersecurity vulnerabilities exploited by adversaries disrupting manufacturing processes via manipulating actuator behaviors. Previous incidents in the industrial cyber domain prove that adversaries launch sophisticated attacks rendering network-based anomaly detection mechanisms insufficient as the “physics” involved in the process is overlooked. To address this issue, we propose an IoT-based cyber-physical anomaly detection system that can detect motion-based behavioral changes in an industrial robotic arm. We apply both statistical and state-of-the-art machine learning methods to real-time Inertial Measurement Unit data collected from an edge development board attached to an arm doing a pick-and-place operation. To generate anomalies, we modify the joint velocity of the arm. Our goal is to create an air-gapped secondary protection layer to detect “physical” anomalies without depending on the integrity of network data, thus augmenting overall anomaly detection capability. Our empirical results show that the proposed system, which utilizes 1D convolutional neural networks, can successfully detect motion-based anomalies on a real-world industrial robotic arm. The significance of our work lies in its contribution to developing a comprehensive solution for ICPS security, which goes beyond conventional network-based methods.}, urldate = {2025-02-27}, journal = {ACM Trans. Internet Things}, author = {Kayan, Hakan and Heartfield, Ryan and Rana, Omer and Burnap, Pete and Perera, Charith}, month = aug, year = {2024}, } @article{garg_DigitalTwinFANUC_2021, title = {Digital {Twin} for {FANUC} {Robots}: {Industrial} {Robot} {Programming} and {Simulation} {Using} {Virtual} {Reality}}, copyright = {http://creativecommons.org/licenses/by/3.0/}, issn = {2071-1050}, shorttitle = {Digital {Twin} for {FANUC} {Robots}}, url = {https://www.mdpi.com/2071-1050/13/18/10336}, doi = {10.3390/su131810336}, abstract = {A Digital Twin is the concept of creating a digital replica of physical models (such as a robot). This is similar to establishing a simulation using a robot operating system (ROS) or other industrial-owned platforms to simulate robot operations and sending the details to the robot controller. In this paper, we propose a Digital Twin model that assists in the online/remote programming of a robotic cell by creating a 3D digital environment of a real-world configuration. Our Digital Twin model consists of two components, (1) a physical model: FANUC robot (M-10iA/12), and (2) a digital model: Unity (a gaming platform) that comes with specialized plugins for virtual and augmented reality devices. One of the main challenges in the existing approach of robot programming is writing and modifying code for a robot trajectory that is eased in our framework using a Digital Twin. Using a Digital Twin setup along with Virtual Reality, we observe the trajectory replication between digital and physical robots. The simulation analysis provided a latency of approximately 40 ms with an error range of −0.28 to 0.28∘ across the robot joint movements in a simulation environment and −0.3 to 0.3∘ across the actual robot joint movements. Therefore, we can conclude that our developed model is suitable for industrial applications.}, language = {en}, urldate = {2025-05-19}, journal = {Sustainability}, author = {Garg, Gaurav and Kuts, Vladimir and Anbarjafari, Gholamreza}, month = jan, year = {2021}, note = {Number: 18 Publisher: Multidisciplinary Digital Publishing Institute}, keywords = {Digital Twin, FANUC, Virtual Reality, robot programming}, } @article{frohm_IndustrysViewAutomation_2006, title = {The {Industry}'s {View} on {Automation} in {Manufacturing}}, issn = {14746670}, doi = {10.3182/20060522-3-FR-2904.00073}, language = {en}, urldate = {2025-05-22}, journal = {IFAC Proceedings Volumes}, author = {Frohm, J. and Lindström, V. and Winroth, M and Stahre, J.}, year = {2006}, } @article{dieber_SecurityRobotOperating_2017, title = {Security for the {Robot} {Operating} {System}}, issn = {0921-8890}, doi = {10.1016/j.robot.2017.09.017}, abstract = {Future robotic systems will be situated in highly networked environments where they communicate with industrial control systems, cloud services or other systems at remote locations. In this trend of strong digitization of industrial systems (also sometimes referred to as Industry 4.0), cyber attacks are an increasing threat to the integrity of the robotic systems at the core of this new development. It is expected, that the Robot Operating System (ROS) will play an important role in robotics outside of pure research-oriented scenarios. ROS however has significant security issues which need to be addressed before such products should reach mass markets. In this paper we present the most common vulnerabilities of ROS, attack vectors to exploit those and several approaches to secure ROS and similar systems. We show how to secure ROS on an application level and describe a solution which is integrated directly into the ROS core. Our proposed solution has been implemented and tested with recent versions of ROS, and adds security to all communication channels without being invasive to the system kernel itself.}, urldate = {2025-04-28}, journal = {Robotics and Autonomous Systems}, author = {Dieber, Bernhard and Breiling, Benjamin and Taurer, Sebastian and Kacianka, Severin and Rass, Stefan and Schartner, Peter}, month = dec, year = {2017}, keywords = {Industry 4.0, ROS, Robotics, Security}, } @article{botta_CyberSecurityRobots_2023, title = {Cyber security of robots: {A} comprehensive survey}, issn = {2667-3053}, shorttitle = {Cyber security of robots}, doi = {10.1016/j.iswa.2023.200237}, abstract = {The use of robots in the modern world is widespread, not only in medicine and automated vehicles, but also in national security, defense, and industry. Together with the growing number of robots there is also an increase of cyber attacks against robots and in general of their security issues. Thus, we consider cyber security and related issues such as robots vulnerabilities from different perspectives that need to be investigated in order to understand strengths and weaknesses of robots. The aim of this paper is to cover the topic of cyber security in robots in a more focused and comprehensive way with respect to what has been done previously in literature. Throughout our comprehensive survey, we discuss also different aspects related to threats, attacks, and available methods for preventing malicious behavior from robots. As a result of our investigation, it has been found that robots' data, software, network, and hardware are the most vulnerable components. During this review, eventually current approaches to protect robots are discussed in order to maintain their integrity, availability, and confidentiality. Furthermore, we demonstrate that the likelihood of cyber security risks on robotic platforms can be significantly reduced through improvements in encryption, authorization/authentication, and physical security. Security level of different robotic systems is analyzed in different fields so as to determine whether the security needs to be upgraded or rectified. We also present and describe open challenges that can arise in the next few years. This paper aims at being a starting point for researchers and practitioners to understand and upgrade the cyber security of robots.}, urldate = {2025-04-28}, journal = {Intelligent Systems with Applications}, author = {Botta, Alessio and Rotbei, Sayna and Zinno, Stefania and Ventre, Giorgio}, month = may, year = {2023}, keywords = {Cyber security, DoS, ROS, Robot forensics}, } @article{bhardwaj_CyberSecurityAttacks_2019, title = {Cyber security attacks on robotic platforms}, issn = {1353-4858}, doi = {10.1016/S1353-4858(19)30122-9}, abstract = {Robotic technology has been rapidly transforming world economies in terms of business productivity and profitability. The market is shifting towards optimisation and automation – not just for the warehousing and manufacturing sectors, but even non-industrial areas such as defence, farming, hospitals, offices and even schools. The availability of open source platforms, falling hardware and electronics prices, prompt prototyping and convergence of technologies are some of the major reasons for this new revolution. However, cyber security and physical threats are high-priority areas when critical applications and missions are involved. Robotic technology has been rapidly transforming world economies in terms of business productivity and profitability. However, security threats are not always top of mind. Open source platforms, falling hardware and electronics prices and fast prototyping are some of the reasons for this new revolution. Cyber security and physical threats are high-priority areas when critical applications and missions are involved. Dr Akashdeep Bhardwaj, Dr Vinay Avasthi and Dr Sam Goundar analyse the threats to robotic systems and map the CIA model to boost security resilience.}, urldate = {2025-02-27}, journal = {Network Security}, author = {Bhardwaj, Akashdeep and Avasthi, Vinay and Goundar, Sam}, month = oct, year = {2019}, } @article{bhardwaj_RetractedSecureFramework_2022, title = {({Retracted}) {Secure} framework against cyber attacks on cyber-physical robotic systems}, issn = {1017-9909, 1560-229X}, doi = {10.1117/1.JEI.31.6.061802}, abstract = {The Editor-in-Chief and the publisher have retracted this article, which was submitted as part of a guest-edited special section. An investigation uncovered evidence of systematic manipulation of the publication process, including compromised peer review. The Editor and publisher no longer have confidence in the results and conclusions of the article.AB, KK, HJA, and MK did not agree with the retraction. MDA either did not respond directly or could not be reached.}, urldate = {2025-02-27}, journal = {Journal of Electronic Imaging}, author = {Bhardwaj, Akashdeep and Alshehri, Mohammad Dahman and Kaushik, Keshav and Alyamani, Hasan J. and Kumar, Manoj}, month = mar, year = {2022}, note = {Publisher: SPIE}, } @techreport{allman_FTPSecurityConsiderations_1999, title = {{FTP} {Security} {Considerations}}, language = {en}, number = {RFC2577}, urldate = {2025-05-16}, institution = {RFC Editor}, author = {Allman, M. and Ostermann, S.}, month = may, year = {1999}, doi = {10.17487/rfc2577}, pages = {RFC2577}, } @article{mayoral-vilches_RobotCybersecurityReview_2022, title = {Robot {Cybersecurity}, a {Review}}, copyright = {Copyright (c) 2022 Concept Tech Publishing}, issn = {2753-9997}, doi = {10.46386/ijcfati.crossmarkpolicy}, abstract = {Robots are often shipped insecure and in some cases fully unprotected. The rationale behind is threefold: first, defensive security mechanisms for robots are still in their early stages, not covering the complete threat landscape. Second, the inherent complexity of robotic systems makes their protection costly, both technically and economically. Third, vendors do not generally take responsibility in a timely manner, extending the zero-day exposure window (time until mitigation of a zero-day) to several years on average. Worse, several manufacturers keep forwarding the problem to the end-users of these machines or discarding it. In this article we review the status of robot cybersecurity considering three sources of data: 1) recent literature, 2) questionnaires performed in top robotics forums and 3) recent research results in robot cybersecurity. Building upon a decade of experience in robotics, this article reviews the current status of cybersecurity in robotics and argues about the current challenges to secure robotic systems. Ultimately, based on the empirical results collected over a period of three years performing security assessments in robots, the present text advocates for a complementary offensive approach methodology to protect robots in a feasible and timely manner.}, language = {en}, urldate = {2025-04-28}, journal = {International Journal of Cyber Forensics and Advanced Threat Investigations}, author = {Mayoral-Vilches, Víctor}, month = jan, year = {2022}, keywords = {Offensive, Review, Robotics, Security, Survey}, } @misc{fleck_GiantsIndustrialRobotics_2024, title = {The {Giants} of {Industrial} {Robotics}}, url = {https://www.statista.com/chart/32239/global-market-share-of-industrial-robotics-companies}, abstract = {This chart shows the estimated global market share of industrial robotics companies in 2022, by value.}, language = {en}, urldate = {2025-05-22}, journal = {Statista Daily Data}, author = {Fleck, Anna}, month = may, year = {2024}, } @misc{convergix_7KeyManufacturing_2024, title = {7 {Key} {Manufacturing} {Automation} {Statistics}}, url = {https://convergixautomation.com/7-manufacturing-automation-statistics-and-key-takeaways/}, abstract = {Learn about the state of manufacturing using 7 key statistics about factory automation, and the lessons we can draw from them.}, language = {en-US}, urldate = {2025-05-22}, author = {{Convergix}}, month = aug, year = {2024}, } @misc{ifrinternationalfederationofrobotics_Record4Million_2024, title = {Record of 4 {Million} {Robots} in {Factories} {Worldwide}}, url = {https://ifr.org/ifr-press-releases/news/record-of-4-million-robots-working-in-factories-worldwide}, abstract = {The new World Robotics report recorded 4,281,585 units operating in factories worldwide - an increase of 10\%. Annual installations exceeded half a million units for the third consecutive year. By region, 70\% of all newly deployed robots 2023 were installed in Asia, 17\% in Europe and 10\% in the Americas.}, language = {en}, urldate = {2025-05-22}, author = {{IFR International Federation of Robotics}}, month = sep, year = {2024}, } @misc{fanuceurope_SimulationSoftwareROBOGUIDE_2025, title = {Simulation {Software} {ROBOGUIDE}}, url = {https://www.fanuc.eu/eu-en/accessory/software/simulation-software-roboguide}, abstract = {Explore FANUC's Simulation Software ROBOGUIDE, designed for FANUC industrial robots. Create, simulate, and optimise robot programs.}, language = {eu-en}, urldate = {2025-04-24}, author = {{FANUC}}, month = jan, year = {2025}, } @misc{mdn_CrosssiteRequestForgery_2025, title = {Cross-site request forgery - {Security} on the web}, url = {https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/CSRF}, abstract = {In a cross-site request forgery (CSRF) attack, an attacker tricks the user or the browser into making an HTTP request to the target site from a malicious site. The request includes the user's credentials and causes the server to carry out some harmful action, thinking that the user intended it.}, language = {en-US}, urldate = {2025-05-21}, author = {{MDN}}, month = may, year = {2025}, } @misc{mdn_AccessControlAllowOriginHTTP_2025, title = {Access-{Control}-{Allow}-{Origin} - {HTTP}}, url = {https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Allow-Origin}, abstract = {The HTTP Access-Control-Allow-Origin response header indicates whether the response can be shared with requesting code from the given origin.}, language = {en-US}, urldate = {2025-05-21}, author = {{MDN}}, month = mar, year = {2025}, } @misc{dha_MoveFilesRoboguide_2019, title = {Move files from {Roboguide} to robot controller}, url = {https://www.robot-forum.com/robotforum/thread/30926-move-files-from-roboguide-to-robot-controller/}, abstract = {I've been playing with roboguide, created a program and will need to setup DCS next. Once that's than, how do I move those files/setup from PC over to the actual robot controller? Thanks, Tom}, language = {en}, urldate = {2025-05-21}, journal = {Robotforum}, author = {{dha}}, month = mar, year = {2019}, } @misc{lexx905_RoboguideAllBackup_2017, title = {Roboguide {All} {Of} {Above} {Backup}}, url = {https://www.robot-forum.com/robotforum/thread/23942-roboguide-all-of-above-backup/}, abstract = {Hi guys, I have create a robot in Roboguide with the All Of above of a real Robot. Now after deleting some programs and made a few changes in I/O comments, Payload, etc... I would like to know how to create an All Of Above Backup in Roboguide to put it…}, language = {en}, urldate = {2025-05-21}, journal = {Robotforum}, author = {{lexx905}}, month = jul, year = {2017}, } @misc{abbroboticsuserforums_ProperWayMove_2024, title = {proper way to move from simulation to actual robot}, url = {https://forums.robotstudio.com/discussion/14197/proper-way-to-move-from-simulation-to-actual-robot}, abstract = {I've been running simulations of our IRB14050 robot in RobotStudio for a while and I'd like to move programs to the actual robot once they're tested in simulation.In the simulations added the robot in an empty station, added a controller from layout and then tryied to match the actual controller tweaking options and configuration.}, language = {en}, urldate = {2025-05-19}, journal = {ABB Robotics User Forums}, author = {{DenisFR}}, month = may, year = {2024}, keywords = {evidence-transfer-backup-usb}, } @misc{andreic_TransferringRobotRoboguide_2018, title = {Transferring a {Robot} from {Roboguide} to {Real} {Robot}}, url = {https://www.robot-forum.com/robotforum/thread/29637-transferring-a-robot-from-roboguide-to-real-robot/}, abstract = {Soon I’m going to be working remote on several projects, and will be doing most, if not all, of the programming in Roboguide. In the past I’ve only written a few TP programs and just FTP’d those to the physical controller. With these projects I will be…}, language = {en}, urldate = {2025-05-19}, journal = {Robotforum}, author = {{andreic}}, month = nov, year = {2018}, } @misc{russinovich_ProcessMonitorSysinternals_2024, title = {Process {Monitor} - {Sysinternals}}, url = {https://learn.microsoft.com/en-us/sysinternals/downloads/procmon}, abstract = {Monitor file system, Registry, process, thread and DLL activity in real-time.}, language = {en-us}, urldate = {2025-05-20}, author = {Russinovich, Mark}, month = jun, year = {2024}, } @misc{wiresharkfoundation_Wireshark_2025, title = {Wireshark}, url = {https://www.wireshark.org/}, urldate = {2025-05-20}, author = {{Wireshark Foundation}}, year = {2025}, } @misc{cwe_Top25Most_2024, title = {Top 25 {Most} {Dangerous} {Software} {Weaknesses}}, url = {https://cwe.mitre.org/top25/archive/2024/2024_cwe_top25.html}, urldate = {2025-05-20}, author = {{CWE}}, year = {2024}, } @misc{owaspfoundation_OWASPTopTen_2021, title = {{OWASP} {Top} {Ten}}, url = {https://owasp.org/www-project-top-ten/}, abstract = {The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code.}, language = {en}, urldate = {2025-05-20}, author = {{OWASP Foundation}}, year = {2021}, } @article{kuka_KUKASimSmartSimulation_2021, title = {{KUKA}.{Sim}. {Smart} simulation software.}, language = {en}, author = {{KUKA}}, month = jun, year = {2021}, } @misc{robodk_TransferRobotProgram_2025, title = {Transfer a robot program}, url = {https://robodk.com/doc/en/Robots-KUKA-Transfer-robot-program.html}, urldate = {2025-05-19}, author = {{RoboDK}}, year = {2025}, keywords = {evidence-transfer-program-usb}, } @misc{marcellus_RevolutionizingRoboticsInDepth_2024, title = {Revolutionizing {Robotics}: {An} {In}-{Depth} {Look} at {ABB}'s {RobotStudio} and {Value} {Provider} {Program}}, shorttitle = {Revolutionizing {Robotics}}, url = {https://goabco.com/blog/revolutionizing-robotics-an-in-depth-look-at-abbs-robotstudio}, abstract = {Explore the benefits of offline programming, simulation, and working with accredited partners for enhanced automation solutions.}, language = {en}, urldate = {2025-05-19}, journal = {ABCO Automation}, author = {Marcellus, Dwight}, month = jul, year = {2024}, keywords = {evidence-sim-physical-same-firmware}, } @misc{visualcomponents_KUKASimAddOn_2024, title = {{KUKA} {Sim} {AddOn} {Part} 4 {Connecting} to a real {KUKA} robot}, url = {https://www.youtube.com/watch?v=DBEykuAC2Cw}, urldate = {2025-05-19}, author = {{Visual Components}}, month = may, year = {2024}, keywords = {evidence-transfer-program-network}, } @misc{msdroboticslab_DownloadInstallRobot_2025, title = {Download \& {Install} {Robot} {Studio}}, url = {https://ms-kb.msd.unimelb.edu.au/msd-robotics-lab/software/software/abb-robot-studio/download-and-install-robot-studio}, abstract = {How to guide on downloading and installing ABB Robot Studio v6.08}, language = {en}, urldate = {2025-05-19}, author = {{MSD Robotics Lab}}, month = mar, year = {2025}, keywords = {evidence-sim-physical-same-firmware}, } @misc{fortiguardlabs_IntrusionPreventionFTPProtocolBounceAttack_2014, title = {Intrusion {Prevention} {\textbar} {FTP}.{Protocol}.{Bounce}.{Attack}}, url = {https://fortiguard.fortinet.com/encyclopedia/ips/109445133}, abstract = {This indicates a potential for port scanning, bypassing basic packet filtering services, and bypassing export restrictions via FTP.File Transfer Pr...}, language = {en}, urldate = {2025-05-16}, author = {{FortiGuard Labs}}, month = sep, year = {2014}, } @misc{sonicwall_LogShowsFTP_2023, title = {The {Log} {Shows} {FTP}: {PASV} response bounce attack dropped}, shorttitle = {The {Log} {Shows} {FTP}}, url = {https://www.sonicwall.com/support/knowledge-base/the-log-shows-ftp-pasv-response-bounce-attack-dropped/170504936761318}, abstract = {The Log Shows FTP: PASV response bounce attack dropped}, language = {en}, urldate = {2025-05-16}, author = {{SonicWall}}, month = dec, year = {2023}, } @misc{mdn_MixedContentSecurity_2025, title = {Mixed content - {Security} on the web}, url = {https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content}, abstract = {When a web page is loaded from a secure origin, over a secure channel such as HTTPS, the connection with the web server is encrypted, and is therefore protected from eavesdropping and modification by man-in-the-middle attacks. If the securely loaded web page only includes images, scripts, and other resources that are also hosted on secure origins, users can be confident that the whole page is safe from these kinds of attacks.}, language = {en-US}, urldate = {2025-05-16}, author = {{MDN}}, month = may, year = {2025}, } @incollection{dieber_PenetrationTestingROS_2020, address = {Cham}, title = {Penetration {Testing} {ROS}}, isbn = {978-3-030-20190-6}, abstract = {ROS is the most popular framework in robotics research and it also grows in terms of industrial use. This makes ROS a worthwhile target for attackers especially since security is not addressed by the core framework itself. Its open architecture and flexibility are also the reasons why ROS suffers from security issues. For example, in ROS it is possible to isolate single nodes from the rest of the application without the ROS master, the other nodes or even the node itself (i.e., its business code) noticing it. This is true for publishers, subscribers and services alike. This makes attacks very difficult to spot at runtime. Penetration testing is the most common security testing practice. The goal is to test an application for possible security flaws. To better facilitate penetration testing for ROS, we introduce ROSPenTo and Roschaos, tools that make use of the vulnerabilities of ROS and demonstrate how ROS applications can be sabotaged by an attacker. In this tutorial you will learn about the ROS XML-RPC API, which is our main attack point. You will see, how API attacks on ROS work in depth. You will get to know Roschaos and ROSPentTo, two tools, which can be used to manipulate running ROS applications.}, language = {en}, urldate = {2025-04-28}, booktitle = {Robot {Operating} {System} ({ROS}): {The} {Complete} {Reference} ({Volume} 4)}, publisher = {Springer International Publishing}, author = {Dieber, Bernhard and White, Ruffin and Taurer, Sebastian and Breiling, Benjamin and Caiazza, Gianluca and Christensen, Henrik and Cortesi, Agostino}, editor = {Koubaa, Anis}, year = {2020}, doi = {10.1007/978-3-030-20190-6_8}, keywords = {Penetration testing, ROS, Security}, pages = {183--225}, } @misc{grandviewresearch_IndustrialRoboticsMarket_2024, title = {Industrial {Robotics} {Market} {Size}, {Share} {\textbar} {Industry} {Report}, 2030}, url = {https://www.grandviewresearch.com/industry-analysis/industrial-robotics-market}, abstract = {The global industrial robotics market size was estimated at USD 33,956.1 million in 2024 and is projected to grow at a CAGR of 9.9\% from 2025 to 2030}, language = {en}, urldate = {2025-04-28}, author = {{Grand View Research}}, year = {2024}, } @misc{quarta_RoboSecIndustrialRobots_2021, title = {{RoboSec}: {Industrial} {Robots} {Security}}, shorttitle = {{RoboSec}}, url = {http://robosec.org}, abstract = {This site hosts material and references on our research on the security of industrial robots.}, language = {en}, urldate = {2025-04-25}, author = {Quarta, Davide and Pogliani, Marcello and Polino, Mario and Maggi, Federico and Zanchettin, Andrea Maria and Zanero, Stefano}, year = {2021}, } @misc{rahman_CyberPhysicalSecurityVulnerabilities_2025, title = {Cyber-{Physical} {Security} {Vulnerabilities} {Identification} and {Classification} in {Smart} {Manufacturing} -- {A} {Defense}-in-{Depth} {Driven} {Framework} and {Taxonomy}}, copyright = {Creative Commons Attribution Non Commercial No Derivatives 4.0 International}, url = {https://arxiv.org/abs/2501.09023}, doi = {10.48550/ARXIV.2501.09023}, abstract = {The increasing cybersecurity threats to critical manufacturing infrastructure necessitate proactive strategies for vulnerability identification, classification, and assessment. Traditional approaches, which define vulnerabilities as weaknesses in computational logic or information systems, often overlook the physical and cyber-physical dimensions critical to manufacturing systems, comprising intertwined cyber, physical, and human elements. As a result, existing solutions fall short in addressing the complex, domain-specific vulnerabilities of manufacturing environments. To bridge this gap, this work redefines vulnerabilities in the manufacturing context by introducing a novel characterization based on the duality between vulnerabilities and defenses. Vulnerabilities are conceptualized as exploitable gaps within various defense layers, enabling a structured investigation of manufacturing systems. This paper presents a manufacturing-specific cyber-physical defense-in-depth model, highlighting how security-aware personnel, post-production inspection systems, and process monitoring approaches can complement traditional cyber defenses to enhance system resilience. Leveraging this model, we systematically identify and classify vulnerabilities across the manufacturing cyberspace, human element, post-production inspection systems, production process monitoring, and organizational policies and procedures. This comprehensive classification introduces the first taxonomy of cyber-physical vulnerabilities in smart manufacturing systems, providing practitioners with a structured framework for addressing vulnerabilities at both the system and process levels. Finally, the effectiveness of the proposed model and framework is demonstrated through an illustrative smart manufacturing system and its corresponding threat model.}, urldate = {2025-02-24}, publisher = {arXiv}, author = {Rahman, Md Habibor and Shafae, Mohammed}, year = {2025}, note = {GSCC: 0000000 2025-02-25T07:55:14.379Z Version Number: 1}, keywords = {Cryptography and Security (cs.CR), FOS: Computer and information sciences}, } @techreport{stouffer_GuideOperationalTechnology_2023, title = {Guide to {Operational} {Technology} ({OT}) security}, abstract = {This document provides guidance on how to secure operational technology (OT) while addressing their unique performance, reliability, and safety requirements. OT encompasses a broad range of programmable systems and devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems and devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include industrial control systems, building automation systems, transportation systems, physical access control systems, physical environment monitoring systems, and physical environment measurement systems. The document provides an overview of OT and typical system topologies, identifies common threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks.}, language = {en}, number = {NIST SP 800-82r3}, urldate = {2025-03-05}, institution = {National Institute of Standards and Technology (U.S.)}, author = {Stouffer, Keith and Pease, Michael and Tang, CheeYee and Zimmerman, Timothy and Pillitteri, Victoria and Lightman, Suzanne and Hahn, Adam and Saravia, Stephanie and Sherule, Aslam and Thompson, Michael}, month = sep, year = {2023}, doi = {10.6028/NIST.SP.800-82r3}, } @techreport{williams_ReferenceModelComputer_1989, title = {A {Reference} {Model} {For} {Computer} {Integrated} {Manufacturing} ({CIM})}, url = {https://www.pera.net/Pera/PurdueReferenceModel/ReferenceModel.pdf}, urldate = {2025-04-23}, institution = {Purdue Research Foundation}, author = {Williams, Theodore J.}, year = {1989}, } @article{mahesh_SurveyCybersecurityDigital_2021, title = {A {Survey} of {Cybersecurity} of {Digital} {Manufacturing}}, volume = {109}, issn = {1558-2256}, url = {https://ieeexplore.ieee.org/document/9247392}, doi = {10.1109/JPROC.2020.3032074}, abstract = {The Industry 4.0 concept promotes a digital manufacturing (DM) paradigm that can enhance quality and productivity, which reduces inventory and the lead time for delivering custom, batch-of-one products based on achieving convergence of additive, subtractive, and hybrid manufacturing machines, automation and robotic systems, sensors, computing, and communication networks, artificial intelligence, and big data. A DM system consists of embedded electronics, sensors, actuators, control software, and interconnectivity to enable the machines and the components within them to exchange data with other machines, components therein, the plant operators, the inventory managers, and customers. This article presents the cybersecurity risks in the emerging DM context, assesses the impact on manufacturing, and identifies approaches to secure DM.}, number = {4}, urldate = {2025-02-25}, journal = {Proceedings of the IEEE}, author = {Mahesh, Priyanka and Tiwari, Akash and Jin, Chenglu and Kumar, Panganamala R. and Reddy, A. L. Narasimha and Bukkapatanam, Satish T. S. and Gupta, Nikhil and Karri, Ramesh}, month = apr, year = {2021}, note = {Conference Name: Proceedings of the IEEE}, keywords = {Computer crime, Digital manufacturing (DM), Digital systems, Fourth Industrial Revolution, Intelligent sensors, Machine components, Process control, Robot sensing systems, Sensor systems, Service robots, Smart manufacturing, Virtual manufacturing}, pages = {495--516}, } @article{graves_CharacteristicAspectsAdditive_2019, title = {Characteristic {Aspects} of {Additive} {Manufacturing} {Security} {From} {Security} {Awareness} {Perspectives}}, volume = {7}, copyright = {https://creativecommons.org/licenses/by/4.0/legalcode}, issn = {2169-3536}, url = {https://ieeexplore.ieee.org/document/8779615/}, doi = {10.1109/ACCESS.2019.2931738}, urldate = {2025-03-17}, journal = {IEEE Access}, author = {Graves, Lynne M. G. and Lubell, Joshua and King, Wayne and Yampolskiy, Mark}, year = {2019}, pages = {103833--103853}, } @article{humayed_CyberPhysicalSystemsSecurity_2017, title = {Cyber-{Physical} {Systems} {Security}—{A} {Survey}}, volume = {4}, copyright = {https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html}, issn = {2327-4662}, url = {http://ieeexplore.ieee.org/document/7924372/}, doi = {10.1109/JIOT.2017.2703172}, number = {6}, urldate = {2025-03-17}, journal = {IEEE Internet of Things Journal}, author = {Humayed, Abdulmalik and Lin, Jingqiang and Li, Fengjun and Luo, Bo}, month = dec, year = {2017}, pages = {1802--1831}, } @article{saeidlou_CyberPhysicalSystemSecurity_2025, title = {Cyber-{Physical} {System} {Security} for {Manufacturing} {Industry} 4.0 {Using} {LSTM}-{CNN} {Parallel} {Orchestration}}, volume = {13}, copyright = {https://creativecommons.org/licenses/by-nc-nd/4.0/}, issn = {2169-3536}, url = {https://ieeexplore.ieee.org/document/10820346/}, doi = {10.1109/ACCESS.2025.3525520}, urldate = {2025-02-24}, author = {Saeidlou, Salman and Ghadiminia, Nikdokht and Oti-Sarpong, Kwadwo}, year = {2025}, note = {0 citations (Crossref/DOI) [2025-02-25] GSCC: 0000001 2025-02-25T07:55:11.784Z }, pages = {3788--3801}, } @article{padmanabhan_CybersecurityRisksMitigation_2018, title = {Cybersecurity risks and mitigation strategies in additive manufacturing}, volume = {3}, issn = {2363-9512, 2363-9520}, url = {http://link.springer.com/10.1007/s40964-017-0036-9}, doi = {10.1007/s40964-017-0036-9}, language = {en}, number = {1-2}, urldate = {2025-02-24}, journal = {Progress in Additive Manufacturing}, author = {Padmanabhan, Anudeep and Zhang, Jing}, month = jun, year = {2018}, note = {21 citations (Semantic Scholar/DOI) [2025-02-25]}, pages = {87--93}, } @article{gupta_AdditiveManufacturingCyberPhysical_2020, title = {Additive {Manufacturing} {Cyber}-{Physical} {System}: {Supply} {Chain} {Cybersecurity} and {Risks}}, volume = {8}, copyright = {https://creativecommons.org/licenses/by/4.0/legalcode}, issn = {2169-3536}, shorttitle = {Additive {Manufacturing} {Cyber}-{Physical} {System}}, url = {https://ieeexplore.ieee.org/document/9026901/}, doi = {10.1109/ACCESS.2020.2978815}, urldate = {2025-02-24}, journal = {IEEE Access}, author = {Gupta, Nikhil and Tiwari, Akash and Bukkapatnam, Satish T. S. and Karri, Ramesh}, year = {2020}, note = {74 citations (Semantic Scholar/DOI) [2025-02-25]}, pages = {47322--47333}, } @article{oyebanjoogunlela_CyberPhysicalSystemsSecurity_2025, title = {Cyber-{Physical} systems security vulnerabilities in manufacturing supply chain operations}, volume = {7}, copyright = {https://creativecommons.org/licenses/by-nc/4.0}, issn = {2664-3596, 2664-3588}, url = {https://fepbl.com/index.php/ijmer/article/view/1797}, doi = {10.51594/ijmer.v7i1.1797}, abstract = {The menace of Cyber-Physical (CP) attacks is becoming a major concern, because of the potential adverse effect posed to organizations' supply chain and production activities. For example, product design, equipment destruction, or in some cases, modifications to the manufacturing process, may go unnoticed when adequate measures to protect or deter this issue are not implemented. This study explored the various security vulnerabilities in Cyber-Physical Systems (CPS) in the supply chain system, focusing on the impact of cyberattacks on the production process and data bridge, leading to financial loss. Desktop analysis was adopted through a literature review of existing studies on CP attacks and supply chain management in the manufacturing industry. The study highlights how the security framework and policies in an organization could help reduce risk, whilst still ensuring operational efficiency is maintained. In addition, it contributes to knowledge by evaluating the challenges of CP security and how more proactive prevention and mitigation strategies can be implemented, as well as policies, to help reduce cyberattacks on the supply chain and production system of an organization. Keywords: Cyber-Physical Systems, Policy, Cyberattack, Manufacturing, Supply Chain, Framework.}, number = {1}, urldate = {2025-02-24}, journal = {International Journal of Management \& Entrepreneurship Research}, author = {{Oyebanjo Ogunlela}}, month = jan, year = {2025}, note = {GSCC: 0000000 2025-02-25T07:55:19.403Z }, pages = {43--56}, } @article{universityofjordan_RiskAuditingDigital_2025, title = {Risk auditing for {Digital} {Twins} in cyber physical systems: {A} systematic review}, volume = {2025}, issn = {30795354}, shorttitle = {Risk auditing for {Digital} {Twins} in cyber physical systems}, url = {https://jcsra.thestap.com/archives/volume-2025-1/3}, doi = {10.63180/jcsra.thestap.2025.1.3}, abstract = {Digital Twins are emerging as a transformative technology within Cyber-Physical Systems (CPS), offering enhanced optimization, predictive maintenance, and real-time monitoring. However, their integration also introduces significant security challenges. These include vulnerabilities such as data breaches, unauthorized access, and cyber-attacks that disrupt real-time data flow between their physical and digital components. The involvement of IoT devices, sensors, and complex networked environments expands the attack surface, making Digital Twins susceptible to threats like Distributed Denial-of-Service (DDoS) attacks, malware infiltration, and insider sabotage. Effective risk management and assessment are crucial in identifying vulnerabilities, evaluating risks, and implementing mitigation strategies. Securing Digital Twins ensures data integrity, system reliability, and the continued functionality of the physical assets they represent. This paper aims to classify the various security threats associated with Digital Twins and propose structured risk management approaches to enhance their security within CPS. By addressing these challenges, organizations can ensure the dependability and trustworthiness of Digital Twin implementations across industries such as manufacturing, healthcare, smart cities, and IoT ecosystems.}, number = {1}, urldate = {2025-02-24}, journal = {Journal of Cyber Security and Risk Auditing}, author = {Otoom, Shahed}, month = jan, year = {2025}, pages = {22--35}, } @inproceedings{wang_CyberattacksCybersecurityAdditive_2024, address = {Atlanta, GA, USA}, title = {Cyberattacks and {Cybersecurity} in {Additive} {Manufacturing}}, copyright = {https://doi.org/10.15223/policy-029}, isbn = {979-8-3503-1710-7}, url = {https://ieeexplore.ieee.org/document/10500033/}, doi = {10.1109/SoutheastCon52093.2024.10500033}, urldate = {2025-02-24}, booktitle = {{SoutheastCon} 2024}, publisher = {IEEE}, author = {Wang, Lidong and Mosher, Reed L. and Duett, Patti}, month = mar, year = {2024}, pages = {1040--1045}, } @inproceedings{fteiha_SecuringFutureDigital_2024, address = {Veliko Tarnovo, Bulgaria}, title = {Securing the {Future} of {Digital} {Manufacturing}: {A} {Review} of {Vulnerabilities} and {Mitigation} {Strategies}}, copyright = {https://doi.org/10.15223/policy-029}, isbn = {979-8-3503-5286-3}, shorttitle = {Securing the {Future} of {Digital} {Manufacturing}}, url = {https://ieeexplore.ieee.org/document/10811264/}, doi = {10.1109/CIEES62939.2024.10811264}, urldate = {2025-02-24}, booktitle = {2024 5th {International} {Conference} on {Communications}, {Information}, {Electronic} and {Energy} {Systems} ({CIEES})}, publisher = {IEEE}, author = {Fteiha, Bara’ and Ayoub, Aesha Ahmed and Hussein, Linda Yasser and Zia, Huma}, month = nov, year = {2024}, pages = {1--8}, } @article{kim_SurveyCyberPhysical_2018, title = {A {Survey} on {Cyber} {Physical} {System} {Security} for {IoT}: {Issues}, {Challenges}, {Threats}, {Solutions}}, volume = {14}, shorttitle = {A {Survey} on {Cyber} {Physical} {System} {Security} for {IoT}}, url = {https://doi.org/10.3745/JIPS.03.0105}, doi = {10.3745/JIPS.03.0105}, number = {6}, urldate = {2025-02-24}, journal = {Journal of Information Processing Systems}, author = {Kim, Nam Yong and Rathore, Shailendra and Ryu, Jung Hyun and Park, Jin Ho and Park, Jong Hyuk}, month = dec, year = {2018}, pages = {1361--1384}, } @misc{iso_1030321IndustrialAutomation_2016, title = {10303-21. {Industrial} automation systems and integration — {Product} data representation and exchange — {Part21}: {Implementation} methods: {Clear} text encoding of the exchange structure}, shorttitle = {{ISO} 10303-21:2016}, url = {https://www.iso.org/standard/63141.html}, abstract = {ISO 6983-1:2009 specifies requirements and makes recommendations for a data format for positioning, line motion and contouring control systems used in the numerical control of machines. ISO 6983-1:2009 helps the co-ordination of system design in order to minimize the variety of program manuscripts required, to promote uniformity of programming techniques, and to foster interchangeability of input programs between numerically controlled machines of the same classification by type, process, function, size and accuracy. It is intended that simple numerically controlled machines be programmed using a simple format, which is systematically extensible for more complex machines. ISO 6983-1:2009 is not intended for use in the specialized cases of numerically controlled flame cutting machines and drafting machines used specifically and exclusively in the shipbuilding industry. In this application, a related format (“the ESSI Format”) is specified in ISO 6582.}, author = {{ISO}}, month = mar, year = {2016}, note = {Number: 6983-1:2009 tex.entrytype: standard tex.version: 2}, } @misc{iges/pdesorganization_InitialGraphicsExchange_1996, address = {N. Charleston, SC}, title = {Initial {Graphics} {Exchange} {Specification} ({IGES}) 5.3}, shorttitle = {{IEGS} 5.3}, url = {https://paulbourke.net/dataformats/iges/IGES.pdf}, publisher = {U.S. Product Data Association}, collaborator = {{IGES/PDES Organization} and {U.S. Product Data Association}}, month = sep, year = {1996}, keywords = {Computer graphics, Standards}, } @article{peak_STEPXMLUML_2004, title = {{STEP}, {XML}, and {UML}: {Complementary} {Technologies}}, volume = {4}, url = {https://www.nist.gov/publications/step-xml-and-uml-complementary-technologies}, doi = {10.1115/1.1818683}, abstract = {One important aspect of product lifecycle management (PLM)is the computer-sensible representation of product information}, language = {en}, urldate = {2025-02-04}, journal = {ASME}, author = {Peak, Russell S. and Lubell, Joshua and Srinivasan, Vijay and Waterbury, Stephen C.}, month = dec, year = {2004}, note = {Last Modified: 2017-02-19T20:02-05:00 Publisher: Russell S. Peak, Joshua Lubell, Vijay Srinivasan, Stephen C. Waterbury}, pages = {379--390}, } @inproceedings{moller_CrossLanguageDifferentialTesting_2024, address = {New York, NY, USA}, series = {{ASIA} {CCS} '24}, title = {Cross-{Language} {Differential} {Testing} of {JSON} {Parsers}}, isbn = {979-8-4007-0482-6}, url = {https://dl.acm.org/doi/10.1145/3634737.3657003}, doi = {10.1145/3634737.3657003}, abstract = {JSON is a widely used format for representing data on the Internet. Unfortunately, the format is imprecisely specified, which poses the risk of confusion and ambiguity when processing sensitive data. While previous work has focused on manual analysis of parsers, an automatic analysis of the interplay of multiple parsers resulting from this imprecision has received little attention so far. In this paper, we address this problem and propose a framework for differential testing of JSON parsers tailored towards discovering semantic discrepancies. To spot these differences automatically, we overcome two challenges: First, we introduce a consensus-based normalization of JSON that enables us to analyze data semantics in absence of a precise specification. Second, we propose a novel mechanism for tracking test coverage across runtime environments, so that confusions between parsers written in C, C++, Rust, Java, and Python can be detected simultaneously. In a comparative analysis of 22 JSON parsers, we uncover various semantic discrepancies, ranging from minor inconsistencies in the representation of numbers and strings to severe confusions in the handling of object keys and values. We illustrate the security impact of these discrepancies in different case studies, echoing recent efforts to enforce a stricter specification for JSON in security applications.}, urldate = {2024-11-27}, booktitle = {Proceedings of the 19th {ACM} {Asia} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Möller, Jonas and Weißberg, Felix and Pirch, Lukas and Eisenhofer, Thorsten and Rieck, Konrad}, month = jul, year = {2024}, pages = {1117--1127}, } @misc{scott_TLSInternetThings_2023, title = {On {TLS} for the {Internet} of {Things}, in a {Post} {Quantum} world}, url = {https://eprint.iacr.org/2023/095}, abstract = {The TLS (Transport Layer Security) protocol is the most important, most attacked, most analysed and most used cryptographic protocol in the world today. TLS is critical to the integrity of the Internet, and if it were to be broken e-commerce would become impossible, with very serious implications for the global economy. Furthermore TLS is likely to assume even greater significance in the near future with the rapid growth of an Internet of Things (IoT) -- a multiplicity of internet connected devices all engaged in secure inter-communication. However the impending invention of a Cryptographically Relevant Quantum Computer (CRQC) would represent an existential threat to TLS in its current form. As it stands the latest version TLS1.3, benefiting as it does from years of research and study, provides effective security, but it must soon be updated to resist this new threat. In this research we first undertake a new clean-room implementation of a small-footprint open source TLS1.3, written in C++ and Rust, and suitable for IoT applications. Our implementation is designed to be cryptographically agile, so that it can easily accomodate new post-quantum cryptographic primitives. Next we use this new implementation as a vehicle to study the impact of going post-quantum, with a particular emphasis on the impact on the Internet of Things. Finally we showcase the flexibility of our implementation by proposing an implementation of TLS that uses identity-based encryption to mitigate this impact.}, urldate = {2024-09-11}, author = {Scott, Michael}, year = {2023}, note = {Publication info: Preprint.}, keywords = {Identity-based encryption, Post Quantum Cryptography, TLS}, } @inproceedings{fu_RealtimeRobustMalicious_2021, address = {New York, NY, USA}, series = {{CCS} '21}, title = {Realtime {Robust} {Malicious} {Traffic} {Detection} via {Frequency} {Domain} {Analysis}}, isbn = {978-1-4503-8454-4}, url = {https://dl.acm.org/doi/10.1145/3460120.3484585}, doi = {10.1145/3460120.3484585}, abstract = {Machine learning (ML) based malicious traffic detection is an emerging security paradigm, particularly for zero-day attack detection, which is complementary to existing rule based detection. However, the existing ML based detection achieves low detection accuracy and low throughput incurred by inefficient traffic features extraction. Thus, they cannot detect attacks in realtime, especially in high throughput networks. Particularly, these detection systems similar to the existing rule based detection can be easily evaded by sophisticated attacks. To this end, we propose Whisper, a realtime ML based malicious traffic detection system that achieves both high accuracy and high throughput by utilizing frequency domain features. It utilizes sequential information represented by the frequency domain features to achieve bounded information loss, which ensures high detection accuracy, and meanwhile constrains the scale of features to achieve high detection throughput. In particular, attackers cannot easily interfere with the frequency domain features and thus Whisper is robust against various evasion attacks. Our experiments with 42 types of attacks demonstrate that, compared with the state-of-the-art systems, Whisper can accurately detect various sophisticated and stealthy attacks, achieving at most 18.36\% improvement of AUC, while achieving two orders of magnitude throughput. Even under various evasion attacks, Whisper is still able to maintain around 90\% detection accuracy.}, urldate = {2024-09-12}, booktitle = {Proceedings of the 2021 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Fu, Chuanpu and Li, Qi and Shen, Meng and Xu, Ke}, month = nov, year = {2021}, pages = {3431--3446}, } @article{henn_SecurityStateGerman_2021, title = {The {Security} {State} of the {German} {Health} {Web}: {An} {Exploratory} {Study}}, volume = {283}, issn = {1879-8365}, shorttitle = {The {Security} {State} of the {German} {Health} {Web}}, doi = {10.3233/SHTI210558}, abstract = {The internet has become an important resource for health information and for interactions with healthcare providers. However, information of all types can go through many servers and networks before reaching its intended destination and any of these has the potential to intercept or even manipulate the exchanged information if data's transfer is not adequately protected. As trust is a fundamental concept in healthcare relationships, it is crucial to offer a secure medical website to maintain the same level of trust as provided in a face-to-face meeting. This study provides a first analysis of the SSL/TLS security of and the security headers used within the health-related web limited to web pages in German, the German health web (GHW). METHODS: testssl.sh and TLS-Scanner were used to analyze the URLs of the 1,000 top-ranked health-related web sites (according to PageRank) for each of the country- code top level domains: ".de", ".at" and ".ch". RESULTS: Our study revealed that most websites in the GHW are potentially vulnerable to common SSL/TLS security vulnerabilities, offer deprecated SSL/TLS protocol versions and mostly do not implement HTTP security headers at all. CONCLUSIONS: These findings question the concept of trust within the GHW. Website owners should reconsider the use of outdated SSL/TLS protocol versions for compatibility reasons. Additionally, HTTP security headers should be implemented more consequently to provide additional security aspects. In future work, the authors intend to repeat this study and to incorporate a website's category, i.e. governmental or public health, to get a more detailed view of the GHW's security.}, language = {eng}, journal = {Studies in Health Technology and Informatics}, author = {Henn, Frederic and Zowalla, Richard and Mayer, Andreas}, month = sep, year = {2021}, pmid = {34545834}, keywords = {Health Personnel, Humans, Internet, Trust, consumer health information, cyber security, data security, health information seeking, internet, trust}, pages = {180--185}, } @inproceedings{xiao_STACCODifferentiallyAnalyzing_2017, address = {New York, NY, USA}, series = {{CCS} '17}, title = {{STACCO}: {Differentially} {Analyzing} {Side}-{Channel} {Traces} for {Detecting} {SSL}/{TLS} {Vulnerabilities} in {Secure} {Enclaves}}, isbn = {978-1-4503-4946-8}, shorttitle = {{STACCO}}, url = {https://dl.acm.org/doi/10.1145/3133956.3134016}, doi = {10.1145/3133956.3134016}, abstract = {Intel Software Guard Extension (SGX) offers software applications a shielded execution environment, dubbed enclave, to protect their confidentiality and integrity from malicious operating systems. As processors with this extended feature become commercially available, many new software applications are developed to enrich to the SGX-enabled ecosystem. One important primitive for these applications is a secure communication channel between the enclave and a remote trusted party. The SSL/TLS protocol, which is the de facto standard for protecting transport-layer network communications, has been broadly regarded a natural choice for such purposes. However, in this paper, we show that the marriage between SGX and SSL may not be smooth sailing.Particularly, we consider a category of side-channel attacks against SSL/TLS implementations in secure enclaves, which we call the control-flow inference attacks. In these attacks, the malicious operating system kernel may perform a powerful man-in-the-kernel attack to collect execution traces of the enclave programs at the page level, the cacheline level, or the branch level, while positioning itself in the middle of the two communicating parties. At the center of our work is a differential analysis framework, dubbed Stacco, to dynamically analyze the SSL/TLS implementations and detect vulnerabilities-discernible execution traces-that can be exploited as decryption oracles. Surprisingly, in spite of the prevailing constant-time programming paradigm adopted by many cryptographic libraries, we found exploitable vulnerabilities in the latest versions of all the SSL/TLS libraries we have examined.To validate the detected vulnerabilities, we developed a man-in-the-kernel adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL library running in the SGX enclave (with the help of Graphene) and completely broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only 57286 queries. We also conducted CBC padding oracle attacks against the latest GnuTLS running in Graphene-SGX and an open-source SGX implementation of mbedTLS (i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it only needs 48388 and 25717 queries, respectively, to break one block of AES ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can be completed within 1 or 2 hours. Our results reveal the insufficient understanding of side-channel security in SGX settings, and our study will provoke discussions on the secure implementation and adoption of SSL/TLS in secure enclaves.}, urldate = {2024-09-11}, booktitle = {Proceedings of the 2017 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Xiao, Yuan and Li, Mengyuan and Chen, Sanchuan and Zhang, Yinqian}, month = oct, year = {2017}, pages = {859--874}, } @inproceedings{simos_TestingTLSUsing_2017, address = {Cham}, title = {Testing {TLS} {Using} {Combinatorial} {Methods} and {Execution} {Framework}}, isbn = {978-3-319-67549-7}, doi = {10.1007/978-3-319-67549-7_10}, abstract = {The TLS protocol is the standard for secure Internet communication between two parties. Unfortunately, there have been recently successful attacks like DROWN or BREACH that indicate the necessity for thoroughly testing TLS implementations. In our research work, we focus on automated test case generation and execution for the TLS security protocol, where the aim is to make use of combinatorial methods for providing test cases that ideally also reveal previously unknown attacks. This is made feasible by creating appropriate input parameter models for different messages that can appear in a TLS message sequence. In this paper, we present the resulting test case generation and execution framework together with the corresponding testing oracle. Furthermore, we discuss first empirical results obtained using different TLS implementations and their releases.}, language = {en}, booktitle = {Testing {Software} and {Systems}}, publisher = {Springer International Publishing}, author = {Simos, Dimitris E. and Bozic, Josip and Duan, Feng and Garn, Bernhard and Kleine, Kristoffer and Lei, Yu and Wotawa, Franz}, editor = {Yevtushenko, Nina and Cavalli, Ana Rosa and Yenigün, Hüsnü}, year = {2017}, keywords = {Combinatorial testing, Security protocols, Security testing, TLS}, pages = {162--177}, } @article{simos_TestingTLSUsing_2019, title = {Testing {TLS} using planning-based combinatorial methods and execution framework}, volume = {27}, issn = {1573-1367}, url = {https://doi.org/10.1007/s11219-018-9412-z}, doi = {10.1007/s11219-018-9412-z}, abstract = {The TLS protocol is the standard for secure Internet communication between two parties. Unfortunately, there have been recently successful attacks like DROWN, ROBOT, or BREACH that indicate the necessity for thoroughly testing TLS implementations. In our research work, we focus on automated test case generation and execution for the TLS security protocol, where the aim is to combine planning with combinatorial methods for providing test cases that ideally also reveal previously unknown attacks. This is made feasible by creating appropriate input parameter models for different messages that can appear in a TLS message sequence. In this paper, we present the resulting test case generation and execution framework together with the corresponding test oracle. Furthermore, we discuss in detail empirical results obtained via testing different TLS implementations.}, language = {en}, number = {2}, urldate = {2024-09-11}, journal = {Software Quality Journal}, author = {Simos, Dimitris E. and Bozic, Josip and Garn, Bernhard and Leithner, Manuel and Duan, Feng and Kleine, Kristoffer and Lei, Yu and Wotawa, Franz}, month = jun, year = {2019}, keywords = {Combinatorial testing, Planning, Security protocols, Security testing, TLS}, pages = {703--729}, } @inproceedings{calzavara_PostcardsPostHTTPWorld_2019, title = {Postcards from the {Post}-{HTTP} {World}: {Amplification} of {HTTPS} {Vulnerabilities} in the {Web} {Ecosystem}}, shorttitle = {Postcards from the {Post}-{HTTP} {World}}, url = {https://ieeexplore.ieee.org/document/8835223}, doi = {10.1109/SP.2019.00053}, abstract = {HTTPS aims at securing communication over the Web by providing a cryptographic protection layer that ensures the confidentiality and integrity of communication and enables client/server authentication. However, HTTPS is based on the SSL/TLS protocol suites that have been shown to be vulnerable to various attacks in the years. This has required fixes and mitigations both in the servers and in the browsers, producing a complicated mixture of protocol versions and implementations in the wild, which makes it unclear which attacks are still effective on the modern Web and what is their import on web application security. In this paper, we present the first systematic quantitative evaluation of web application insecurity due to cryptographic vulnerabilities. We specify attack conditions against TLS using attack trees and we crawl the Alexa Top 10k to assess the import of these issues on page integrity, authentication credentials and web tracking. Our results show that the security of a consistent number of websites is severely harmed by cryptographic weaknesses that, in many cases, are due to external or related-domain hosts. This empirically, yet systematically demonstrates how a relatively limited number of exploitable HTTPS vulnerabilities are amplified by the complexity of the web ecosystem.}, urldate = {2024-09-11}, booktitle = {2019 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})}, author = {Calzavara, Stefano and Focardi, Riccardo and Nemec, Matus and Rabitti, Alvise and Squarcina, Marco}, month = may, year = {2019}, note = {ISSN: 2375-1207}, keywords = {Authentication, Browsers, Ciphers, HTTPS, Measurement, Protocols, Servers, TLS, Vulnerability-scan, Web}, pages = {281--298}, } @article{garn_TwoStepTLSBasedBrowser_2022, title = {A {Two}-{Step} {TLS}-{Based} {Browser} fingerprinting approach using combinatorial sequences}, volume = {114}, issn = {0167-4048}, url = {https://www.sciencedirect.com/science/article/pii/S0167404821003990}, doi = {10.1016/j.cose.2021.102575}, abstract = {We propose a two-step TLS-based fingerprinting approach using combinatorial sequences and properties of TLS handshake messages. Our approach combines fingerprinting based on attributes of the initial ClientHello message with the observed behavior of TLS clients when presented with permuted handshake messages in order to enhance the granularity of the derived fingerprints without increasing the required number of exchanged messages. We conduct a detailed evaluation against 21 browsers and TLS clients on two operating systems. The results show a significant increase in the entropy of the achieved splittings, allowing for a more precise identification of the TLS client than permitted by either of the underlying approaches in isolation.}, urldate = {2024-09-11}, journal = {Computers \& Security}, author = {Garn, Bernhard and Zauner, Stefan and Simos, Dimitris E. and Leithner, Manuel and Kuhn, Richard and Kacker, Raghu}, month = mar, year = {2022}, keywords = {Anonymity set, Browser fingerprinting, Combinatorial sequences, Fraud detection, TLS Protocol}, pages = {102575}, } @inproceedings{saatjohann_SicherheitMedizintechnischerProtokolle_2022, title = {Sicherheit medizintechnischer {Protokolle} im {Krankenhaus}}, isbn = {978-3-88579-717-3}, url = {https://dl.gi.de/handle/20.500.12116/40151}, abstract = {Medizinische Einrichtungen waren in den letzten Jahren immer wieder von Cyber-Angriffen betroffen. Auch wenn sich diese Angriffe derzeit auf die Office-IT-Infrastruktur der Einrichtungen konzentrieren, existiert mit medizinischen Systemen und Kommunikationsprotokollen eine weitere wenig beachtete Angriffsoberfläche. In diesem Beitrag analysieren wir die weit verbreiteten medizintechnischen Kommunikations-Protokolle DICOM und HL7 sowie Protokoll-Implementierungen auf ihre IT-Sicherheit. Dafür präsentieren wir die Ergebnisse der Sicherheitsanalyse der DICOM-und HL7-Standards, einen Fuzzer “MedFUZZ” für diese Protokolle sowie einen Schwachstellenscanner “MedVAS”, der Schwachstellen in medizintechnischen Produktivumgebungen auffinden kann.}, language = {de}, urldate = {2024-09-11}, publisher = {Gesellschaft für Informatik, Bonn}, author = {Saatjohann, Christoph and Ising, Fabian and Gierlings, Matthias and Noss, Dominik and Schimmler, Sascha and Klemm, Alexander and Grundmann, Leif and Frosch, Tilman and Schinzel, Sebastian}, year = {2022}, pages = {143--158}, } @article{walz_ExploitingDissentFuzzingBased_2020, title = {Exploiting {Dissent}: {Towards} {Fuzzing}-{Based} {Differential} {Black}-{Box} {Testing} of {TLS} {Implementations}}, volume = {17}, issn = {1941-0018}, shorttitle = {Exploiting {Dissent}}, url = {https://ieeexplore.ieee.org/document/8070382}, doi = {10.1109/TDSC.2017.2763947}, abstract = {The Transport Layer Security (TLS) protocol is one of the most widely used security protocols on the internet. Yet do implementations of TLS keep on suffering from bugs and security vulnerabilities. In large part is this due to the protocol's complexity which makes implementing and testing TLS notoriously difficult. In this paper, we present our work on using differential testing as effective means to detect issues in black-box implementations of the TLS handshake protocol. We introduce a novel fuzzing algorithm for generating large and diverse corpuses of mostly-valid TLS handshake messages. Stimulating TLS servers when expecting a ClientHello message, we find messages generated with our algorithm to induce more response discrepancies and to achieve a higher code coverage than those generated with American Fuzzy Lop, TLS-Attacker, or NEZHA. In particular, we apply our approach to OpenSSL, BoringSSL, WolfSSL, mbedTLS, and MatrixSSL, and find several real implementation bugs; among them a serious vulnerability in MatrixSSL 3.8.4. Besides do our findings point to imprecision in the TLS specification. We see our approach as presented in this paper as the first step towards fully interactive differential testing of black-box TLS protocol implementations. Our software tools are publicly available as open source projects.}, number = {2}, urldate = {2024-09-11}, journal = {IEEE Transactions on Dependable and Secure Computing}, author = {Walz, Andreas and Sikora, Axel}, month = mar, year = {2020}, note = {Conference Name: IEEE Transactions on Dependable and Secure Computing}, keywords = {Complexity theory, Computer bugs, Cryptography, Protocols, Servers, TLS, Testing, cryptographic protocols, differential testing, fuzzing, network security}, pages = {278--291}, } @article{drees_AutomatedDetectionSide_2021, title = {Automated {Detection} of {Side} {Channels} in {Cryptographic} {Protocols}: {DROWN} the {ROBOTs}!}, url = {https://dl.acm.org/doi/10.1145/3474369.3486868}, doi = {10.1145/3474369.3486868}, abstract = {Currently most practical attacks on cryptographic protocols like TLS are based on side channels, such as padding oracles. Some well-known recent examples are DROWN, ROBOT and Raccoon (USENIX Security 2016, 2018, 2021). Such attacks are usually found by careful and time-consuming manual analysis by specialists. In this paper, we consider the question of how such attacks can be systematically detected and prevented before (large-scale) deployment. We propose a new, fully automated approach, which uses supervised learning to identify arbitrary patterns in network protocol traffic. In contrast to classical scanners, which search for known side channels, the detection of general patterns might detect new side channels, even unexpected ones, such as those from the ROBOT attack. To analyze this approach, we develop a tool to detect Bleichenbacher-like padding oracles in TLS server implementations, based on an ensemble of machine learning algorithms. We verify that the approach indeed detects known vulnerabilities successfully and reliably. The tool also provides detailed information about detected patterns to developers, to assist in removing a potential padding oracle. Due to the automation, the approach scales much better than manual analysis and could even be integrated with a CI/CD pipeline of a development environment, for example.}, journal = {AISec 2021 - Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, co-located with CCS 2021}, author = {Drees, Jan Peter and Gupta, Pritha and Hüllermeier, Eyke and Jager, Tibor and Konze, Alexander and Priesterjahn, Claudia and Ramaswamy, Arunselvan and Somorovsky, Juraj}, month = nov, year = {2021}, note = {ISBN: 9781450386579 Publisher: Association for Computing Machinery, Inc}, keywords = {bleichenbacher, machine learning, side channel, tls}, pages = {169--180}, } @inproceedings{chen_SherlockSpecsBuilding_2023, title = {Sherlock on {Specs}: {Building} \{{LTE}\} {Conformance} {Tests} through {Automated} {Reasoning}}, isbn = {978-1-939133-37-3}, shorttitle = {Sherlock on {Specs}}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/chen-yi}, language = {en}, urldate = {2024-08-26}, author = {Chen, Yi and Tang, Di and Yao, Yepeng and Zha, Mingming and Wang, XiaoFeng and Liu, Xiaozhong and Tang, Haixu and Liu, Baoxu}, year = {2023}, pages = {3529--3545}, } @inproceedings{klischies_InstructionsUnclearUndefined_2023, title = {Instructions {Unclear}: {Undefined} {Behaviour} in {Cellular} {Network} {Specifications}}, isbn = {978-1-939133-37-3}, shorttitle = {Instructions {Unclear}}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/klischies}, language = {en}, urldate = {2024-08-26}, author = {Klischies, Daniel and Schloegel, Moritz and Scharnowski, Tobias and Bogodukhov, Mikhail and Rupprecht, David and Moonsamy, Veelasha}, year = {2023}, pages = {3475--3492}, } @misc{_ChallengesAutomataReconstruction_, title = {On the challenges of automata reconstruction in {LTE} networks {\textbar} {Proceedings} of the 14th {ACM} {Conference} on {Security} and {Privacy} in {Wireless} and {Mobile} {Networks}}, url = {https://dl.acm.org/doi/10.1145/3448300.3469133}, urldate = {2024-08-26}, } @inproceedings{xing_CriticalityIntegrityProtection_2024, title = {On the {Criticality} of {Integrity} {Protection} in {5G} {Fronthaul} {Networks}}, isbn = {978-1-939133-44-1}, url = {https://www.usenix.org/conference/usenixsecurity24/presentation/xing-jiarong}, language = {en}, urldate = {2024-08-26}, author = {Xing, Jiarong and Yoo, Sophia and Foukas, Xenofon and Kim, Daehyeok and Reiter, Michael K.}, year = {2024}, pages = {4463--4479}, } @inproceedings{298124, address = {Philadelphia, PA}, title = {Logic gone astray: a security analysis framework for the control plane protocols of {5G} basebands}, isbn = {978-1-939133-44-1}, url = {https://www.usenix.org/conference/usenixsecurity24/presentation/tu}, booktitle = {33rd {USENIX} security symposium ({USENIX} security 24)}, publisher = {USENIX Association}, author = {Tu, Kai and Ishtiaq, Abdullah Al and Rashid, Syed Md Mukit and Dong, Yilu and Wang, Weixuan and Wu, Tianwei and Hussain, Syed Rafiul}, month = aug, year = {2024}, pages = {3063--3080}, } @misc{ziemann_AnalysisGnuTLSSession_2020, title = {Analysis of the {GnuTLS} {Session} {Ticket} {Bug} ({CVE}-2020-13777)}, url = {https://hackmanit.de/de/blog/118-analysis-of-the-gnutls-session-ticket-bug-cve-2020-13777/}, abstract = {Hackmanit - Ihr Spezialist für Web Sicherheit und Kryptographie.}, language = {de-de}, urldate = {2025-09-05}, author = {Ziemann, David}, month = jul, year = {2020}, } @misc{_CVE202013777TLS13_2020, title = {{CVE}-2020-13777: {TLS} 1.3 session resumption works without master key, allowing {MITM} (\#1011) · {Issues} · gnutls / {GnuTLS} · {GitLab}}, shorttitle = {{CVE}-2020-13777}, url = {https://gitlab.com/gnutls/gnutls/-/issues/1011}, abstract = {GnuTLS servers are able to use tickets issued by each other without access to the secret key as generated by gnutls\_session\_ticket\_key\_generate(). This allows a MITM server without...}, language = {en}, urldate = {2025-09-05}, journal = {GitLab}, month = jun, year = {2020}, } @misc{nist_CVE202013777_, title = {{CVE}-2020-13777}, url = {https://nvd.nist.gov/vuln/detail/CVE-2020-13777}, urldate = {2025-09-05}, author = {{NIST}}, } @misc{google_HTTPSEncryptionWeb_, title = {{HTTPS} {Encryption} in the {Web} – {Google} {Transparency} {Report}}, url = {https://transparencyreport.google.com/https/overview}, urldate = {2024-07-11}, journal = {HTTPS Encryption in the Web}, author = {Google}, } @misc{iyengared._QUICUDPbasedMultiplexed_2021, title = {{QUIC}: a {UDP}-based multiplexed and secure transport}, doi = {10.17487/RFC9000}, abstract = {This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm.}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Iyengar (Ed.), J. and Thomson (Ed.), M.}, month = may, year = {2021}, note = {ISSN: 2070-1721 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 9000 (Proposed Standard) tex.key: RFC 9000}, keywords = {multipath, next generations, protocol, sctp++, secure, smart, tcp/2, tcpng, transport, transport-ng}, } @misc{hoffman_SMTPServiceExtension_2002, type = {Request for {Comments}}, title = {{SMTP} {Service} {Extension} for {Secure} {SMTP} over {Transport} {Layer} {Security}}, doi = {10.17487/RFC3207}, abstract = {This document describes an extension to the SMTP (Simple Mail Transfer Protocol) service that allows an SMTP server and client to use TLS (Transport Layer Security) to provide private, authenticated communication over the Internet. This gives SMTP agents the ability to protect some or all of their communications from eavesdroppers and attackers. [STANDARDS-TRACK]}, publisher = {Internet Engineering Task Force}, author = {Hoffman, Paul E.}, month = feb, year = {2002}, } @misc{hu_SpecificationDNSTransport_2016, type = {Request for {Comments}}, title = {Specification for {DNS} over {Transport} {Layer} {Security} ({TLS})}, doi = {10.17487/RFC7858}, abstract = {This document describes the use of Transport Layer Security (TLS) to provide privacy for DNS. Encryption provided by TLS eliminates opportunities for eavesdropping and on-path tampering with DNS queries in the network, such as discussed in RFC 7626. In addition, this document specifies two usage profiles for DNS over TLS and provides advice on performance considerations to minimize overhead from using TCP and TLS with DNS. This document focuses on securing stub-to-recursive traffic, as per the charter of the DPRIVE Working Group. It does not prevent future applications of the protocol to recursive-to-authoritative traffic.}, publisher = {Internet Engineering Task Force}, author = {Hu, Zi and Zhu, Liang and Heidemann, John and Mankin, Allison and Wessels, Duane and Hoffman, Paul E.}, month = may, year = {2016}, } @misc{rescorla_TransportLayerSecurity_2008, type = {Request for {Comments}}, title = {The {Transport} {Layer} {Security} ({TLS}) {Protocol} {Version} 1.2}, doi = {10.17487/RFC5246}, abstract = {This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. [STANDARDS-TRACK]}, publisher = {Internet Engineering Task Force}, author = {Rescorla, Eric and Dierks, Tim}, month = aug, year = {2008}, } @misc{allen_TLSProtocolVersion_1999, type = {Request for {Comments}}, title = {The {TLS} {Protocol} {Version} 1.0}, doi = {10.17487/RFC2246}, abstract = {This document specifies Version 1.0 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.}, publisher = {Internet Engineering Task Force}, author = {Allen, Christopher and Dierks, Tim}, month = jan, year = {1999}, } @misc{boeyen_InternetX509Public_2008, type = {Request for {Comments}}, title = {Internet {X}.509 {Public} {Key} {Infrastructure} {Certificate} and {Certificate} {Revocation} {List} ({CRL}) {Profile}}, doi = {10.17487/RFC5280}, abstract = {This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK]}, publisher = {Internet Engineering Task Force}, author = {Boeyen, Sharon and Santesson, Stefan and Polk, Tim and Housley, Russ and Farrell, Stephen and Cooper, David}, month = may, year = {2008}, } @misc{nielsen_HypertextTransferProtocol_1999, type = {Request for {Comments}}, title = {Hypertext {Transfer} {Protocol} – {HTTP}/1.1}, doi = {10.17487/RFC2616}, abstract = {HTTP has been in use by the World-Wide Web global information initiative since 1990. This specification defines the protocol referred to as "HTTP/1.1", and is an update to RFC 2068. [STANDARDS-TRACK]}, publisher = {Internet Engineering Task Force}, author = {Nielsen, Henrik and Mogul, Jeffrey and Masinter, Larry M. and Fielding, Roy T. and Gettys, Jim and Leach, Paul J. and Berners-Lee, Tim}, month = jun, year = {1999}, } @misc{eronen_TransportLayerSecurity_2008, type = {Request for {Comments}}, title = {Transport {Layer} {Security} ({TLS}) {Session} {Resumption} without {Server}-{Side} {State}}, doi = {10.17487/RFC5077}, abstract = {This document describes a mechanism that enables the Transport Layer Security (TLS) server to resume sessions and avoid keeping per-client session state. The TLS server encapsulates the session state into a ticket and forwards it to the client. The client can subsequently resume a session using the obtained ticket. This document obsoletes RFC 4507. [STANDARDS-TRACK]}, publisher = {Internet Engineering Task Force}, author = {Eronen, Pasi and Tschofenig, Hannes and Zhou, Hao and Salowey, Joseph A.}, month = jan, year = {2008}, } @misc{blake-wilson_TransportLayerSecurity_2003, type = {Request for {Comments}}, title = {Transport {Layer} {Security} ({TLS}) {Extensions}}, doi = {10.17487/RFC3546}, abstract = {This document describes extensions that may be used to add functionality to Transport Layer Security (TLS). It provides both generic extension mechanisms for the TLS handshake client and server hellos, and specific extensions using these generic mechanisms. The extensions may be used by TLS clients and servers. The extensions are backwards compatible - communication is possible between TLS 1.0 clients that support the extensions and TLS 1.0 servers that do not support the extensions, and vice versa. [STANDARDS-TRACK]}, publisher = {Internet Engineering Task Force}, author = {Blake-Wilson, Simon and Mikkelsen, Jan and Nyström, Magnus and Hopwood, David and Wright, Tim}, month = jun, year = {2003}, } @misc{eastlake_TransportLayerSecurity_2011, title = {Transport {Layer} {Security} ({TLS}) {Extensions}: {Extension} {Definitions}}, shorttitle = {Transport {Layer} {Security} ({TLS}) {Extensions}}, doi = {10.17487/rfc6066}, abstract = {This document provides specifications for existing TLS extensions. It is a companion document for RFC 5246, "The Transport Layer Security (TLS) Protocol Version 1.2". The extensions specified are server\_name, max\_fragment\_length, client\_certificate\_url, trusted\_ca\_keys, truncated\_hmac, and status\_request.}, language = {en}, publisher = {RFC Editor}, author = {Eastlake, D.}, month = jan, year = {2011}, } @misc{ford-hutchinson_SecuringFTPTLS_2005, type = {Request for {Comments}}, title = {Securing {FTP} with {TLS}}, doi = {10.17487/RFC4217}, abstract = {This document describes a mechanism that can be used by FTP clients and servers to implement security and authentication using the TLS protocol defined by RFC 2246, "The TLS Protocol Version 1.0.", and the extensions to the FTP protocol defined by RFC 2228, "FTP Security Extensions". It describes the subset of the extensions that are required and the parameters to be used, discusses some of the policy issues that clients and servers will need to take, considers some of the implications of those policies, and discusses some expected behaviours of implementations to allow interoperation. This document is intended to provide TLS support for FTP in a similar way to that provided for SMTP in RFC 2487, "SMTP Service Extension for Secure SMTP over Transport Layer Security", and HTTP in RFC 2817, "Upgrading to TLS Within HTTP/1.1.". This specification is in accordance with RFC 959, "File Transfer Protocol". It relies on RFC 2246, "The TLS Protocol Version 1.0.", and RFC 2228, "FTP Security Extensions". [STANDARDS-TRACK]}, publisher = {Internet Engineering Task Force}, author = {Ford-Hutchinson, Paul}, month = oct, year = {2005}, } @misc{salowey_TransportLayerSecurity_2006, type = {Request for {Comments}}, title = {Transport {Layer} {Security} ({TLS}) {Session} {Resumption} without {Server}-{Side} {State}}, doi = {10.17487/RFC4507}, abstract = {This document describes a mechanism that enables the Transport Layer Security (TLS) server to resume sessions and avoid keeping {\textbackslash}textbackslash\%per-client session state. The TLS server encapsulates the session state into a ticket and forwards it to the client. The client can subsequently resume a session using the obtained ticket. [STANDARDS-TRACK]}, publisher = {Internet Engineering Task Force}, author = {Salowey, Joseph A. and Zhou, Hao and Tschofenig, Hannes and Eronen, Pasi}, month = may, year = {2006}, } @misc{gallagher_CloudflareGivesInternet_2014, title = {Cloudflare gives {Internet} a present: free, no-hassle “{Universal}” {SSL}}, shorttitle = {Cloudflare gives {Internet} a present}, url = {https://arstechnica.com/information-technology/2014/09/cloudflare-gives-internet-a-present-free-no-hassle-universal-ssl/}, abstract = {Even free accounts will get elliptic curve encryption crypto protection.}, language = {en}, urldate = {2025-05-19}, journal = {Ars Technica}, author = {Gallagher, Sean}, month = sep, year = {2014}, } @misc{openssl_OpenSSLLibrary_, title = {{OpenSSL} {Library}}, url = {https://openssl-library.org/}, urldate = {2025-05-08}, author = {{OpenSSL}}, } @misc{cloudflare_CloudflareSaaS_2024, title = {Cloudflare for {SaaS}}, url = {https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/}, abstract = {Cloudflare for SaaS allows you to extend the security and performance benefits of Cloudflare's network to your customers via their own custom or vanity domains.}, language = {en}, urldate = {2025-05-08}, journal = {Cloudflare Docs}, author = {{Cloudflare}}, month = sep, year = {2024}, } @misc{fastly_TLSServiceOptions_, title = {{TLS} service options -- {Dedicated} {IP} addresses}, url = {https://docs.fastly.com/products/tls-service-options#dedicated-ip-addresses}, language = {en}, urldate = {2025-05-08}, journal = {Fastly Documentation}, author = {{Fastly}}, } @misc{ddos-guard_DDoSGuardReliableDDoS_, title = {{DDoS}-{Guard} {\textbar} {Reliable} {DDoS} {Protection} \& {Mitigation}}, url = {https://ddos-guard.net/}, abstract = {DDoS protection for companies and businesses of any level. ✔️ 3,2 Tbps scrubbing capacity. ✔️ 550 000+ projects under protection. ✔️ No hidden charges}, language = {en}, urldate = {2025-05-08}, journal = {DDoS-GUARD}, author = {{DDoS-Guard}}, } @misc{openssl_SSL_CTX_set_tlsext_servername_callbackOpenSSLDocumentation_, title = {{SSL}\_CTX\_set\_tlsext\_servername\_callback - {OpenSSL} {Documentation}}, url = {https://docs.openssl.org/3.5/man3/SSL_CTX_set_tlsext_servername_callback/}, urldate = {2025-05-08}, author = {{OpenSSL}}, } @misc{openssl_SSL_CTX_set_client_hello_cbOpenSSLDocumentation_, title = {{SSL}\_CTX\_set\_client\_hello\_cb - {OpenSSL} {Documentation}}, url = {https://docs.openssl.org/3.5/man3/SSL_CTX_set_client_hello_cb/}, urldate = {2025-05-08}, author = {{OpenSSL}}, } @misc{openssl_SSL_CTX_set_session_id_contextOpenSSLDocumentation_, title = {{SSL}\_CTX\_set\_session\_id\_context - {OpenSSL} {Documentation}}, url = {https://docs.openssl.org/3.5/man3/SSL_CTX_set_session_id_context/}, urldate = {2025-05-08}, author = {{OpenSSL}}, } @misc{openssl_SSL_CTX_set_verifyOpenSSLDocumentation_, title = {{SSL}\_CTX\_set\_verify - {OpenSSL} {Documentation}}, url = {https://docs.openssl.org/3.5/man3/SSL_CTX_set_verify/}, urldate = {2025-05-08}, author = {{OpenSSL}}, } @misc{amazon_MutualAuthenticationTLS_, title = {Mutual authentication with {TLS} in {Application} {Load} {Balancer} - {Elastic} {Load} {Balancing}}, url = {https://docs.aws.amazon.com/elasticloadbalancing/latest/application/mutual-authentication.html}, urldate = {2025-05-08}, author = {{Amazon}}, } @misc{fastly_SettingMutualTLS_, title = {Setting up {Mutual} {TLS} authentication}, url = {https://docs.fastly.com/en/guides/setting-up-mutual-tls-authentication}, language = {en}, urldate = {2025-05-08}, journal = {Fastly Documentation}, author = {{Fastly}}, } @misc{cloudflare_EnableMTLS_2024, title = {Enable {mTLS}}, url = {https://developers.cloudflare.com/ssl/client-certificates/enable-mtls/}, abstract = {You can enable mutual Transport Layer Security (mTLS) for any hostname.}, language = {en}, urldate = {2025-05-08}, journal = {Cloudflare Docs}, author = {{Cloudflare}}, month = aug, year = {2024}, } @misc{googlecloud_MutualTLSOverview_, title = {Mutual {TLS} overview {\textbar} {Load} {Balancing}}, url = {https://cloud.google.com/load-balancing/docs/mtls}, language = {en}, urldate = {2025-05-08}, journal = {Google Cloud}, author = {{Google Cloud}}, } @misc{cloudflare_BrowserCompatibility_2025, title = {Browser compatibility - {Non}-{SNI} support}, url = {https://developers.cloudflare.com/ssl/reference/browser-compatibility/#non-sni-support}, abstract = {Review information about browser compatibility for the different Cloudflare SSL/TLS offerings.}, language = {en}, urldate = {2025-05-08}, journal = {Cloudflare Docs}, author = {{Cloudflare}}, month = feb, year = {2025}, } @misc{cloudflare_AdoptionUsageWorldwide_2025, title = {Adoption \& {Usage} {Worldwide} {\textbar} {Cloudflare} {Radar}}, url = {https://radar.cloudflare.com/adoption-and-usage?dateRange=28d#tls-12-vs-tls-13-vs-quic}, abstract = {Global Adoption \& Usage trends and insights.}, language = {en-US}, urldate = {2025-01-20}, journal = {Adoption \& Usage Worldwide {\textbar} Cloudflare Radar}, author = {{Cloudflare}}, year = {2025}, } @inproceedings{hao_EndUsersGetManeuvered_2018, title = {\{{End}-{Users}\} {Get} {Maneuvered}: {Empirical} {Analysis} of {Redirection} {Hijacking} in {Content} {Delivery} {Networks}}, isbn = {978-1-939133-04-5}, shorttitle = {\{{End}-{Users}\} {Get} {Maneuvered}}, url = {https://www.usenix.org/conference/usenixsecurity18/presentation/hao}, language = {en}, booktitle = {27th {USENIX} {Security} {Symposium} ({USENIX} {Security} 18)}, author = {Hao, Shuai and Zhang, Yubao and Wang, Haining and Stavrou, Angelos}, year = {2018}, pages = {1129--1145}, } @misc{microsoft_TutorialConfigureApplication_2023, title = {Tutorial: {Configure} an {Application} {Gateway} with {TLS} termination using the {Azure} portal}, shorttitle = {Tutorial}, url = {https://learn.microsoft.com/en-us/azure/application-gateway/create-ssl-portal}, abstract = {In this tutorial, you learn how to configure an application gateway and add a certificate for TLS termination using the Azure portal.}, language = {en-us}, urldate = {2025-05-08}, author = {{Microsoft}}, month = apr, year = {2023}, } @misc{alegre_Lswsdocs_config_vhost_sslLiteSpeedTechnologies_, title = {lswsdocs\_config\_vhost\_ssl -- {Client} {Verification}}, url = {https://www.litespeedtech.com/docs/webserver/config/virtual-host-ssl#clientVerify}, abstract = {LiteSpeed Web Server Documentation - Virtual Host SSL}, language = {en-gb}, urldate = {2025-05-08}, journal = {LiteSpeed Technologies}, author = {Alegre, Michael}, } @misc{server_GlobalOptionsCaddyfile_, title = {Global options ({Caddyfile}) -- strict\_sni\_host}, url = {https://caddyserver.com/docs/caddyfile/options#strict-sni-host}, abstract = {Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go}, urldate = {2025-05-08}, journal = {Caddy Documentation}, author = {Caddy Web Server}, } @techreport{rfc5216, type = {{RFC}}, title = {The {EAP}-{TLS} authentication protocol}, url = {http://tools.ietf.org/rfc/rfc5216.txt}, number = {5216}, institution = {IETF}, author = {Simon, D. and Aboba, B. and Hurst, R.}, month = mar, year = {2008}, } @phdthesis{tajalizadehkhoob_RoleHostingProviders_2018, type = {Doctoral {Thesis}}, title = {The {Role} of {Hosting} {Providers} in {Web} {Security}: {Understanding} and {Improving} {Security} {Incentives} and {Performance} via {Analysis} of {Large}-scale {Incident} {Data}}, shorttitle = {The {Role} of {Hosting} {Providers} in {Web} {Security}}, language = {en}, school = {Delft University of Technology}, author = {Tajalizadehkhoob, S.}, year = {2018}, doi = {10.4233/UUID:C343A2DD-15D1-4921-9B45-F00EE38177D8}, } @phdthesis{timleonhardstorm_LargeScaleScanning_2023, title = {Large {Scale} {Scanning} of {TLS} {Session} {Ticket} {Confusion}}, abstract = {Session tickets are a resumption mechanism, which can speed up repeated TLS connections. To do so, information is stored client-side, encrypted with an additional symmetric key, which is separate from existing private keys. A server only has to store this key, making session tickets stateless for the server. If the key is shared between servers, a client can be misled into resuming a session with a different, less secure server. In this thesis, we design and implement a scan for detecting prerequisites to such an attack, by requesting and redeeming tickets for pair-wise servers. We find that 17,901 out of 22,127 scanned (virtual) hosts are potentially vulnerable to this attack because they share their keys and accept tickets issued for other domains. We discuss the difficulties of detecting such an attack and show that unfortunately, our approach does not scale to larger sample sizes.}, language = {eng}, author = {Storm, Tim Leonhard}, year = {2023}, doi = {10.17619/UNIPB/1-1770}, } @inproceedings{kim_WebInformationExtraction_2007, title = {Web {Information} {Extraction} by {HTML} {Tree} {Edit} {Distance} {Matching}}, doi = {10.1109/ICCIT.2007.19}, abstract = {The main issue for effective Web information extraction is how to recognize similar patterns in a Web page. Traditionally, it has been shown that pattern matching by using the HTML DOM tree is more efficient than the simple string matching approach. Nonetheless, previous tree-based pattern matching methods have problems by assuming that all HTML tags have the same values, assigning the same weight to each node in HTML trees. This paper proposes an enhanced tree matching algorithm that improves the tree edit distance method by considering the characteristics of HTML features. We assign different values to different HTML tree nodes according to their weights for displaying the corresponding data objects in the browser. Pattern matching of HTML patterns is done by obtaining the maximum mapping values of two HTML trees that are constructed with weighted node values from HTML data objects. Experiments are done over several Web commerce sites to evaluate the effectiveness of the proposed HTML tree matching algorithm.}, booktitle = {2007 {International} {Conference} on {Convergence} {Information} {Technology} ({ICCIT} 2007)}, author = {Kim, Yeonjung and Park, Jeahyun and Kim, Taehwan and Choi, Joongmin}, month = nov, year = {2007}, keywords = {Business, Computer science, Data mining, Dynamic programming, HTML, Information technology, Pattern matching, Pattern recognition, Vegetation mapping, Web pages}, pages = {2455--2460}, } @inproceedings{bhargavan_TripleHandshakesCookie_2014, title = {Triple {Handshakes} and {Cookie} {Cutters}: {Breaking} and {Fixing} {Authentication} over {TLS}}, shorttitle = {Triple {Handshakes} and {Cookie} {Cutters}}, doi = {10.1109/SP.2014.14}, abstract = {TLS was designed as a transparent channel abstraction to allow developers with no cryptographic expertise to protect their application against attackers that may control some clients, some servers, and may have the capability to tamper with network connections. However, the security guarantees of TLS fall short of those of a secure channel, leading to a variety of attacks. We show how some widespread false beliefs about these guarantees can be exploited to attack popular applications and defeat several standard authentication methods that rely too naively on TLS. We present new client impersonation attacks against TLS renegotiations, wireless networks, challenge-response protocols, and channel-bound cookies. Our attacks exploit combinations of RSA and Diffie-Hellman key exchange, session resumption, and renegotiation to bypass many recent countermeasures. We also demonstrate new ways to exploit known weaknesses of HTTP over TLS. We investigate the root causes for these attacks and propose new countermeasures. At the protocol level, we design and implement two new TLS extensions that strengthen the authentication guarantees of the handshake. At the application level, we develop an exemplary HTTPS client library that implements several mitigations, on top of a previously verified TLS implementation, and verify that their composition provides strong, simple application security.}, booktitle = {2014 {IEEE} {Symposium} on {Security} and {Privacy}}, author = {Bhargavan, Karthikeyan and Lavaud, Antoine Delignat and Fournet, Cédric and Pironti, Alfredo and Strub, Pierre Yves}, month = may, year = {2014}, note = {ISSN: 2375-1207}, keywords = {Authentication, Browsers, Cryptography, Libraries, Protocols, Servers}, pages = {98--113}, } @inproceedings{hiller_CaseSessionSharing_2019, title = {The {Case} for {Session} {Sharing}: {Relieving} {Clients} from {TLS} {Handshake} {Overheads}}, shorttitle = {The {Case} for {Session} {Sharing}}, doi = {10.1109/LCNSymposium47956.2019.9000667}, abstract = {In recent years, the amount of traffic protected with Transport Layer Security (TLS) has significantly increased and new protocols such as HTTP/2 and QUIC further foster this emerging trend. However, protecting traffic with TLS has significant impacts on network entities. While the restrictions for middleboxes have been extensively studied, addressing the impact of TLS on clients and servers has been mostly neglected so far. Especially mobile clients in emerging 5G and IoT deployments suffer from significantly increased latency, traffic, and energy overheads when protecting traffic with TLS. In this paper, we address this emerging topic by thoroughly analyzing the impact of TLS on clients and servers and derive opportunities for significantly decreasing latency of TLS communication and downsizing TLS management traffic, thereby also reducing TLS-induced server load. We propose a protocol compatible redesign of TLS session management to use these opportunities and showcase their potential based on mobile device traffic and mobile web-browsing traces. These show promising potentials for latency improvements by up to 25.8\% and energy savings of up to 26.3\%.}, booktitle = {2019 {IEEE} 44th {LCN} {Symposium} on {Emerging} {Topics} in {Networking} ({LCN} {Symposium})}, author = {Hiller, Jens and Henze, Martin and Zimmermann, Torsten and Hohlfeld, Oliver and Wehrle, Klaus}, month = oct, year = {2019}, keywords = {5G and IoT, Efficient Secure Communication, Mobile Networking, Network Security, Security and Privacy, TLS Performance, TLS Session Resumption}, pages = {83--91}, } @inproceedings{zhang_TalkingFamiliarStrangers_2020, address = {New York, NY, USA}, series = {{CCS} '20}, title = {Talking with {Familiar} {Strangers}: {An} {Empirical} {Study} on {HTTPS} {Context} {Confusion} {Attacks}}, isbn = {978-1-4503-7089-9}, shorttitle = {Talking with {Familiar} {Strangers}}, doi = {10.1145/3372297.3417252}, abstract = {HTTPS is principally designed for secure end-to-end communication, which adds confidentiality and integrity to sensitive data transmission. While several man-in-the-middle attacks (e.g., SSL Stripping) are available to break the secured connections, state-of-the-art security policies (e.g., HSTS) have significantly increased the cost of successful attacks. However, the TLS certificates shared by multiple domains make HTTPS hijacking attacks possible again.In this paper, we term the HTTPS MITM attacks based on the shared TLS certificates as HTTPS Context Confusion Attack (SCC Attack). Despite a known threat, it has not yet been studied thoroughly. We aim to fill this gap with an in-depth empirical assessment of SCC Attack. We find the attack can succeed even for servers that have deployed current best practice of security policies. By rerouting encrypted traffic to another flawed server that shares the TLS certificate, attackers can bypass the security practices, hijack the ongoing HTTPS connections, and subsequently launch additional attacks including phishing and payment hijacking. Particularly, vulnerable HTTP headers from a third-party server are exploitable for this attack, and it is possible to hijack an already-established secure connection.Through tests on popular websites, we find vulnerable subdomains under 126 apex domains in Alexa top 500 sites, including large vendors like Alibaba, JD, and Microsoft. Meanwhile, through a large-scale measurement, we find that TLS certificate sharing is prominent, which uncovers the high potential of such attacks, and we summarize the security dependencies among different parties. For responsible disclosure, we have reported the issues to affected vendors and received positive feedback. Our study sheds light on an influential attack surface of the HTTPS ecosystem and calls for proper mitigation against MITM attacks.}, booktitle = {Proceedings of the 2020 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Zhang, Mingming and Zheng, Xiaofeng and Shen, Kaiwen and Kong, Ziqiao and Lu, Chaoyi and Wang, Yu and Duan, Haixin and Hao, Shuang and Liu, Baojun and Yang, Min}, month = nov, year = {2020}, pages = {1939--1952}, } @article{aviram_SessionResumptionProtocols_2021, title = {Session {Resumption} {Protocols} and {Efficient} {Forward} {Security} for {TLS} 1.3 0-{RTT}}, volume = {34}, issn = {1432-1378}, doi = {10.1007/s00145-021-09385-0}, abstract = {The TLS 1.3 0-RTT mode enables a client reconnecting to a server to send encrypted application-layer data in “0-RTT” (“zero round-trip time”), without the need for a prior interactive handshake. This fundamentally requires the server to reconstruct the previous session’s encryption secrets upon receipt of the client’s first message. The standard techniques to achieve this are session caches or, alternatively, session tickets. The former provides forward security and resistance against replay attacks, but requires a large amount of server-side storage. The latter requires negligible storage, but provides no forward security and is known to be vulnerable to replay attacks. In this paper, we first formally define session resumption protocols as an abstract perspective on mechanisms like session caches and session tickets. We give a new generic construction that provably provides forward security and replay resilience, based on puncturable pseudorandom functions (PPRFs). We show that our construction can immediately be used in TLS 1.3 0-RTT and deployed unilaterally by servers, without requiring any changes to clients or the protocol. To this end, we present a generic composition of our new construction with TLS 1.3 and prove its security. This yields the first construction that achieves forward security for all messages, including the 0-RTT data. We then describe two new constructions of PPRFs, which are particularly suitable for use for forward-secure and replay-resilient session resumption in TLS 1.3. The first construction is based on the strong RSA assumption. Compared to standard session caches, for “128-bit security” it reduces the required server storage by a factor of almost 20, when instantiated in a way such that key derivation and puncturing together are cheaper on average than one full exponentiation in an RSA group. Hence, a 1 GB session cache can be replaced with only about 51 MBs of storage, which significantly reduces the amount of secure memory required. For larger security parameters or in exchange for more expensive computations, even larger storage reductions are achieved. The second construction combines a standard binary tree PPRF with a new “domain extension” technique. For a reasonable choice of parameters, this reduces the required storage by a factor of up to 5 compared to a standard session cache. It employs only symmetric cryptography, is suitable for high-traffic scenarios, and can serve thousands of tickets per second.}, language = {en}, number = {3}, journal = {Journal of Cryptology}, author = {Aviram, Nimrod and Gellert, Kai and Jager, Tibor}, month = may, year = {2021}, keywords = {0-RTT, Forward Security, Puncturable PRF, Session Resumption, TLS 1.3}, pages = {20}, } @inproceedings{wachs_PushAwayYour_2017, title = {Push away your privacy: {Precise} user tracking based on {TLS} client certificate authentication}, shorttitle = {Push away your privacy}, doi = {10.23919/TMA.2017.8002897}, abstract = {The design and implementation of cryptographic systems offer many subtle pitfalls. One such pitfall is that cryptography may create unique identifiers potentially usable to repeatedly and precisely re-identify and hence track users. This work investigates TLS Client Certificate Authentication (CCA), which currently transmits certificates in plain text. We demonstrate CCA's impact on client traceability using Apple's Apple Push Notification service (APNs) as an example. APNs is used by all Apple products, employs plain-text CCA, and aims to be constantly connected to its backend. Its novel combination of large device count, constant connections, device proximity to users and unique client certificates provides for precise client traceability. We show that passive eavesdropping allows to precisely re-identify and track users and that only ten interception points are required to track more than 80 percent of APNs users due to global routing characteristics. We conduct our work under strong ethical guidelines, responsibly disclose our findings, and can confirm a working patch by Apple for the highlighted issue. We aim for this work to provide the necessary factual and quantified evidence about negative implications of plain-text CCA to boost deployment of encrypted CCA as in TLS 1.3.}, booktitle = {2017 {Network} {Traffic} {Measurement} and {Analysis} {Conference} ({TMA})}, author = {Wachs, Matthias and Scheitle, Quirin and Carle, Georg}, month = jun, year = {2017}, keywords = {Authentication, Cryptography, Mobile communication, Ports (Computers), Privacy, Servers}, pages = {1--9}, } @article{parsovs_PracticalIssuesTLS_2014, title = {Practical {Issues} with {TLS} {Client} {Certificate} {Authentication}}, doi = {10.14722/ndss.2014.23036}, abstract = {—The most widely used secure Internet communication standard TLS (Transport Layer Security) has an optional client certificate authentication feature that in theory has significant security advantages over HTML form-based password authentication. In this paper we discuss practical security and usability issues related to TLS client certificate authentication stemming from the server-side and browser implementations. In particular, we analyze Apache’s mod\_ssl implementation on the server side and the most popular browsers – Mozilla Firefox, Google Chrome and Microsoft Internet Explorer on the client side. We complement our paper with a measurement study performed in Estonia where TLS client certificate authentication is widely used. We present our recommendations to improve the security and usability of TLS client certificate authentication.}, language = {en}, journal = {Proceedings 2014 Network and Distributed System Security Symposium}, author = {Parsovs, Arnis}, year = {2014}, note = {Conference Name: Network and Distributed System Security Symposium ISBN: 9781891562358 Place: San Diego, CA Publisher: Internet Society}, } @inproceedings{xia_OldHabitsHard_2021, title = {Old {Habits} {Die} {Hard}: {A} {Sober} {Look} at {TLS} {Client} {Certificates} in the {Real} {World}}, shorttitle = {Old {Habits} {Die} {Hard}}, doi = {10.1109/TrustCom53373.2021.00029}, abstract = {Certificates play a key role in TLS, which is by far the most widely used security protocol for protecting network traffic. Studies have shown that inappropriate usage of certificates may incur security and privacy risks, most of which are focused on the server-side certificates. However, with the rapid development of the Internet of Things that interconnects countless nodes over the world, as well as the Zero Trust philosophy that stresses authentication of every entity, the adoption of client certificates could be a lot more vital. According to our observation, many practical problems and security risks still exist in the deployment and use of client certificates. In this paper, we present a passive measurement of over 24 million client certificates, collected by a framework deployed on the CSTNET, one of the major academic backbone networks in China. By performing a comprehensive analysis of the large scale real-world data, we give a big picture of the client certificates usage in current network, and disclose implementation flaws of these certificates which may possibly harm transport layer security and user privacy. As many as 342,699 defective client certificates are unearthed, which is an important reminder that never should we neglect the correct use of certificates on the client side.}, booktitle = {2021 {IEEE} 20th {International} {Conference} on {Trust}, {Security} and {Privacy} in {Computing} and {Communications} ({TrustCom})}, author = {Xia, Wei and Wang, Wei and He, Xin and Xiong, Gang and Gou, Gaopeng and Li, Zhenzhen and Li, Zhen}, month = oct, year = {2021}, note = {ISSN: 2324-9013}, keywords = {Client certificate, Conferences, Connection attribute analysis, Current measurement, Data privacy, Philosophical considerations, Privacy, Protocols, Security issues, Telecommunication traffic, Validity Period}, pages = {83--90}, } @inproceedings{delignat-lavaud_NetworkbasedOriginConfusion_2015, address = {Republic and Canton of Geneva, CHE}, series = {{WWW} '15}, title = {Network-based {Origin} {Confusion} {Attacks} against {HTTPS} {Virtual} {Hosting}}, isbn = {978-1-4503-3469-3}, doi = {10.1145/2736277.2741089}, abstract = {We investigate current deployment practices for virtual hosting, a widely used method for serving multiple HTTP and HTTPS origins from the same server, in popular content delivery networks, cloud-hosting infrastructures, and web servers. Our study uncovers a new class of HTTPS origin confusion attacks: when two virtual hosts use the same TLS certificate, or share a TLS session cache or ticket encryption key, a network attacker may cause a page from one of them to be loaded under the other's origin in a client browser. These attacks appear when HTTPS servers are configured to allow virtual host fallback from a client-requested, secure origin to some other unexpected, less-secure origin. We present evidence that such vulnerable virtual host configurations are widespread, even on the most popular and security-scrutinized websites, thus allowing a network adversary to hijack pages, or steal secure cookies and single sign-on tokens. To prevent our virtual host confusion attacks and recover the isolation guarantees that are commonly assumed in shared hosting environments, we propose fixes to web server software and advocate conservative configuration guidelines for the composition of HTTP with TLS.}, booktitle = {Proceedings of the 24th {International} {Conference} on {World} {Wide} {Web}}, publisher = {International World Wide Web Conferences Steering Committee}, author = {Delignat-Lavaud, Antoine and Bhargavan, Karthikeyan}, month = may, year = {2015}, pages = {227--237}, } @inproceedings{springall_MeasuringSecurityHarm_2016, address = {New York, NY, USA}, series = {{IMC} '16}, title = {Measuring the {Security} {Harm} of {TLS} {Crypto} {Shortcuts}}, isbn = {978-1-4503-4526-2}, doi = {10.1145/2987443.2987480}, abstract = {TLS has the potential to provide strong protection against network-based attackers and mass surveillance, but many implementations take security shortcuts in order to reduce the costs of cryptographic computations and network round trips. We report the results of a nine-week study that measures the use and security impact of these shortcuts for HTTPS sites among Alexa Top Million domains. We find widespread deployment of DHE and ECDHE private value reuse, TLS session resumption, and TLS session tickets. These practices greatly reduce the protection afforded by forward secrecy: connections to 38\% of Top Million HTTPS sites are vulnerable to decryption if the server is compromised up to 24 hours later, and 10\% up to 30 days later, regardless of the selected cipher suite. We also investigate the practice of TLS secrets and session state being shared across domains, finding that in some cases, the theft of a single secret value can compromise connections to tens of thousands of sites. These results suggest that site operators need to better understand the tradeoffs between optimizing TLS performance and providing strong security, particularly when faced with nation-state attackers with a history of aggressive, large-scale surveillance.}, booktitle = {Proceedings of the 2016 {Internet} {Measurement} {Conference}}, publisher = {Association for Computing Machinery}, author = {Springall, Drew and Durumeric, Zakir and Halderman, J. Alex}, month = nov, year = {2016}, pages = {33--47}, } @inproceedings{cangialosi_MeasurementAnalysisPrivate_2016, address = {New York, NY, USA}, series = {{CCS} '16}, title = {Measurement and {Analysis} of {Private} {Key} {Sharing} in the {HTTPS} {Ecosystem}}, isbn = {978-1-4503-4139-4}, doi = {10.1145/2976749.2978301}, abstract = {The semantics of online authentication in the web are rather straightforward: if Alice has a certificate binding Bob's name to a public key, and if a remote entity can prove knowledge of Bob's private key, then (barring key compromise) that remote entity must be Bob. However, in reality, many websites' and the majority of the most popular ones-are hosted at least in part by third parties such as Content Delivery Networks (CDNs) or web hosting providers. Put simply: administrators of websites who deal with (extremely) sensitive user data are giving their private keys to third parties. Importantly, this sharing of keys is undetectable by most users, and widely unknown even among researchers. In this paper, we perform a large-scale measurement study of key sharing in today's web. We analyze the prevalence with which websites trust third-party hosting providers with their secret keys, as well as the impact that this trust has on responsible key management practices, such as revocation. Our results reveal that key sharing is extremely common, with a small handful of hosting providers having keys from the majority of the most popular websites. We also find that hosting providers often manage their customers' keys, and that they tend to react more slowly yet more thoroughly to compromised or potentially compromised keys.}, booktitle = {Proceedings of the 2016 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Cangialosi, Frank and Chung, Taejoong and Choffnes, David and Levin, Dave and Maggs, Bruce M. and Mislove, Alan and Wilson, Christo}, month = oct, year = {2016}, pages = {628--640}, } @inproceedings{vissers_ManeuveringCloudsBypassing_2015, address = {New York, NY, USA}, series = {{CCS} '15}, title = {Maneuvering {Around} {Clouds}: {Bypassing} {Cloud}-based {Security} {Providers}}, isbn = {978-1-4503-3832-5}, shorttitle = {Maneuvering {Around} {Clouds}}, doi = {10.1145/2810103.2813633}, abstract = {The increase of Distributed Denial-of-Service (DDoS) attacks in volume, frequency, and complexity, combined with the constant required alertness for mitigating web application threats, has caused many website owners to turn to Cloud-based Security Providers (CBSPs) to protect their infrastructure. These solutions typically involve the rerouting of traffic from the original website through the CBSP's network, where malicious traffic can be detected and absorbed before it ever reaches the servers of the protected website. The most popular Cloud-based Security Providers do not require the purchase of dedicated traffic-rerouting hardware, but rely solely on changing the DNS settings of a domain name to reroute a website's traffic through their security infrastructure. Consequently, this rerouting mechanism can be completely circumvented by directly attacking the website's hosting IP address. Therefore, it is crucial for the security and availability of these websites that their real IP address remains hidden from potential attackers. In this paper, we discuss existing, as well as novel "origin-exposing" attack vectors which attackers can leverage to discover the IP address of the server where a website protected by a CBSP is hosted. To assess the impact of the discussed origin-exposing vectors on the security of CBSP-protected websites, we consolidate all vectors into CloudPiercer, an automated origin-exposing tool, which we then use to conduct the first large-scale analysis of the effectiveness of the origin-exposing vectors. Our results show that the problem is severe: 71.5\% of the 17,877 CBSP-protected websites that we tested, expose their real IP address through at least one of the evaluated vectors. The results of our study categorically demonstrate that a comprehensive adoption of CBSPs is harder than just changing DNS records. Our findings can steer CBSPs and site administrators towards effective countermeasures, such as proactively scanning for origin exposure and using appropriate network configurations that can greatly reduce the threat.}, booktitle = {Proceedings of the 22nd {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Vissers, Thomas and Van Goethem, Tom and Joosen, Wouter and Nikiforakis, Nick}, month = oct, year = {2015}, keywords = {DDOS attacks, cloud-based security, web attacks}, pages = {1530--1541}, } @inproceedings{aas_LetsEncryptAutomated_2019, address = {New York, NY, USA}, series = {{CCS} '19}, title = {Let's {Encrypt}: {An} {Automated} {Certificate} {Authority} to {Encrypt} the {Entire} {Web}}, isbn = {978-1-4503-6747-9}, shorttitle = {Let's {Encrypt}}, doi = {10.1145/3319535.3363192}, abstract = {Let's Encrypt is a free, open, and automated HTTPS certificate authority (CA) created to advance HTTPS adoption to the entire Web. Since its launch in late 2015, Let's Encrypt has grown to become the world's largest HTTPS CA, accounting for more currently valid certificates than all other browser-trusted CAs combined. By January 2019, it had issued over 538{\textasciitilde}million certificates for 223{\textasciitilde}million domain names. We describe how we built Let's Encrypt, including the architecture of the CA software system (Boulder) and the structure of the organization that operates it (ISRG), and we discuss lessons learned from the experience. We also describe the design of ACME, the IETF-standard protocol we created to automate CA--server interactions and certificate issuance, and survey the diverse ecosystem of ACME clients, including Certbot, a software agent we created to automate HTTPS deployment. Finally, we measure Let's Encrypt's impact on the Web and the CA ecosystem. We hope that the success of Let's Encrypt can provide a model for further enhancements to the Web PKI and for future Internet security infrastructure.}, booktitle = {Proceedings of the 2019 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Aas, Josh and Barnes, Richard and Case, Benton and Durumeric, Zakir and Eckersley, Peter and Flores-López, Alan and Halderman, J. Alex and Hoffman-Andrews, Jacob and Kasten, James and Rescorla, Eric and Schoen, Seth and Warren, Brad}, month = nov, year = {2019}, pages = {2473--2487}, } @article{dimartino_KnockingIPsIdentifying_2020, title = {Knocking on {IPs}: {Identifying} {HTTPS} {Websites} for {Zero}-{Rated} {Traffic}}, volume = {2020}, issn = {1939-0122}, shorttitle = {Knocking on {IPs}}, doi = {10.1155/2020/7285786}, abstract = {Zero-rating is a technique where internet service providers (ISPs) allow consumers to utilize a specific website without charging their internet data plan. Implementing zero-rating requires an accurate website identification method that is also efficient and reliable to be applied on live network traffic. In this paper, we examine existing website identification methods with the objective of applying zero-rating. Furthermore, we demonstrate the ineffectiveness of these methods against modern encryption protocols such as Encrypted SNI and DNS over HTTPS and therefore show that ISPs are not able to maintain the current zero-rating approaches in the forthcoming future. To address this concern, we present “Open-Knock,” a novel approach that is capable of accurately identifying a zero-rated website, thwarts free-riding attacks, and is sustainable on the increasingly encrypted web. In addition, our approach does not require plaintext protocols or preprocessed fingerprints upfront. Finally, our experimental analysis unveils that we are able to convert each IP address to the correct domain name for each website in the Tranco top 6000 websites list with an accuracy of 50.5\% and therefore outperform the current state-of-the-art approaches.}, language = {en}, number = {1}, journal = {Security and Communication Networks}, author = {Di Martino, Mariano and Quax, Peter and Lamotte, Wim}, year = {2020}, note = {\_eprint: https://onlinelibrary.wiley.com/doi/pdf/10.1155/2020/7285786}, pages = {7285786}, } @inproceedings{chen_HostTroublesMultiple_2016, address = {Vienna Austria}, title = {Host of {Troubles}: {Multiple} {Host} {Ambiguities} in {HTTP} {Implementations}}, isbn = {978-1-4503-4139-4}, shorttitle = {Host of {Troubles}}, doi = {10.1145/2976749.2978394}, abstract = {The Host header is a security-critical component in an HTTP request, as it is used as the basis for enforcing security and caching policies. While the current specification is generally clear on how host-related protocol fields should be parsed and interpreted, we find that the implementations are problematic. We tested a variety of widely deployed HTTP implementations and discover a wide range of non-compliant and inconsistent host processing behaviours. The particular problem is that when facing a carefully crafted HTTP request with ambiguous host fields (e.g., with multiple Host headers), two different HTTP implementations often accept and understand it differently when operating on the same request in sequence. We show a number of techniques to induce inconsistent interpretations of host between HTTP implementations and how the inconsistency leads to severe attacks such as HTTP cache poisoning and security policy bypass. The prevalence of the problem highlights the potential negative impact of gaps between the specifications and implementations of Internet protocols.}, language = {en}, booktitle = {Proceedings of the 2016 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {ACM}, author = {Chen, Jianjun and Jiang, Jian and Duan, Haixin and Weaver, Nicholas and Wan, Tao and Paxson, Vern}, month = oct, year = {2016}, pages = {1516--1527}, } @article{foppe_ExploitingTLSClient_2018, title = {Exploiting {TLS} {Client} {Authentication} for {Widespread} {User} {Tracking}}, volume = {2018}, copyright = {http://creativecommons.org/licenses/by-nc-nd/3.0}, issn = {2299-0984}, doi = {10.1515/popets-2018-0031}, abstract = {TLS, and SSL before it, has long supported the option for clients to authenticate to servers using their own certificates, but this capability has not been widely used. However, with the development of its Push Notification Service, Apple has deployed this technology on millions of devices for the first time. Wachs et al. [42] determined iOS client certificates could be used by passive network adversaries to track individual devices across the internet. Subsequently, Apple has patched their software to fix this vulnerability. We show these countermeasures are not effective by demonstrating three novel active attacks against TLS Client Certificate Authentication that are successful despite the defenses. Additionally, we show these attacks work against all known instances of TLS Client Certificate Authentication, including smart cards like those widely deployed by the Estonian government as part of their Digital ID program. Our attacks include in-path man-in-themiddle versions as well as a more powerful on-path attack that can be carried out without full network control.}, language = {en}, number = {4}, journal = {Proceedings on Privacy Enhancing Technologies}, author = {Foppe, Lucas and Martin, Jeremy and Mayberry, Travis and Rye, Erik C. and Brown, Lamont}, month = oct, year = {2018}, pages = {51--63}, } @article{wang_EvolutionChallengesDNSbased_2018, title = {Evolution and challenges of {DNS}-based {CDNs}}, volume = {4}, issn = {2352-8648}, doi = {10.1016/j.dcan.2017.07.005}, abstract = {DNS-based server redirecting is considered the most popular means of deploying CDNs. However, with the increasing use of remote DNS, DNS-based CDNs face a great challenge in performance degradation. To address this issue, encouraging progress has been made in both industry and research communities. In this article, state-of-art solutions for the remote DNS problem are discussed at first. Next, privacy concerns about DNS-based CDNs, including client location as well as redirection privacy, are identified and a representative solution is summarized. Finally, the solution is compared to those in prior works under different measures, and a discussion on DNS-based CDN applications is provided. A model is also established to deepen the understanding of CDN performance. We believe that this survey will shed light on the application of DNS-based CDNs, and it is expected to provide design guidelines to CDN service providers.}, number = {4}, journal = {Digital Communications and Networks}, author = {Wang, Zheng and Huang, Jun and Rose, Scott}, month = nov, year = {2018}, keywords = {Content delivery network, DNS privacy, DNS-Based server redirecting, Remote DNS}, pages = {235--243}, } @inproceedings{sy_EnhancedPerformanceEncrypted_2020, address = {New York, NY, USA}, series = {{ARES} '20}, title = {Enhanced performance for the encrypted web through {TLS} resumption across hostnames}, isbn = {978-1-4503-8833-7}, doi = {10.1145/3407023.3407067}, abstract = {TLS can resume previous connections via abbreviated resumption handshakes that decrease the delay and save expensive cryptographic operations by reusing cryptographic TLS state from previous connections. TLS version 1.3 recommends avoiding resumption handshakes, when connecting to a different hostname. In this work, we reassess this recommendation, as we find that sharing cryptographic TLS state across hostnames is a common practice on the web. We propose a TLS extension that allows the server to inform the client about TLS state sharing with other hostnames. This information enables the client to efficiently resume TLS sessions across hostnames. Our evaluation indicates that our TLS extension provides performance gains for the web. For example, about 58.7\% of the 20.24 full TLS handshakes that are required to retrieve an average website on the web can be converted to resumed connection establishments which reduces the CPU time consumed for TLS connection establishments by 44\%. Furthermore, our TLS extension accelerates the connection establishment with an average website by up to 30.7\%. Thus, our proposal significantly reduces the (energy) costs and the delay overhead in the encrypted web.}, booktitle = {Proceedings of the 15th {International} {Conference} on {Availability}, {Reliability} and {Security}}, publisher = {Association for Computing Machinery}, author = {Sy, Erik and Moennich, Moritz and Mueller, Tobias and Federrath, Hannes and Fischer, Mathias}, month = aug, year = {2020}, pages = {1--10}, } @article{ghaznavi_ContentDeliveryNetwork_2021, title = {Content {Delivery} {Network} {Security}: {A} {Survey}}, volume = {23}, issn = {1553-877X}, shorttitle = {Content {Delivery} {Network} {Security}}, doi = {10.1109/COMST.2021.3093492}, abstract = {A content delivery network (CDN) is a distributed infrastructure to deliver digital contents to end users with high performance. CDNs are critical to provide and protect the availability of Internet contents. However, adversaries can not only evade the CDN protection but also weaponize CDN resources to mount more sophisticated attacks. In this paper, we provide the first survey on CDN security. We categorize CDN security challenges per CDN infrastructure components, discuss possible countermeasures and their effectiveness, and delineate future research directions. This paper aims to highlight the state of CDN security and identify important research challenges in this area.}, number = {4}, journal = {IEEE Communications Surveys \& Tutorials}, author = {Ghaznavi, Milad and Jalalpour, Elaheh and Salahuddin, Mohammad A. and Boutaba, Raouf and Migault, Daniel and Preda, Stere}, year = {2021}, note = {Conference Name: IEEE Communications Surveys \& Tutorials}, keywords = {Content delivery networks, Content distribution networks, IP networks, Image edge detection, Internet, Routing, Security, Servers, countermeasures, mitigation strategies, security challenges, security vulnerabilities}, pages = {2166--2190}, } @article{shobiri_CDNsDarkSide_2023, title = {{CDNs}’ {Dark} {Side}: {Security} {Problems} in {CDN}-to-{Origin} {Connections}}, volume = {4}, shorttitle = {{CDNs}’ {Dark} {Side}}, doi = {10.1145/3499428}, abstract = {Content Delivery Networks (CDNs) play a vital role in today’s Internet ecosystem. To reduce the latency of loading a website’s content, CDNs deploy edge servers in different geographic locations. CDN providers also offer important security features including protection against Denial of Service (DoS) attacks, Web Application Firewalls (WAFs), and recently, issuing and managing certificates for their customers. Many popular websites use CDNs to benefit from both the security and the performance advantages. For HTTPS websites, Transport Layer Security (TLS) security choices may differ in the connections between end-users and a CDN (front-end or user-to-CDN), and between the CDN and the origin server (back-end or CDN-to-Origin). Modern browsers can stop/warn users if weak or insecure TLS/HTTPS options are used in the front-end connections. However, such problems in the back-end connections are not visible to browsers or end-users, and lead to serious security issues (e.g., not validating the certificate can lead to MitM attacks). In this article, we primarily analyze TLS/HTTPS security issues in the back-end communication; such issues include inadequate certificate validation and support for vulnerable TLS configurations. We develop a test framework and investigate the back-end connection of 14 leading CDNs (including Cloudflare, Microsoft Azure, Amazon, and Fastly), where we could create an account. Surprisingly, for all the 14 CDNs, we found that the back-end TLS connections are vulnerable to security issues prevented/warned by modern browsers; examples include failing to validate the origin server’s certificate, and using insecure cipher suites such as RC4, MD5, SHA-1, and even allowing plain HTTP connections to the origin. We also identified 168,795 websites in the Alexa top 1 million that are potentially vulnerable to Man-in-the-Middle (MitM) attacks in their back-end connections regardless of the origin/CDN configurations chosen by the origin owner.}, number = {1}, journal = {Digital Threats}, author = {Shobiri, Behnam and Mannan, Mohammad and Youssef, Amr}, month = mar, year = {2023}, pages = {3:1--3:22}, } @article{derler_BloomFilterEncryption_2021, title = {Bloom {Filter} {Encryption} and {Applications} to {Efficient} {Forward}-{Secret} 0-{RTT} {Key} {Exchange}}, volume = {34}, issn = {1432-1378}, doi = {10.1007/s00145-021-09374-3}, abstract = {Forward secrecy is considered an essential design goal of modern key establishment (KE) protocols, such as TLS 1.3, for example. Furthermore, efficiency considerations such as zero round-trip time (0-RTT), where a client is able to send cryptographically protected payload data along with the very first KE message, are motivated by the practical demand for secure low-latency communication. For a long time, it was unclear whether protocols that simultaneously achieve 0-RTT and full forward secrecy exist. Only recently, the first forward-secret 0-RTT protocol was described by Günther et al. (Eurocrypt, 2017). It is based on puncturable encryption. Forward secrecy is achieved by “puncturing” the secret key after each decryption operation, such that a given ciphertext can only be decrypted once (cf. also Green and Miers, S\&P 2015). Unfortunately, their scheme is completely impractical, since one puncturing operation takes between 30 s and several minutes for reasonable security and deployment parameters, such that this solution is only a first feasibility result, but not efficient enough to be deployed in practice. In this paper, we introduce a new primitive that we term Bloom filter encryption (BFE), which is derived from the probabilistic Bloom filter data structure. We describe different constructions of BFE schemes and show how these yield new puncturable encryption mechanisms with extremely efficient puncturing. Most importantly, a puncturing operation only involves a small number of very efficient computations, plus the deletion of certain parts of the secret key, which outperforms previous constructions by orders of magnitude. This gives rise to the first forward-secret 0-RTT protocols that are efficient enough to be deployed in practice. We believe that BFE will find applications beyond forward-secret 0-RTT protocols.}, language = {en}, number = {2}, journal = {Journal of Cryptology}, author = {Derler, David and Gellert, Kai and Jager, Tibor and Slamanig, Daniel and Striecks, Christoph}, month = mar, year = {2021}, keywords = {0-RTT, Bloom filter, Bloom filter encryption, Forward secrecy, Key exchange, Puncturable encryption}, pages = {13}, } @inproceedings{nikiforakis_AbusingLocalityShared_2011, address = {New York, NY, USA}, series = {{EUROSEC} '11}, title = {Abusing locality in shared web hosting}, isbn = {978-1-4503-0613-3}, doi = {10.1145/1972551.1972553}, abstract = {The increasing popularity of the World Wide Web has made more and more individuals and companies to identify the need of acquiring a Web presence. The most common way of acquiring such a presence is through Web hosting companies and the most popular hosting solution is shared Web hosting.In this paper we investigate the workings of shared Web hosting and we point out the potential lack of session isolation between domains hosted on the same physical server. We present two novel server-side attacks against session storage which target the logic of a Web application instead of specific logged-in users. Due to the lack of isolation, an attacker with a domain under his control can force arbitrary sessions to co-located Web applications as well as inspect and edit the contents of their existing active sessions. Using these techniques, an attacker can circumvent authentication mechanisms, elevate his privileges, steal private information and conduct attacks that would be otherwise impossible. Finally, we test the applicability of our attacks against common open-source software and evaluate their effectiveness in the presence of generic server-side countermeasures.}, booktitle = {Proceedings of the {Fourth} {European} {Workshop} on {System} {Security}}, publisher = {Association for Computing Machinery}, author = {Nikiforakis, Nick and Joosen, Wouter and Johns, Martin}, month = apr, year = {2011}, pages = {1--7}, } @inproceedings{janbeglou_EffectivenessDNSBasedSecurity_2014, title = {Effectiveness of {DNS}-{Based} {Security} {Approaches} in {Large}-{Scale} {Networks}}, doi = {10.1109/WAINA.2014.87}, abstract = {The Domain Name System (DNS) is widely seen as a vital protocol of the modern Internet. For example, popular services like load balancers and Content Delivery Networks heavily rely on DNS. Because of its important role, DNS is also a desirable target for malicious activities such as spamming, phishing, and botnets. To protect networks against these attacks, a number of DNS-based security approaches have been proposed. The key insight of our study is to measure the effectiveness of security approaches that rely on DNS in large-scale networks. For this purpose, we answer the following questions, How often is DNS used? Are most of the Internet flows established after contacting DNS? In this study, we collected data from the University of Auckland campus network with more than 33,000 Internet users and processed it to find out how DNS is being used. Moreover, we studied the flows that were established with and without contacting DNS. Our results show that less than 5 percent of the observed flows use DNS. Therefore, we argue that those security approaches that solely depend on DNS are not sufficient to protect large-scale networks.}, booktitle = {2014 28th {International} {Conference} on {Advanced} {Information} {Networking} and {Applications} {Workshops}}, author = {Janbeglou, Maziar and Naderi, Habib and Brownlee, Nevil}, month = may, year = {2014}, keywords = {DNS, Databases, Educational institutions, Electronic mail, IP networks, Internet, Ports (Computers), Servers, large-scale network, network measurement, passive monitoring, statistical analysis}, pages = {524--529}, } @inproceedings{guo_AbusingCDNsFun_2018, title = {Abusing {CDNs} for {Fun} and {Profit}: {Security} {Issues} in {CDNs}' {Origin} {Validation}}, shorttitle = {Abusing {CDNs} for {Fun} and {Profit}}, doi = {10.1109/SRDS.2018.00011}, abstract = {Content Delivery Networks (CDNs) are critical Internet infrastructure. Besides high availability and high performance, CDNs also provide security services such as anti-DoS and Web Application Firewalls to CDN-powered websites. However, the massive resources of CDNs may also be leveraged by attackers exploiting their architectural, implementation, or operational weaknesses. In this paper, we show that today's CDN operation is overly loose in customer-controlled forwarding policy and the lack of origin validation leads to a wide range of abuse cases such as DoS attack and stealthy port scan. We systematically study these abuse cases and demonstrate their feasibility in popular CDNs. Further, we evaluate the impact of these abuses by discovering that there are millions of CDN edge servers, and a substantial fraction of them can be abused. Lastly, we propose mitigation solutions against such abuses and discuss their feasibility.}, booktitle = {2018 {IEEE} 37th {Symposium} on {Reliable} {Distributed} {Systems} ({SRDS})}, author = {Guo, Run and Chen, Jianjun and Liu, Baojun and Zhang, Jia and Zhang, Chao and Duan, Haixin and Wan, Tao and Jiang, Jian and Hao, Shuang and Jia, Yaoqi}, month = oct, year = {2018}, note = {ISSN: 2575-8462}, keywords = {Bandwidth, Blacklisting, CDN, IP networks, Internet, Origin Abuse, Registers, Security, Servers}, pages = {1--10}, } @inproceedings{bhargavan_SymbolicAnalysisPrivacy_2022, address = {Los Angeles CA USA}, title = {A {Symbolic} {Analysis} of {Privacy} for {TLS} 1.3 with {Encrypted} {Client} {Hello}}, isbn = {978-1-4503-9450-5}, doi = {10.1145/3548606.3559360}, language = {en}, booktitle = {Proceedings of the 2022 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {ACM}, author = {Bhargavan, Karthikeyan and Cheval, Vincent and Wood, Christopher}, month = nov, year = {2022}, pages = {365--379}, } @inproceedings{joshi_BagPathsModel_2003, address = {New York, NY, USA}, series = {{KDD} '03}, title = {A bag of paths model for measuring structural similarity in {Web} documents}, isbn = {978-1-58113-737-8}, doi = {10.1145/956750.956822}, abstract = {Structural information (such as layout and look-and-feel) has been extensively used in the literatuce for extraction of interesting or relevant data, efficient storage, and query optimization. Traditionally, tree models (such as DOM trees) have been used to represent structural information, especially in the case of HTML and XML documents. However, computation of structural similarity between documents based on the tree model is computationally expensive. In this paper, we propose an alternative scheme for representing the structural information of documents based on the paths contained in the corresponding tree model. Since the model includes partial information about parents, children and siblings, it allows us to define a new family of meaningful (and at the same time computationally simple) structural similarity measures. Our experimental results based on the SIGMOD XML data set as well as HTML document collections from ibm.com, dell.com, and amazon.com show that the representation is powerful enough to produce good clusters of structurally similar pages.}, booktitle = {Proceedings of the ninth {ACM} {SIGKDD} international conference on {Knowledge} discovery and data mining}, publisher = {Association for Computing Machinery}, author = {Joshi, Sachindra and Agrawal, Neeraj and Krishnapuram, Raghu and Negi, Sumit}, month = aug, year = {2003}, pages = {577--582}, } @inproceedings{liang_WhenHTTPSMeets_2014, title = {When {HTTPS} {Meets} {CDN}: {A} {Case} of {Authentication} in {Delegated} {Service}}, shorttitle = {When {HTTPS} {Meets} {CDN}}, doi = {10.1109/SP.2014.12}, abstract = {Content Delivery Network (CDN) and Hypertext Transfer Protocol Secure (HTTPS) are two popular but independent web technologies, each of which has been well studied individually and independently. This paper provides a systematic study on how these two work together. We examined 20 popular CDN providers and 10,721 of their customer web sites using HTTPS. Our study reveals various problems with the current HTTPS practice adopted by CDN providers, such as widespread use of invalid certificates, private key sharing, neglected revocation of stale certificates, and insecure back-end communication. While some of those problems are operational issues only, others are rooted in the fundamental semantic conflict between the end-to-end nature of HTTPS and the man-in-the-middle nature of CDN involving multiple parties in a delegated service. To address the delegation problem when HTTPS meets CDN, we proposed and implemented a lightweight solution based on DANE (DNS-based Authentication of Named Entities), an emerging IETF protocol complementing the current Web PKI model. Our implementation demonstrates that it is feasible for HTTPS to work with CDN securely and efficiently. This paper intends to provide a context for future discussion within security and CDN community on more preferable solutions.}, booktitle = {2014 {IEEE} {Symposium} on {Security} and {Privacy}}, author = {Liang, Jinjin and Jiang, Jian and Duan, Haixin and Li, Kang and Wan, Tao and Wu, Jianping}, month = may, year = {2014}, note = {ISSN: 2375-1207}, keywords = {Authentication, Browsers, Protocols, Servers, Uniform resource locators}, pages = {67--82}, } @inproceedings{lepochat_TrancoResearchorientedTop_2019, address = {San Diego, CA, USA}, series = {{NDSS} 2019}, title = {Tranco: {A} research-oriented top sites ranking hardened against manipulation}, url = {https://www.ndss-symposium.org/ndss-paper/tranco-a-research-oriented-top-sites-ranking-hardened-against-manipulation/}, booktitle = {26th annual network and distributed system security symposium san diego, california, {USA}, february 24-27, 2019}, publisher = {The Internet Society}, author = {Le Pochat, Victor and van Goethem, Tom and Tajalizadehkhoob, Samaneh and Korczynski, Maciej and Joosen, Wouter}, year = {2019}, } @misc{bernard_SimulationTenantTakeover_2024, title = {From {Simulation} to {Tenant} {Takeover}}, url = {https://media.ccc.de/v/38c3-from-simulation-to-tenant-takeover}, abstract = {All I wanted was for Microsoft to deliver my phishing simulation. This journey took me from discovering trivial vulnerabilities in Micros...}, language = {en}, urldate = {2025-04-29}, author = {Bernard, Vaisha}, month = dec, year = {2024}, } @misc{bullock_ResolvingMutualTLS_2025, title = {Resolving a {Mutual} {TLS} session resumption vulnerability}, url = {https://blog.cloudflare.com/resolving-a-mutual-tls-session-resumption-vulnerability/}, abstract = {Cloudflare patched a Mutual TLS (mTLS) vulnerability (CVE-2025-23419) reported via its Bug Bounty Program. The flaw in session resumption allowed client certificates to authenticate across different zones improperly. Cloudflare mitigated the issue in 32 hours by disabling session resumption for mTLS connections.}, language = {en}, urldate = {2025-04-29}, journal = {The Cloudflare Blog}, author = {Bullock, Matt and Mehra, Rushil and Ghedini, Alessandro}, month = feb, year = {2025}, } @inproceedings{merget_ScalableScanningAutomatic_2019, title = {Scalable {Scanning} and {Automatic} {Classification} of {TLS} {Padding} {Oracle} {Vulnerabilities}}, isbn = {978-1-939133-06-9}, url = {https://www.usenix.org/conference/usenixsecurity19/presentation/merget}, language = {en}, booktitle = {28th {USENIX} {Security} {Symposium} ({USENIX} {Security} 19)}, author = {Merget, Robert and Somorovsky, Juraj and Aviram, Nimrod and Young, Craig and Fliegenschmidt, Janis and Schwenk, Jörg and Shavitt, Yuval}, year = {2019}, pages = {1029--1046}, } @inproceedings{mirheidari_WebCacheDeception_2022, title = {Web {Cache} {Deception} {Escalates}!}, isbn = {978-1-939133-31-1}, url = {https://www.usenix.org/conference/usenixsecurity22/presentation/mirheidari}, language = {en}, author = {Mirheidari, Seyed Ali and Golinelli, Matteo and Onarlioglu, Kaan and Kirda, Engin and Crispo, Bruno}, year = {2022}, pages = {179--196}, } @misc{kettle_PracticalWebCache_2018, title = {Practical {Web} {Cache} {Poisoning}}, url = {https://portswigger.net/research/practical-web-cache-poisoning}, abstract = {In this paper I'll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems}, urldate = {2025-01-13}, journal = {PortSwigger Research}, author = {Kettle, James}, month = aug, year = {2018}, } @inproceedings{squarcina_CanTakeYour_2021, title = {Can {I} {Take} {Your} {Subdomain}? {Exploring} \{{Same}-{Site}\} {Attacks} in the {Modern} {Web}}, isbn = {978-1-939133-24-3}, shorttitle = {Can {I} {Take} {Your} {Subdomain}?}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/squarcina}, language = {en}, booktitle = {30th {USENIX} {Security} {Symposium} ({USENIX} {Security} 21)}, author = {Squarcina, Marco and Tempesta, Mauro and Veronese, Lorenzo and Calzavara, Stefano and Maffei, Matteo}, year = {2021}, pages = {2917--2934}, } @inproceedings{mirheidari_CachedConfusedWeb_2020, title = {Cached and {Confused}: {Web} {Cache} {Deception} in the {Wild}}, isbn = {978-1-939133-17-5}, shorttitle = {Cached and {Confused}}, url = {https://www.usenix.org/conference/usenixsecurity20/presentation/mirheidari}, language = {en}, booktitle = {29th {USENIX} {Security} {Symposium} ({USENIX} {Security} 20)}, author = {Mirheidari, Seyed Ali and Arshad, Sajjad and Onarlioglu, Kaan and Crispo, Bruno and Kirda, Engin and Robertson, William}, year = {2020}, pages = {665--682}, } @inproceedings{durumeric_ZMapFastInternetwide_2013, title = {{ZMap}: {Fast} {Internet}-wide {Scanning} and {Its} {Security} {Applications}}, isbn = {978-1-931971-03-4}, shorttitle = {{ZMap}}, url = {https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/durumeric}, language = {en}, booktitle = {22nd {USENIX} {Security} {Symposium} ({USENIX} {Security} 13)}, author = {Durumeric, Zakir and Wustrow, Eric and Halderman, J. Alex}, year = {2013}, pages = {605--620}, } @inproceedings{izhikevich_ZDNSFastDNS_2022, address = {New York, NY, USA}, series = {{IMC} '22}, title = {{ZDNS}: a fast {DNS} toolkit for internet measurement}, isbn = {978-1-4503-9259-4}, shorttitle = {{ZDNS}}, doi = {10.1145/3517745.3561434}, abstract = {Active DNS measurement is fundamental to understanding and improving the DNS ecosystem. However, the absence of an extensible, high-performance, and easy-to-use DNS toolkit has limited both the reproducibility and coverage of DNS research. In this paper, we introduce ZDNS, a modular and open-source active DNS measurement framework optimized for large-scale research studies of DNS on the public Internet. We describe ZDNS's architecture, evaluate its performance, and present two case studies that highlight how the tool can be used to shed light on the operational complexities of DNS. We hope that ZDNS will enable researchers to better---and in a more reproducible manner---understand Internet behavior.}, booktitle = {Proceedings of the 22nd {ACM} {Internet} {Measurement} {Conference}}, publisher = {Association for Computing Machinery}, author = {Izhikevich, Liz and Akiwate, Gautam and Berger, Briana and Drakontaidis, Spencer and Ascheman, Anna and Pearce, Paul and Adrian, David and Durumeric, Zakir}, month = oct, year = {2022}, pages = {33--43}, } @inproceedings{sy_TrackingUsersWeb_2018, address = {New York, NY, USA}, series = {{ACSAC} '18}, title = {Tracking {Users} across the {Web} via {TLS} {Session} {Resumption}}, isbn = {978-1-4503-6569-7}, doi = {10.1145/3274694.3274708}, abstract = {User tracking on the Internet can come in various forms, e.g., via cookies or by fingerprinting web browsers. A technique that got less attention so far is user tracking based on TLS and specifically based on the TLS session resumption mechanism. To the best of our knowledge, we are the first that investigate the applicability of TLS session resumption for user tracking. For that, we evaluated the configuration of 48 popular browsers and one million of the most popular websites. Moreover, we present a so-called prolongation attack, which allows extending the tracking period beyond the lifetime of the session resumption mechanism. To show that under the observed browser configurations tracking via TLS session resumptions is feasible, we also looked into DNS data to understand the longest consecutive tracking period for a user by a particular website. Our results indicate that with the standard setting of the session resumption lifetime in many current browsers, the average user can be tracked for up to eight days. With a session resumption lifetime of seven days, as recommended upper limit in the draft for TLS version 1.3, 65\% of all users in our dataset can be tracked permanently.}, booktitle = {Proceedings of the 34th {Annual} {Computer} {Security} {Applications} {Conference}}, publisher = {Association for Computing Machinery}, author = {Sy, Erik and Burkert, Christian and Federrath, Hannes and Fischer, Mathias}, month = dec, year = {2018}, pages = {289--299}, } @inproceedings{huaman_YouHaveRead_2024, title = {"{You} have to read 50 different {RFCs} that contradict each other": {An} {Interview} {Study} on the {Experiences} of {Implementing} {Cryptographic} {Standards}}, isbn = {978-1-939133-44-1}, shorttitle = {"{You} have to read 50 different \{{RFCs}\} that contradict each other"}, url = {https://www.usenix.org/conference/usenixsecurity24/presentation/huaman}, language = {en}, author = {Huaman, Nicolas and Suray, Jacques and Klemmer, Jan H. and Fourné, Marcel and Amft, Sabrina and Trummová, Ivana and Acar, Yasemin and Fahl, Sascha}, year = {2024}, pages = {7249--7266}, } @misc{durumeric_Zgrab2_, title = {zgrab2}, shorttitle = {zgrab2}, url = {https://github.com/zmap/zgrab2}, abstract = {Fast Go Application Scanner}, publisher = {The ZMap Project}, author = {Durumeric, Zakir and Adrian, David}, } @misc{filippovalsorda_WeNeedTalk_2017, title = {We need to talk about {Session} {Tickets}}, url = {https://words.filippo.io/we-need-to-talk-about-session-tickets/}, abstract = {More specifically, TLS 1.2 Session Tickets. Session Tickets, specified in RFC 5077 [https://tools.ietf.org/html/rfc5077], are a technique to resume TLS sessions by storing key material encrypted on the clients. In TLS 1.2 they speed up the handshake from two to one round-trips. Unfortunately, a}, urldate = {2024-07-03}, journal = {Filippo Valsorda}, author = {Valsorda, Filippo}, month = sep, year = {2017}, } @misc{timtaubert_BotchingForwardSecrecy_, title = {Botching {Forward} {Secrecy} - {The} sad state of server-side {TLS} {Session} {Resumption} implementations}, url = {https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-resumption-implementations/}, urldate = {2024-08-05}, author = {Taubert, Tim}, } @misc{timtaubert_FutureSessionResumption_, title = {The future of session resumption - {Forward} secure {PSK} key agreement in {TLS} 1.3}, url = {https://timtaubert.de/blog/2017/02/the-future-of-session-resumption/}, urldate = {2024-08-05}, author = {Taubert, Tim}, } @misc{cloudflare_MutualTLSMTLS_2024, title = {Mutual {TLS} ({mTLS}) · {Cloudflare} {API} {Shield} docs}, url = {https://developers.cloudflare.com/api-shield/security/mtls/}, abstract = {Mutual TLS (mTLS) authentication uses client certificates to ensure traffic between client and server is bidirectionally secure and trusted. mTLS also allows requests that do not authenticate via an identity provider — such as Internet-of-things (IoT) devices — to demonstrate they can reach a given resource.}, language = {en}, urldate = {2025-01-20}, journal = {Cloudflare API Shield Docs}, author = {{Cloudflare}}, month = aug, year = {2024}, } @misc{mozilla_Ssl_handshake_versionGLAM_2025, title = {ssl\_handshake\_version {\textbar} {GLAM}}, url = {https://glam.telemetry.mozilla.org/firefox/probe/ssl_handshake_version/explore}, urldate = {2025-01-20}, journal = {GLAM: Glean Aggregated Metrics Explorer}, author = {{Mozilla}}, year = {2025}, } @misc{_UsageStatisticsMarket_, title = {Usage {Statistics} and {Market} {Share} of {Web} {Servers}, {January} 2025}, url = {https://w3techs.com/technologies/overview/web_server}, urldate = {2025-01-06}, } @misc{server_CaddyUltimateServer_, title = {Caddy - {The} {Ultimate} {Server} with {Automatic} {HTTPS}}, url = {https://caddyserver.com/}, abstract = {Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go}, urldate = {2025-01-06}, journal = {Caddy Web Server}, author = {ZeroSSL}, } @inproceedings{krombholz_HaveNoIdea_2017, address = {Vancouver, BC}, title = {"{I} have no idea what i’m doing" - on the usability of deploying {HTTPS}}, isbn = {978-1-931971-40-9}, url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/krombholz}, booktitle = {26th {USENIX} security symposium ({USENIX} security 17)}, publisher = {USENIX Association}, author = {Krombholz, Katharina and Mayer, Wilfried and Schmiedecker, Martin and Weippl, Edgar}, month = aug, year = {2017}, pages = {1339--1356}, } @misc{_HeartbleedBug_, title = {Heartbleed {Bug}}, url = {https://heartbleed.com/}, urldate = {2024-08-28}, } @inproceedings{brinkmann_ALPACAApplicationLayer_2021, title = {{ALPACA}: {Application} {Layer} {Protocol} {Confusion} - {Analyzing} and {Mitigating} {Cracks} in {TLS} {Authentication}}, isbn = {978-1-939133-24-3}, shorttitle = {\{{ALPACA}\}}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/brinkmann}, language = {en}, booktitle = {30th {USENIX} {Security} {Symposium} ({USENIX} {Security} 21)}, author = {Brinkmann, Marcus and Dresen, Christian and Merget, Robert and Poddebniak, Damian and Müller, Jens and Somorovsky, Juraj and Schwenk, Jörg and Schinzel, Sebastian}, year = {2021}, keywords = {tls}, pages = {4293--4310}, } @inproceedings{arfaoui_PrivacyTLSProtocol_2019, title = {The privacy of the {TLS} 1.3 protocol}, volume = {2019}, doi = {10.2478/popets-2019-0065}, abstract = {TLS (Transport Layer Security) is a widely deployed protocol that plays a vital role in securing Internet traffic. Given the numerous known attacks for TLS 1.2, it was imperative to change and even redesign the protocol in order to address them. In August 2018, a new version of the protocol, TLS 1.3, was standardized by the IETF (Internet Engineering Task Force). TLS 1.3 not only benefits from stronger security guarantees, but aims to protect the identities of the server and client by encrypting messages as soon as possible during the authentication. In this paper, we model the privacy guarantees of TLS 1.3 when parties execute a full handshake or use a session resumption, covering all the handshake modes of TLS. We build our privacy models on top of the one defined by Hermans et al. for RFIDs (Radio Frequency Identification Devices) that mostly targets authentication protocols. The enhanced models share similarities to the Bellare-Rogaway AKE (Authenticated Key Exchange) security model and consider adversaries that can compromise both types of participants in the protocol. In particular, modeling session resumption is non-trivial, given that session resumption tickets are essentially a state transmitted from one session to another and such link reveals information on the parties. On the positive side, we prove that TLS 1.3 protects the privacy of its users at least against passive adversaries, contrary to TLS 1.2, and against more powerful ones.}, author = {Arfaoui, Ghada and Bultel, Xavier and Fouque, Pierre-Alain and Nedelcu, Adina and Onete, Cristina}, month = jul, year = {2019}, } @misc{filippovalsorda_TicketbleedCVE20169244_, title = {Ticketbleed ({CVE}-2016-9244)}, url = {https://filippo.io/Ticketbleed/}, urldate = {2024-08-05}, author = {{Filippo Valsorda}}, } @misc{_TLSSessionResumption_2015, title = {{TLS} {Session} {Resumption}: {Full}-speed and {Secure}}, shorttitle = {{TLS} {Session} {Resumption}}, url = {https://blog.cloudflare.com/tls-session-resumption-full-speed-and-secure}, abstract = {At CloudFlare, making web sites faster and safer at scale is always a driving force for innovation. We introduced “Universal SSL” to dramatically increase the size of the encrypted web.}, language = {en}, urldate = {2024-07-13}, journal = {The Cloudflare Blog}, author = {{Cloudflare}}, month = feb, year = {2015}, } @incollection{hornemann_SharingCaringAnalyzing_2024, address = {Bonn}, title = {Sharing is caring: {Towards} analyzing attack surfaces on shared hosting providers}, isbn = {978-3-88579-739-5}, booktitle = {Sicherheit 2024}, publisher = {Gesellschaft für Informatik e.V.}, author = {Hörnemann, Jan and Pohlmann, Norbert and Urban, Tobias and Große-Kampmann, Matteo}, year = {2024}, doi = {10.18420/sicherheit2024_014}, note = {tex.pissn: 1617-5468}, pages = {217--229}, } @inproceedings{wang_ReCheckYourCertificates_2021, address = {Cham}, title = {Re-{Check} {Your} {Certificates}! {Experiences} and {Lessons} {Learnt} from {Real}-{World} {HTTPS} {Certificate} {Deployments}}, isbn = {978-3-030-92708-0}, doi = {10.1007/978-3-030-92708-0_2}, abstract = {HTTPS is the typical security best practice to protect data transmission. However, it is difficult to correctly deploy HTTPS even for administrators with technical expertise, and mis-configurations often lead to user-facing errors and potential vulnerabilities. One major reason is that administrators do not follow new features of HTTPS ecosystem evolution, and mistakes were unnoticed and existed for years.}, language = {en}, booktitle = {Network and {System} {Security}}, publisher = {Springer International Publishing}, author = {Wang, Wenya and Li, Yakang and Wang, Chao and Yan, Yuan and Li, Juanru and Gu, Dawu}, editor = {Yang, Min and Chen, Chao and Liu, Yang}, year = {2021}, keywords = {CERNET, Digital certificate, HTTPS, PKI}, pages = {17--37}, } @article{reese_NginxHighperformanceWeb_2008, title = {Nginx: the high-performance web server and reverse proxy}, volume = {2008}, issn = {1075-3583}, shorttitle = {Nginx}, abstract = {A leaner, meaner Apache.}, number = {173}, journal = {Linux J.}, author = {Reese, Will}, month = sep, year = {2008}, pages = {2:2}, } @inproceedings{gellert_FormalSecurityAnalysis_2021, address = {Cham}, title = {A {Formal} {Security} {Analysis} of {Session} {Resumption} {Across} {Hostnames}}, isbn = {978-3-030-88418-5}, doi = {10.1007/978-3-030-88418-5_3}, abstract = {The TLS 1.3 session resumption handshakes enables a client and a server to resume a previous connection via a shared secret, which was established during a previous session. In practice, this is often done via session tickets, where the server provides a “self-encrypted” ticket containing the shared secret to its clients. A client may resume its session by sending the ticket to the server, which allows the server to retrieve the shared secret stored within the ticket.}, language = {en}, booktitle = {Computer {Security} – {ESORICS} 2021}, publisher = {Springer International Publishing}, author = {Gellert, Kai and Handirk, Tobias}, editor = {Bertino, Elisa and Shulman, Haya and Waidner, Michael}, year = {2021}, pages = {44--64}, } @inproceedings{bock_ReturnBleichenbacherOracle_2018, address = {Baltimore, MD}, title = {Return of {Bleichenbacher}’s oracle threat ({ROBOT})}, isbn = {978-1-939133-04-5}, url = {https://www.usenix.org/conference/usenixsecurity18/presentation/bock}, booktitle = {27th {USENIX} security symposium ({USENIX} security 18)}, publisher = {USENIX Association}, author = {Böck, Hanno and Somorovsky, Juraj and Young, Craig}, month = aug, year = {2018}, pages = {817--849}, } @misc{tls-attacker, title = {{TLS}-{Attacker}}, url = {https://github.com/tls-attacker/TLS-Attacker}, year = {2024}, } @inproceedings{boucher_BoostingBigBrother_2023, address = {New York, NY, USA}, series = {{RAID} '23}, title = {Boosting {Big} {Brother}: {Attacking} {Search} {Engines} with {Encodings}}, isbn = {9798400707650}, shorttitle = {Boosting {Big} {Brother}}, url = {https://dl.acm.org/doi/10.1145/3607199.3607220}, doi = {10.1145/3607199.3607220}, abstract = {Search engines are vulnerable to attacks against indexing and searching via text encoding manipulation. By imperceptibly perturbing text using uncommon encoded representations, adversaries can control results across search engines for specific search queries. We demonstrate that this attack is successful against two major commercial search engines - Google and Bing - and one open source search engine - Elasticsearch. We further demonstrate that this attack is successful against LLM chat search including Bing’s GPT-4 chatbot and Google’s Bard chatbot. We also present a variant of the attack targeting text summarization and plagiarism detection models, two ML tasks closely tied to search. We provide a set of defenses against these techniques and warn that adversaries can leverage these attacks to launch disinformation campaigns against unsuspecting users, motivating the need for search engine maintainers to patch deployed systems.}, urldate = {2024-06-03}, booktitle = {Proceedings of the 26th {International} {Symposium} on {Research} in {Attacks}, {Intrusions} and {Defenses}}, publisher = {Association for Computing Machinery}, author = {Boucher, Nicholas and Pajola, Luca and Shumailov, Ilia and Anderson, Ross and Conti, Mauro}, month = oct, year = {2023}, keywords = {attacks, disinformation, indexing, search engines, text encodings}, pages = {700--713}, } @techreport{davis_UnicodeSecurityConsiderations_2014, title = {Unicode {Security} {Considerations}}, url = {https://www.unicode.org/reports/tr36/}, abstract = {Because Unicode contains such a large number of characters and incorporates the varied writing systems of the world, incorrect usage can expose programs or systems to possible security attacks. This is especially important as more and more products are internationalized. This document describes some of the security considerations that programmers, system analysts, standards developers, and users should take into account, and provides specific recommendations to reduce the risk of problems.}, language = {en}, number = {36}, author = {Davis, Mark and Suignard, Michel}, month = sep, year = {2014}, } @inproceedings{boucher_TrojanSourceInvisible_2023, title = {Trojan {Source}: {Invisible} {Vulnerabilities}}, isbn = {978-1-939133-37-3}, shorttitle = {Trojan {Source}}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/boucher}, language = {en}, urldate = {2024-02-22}, author = {Boucher, Nicholas and Anderson, Ross}, year = {2023}, pages = {6507--6524}, } @article{xiong_ImplicationsInsecureUse_2025, title = {The {Implications} of {Insecure} {Use} of {Fonts} {Against} {PDF} {Documents} and {Web} {Pages}}, volume = {20}, issn = {1556-6021}, url = {https://ieeexplore.ieee.org/document/11129102}, doi = {10.1109/TIFS.2025.3599320}, abstract = {This paper identifies the importance of the safe use of fonts in web and document security. We find multiple attack surfaces that can be exploited by an adversary using malicious fonts. We conduct a comprehensive evaluation of Portable Document Format (PDF) documents collected from the real world to investigate how an attacker can bypass PDF signatures. We further evaluate the potential security threats that an attacker can bring to web-based emails. Our study shows that various security issues may be caused by the inappropriate use of fonts, which are nevertheless overlooked in the past years. As such, guidelines promoting the secure use of fonts could be beneficial in reinforcing the security measures for digital documents and web pages.}, urldate = {2025-09-01}, journal = {IEEE Transactions on Information Forensics and Security}, author = {Xiong, Junjie and Wei, Mingkui and Han, Xiao and Lu, Zhuo and Liu, Yao}, year = {2025}, keywords = {ASCII, Codes, Electronic mail, Font security, Indexes, PDF signatures, Phishing, Portable document format, Rendering (computer graphics), Security, Training, Web pages, document integrity, email spoofing, glyph-code mismatch}, pages = {8773--8787}, } @inproceedings{mainka_ShadowAttacksHiding_2021, address = {Virtual}, title = {Shadow {Attacks}: {Hiding} and {Replacing} {Content} in {Signed} {PDFs}}, isbn = {978-1-891562-66-2}, shorttitle = {Shadow {Attacks}}, url = {https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-4_24117_paper.pdf}, doi = {10.14722/ndss.2021.24117}, language = {en}, urldate = {2025-05-22}, booktitle = {Proceedings 2021 {Network} and {Distributed} {System} {Security} {Symposium}}, publisher = {Internet Society}, author = {Mainka, Christian and Mladenov, Vladislav and Rohlmann, Simon}, year = {2021}, } @inproceedings{muller_ProcessingDangerousPaths_2021, title = {Processing dangerous paths}, url = {https://casa.rub.de/fileadmin/img/Publikationen_PDFs/2021_Processing_Dangerous_Paths_On_Security_and_Privacy_of_the_Portable_Document_Form_Publication_ClusterofExcellence_CASA_Bochum.pdf}, urldate = {2024-08-20}, booktitle = {Network and {Distributed} {Systems} {Security} {Symposium}}, publisher = {NDSS}, author = {Müller, Jens and Noss, Dominik and Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, year = {2021}, } @inproceedings{rohlmann_EverySignatureBroken_2023, title = {Every {Signature} is {Broken}: {On} the {Insecurity} of {Microsoft} {Office}’s {OOXML} {Signatures}}, isbn = {978-1-939133-37-3}, shorttitle = {Every {Signature} is {Broken}}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/rohlmann}, language = {en}, urldate = {2024-08-20}, author = {Rohlmann, Simon and Mladenov, Vladislav and Mainka, Christian and Hirschberger, Daniel and Schwenk, Jörg}, year = {2023}, pages = {7411--7428}, } @inproceedings{muller_PracticalDecryptionExFiltration_2019, address = {New York, NY, USA}, series = {{CCS} '19}, title = {Practical {Decryption} {exFiltration}: {Breaking} {PDF} {Encryption}}, isbn = {978-1-4503-6747-9}, shorttitle = {Practical {Decryption} {exFiltration}}, url = {https://doi.org/10.1145/3319535.3354214}, doi = {10.1145/3319535.3354214}, abstract = {The Portable Document Format, better known as PDF, is one of the most widely used document formats worldwide, and in order to ensure information confidentiality, this file format supports document encryption. In this paper, we analyze PDF encryption and show two novel techniques for breaking the confidentiality of encrypted documents. First, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within attacker-controlled content and therefore, exfiltrate the plaintext once the document is opened by a legitimate user. Second, we abuse a flaw in the PDF encryption specification to arbitrarily manipulate encrypted content. The only requirement is that a single block of known plaintext is needed, and we show that this is fulfilled by design. Our attacks allow the recovery of the entire plaintext of encrypted documents by using exfiltration channels which are based on standard compliant PDF properties. We evaluated our attacks on 27 widely used PDF viewers and found all of them to be vulnerable. We responsibly disclosed the vulnerabilities and supported the vendors in fixing the issues.}, urldate = {2022-10-27}, booktitle = {Proceedings of the 2019 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Müller, Jens and Ising, Fabian and Mladenov, Vladislav and Mainka, Christian and Schinzel, Sebastian and Schwenk, Jörg}, year = {2019}, keywords = {CBC gadgets, CBC malleability, PDF, direct exfiltration, encryption}, pages = {15--29}, } @inproceedings{muller_PostScriptUndeadPwning_2018, address = {Cham}, series = {Lecture {Notes} in {Computer} {Science}}, title = {{PostScript} {Undead}: {Pwning} the {Web} with a 35 {Years} {Old} {Language}}, isbn = {978-3-030-00470-5}, shorttitle = {{PostScript} {Undead}}, doi = {10.1007/978-3-030-00470-5_28}, abstract = {PostScript is a Turing complete page description language dating back to 1982. It is supported by most laser printers and for a long time it had been the preferred file format for documents like academic papers. In this work, we show that popular services such as Wikipedia, Microsoft OneDrive, and Google Mail can be attacked using malicious PostScript code. Besides abusing legitimate features of the PostScript language, we systematically analyzed the security of the most popular PostScript interpreter – Ghostscript. Our attacks include information disclosure, file inclusion, and remote command execution. Furthermore, we present methods to obfuscate PostScript code and embed it within legitimate PDF files to bypass security filters. This allows us to create a hybrid exploit that can be used to attack web applications, clients systems, print servers, or printers. Our large-scale evaluation reveals that 56\% of the analyzed web applications are vulnerable to at least one attack. In addition, three of the top 15 Alexa websites were found vulnerable. We provide different countermeasures and discuss their advantages and disadvantages. Finally, we extend the scope of our research considering further targets and more advanced obfuscation techniques.}, language = {en}, booktitle = {Research in {Attacks}, {Intrusions}, and {Defenses}}, publisher = {Springer International Publishing}, author = {Müller, Jens and Mladenov, Vladislav and Felsch, Dennis and Schwenk, Jörg}, editor = {Bailey, Michael and Holz, Thorsten and Stamatogiannakis, Manolis and Ioannidis, Sotiris}, year = {2018}, keywords = {EPS, PDF, PostScript, Web application security}, pages = {603--622}, } @inproceedings{muller_OfficeDocumentSecurity_2020, title = {Office {Document} {Security} and {Privacy}}, url = {https://www.usenix.org/conference/woot20/presentation/muller}, abstract = {OOXML and ODF are the de facto standard data formats for word processing, spreadsheets, and presentations. Both are XML-based, feature-rich container formats dating back to the early 2000s. In this work, we present a systematic analysis of the capabilities of malicious office documents. Instead of focusing on implementation bugs, we abuse legitimate features of the OOXML and ODF specifications. We categorize our attacks into five classes: (1) Denial-of-Service attacks affecting the host on which the document is processed. (2) Invasion of privacy attacks that track the usage of the document. (3) Information disclosure attacks exfiltrating personal data out of the victim's computer. (4) Data manipulation on the victim's system. (5) Code execution on the victim's machine. We evaluated the reference implementations – Microsoft Office and LibreOffice – and found both of them to be vulnerable to each tested class of attacks. Finally, we propose mitigation strategies to counter these attacks.}, language = {en}, urldate = {2022-10-27}, author = {Müller, Jens and Ising, Fabian and Mainka, Christian and Mladenov, Vladislav and Schinzel, Sebastian and Schwenk, Jörg}, year = {2020}, } @inproceedings{rohlmann_OopsCodeExecution_2022, title = {Oops... {Code} {Execution} and {Content} {Spoofing}: {The} {First} {Comprehensive} {Analysis} of {OpenDocument} {Signatures}}, isbn = {978-1-939133-31-1}, shorttitle = {Oops... {Code} {Execution} and {Content} {Spoofing}}, url = {https://www.usenix.org/conference/usenixsecurity22/presentation/rohlmann}, abstract = {OpenDocument is one of the major standards for interoperable office documents. Supported by office suites like Apache OpenOffice, LibreOffice, and Microsoft Office, the OpenDocument Format (ODF) is available for text processing, spreadsheets, and presentations on all major desktop and mobile operating systems. When it comes to governmental and business use cases, OpenDocument signatures can protect the integrity of a document's content, for example, for contracts, amendments, or bills. Moreover OpenDocument signatures also protect document's macros. Since the risks of using macros in documents is well-known, modern office applications only enable their execution if a trusted entity signs the macro code. Thus, the security of ODF documents often depends on the correct signature verification. In this paper, we conduct the first comprehensive analysis of OpenDocument signatures and reveal numerous severe threats. We identified five new attacks and evaluated them against 16 office applications on Windows, macOS, Linux, iOS, Android, and two online services. Our investigation revealed 12 out of 18 applications to be vulnerable for macro code execution, although the application only executes macros signed by trusted entities. For 17 of 18 applications, we could spoof the content in a signed ODF document while keeping the signature valid and trusted. Finally, we showed that attackers possessing a signed ODF could alter and forge the signature creation time in 16 of 18 applications. Our research was acknowledged by Microsoft, Apache OpenOffice, and LibreOffice during the coordinated disclosure.}, language = {en}, urldate = {2022-10-27}, author = {Rohlmann, Simon and Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, year = {2022}, pages = {3075--3092}, } @inproceedings{rohlmann_BreakingSpecificationPDF_2021, title = {Breaking the {Specification}: {PDF} {Certification}}, shorttitle = {Breaking the {Specification}}, doi = {10.1109/SP40001.2021.00110}, abstract = {The Portable Document Format (PDF) is the de-facto standard for document exchange. The PDF specification defines two different types of digital signatures to guarantee the authenticity and integrity of documents: approval signatures and certification signatures. Approval signatures testify one specific state of the PDF document. Their security has been investigated at CCS’19. Certification signatures are more powerful and flexible. They cover more complex workflows, such as signing contracts by multiple parties. To achieve this goal, users can make specific changes to a signed document without invalidating the signature.This paper presents the first comprehensive security evaluation on certification signatures in PDFs. We describe two novel attack classes – Evil Annotation and Sneaky Signature attacks which abuse flaws in the current PDF specification. Both attack classes allow an attacker to significantly alter a certified document’s visible content without raising any warnings. Our practical evaluation shows that an attacker could change the visible content in 15 of 26 viewer applications by using Evil Annotation attacks and in 8 applications using Sneaky Signature by using PDF specification compliant exploits. We improved both attacks’ stealthiness with applications’ implementation issues and found only two applications secure to all attacks. On top, we show how to gain high privileged JavaScript execution in Adobe.We responsibly disclosed these issues and supported the vendors to fix the vulnerabilities. We also propose concrete countermeasures and improvements to the current specification to fix the issues.}, booktitle = {2021 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})}, author = {Rohlmann, Simon and Mladenov, Vladislav and Mainka, Christian and Schwenk, Jörg}, year = {2021}, note = {ISSN: 2375-1207}, keywords = {Annotations, Certification, Certified-Document, Filling, Manifolds, PDF-Certification, PDF-Security, Portable document format, Privacy, Signatures, XML}, pages = {1485--1501}, } @inproceedings{franken_ReadingLinesExtensive_2021, title = {Reading {Between} the {Lines}: {An} {Extensive} {Evaluation} of the {Security} and {Privacy} {Implications} of {EPUB} {Reading} {Systems}}, shorttitle = {Reading {Between} the {Lines}}, url = {https://ieeexplore.ieee.org/abstract/document/9519412}, doi = {10.1109/SP40001.2021.00015}, abstract = {In recent years, e-books have proven to be a very appealing alternative to physical books; nowadays, almost every written book is published in an electronic format next to its physical copy. In an attempt to promote consensus and to offer an alternative to emerging proprietary e-book formats, the Open eBook format was introduced, now known as the EPUB format. Building on existing web functionalities, this open format relies primarily on XHTML and CSS to construct e-books. As such, browser engines are often employed to render the contents of EPUBs. However, this implies that reading systems may face similar vulnerabilities as web browsers.In this paper, we report on a semi-automated evaluation of the security and privacy aspects of EPUB reading systems. This evaluation, which was performed on 97 EPUB reading systems covering seven platforms and five physical reading devices, revealed that almost none of the JavaScript-supporting reading systems sufficiently adhere to the EPUB specification’s security recommendations. Furthermore, our results indicate that 16 reading systems even allow an EPUB to leak information about the user’s file system, and in eight cases extract file contents. In addition to the semi-automated evaluation, we demonstrate that an attacker can launch even more potent attacks that may lead to a full compromise of a user’s system, by exploiting aspects specific to the implementation of reading systems used by millions of users. Finally, we investigate the root cause of the identified security and privacy issues, uncovering several flaws in both the implementation of EPUB reading system, as well as shortcomings of the EPUB specification.}, urldate = {2024-02-22}, booktitle = {2021 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})}, author = {Franken, Gertjan and Van Goethem, Tom and Joosen, Wouter}, month = may, year = {2021}, note = {ISSN: 2375-1207}, keywords = {Browsers, Electronic publishing, Libraries, Manuals, Peer-to-peer computing, Performance evaluation, Privacy}, pages = {1730--1747}, } @inproceedings{mladenov_TrillionDollarRefund_2019, address = {New York, NY, USA}, series = {{CCS} '19}, title = {1 {Trillion} {Dollar} {Refund}: {How} {To} {Spoof} {PDF} {Signatures}}, isbn = {978-1-4503-6747-9}, shorttitle = {1 {Trillion} {Dollar} {Refund}}, url = {https://doi.org/10.1145/3319535.3339812}, doi = {10.1145/3319535.3339812}, abstract = {The Portable Document Format (PDF) is the de-facto standard for document exchange worldwide. To guarantee the authenticity and integrity of documents, digital signatures are used. Several public and private services ranging from governments, public enterprises, banks, and payment services rely on the security of PDF signatures. In this paper, we present the first comprehensive security evaluation on digital signatures in PDFs. We introduce three novel attack classes which bypass the cryptographic protection of digitally signed PDF files allowing an attacker to spoof the content of a signed PDF. We analyzed 22 different PDF viewers and found 21 of them to be vulnerable, including prominent and widely used applications such as Adobe Reader DC and Foxit. We additionally evaluated eight online validation services and found six to be vulnerable. A possible explanation for these results could be the absence of a standard algorithm to verify PDF signatures -- each client verifies signatures differently, and attacks can be tailored to these differences. We, therefore, propose the standardization of a secure verification algorithm, which we describe in this paper. All findings have been responsibly disclosed, and the affected vendors were supported during fixing the issues. As a result, three generic CVEs for each attack class were issued [50-52]. Our research on PDF signatures and more information is also online available at https://www.pdf-insecurity.org/.}, urldate = {2022-10-27}, booktitle = {Proceedings of the 2019 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Mladenov, Vladislav and Mainka, Christian and Meyer zu Selhausen, Karsten and Grothe, Martin and Schwenk, Jörg}, year = {2019}, keywords = {pdf, pdf security, pdf signatures}, pages = {1--14}, } @inproceedings{rasheed_LaughterWildStudy_2019, title = {Laughter in the {Wild}: {A} {Study} {Into} {DoS} {Vulnerabilities} in {YAML} {Libraries}}, shorttitle = {Laughter in the {Wild}}, url = {https://ieeexplore.ieee.org/abstract/document/8887385}, doi = {10.1109/TrustCom/BigDataSE.2019.00053}, abstract = {YAML is a widely used serialisation language for data interchange and application configuration. Since its introduction, remote code execution vulnerabilities have been reported for YAML parsers, and countermeasures have been proposed. Even though denial-of-service (DoS) vulnerabilities affecting parsers for formats such as XML have been extensively studied, a similar investigation for YAML libraries is lacking. In this paper, we systematically study DoS vulnerabilities for 14 libraries for ten popular programming languages and as a result, we have discovered seven previously unknown vulnerabilities, which have been reported and are pending CVE identifiers.}, urldate = {2024-08-20}, booktitle = {2019 18th {IEEE} {International} {Conference} {On} {Trust}, {Security} {And} {Privacy} {In} {Computing} {And} {Communications}/13th {IEEE} {International} {Conference} {On} {Big} {Data} {Science} {And} {Engineering} ({TrustCom}/{BigDataSE})}, author = {Rasheed, Shawn and Dietrich, Jens and Tahir, Amjed}, month = aug, year = {2019}, note = {ISSN: 2324-9013}, keywords = {Data structures, Denial of service, Java, Libraries, Loading, Reactive power, Security, Syntactics, Vulnerability, XML, YAML}, pages = {342--349}, } @inproceedings{you_MyZIPIsnt_2025, title = {My {ZIP} isn't your {ZIP}: {Identifying} and {Exploiting} {Semantic} {Gaps} {Between} {ZIP} {Parsers}}, isbn = {978-1-939133-52-6}, shorttitle = {My {ZIP} isn't your {ZIP}}, url = {https://www.usenix.org/conference/usenixsecurity25/presentation/you}, language = {en}, urldate = {2025-08-25}, author = {You, Yufan and Chen, Jianjun and Wang, Qi and Duan, Haixin}, year = {2025}, pages = {431--450}, } @inproceedings{li_FindingXPathBugs_2024, address = {New York, NY, USA}, series = {{ICSE} '24}, title = {Finding {XPath} {Bugs} in {XML} {Document} {Processors} via {Differential} {Testing}}, isbn = {9798400702174}, url = {https://dl.acm.org/doi/10.1145/3597503.3639208}, doi = {10.1145/3597503.3639208}, abstract = {Extensible Markup Language (XML) is a widely used file format for data storage and transmission. Many XML processors support XPath, a query language that enables the extraction of elements from XML documents. These systems can be affected by logic bugs, which are bugs that cause the processor to return incorrect results. In order to tackle such bugs, we propose a new approach, which we realized as a system called XPress. As a test oracle, XPress relies on differential testing, which compares the results of multiple systems on the same test input, and identifies bugs through discrepancies in their outputs. As test inputs, XPress generates both XML documents and XPath queries. Aiming to generate meaningful queries that compute non-empty results, XPress selects a so-called targeted node to guide the XPath expression generation process. Using the targeted node, XPress generates XPath expressions that reference existing context related to the targeted node, such as its tag name and attributes, while also guaranteeing that a predicate evaluates to true before further expanding the query. We tested our approach on six mature XML processors, BaseX, eXist-DB, Saxon, PostgreSQL, libXML2, and a commercial database system. In total, we have found 27 unique bugs in these systems, of which 25 have been verified by the developers, and 20 of which have been fixed. XPress is efficient, as it finds 12 unique bugs in BaseX in 24 hours, which is 2× as fast as naive random generation. We expect that the effectiveness and simplicity of our approach will help to improve the robustness of many XML processors.}, urldate = {2024-09-09}, booktitle = {Proceedings of the {IEEE}/{ACM} 46th {International} {Conference} on {Software} {Engineering}}, publisher = {Association for Computing Machinery}, author = {Li, Shuxin and Rigger, Manuel}, month = apr, year = {2024}, pages = {1--12}, } @inproceedings{kupser_HowBreakXML_2015, title = {How to {Break} {XML} {Encryption} – {Automatically}}, url = {https://www.usenix.org/conference/woot15/workshop-program/presentation/kupser}, language = {en}, urldate = {2024-08-20}, author = {Kupser, Dennis and Mainka, Christian and Schwenk, Jorg and Somorovsky, Juraj}, year = {2015}, } @inproceedings{spath_SoKXMLParser_2016, title = {{SoK}: {XML} {Parser} {Vulnerabilities}}, url = {https://www.usenix.org/conference/woot16/workshop-program/presentation/spath}, language = {en}, urldate = {2024-08-20}, author = {Späth, Christopher and Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, year = {2016}, } @inproceedings{jensen_EffectivenessXMLSchema_2011, title = {On the effectiveness of {XML} {Schema} validation for countering {XML} {Signature} {Wrapping} attacks}, url = {https://ieeexplore.ieee.org/abstract/document/6049019}, doi = {10.1109/IWSSCloud.2011.6049019}, abstract = {In the context of security of Web Services, the XML Signature Wrapping attack technique has lately received increasing attention. Following a broad range of real-world exploits, general interest in applicable countermeasures rises. However, few approaches for countering these attacks have been investigated closely enough to make any claims about their effectiveness. In this paper, we analyze the effectiveness of the specific countermeasure of XML Schema validation in terms of fending Signature Wrapping attacks. We investigate the problems of XML Schema validation for Web Services messages, and discuss the approach of Schema Hardening, a technique for strengthening XML Schema declarations. We conclude that XML Schema validation with a hardened XML Schema is capable of fending XML Signature Wrapping attacks, but bears some pitfalls and disadvantages as well.}, urldate = {2024-08-20}, booktitle = {2011 1st {International} {Workshop} on {Securing} {Services} on the {Cloud} ({IWSSC})}, author = {Jensen, Meiko and Meyer, Christopher and Somorovsky, Juraj and Schwenk, Jörg}, month = sep, year = {2011}, keywords = {Context, Schema Hardening hardest argument against, Schema Validation, Security, Signature Wrapping, Simple object access protocol, US Department of Energy, Wrapping, XML, XML Schema, XML Signature}, pages = {7--13}, } @inproceedings{jager_BleichenbacherAttackStrikes_2012, address = {Berlin, Heidelberg}, title = {Bleichenbacher’s {Attack} {Strikes} again: {Breaking} {PKCS}\#1 v1.5 in {XML} {Encryption}}, isbn = {978-3-642-33167-1}, shorttitle = {Bleichenbacher’s {Attack} {Strikes} again}, doi = {10.1007/978-3-642-33167-1_43}, abstract = {We describe several attacks against the PKCS\#1 v1.5 key transport mechanism of XML Encryption. Our attacks allow to recover the secret key used to encrypt transmitted payload data within a few minutes or several hours, depending on the considered scenario.}, language = {en}, booktitle = {Computer {Security} – {ESORICS} 2012}, publisher = {Springer}, author = {Jager, Tibor and Schinzel, Sebastian and Somorovsky, Juraj}, editor = {Foresti, Sara and Yung, Moti and Martinelli, Fabio}, year = {2012}, keywords = {Block Cipher, Oracle Query, Payload Data, Soap Message, Symmetric Encryption Scheme}, pages = {752--769}, } @article{blyth_SecurityAnalysisXML_2003, title = {Security analysis of {XML} usage and {XML} parsing}, volume = {22}, issn = {0167-4048}, url = {https://www.sciencedirect.com/science/article/pii/S0167404803006072}, doi = {10.1016/S0167-4048(03)00607-2}, abstract = {Web-based applications greatly increase the availability of information and the ability of people to access and share information in a collaborative environment. Organisations can only truly make use of this technology to create a competitive advantage if they can trust the technology to distribute and mediate information in a safe and secure manner. The Web was not designed with security in mind and the use of XML as a vehicle for marking up information and mediating information flows does not directly support the imposition of a security architecture to manage the security of collaborative information sharing and dissemination. The adoption of XML as the vehicle for electronic commerce has created an environment where XML is now a core technology to most organisations, yet most organisations are relying on off-the-shelf solutions to parsing and manipulating it. In this paper we will examine how XML and XML parsers can be attacked and used to modify, and enter false or misleading, information relating to an electronic transaction. The attack scenarios will be divided into five categories: DTD, Document Corruption, single-node, multi-node and back-end systems. For each attack type we will explore how the attack is perpetrated and what, if any, countermeasures exist to mitigate the attacks.}, number = {6}, urldate = {2024-08-20}, journal = {Computers \& Security}, author = {Blyth, Dr. Andrew and Cunliffe, Dr. Daniel and Sutherland, Dr. Iain}, month = sep, year = {2003}, keywords = {Domain Object Models, Electronic Commerce, Information Integrity and Protection, Information Security, XML, XML Parsing}, pages = {494--505}, } @inproceedings{munteanu_Catch22UncoveringCompromised_2025, title = {Catch-22: {Uncovering} {Compromised} {Hosts} using {SSH} {Public} {Keys}}, isbn = {978-1-939133-52-6}, shorttitle = {Catch-22}, url = {https://www.usenix.org/conference/usenixsecurity25/presentation/munteanu}, language = {en}, urldate = {2025-08-25}, author = {Munteanu, Cristian and Smaragdakis, Georgios and Feldmann, Anja and Fiebig, Tobias}, year = {2025}, pages = {861--878}, } @inproceedings{baumer_TerrapinAttackBreaking_2024a, title = {Terrapin {Attack}: {Breaking} \{{SSH}\} {Channel} {Integrity} {By} {Sequence} {Number} {Manipulation}}, isbn = {978-1-939133-44-1}, shorttitle = {Terrapin {Attack}}, url = {https://www.usenix.org/conference/usenixsecurity24/presentation/b%C3%A4umer}, language = {en}, urldate = {2024-12-18}, author = {Bäumer, Fabian and Brinkmann, Marcus and Schwenk, Jörg}, year = {2024}, pages = {7463--7480}, } @inproceedings{poddebniak_EfailBreakingMIME_2018, address = {Baltimore, MD}, title = {Efail: {Breaking} {S}/{MIME} and {OpenPGP} email encryption using exfiltration channels}, isbn = {978-1-939133-04-5}, url = {https://www.usenix.org/conference/usenixsecurity18/presentation/poddebniak}, booktitle = {27th {USENIX} security symposium ({USENIX} security 18)}, publisher = {USENIX Association}, author = {Poddebniak, Damian and Dresen, Christian and Müller, Jens and Ising, Fabian and Schinzel, Sebastian and Friedberger, Simon and Somorovsky, Juraj and Schwenk, Jörg}, month = aug, year = {2018}, pages = {549--566}, } @article{manes_ArtScienceEngineering_2021, title = {The art, science, and engineering of fuzzing: {A} survey}, volume = {47}, url = {https://doi.org/10.1109/TSE.2019.2946563}, doi = {10.1109/TSE.2019.2946563}, number = {11}, journal = {IEEE Transactions on Software Engineering}, author = {Manès, Valentin J. M. and Han, HyungSeok and Han, Choongwoo and Cha, Sang Kil and Egele, Manuel and Schwartz, Edward J. and Woo, Maverick}, year = {2021}, note = {tex.bibsource: dblp computer science bibliography, https://dblp.org tex.timestamp: Wed, 15 Dec 2021 10:32:18 +0100}, pages = {2312--2331}, } @article{miller_EmpiricalStudyReliability_1990, title = {An empirical study of the reliability of {UNIX} utilities}, volume = {33}, issn = {0001-0782}, url = {https://doi.org/10.1145/96267.96279}, doi = {10.1145/96267.96279}, abstract = {The following section describes the tools we built to test the utilities. These tools include the fuzz (random character) generator, ptyjig (to test interactive utilities), and scripts to automate the testing process. Next, we will describe the tests we performed, giving the types of input we presented to the utilities. Results from the tests will follow along with an analysis of the results, including identification and classification of the program bugs that caused the crashes. The final section presents concluding remarks, including suggestions for avoiding the types of problems detected by our study and some commentary on the bugs we found. We include an Appendix with the user manual pages for fuzz and ptyjig.}, number = {12}, urldate = {2024-07-18}, journal = {Commun. ACM}, author = {Miller, Barton P. and Fredriksen, Lars and So, Bryan}, month = dec, year = {1990}, pages = {32--44}, } @misc{yu_PROMPTFUZZHarnessingFuzzing_2024, title = {{PROMPTFUZZ}: {Harnessing} {Fuzzing} {Techniques} for {Robust} {Testing} of {Prompt} {Injection} in {LLMs}}, shorttitle = {{PROMPTFUZZ}}, url = {http://arxiv.org/abs/2409.14729}, doi = {10.48550/arXiv.2409.14729}, abstract = {Large Language Models (LLMs) have gained widespread use in various applications due to their powerful capability to generate human-like text. However, prompt injection attacks, which involve overwriting a model's original instructions with malicious prompts to manipulate the generated text, have raised significant concerns about the security and reliability of LLMs. Ensuring that LLMs are robust against such attacks is crucial for their deployment in real-world applications, particularly in critical tasks. In this paper, we propose PROMPTFUZZ, a novel testing framework that leverages fuzzing techniques to systematically assess the robustness of LLMs against prompt injection attacks. Inspired by software fuzzing, PROMPTFUZZ selects promising seed prompts and generates a diverse set of prompt injections to evaluate the target LLM's resilience. PROMPTFUZZ operates in two stages: the prepare phase, which involves selecting promising initial seeds and collecting few-shot examples, and the focus phase, which uses the collected examples to generate diverse, high-quality prompt injections. Using PROMPTFUZZ, we can uncover more vulnerabilities in LLMs, even those with strong defense prompts. By deploying the generated attack prompts from PROMPTFUZZ in a real-world competition, we achieved the 7th ranking out of over 4000 participants (top 0.14\%) within 2 hours. Additionally, we construct a dataset to fine-tune LLMs for enhanced robustness against prompt injection attacks. While the fine-tuned model shows improved robustness, PROMPTFUZZ continues to identify vulnerabilities, highlighting the importance of robust testing for LLMs. Our work emphasizes the critical need for effective testing tools and provides a practical framework for evaluating and improving the robustness of LLMs against prompt injection attacks.}, urldate = {2025-01-31}, publisher = {arXiv}, author = {Yu, Jiahao and Shao, Yangguang and Miao, Hanwen and Shi, Junzheng and Xing, Xinyu}, month = sep, year = {2024}, note = {arXiv:2409.14729 [cs]}, keywords = {Computer Science - Artificial Intelligence, Computer Science - Cryptography and Security}, } @misc{huang_LargeLanguageModels_2024, title = {Large {Language} {Models} {Based} {Fuzzing} {Techniques}: {A} {Survey}}, shorttitle = {Large {Language} {Models} {Based} {Fuzzing} {Techniques}}, url = {http://arxiv.org/abs/2402.00350}, doi = {10.48550/arXiv.2402.00350}, abstract = {In the modern era where software plays a pivotal role, software security and vulnerability analysis have become essential for software development. Fuzzing test, as an efficient software testing method, are widely used in various domains. Moreover, the rapid development of Large Language Models (LLMs) has facilitated their application in the field of software testing, demonstrating remarkable performance. Considering that existing fuzzing test techniques are not entirely automated and software vulnerabilities continue to evolve, there is a growing trend towards employing fuzzing test generated based on large language models. This survey provides a systematic overview of the approaches that fuse LLMs and fuzzing tests for software testing. In this paper, a statistical analysis and discussion of the literature in three areas, namely LLMs, fuzzing test, and fuzzing test generated based on LLMs, are conducted by summarising the state-of-the-art methods up until 2024. Our survey also investigates the potential for widespread deployment and application of fuzzing test techniques generated by LLMs in the future.}, urldate = {2025-01-31}, publisher = {arXiv}, author = {Huang, Linghan and Zhao, Peizhou and Chen, Huaming and Ma, Lei}, month = feb, year = {2024}, note = {arXiv:2402.00350 [cs]}, keywords = {Computer Science - Artificial Intelligence, Computer Science - Software Engineering}, } @misc{dong_SafeguardingLargeLanguage_2024, title = {Safeguarding {Large} {Language} {Models}: {A} {Survey}}, shorttitle = {Safeguarding {Large} {Language} {Models}}, url = {http://arxiv.org/abs/2406.02622}, doi = {10.48550/arXiv.2406.02622}, abstract = {In the burgeoning field of Large Language Models (LLMs), developing a robust safety mechanism, colloquially known as “safeguards” or “guardrails”, has become imperative to ensure the ethical use of LLMs within prescribed boundaries. This article provides a systematic literature review on the current status of this critical mechanism. It discusses its major challenges and how it can be enhanced into a comprehensive mechanism dealing with ethical issues in various contexts. First, the paper elucidates the current landscape of safeguarding mechanisms that major LLM service providers and the open-source community employ. This is followed by the techniques to evaluate, analyze, and enhance some (un)desirable properties that a guardrail might want to enforce, such as hallucinations, fairness, privacy, and so on. Based on them, we review techniques to circumvent these controls (i.e., attacks), to defend the attacks, and to reinforce the guardrails. While the techniques mentioned above represent the current status and the active research trends, we also discuss several challenges that cannot be easily dealt with by the methods and present our vision on how to implement a comprehensive guardrail through the full consideration of multi-disciplinary approach, neural-symbolic method, and systems development lifecycle.}, language = {en}, urldate = {2025-02-19}, publisher = {arXiv}, author = {Dong, Yi and Mu, Ronghui and Zhang, Yanghao and Sun, Siqi and Zhang, Tianle and Wu, Changshun and Jin, Gaojie and Qi, Yi and Hu, Jinwei and Meng, Jie and Bensalem, Saddek and Huang, Xiaowei}, month = jun, year = {2024}, note = {arXiv:2406.02622 [cs]}, keywords = {Computer Science - Artificial Intelligence, Computer Science - Cryptography and Security}, } @misc{kim_CodexitySecureAIassisted_2024, title = {Codexity: {Secure} {AI}-assisted {Code} {Generation}}, shorttitle = {Codexity}, url = {http://arxiv.org/abs/2405.03927}, doi = {10.48550/arXiv.2405.03927}, abstract = {Despite the impressive performance of Large Language Models (LLMs) in software development activities, recent studies show the concern of introducing vulnerabilities into software codebase by AI programming assistants (e.g., Copilot, CodeWhisperer). In this work, we present Codexity, a security-focused code generation framework integrated with five LLMs. Codexity leverages the feedback of static analysis tools such as Infer and CppCheck to mitigate security vulnerabilities in LLM-generated programs. Our evaluation in a real-world benchmark with 751 automatically generated vulnerable subjects demonstrates Codexity can prevent 60\% of the vulnerabilities being exposed to the software developer.}, urldate = {2025-02-12}, publisher = {arXiv}, author = {Kim, Sung Yong and Fan, Zhiyu and Noller, Yannic and Roychoudhury, Abhik}, month = may, year = {2024}, note = {arXiv:2405.03927 [cs]}, keywords = {Computer Science - Software Engineering}, } @misc{keltek_BoostingCybersecurityVulnerability_2024, title = {Boosting {Cybersecurity} {Vulnerability} {Scanning} based on {LLM}-supported {Static} {Application} {Security} {Testing}}, url = {http://arxiv.org/abs/2409.15735}, doi = {10.48550/arXiv.2409.15735}, abstract = {The current cybersecurity landscape is increasingly complex, with traditional Static Application Security Testing (SAST) tools struggling to capture complex and emerging vulnerabilities due to their reliance on rule-based matching. Meanwhile, Large Language Models (LLMs) have demonstrated powerful code analysis capabilities, but their static training data and privacy risks limit their effectiveness. To overcome the limitations of both approaches, we propose LSAST, a novel approach that integrates LLMs with SAST scanners to enhance vulnerability detection. LSAST leverages a locally hostable LLM, combined with a state-of-the-art knowledge retrieval system, to provide up-to-date vulnerability insights without compromising data privacy. We set a new benchmark for static vulnerability analysis, offering a robust, privacy-conscious solution that bridges the gap between traditional scanners and advanced AI-driven analysis. Our evaluation demonstrates that incorporating SAST results into LLM analysis significantly improves detection accuracy, identifying vulnerabilities missed by conventional methods.}, language = {en}, urldate = {2025-02-10}, publisher = {arXiv}, author = {Keltek, Mete and Hu, Rong and Sani, Mohammadreza Fani and Li, Ziyue}, month = nov, year = {2024}, note = {arXiv:2409.15735 [cs]}, keywords = {Computer Science - Cryptography and Security}, } @book{ablon_ZeroDaysThousands_2017, title = {Zero {Days}, {Thousands} of {Nights}: {The} {Life} and {Times} of {Zero}-{Day} {Vulnerabilities} and {Their} {Exploits}}, isbn = {978-0-8330-9761-3 978-0-8330-9779-8 978-0-8330-9777-4 978-0-8330-9778-1}, shorttitle = {Zero {Days}, {Thousands} of {Nights}}, url = {http://www.rand.org/pubs/research_reports/RR1751.html}, language = {en}, urldate = {2025-08-21}, publisher = {RAND Corporation}, author = {Ablon, Lillian and Bogart, Andy}, year = {2017}, doi = {10.7249/RR1751}, } @misc{berabi_DeepCodeAIFix_2024, title = {{DeepCode} {AI} {Fix}: {Fixing} {Security} {Vulnerabilities} with {Large} {Language} {Models}}, shorttitle = {{DeepCode} {AI} {Fix}}, url = {http://arxiv.org/abs/2402.13291}, doi = {10.48550/arXiv.2402.13291}, abstract = {The automated program repair field has attracted substantial interest over the years, but despite significant research efforts, creating a system that works well for complex semantic bugs such as security vulnerabilities has proven difficult. A promising direction to solve this challenge is by leveraging large language models (LLMs), which are increasingly used to solve various programming tasks. In this paper, we investigate the effectiveness of LLMs for solving code-repair task. We show that the task is difficult as it requires the model to learn long-range code relationships, a task that inherently relies on extensive amounts of training data. At the same time, creating a large, clean dataset for complex program bugs and their corresponding fixes is non-trivial. We propose a technique to address these challenges with a new approach for querying and fine-tuning LLMs. The idea is to use program analysis to limit the LLM's attention mechanism on the portions of code needed to perform the fix, drastically reducing the amount of required training data. Concretely, for training and inference, rather than feeding the entire program to the LLM, we reduce its code to a much shorter snippet that contains the reported defect together with the necessary context - and use that instead. Our evaluation shows that this code reduction approach substantially improves available models such as GPT-4 using few-shot learning, as well as fine-tuning models. To train and evaluate our system, we created a comprehensive code fixing dataset by extensively labeling 156 bug patterns (including 40 security rules), requiring complex interprocedural dataflow to discover. Our best system with Mixtral-8x7B can remove more than 80\% of the reported defects while exactly matching the human fix in between 10 and 50\% of cases, outperforming baselines based on GPT-3.5 and GPT-4, or based on window-based models like TFix.}, urldate = {2024-07-30}, publisher = {arXiv}, author = {Berabi, Berkay and Gronskiy, Alexey and Raychev, Veselin and Sivanrupan, Gishor and Chibotaru, Victor and Vechev, Martin}, month = feb, year = {2024}, note = {arXiv:2402.13291 [cs]}, keywords = {Computer Science - Cryptography and Security, Computer Science - Machine Learning, Computer Science - Programming Languages, Computer Science - Software Engineering}, } @misc{zhou_LargeLanguageModel_2024, title = {Large {Language} {Model} for {Vulnerability} {Detection} and {Repair}: {Literature} {Review} and the {Road} {Ahead}}, shorttitle = {Large {Language} {Model} for {Vulnerability} {Detection} and {Repair}}, url = {http://arxiv.org/abs/2404.02525}, doi = {10.48550/arXiv.2404.02525}, abstract = {The significant advancements in Large Language Models (LLMs) have resulted in their widespread adoption across various tasks within Software Engineering (SE), including vulnerability detection and repair. Numerous recent studies have investigated the application of LLMs to enhance vulnerability detection and repair tasks. Despite the increasing research interest, there is currently no existing survey that focuses on the utilization of LLMs for vulnerability detection and repair. In this paper, we aim to bridge this gap by offering a systematic literature review of approaches aimed at improving vulnerability detection and repair through the utilization of LLMs. The review encompasses research work from leading SE, AI, and Security conferences and journals, covering 36 papers published at 21 distinct venues. By answering three key research questions, we aim to (1) summarize the LLMs employed in the relevant literature, (2) categorize various LLM adaptation techniques in vulnerability detection, and (3) classify various LLM adaptation techniques in vulnerability repair. Based on our findings, we have identified a series of challenges that still need to be tackled considering existing studies. Additionally, we have outlined a roadmap highlighting potential opportunities that we believe are pertinent and crucial for future research endeavors.}, urldate = {2024-07-30}, publisher = {arXiv}, author = {Zhou, Xin and Cao, Sicong and Sun, Xiaobing and Lo, David}, month = apr, year = {2024}, note = {arXiv:2404.02525 [cs]}, keywords = {Computer Science - Software Engineering}, } @misc{prenner_AutomaticProgramRepair_2021, title = {Automatic {Program} {Repair} with {OpenAI}'s {Codex}: {Evaluating} {QuixBugs}}, shorttitle = {Automatic {Program} {Repair} with {OpenAI}'s {Codex}}, url = {http://arxiv.org/abs/2111.03922}, doi = {10.48550/arXiv.2111.03922}, abstract = {OpenAI's Codex, a GPT-3 like model trained on a large code corpus, has made headlines in and outside of academia. Given a short user-provided description, it is capable of synthesizing code snippets that are syntactically and semantically valid in most cases. In this work, we want to investigate whether Codex is able to localize and fix bugs, a task of central interest in the field of automated program repair. Our initial evaluation uses the multi-language QuixBugs benchmark (40 bugs in both Python and Java). We find that, despite not being trained for APR, Codex is surprisingly effective, and competitive with recent state of the art techniques. Our results also show that Codex is slightly more successful at repairing Python than Java.}, urldate = {2024-07-19}, publisher = {arXiv}, author = {Prenner, Julian Aron and Robbes, Romain}, month = nov, year = {2021}, note = {arXiv:2111.03922 [cs]}, keywords = {Computer Science - Software Engineering}, } @misc{xie_DeepHunterHuntingDeep_2018, title = {{DeepHunter}: {Hunting} {Deep} {Neural} {Network} {Defects} via {Coverage}-{Guided} {Fuzzing}}, shorttitle = {{DeepHunter}}, url = {http://arxiv.org/abs/1809.01266}, doi = {10.48550/arXiv.1809.01266}, abstract = {In company with the data explosion over the past decade, deep neural network (DNN) based software has experienced unprecedented leap and is becoming the key driving force of many novel industrial applications, including many safety-critical scenarios such as autonomous driving. Despite great success achieved in various human intelligence tasks, similar to traditional software, DNNs could also exhibit incorrect behaviors caused by hidden defects causing severe accidents and losses. In this paper, we propose DeepHunter, an automated fuzz testing framework for hunting potential defects of general-purpose DNNs. DeepHunter performs metamorphic mutation to generate new semantically preserved tests, and leverages multiple plugable coverage criteria as feedback to guide the test generation from different perspectives. To be scalable towards practical-sized DNNs, DeepHunter maintains multiple tests in a batch, and prioritizes the tests selection based on active feedback. The effectiveness of DeepHunter is extensively investigated on 3 popular datasets (MNIST, CIFAR-10, ImageNet) and 7 DNNs with diverse complexities, under a large set of 6 coverage criteria as feedback. The large-scale experiments demonstrate that DeepHunter can (1) significantly boost the coverage with guidance; (2) generate useful tests to detect erroneous behaviors and facilitate the DNN model quality evaluation; (3) accurately capture potential defects during DNN quantization for platform migration.}, urldate = {2024-07-17}, publisher = {arXiv}, author = {Xie, Xiaofei and Ma, Lei and Juefei-Xu, Felix and Chen, Hongxu and Xue, Minhui and Li, Bo and Liu, Yang and Zhao, Jianjun and Yin, Jianxiong and See, Simon}, month = nov, year = {2018}, note = {arXiv:1809.01266 [cs]}, keywords = {Computer Science - Artificial Intelligence, Computer Science - Cryptography and Security, Computer Science - Machine Learning, Computer Science - Software Engineering}, } @misc{li_LLMAssistedStaticAnalysis_2024, title = {{LLM}-{Assisted} {Static} {Analysis} for {Detecting} {Security} {Vulnerabilities}}, url = {http://arxiv.org/abs/2405.17238}, doi = {10.48550/arXiv.2405.17238}, abstract = {Software is prone to security vulnerabilities. Program analysis tools to detect them have limited effectiveness in practice. While large language models (or LLMs) have shown impressive code generation capabilities, they cannot do complex reasoning over code to detect such vulnerabilities, especially because this task requires whole-repository analysis. In this work, we propose IRIS, the first approach that systematically combines LLMs with static analysis to perform whole-repository reasoning to detect security vulnerabilities. We curate a new dataset, CWE-Bench-Java, comprising 120 manually validated security vulnerabilities in real-world Java projects. These projects are complex, with an average of 300,000 lines of code and a maximum of up to 7 million. Out of 120 vulnerabilities in CWE-Bench-Java, IRIS detects 69 using GPT-4, while the state-of-the-art static analysis tool only detects 27. Further, IRIS also significantly reduces the number of false alarms (by more than 80\% in the best case).}, urldate = {2024-07-30}, publisher = {arXiv}, author = {Li, Ziyang and Dutta, Saikat and Naik, Mayur}, month = may, year = {2024}, note = {arXiv:2405.17238 [cs]}, keywords = {Computer Science - Cryptography and Security, Computer Science - Programming Languages, Computer Science - Software Engineering}, } @inproceedings{wei_FreeLunchTesting_2022, address = {New York, NY, USA}, series = {{ICSE} '22}, title = {Free lunch for testing: fuzzing deep-learning libraries from open source}, isbn = {978-1-4503-9221-1}, shorttitle = {Free lunch for testing}, url = {https://dl.acm.org/doi/10.1145/3510003.3510041}, doi = {10.1145/3510003.3510041}, abstract = {Deep learning (DL) systems can make our life much easier, and thus are gaining more and more attention from both academia and industry. Meanwhile, bugs in DL systems can be disastrous, and can even threaten human lives in safety-critical applications. To date, a huge body of research efforts have been dedicated to testing DL models. However, interestingly, there is still limited work for testing the underlying DL libraries, which are the foundation for building, optimizing, and running DL models. One potential reason is that test generation for the underlying DL libraries can be rather challenging since their public APIs are mainly exposed in Python, making it even hard to automatically determine the API input parameter types due to dynamic typing. In this paper, we propose FreeFuzz, the first approach to fuzzing DL libraries via mining from open source. More specifically, FreeFuzz obtains code/models from three different sources: 1) code snippets from the library documentation, 2) library developer tests, and 3) DL models in the wild. Then, FreeFuzz automatically runs all the collected code/models with instrumentation to trace the dynamic information for each covered API, including the types and values of each parameter during invocation, and shapes of input/output tensors. Lastly, FreeFuzz will leverage the traced dynamic information to perform fuzz testing for each covered API. The extensive study of FreeFuzz on PyTorch and TensorFlow, two of the most popular DL libraries, shows that FreeFuzz is able to automatically trace valid dynamic information for fuzzing 1158 popular APIs, 9X more than state-of-the-art LEMON with 3.5X lower overhead than LEMON. To date, FreeFuzz has detected 49 bugs for PyTorch and TensorFlow (with 38 already confirmed by developers as previously unknown).}, urldate = {2025-01-31}, booktitle = {Proceedings of the 44th {International} {Conference} on {Software} {Engineering}}, publisher = {Association for Computing Machinery}, author = {Wei, Anjiang and Deng, Yinlin and Yang, Chenyuan and Zhang, Lingming}, month = jul, year = {2022}, pages = {995--1007}, } @inproceedings{shen_AnythingNowCharacterizing_2024, address = {New York, NY, USA}, series = {{CCS} '24}, title = {"{Do} {Anything} {Now}": {Characterizing} and {Evaluating} {In}-{The}-{Wild} {Jailbreak} {Prompts} on {Large} {Language} {Models}}, isbn = {9798400706363}, shorttitle = {"{Do} {Anything} {Now}"}, url = {https://dl.acm.org/doi/10.1145/3658644.3670388}, doi = {10.1145/3658644.3670388}, abstract = {The misuse of large language models (LLMs) has drawn significant attention from the general public and LLM vendors. One particular type of adversarial prompt, known as jailbreak prompt, has emerged as the main attack vector to bypass the safeguards and elicit harmful content from LLMs. In this paper, employing our new framework JailbreakHub, we conduct a comprehensive analysis of 1,405 jailbreak prompts spanning from December 2022 to December 2023. We identify 131 jailbreak communities and discover unique characteristics of jailbreak prompts and their major attack strategies, such as prompt injection and privilege escalation. We also observe that jailbreak prompts increasingly shift from online Web communities to prompt-aggregation websites and 28 user accounts have consistently optimized jailbreak prompts over 100 days. To assess the potential harm caused by jailbreak prompts, we create a question set comprising 107,250 samples across 13 forbidden scenarios. Leveraging this dataset, our experiments on six popular LLMs show that their safeguards cannot adequately defend jailbreak prompts in all scenarios. Particularly, we identify five highly effective jailbreak prompts that achieve 0.95 attack success rates on ChatGPT (GPT-3.5) and GPT-4, and the earliest one has persisted online for over 240 days. We hope that our study can facilitate the research community and LLM vendors in promoting safer and regulated LLMs.}, urldate = {2025-01-31}, booktitle = {Proceedings of the 2024 on {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Shen, Xinyue and Chen, Zeyuan and Backes, Michael and Shen, Yun and Zhang, Yang}, month = dec, year = {2024}, pages = {1671--1685}, } @inproceedings{traykov_FrameworkSecurityTesting_2024, title = {A {Framework} for {Security} {Testing} of {Large} {Language} {Models}}, url = {https://ieeexplore.ieee.org/document/10705238}, doi = {10.1109/IS61756.2024.10705238}, abstract = {The purpose of this paper is to present a framework for testing of large language models (LLMs) for security vulnerabilities before their implementation to production environment. The paper discusses the latest developments in the Artificial Intelligence (AI) and Generative Artificial Intelligence (Generative AI) adoption in the industry, the expectations for further accelerated adoption and evolving regulatory landscape. An overview of the most significant risks and vulnerabilities of the LLMs such as prompt injection and denial of service have been presented with their mitigation strategies. A testing approach and testing framework have been developed and implemented with simple chatbot app. The test scenarios have been executed and results have been obtained for three open-source LLMs from which two pass the test and one failed and demonstrated the application of the proposed testing framework. Source code of the application and test script are published open source for reproducibility and reuse. In conclusion the with the confirmation of the results the limitation of the reliance on semantic similarity for the responses of the models was discussed together with three areas for further development: expanding the test scenarios to significant risks, integration with popular cloud continuous development platforms and integrating blockchain for transparent publication of the final test results.}, urldate = {2025-01-31}, booktitle = {2024 {IEEE} 12th {International} {Conference} on {Intelligent} {Systems} ({IS})}, author = {Traykov, Kiril}, month = aug, year = {2024}, note = {ISSN: 2767-9802}, keywords = {Blockchains, Computer crime, Cybersecurity, Generative AI, Industries, LLM Risks, LLM Security, LLM Vulnerabilities, Large language models, Large language models (LLMs), Prevention and mitigation, Reproducibility of results, Secure Software Development, Semantics, Software Testing, Source coding, Testing}, pages = {1--7}, } @inproceedings{deng_LargeLanguageModels_2024, address = {New York, NY, USA}, series = {{ICSE} '24}, title = {Large {Language} {Models} are {Edge}-{Case} {Generators}: {Crafting} {Unusual} {Programs} for {Fuzzing} {Deep} {Learning} {Libraries}}, isbn = {9798400702174}, shorttitle = {Large {Language} {Models} are {Edge}-{Case} {Generators}}, url = {https://dl.acm.org/doi/10.1145/3597503.3623343}, doi = {10.1145/3597503.3623343}, abstract = {Bugs in Deep Learning (DL) libraries may affect almost all downstream DL applications, and it is crucial to ensure the quality of such systems. It is challenging to generate valid input programs for fuzzing DL libraries, since the input programs need to satisfy both the syntax/semantics of the supported languages (e.g., Python) and the tensor/operator constraints for constructing valid computational graphs. Recently, the TitanFuzz work demonstrates that modern Large Language Models (LLMs) can be directly leveraged to implicitly learn all the language and DL computation constraints to generate valid programs for fuzzing DL libraries (and beyond). However, LLMs tend to generate ordinary programs following similar patterns/tokens with typical programs seen in their massive pre-training corpora (e.g., GitHub), while fuzzing favors unusual inputs that cover edge cases or are unlikely to be manually produced.To fill this gap, this paper proposes FuzzGPT, the first approach to priming LLMs to synthesize unusual programs for fuzzing. FuzzGPT is mainly built on the well-known hypothesis that historical bug-triggering programs may include rare/valuable code ingredients important for bug finding. Meanwhile, while traditional techniques leveraging such historical information require intensive human efforts to both design dedicated generators and ensure the syntactic/semantic validity of generated programs, FuzzGPT demonstrates that this process can be fully automated via the intrinsic capabilities of LLMs (including fine-tuning and in-context learning), while being generalizable and applicable to challenging domains. While FuzzGPT can be applied with different LLMs, this paper focuses on the powerful GPT-style models: Codex and CodeGen. Moreover, FuzzGPT also shows the potential of directly leveraging the instruction-following capability of the recent ChatGPT for effective fuzzing. The experimental study on two popular DL libraries (PyTorch and TensorFlow) shows that FuzzGPT can substantially outperform TitanFuzz, detecting 76 bugs, with 49 already confirmed as previously unknown bugs, including 11 high-priority bugs or security vulnerabilities.}, urldate = {2025-01-31}, booktitle = {Proceedings of the {IEEE}/{ACM} 46th {International} {Conference} on {Software} {Engineering}}, publisher = {Association for Computing Machinery}, author = {Deng, Yinlin and Xia, Chunqiu Steven and Yang, Chenyuan and Zhang, Shizhuo Dylan and Yang, Shujing and Zhang, Lingming}, month = feb, year = {2024}, pages = {1--13}, } @inproceedings{deng_LargeLanguageModels_2023, address = {New York, NY, USA}, series = {{ISSTA} 2023}, title = {Large {Language} {Models} {Are} {Zero}-{Shot} {Fuzzers}: {Fuzzing} {Deep}-{Learning} {Libraries} via {Large} {Language} {Models}}, isbn = {9798400702211}, shorttitle = {Large {Language} {Models} {Are} {Zero}-{Shot} {Fuzzers}}, url = {https://dl.acm.org/doi/10.1145/3597926.3598067}, doi = {10.1145/3597926.3598067}, abstract = {Deep Learning (DL) systems have received exponential growth in popularity and have become ubiquitous in our everyday life. Such systems are built on top of popular DL libraries, e.g., TensorFlow and PyTorch which provide APIs as building blocks for DL systems. Detecting bugs in these DL libraries is critical for almost all downstream DL systems in ensuring effectiveness/safety for end users. Meanwhile, traditional fuzzing techniques can be hardly effective for such a challenging domain since the input DL programs need to satisfy both the input language (e.g., Python) syntax/semantics and the DL API input/shape constraints for tensor computations. To address these limitations, we propose TitanFuzz – the first approach to directly leveraging Large Language Models (LLMs) to generate input programs for fuzzing DL libraries. LLMs are titanic models trained on billions of code snippets and can autoregressively generate human-like code snippets. Our key insight is that modern LLMs can also include numerous code snippets invoking DL library APIs in their training corpora, and thus can implicitly learn both language syntax/semantics and intricate DL API constraints for valid DL program generation. More specifically, we use both generative and infilling LLMs (e.g., Codex/InCoder) to generate and mutate valid/diverse input DL programs for fuzzing. Our experimental results demonstrate that TitanFuzz can achieve 30.38\%/50.84\% higher code coverage than state-of-the-art fuzzers on TensorFlow/PyTorch. Furthermore, TitanFuzz is able to detect 65 bugs, with 44 already confirmed as previously unknown bugs. This paper demonstrates that modern titanic LLMs can be leveraged to directly perform both generation-based and mutation-based fuzzing studied for decades, while being fully automated, generalizable, and applicable to domains challenging for traditional approaches (such as DL systems). We hope TitanFuzz can stimulate more work in this promising direction of LLMs for fuzzing.}, urldate = {2025-01-31}, booktitle = {Proceedings of the 32nd {ACM} {SIGSOFT} {International} {Symposium} on {Software} {Testing} and {Analysis}}, publisher = {Association for Computing Machinery}, author = {Deng, Yinlin and Xia, Chunqiu Steven and Peng, Haoran and Yang, Chenyuan and Zhang, Lingming}, month = jul, year = {2023}, pages = {423--435}, } @inproceedings{tsigkanos_LargeLanguageModels_2023, title = {Large {Language} {Models}: {The} {Next} {Frontier} for {Variable} {Discovery} within {Metamorphic} {Testing}?}, shorttitle = {Large {Language} {Models}}, url = {https://ieeexplore.ieee.org/document/10123585/?arnumber=10123585}, doi = {10.1109/SANER56733.2023.00070}, abstract = {Metamorphic testing involves reasoning on necessary properties that a program under test should exhibit regarding multiple input and output variables. A general approach consists of extracting metamorphic relations from auxiliary artifacts such as user manuals or documentation, a strategy particularly fitting to testing scientific software. However, such software typically has large input-output spaces, and the fundamental prerequisite – extracting variables of interest – is an arduous and non-scalable process when performed manually. To this end, we devise a workflow around an autoregressive transformer-based Large Language Model (LLM) towards the extraction of variables from user manuals of scientific software. Our end-to-end approach, besides a prompt specification consisting of few-shot examples by a human user, is fully automated, in contrast to current practice requiring human intervention. We showcase our LLM workflow over a real case, and compare variables extracted to ground truth manually labelled by experts. Our preliminary results show that our LLM-based workflow achieves an accuracy of 0.87, while successfully deriving 61.8\% of variables as partial matches and 34.7\% as exact matches.}, urldate = {2024-12-16}, booktitle = {2023 {IEEE} {International} {Conference} on {Software} {Analysis}, {Evolution} and {Reengineering} ({SANER})}, author = {Tsigkanos, Christos and Rani, Pooja and Müller, Sebastian and Kehrer, Timo}, month = mar, year = {2023}, note = {ISSN: 2640-7574}, keywords = {Analytical models, Cognition, Documentation, Fitting, Large Language Models, Manuals, Metamorphic Testing, Natural Language Processing, Scientific Software, Software, Transformers}, pages = {678--682}, } @inproceedings{jiang_EvaluatingNaturalLanguage_2021, title = {Evaluating {Natural} {Language} {Inference} {Models}: {A} {Metamorphic} {Testing} {Approach}}, shorttitle = {Evaluating {Natural} {Language} {Inference} {Models}}, url = {https://ieeexplore.ieee.org/document/9700284/?arnumber=9700284}, doi = {10.1109/ISSRE52982.2021.00033}, abstract = {Natural language inference (NLI) is a fundamental NLP task that forms the cornerstone of deep natural language understanding. Unfortunately, evaluation of NLI models is challenging. On one hand, due to the lack of test oracles, it is difficult to automatically judge the correctness of NLI's prediction results. On the other hand, apart from knowing how well a model performs, there is a further need for understanding the capabilities and characteristics of different NLI models. To mitigate these issues, we propose to apply the technique of metamorphic testing (MT) to NLI. We identify six categories of metamorphic relations, covering a wide range of properties that are expected to be possessed by NLI task. Based on this, MT can be conducted on NLI models without using test oracles, and MT results are able to interpret NLI models' capabilities from varying aspects. We further demonstrate the validity and effectiveness of our approach by conducting experiments on five NLI models. Our experiments expose a large number of prediction failures from subject NLI models, and also yield interpretations for common characteristics of NLI models.}, urldate = {2024-12-16}, booktitle = {2021 {IEEE} 32nd {International} {Symposium} on {Software} {Reliability} {Engineering} ({ISSRE})}, author = {Jiang, Mingyue and Bao, Houzhen and Tu, Kaiyi and Zhang, Xiao-Yi and Ding, Zuohua}, month = oct, year = {2021}, note = {ISSN: 2332-6549}, keywords = {Analytical models, Cognition, Linguistics, Maintenance engineering, Metamorphic Relation, Metamorphic Testing, Natural Language Inference, Natural languages, Oracle Problem, Predictive models, Quality Evaluation, Software reliability}, pages = {220--230}, } @inproceedings{odena_TensorFuzzDebuggingNeural_2019, title = {{TensorFuzz}: {Debugging} {Neural} {Networks} with {Coverage}-{Guided} {Fuzzing}}, shorttitle = {{TensorFuzz}}, url = {https://proceedings.mlr.press/v97/odena19a.html}, abstract = {Neural networks are difficult to interpret and debug. We introduce testing techniques for neural networks that can discover errors occurring only for rare inputs. Specifically, we develop coverage-guided fuzzing (CGF) methods for neural networks. In CGF, random mutations of inputs are guided by a coverage metric toward the goal of satisfying user-specified constraints. We describe how approximate nearest neighbor (ANN) algorithms can provide this coverage metric for neural networks. We then combine these methods with techniques for property-based testing (PBT). In PBT, one asserts properties that a function should satisfy and the system automatically generates tests exercising those properties. We then apply this system to practical goals including (but not limited to) surfacing broken loss functions in popular GitHub repositories and making performance improvements to TensorFlow. Finally, we release an open source library called TensorFuzz that implements the described techniques.}, language = {en}, urldate = {2024-12-16}, booktitle = {Proceedings of the 36th {International} {Conference} on {Machine} {Learning}}, publisher = {PMLR}, author = {Odena, Augustus and Olsson, Catherine and Andersen, David and Goodfellow, Ian}, month = may, year = {2019}, note = {ISSN: 2640-3498}, pages = {4901--4911}, } @article{riccio_TestingMachineLearning_2020, title = {Testing machine learning based systems: a systematic mapping}, volume = {25}, issn = {1573-7616}, shorttitle = {Testing machine learning based systems}, url = {https://doi.org/10.1007/s10664-020-09881-0}, doi = {10.1007/s10664-020-09881-0}, abstract = {A Machine Learning based System (MLS) is a software system including one or more components that learn how to perform a task from a given data set. The increasing adoption of MLSs in safety critical domains such as autonomous driving, healthcare, and finance has fostered much attention towards the quality assurance of such systems. Despite the advances in software testing, MLSs bring novel and unprecedented challenges, since their behaviour is defined jointly by the code that implements them and the data used for training them.}, language = {en}, number = {6}, urldate = {2024-12-16}, journal = {Empirical Software Engineering}, author = {Riccio, Vincenzo and Jahangirova, Gunel and Stocco, Andrea and Humbatova, Nargiz and Weiss, Michael and Tonella, Paolo}, month = nov, year = {2020}, keywords = {Machine learning, Software testing, Systematic mapping, Systematic review}, pages = {5193--5254}, } @article{laprie_DependabilityResilience_, title = {From {Dependability} to {Resilience}}, language = {en}, author = {Laprie, Jean-Claude}, } @inproceedings{jennyli_EvaluatingDeepLearning_2021, address = {Cham}, title = {Evaluating {Deep} {Learning} {Biases} {Based} on {Grey}-{Box} {Testing} {Results}}, isbn = {978-3-030-55180-3}, doi = {10.1007/978-3-030-55180-3_48}, abstract = {The very exciting and promising approaches of deep learning are immensely successful in processing large real world data sets, such as image recognition, speech recognition, and language translation. However, much research discovered that it has biases that arise in the design, production, deployment, and use of AI/ML technologies. In this paper, we first explain mathematically the causes of biases and then propose a way to evaluate biases based on testing results of neurons and auto-encoders in deep learning. Our interpretation views each neuron or autoencoder as an approximation of similarity measurement, of which grey-box testing results can be used to measure biases and finding ways to reduce them. We argue that monitoring deep learning network structures and parameters is an effective way to catch the sources of biases in deep learning.}, language = {en}, booktitle = {Intelligent {Systems} and {Applications}}, publisher = {Springer International Publishing}, author = {Jenny Li, J. and Silva, Thayssa and Franke, Mira and Hai, Moushume and Morreale, Patricia}, editor = {Arai, Kohei and Kapoor, Supriya and Bhatia, Rahul}, year = {2021}, keywords = {Bias measurement, Deep learning, Deep learning evaluation, Mathematical interpretation, Neural Networks}, pages = {641--651}, } @article{liang_DeepFuzzerAcceleratedDeep_2021, title = {{DeepFuzzer}: {Accelerated} {Deep} {Greybox} {Fuzzing}}, volume = {18}, issn = {1941-0018}, shorttitle = {{DeepFuzzer}}, url = {https://ieeexplore.ieee.org/document/8937483}, doi = {10.1109/TDSC.2019.2961339}, abstract = {Fuzzing is one of the most effective vulnerability detection techniques, widely used in practice. However, the performance of fuzzers may be limited by their inability to pass complicated checks, inappropriate mutation frequency, arbitrary mutation strategy, or the variability of the environment. In this article, we present DeepFuzzer, an enhanced greybox fuzzer with qualified seed generation, balanced seed selection, and hybrid seed mutation. First, we use symbolic execution in a lightweight approach to generate qualified initial seeds which then guide the fuzzer through complex checks. Second, we apply a statistical seed selection algorithm to balance the mutation frequency between different seeds. Further, we develop a hybrid mutation strategy. The random and restricted mutation strategies are combined to maintain a dynamic balance between global exploration and deep search. We evaluate DeepFuzzer on the widely used benchmark Google fuzzer-test-suite which consists of real-world programs. Compared with AFL, AFLFast, FairFuzz, QSYM, and MOPT in the 24-hour experiment, DeepFuzzer discovers 30, 240, 102, 147, and 257 percent more unique crashes, executes 40, 36, 36, 98, and 15 percent more paths, and covers 37, 34, 34, 101, and 11 percent more branches, respectively. Furthermore, we present the practice of fuzzing a message middleware from Huawei with DeepFuzzer, and nine new vulnerabilities are reported.}, number = {6}, urldate = {2024-12-16}, journal = {IEEE Transactions on Dependable and Secure Computing}, author = {Liang, Jie and Jiang, Yu and Wang, Mingzhe and Jiao, Xun and Chen, Yuanliang and Song, Houbing and Choo, Kim-Kwang Raymond}, month = nov, year = {2021}, note = {Conference Name: IEEE Transactions on Dependable and Secure Computing}, keywords = {Benchmark testing, Complexity theory, Fuzzing, Heuristic algorithms, Hybrid power systems, Internet, Middleware, Software testing, greybox fuzzing}, pages = {2675--2688}, } @inproceedings{sun_ConcolicTestingDeep_2018, address = {Montpellier France}, title = {Concolic testing for deep neural networks}, isbn = {978-1-4503-5937-5}, url = {https://dl.acm.org/doi/10.1145/3238147.3238172}, doi = {10.1145/3238147.3238172}, abstract = {Concolic testing combines program execution and symbolic analysis to explore the execution paths of a software program. This paper presents the first concolic testing approach for Deep Neural Networks (DNNs). More specifically, we formalise coverage criteria for DNNs that have been studied in the literature, and then develop a coherent method for performing concolic testing to increase test coverage. Our experimental results show the effectiveness of the concolic testing approach in both achieving high coverage and finding adversarial examples.}, language = {en}, urldate = {2024-12-16}, booktitle = {Proceedings of the 33rd {ACM}/{IEEE} {International} {Conference} on {Automated} {Software} {Engineering}}, publisher = {ACM}, author = {Sun, Youcheng and Wu, Min and Ruan, Wenjie and Huang, Xiaowei and Kwiatkowska, Marta and Kroening, Daniel}, month = sep, year = {2018}, pages = {109--119}, } @misc{_UncoveringLimitsMachine_, title = {Uncovering the {Limits} of {Machine} {Learning} for {Automatic} {Vulnerability} {Detection} {\textbar} {USENIX}}, url = {https://www.usenix.org/conference/usenixsecurity24/presentation/risse}, urldate = {2024-08-15}, } @inproceedings{yang_DoesDataSampling_2023, title = {Does data sampling improve deep learning-based vulnerability detection? {Yeas}! and {Nays}!}, shorttitle = {Does data sampling improve deep learning-based vulnerability detection?}, url = {https://ieeexplore.ieee.org/document/10172668}, doi = {10.1109/ICSE48619.2023.00192}, abstract = {Recent progress in Deep Learning (DL) has sparked interest in using DL to detect software vulnerabilities automatically and it has been demonstrated promising results at detecting vulnerabilities. However, one prominent and practical issue for vulnerability detection is data imbalance. Prior study observed that the performance of state-of-the-art (SOTA) DL-based vulnerability detection (DLVD) approaches drops precipitously in real world imbalanced data and a 73\% drop of F1-score on average across studied approaches. Such a significant performance drop can disable the practical usage of any DLVD approaches. Data sampling is effective in alleviating data imbalance for machine learning models and has been demonstrated in various software engineering tasks. Therefore, in this study, we conducted a systematical and extensive study to assess the impact of data sampling for data imbalance problem in DLVD from two aspects: i) the effectiveness of DLVD, and ii) the ability of DLVD to reason correctly (making a decision based on real vulnerable statements). We found that in general, oversampling outperforms undersampling, and sampling on raw data outperforms sampling on latent space, typically random oversampling on raw data performs the best among all studied ones (including advanced one SMOTE and OSS). Surprisingly, OSS does not help alleviate the data imbalance issue in DLVD. If the recall is pursued, random undersampling is the best choice. Random oversampling on raw data also improves the ability of DLVD approaches for learning real vulnerable patterns. However, for a significant portion of cases (at least 33\% in our datasets), DVLD approach cannot reason their prediction based on real vulnerable statements. We provide actionable suggestions and a roadmap to practitioners and researchers.}, urldate = {2024-07-30}, booktitle = {2023 {IEEE}/{ACM} 45th {International} {Conference} on {Software} {Engineering} ({ICSE})}, author = {Yang, Xu and Wang, Shaowei and Li, Yi and Wang, Shaohua}, month = may, year = {2023}, note = {ISSN: 1558-1225}, keywords = {Data models, Deep learning, Software, Software engineering, Systematics, Task analysis, Vulnerability detection, data sampling, deep learning, interpretable AI}, pages = {2287--2298}, } @article{ruan_TimingSideChannelMitigation_2024, title = {Timing {Side}-{Channel} {Mitigation} via {Automated} {Program} {Repair}}, issn = {1049-331X}, url = {https://dl.acm.org/doi/10.1145/3678169}, doi = {10.1145/3678169}, abstract = {Side-channel vulnerability detection has gained prominence recently due to Spectre and Meltdown attacks. Techniques for side-channel detection range from fuzz testing to program analysis and program composition. Existing side-channel mitigation techniques repair the vulnerability at the IR/binary level or use runtime monitoring solutions. In both cases, the source code itself is not modified, can evolve while keeping the vulnerability, and the developer would get no feedback on how to develop secure applications in the first place. Thus, these solutions do not help the developer understand the side-channel risks in her code and do not provide guidance to avoid code patterns with side-channel risks. In this paper, we present Pendulum, the first approach for automatically locating and repairing side-channel vulnerabilities in the source code, specifically for timing side channels. Our approach uses a quantitative estimation of found vulnerabilities to guide the fix localization, which goes hand-in-hand with a pattern-guided repair. Our evaluation shows that Pendulum can repair a large number of side-channel vulnerabilities in real-world applications. Overall, our approach integrates vulnerability detection, quantization, localization, and repair into one unified process. This also enhances the possibility of our side-channel mitigation approach being adopted into programming environments.}, urldate = {2024-08-09}, journal = {ACM Trans. Softw. Eng. Methodol.}, author = {Ruan, Haifeng and Noller, Yannic and Tizpaz-Niari, Saeid and Chattopadhyay, Sudipta and Roychoudhury, Abhik}, month = jul, year = {2024}, note = {Just Accepted}, } @inproceedings{lima_AutomaticRepairJava_2021, title = {Automatic {Repair} of {Java} {Code} with {Timing} {Side}-{Channel} {Vulnerabilities}}, url = {https://ieeexplore.ieee.org/document/9680283}, doi = {10.1109/ASEW52652.2021.00014}, abstract = {Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a new tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56\% of the vulnerabilities identified in DifFuzz's dataset. The results show that the tool can indeed automatically correct timing side-channel vulnerabilities, being more effective with those that are control-flow based.}, urldate = {2024-08-09}, booktitle = {2021 36th {IEEE}/{ACM} {International} {Conference} on {Automated} {Software} {Engineering} {Workshops} ({ASEW})}, author = {Lima, Rui and Ferreira, João F. and Mendes, Alexandra}, month = nov, year = {2021}, note = {ISSN: 2151-0830}, keywords = {Automatic Repair of Vulnerabilities, Code Repair, Codes, Conferences, Java, Maintenance engineering, Open source software, Security, Software engineering, Source Code Refactoring, Timing, Timing Side-Channel Vulnerabilities}, pages = {1--8}, } @article{lima_DifFuzzARAutomaticRepair_2023, title = {{DifFuzzAR}: automatic repair of timing side-channel vulnerabilities via refactoring}, volume = {31}, issn = {1573-7535}, shorttitle = {{DifFuzzAR}}, url = {https://doi.org/10.1007/s10515-023-00398-6}, doi = {10.1007/s10515-023-00398-6}, abstract = {Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56\% of the vulnerabilities identified in DifFuzz’s dataset. The results show that the tool can automatically correct timing side-channel vulnerabilities, being more effective with those that are control-flow based. In addition, the results of a user study show that users generally trust the refactorings produced by DifFuzzAR and that they see value in such a tool, in particular for more critical code.}, language = {en}, number = {1}, urldate = {2024-07-30}, journal = {Automated Software Engineering}, author = {Lima, Rui and Ferreira, João F. and Mendes, Alexandra and Carreira, Carolina}, month = oct, year = {2023}, keywords = {Automatic repair of vulnerabilities, Code repair, Java, Security, Source code refactoring, Timing side-channel vulnerabilities}, pages = {1}, } @article{picek_SoKDeepLearningbased_2023, title = {{SoK}: {Deep} {Learning}-based {Physical} {Side}-channel {Analysis}}, volume = {55}, issn = {0360-0300}, shorttitle = {{SoK}}, url = {https://doi.org/10.1145/3569577}, doi = {10.1145/3569577}, abstract = {Side-channel attacks represent a realistic and serious threat to the security of embedded devices for already almost three decades. A variety of attacks and targets they can be applied to have been introduced, and while the area of side-channel attacks and their mitigation is very well-researched, it is yet to be consolidated. Deep learning-based side-channel attacks entered the field in recent years with the promise of more competitive performance and enlarged attackers’ capabilities compared to other techniques. At the same time, the new attacks bring new challenges and complexities to the domain, making the systematization of knowledge (SoK) even more critical.We first dissect deep learning-based side-channel attacks according to the different phases they can be used in and map those phases to the efforts conducted so far in the domain. For each phase, we identify the weaknesses and challenges that triggered the known open problems. We also connect the attacks to the threat models and evaluate their advantages and drawbacks. Finally, we provide a number of recommendations to be followed in deep learning-based side-channel attacks.}, number = {11}, urldate = {2024-07-30}, journal = {ACM Comput. Surv.}, author = {Picek, Stjepan and Perin, Guilherme and Mariot, Luca and Wu, Lichao and Batina, Lejla}, month = feb, year = {2023}, pages = {227:1--227:35}, } @inproceedings{vaithilingam_ExpectationVsExperience_2022, address = {New York, NY, USA}, series = {{CHI} {EA} '22}, title = {Expectation vs. {Experience}: {Evaluating} the {Usability} of {Code} {Generation} {Tools} {Powered} by {Large} {Language} {Models}}, isbn = {978-1-4503-9156-6}, shorttitle = {Expectation vs. {Experience}}, url = {https://doi.org/10.1145/3491101.3519665}, doi = {10.1145/3491101.3519665}, abstract = {Recent advances in Large Language Models (LLM) have made automatic code generation possible for real-world programming tasks in general-purpose programming languages such as Python. However, there are few human studies on the usability of these tools and how they fit the programming workflow. In this work, we conducted a within-subjects user study with 24 participants to understand how programmers use and perceive Copilot, a LLM-based code generation tool. We found that, while Copilot did not necessarily improve the task completion time or success rate, most participants preferred to use Copilot in daily programming tasks, since Copilot often provided a useful starting point and saved the effort of searching online. However, participants did face difficulties in understanding, editing, and debugging code snippets generated by Copilot, which significantly hindered their task-solving effectiveness. Finally, we highlighted several promising directions for improving the design of Copilot based on our observations and participants’ feedback.}, urldate = {2024-07-19}, booktitle = {Extended {Abstracts} of the 2022 {CHI} {Conference} on {Human} {Factors} in {Computing} {Systems}}, publisher = {Association for Computing Machinery}, author = {Vaithilingam, Priyan and Zhang, Tianyi and Glassman, Elena L.}, month = apr, year = {2022}, pages = {1--7}, } @inproceedings{pearce_AsleepKeyboardAssessing_2022, title = {Asleep at the {Keyboard}? {Assessing} the {Security} of {GitHub} {Copilot}’s {Code} {Contributions}}, isbn = {978-1-66541-316-9}, shorttitle = {Asleep at the {Keyboard}?}, url = {https://www.computer.org/csdl/proceedings-article/sp/2022/131600a980/1FlQxERjKCs}, doi = {10.1109/SP46214.2022.9833571}, abstract = {There is burgeoning interest in designing AI-based systems to assist humans in designing computing systems, including tools that automatically generate computer code. The most notable of these comes in the form of the first self-described ‘AI pair programmer’, GitHub Copilot, which is a language model trained over open-source GitHub code. However, code often contains bugs—and so, given the vast quantity of unvetted code that Copilot has processed, it is certain that the language model will have learned from exploitable, buggy code. This raises concerns on the security of Copilot’s code contributions. In this work, we systematically investigate the prevalence and conditions that can cause GitHub Copilot to recommend insecure code. To perform this analysis we prompt Copilot to generate code in scenarios relevant to high-risk cybersecurity weaknesses, e.g. those from MITRE’s “Top 25” Common Weakness Enumeration (CWE) list. We explore Copilot’s performance on three distinct code generation axes—examining how it performs given diversity of weaknesses, diversity of prompts, and diversity of domains. In total, we produce 89 different scenarios for Copilot to complete, producing 1,689 programs. Of these, we found approximately 40\% to be vulnerable.}, language = {English}, urldate = {2024-07-19}, publisher = {IEEE Computer Society}, author = {Pearce, Hammond and Ahmad, Baleegh and Tan, Benjamin and Dolan-Gavitt, Brendan and Karri, Ramesh}, month = may, year = {2022}, pages = {754--768}, } @inproceedings{perry_UsersWriteMore_2023, address = {New York, NY, USA}, series = {{CCS} '23}, title = {Do {Users} {Write} {More} {Insecure} {Code} with {AI} {Assistants}?}, isbn = {9798400700507}, url = {https://doi.org/10.1145/3576915.3623157}, doi = {10.1145/3576915.3623157}, abstract = {AI code assistants have emerged as powerful tools that can aid in the software development life-cycle and can improve developer productivity. Unfortunately, such assistants have also been found to produce insecure code in lab environments, raising significant concerns about their usage in practice. In this paper, we conduct a user study to examine how users interact with AI code assistants to solve a variety of security related tasks. Overall, we find that participants who had access to an AI assistant wrote significantly less secure code than those without access to an assistant. Participants with access to an AI assistant were also more likely to believe they wrote secure code, suggesting that such tools may lead users to be overconfident about security flaws in their code. To better inform the design of future AI-based code assistants, we release our user-study apparatus to researchers seeking to build on our work.}, urldate = {2024-07-19}, booktitle = {Proceedings of the 2023 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Perry, Neil and Srivastava, Megha and Kumar, Deepak and Boneh, Dan}, month = nov, year = {2023}, pages = {2785--2799}, } @article{pei_DeepXploreAutomatedWhitebox_2019, title = {{DeepXplore}: automated whitebox testing of deep learning systems}, volume = {62}, issn = {0001-0782, 1557-7317}, shorttitle = {{DeepXplore}}, url = {https://dl.acm.org/doi/10.1145/3361566}, doi = {10.1145/3361566}, abstract = {Deep learning (DL) systems are increasingly deployed in safety- and security-critical domains such as self-driving cars and malware detection, where the correctness and predictability of a system’s behavior for corner case inputs are of great importance. Existing DL testing depends heavily on manually labeled data and therefore often fails to expose erroneous behaviors for rare inputs.}, language = {en}, number = {11}, urldate = {2024-07-17}, journal = {Communications of the ACM}, author = {Pei, Kexin and Cao, Yinzhi and Yang, Junfeng and Jana, Suman}, month = oct, year = {2019}, pages = {137--145}, } @inproceedings{wu_FuzzingDeepLearning_2023, address = {Wuhan China}, title = {Fuzzing for {Deep} {Learning} {Models}}, isbn = {9798400708039}, url = {https://dl.acm.org/doi/10.1145/3655532.3655574}, doi = {10.1145/3655532.3655574}, abstract = {Deep learning models have been widely used in security fields such as autonomous vehicles, and the testing of their quality problems has gradually attracted attention. Fuzzing has become an important testing method because of its efficient fault revealing ability. The quality and effectiveness of test cases generated by existing fuzzing methods are not high. In this paper, we propose a fuzzing method for deep learning models that uses heuristic policy mutation inputs to generate test cases. Thus, the quality of test cases is improved, so that the classification error of the model can be tested faster. By testing the image classification model, the experiments show that the generated test cases improve the neuron coverage of the model, and the time to find the model classification error is shorter.}, language = {en}, urldate = {2024-07-17}, booktitle = {Proceedings of the 2023 6th {International} {Conference} on {Robot} {Systems} and {Applications}}, publisher = {ACM}, author = {Wu, Bo and Chen, Deng}, month = sep, year = {2023}, pages = {243--247}, } @misc{rasool_StateMachineInference_2019, title = {State machine inference of {QUIC}}, url = {http://arxiv.org/abs/1903.04384}, doi = {10.48550/arXiv.1903.04384}, abstract = {QUIC is a recent transport protocol that provides reliable, secure and quick service on top of UDP in the internet. As QUIC is implemented in the application space rather than in the operating system's kernel, it is more efficient to dynamically develop and roll out. Currently, there are two parallel specifications, one by Google and one by IETF, and there are a few implementations. In this paper, we show how state machine inference can be applied to automatically extract the state machine corresponding to the protocol from an implementation. In particular, we infer the model of Google's QUIC server. This is done using a black-box technique, making it usable on any implementation of the protocol, regardless of, for example, the programming language the code is written in or the system the QUIC server runs on. This makes it a useful tool for testing and specification purposes, and to make various (future) implementations more easily comparable.}, urldate = {2024-07-04}, publisher = {arXiv}, author = {Rasool, Abdullah and Alpár, Greg and de Ruiter, Joeri}, month = mar, year = {2019}, note = {arXiv:1903.04384 [cs]}, keywords = {Computer Science - Networking and Internet Architecture}, } @inproceedings{rasoamanana_SystematicAutomaticUse_2022, address = {Berlin, Heidelberg}, title = {Towards a {Systematic} and {Automatic} {Use} of {State} {Machine} {Inference} to {Uncover} {Security} {Flaws} and {Fingerprint} {TLS} {Stacks}}, isbn = {978-3-031-17142-0}, url = {https://doi.org/10.1007/978-3-031-17143-7_31}, doi = {10.1007/978-3-031-17143-7_31}, abstract = {TLS is a well-known and thoroughly studied security protocol. In this paper, we focus on a specific class of vulnerabilities affecting TLS implementations, state machine errors. These vulnerabilities are caused by differences in interpreting the standard and correspond to deviations from the specifications, e.g.\ accepting invalid messages, or accepting valid messages out of sequence. We develop a systematic methodology to infer the state machines of major TLS stacks from stimuli and observations, and to study their evolution across revisions. We use the L⋆ algorithm to compute state machines corresponding to different execution scenarios. We reproduce several known vulnerabilities (denial of service, authentication bypasses), and uncover new ones. We also show that state machine inference is efficient and practical for integration within a continuous integration pipeline, to help find new vulnerabilities or deviations introduced during development.With our systematic black-box approach, we study over 400 different versions of server and client implementations in various scenarios (protocol version, options). Using the resulting state machines, we propose a robust algorithm to fingerprint TLS stacks. To the best of our knowledge, this is the first application of this approach on such a broad perimeter, in terms of number of TLS stacks, revisions, or execution scenarios studied.}, urldate = {2024-07-26}, booktitle = {Computer {Security} – {ESORICS} 2022: 27th {European} {Symposium} on {Research} in {Computer} {Security}, {Copenhagen}, {Denmark}, {September} 26–30, 2022, {Proceedings}, {Part} {III}}, publisher = {Springer-Verlag}, author = {Rasoamanana, Aina Toky and Levillain, Olivier and Debar, Hervé}, month = sep, year = {2022}, pages = {637--657}, } @inproceedings{fiterau-brostean_CombiningModelLearning_2016, address = {Cham}, title = {Combining {Model} {Learning} and {Model} {Checking} to {Analyze} {TCP} {Implementations}}, isbn = {978-3-319-41540-6}, doi = {10.1007/978-3-319-41540-6_25}, abstract = {We combine model learning and model checking in a challenging case study involving Linux, Windows and FreeBSD implementations of TCP. We use model learning to infer models of different software components and then apply model checking to fully explore what may happen when these components (e.g. a Linux client and a Windows server) interact. Our analysis reveals several instances in which TCP implementations do not conform to their RFC specifications.}, language = {en}, booktitle = {Computer {Aided} {Verification}}, publisher = {Springer International Publishing}, author = {Fiterău-Broştean, Paul and Janssen, Ramon and Vaandrager, Frits}, editor = {Chaudhuri, Swarat and Farzan, Azadeh}, year = {2016}, keywords = {Abstraction Function, Automaton Learning, Equivalence Query, Membership Query, Model Check}, pages = {454--471}, } @inproceedings{mcmahonstone_CloserYouLook_2022, address = {New York, NY, USA}, series = {{CCS} '22}, title = {The {Closer} {You} {Look}, {The} {More} {You} {Learn}: {A} {Grey}-box {Approach} to {Protocol} {State} {Machine} {Learning}}, isbn = {978-1-4503-9450-5}, shorttitle = {The {Closer} {You} {Look}, {The} {More} {You} {Learn}}, url = {https://doi.org/10.1145/3548606.3559365}, doi = {10.1145/3548606.3559365}, abstract = {We propose a new approach to infer state machine models from protocol implementations. Our new tool, StateInspector, learns protocol states by using novel program analyses to combine observations of run-time memory and I/O. It requires no access to source code and only lightweight execution monitoring of the implementation under test. We demonstrate and evaluate StateInspector's effectiveness on numerous TLS and WPA/2 implementations. In the process, we show StateInspector enables deeper state discovery, increased learning efficiency, and more insight compared to existing approaches. Our method led us to discover several concerning deviations from the standards and vulnerabilities in IWD and WolfSSL, both of which were assigned CVEs.}, urldate = {2024-07-23}, booktitle = {Proceedings of the 2022 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {McMahon Stone, Chris and Thomas, Sam L. and Vanhoef, Mathy and Henderson, James and Bailluet, Nicolas and Chothia, Tom}, month = nov, year = {2022}, pages = {2265--2278}, } @inproceedings{dierl_ScalableTreebasedRegister_2024, address = {Cham}, title = {Scalable {Tree}-based {Register} {Automata} {Learning}}, isbn = {978-3-031-57249-4}, doi = {10.1007/978-3-031-57249-4_5}, abstract = {Existing active automata learning (AAL) algorithms have demonstrated their potential in capturing the behavior of complex systems (e.g., in analyzing network protocol implementations). The most widely used AAL algorithms generate finite state machine models, such as Mealy machines. For many analysis tasks, however, it is crucial to generate richer classes of models that also show how relations between data parameters affect system behavior. Such models have shown potential to uncover critical bugs, but their learning algorithms do not scale beyond small and well curated experiments. In this paper, we present \$\$\{SL\}{\textasciicircum}\{{\textbackslash}lambda \}\$\$SLλ, an effective and scalable register automata (RA) learning algorithm that significantly reduces the number of tests required for inferring models. It achieves this by combining a tree-based cost-efficient data structure with mechanisms for computing short and restricted tests. We have implemented \$\$\{SL\}{\textasciicircum}\{{\textbackslash}lambda \}\$\$SLλas a new algorithm in RALib. We evaluate its performance by comparing it against \$\$\{SL\}{\textasciicircum}\{*\}\$\$SL∗, the current state-of-the-art RA learning algorithm, in a series of experiments, and show superior performance and substantial asymptotic improvements in bigger systems.}, language = {en}, booktitle = {Tools and {Algorithms} for the {Construction} and {Analysis} of {Systems}}, publisher = {Springer Nature Switzerland}, author = {Dierl, Simon and Fiterau-Brostean, Paul and Howar, Falk and Jonsson, Bengt and Sagonas, Konstantinos and Tåquist, Fredrik}, editor = {Finkbeiner, Bernd and Kovács, Laura}, year = {2024}, keywords = {Active automata learning, Register automata}, pages = {87--108}, } @article{daniele_FuzzersStatefulSystems_2024, title = {Fuzzers for {Stateful} {Systems}: {Survey} and {Research} {Directions}}, volume = {56}, issn = {0360-0300}, shorttitle = {Fuzzers for {Stateful} {Systems}}, url = {https://doi.org/10.1145/3648468}, doi = {10.1145/3648468}, abstract = {Fuzzing is a very effective testing methodology to find bugs. In a nutshell, a fuzzer sends many slightly malformed messages to the software under test, hoping for crashes or incorrect system behaviour. The methodology is relatively simple, although applications that keep internal states are challenging to fuzz. The research community has responded to this challenge by developing fuzzers tailored to stateful systems, but a clear understanding of the variety of strategies is still missing. In this paper, we present the first taxonomy of fuzzers for stateful systems and provide a systematic comparison and classification of these fuzzers.}, number = {9}, urldate = {2024-07-23}, journal = {ACM Comput. Surv.}, author = {Daniele, Cristian and Andarzian, Seyed Behnam and Poll, Erik}, month = apr, year = {2024}, pages = {222:1--222:23}, } @article{fraser_TestingModelCheckers_2009, title = {Testing with model checkers: a survey}, volume = {19}, issn = {0960-0833}, shorttitle = {Testing with model checkers}, abstract = {About a decade after the initial proposal to use model checkers for the generation of test cases we take a look at the results in this field of research. Model checkers are formal verification tools, capable of providing counterexamples to violated properties. Normally, these counterexamples are meant to guide an analyst when searching for the root cause of a property violation. They are, however, also very useful as test cases. Many different approaches have been presented, many problems have been solved, yet many issues remain. This survey paper reviews the state of the art in testing with model checkers. Copyright © 2008 John Wiley \& Sons, Ltd.}, number = {3}, journal = {Softw. Test. Verif. Reliab.}, author = {Fraser, Gordon and Wotawa, Franz and Ammann, Paul E.}, month = sep, year = {2009}, pages = {215--261}, } @inproceedings{daniel_InferringOpenVPNState_2018, title = {Inferring {OpenVPN} {State} {Machines} {Using} {Protocol} {State} {Fuzzing}}, url = {https://ieeexplore.ieee.org/document/8406556}, doi = {10.1109/EuroSPW.2018.00009}, abstract = {The reliability of a security protocol is of the utmost importance but can easily be compromised by a vulnerability in the implementation. A crucial aspect of an implementation is the protocol's state machine. The state machine of an implementation can be inferred by black box testing using regular inference. These inferred state machines provide a good insight into implementations and can be used to detect any spurious behavior. We apply this technique to different implementations of OpenVPN: the standard OpenVPN and the OpenVPN-NL implementations. Although OpenVPN is a widely used TLS-based VPN solution, there is no official specification of the protocol, which makes it a particularly interesting target to analyze. We infer state machines of the server-side implementation and focus on particular phases of the protocol. Finally we analyze those state machines, show that they can reveal a lot of information about the implementation which is missing from the documentation, and discuss the possibility to include state machines in a formal specification.}, urldate = {2024-07-04}, booktitle = {2018 {IEEE} {European} {Symposium} on {Security} and {Privacy} {Workshops} ({EuroS}\&{PW})}, author = {Daniel, Lesly-Ann and Poll, Erik and de Ruiter, Joeri}, month = apr, year = {2018}, keywords = {Fuzzing, LearnLib, OpenVPN, Protocol state fuzzing, Protocols, Regular inference, Reliability, Security, Servers, Tunneling, Virtual private networks}, pages = {11--19}, } @inproceedings{tappler_ModelBasedTestingIoT_2017, title = {Model-{Based} {Testing} {IoT} {Communication} via {Active} {Automata} {Learning}}, url = {https://ieeexplore.ieee.org/document/7927982}, doi = {10.1109/ICST.2017.32}, abstract = {This paper presents a learning-based approach to detecting failures in reactive systems. The technique is based on inferring models of multiple implementations of a common specification which are pair-wise cross-checked for equivalence. Any counterexample to equivalence is flagged as suspicious and has to be analysed manually. Hence, it is possible to find possible failures in a semi-automatic way without prior modelling. We show that the approach is effective by means of a case study. For this case study, we carried out experiments in which we learned models of five implementations of MQTT brokers/servers, a protocol used in the Internet of Things. Examining these models, we found several violations of the MQTT specification. All but one of the considered implementations showed faulty behaviour. In the analysis, we discuss effectiveness and also issues we faced.}, urldate = {2024-07-04}, booktitle = {2017 {IEEE} {International} {Conference} on {Software} {Testing}, {Verification} and {Validation} ({ICST})}, author = {Tappler, Martin and Aichernig, Bernhard K. and Bloem, Roderick}, month = mar, year = {2017}, keywords = {Analytical models, Approximation algorithms, Internet of Things, Learning automata, MQTT, Protocols, Standards, Testing, automata learning, internet of things, model inference, model-based testing}, pages = {276--287}, } @inproceedings{fiterau-brostean_ModelLearningModel_2017, address = {New York, NY, USA}, series = {{SPIN} 2017}, title = {Model learning and model checking of {SSH} implementations}, isbn = {978-1-4503-5077-8}, url = {https://doi.org/10.1145/3092282.3092289}, doi = {10.1145/3092282.3092289}, abstract = {We apply model learning on three SSH implementations to infer state machine models, and then use model checking to verify that these models satisfy basic security properties and conform to the RFCs. Our analysis showed that all tested SSH server models satisfy the stated security properties, but uncovered several violations of the standard.}, urldate = {2024-07-04}, booktitle = {Proceedings of the 24th {ACM} {SIGSOFT} {International} {SPIN} {Symposium} on {Model} {Checking} of {Software}}, publisher = {Association for Computing Machinery}, author = {Fiterău-Broştean, Paul and Lenaerts, Toon and Poll, Erik and de Ruiter, Joeri and Vaandrager, Frits and Verleg, Patrick}, month = jul, year = {2017}, pages = {142--151}, } @article{fujiwara_TestSelectionBased_1991, title = {Test selection based on finite state models}, volume = {17}, issn = {1939-3520}, url = {https://ieeexplore.ieee.org/document/87284}, doi = {10.1109/32.87284}, abstract = {A method for the selection of appropriate test case, an important issue for conformance testing of protocol implementations as well as software engineering, is presented. Called the partial W-method, it is shown to have general applicability, full fault-detection power, and yields shorter test suites than the W-method. Various other issues that have an impact on the selection of a suitable test suite including the consideration of interaction parameters, various test architectures for protocol testing and the fact that many specifications do not satisfy the assumptions made by most test selection methods (such as complete definition, a correctly implemented reset function, a limited number of states in the implementation, and determinism), are discussed.{\textless}{\textgreater}}, number = {6}, urldate = {2024-07-03}, journal = {IEEE Transactions on Software Engineering}, author = {Fujiwara, S. and v. Bochmann, G. and Khendek, F. and Amalou, M. and Ghedamsi, A.}, month = jun, year = {1991}, note = {Conference Name: IEEE Transactions on Software Engineering}, keywords = {Automata, Councils, Formal specifications, Hardware, Protocols, Software engineering, Software testing, System testing}, pages = {591--603}, } @inproceedings{isberner_TTTAlgorithmRedundancyFree_2014, address = {Cham}, title = {The {TTT} {Algorithm}: {A} {Redundancy}-{Free} {Approach} to {Active} {Automata} {Learning}}, isbn = {978-3-319-11164-3}, shorttitle = {The {TTT} {Algorithm}}, doi = {10.1007/978-3-319-11164-3_26}, abstract = {In this paper we present TTT, a novel active automata learning algorithm formulated in the Minimally Adequate Teacher (MAT) framework. The distinguishing characteristic of TTT is its redundancy-free organization of observations, which can be exploited to achieve optimal (linear) space complexity. This is thanks to a thorough analysis of counterexamples, extracting and storing only the essential refining information. TTT is therefore particularly well-suited for application in a runtime verification context, where counterexamples (obtained, e.g., via monitoring) may be excessively long: as the execution time of a test sequence typically grows with its length, this would otherwise cause severe performance degradation. We illustrate the impact of TTT’s consequent redundancy-free approach along a number of examples.}, language = {en}, booktitle = {Runtime {Verification}}, publisher = {Springer International Publishing}, author = {Isberner, Malte and Howar, Falk and Steffen, Bernhard}, editor = {Bonakdarpour, Borzoo and Smolka, Scott A.}, year = {2014}, keywords = {Finite Automaton, Membership Query, Model Check, Observation Table, Symbol Execution}, pages = {307--322}, } @article{lee_PrinciplesMethodsTesting_1996, title = {Principles and methods of testing finite state machines-a survey}, volume = {84}, issn = {1558-2256}, url = {https://ieeexplore.ieee.org/document/533956}, doi = {10.1109/5.533956}, abstract = {With advanced computer technology, systems are getting larger to fulfill more complicated tasks: however, they are also becoming less reliable. Consequently, testing is an indispensable part of system design and implementation; yet it has proved to be a formidable task for complex systems. This motivates the study of testing finite stare machines to ensure the correct functioning of systems and to discover aspects of their behavior. A finite state machine contains a finite number of states and produces outputs on state transitions after receiving inputs. Finite state machines are widely used to model systems in diverse areas, including sequential circuits, certain types of programs, and, more recently, communication protocols. In a testing problem we have a machine about which we lack some information; we would like to deduce this information by providing a sequence of inputs to the machine and observing the outputs produced. Because of its practical importance and theoretical interest, the problem of testing finite state machines has been studied in different areas and at various times. The earliest published literature on this topic dates back to the 1950's. Activities in the 1960's mid early 1970's were motivated mainly by automata theory and sequential circuit testing. The area seemed to have mostly died down until a few years ago when the testing problem was resurrected and is now being studied anew due to its applications to conformance testing of communication protocols. While some old problems which had been open for decades were resolved recently, new concepts and more intriguing problems from new applications emerge. We review the fundamental problems in testing finite state machines and techniques for solving these problems, tracing progress in the area from its inception to the present and the stare of the art. In addition, we discuss extensions of finite state machines and some other topics related to testing.}, number = {8}, urldate = {2024-07-03}, journal = {Proceedings of the IEEE}, author = {Lee, D. and Yannakakis, M.}, month = aug, year = {1996}, note = {Conference Name: Proceedings of the IEEE}, keywords = {Automata, Automatic testing, Circuit testing, Fault detection, Paper technology, Protocols, Sequential analysis, Sequential circuits, Software testing, System testing}, pages = {1090--1123}, } @inproceedings{buchet_StudyDeployedDefenses_2025, title = {A {Study} of {Deployed} {Defenses} {Against} {Reflected} {Amplification} {Attacks} in {QUIC}}, url = {https://ieeexplore.ieee.org/document/11097014/}, doi = {10.23919/TMA66427.2025.11097014}, abstract = {While the QUIC specification now includes mechanisms to prevent DoS attacks, they might not always be enforced by servers. With the increasing deployment of QUIC servers, it is now becoming more important to avoid vulnerabilities that could be exploited on a large scale. This paper presents an extensive study of the current state of QUIC servers and how they implement the mechanisms to prevent DoS attacks. The paper focuses on two different amplification DoS attacks that can be performed using QUIC HTTP/3 servers, enabled by the handshake and the connection migration mechanism. We investigate how QUIC servers respond to these attacks and if they are compliant with the general guidelines regarding the amplification protection. Our results show that while a large proportion of QUIC servers are respectful of the specification, around 20 \% of the IPv4 servers tested are still breaking the amplification limit for the handshake attack while most of the IPv6 servers are compliant. Most of the servers who support connection migration use the path validation mechanism, preventing the attack on connection migration. Overall, the amplification factor of the attacks remains quite low with a median slightly lower than the limit of 3, set in the standard, for the handshake attack and under 1 for the migration attack.}, urldate = {2025-08-04}, booktitle = {2025 9th {Network} {Traffic} {Measurement} and {Analysis} {Conference} ({TMA})}, author = {Buchet, Aurélien and Pelsser, Cristel}, month = jun, year = {2025}, keywords = {Guidelines, IP networks, Monitoring, Protection, Protocols, Servers, Standards, Telecommunication traffic}, pages = {1--9}, } @inproceedings{pettorru_QUICWebSocketSecure_2023, address = {Rome, Italy}, title = {{QUIC} and {WebSocket} for {Secure} and {Low}-{Latency} {IoT} {Communications}: {An} {Experimental} {Analysis}}, copyright = {https://doi.org/10.15223/policy-029}, isbn = {978-1-5386-7462-8}, shorttitle = {{QUIC} and {WebSocket} for {Secure} and {Low}-{Latency} {IoT} {Communications}}, url = {https://ieeexplore.ieee.org/document/10279305/}, doi = {10.1109/ICC45041.2023.10279305}, abstract = {This work addresses the problem of security and low latency in communications typical of several Internet of Things (IoT) scenarios, such as those in Industry 4.0 applications. In particular, we propose a WebSocket over QUIC (WS-QUIC) protocol for intra-network communications between the IoT devices and the gateway. In particular, low latency is achieved by combining the connection persistence of WebSocket (WS) with the reduced connection establishment time required by QUIC. Moreover, the use of QUIC implicitly exploit the security extensions of WS provided by the Transport Layer Security (TLS) protocol. We experimentally analyzed the performance of the proposed system and compare it with that provided by other Web-based secure protocols, such as HyperText Transfer Protocol Secure (HTTPS) and WebSocket Secure (WSS). Our results show that WS-QUIC outperforms HTTPS and WSS for medium-large file sizes. Moreover, the use of the so-called TLS ticket resumption makes WS-QUIC suitable also for mediumsmall file sizes. Finally, we also discuss the potential use of a single shared session ticket between different IoT devices in the same cluster to further decrease the latency.}, language = {en}, urldate = {2024-06-04}, booktitle = {{ICC} 2023 - {IEEE} {International} {Conference} on {Communications}}, publisher = {IEEE}, author = {Pettorru, Giovanni and Martalò, Marco}, month = may, year = {2023}, pages = {628--633}, } @misc{rfc9001, title = {Using {TLS} to secure {QUIC}}, url = {https://www.rfc-editor.org/rfc/rfc9001.txt}, abstract = {This document describes how Transport Layer Security (TLS) is used to secure QUIC.}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Thomson (Ed.), M. and Turner (Ed.), S.}, month = may, year = {2021}, doi = {10.17487/RFC9001}, note = {ISSN: 2070-1721 Number: 9001 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 9001 (Proposed Standard) tex.key: RFC 9001}, keywords = {crypto, opportunistic encryption, plaintext quic}, } @misc{perrin_SignalTechnicalSpecifications_2024, title = {Signal {Technical} {Specifications}: {X3DH}, {Double} {Ratchet}, {PQXDH}, {Sesame}, {XEdDSA} and {VXEdDSA}}, url = {https://signal.org/docs/}, abstract = {Specifications and software libraries for developers}, author = {Perrin, Trevor and Marlinspike, Moxie}, month = jul, year = {2024}, } @misc{rfc4253, title = {The secure shell ({SSH}) transport layer protocol}, url = {https://www.rfc-editor.org/rfc/rfc4253.txt}, abstract = {The Secure Shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. This document describes the SSH transport layer protocol, which typically runs on top of TCP/IP. The protocol can be used as a basis for a number of secure network services. It provides strong encryption, server authentication, and integrity protection. It may also provide compression. Key exchange method, public key algorithm, symmetric encryption algorithm, message authentication algorithm, and hash algorithm are all negotiated. This document also describes the Diffie-Hellman key exchange method and the minimal set of algorithms that are needed to implement the SSH transport layer protocol. [STANDARDS-TRACK]}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Ylonen, T. and Lonvick (Ed.), C.}, month = jan, year = {2006}, doi = {10.17487/RFC4253}, note = {ISSN: 2070-1721 Number: 4253 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 4253 (Proposed Standard) tex.key: RFC 4253}, keywords = {diffie hellman, diffie-hellman key exchange, encryption, integrity protection, remote login, server authentication}, } @misc{rfc8827, title = {{WebRTC} security architecture}, url = {https://www.rfc-editor.org/rfc/rfc8827.txt}, abstract = {This document defines the security architecture for WebRTC, a protocol suite intended for use with real-time applications that can be deployed in browsers – “real-time communication on the Web”.}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Rescorla, E.}, month = jan, year = {2021}, doi = {10.17487/RFC8827}, note = {ISSN: 2070-1721 Number: 8827 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 8827 (Proposed Standard) tex.key: RFC 8827}, } @misc{rfc6347, title = {Datagram transport layer security version 1.2}, url = {https://www.rfc-editor.org/rfc/rfc6347.txt}, abstract = {This document specifies version 1.2 of the Datagram Transport Layer Security (DTLS) protocol. The DTLS protocol provides communications privacy for datagram protocols. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the Transport Layer Security (TLS) protocol and provides equivalent security guarantees. Datagram semantics of the underlying transport are preserved by the DTLS protocol. This document updates DTLS 1.0 to work with TLS version 1.2. [STANDARDS-TRACK]}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Rescorla, E. and Modadugu, N.}, month = jan, year = {2012}, doi = {10.17487/RFC6347}, note = {ISSN: 2070-1721 Number: 6347 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 6347 (Proposed Standard) tex.key: RFC 6347}, keywords = {dtls, dtls protocol}, } @misc{rfc9147, title = {The datagram transport layer security ({DTLS}) protocol version 1.3}, url = {https://www.rfc-editor.org/rfc/rfc9147.txt}, abstract = {This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol. This document obsoletes RFC 6347.}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Rescorla, E. and Tschofenig, H. and Modadugu, N.}, month = apr, year = {2022}, doi = {10.17487/RFC9147}, note = {ISSN: 2070-1721 Number: 9147 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 9147 (Proposed Standard) tex.key: RFC 9147}, keywords = {Communication Security}, } @misc{rfc8830, title = {{WebRTC} {MediaStream} identification in the session description protocol}, url = {https://www.rfc-editor.org/rfc/rfc8830.txt}, abstract = {This document specifies a Session Description Protocol (SDP) grouping mechanism for RTP media streams that can be used to specify relations between media streams. This mechanism is used to signal the association between the SDP concept of “media description” and the Web Real-Time Communication (WebRTC) concept of MediaStream/MediaStreamTrack using SDP signaling.}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Alvestrand, H.}, month = jan, year = {2021}, doi = {10.17487/RFC8830}, note = {ISSN: 2070-1721 Number: 8830 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 8830 (Proposed Standard) tex.key: RFC 8830}, keywords = {MediaStreamTrack}, } @misc{rfc8831, title = {{WebRTC} data channels}, url = {https://www.rfc-editor.org/rfc/rfc8831.txt}, abstract = {The WebRTC framework specifies protocol support for direct, interactive, rich communication using audio, video, and data between two peers' web browsers. This document specifies the non-media data transport aspects of the WebRTC framework. It provides an architectural overview of how the Stream Control Transmission Protocol (SCTP) is used in the WebRTC context as a generic transport service that allows web browsers to exchange generic data from peer to peer.}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Jesup, R. and Loreto, S. and Tüxen, M.}, month = jan, year = {2021}, doi = {10.17487/RFC8831}, note = {ISSN: 2070-1721 Number: 8831 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 8831 (Proposed Standard) tex.key: RFC 8831}, } @misc{rfc1035, title = {Domain names - implementation and specification}, url = {https://www.rfc-editor.org/rfc/rfc1035.txt}, abstract = {This RFC is the revised specification of the protocol and format used in the implementation of the Domain Name System. It obsoletes RFC-883. This memo documents the details of the domain name client - server communication.}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Mockapetris, P.}, month = nov, year = {1987}, doi = {10.17487/RFC1035}, note = {ISSN: 2070-1721 Number: 1035 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 1035 (Internet Standard) tex.key: RFC 1035}, keywords = {DNS, DOMAIN}, } @misc{rfc9250, title = {{DNS} over dedicated {QUIC} connections}, url = {https://www.rfc-editor.org/rfc/rfc9250.txt}, abstract = {This document describes the use of QUIC to provide transport confidentiality for DNS. The encryption provided by QUIC has similar properties to those provided by TLS, while QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides more efficient packet-loss recovery than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC 7858, and latency characteristics similar to classic DNS over UDP. This specification describes the use of DoQ as a general-purpose transport for DNS and includes the use of DoQ for stub to recursive, recursive to authoritative, and zone transfer scenarios.}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Huitema, C. and Dickinson, S. and Mankin, A.}, month = may, year = {2022}, doi = {10.17487/RFC9250}, note = {ISSN: 2070-1721 Number: 9250 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 9250 (Proposed Standard) tex.key: RFC 9250}, keywords = {DNS, DNS over QUIC, DoQ, Encrypted DNS, QUIC}, } @misc{rfc862, title = {Echo protocol}, url = {https://www.rfc-editor.org/rfc/rfc862.txt}, abstract = {This RFC specifies a standard for the ARPA Internet community. Hosts on the ARPA Internet that choose to implement a Echo Protocol are expected to adopt and implement this standard. The Echo service simply sends back to the originating source any data it receives.}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Postel, J.}, month = may, year = {1983}, doi = {10.17487/RFC0862}, note = {ISSN: 2070-1721 Number: 862 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 862 (Internet Standard) tex.key: RFC 862}, keywords = {ECHO}, } @misc{rfc6066, title = {Transport layer security ({TLS}) extensions: {Extension} definitions}, url = {https://www.rfc-editor.org/rfc/rfc6066.txt}, abstract = {This document provides specifications for existing TLS extensions. It is a companion document for RFC 5246, “The Transport Layer Security (TLS) Protocol Version 1.2”. The extensions specified are server\_name, max\_fragment\_length, client\_certificate\_url, trusted\_ca\_keys, truncated\_hmac, and status\_request. [STANDARDS-TRACK]}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Eastlake 3rd, D.}, month = jan, year = {2011}, doi = {10.17487/RFC6066}, note = {ISSN: 2070-1721 Number: 6066 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 6066 (Proposed Standard) tex.key: RFC 6066}, keywords = {client{\textbackslash}\_certificate{\textbackslash}\_url, max{\textbackslash}\_fragment{\textbackslash}\_length, server{\textbackslash}\_name, status{\textbackslash}\_request, truncated{\textbackslash}\_hmac, trusted{\textbackslash}\_ca{\textbackslash}\_keys}, } @misc{rfc8446, title = {The transport layer security ({TLS}) protocol version 1.3}, url = {https://www.rfc-editor.org/rfc/rfc8446.txt}, abstract = {This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Rescorla, E.}, month = aug, year = {2018}, doi = {10.17487/RFC8446}, note = {ISSN: 2070-1721 Number: 8446 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 8446 (Proposed Standard) tex.key: RFC 8446}, keywords = {authentication, international data algorithm, privacy, symmetric, transport protocol layer}, } @misc{rfc5246, title = {The transport layer security ({TLS}) protocol version 1.2}, url = {https://www.rfc-editor.org/rfc/rfc5246.txt}, abstract = {This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. [STANDARDS-TRACK]}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Dierks, T. and Rescorla, E.}, month = aug, year = {2008}, doi = {10.17487/RFC5246}, note = {ISSN: 2070-1721 Number: 5246 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 5246 (Proposed Standard) tex.key: RFC 5246}, keywords = {authentication, idea, international data algorithm, privacy, symmetric, transport protocol layer}, } @misc{rfc2616, title = {Hypertext transfer protocol – {HTTP}/1.1}, url = {https://www.rfc-editor.org/rfc/rfc2616.txt}, abstract = {HTTP has been in use by the World-Wide Web global information initiative since 1990. This specification defines the protocol referred to as “HTTP/1.1”, and is an update to RFC 2068. [STANDARDS-TRACK]}, publisher = {RFC Editor / RFC Editor / RFC Editor}, author = {Fielding, R. and Gettys, J. and Mogul, J. and Frystyk, H. and Masinter, L. and Leach, P. and Berners-Lee, T.}, month = jun, year = {1999}, doi = {10.17487/RFC2616}, note = {ISSN: 2070-1721 Number: 2616 Place: Fremont, CA, USA Series: Internet request for comments Type: RFC tex.howpublished: RFC 2616 (Draft Standard) tex.key: RFC 2616}, keywords = {HTTP, Hypertext Transfer Protocol, WWW, World Wide Web, hypermedia}, } @inproceedings{ghasemisharif_AutomatedAuditingAccount_2022, title = {Towards {Automated} {Auditing} for {Account} and {Session} {Management} {Flaws} in {Single} {Sign}-{On} {Deployments}}, url = {https://ieeexplore.ieee.org/document/9833753}, doi = {10.1109/SP46214.2022.9833753}, abstract = {Single Sign-On (SSO) is both a core and critical component of user authentication and authorization on the modern web, as it is often offered by web and mobile applications alongside credential-based authentication to facilitate the account creation and login process. However, the interplay between local account management and SSO functionality in the backend leads to flaws that enable or magnify account hijacking attacks. These flaws are not baked into the actual SSO protocols, but manifest due to the complexity of supporting separate but intermingling authentication paths. As a result, these types of flaws cannot be detected by the SSO protocol or implementation verification tools proposed in prior work. In this paper we introduce SAAT, a fully automated modular framework that assesses whether relying parties (RPs) that use Facebook as the IdP comply with secure practices and guidelines, and uncovers flaws in account and session management that stem from or are affected by the interplay of SSO and local functionality. We conduct a large-scale exploration of authentication and session practices in Facebook’s RPs, revealing a volatile ecosystem where SSO support can be suddenly dropped and 17.6\% of the tested RPs exhibit non-functional SSO implementations. This highlights the need for the continuous and systematic testing of the SSO ecosystem made possible by SAAT. More critically, we find that security measures are often missing and official guidelines are routinely overlooked or misconfigured, with only 0.8\% of the RPs fully enabling re-authentication which can prevent compromise from hijacked identity provider (IdP) cookies. Our study also shows that less than 2\% of RPs correctly react to SSO revocation and 67\% continue to allow account access even 10 days after revocation. Overall, we envision our framework as a tool for enabling and guiding widespread remediation efforts by major SSO identity providers, which were previously infeasible due to the sheer scale and inherent mutability of this ecosystem.}, urldate = {2025-01-28}, booktitle = {2022 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})}, author = {Ghasemisharif, Mohammad and Kanich, Chris and Polakis, Jason}, month = may, year = {2022}, note = {ISSN: 2375-1207}, keywords = {Authentication, Authorization, Automated-Auditing, Ecosystems, Mobile applications, Privacy, Protocols, Single-Sign-On, Social networking (online), Systematics}, pages = {1774--1790}, } @article{siewert_SecurityParsingSecurityRelevant_2022, title = {On the {Security} of {Parsing} {Security}-{Relevant} {HTTP} {Headers} in {Modern} {Browsers}}, doi = {10.1109/SPW54247.2022.9833880}, abstract = {Web browsers are among the most important but also complex software solutions to access the web. It is therefore not surprising that web browsers are an attractive target for attackers. Especially in the last decade, security researchers and browser vendors have developed sandboxing mechanisms like security-relevant HTTP headers to tackle the problem of getting a more secure browser. Although the security community is aware of the importance of security-relevant HTTP headers, legacy applications and individual requests from different parties have led to possible insecure configurations of these headers. Even if specific security headers are configured correctly, conflicts in their functionalities may lead to unforeseen browser behaviors and vulnerabilities. Recently, the first work which analyzed duplicated headers and conflicts in headers was published by Calzavara et al. at USENIX Security [1]. The authors focused on inconsistent protections by using both, the HTTP header X-Frame-Options and the framing protection of the Content-Security-Policy.We extend their work by analyzing browser behaviors when parsing duplicated headers, conflicting directives, and values that do not conform to the defined ABNF metalanguage specification. We created an open-source testbed running over 19,800 test cases, at which nearly 300 test cases are executed in the set of 66 different browsers. Our work shows that browsers conform to the specification and behave securely. However, all tested browsers behave differently when it comes, for example, to parsing the Strict-Transport-Security header. Moreover, Chrome, Safari, and Firefox behave differently if the header contains a character, which is not allowed by the defined ABNF. This results in the protection mechanism being fully enforced, partially enforced, or not enforced and thus completely bypassable.}, journal = {Proceedings - 43rd IEEE Symposium on Security and Privacy Workshops, SPW 2022}, author = {Siewert, Hendrik and Kretschmer, Martin and Niemietz, Marcus and Somorovsky, Juraj}, year = {2022}, note = {ISBN: 9781665496438 Publisher: Institute of Electrical and Electronics Engineers Inc.}, keywords = {Browser, HTTP Header, Parsing, web}, pages = {342--352}, } @inproceedings{steffens_DonTrustLocals_2019, title = {Don't trust the locals: {Investigating} the prevalence of persistent client-side cross-site scripting in the wild}, url = {https://www.ndss-symposium.org/ndss-paper/dont-trust-the-locals-investigating-the-prevalence-of-persistent-client-side-cross-site-scripting-in-the-wild/}, booktitle = {26th annual network and distributed system security symposium, {NDSS} 2019, san diego, california, {USA}, february 24-27, 2019}, publisher = {The Internet Society}, author = {Steffens, Marius and Rossow, Christian and Johns, Martin and Stock, Ben}, year = {2019}, note = {tex.bibsource: dblp computer science bibliography, https://dblp.org tex.timestamp: Mon, 01 Feb 2021 08:42:22 +0100}, } @inproceedings{stock_FacepalmBrainBender_2015, address = {New York, NY, USA}, series = {{CCS} '15}, title = {From {Facepalm} to {Brain} {Bender}: {Exploring} {Client}-{Side} {Cross}-{Site} {Scripting}}, isbn = {978-1-4503-3832-5}, shorttitle = {From {Facepalm} to {Brain} {Bender}}, url = {https://doi.org/10.1145/2810103.2813625}, doi = {10.1145/2810103.2813625}, abstract = {Although studies have shown that at least one in ten Web pages contains a client-side XSS vulnerability, the prevalent causes for this class of Cross-Site Scripting have not been studied in depth. Therefore, in this paper, we present a large-scale study to gain insight into these causes. To this end, we analyze a set of 1,273 real-world vulnerabilities contained on the Alexa Top 10k domains using a specifically designed architecture, consisting of an infrastructure which allows us to persist and replay vulnerabilities to ensure a sound analysis. In combination with a taint-aware browsing engine, we can therefore collect important execution trace information for all flaws. Based on the observable characteristics of the vulnerable JavaScript, we derive a set of metrics to measure the complexity of each flaw. We subsequently classify all vulnerabilities in our data set accordingly to enable a more systematic analysis. In doing so, we find that although a large portion of all vulnerabilities have a low complexity rating, several incur a significant level of complexity and are repeatedly caused by vulnerable third-party scripts. In addition, we gain insights into other factors related to the existence of client-side XSS flaws, such as missing knowledge of browser-provided APIs, and find that the root causes for Client-Side Cross-Site Scripting range from unaware developers to incompatible first- and third-party code.}, urldate = {2024-07-03}, booktitle = {Proceedings of the 22nd {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Stock, Ben and Pfistner, Stephan and Kaiser, Bernd and Lekies, Sebastian and Johns, Martin}, month = oct, year = {2015}, pages = {1419--1430}, } @misc{kettle_HTTPDesyncAttacks_2019, title = {{HTTP} {Desync} {Attacks}: {Request} {Smuggling} {Reborn}}, shorttitle = {{HTTP} {Desync} {Attacks}}, url = {https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn}, urldate = {2024-02-22}, author = {Kettle, James}, month = aug, year = {2019}, note = {Publication Title: PortSwigger Research}, } @misc{laurie_FixSecurityHole_1999, title = {Fix security hole. · openssl/openssl@b4cadc6}, url = {https://github.com/openssl/openssl/commit/b4cadc6e1343c01b06613053a90ed2ee85e65090}, abstract = {TLS/SSL and crypto library. Contribute to openssl/openssl development by creating an account on GitHub.}, language = {en}, urldate = {2025-09-29}, journal = {GitHub}, author = {Laurie, Ben}, month = mar, year = {1999}, } @inproceedings{bodenhausen_BidirectionalTLSHandshake_2025, title = {Bidirectional {TLS} {Handshake} {Caching} for {Constrained} {Industrial} {IoT} {Scenarios}}, url = {https://www.semanticscholar.org/paper/Bidirectional-TLS-Handshake-Caching-for-Constrained-Bodenhausen-Mangel/6f5b8be41f9bae06b2f0d1b5bcec6e075558f375?utm_source=alert_email&utm_content=AuthorCitation&utm_campaign=AlertEmails_WEEKLY&utm_term=LibraryFolder+AuthorCitation&email_index=0-0-0&utm_medium=59318968}, abstract = {While TLS has become the de-facto standard for end-to-end security, its use to secure critical communication in evolving industrial IoT scenarios is severely limited by prevalent resource constraints of devices and networks. Most notably, the TLS handshake to establish secure connections incurs significant bandwidth and processing overhead that often cannot be handled in constrained environments. To alleviate this situation, we present BiTHaC which realizes bidirectional TLS handshake caching by exploiting that significant parts of repeated TLS handshakes, especially certificates, are static. Thus, redundant information neither needs to be transmitted nor corresponding computations performed, saving valuable bandwidth and processing resources. By implementing BiTHaC for wolfSSL, we show that we can reduce the bandwidth consumption of TLS handshakes by up to 61.1\% and the computational overhead by up to 8.5\%, while incurring only well-manageable memory overhead and preserving the strict security guarantees of TLS.}, urldate = {2025-09-08}, author = {Bodenhausen, Jörn and Mangel, Simon and Vogt, Thomas and Henze, Martin}, month = aug, year = {2025}, } @inproceedings{shi_X509DoSExploitingDetecting_2025, title = {X.{509DoS}: {Exploiting} and {Detecting} {Denial}-of-{Service} {Vulnerabilities} in {Cryptographic} {Libraries} using {Crafted} {X}.509 {Certificates}}, isbn = {978-1-939133-52-6}, shorttitle = {X.{509DoS}}, url = {https://www.usenix.org/conference/usenixsecurity25/presentation/shi-bing}, language = {en}, urldate = {2025-08-25}, author = {Shi, Bing and Li, Wenchao and Wang, Yuchen and Bai, Xiaolong and Xing, Luyi}, year = {2025}, pages = {509--528}, } @misc{cloudflare_CloudflareRadarAdoption_2024, title = {Cloudflare {Radar} {\textbar} {Adoption} \& {Usage} {Worldwide}}, url = {https://radar.cloudflare.com/adoption-and-usage}, abstract = {Global Adoption \& Usage trends and insights.}, language = {en-US}, urldate = {2024-11-12}, author = {Cloudflare}, year = {2024}, } @inproceedings{manfredi_LostTLSNo_2019, address = {Cham}, title = {Lost in {TLS}? {No} {More}! {Assisted} {Deployment} of {Secure} {TLS} {Configurations}}, isbn = {978-3-030-22479-0}, shorttitle = {Lost in {TLS}?}, doi = {10.1007/978-3-030-22479-0_11}, abstract = {Over the last few years, there has been an almost exponential growth of TLS popularity and usage, especially among applications that deal with sensitive data. However, even with this widespread use, TLS remains for many system administrators a complex subject. The main reason is that they do not have the time to understand all the cryptographic algorithms and features used in a TLS suite and their relative weaknesses. For these reasons, many different tools have been developed to verify TLS implementations. However, they usually analyze the TLS configuration and provide a list of possible attacks, without specifying their mitigations. In this paper, we present TLSAssistant, a fully-featured tool that combines state-of-the-art TLS analyzers with a report system that suggests appropriate mitigations and shows the full set of viable attacks.}, language = {en}, booktitle = {Data and {Applications} {Security} and {Privacy} {XXXIII}}, publisher = {Springer International Publishing}, author = {Manfredi, Salvatore and Ranise, Silvio and Sciarretta, Giada}, editor = {Foley, Simon N.}, year = {2019}, keywords = {Assisted mitigations, TLS misconfiguration, Vulnerability detection}, pages = {201--220}, } @inproceedings{mayer_DonKnowWhy_2022, title = {"{I} don't know why i check this…" – {Investigating} {Expert} {Users}' {Strategies} to {Detect} {Email} {Signature} {Spoofing} {Attacks}}, isbn = {978-1-939133-30-4}, abstract = {OpenPGP is one of the two major standards for end-to-end email security. Several studies showed that serious usability issues exist with tools implementing this standard. However, a widespread assumption is that expert users can handle these tools and detect signature spoofing attacks. We present a user study investigating expert users' strategies to detect signature spoofing attacks in Thunderbird. We observed 25 expert users while they classified eight emails as either having a legitimate signature or not. Studying expert users explicitly gives us an upper bound of attack detection rates of all users dealing with PGP signatures. 52\% of participants fell for at least one out of four signature spoofing attacks. Overall, participants did not have an established strategy for evaluating email signature legitimacy. We observed our participants apply 23 different types of checks when inspecting signed emails, but only 8 of these checks tended to be useful in identifying the spoofed or invalid signatures. In performing their checks, participants were frequently startled, confused, or annoyed with the user interface, which they found supported them little. All these results paint a clear picture: Even expert users struggle to verify email signatures, usability issues in email security are not limited to novice users, and developers may need proper guidance on implementing email signature GUIs correctly.}, booktitle = {Proceedings of the 18th {Symposium} on {Usable} {Privacy} and {Security}, {SOUPS} 2022}, author = {Mayer, P. and Poddebniak, D. and Fischer, K. and Brinkmann, M. and Somorovsky, J. and Sasse, A. and Schinzel, S. and Volkamer, M.}, year = {2022}, keywords = {email}, } @inproceedings{albrecht_PrimePrejudicePrimality_2018, address = {New York, NY, USA}, series = {{CCS} '18}, title = {Prime and {Prejudice}: {Primality} {Testing} {Under} {Adversarial} {Conditions}}, isbn = {978-1-4503-5693-0}, shorttitle = {Prime and {Prejudice}}, url = {https://doi.org/10.1145/3243734.3243787}, doi = {10.1145/3243734.3243787}, abstract = {This work provides a systematic analysis of primality testing under adversarial conditions, where the numbers being tested for primality are not generated randomly, but instead provided by a possibly malicious party. Such a situation can arise in secure messaging protocols where a server supplies Diffie-Hellman parameters to the peers, or in a secure communications protocol like TLS where a developer can insert such a number to be able to later passively spy on client-server data. We study a broad range of cryptographic libraries and assess their performance in this adversarial setting. As examples of our findings, we are able to construct 2048-bit composites that are declared prime with probability (1/16) by OpenSSL's primality testing in its default configuration; the advertised performance is (2-80). We can also construct 1024-bit composites that always pass the primality testing routine in GNU GMP when configured with the recommended minimum number of rounds. And, for a number of libraries (Cryptlib, LibTomCrypt, JavaScript Big Number, WolfSSL), we can construct composites that always pass the supplied primality tests. We explore the implications of these security failures in applications, focusing on the construction of malicious Diffie-Hellman parameters. We show that, unless careful primality testing is performed, an adversary can supply parameters (p,q,g) which on the surface look secure, but where the discrete logarithm problem in the subgroup of order q generated by g is easy. We close by making recommendations for users and developers. In particular, we promote the Baillie-PSW primality test which is both efficient and conjectured to be robust even in the adversarial setting for numbers up to a few thousand bits.}, urldate = {2024-07-28}, booktitle = {Proceedings of the 2018 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Albrecht, Martin R. and Massimo, Jake and Paterson, Kenneth G. and Somorovsky, Juraj}, month = oct, year = {2018}, pages = {281--298}, } @inproceedings{deruiter_ProtocolStateFuzzing_2015, address = {Washington, D.C.}, title = {Protocol state fuzzing of {TLS} implementations}, isbn = {978-1-939133-11-3}, url = {https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/de-ruiter}, booktitle = {24th {USENIX} security symposium ({USENIX} security 15)}, publisher = {USENIX Association}, author = {de Ruiter, Joeri and Poll, Erik}, month = aug, year = {2015}, pages = {193--206}, } @inproceedings{paterson_PlaintextRecoveryAttacksDatagram_2012, title = {Plaintext-{Recovery} {Attacks} {Against} {Datagram} {TLS}}, url = {https://www.semanticscholar.org/paper/Plaintext-Recovery-Attacks-Against-Datagram-TLS-Paterson-AlFardan/644837b8b24a5ec51e1b761f3f17bcb8a5b922dd}, abstract = {The Datagram Transport Layer Security (DTLS) protocol provides confidentiality and integrity of data exchanged between a client and a server. We describe an efficient and full plaintext recovery attack against the OpenSSL implementation of DTLS, and a partial plaintext recovery attack against the GnuTLS implementation of DTLS. The attack against the OpenSSL implementation is a variant of Vaudenay’s padding oracle attack and exploits small timing differences arising during the cryptographic processing of DTLS packets. It would have been prevented if the OpenSSL implementation had been in accordance with the DTLS RFC. In contrast, the GnuTLS implementation does follow the DTLS RFC closely, but is still vulnerable to attack. The attacks require new insights to overcome the lack of error messages in DTLS and to amplify the timing differences. We discuss the reasons why these implementations are insecure, drawing lessons for secure protocol design and implemen-}, urldate = {2024-07-04}, author = {Paterson, K. and AlFardan, Nadhem J.}, year = {2012}, } @inproceedings{alfardan_LuckyThirteenBreaking_2013, title = {Lucky {Thirteen}: {Breaking} the {TLS} and {DTLS} {Record} {Protocols}}, shorttitle = {Lucky {Thirteen}}, url = {https://ieeexplore.ieee.org/document/6547131}, doi = {10.1109/SP.2013.42}, abstract = {The Transport Layer Security (TLS) protocol aims to provide confidentiality and integrity of data in transit across untrusted networks. TLS has become the de facto secure protocol of choice for Internet and mobile applications. DTLS is a variant of TLS that is growing in importance. In this paper, we present distinguishing and plaintext recovery attacks against TLS and DTLS. The attacks are based on a delicate timing analysis of decryption processing in the two protocols. We include experimental results demonstrating the feasibility of the attacks in realistic network environments for several different implementations of TLS and DTLS, including the leading OpenSSL implementations. We provide countermeasures for the attacks. Finally, we discuss the wider implications of our attacks for the cryptographic design used by TLS and DTLS.}, urldate = {2024-07-04}, booktitle = {2013 {IEEE} {Symposium} on {Security} and {Privacy}}, author = {Al Fardan, Nadhem J. and Paterson, Kenneth G.}, month = may, year = {2013}, note = {ISSN: 1081-6011}, keywords = {CBC-mode encryption, Ciphers, DTLS, Encryption, Media Access Protocol, TLS, Timing, plaintext recovery, timing attack}, pages = {526--540}, } @article{dowling_CryptographicAnalysisTLS_2021, title = {A {Cryptographic} {Analysis} of the {TLS} 1.3 {Handshake} {Protocol}}, volume = {34}, issn = {1432-1378}, url = {https://doi.org/10.1007/s00145-021-09384-1}, doi = {10.1007/s00145-021-09384-1}, abstract = {We analyze the handshake protocol of the Transport Layer Security (TLS) protocol, version 1.3. We address both the full TLS 1.3 handshake (the one round-trip time mode, with signatures for authentication and (elliptic curve) Diffie–Hellman ephemeral ((EC)DHE) key exchange), and the abbreviated resumption/“PSK” mode which uses a pre-shared key for authentication (with optional (EC)DHE key exchange and zero round-trip time key establishment). Our analysis in the reductionist security framework uses a multi-stage key exchange security model, where each of the many session keys derived in a single TLS 1.3 handshake is tagged with various properties (such as unauthenticated versus unilaterally authenticated versus mutually authenticated, whether it is intended to provide forward security, how it is used in the protocol, and whether the key is protected against replay attacks). We show that these TLS 1.3 handshake protocol modes establish session keys with their desired security properties under standard cryptographic assumptions.}, language = {en}, number = {4}, urldate = {2024-07-04}, journal = {Journal of Cryptology}, author = {Dowling, Benjamin and Fischlin, Marc and Günther, Felix and Stebila, Douglas}, month = jul, year = {2021}, keywords = {Authenticated key exchange, Handshake protocol, Transport Layer Security (TLS)}, pages = {37}, } @inproceedings{heninger_MiningYourPs_2012, address = {Bellevue, WA}, title = {Mining your ps and qs: {Detection} of widespread weak keys in network devices}, isbn = {978-931971-95-9}, url = {https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/heninger}, booktitle = {21st {USENIX} security symposium ({USENIX} security 12)}, publisher = {USENIX Association}, author = {Heninger, Nadia and Durumeric, Zakir and Wustrow, Eric and Halderman, J. Alex}, month = aug, year = {2012}, pages = {205--220}, } @inproceedings{valenta_SearchCurveSwapMeasuring_2018, title = {In {Search} of {CurveSwap}: {Measuring} {Elliptic} {Curve} {Implementations} in the {Wild}}, isbn = {978-1-5386-4228-3}, shorttitle = {In {Search} of {CurveSwap}}, url = {https://www.computer.org/csdl/proceedings-article/euros&p/2018/422801a384/12OmNAgY7pI}, doi = {10.1109/EuroSP.2018.00034}, abstract = {We survey elliptic curve implementations from several vantage points. We perform internet-wide scans for TLS on a large number of ports, as well as SSH and IPsec to measure elliptic curve support and implementation behaviors, and collect passive measurements of client curve support for TLS. We also perform active measurements to estimate server vulnerability to known attacks against elliptic curve implementations, including support for weak curves, invalid curve attacks, and curve twist attacks. We estimate that 1.53\% of HTTPS hosts, 0.04\% of SSH hosts, and 4.04\% of IKEv2 hosts that support elliptic curves do not perform curve validity checks as specified in elliptic curve standards. We describe how such vulnerabilities could be used to construct an elliptic curve parameter downgrade attack called CurveSwap for TLS, and observe that there do not appear to be combinations of weak behaviors we examined enabling a feasible CurveSwap attack in the wild. We also analyze source code for elliptic curve implementations, and find that a number of libraries fail to perform point validation for JSON Web Encryption, and find a flaw in the Java and NSS multiplication algorithms.}, language = {English}, urldate = {2024-07-03}, publisher = {IEEE Computer Society}, author = {Valenta, Luke and Sullivan, Nick and Sanso, Antonio and Heninger, Nadia}, month = apr, year = {2018}, pages = {384--398}, } @inproceedings{adrian_ImperfectForwardSecrecy_2015, address = {New York, NY, USA}, series = {{CCS} '15}, title = {Imperfect {Forward} {Secrecy}: {How} {Diffie}-{Hellman} {Fails} in {Practice}}, isbn = {978-1-4503-3832-5}, shorttitle = {Imperfect {Forward} {Secrecy}}, url = {https://doi.org/10.1145/2810103.2813707}, doi = {10.1145/2810103.2813707}, abstract = {We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, we present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to "export-grade" Diffie-Hellman. To carry out this attack, we implement the number field sieve discrete log algorithm. After a week-long precomputation for a specified 512-bit group, we can compute arbitrary discrete logs in that group in about a minute. We find that 82\% of vulnerable servers use a single 512-bit group, allowing us to compromise connections to 7\% of Alexa Top Million HTTPS sites. In response, major browsers are being changed to reject short groups. We go on to consider Diffie-Hellman with 768- and 1024-bit groups. We estimate that even in the 1024-bit case, the computations are plausible given nation-state resources. A small number of fixed or standardized groups are used by millions of servers; performing precomputation for a single 1024-bit group would allow passive eavesdropping on 18\% of popular HTTPS sites, and a second group would allow decryption of traffic to 66\% of IPsec VPNs and 26\% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break. We conclude that moving to stronger key exchange methods should be a priority for the Internet community.}, urldate = {2024-07-03}, booktitle = {Proceedings of the 22nd {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Adrian, David and Bhargavan, Karthikeyan and Durumeric, Zakir and Gaudry, Pierrick and Green, Matthew and Halderman, J. Alex and Heninger, Nadia and Springall, Drew and Thomé, Emmanuel and Valenta, Luke and VanderSloot, Benjamin and Wustrow, Eric and Zanella-Béguelin, Santiago and Zimmermann, Paul}, month = oct, year = {2015}, pages = {5--17}, } @inproceedings{len_PartitioningOracleAttacks_2021, title = {Partitioning oracle attacks}, isbn = {978-1-939133-24-3}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/len}, booktitle = {30th {USENIX} security symposium ({USENIX} security 21)}, publisher = {USENIX Association}, author = {Len, Julia and Grubbs, Paul and Ristenpart, Thomas}, month = aug, year = {2021}, pages = {195--212}, } @inproceedings{erinola_ExploringUnknownDTLS_2023, address = {Anaheim, CA}, title = {Exploring the unknown {DTLS} universe: {Analysis} of the {DTLS} server ecosystem on the internet}, isbn = {978-1-939133-37-3}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/erinola}, booktitle = {32nd {USENIX} security symposium ({USENIX} security 23)}, publisher = {USENIX Association}, author = {Erinola, Nurullah and Maehren, Marcel and Merget, Robert and Somorovsky, Juraj and Schwenk, Jörg}, month = aug, year = {2023}, keywords = {dtls, tls}, pages = {4859--4876}, } @inproceedings{aviram_DROWNBreakingTLS_2016, address = {Austin, TX}, title = {{DROWN}: {Breaking} {TLS} using {SSLv2}}, isbn = {978-1-931971-32-4}, url = {https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/aviram}, booktitle = {25th {USENIX} security symposium ({USENIX} security 16)}, publisher = {USENIX Association}, author = {Aviram, Nimrod and Schinzel, Sebastian and Somorovsky, Juraj and Heninger, Nadia and Dankel, Maik and Steube, Jens and Valenta, Luke and Adrian, David and Halderman, J. Alex and Dukhovni, Viktor and Käsper, Emilia and Cohney, Shaanan and Engels, Susanne and Paar, Christof and Shavitt, Yuval}, month = aug, year = {2016}, pages = {689--706}, } @misc{tls-docker-library, title = {{TLS}-{Docker}-{Library}}, url = {https://github.com/tls-attacker/TLS-Docker-Library}, year = {2024}, } @inproceedings{abdelhafez_ReplayAttackTLS_2023, title = {Replay {Attack} in {TLS} 1.3 0-{RTT} {Handshake}: {Countermeasure} {Techniques}}, shorttitle = {Replay {Attack} in {TLS} 1.3 0-{RTT} {Handshake}}, url = {https://ieeexplore.ieee.org/document/10278190}, doi = {10.1109/ICEESE56169.2023.10278190}, abstract = {Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol commonly used on the Internet nowadays. TLS 1.3 the latest version published in August 2018 introduced a new mode to perform the handshake in zero round-trip time (0-RTT) which led to a significant improvement in the protocol performance. 0-RTT handshake mode allows the client to establish the connection and send the application data in the first message (ClientHello) without waiting for the server to send a response. But it also opens a window for replay attacks. The attack occurs when a valid 0-RTT handshake message is captured and sent again to the server causing the server to perform the same process again according to the application data carried in the message. Several anti-replay protection techniques were introduced to prevent or mitigate the replay attack. This paper sheds light on replay attacks countermeasures for TLS 1.3 0-RTT handshake mode and the most recent proposed methods. The strength and limitations of these countermeasures are discussed. In addition, the paper deliberates on the challenges such countermeasures impose in a distributed environment, for instance, multiple servers in a cloud computing environment or a content delivery network (CDN).}, urldate = {2024-06-26}, booktitle = {2023 {IEEE} 6th {International} {Conference} on {Electrical}, {Electronics} and {System} {Engineering} ({ICEESE})}, author = {Abdelhafez, M.E and Ramadass, Sureswaran and Gismallab, Mohammed S. M.}, month = aug, year = {2023}, note = {ISSN: 2770-9787}, keywords = {0-RTT, Force, Industries, Power demand, Protocols, Resource management, Security, Servers, TLS 1.3, handshake, replay attack}, pages = {44--49}, } @inproceedings{armour_PartitionOraclesWeak_2021, address = {Cham}, title = {Partition {Oracles} from {Weak} {Key} {Forgeries}}, isbn = {978-3-030-92548-2}, doi = {10.1007/978-3-030-92548-2_3}, abstract = {In this work, we show how weak key forgeries against polynomial hash based Authenticated Encryption (AE) schemes, such as AES-GCM, can be leveraged to launch partitioning oracle attacks. Partitioning oracle attacks were recently introduced by Len et al. (Usenix’21) as a new class of decryption error oracle which, conceptually, takes a ciphertext as input and outputs whether or not the decryption key belongs to some known subset of keys. Partitioning oracle attacks allow an adversary to query multiple keys simultaneously, leading to practical attacks against low entropy keys (e. g. those derived from passwords).}, language = {en}, booktitle = {Cryptology and {Network} {Security}}, publisher = {Springer International Publishing}, author = {Armour, Marcel and Cid, Carlos}, editor = {Conti, Mauro and Stevens, Marc and Krenn, Stephan}, year = {2021}, keywords = {Authenticated Encryption, GCM, Partitioning oracles, Polynomial hashing, Weak key forgeries}, pages = {42--62}, } @inproceedings{merget_RaccoonAttackFinding_2021, title = {Raccoon {Attack}: {Finding} and {Exploiting} {Most}-{Significant}-{Bit}-{Oracles} in {TLS}-{DH}({E})}, isbn = {978-1-939133-24-3}, shorttitle = {Raccoon {Attack}}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/merget}, language = {en}, booktitle = {30th {USENIX} {Security} {Symposium} ({USENIX} {Security} 21)}, author = {Merget, Robert and Brinkmann, Marcus and Aviram, Nimrod and Somorovsky, Juraj and Mittmann, Johannes and Schwenk, Jörg}, year = {2021}, keywords = {tls}, pages = {213--230}, } @article{tehrani_HowMeasureTLS_2024, title = {How to {Measure} {TLS}, {X}.509 {Certificates}, and {Web} {PKI}: {A} {Tutorial} and {Brief} {Survey}}, copyright = {arXiv.org perpetual, non-exclusive license}, shorttitle = {How to {Measure} {TLS}, {X}.509 {Certificates}, and {Web} {PKI}}, url = {https://arxiv.org/abs/2401.18053}, doi = {10.48550/ARXIV.2401.18053}, abstract = {Transport Layer Security (TLS) is the base for many Internet applications and services to achieve end-to-end security. In this paper, we provide guidance on how to measure TLS deployments, including X.509 certificates and Web PKI. We introduce common data sources and tools, and systematically describe necessary steps to conduct sound measurements and data analysis. By surveying prior TLS measurement studies we find that diverging results are rather rooted in different setups instead of different deployments. To improve the situation, we identify common pitfalls and introduce a framework to describe TLS and Web PKI measurements. Where necessary, our insights are bolstered by a data-driven approach, in which we complement arguments by additional measurements.}, urldate = {2024-06-17}, author = {Tehrani, Pouyan Fotouhi and Osterweil, Eric and Schmidt, Thomas C. and Wählisch, Matthias}, year = {2024}, note = {Publisher: arXiv Version Number: 1}, keywords = {Cryptography and Security (cs.CR), FOS: Computer and information sciences, Networking and Internet Architecture (cs.NI)}, } @misc{tls-crawler, title = {{TLS}-{Crawler}}, url = {https://github.com/tls-attacker/TLS-Crawler}, year = {2024}, } @mastersthesis{schmidt_AnalyzingQUICEcosystem_2023, title = {Analyzing the {QUIC} {Ecosystem} {With} the {QUIC}-{Scanner}}, school = {Paderborn University}, author = {Schmidt, Marten}, year = {2023}, } @misc{tls-scanner, title = {{TLS}-{Scanner}}, url = {https://github.com/tls-attacker/TLS-Scanner}, year = {2024}, } @inproceedings{lee_TLSPracticeHow_2021, address = {New York, NY, USA}, series = {Www '21}, title = {{TLS} 1.3 in practice:how {TLS} 1.3 contributes to the internet}, isbn = {978-1-4503-8312-7}, url = {https://doi.org/10.1145/3442381.3450057}, doi = {10.1145/3442381.3450057}, abstract = {Transport Layer Security (TLS) has become the norm for secure communication over the Internet. In August 2018, TLS 1.3, the latest version of TLS, was approved, providing improved security and performance of the previous TLS version. In this paper, we take a closer look at TLS 1.3 deployments in practice regarding adoption rate, security, performance, and implementation by applying temporal, spatial, and platform-based approaches on 687M \ connections. Overall, TLS 1.3 has rapidly been adopted mainly due to third-party platforms such as Content Delivery Networks (CDNs) makes a significant contribution to the Internet. In fact, it deprecates vulnerable cryptographic primitives and substantially reduces the time required to perform the TLS 1.3 full handshake compared to the TLS 1.2 handshake. We quantify these aspects and show TLS 1.3 is beneficial to websites that do not rely on the third-party platforms. We also review Common Vulnerabilities and Exposures (CVEs) regarding TLS libraries and show that many of recent vulnerabilities can be easily addressed by upgrading to TLS 1.3. However, some websites exhibit unstable support for TLS 1.3 due to multiple platforms with different TLS versions or migration to other platforms, which means that a website can show the lower TLS version at a certain time or from a certain region. Furthermore, we find that most of the implementations (including TLS libraries) do not fully support the new features of TLS 1.3 such as downgrade protection and certificate extensions.}, booktitle = {Proceedings of the web conference 2021}, publisher = {Association for Computing Machinery}, author = {Lee, Hyunwoo and Kim, Doowon and Kwon, Yonghwi}, year = {2021}, note = {Number of pages: 10 Place: Ljubljana, Slovenia}, keywords = {Certificate, Measurement, TLS 1.3, TLS security, TLS vulnerability}, pages = {70--79}, } @inproceedings{langley_QUICTransportProtocol_2017, address = {New York, NY, USA}, series = {{SIGCOMM} '17}, title = {The {QUIC} {Transport} {Protocol}: {Design} and {Internet}-{Scale} {Deployment}}, isbn = {978-1-4503-4653-5}, shorttitle = {The {QUIC} {Transport} {Protocol}}, url = {https://dl.acm.org/doi/10.1145/3098822.3098842}, doi = {10.1145/3098822.3098842}, abstract = {We present our experience with QUIC, an encrypted, multiplexed, and low-latency transport protocol designed from the ground up to improve transport performance for HTTPS traffic and to enable rapid deployment and continued evolution of transport mechanisms. QUIC has been globally deployed at Google on thousands of servers and is used to serve traffic to a range of clients including a widely-used web browser (Chrome) and a popular mobile video streaming app (YouTube). We estimate that 7\% of Internet traffic is now QUIC. We describe our motivations for developing a new transport, the principles that guided our design, the Internet-scale process that we used to perform iterative experiments on QUIC, performance improvements seen by our various services, and our experience deploying QUIC globally. We also share lessons about transport design and the Internet ecosystem that we learned from our deployment.}, urldate = {2024-05-08}, booktitle = {Proceedings of the {Conference} of the {ACM} {Special} {Interest} {Group} on {Data} {Communication}}, publisher = {Association for Computing Machinery}, author = {Langley, Adam and Riddoch, Alistair and Wilk, Alyssa and Vicente, Antonio and Krasic, Charles and Zhang, Dan and Yang, Fan and Kouranov, Fedor and Swett, Ian and Iyengar, Janardhan and Bailey, Jeff and Dorfman, Jeremy and Roskind, Jim and Kulik, Joanna and Westin, Patrik and Tenneti, Raman and Shade, Robbie and Hamilton, Ryan and Vasiliev, Victor and Chang, Wan-Teh and Shi, Zhongyi}, month = aug, year = {2017}, pages = {183--196}, } @article{mamun_SmartManufacturingCyberphysical_2025, title = {Smart manufacturing towards cyber-physical resilience in {3D} printing process monitoring and anomaly detection}, volume = {141}, issn = {1433-3015}, url = {https://doi.org/10.1007/s00170-025-16795-y}, doi = {10.1007/s00170-025-16795-y}, abstract = {The digital threads of additive manufacturing (AM), originating from smart manufacturing, leverage Cyber-Physical Systems (CPS) that integrate interconnected cyber and physical domains, wherein the cyber domain encompasses product design processes (e.g., CAD modeling,.STL file creation, G-code generation, and cloud-based data sharing), while the physical domain employs the G-code to drive 3D printing and enable post-process monitoring. G-code modifications are a common vector for malicious cyber-attacks on AM systems, enabling alterations to part designs and print parameters that disrupt the printing process and degrade the mechanical properties and functionality of mission-critical parts. To detect cyber-attacks in AM systems, this study employs National Institute of Standards and Technology (NIST) cybersecurity frameworks to systematically detect cyber-attacks in AM systems and uses a fused filament fabrication (FFF) 3D printer testbed to simulate raster angle-based alteration classification (RAAC) for sensitivity analysis. This work focuses on G-code alteration detection using Euclidean distances along the x, y, and z axes, and employs layer-by-layer in-situ video monitoring of the FFF process via a digital microscope camera mounted on the extruder head to identify fabrication defects and potential cyber-physical attacks. Thus, layer-wise image frames are processed using adaptive region-of-interests (ROIs) to adjust spatiotemporal image fames’ raster angle and RGB-to-grayscale conversion to extract rasterized surface texture features (STFs), which capture surface patterns at varying raster angles and are refined using principal component analysis (PCA) for dimensionality reduction and feature extraction. This study evaluates a multiclass support vector machine (SVM) to detect RAAC attacks on AM systems. The model’s effectiveness is measured by using confusion matrices to analyze classification accuracy. The RAAC approach proved more effective than benchmark methods like Independent Component Analysis (ICA) and Convolutional Neural Networks (CNNs).}, language = {en}, number = {3}, urldate = {2025-11-10}, journal = {The International Journal of Advanced Manufacturing Technology}, author = {Mamun, Abdullah Al and Kuzlu, Murat and Jovanović, Vukica and Sealy, Winston}, month = nov, year = {2025}, keywords = {Anomaly Detection, Cyber-Physical Systems, Raster Angle, Smart Manufacturing, Surface Texture Features}, pages = {2007--2026}, } @misc{dolgavin_TurningHearsayDiscovery_2025, title = {Turning {Hearsay} into {Discovery}: {Industrial} {3D} {Printer} {Side} {Channel} {Information} {Translated} to {Stealing} the {Object} {Design}}, shorttitle = {Turning {Hearsay} into {Discovery}}, url = {http://arxiv.org/abs/2509.18366}, doi = {10.48550/arXiv.2509.18366}, abstract = {The central security issue of outsourced 3D printing (aka AM: Additive Manufacturing), an industry that is expected to dominate manufacturing, is the protection of the digital design (containing the designers' model, which is their intellectual property) shared with the manufacturer. Here, we show, for the first time, that side-channel attacks are, in fact, a concrete serious threat to existing industrial grade 3D printers, enabling the reconstruction of the model printed (regardless of employing ways to directly conceal the design, e.g. by encrypting it in transit and before loading it into the printer). Previously, such attacks were demonstrated only on fairly simple FDM desktop 3D printers, which play a negligible role in manufacturing of valuable designs. We focus on the Powder Bed Fusion (PBF) AM process, which is popular for manufacturing net-shaped parts with both polymers and metals. We demonstrate how its individual actuators can be instrumented for the collection of power side-channel information during the printing process. We then present our approach to reconstruct the 3D printed model solely from the collected power side-channel data. Further, inspired by Differential Power Analysis, we developed a method to improve the quality of the reconstruction based on multiple traces. We tested our approach on two design models with different degrees of complexity. For different models, we achieved as high as 90.29{\textasciitilde}{\textbackslash}\% of True Positives and as low as 7.02{\textasciitilde}{\textbackslash}\% and 9.71{\textasciitilde}{\textbackslash}\% of False Positives and False Negatives by voxel-based volumetric comparison between reconstructed and original designs. The lesson learned from our attack is that the security of design files cannot solely rely on protecting the files themselves in an industrial environment, but must instead also rely on assuring no leakage of power, noise and similar signals to potential eavesdroppers in the printer's vicinity.}, urldate = {2025-09-26}, publisher = {arXiv}, author = {Dolgavin, Aleksandr and Gatlin, Jacob and Yung, Moti and Yampolskiy, Mark}, month = sep, year = {2025}, note = {arXiv:2509.18366 [cs]}, keywords = {Computer Science - Cryptography and Security}, } @misc{isa/iec_62443SeriesSecurity_2024, title = {62443 {Series}. {Security} for industrial automation and control systems}, url = {https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards}, author = {{ISA/IEC}}, year = {2024}, } @misc{iso/iec_27001InformationSecurity_2022, title = {27001. {Information} security, cybersecurity and privacy protection — {Information} security management systems — {Requirements}}, url = {https://www.iso.org/standard/27001}, author = {{ISO/IEC}}, month = oct, year = {2022}, } @article{kantaros_Role3DPrinting_2025, title = {The {Role} of {3D} {Printing} in {Advancing} {Automated} {Manufacturing} {Systems}: {Opportunities} and {Challenges}}, volume = {6}, copyright = {http://creativecommons.org/licenses/by/3.0/}, issn = {2673-4052}, shorttitle = {The {Role} of {3D} {Printing} in {Advancing} {Automated} {Manufacturing} {Systems}}, url = {https://www.mdpi.com/2673-4052/6/2/21}, doi = {10.3390/automation6020021}, abstract = {The integration of 3D printing technologies in automated manufacturing systems marks a significant progression in the manufacturing industry, enabling elevated degrees of customization, efficiency, and sustainability. This paper explores the synergy between 3D printing and automation by conducting a critical literature review combined with case study analysis, focusing on their roles in enhancing production lines within the framework of Industry 4.0 and smart factories. Key opportunities presented by this integration include mass customization at scale, reduced material waste, and improved just-in-time manufacturing processes. However, challenges related to quality control, scalability, and workforce adaptation remain critical issues that require careful consideration. The study also examines the emerging role of hybrid manufacturing systems that combine additive and subtractive processes, alongside the growing need for standardized regulations and frameworks to ensure consistency and safety. Case studies are highlighted, showcasing real-world applications of automated 3D printing technologies and AI-driven print optimization techniques. In conclusion, this paper contributes to advancing the scholarly understanding of automated 3D printing by synthesizing technical, organizational, and regulatory insights and outlining future trajectories for sustainable and agile production ecosystems.}, language = {en}, number = {2}, urldate = {2025-06-12}, journal = {Automation}, author = {Kantaros, Antreas and Drosos, Christos and Papoutsidakis, Michail and Pallis, Evangelos and Ganetsos, Theodore}, month = jun, year = {2025}, note = {Number: 2 Publisher: Multidisciplinary Digital Publishing Institute}, keywords = {3D printing, AI-driven optimization, Industry 4.0, automated manufacturing, hybrid manufacturing, mass customization, quality control, smart factories, standardization, sustainable production}, pages = {21}, } @misc{sculpteo_Which3DPrinting_2021, title = {Which {3D} printing technologies do you use?}, url = {https://www.statista.com/statistics/560304/worldwide-survey-3d-printing-top-technologies/}, abstract = {In 2021, the most commonly used 3D printing technology was fused deposition modeling (FDM)/fused filament fabrication (FFF), with 71 percent of respondents utilizing this technology in house.}, language = {en}, urldate = {2024-07-01}, publisher = {Statista}, author = {{Sculpteo}}, month = apr, year = {2021}, } @misc{din_660251ProgrammaufbauFur_1983, title = {66025-1. {Programmaufbau} für numerisch gesteuerte {Arbeitsmaschinen}; {Allgemeines}}, author = {{DIN}}, month = jan, year = {1983}, } @misc{ansi/eia_RS274DInterchangeableVariable_1979, title = {{RS}-274-{D} {Interchangeable} variable block data format for positioning, contouring, and contouring/positioning numerically controlled machines}, publisher = {Electronic Industries Association. Engineering Department}, author = {{ANSI/EIA}}, year = {1979}, } @misc{kramer_NISTIR6556NIST_2000, title = {{NISTIR} 6556. {The} {NIST} {RS274NGC} {Interpreter} - {Version} 3}, url = {https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=823374}, abstract = {This report describes an interpreter which reads numerical control code and produces calls to a set of canonical machining functions. The interpreteris a software system written in the C++ programming language. The output of the interpreter may be used to drive 3-axis to 6-axis machining centers. Input to the interpreter is RS274 code in the dialect defined by the NextGeneration Controller (NGC) project, with modifications. The interpreter may be compiled as a stand-alone computer program or may be integrated with the NIST Enhanced Machine Controller (EMC) control system. Input can comefrom a file or from a user typing on a computer keyboard. Output commands can either be printed for future use or be executed directly on a machining center. The report includes a full description of the RS274/NGC input language and the canonical machining functions called by the interpreter. It is a complete users manual.}, language = {en}, publisher = {NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD}, author = {Kramer, Thomas and Proctor, Frederick and Messina, Elena}, month = aug, year = {2000}, } @misc{iso_69831AutomationSystems_2009, title = {6983-1. {Automation} systems and integration. {Numerical} control of machines. {Program} format and definitions of address words. {Part} 1: {Data} format for positioning, line motion and contouring control systems}, url = {https://www.iso.org/standard/34608.html}, abstract = {ISO 6983-1:2009 specifies requirements and makes recommendations for a data format for positioning, line motion and contouring control systems used in the numerical control of machines. ISO 6983-1:2009 helps the co-ordination of system design in order to minimize the variety of program manuscripts required, to promote uniformity of programming techniques, and to foster interchangeability of input programs between numerically controlled machines of the same classification by type, process, function, size and accuracy. It is intended that simple numerically controlled machines be programmed using a simple format, which is systematically extensible for more complex machines. ISO 6983-1:2009 is not intended for use in the specialized cases of numerically controlled flame cutting machines and drafting machines used specifically and exclusively in the shipbuilding industry. In this application, a related format (“the ESSI Format”) is specified in ISO 6582.}, author = {{ISO}}, month = dec, year = {2009}, } @article{yampolskiy_Using3DPrinters_2016, title = {Using {3D} printers as weapons}, volume = {14}, issn = {1874-5482}, url = {https://www.sciencedirect.com/science/article/pii/S1874548215300330}, doi = {https://doi.org/10.1016/j.ijcip.2015.12.004}, abstract = {Additive manufacturing, also known as 3D printing, is a transformative manufacturing technology that will play a significant role in the critical manufacturing sector. Industrial-grade 3D printers are increasingly used to produce functional parts for important systems. However, due to their reliance on computerization, 3D printers are susceptible to a broad range of attacks. More importantly, compromising a 3D printer is not a goal, but rather a staging point for launching subsequent attacks with the printer. For example, an adversary can compromise a 3D printer in order to manipulate the mechanical properties of manufactured parts. If the manufactured parts are used in jet engines or in other safety-critical systems, they could endanger human life, disrupt critical infrastructure assets and produce significant economic and societal impacts. This paper analyzes the ability of an adversary to “weaponize” compromised additive manufacturing equipment in order to cause kinetic, nuclear/biological/chemical or cyber damage. In particular, the paper presents categories (taxonomies) of the elements in an additive manufacturing workflow that can be compromised by successful attacks, the manipulations that the compromised elements can exercise and the weapon-like effects resulting from these manipulations. The relationships between these taxonomies are discussed. Finally, the weaponization capabilities of 3D printers are characterized.}, journal = {International Journal of Critical Infrastructure Protection}, author = {Yampolskiy, Mark and Skjellum, Anthony and Kretzschmar, Michael and Overfelt, Ruel A. and Sloan, Kenneth R. and Yasinsac, Alec}, year = {2016}, keywords = {3D Printing, Additive Manufacturing, Security Taxonomy, Weaponization}, pages = {58--71}, } @inproceedings{rais_SpatiotemporalGcodeModeling_2021, address = {New York, NY, USA}, series = {{ICCPS} '21}, title = {Spatiotemporal {G}-code modeling for secure {FDM}-based {3D} printing}, isbn = {978-1-4503-8353-0}, url = {https://doi.org/10.1145/3450267.3450545}, doi = {10.1145/3450267.3450545}, abstract = {3D printing constructs physical objects by building and stacking layers according to the CAD (Computer-aided Design) information. Attackers target a printing object by manipulating the printing parameters such as nozzle movement and temperature. The existing research on secure 3D printing mostly focuses on nozzle-kinetics, while attacks on filament-kinetics and thermodynamics can also damage the printed object. The detection of these attacks mainly relies on creating master-profile and machine learning by printing every unique object in a protected environment. In the fourth industrial revolution, such an approach is not suitable due to mass-customization rather than bulk production. This paper presents Sophos, a framework to detect nozzle-kinetic, filament-kinetic and thermodynamic attacks on the fused deposition modeling (FDM)-based 3D printing process. Sophos design does not require any prior learning for every unique object. It can detect the attacks on the first print using spatiotemporal G-code modeling, aligning it with the Industry 4.0 vision. Sophos is scalable and supports modular upgrades to suit different printing requirements. Its design allows the detection threshold to be reduced conveniently to as low as the 3D printer's resolution, shifting the game to a more interesting study of attack patterns than attack magnitudes.}, urldate = {2022-06-09}, booktitle = {Proceedings of the {ACM}/{IEEE} 12th {International} {Conference} on {Cyber}-{Physical} {Systems}}, publisher = {Association for Computing Machinery}, author = {Rais, Muhammad Haris and Li, Ye and Ahmed, Irfan}, month = may, year = {2021}, keywords = {3D printing, filament-kinetic attacks, thermodynamic attacks}, pages = {177--186}, } @article{yu_SecurityPrivacyEmerging_2021, title = {Security and {Privacy} in the {Emerging} {Cyber}-{Physical} {World}: {A} {Survey}}, volume = {23}, issn = {1553-877X}, shorttitle = {Security and {Privacy} in the {Emerging} {Cyber}-{Physical} {World}}, doi = {10.1109/COMST.2021.3081450}, abstract = {With the emergence of low-cost smart and connected IoT devices, the area of cyber-physical security is becoming increasingly important. Past research has demonstrated new threat vectors targeting the transition process between the cyber and physical domains, where the attacker exploits the sensing system as an attack surface for signal injection or extraction of private information. Recently, there have been attempts to characterize an abstracted model for signal injection, but they primarily focus on the path of signal processing. This paper aims to systematize the existing research on security and privacy problems arising from the interaction of cyber world and physical world, with the context of broad CPS applications. The primary goals of the systematization are to (1) reveal the attack patterns and extract a general attack model of existing work; (2) understand possible new attacks; and (3) motivate development of defenses against the emerging cyber-physical threats.}, number = {3}, journal = {IEEE Communications Surveys \& Tutorials}, author = {Yu, Zhiyuan and Kaplan, Zack and Yan, Qiben and Zhang, Ning}, year = {2021}, note = {Conference Name: IEEE Communications Surveys \& Tutorials}, keywords = {Cyber-physical systems, Market research, Pipelines, Privacy, Security, Sensor systems, Sensors, cyber-physical systems, sensors, side-channel information leakage, signal injection}, pages = {1879--1919}, } @inproceedings{yampolskiy_MythsMisconceptionsAdditive_2021, address = {New York, NY, USA}, series = {{AMSec} '21}, title = {Myths and {Misconceptions} in {Additive} {Manufacturing} {Security}: {Deficiencies} of the {CIA} {Triad}}, isbn = {978-1-4503-8480-3}, shorttitle = {Myths and {Misconceptions} in {Additive} {Manufacturing} {Security}}, url = {https://doi.org/10.1145/3462223.3485618}, doi = {10.1145/3462223.3485618}, abstract = {It is natural, as the demand for Additive Manufacturing (AM) Security grows, to adopt established approaches from other security research areas. However, such "imports,'' if not done carefully, can be misleading, and sometimes even counterproductive, and thus may negatively affect actual security of AM. We argue that this is the case for the CIA triad (Confidentiality, Integrity, Availability), a fundamental model of data security. To this end, we present arguments showing that the CIA triad cannot substitute concrete threat categories already established in AM. AM is an area which is not "pure data," but rather an area involving software, data files, and transforming data into physical artifacts, where established threats in this ecosystem include: Technical Data Theft, Sabotage, and Illegal Part Manufacturing.}, urldate = {2022-09-06}, booktitle = {Proceedings of the 2021 {Workshop} on {Additive} {Manufacturing} ({3D} {Printing}) {Security}}, publisher = {Association for Computing Machinery}, author = {Yampolskiy, Mark and Gatlin, Jacob and Yung, Moti}, month = nov, year = {2021}, keywords = {3d printing, additive manufacturing, cia triad, security}, pages = {3--9}, } @techreport{miller_Investigating3DPrinter_2019, title = {Investigating {3D} {Printer} {Residual} {Data}}, url = {http://arxiv.org/abs/1901.07507}, abstract = {The continued adoption of Additive Manufacturing technologies is raising concerns in the security, forensics, and intelligence gathering communities. These concerns range from identifying and mitigating compromised devices, to theft of intellectual property, to sabotage, to the production of prohibited objects. Previous research has provided insight into the retrieval of configuration information maintained on the devices, but this work shows that the devices can additionally maintain information about the print process. Comparisons between before and after images taken from an AM device reveal details about the device's activities, including printed designs, menu interactions, and the print history. Patterns in the storage of that information also may be useful for reducing the amount of data that needs to be examined during an investigation. These results provide a foundation for future investigations regarding the tools and processes suitable for examining these devices.}, number = {arXiv:1901.07507}, urldate = {2022-06-09}, institution = {arXiv}, author = {Miller, Daniel Bradford and Gatlin, Jacob and Glisson, William Bradley and Yampolskiy, Mark and McDonald, Jeffrey Todd}, month = jan, year = {2019}, doi = {10.48550/arXiv.1901.07507}, note = {arXiv:1901.07507 [cs] type: article}, keywords = {Computer Science - Cryptography and Security}, } @article{islam_SurveyLimitationSecurity_2021, title = {A {Survey} on {Limitation}, {Security} and {Privacy} {Issues} on {Additive} {Manufacturing}}, volume = {abs/2103.06400}, url = {https://www.semanticscholar.org/paper/A-Survey-on-Limitation%2C-Security-and-Privacy-Issues-Islam-Tu/67b2fc3d308f191f24cb60a303008c914c1f0e58}, abstract = {The relevant limitations of additive manufacturing in terms of printing capability, security, and possible solutions are explored and the mechanisms and frameworks for access control and authentication for AM devices are analyzed. Additive manufacturing (AM) is growing as fast as anyone can imagine, and it is now a multi-billion-dollar industry. AM becomes popular in a variety of sectors, such as automotive, aerospace, biomedical, and pharmaceutical, for producing parts/ components/ subsystems. However, current AM technologies can face vast risks of security issues and privacy loss. For the security of AM process, many researchers are working on the defense mechanism to countermeasure such security concerns and finding efficient ways to eliminate those risks. Researchers have also been conducting experiments to establish a secure framework for the user’s privacy and security components. This survey consists of four sections. In the first section, we will explore the relevant limitations of additive manufacturing in terms of printing capability, security, and possible solutions. The second section will present different kinds of attacks on AM and their effects. The next part will analyze and discuss the mechanisms and frameworks for access control and authentication for AM devices. The final section examines the security issues in various industrial sectors and provides the observations on the security of the additive manufacturing process.}, language = {en}, urldate = {2022-09-06}, journal = {CoRR}, author = {Islam, Md Nazmul and Tu, Yazhou and Hossen, Md Imran and Guo, Shengmin and Hei, Xiali}, year = {2021}, } @incollection{mouhamed_Watermarking3DPrinting_2021, address = {Cham}, series = {Studies in {Big} {Data}}, title = {Watermarking {3D} {Printing} {Data} {Based} on {Coyote} {Optimization} {Algorithm}}, isbn = {978-3-030-59338-4}, url = {https://doi.org/10.1007/978-3-030-59338-4_29}, abstract = {The main objective of this work is developing 3D printing Data Protection Using Watermarking approach that considers watermarking problem as an optimization problem. 3D objects watermarking inhabits a challenging obstacle. The existence of many 3D objects representations act one reason for this challenge. The 3D models watermarking research state is furthermore in its opening as opposed to published work in video and image watermarking. This work propose a 3D watermarking approach by utilizing Coyote Optimization Algorithm (COA) in optimizing statistical watermarking embedding for 3D mesh model. Coyote optimization algorithm (COA) consider a recent fast and stable meta heuristic algorithm. This proposed approach aims to introduce an intelligent layer on the watermarking process. The approach starts by selecting the best vertices that will carry the watermark bits using k-means clustering method. Followed by watermark embedding step using COA in finding the best local statistical measure modification value. Finally we extract the embedded watermark without any need of the original model. The proposed approach is validated using different visual fidelity and robustness measures. The experimental results of the proposed approach will be compared with other state of the art approaches to prove its superiority in embedding and extraction of watermark bits sequence with respect to both robustness and imperceptibility.}, language = {en}, urldate = {2022-09-06}, booktitle = {Machine {Learning} and {Big} {Data} {Analytics} {Paradigms}: {Analysis}, {Applications} and {Challenges}}, publisher = {Springer International Publishing}, author = {Mouhamed, Mourad R. and Soliman, Mona M. and Darwish, Ashraf and Hassanien, Aboul Ella}, editor = {Hassanien, Aboul Ella and Darwish, Ashraf}, year = {2021}, doi = {10.1007/978-3-030-59338-4_29}, keywords = {3D mesh model, Clustering, Coyote Optimization Algorithm (COA), Point of interest (pois), Watermark, k-means}, pages = {603--624}, } @article{dasilva_ComprehensiveReviewAdditive_2021, title = {A comprehensive review on additive manufacturing of medical devices}, volume = {6}, issn = {2363-9520}, url = {https://doi.org/10.1007/s40964-021-00188-0}, doi = {10.1007/s40964-021-00188-0}, abstract = {The trend of growth and aging of population worldwide will pose new challenges in health care, which will require faster solutions addressed to specific pacient needs. In this regard, additive manufacturing (AM) is a group of promising technologies capable of delivering custom biomedical parts of high complexity in reduced lead time. Although it has emerged commercially in the 1980s as a rapid prototyping and modeling technique, it is now applied to production of a wide range of shapes with various possible materials. In this work, the technological aspects of each type of AM process were reviewed according to their advantages, limitations and potential or current applications for the production of medical devices. Direct comparisons of resolution, price and printing speed made possible to identify the most important niche for each AM process in health care sciences. In one hand, the many variables involved make these processes difficult to model and control, but in the other hand, they allow fine tuning of the microstructure to produce purposeful anisotropy, porosity and varying chemical composition, which may be desired in many medical devices. In addition, since the AM technologies have different working principles and feedstock requirements, the historic concept and classification of biomaterials were also assessed in view of their application for tissue engineering, implantable devices and surgery equipment among other uses. The discussion of materials and manufacturing methods was based on several research works and commercial products, which show a extremely fast developing field with a broad range of current and future possibilities in terms of biomedical applications.}, language = {en}, number = {3}, urldate = {2022-09-06}, journal = {Progress in Additive Manufacturing}, author = {da Silva, Leonardo Rosa Ribeiro and Sales, Wisley Falco and Campos, Felipe dos Anjos Rodrigues and de Sousa, José Aécio Gomes and Davis, Rahul and Singh, Abhishek and Coelho, Reginaldo Teixeira and Borgohain, Bhaskar}, month = aug, year = {2021}, keywords = {Addictive and subtractive manufacturing, Medical devices, Orthesis, Prosthesis}, pages = {517--553}, } @article{gao_ThermoTagHiddenID_2021, title = {{ThermoTag}: {A} {Hidden} {ID} of {3D} {Printers} for {Fingerprinting} and {Watermarking}}, volume = {16}, issn = {1556-6021}, shorttitle = {{ThermoTag}}, doi = {10.1109/TIFS.2021.3065225}, abstract = {To address the increasing challenges of counterfeit detection and IP protection for 3D printing, we propose that every 3D printer holds unique fingerprinting features characterized by the thermodynamic properties of the extruder hot-end and can be used as a new way of 3D watermarking. We prove that these physical fingerprints resulting from manufacturing imperfections and system variations exhibit distinct heating responses, namely “ThermoTag,” which can be represented as the distinguishable thermodynamic processes and, ultimately, the temperature readings during the preheating process. Experimental results show that, by only changing the hot-ends of the same model on the same 3D printer, we can achieve about 92\% identification accuracy amongst 45 hot-ends. The permanence and robustness of ThermoTag for the same hot-end were examined, throughout a period of one month with hundreds of trials under different environmental temperature settings. Leveraging the hidden ThermoTag, an example of watermarking scheme in 3D printing is presented and evaluated.}, journal = {IEEE Transactions on Information Forensics and Security}, author = {Gao, Yang and Wang, Wei and Jin, Yincheng and Zhou, Chi and Xu, Wenyao and Jin, Zhanpeng}, year = {2021}, note = {Conference Name: IEEE Transactions on Information Forensics and Security}, keywords = {3D printer, Computational modeling, Frequency division multiplexing, Printers, Solid modeling, Three-dimensional displays, Three-dimensional printing, Watermarking, fingerprinting, hot-end, thermal model, watermarking}, pages = {2805--2820}, } @article{chen_SecurityFeaturesEmbedded_2017, title = {Security features embedded in computer aided design ({CAD}) solid models for additive manufacturing}, volume = {128}, issn = {0264-1275}, url = {https://www.sciencedirect.com/science/article/pii/S0264127517304355}, doi = {10.1016/j.matdes.2017.04.078}, abstract = {The additive manufacturing (AM) process chain relies heavily on cloud based resources and software programs that are connected to the internet. Cybersecurity has become a major concern for cloud based resources. While network security is important and is the responsibility of the information technology departments of corporations, a second line of defense is necessary if the cybersecurity is breached and the computer aided design (CAD) files are stolen. The stolen CAD files can be used to print components in exactly the same quality as the original component. The present work aims at developing design features in CAD models that can be used for the purpose of security against counterfeiting. With the introduction of these features, only a unique combination of processing and printing parameters will provide a high-quality component and any other conditions will result in a defective or inferior quality component. The high quality part will print only under a unique set of STL file resolution, slicing conditions, part orientation on the print bed and the printer operating parameters. It is recognized that these features are not off-the-shelf technologies but represent design methodologies that need to be developed for the given component design and the desired AM technique.}, language = {english}, urldate = {2021-04-12}, journal = {Materials \& Design}, author = {Chen, Fei and Mac, Gary and Gupta, Nikhil}, month = aug, year = {2017}, keywords = {3D printing, Additive manufacturing, Computer aided design, Cybersecurity, Security}, pages = {182--194}, } @inproceedings{bridges_CyberSecurityAdditive_2015, address = {New York, NY, USA}, series = {{CISR} '15}, title = {Cyber {Security} for {Additive} {Manufacturing}}, isbn = {978-1-4503-3345-0}, url = {https://doi.org/10.1145/2746266.2746280}, doi = {10.1145/2746266.2746280}, abstract = {This paper describes the cyber security implications of additive manufacturing (also known as 3-D printing). Three-D printing has the potential to revolutionize manufacturing and there is substantial concern for the security of the storage, transfer and execution of 3-D models across digital networks and systems. While rapidly gaining in popularity and adoption by many entities, additive manufacturing is still in its infancy. Supporting the broadest possible applications the technology will demand the ability to demonstrate secure processes from ideas, design, prototyping, production and delivery. As with other technologies in the information revolution, additive manufacturing technology is at risk of outpacing a competent security infrastructure so research and solutions need to be tackled in concert with the 3-D boom.}, language = {english}, urldate = {2021-04-12}, booktitle = {Proceedings of the 10th {Annual} {Cyber} and {Information} {Security} {Research} {Conference}}, publisher = {Association for Computing Machinery}, author = {Bridges, Susan M. and Keiser, Ken and Sissom, Nathan and Graves, Sara J.}, month = apr, year = {2015}, keywords = {3-D Printing, Additive Manufacturing, Cybersecurity}, pages = {1--3}, } @inproceedings{bella_YouOvertrustYour_2019, address = {Cham}, title = {You {Overtrust} {Your} {Printer}}, isbn = {978-3-030-26250-1}, abstract = {Printers are common devices whose networked use is vastly unsecured, perhaps due to an enrooted assumption that their services are somewhat negligible and, as such, unworthy of protection. This article develops structured arguments and conducts technical experiments in support of a qualitative risk assessment exercise that ultimately undermines that assumption. Three attacks that can be interpreted as post-exploitation activity are found and discussed, forming what we term the Printjack family of attacks to printers. Some printers may suffer vulnerabilities that would transform them into exploitable zombies. Moreover, a large number of printers, at least on an EU basis, are found to honour unauthenticated printing requests, thus raising the risk level of an attack that sees the crooks exhaust the printing facilities of an institution. There is also a remarkable risk of data breach following an attack consisting in the malicious interception of data while in transit towards printers. Therefore, the newborn IoT era demands printers to be as secure as other devices such as laptops should be, also to facilitate compliance with the General Data Protection Regulation (EU Regulation 2016/679) and reduce the odds of its administrative fines.}, language = {english}, booktitle = {Computer {Safety}, {Reliability}, and {Security}}, publisher = {Springer International Publishing}, author = {Bella, Giampaolo and Biondi, Pietro}, editor = {Romanovsky, Alexander and Troubitsyna, Elena and Gashi, Ilir and Schoitsch, Erwin and Bitsch, Friedemann}, year = {2019}, pages = {264--274}, } @inproceedings{kurkowski_MANIPULATIONGCODETOOLPATH_2022, address = {Cham}, title = {{MANIPULATION} {OF} {G}-{CODE} {TOOLPATH} {FILES} {IN} {3D} {PRINTERS}: {ATTACKS} {AND} {MITIGATIONS}}, isbn = {978-3-031-20137-0}, shorttitle = {{MANIPULATION} {OF} {G}-{CODE} {TOOLPATH} {FILES} {IN} {3D} {PRINTERS}}, doi = {10.1007/978-3-031-20137-0_6}, abstract = {Additive manufacturing or 3D printing is commonly used to create mission-critical parts in the critical infrastructure. This research focuses on threats that target the key slicing step of additive manufacturing, when design files that model part geometry are converted to G-code toolpath files that convey instructions for printing parts layer by layer. The research leverages a hitherto unknown slicing software vulnerability where G-code corresponding to part slices is stored as plaintext ASCII characters in heap memory during execution. The vulnerability was discovered in two open-source, full-featured slicing software suites that support many 3D printers.}, language = {en}, booktitle = {Critical {Infrastructure} {Protection} {XVI}}, publisher = {Springer Nature Switzerland}, author = {Kurkowski, Elizabeth and Van Stockum, Alyxandra and Dawson, Joel and Taylor, Curtis and Schulz, Tricia and Shenoi, Sujeet}, editor = {Staggs, Jason and Shenoi, Sujeet}, year = {2022}, keywords = {Additive manufacturing, G-code attacks, fused filament fabrication}, pages = {155--174}, } @inproceedings{moore_ImplicationsMalicious3D_2017, title = {Implications of {Malicious} {3D} {Printer} {Firmware}}, doi = {10125/41899}, booktitle = {Hawaii {International} {Conference} on {System} {Sciences} 2017 ({HICSS}-50)}, author = {Moore, Samuel Bennett and Glisson, William Bradley and Yampolskiy, Mark}, month = jan, year = {2017}, } @article{yang_OnlineDetectionCyberincidents_2022, title = {Online detection of cyber-incidents in additive manufacturing systems via analyzing multimedia signals}, volume = {38}, issn = {1099-1638}, doi = {10.1002/qre.2953}, abstract = {Additive manufacturing (AM) or 3D printing is an emerging manufacturing technology that plays a growing role in both industrial and consumer settings. However, security concerns of AM systems have been raised among researchers. In this paper, we present an online detection mechanism for the malicious attempts on AM systems, which taps into both audio and video signals collected during the printing process. For audio signals, we propose to monitor the shift of patterns in the spectrogram and dominant frequencies via a control chart designed based on the Wasserstein metric. For video signals, we propose to monitor the change in the reconstructed path of the extruder via a Hausdorff metric. We then show the effectiveness of our methods in a case study using an Ender 3D printer, where the cyber-incidence of altering the internal fill density can be easily identified in an online manner.}, language = {en}, number = {3}, urldate = {2024-04-08}, journal = {Quality and Reliability Engineering International}, author = {Yang, Wei and Chen, Jialei and Zhang, Chuck and Paynabar, Kamran}, year = {2022}, note = {\_eprint: https://onlinelibrary.wiley.com/doi/pdf/10.1002/qre.2953}, keywords = {control chart, cyber-attack detection, cybersecurity, signal processing}, pages = {1340--1356}, } @article{sturm_CyberphysicalVulnerabilitiesAdditive_2017, title = {Cyber-physical vulnerabilities in additive manufacturing systems: {A} case study attack on the .{STL} file with human subjects}, volume = {44}, issn = {0278-6125}, doi = {10.1016/j.jmsy.2017.05.007}, abstract = {One of the key advantages of additive manufacturing (AM) is its digital thread, which allows for rapid communication, iteration, and sharing of a design model and its corresponding physical representation. While this enables a more efficient design process, it also presents opportunities for cyber-attacks to impact the physical word. In this paper the authors examine potential attack vectors along the Additive Manufacturing process chain. Specifically, the effects of cyber-physical attacks, and potential means for detecting them, are explored. To explore the potential implications of such an attack, a case study was conducted to evaluate the ability of human subjects to detect and diagnose a cyber-physical attack on the STL file of a test specimen. Based on the results of this study, recommendations are presented for preventing and detecting cyber-physical attacks on AM processes.}, language = {english}, urldate = {2021-05-07}, journal = {Journal of Manufacturing Systems}, author = {Sturm, Logan D. and Williams, Christopher B. and Camelio, Jamie A. and White, Jules and Parker, Robert}, month = jul, year = {2017}, keywords = {Additive manufacturing, Advanced manufacturing, Cyber-physical security}, pages = {154--164}, } @article{mohammed_3DPrintingMedicine_2021, series = {{3D}-{Printed} {Medicine}: {From} today's accomplishments to tomorrow's promises}, title = {{3D} {Printing} in medicine: {Technology} overview and drug delivery applications}, volume = {4}, issn = {2666-9641}, doi = {10.1016/j.stlm.2021.100037}, abstract = {The concept of tailored medicine for individual patients have been around for a while but recently earned much attention. Great interest is given to 3D printing technology due to its immense application potential in the pharmaceutical industry and other health care sectors. 3D printing technology involves Layer-by-layer fabrication of 3Dgra objects from digital designs. This review gives a detailed yet much-focused discussion about 3D printing technology, the outline of 3D printing-based drug delivery technology its application in the pharmaceutical product development process. Based on the method of material layering, 3D printers are generally inkjet, extrusion, or laser-based systems. This review discusses the different types of 3D printers and their applications in different areas of drug delivery. A selection of recent researches carried out in the field of pharmaceutical 3D printing for drug delivery applications is also included. In addition to the promising opportunities, the review discusses the technical and regulatory challenges that slow down the implementation of such technology in the pharmaceutical and health care sector and the suggested measures to overcome such challenges.}, urldate = {2024-08-27}, journal = {Annals of 3D Printed Medicine}, author = {Mohammed, Abdul Aleem and Algahtani, Mohammed S. and Ahmad, Mohammad Zaki and Ahmad, Javed and Kotta, Sabna}, month = dec, year = {2021}, keywords = {3D printing, Customized dose, Drug delivery, Layer-by-layer, Personalized medicine, Pharmaceuticals}, pages = {100037}, } @article{gao_WatchingSafeguardingYour_2018, title = {Watching and {Safeguarding} {Your} {3D} {Printer}: {Online} {Process} {Monitoring} {Against} {Cyber}-{Physical} {Attacks}}, volume = {2}, doi = {10.1145/3264918}, abstract = {The increasing adoption of 3D printing in many safety and mission critical applications exposes 3D printers to a variety of cyber attacks that may result in catastrophic consequences if the printing process is compromised. For example, the mechanical properties (e.g., physical strength, thermal resistance, dimensional stability) of 3D printed objects could be significantly affected and degraded if a simple printing setting is maliciously changed. To address this challenge, this study proposes a model-free real-time online process monitoring approach that is capable of detecting and defending against the cyber-physical attacks on the firmwares of 3D printers. Specifically, we explore the potential attacks and consequences of four key printing attributes (including infill path, printing speed, layer thickness, and fan speed) and then formulate the attack models. Based on the intrinsic relation between the printing attributes and the physical observations, our defense model is established by systematically analyzing the multi-faceted, real-time measurement collected from the accelerometer, magnetometer and camera. The Kalman filter and Canny filter are used to map and estimate three aforementioned critical toolpath information that might affect the printing quality. Mel-frequency Cepstrum Coefficients are used to extract features for fan speed estimation. Experimental results show that, for a complex 3D printed design, our method can achieve 4\% Hausdorff distance compared with the model dimension for infill path estimate, 6.07\% Mean Absolute Percentage Error (MAPE) for speed estimate, 9.57\% MAPE for layer thickness estimate, and 96.8\% accuracy for fan speed identification. Our study demonstrates that, this new approach can effectively defend against the cyber-physical attacks on 3D printers and 3D printing process.}, language = {english}, number = {3}, urldate = {2021-04-12}, journal = {Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies}, author = {Gao, Yang and Li, Borui and Wang, Wei and Xu, Wenyao and Zhou, Chi and Jin, Zhanpeng}, month = sep, year = {2018}, keywords = {3D Printing, Cyber-Physical Security, Online Process Monitoring, Sensor Fusion}, pages = {108:1--108:27}, } @inproceedings{tsoutsos_Secure3DPrinting_2017, series = {{CPSS} '17}, title = {Secure {3D} {Printing}: {Reconstructing} and {Validating} {Solid} {Geometries} using {Toolpath} {Reverse} {Engineering}}, isbn = {978-1-4503-4956-7}, doi = {10.1145/3055186.3055198}, abstract = {As 3D printing becomes more ubiquitous, traditional centralized process chains are transformed to a distributed manufacturing model, where each step of the process can be outsourced to different parties. Despite the countless benefits of this revolutionary technology, outsourcing parts of the process to potentially untrusted parties raises security concerns, as malicious design modifications can impact the structural integrity of the manufactured 3D geometries. To address this problem, we introduce a novel compiler that allows reverse engineering G-code toolpaths (i.e., machine commands describing how a geometry is printed) to reconstruct a close approximation of the original 3D object. Our framework then uses Finite Element Analysis to simulate the reconstructed object under different stress conditions and validate its structural integrity, without requiring a golden model reference.}, urldate = {2022-06-09}, booktitle = {Proceedings of the 3rd {ACM} {Workshop} on {Cyber}-{Physical} {System} {Security}}, publisher = {Association for Computing Machinery}, author = {Tsoutsos, Nektarios Georgios and Gamil, Homer and Maniatakos, Michail}, month = apr, year = {2017}, keywords = {3D object reconstruction, additive manufacturing, constructive solid geometry, finite element analysis}, pages = {15--20}, } @inproceedings{yu_XCheckVerifyingIntegrity_2023, series = {{USENIX} {Security} 23}, title = {{XCheck}: {Verifying} {Integrity} of {3D} {Printed} {Patient}-{Specific} {Devices} via {Computing} {Tomography}}, isbn = {978-1-939133-37-3}, shorttitle = {{XCheck}}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/yu-zhiyuan-xcheck}, language = {en}, urldate = {2024-03-21}, booktitle = {Proceedings of the 32nd {USENIX} {Security} {Symposium}}, author = {Yu, Zhiyuan and Chang, Yuanhaur and Zhai, Shixuan and Deily, Nicholas and Ju, Tao and Wang, XiaoFeng and Jammalamadaka, Uday and Zhang, Ning}, year = {2023}, pages = {2815--2832}, } @inproceedings{yampolskiy_EvaluationAdditiveSubtractive_2017, title = {Evaluation of {Additive} and {Subtractive} {Manufacturing} from the {Security} {Perspective}}, isbn = {978-3-319-70395-4}, doi = {10.1007/978-3-319-70395-4_2}, abstract = {Additive manufacturing involves a new class of cyber-physical systems that manufacture 3D objects incrementally by depositing and fusing together thin layers of source material. In 2015, the global additive manufacturing industry had \$5.165 billion in revenue, with 32.5\% of all manufactured objects used as functional parts. Because of their reliance on computerization, additive manufacturing devices (or 3D printers) are susceptible to a broad range of attacks. The rapid adoption of additive manufacturing in aerospace, automotive and other industries makes it an attractive attack target and a critical asset to be protected.This chapter compares emerging additive manufacturing and traditional subtractive manufacturing from the security perspective. While the discussion compares the two manufacturing technologies, the emphasis is on additive manufacturing due to its expected dominance as the manufacturing technology of the future. The chapter outlines the additive and subtractive manufacturing workflows, proposes a framework for analyzing attacks on or using additive manufacturing systems and presents the major threat categories. In order to compare the two manufacturing paradigms from the security perspective, the differences between the two workflows are identified and the attack analysis framework is applied to demonstrate how the differences translate into threats. The analysis reveals that, while there is significant overlap with regard to security, fundamental differences in the two manufacturing paradigms require a separate investigation of additive manufacturing security.}, language = {english}, booktitle = {Critical {Infrastructure} {Protection} {XI}}, publisher = {Springer International Publishing}, author = {Yampolskiy, Mark and King, Wayne and Pope, Gregory and Belikovetsky, Sofia and Elovici, Yuval}, editor = {Rice, Mason and Shenoi, Sujeet}, year = {2017}, keywords = {Additive manufacturing, attack framework, subtractive manufacturing}, pages = {23--44}, } @inproceedings{song_MySmartphoneKnows_2016, series = {{CCS} '16}, title = {My smartphone knows what you print: {Exploring} smartphone-based side-channel attacks against {3D} printers}, isbn = {978-1-4503-4139-4}, doi = {10.1145/2976749.2978300}, abstract = {Additive manufacturing, also known as 3D printing, has been increasingly applied to fabricate highly intellectual property (IP) sensitive products. However, the related IP protection issues in 3D printers are still largely underexplored. On the other hand, smartphones are equipped with rich onboard sensors and have been applied to pervasive mobile surveillance in many applications. These facts raise one critical question: is it possible that smartphones access the side-channel signals of 3D printer and then hack the IP information? To answer this, we perform an end-to-end study on exploring smartphone-based side-channel attacks against 3D printers. Specifically, we formulate the problem of the IP side-channel attack in 3D printing. Then, we investigate the possible acoustic and magnetic side-channel attacks using the smartphone built-in sensors. Moreover, we explore a magnetic-enhanced side-channel attack model to accurately deduce the vital directional operations of 3D printer. Experimental results show that by exploiting the side-channel signals collected by smartphones, we can successfully reconstruct the physical prints and their G-code with Mean Tendency Error of 5.87\% on regular designs and 9.67\% on complex designs, respectively. Our study demonstrates this new and practical smartphone-based side channel attack on compromising IP information during 3D printing.}, booktitle = {Proceedings of the 2016 {ACM} {SIGSAC} conference on computer and communications security}, publisher = {Association for Computing Machinery}, author = {Song, Chen and Lin, Feng and Ba, Zhongjie and Ren, Kui and Zhou, Chi and Xu, Wenyao}, year = {2016}, note = {Number of pages: 13 Place: Vienna, Austria}, keywords = {3D printing, side-channel attack, smartphone}, pages = {895--907}, } @inproceedings{moore_VulnerabilityAnalysisDesktop_2016, title = {Vulnerability analysis of desktop {3D} printer software}, isbn = {978-1-5090-2002-7}, doi = {10.1109/RWEEK.2016.7573305}, language = {english}, urldate = {2021-04-12}, booktitle = {2016 {Resilience} {Week} ({RWS})}, publisher = {IEEE}, author = {Moore, Samuel Bennett and Armstrong, Phillip and McDonald, Todd and Yampolskiy, Mark}, month = aug, year = {2016}, pages = {46--51}, } @inproceedings{gatlin_EncryptionFutileReconstructing_2021, series = {{RAID} '21}, title = {Encryption is {Futile}: {Reconstructing} {3D}-{Printed} {Models} {Using} the {Power} {Side}-{Channel}}, isbn = {978-1-4503-9058-3}, shorttitle = {Encryption is {Futile}}, doi = {10.1145/3471621.3471850}, abstract = {Outsourced Additive Manufacturing (AM) exposes sensitive design data to external malicious actors. Even with end-to-end encryption between the design owner and 3D-printer, side-channel attacks can be used to bypass cyber-security measures and obtain the underlying design. In this paper, we develop a method based on the power side-channel that enables accurate design reconstruction in the face of full encryption measures without any prior knowledge of the design. Our evaluation on a Fused Deposition Modeling (FDM) 3D Printer has shown 99 \% accuracy in reconstruction, a significant improvement on the state of the art. This approach demonstrates the futility of pure cyber-security measures applied to Additive Manufacturing.}, urldate = {2022-06-09}, booktitle = {24th {International} {Symposium} on {Research} in {Attacks}, {Intrusions} and {Defenses}}, publisher = {Association for Computing Machinery}, author = {Gatlin, Jacob and Belikovetsky, Sofia and Elovici, Yuval and Skjellum, Anthony and Lubell, Joshua and Witherell, Paul and Yampolskiy, Mark}, month = oct, year = {2021}, keywords = {3D Printing, Additive Manufacturing, IP Theft., Intellectual Property Theft, Side-Channel Attack}, pages = {135--147}, } @inproceedings{blocklove_OffRAMPSFPGAbasedIntermediary_2024, title = {{OffRAMPS}: {An} {FPGA}-based {Intermediary} for {Analysis} and {Modification} of {Additive} {Manufacturing} {Control} {Systems}}, shorttitle = {{OffRAMPS}}, doi = {10.48550/arXiv.2404.15446}, abstract = {Cybersecurity threats in Additive Manufacturing (AM) are an increasing concern as AM adoption continues to grow. AM is now being used for parts in the aerospace, transportation, and medical domains. Threat vectors which allow for part compromise are particularly concerning, as any failure in these domains would have life-threatening consequences. A major challenge to investigation of AM part-compromises comes from the difficulty in evaluating and benchmarking both identified threat vectors as well as methods for detecting adversarial actions. In this work, we introduce a generalized platform for systematic analysis of attacks against and defenses for 3D printers. Our "OFFRAMPS" platform is based on the open-source 3D printer control board "RAMPS." OFFRAMPS allows analysis, recording, and modification of all control signals and I/O for a 3D printer. We show the efficacy of OFFRAMPS by presenting a series of case studies based on several Trojans, including ones identified in the literature, and show that OFFRAMPS can both emulate and detect these attacks, i.e., it can both change and detect arbitrary changes to the g-code print commands.}, urldate = {2024-04-29}, booktitle = {Proceedings of the 54th {Annual} {IEEE}/{IFIP} {International} {Conference} on {Dependable} {Systems} and {Networks}}, author = {Blocklove, Jason and Raz, Md and Roy, Prithwish Basu and Pearce, Hammond and Krishnamurthy, Prashanth and Khorrami, Farshad and Karri, Ramesh}, month = apr, year = {2024}, note = {arXiv:2404.15446 [cs, eess]}, keywords = {Computer Science - Cryptography and Security, Electrical Engineering and Systems Science - Systems and Control}, } @inproceedings{belikovetsky_Dr0wnedCyberphysicalAttack_2017, address = {Vancouver, BC}, series = {{WOOT} 17}, title = {dr0wned – cyber-physical attack with additive manufacturing}, url = {https://www.usenix.org/conference/woot17/workshop-program/presentation/belikovetsky}, booktitle = {11th {USENIX} workshop on offensive technologies}, publisher = {USENIX Association}, author = {Belikovetsky, Sofia and Yampolskiy, Mark and Toh, Jinghui and Gatlin, Jacob and Elovici, Yuval}, month = aug, year = {2017}, } @inproceedings{alfaruque_AcousticSidechannelAttacks_2016, series = {{ICCPS}}, title = {Acoustic side-channel attacks on additive manufacturing systems}, doi = {10.1109/ICCPS.2016.7479068}, abstract = {Additive manufacturing systems, such as 3D printers, emit sounds while creating objects. Our work demonstrates that these sounds carry process information that can be used to indirectly reconstruct the objects being printed, without requiring access to the original design. This is an example of a physical-to-cyber domain attack, where information gathered from the physical domain, such as acoustic side-channel, can be used to reveal information about the cyber domain. Our novel attack model consists of a pipeline of audio signal processing, machine learning algorithms, and context-based post-processing to improve the accuracy of the object reconstruction. In our experiments, we have successfully reconstructed the test objects (designed to test the attack model under various benchmark parameters) and their corresponding G-codes with an average accuracy for axis prediction of 78.35\% and an average length prediction error of 17.82\% on a Fused Deposition Modeling (FDM) based additive manufacturing system. Our work exposes a serious vulnerability in FDM based additive manufacturing systems exploitable by physical-to-cyber attacks that may lead to theft of Intellectual Property (IP) and trade secrets. To the best of our knowledge this kind of attack has not yet been explored in additive manufacturing systems.}, booktitle = {2016 {ACM}/{IEEE} 7th international conference on cyber-physical systems}, author = {Al Faruque, Mohammad Abdullah and Chhetri, Sujit Rokka and Canedo, Arquimedes and Wan, Jiang}, month = apr, year = {2016}, pages = {1--10}, } @inproceedings{ahsan_SOKSideChannel_2023, series = {{EuroS}\&{P}}, title = {{SOK}: {Side} {Channel} {Monitoring} for {Additive} {Manufacturing} - {Bridging} {Cybersecurity} and {Quality} {Assurance} {Communities}}, doi = {10.1109/EuroSP57164.2023.00071}, abstract = {Additive Manufacturing (AM) is critical for the fourth industrial revolution (i.e., Industry 4.0). It involves printing a 3D object layer-by-layer from scratch. Fused filament fabrication (FFF), one of the most widely used AM technology, has been adopted by commercial and domestic consumers. With the recent addition of metal filaments, FFF caters to a broad spectrum of manufacturing industry requirements. Cybersecurity and Quality Assurance (QA) of the FFF process is an active research area. Like any other cyber-physical system, FFF exhibits many side channels (SCs), including acoustic and thermal emissions, vibrations, etc. Researchers in the QA domain use SCs to predict defects in the printed parts. Cybersecurity researchers, on the other hand, utilize SCs to identify malicious anomalies in the process. While the aims are different, there are definite overlaps in both communities’ acquisition and analysis methodologies. As the two communities bring distinct skill sets and expertise, we find an opportunity to bring them closer through a systematic study of available work and identifying the commonalities and distinctions to motivate the consumption of cross-domain knowledge. Our approach to systematizing the knowledge is based on identifying the available SC, the acquisition and analysis methodologies, performance statistics, associated challenges, and future research directions. This knowledge consolidation and systematization exercise will not only help the new researchers aiming to explore SCs in the FFF process but also highlight collaboration opportunities between QA and cybersecurity communities.}, urldate = {2024-02-26}, booktitle = {2023 {IEEE} 8th {European} {Symposium} on {Security} and {Privacy} ({EuroS}\&{P})}, author = {Ahsan, Muhammad and Rais, Muhammad Haris and Ahmed, Irfan}, month = jul, year = {2023}, keywords = {Additive Manufacturing, Channel estimation, Collaboration, Defense, Field-flow fractionation, Quality assurance, Sabotage, Side Channels, Systematics, Three-dimensional displays, Vibrations}, pages = {1160--1178}, } @inproceedings{hojjati_LeaveYourPhone_2016, series = {{CCS} '16}, title = {Leave your phone at the door: {Side} channels that reveal factory floor secrets}, isbn = {978-1-4503-4139-4}, doi = {10.1145/2976749.2978323}, abstract = {From pencils to commercial aircraft, every man-made object must be designed and manufactured. When it is cheaper or easier to steal a design or a manufacturing process specification than to invent one's own, the incentive for theft is present. As more and more manufacturing data comes online, incidents of such theft are increasing. In this paper, we present a side-channel attack on manufacturing equipment that reveals both the form of a product and its manufacturing process, i.e., exactly how it is made. In the attack, a human deliberately or accidentally places an attack-enabled phone close to the equipment or makes or receives a phone call on any phone nearby. The phone executing the attack records audio and, optionally, magnetometer data. We present a method of reconstructing the product's form and manufacturing process from the captured data, based on machine learning, signal processing, and human assistance. We demonstrate the attack on a 3D printer and a CNC mill, each with its own acoustic signature, and discuss the commonalities in the sensor data captured for these two different machines. We compare the quality of the data captured with a variety of smartphone models. Capturing data from the 3D printer, we reproduce the form and process information of objects previously unknown to the reconstructors. On average, our accuracy is within 1 mm in reconstructing the length of a line segment in a fabricated object's shape and within 1 degree in determining an angle in a fabricated object's shape. We conclude with recommendations for defending against these attacks.}, booktitle = {Proceedings of the 2016 {ACM} {SIGSAC} conference on computer and communications security}, publisher = {Association for Computing Machinery}, author = {Hojjati, Avesta and Adhikari, Anku and Struckmann, Katarina and Chou, Edward and Tho Nguyen, Thi Ngoc and Madan, Kushagra and Winslett, Marianne S. and Gunter, Carl A. and King, William P.}, year = {2016}, keywords = {cyber-physical systems, data security for manufacturing, side channels}, pages = {883--894}, } @article{yampolskiy_SecurityAdditiveManufacturing_2018, title = {Security of additive manufacturing: {Attack} taxonomy and survey}, volume = {21}, issn = {2214-8604}, shorttitle = {Security of additive manufacturing}, doi = {10.1016/j.addma.2018.03.015}, abstract = {Additive manufacturing (AM) is a rapidly growing, multibillion dollar industry. AM is increasingly being used to manufacture functional parts, including components of safety critical systems in aerospace, automotive, and other industries. This makes AM an attractive attack target. AM Security is a fairly new field of research that addresses this novel threat. This paper serves dual purposes: For researchers just entering AM security, we provide an in-depth introduction to this highly multi-disciplinary research field. And, for active researchers in the field, this paper provides a comprehensive, structured survey of the state of the art as well as our proposal for attack taxonomies.}, language = {english}, urldate = {2021-04-12}, journal = {Additive Manufacturing}, author = {Yampolskiy, Mark and King, Wayne E. and Gatlin, Jacob and Belikovetsky, Sofia and Brown, Adam and Skjellum, Anthony and Elovici, Yuval}, month = may, year = {2018}, keywords = {3D printing, AM security, Additive manufacturing, Survey, Taxonomy}, pages = {431--457}, } @article{belikovetsky_DigitalAudioSignature_2019, title = {Digital {Audio} {Signature} for {3D} {Printing} {Integrity}}, volume = {14}, issn = {1556-6021}, doi = {10.1109/TIFS.2018.2851584}, abstract = {Additive manufacturing (AM, or 3D printing) is a novel manufacturing technology that has been adopted in industrial and consumer settings. However, the reliance of this technology on computerization has raised various security concerns. In this paper, we address issues associated with sabotage via tampering during the 3D printing process by presenting an approach that can verify the integrity of a 3D printed object. Our approach operates on acoustic side-channel emanations generated by the 3D printer's stepper motors, which results in a non-intrusive and real-time validation process that is difficult to compromise. The proposed approach constitutes two algorithms. The first algorithm is used to generate a master audio fingerprint for the verifiable unaltered printing process. The second algorithm is applied when the same 3D object is printed again, and this algorithm validates the monitored 3D printing process by assessing the similarity of its audio signature with the master audio fingerprint. To evaluate the quality of the proposed thresholds, we identify the detectability thresholds for the following minimal tampering primitives: insertion, deletion, replacement, and modification of a single tool path command. By detecting the deviation at the time of occurrence, we can stop the printing process for compromised objects, thus saving time and preventing material waste. We discuss various factors that impact the method, such as background noise, audio device changes, and different audio recorder positions.}, number = {5}, urldate = {2024-04-08}, journal = {IEEE Transactions on Information Forensics and Security}, author = {Belikovetsky, Sofia and Solewicz, Yosef A. and Yampolskiy, Mark and Toh, Jinghui and Elovici, Yuval}, month = may, year = {2019}, note = {Conference Name: IEEE Transactions on Information Forensics and Security}, keywords = {Acoustics, Additive manufacturing, Printers, Security, Solid modeling, Three-dimensional displays, Three-dimensional printing, cyber security, side channels}, pages = {1127--1141}, } @article{alkofahi_MitMAttacksIntellectual_2024, title = {{MitM} attacks on intellectual property and integrity of additive manufacturing systems: {A} security analysis}, volume = {140}, issn = {0167-4048}, shorttitle = {{MitM} attacks on intellectual property and integrity of additive manufacturing systems}, doi = {10.1016/j.cose.2024.103810}, abstract = {Additive Manufacturing (AM) was originally invented to reduce the cost of the prototyping process. Over time, the technology evolved to be faster, more accurate, and affordable. These factors, in addition to the potential use of AM in parts production, have helped rapidly drive the growth of AM in both industrial and personal uses. Thus, there is an accompanying demand to understand the cybersecurity implications of such systems. In our research, we present an in-depth security review of Stratasys Dimension Elite and show how manufacturers of such high-end 3D printers failed to protect the confidentiality and integrity of the printed 3D models. Revealing the intricate dimensions of cyber threats within the realm of AM and laying the foundation for understanding the multifaceted nature of attacks, offering insights into vulnerabilities and potential consequences. Moreover, we demonstrate the massive impact network attacks can have on 3D printers' communication channels. Our sniffing attack stole transmitted models with a minimal overhead of 0.015 seconds to evade detection. The developed replacement attack targeted and replaced specific models with offline-prepared models. Also, we automated a sabotaging attack to alter the interior model structure on the fly with minimal visual but significant strength differences. By revealing these attacks, this research not only improves the security posture of 3D printers but also enhances the understanding of security challenges in additive manufacturing as a whole.}, urldate = {2024-04-24}, journal = {Computers \& Security}, author = {Alkofahi, Hamza and Alawneh, Heba and Skjellum, Anthony}, month = may, year = {2024}, keywords = {3D model, Additive manufacturing, Confidentiality, Integrity, Intellectual property, MitM attack, Sabotaging, Security, Stratasys}, pages = {103810}, } @misc{duet3d_DuetWebControl_2024, title = {Duet {Web} {Control} {Manual}}, url = {https://docs.duet3d.com/User_manual/Reference/Duet_Web_Control_Manual}, abstract = {Duet Web Control is a browser based user interface for RepRapFirmware that runs in most modern browsers that support HTML 5.}, language = {en}, urldate = {2025-01-08}, journal = {Duet3D Documentation}, author = {{Duet3D}}, month = oct, year = {2024}, } @misc{iso/astm_52915SpecificationAdditive_2020, title = {52915. {Specification} for additive manufacturing file format ({AMF}) {Version} 1.2}, url = {https://www.iso.org/standard/74640.html}, abstract = {This document provides the specification for the Additive Manufacturing File Format (AMF), an interchange format to address the current and future needs of additive manufacturing technology. This document specifies the requirements for the preparation, display and transmission for the AMF. When prepared in a structured electronic format, strict adherence to an extensible markup language (XML)[1] schema supports standards-compliant interoperability. NOTE A W3C XML schema definition (XSD) for the AMF is available from ISO from http://standards.iso.org/iso/52915 and from ASTM from www.astm.org/MEETINGS/images/amf.xsd. An implementation guide for such an XML schema is provided in Annex A. It is recognized that there is additional information relevant to the final part that is not covered by the current version of this document. Suggested future features are listed in Annex B. This document does not specify any explicit mechanisms for ensuring data integrity, electronic signatures and encryptions.}, author = {{ISO/ASTM}}, month = mar, year = {2020}, } @misc{ultimaker_UltimakerAchievesISO_2022, title = {Ultimaker achieves {ISO}/{IEC} 27001 security certification}, url = {https://ultimaker.com/learn/ultimaker-achieves-iso-iec-27001-security-certification/}, abstract = {Ultimaker achieves ISO/IEC 27001 security certification JUNE 23, 2022– Ultimaker is delighted to announce we have achieved ISO/IEC 27001 certification – the leading internationally-recognized standard for information security management. ISO/IEC 27001 certifies that the security policies Ultimaker applies across the organization – including all software and 3D printer products – are rigorous and robust. Setting […]}, language = {en}, urldate = {2025-01-08}, journal = {UltiMaker}, author = {Ultimaker}, month = jun, year = {2022}, } @techreport{johnm.evansjr.et.al._StandardsComputerAided_1977, address = {Washington, D. C.}, type = {Final {Report}}, title = {Standards for {Computer} {Aided} {Manufacturing}}, url = {https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nbsir76-1183.pdf}, number = {NBSIR 76-1094 (R)}, institution = {National Bureau of Standards}, author = {{John M. Evans, Jr., et. al.}}, month = jun, year = {1977}, pages = {352}, } @misc{haussge_OctoPrint_2024, title = {{OctoPrint}}, url = {https://octoprint.org/}, abstract = {OctoPrint is the snappy web interface for your 3D printer that allows you to control and monitor all aspects of your printer and print jobs, right from your browser.}, language = {en}, urldate = {2024-09-05}, author = {Häußge, Gina}, year = {2024}, } @misc{fortunebusinessinsights_3DPrintingMarket_2024, title = {{3D} {Printing} {Market} {Size}, {Growth}, {Share} {\textbar} {Global} {Report} [2032]}, url = {https://www.fortunebusinessinsights.com/industry-reports/3d-printing-market-101902}, abstract = {The global 3D printing market size was valued at \$22.39 billion in 2023 \& is projected to grow from \$27.52 billion in 2024 to \$150.20 billion by 2032}, language = {en}, urldate = {2024-08-27}, author = {{Fortune Business Insights}}, month = aug, year = {2024}, } @misc{pistilli_3DPrintingStocks_2023, title = {{3D} {Printing} {Stocks}: 9 {Biggest} {Companies}}, shorttitle = {{3D} {Printing} {Stocks}}, url = {https://investingnews.com/daily/tech-investing/emerging-tech-investing/top-3d-printing-companies/}, abstract = {The 3D printing industry is expected to be worth US\$106 billion by 2030. Here’s a look at the 9 biggest 3D printing stocks on the market.}, language = {en}, urldate = {2024-08-27}, author = {Pistilli, Melissa}, month = aug, year = {2023}, } @misc{amfg_ApplicationSpotlight3DPrinted_2019, title = {Application {Spotlight}: {3D}-{Printed} {Rockets} and the {Future} of {Spacecraft} {Manufacturing}}, shorttitle = {Application {Spotlight}}, url = {https://amfg.ai/2019/08/28/application-spotlight-3d-printed-rockets-and-the-future-of-spacecraft-manufacturing/}, abstract = {3D printing is fast becoming an exciting technology for spacecraft manufacturing, and rockets in particular. Both startups and established manufacturers are embracing 3D printing to create rocket components with enhanced design and performance at a lower cost and with faster turnaround times. This week, we continue our Application Spotlight series by looking at the}, language = {en-US}, urldate = {2024-08-27}, author = {{AMFG}}, month = aug, year = {2019}, } @misc{3dnatives_How3DPrinting_2023, title = {How {3D} {Printing} {Allows} for {Customizable} {Consumer} {Goods}}, url = {https://www.3dnatives.com/en/consumer-goods-3d-printing-08022023/}, abstract = {3D printing can be used to make consumer goods which are customized to the person's individual needs, as well as being technically good.}, language = {en-US}, urldate = {2024-08-27}, author = {{3Dnatives}}, month = feb, year = {2023}, } @misc{nawrat_3DPrintingMedical_2018, title = {{3D} printing in the medical field: four major applications revolutionising the industry}, shorttitle = {{3D} printing in the medical field}, url = {https://www.medicaldevice-network.com/features/3d-printing-in-the-medical-field-applications/}, abstract = {Discover the applications and innovations of 3D printing in the medical field. Explore its impact with Medical Device Network. Stay informed!}, language = {en-US}, urldate = {2024-08-27}, journal = {Medical Device Network}, author = {Nawrat, Allie}, month = aug, year = {2018}, } @inproceedings{rais_SOK3DPrinter_2024, title = {{SOK}: {3D} {Printer} {Firmware} {Attacks} on {Fused} {Filament} {Fabrication}}, isbn = {978-1-939133-43-4}, url = {https://www.usenix.org/conference/woot24/presentation/rais}, language = {en}, urldate = {2024-08-15}, booktitle = {Proceedings of the 18th {USENIX} {WOOT} {Conference} on {Offensive} {Technologies}}, author = {Rais, Muhammad Haris and Ahsan, Muhammad and Ahmed, Irfan}, year = {2024}, pages = {263--282}, } @article{chhetri_ToolSpiesLeaking_2021, title = {Tool of {Spies}: {Leaking} your {IP} by {Altering} the {3D} {Printer} {Compiler}}, volume = {18}, issn = {1941-0018}, shorttitle = {Tool of {Spies}}, doi = {10.1109/TDSC.2019.2923215}, abstract = {In cyber-physical additive manufacturing systems, side-channel attacks have been used to reconstruct the G/M-code (which are instructions given to a manufacturing system) of 3D objects being produced. This method is effective for stealing intellectual property from an organization, through least expected means, during prototyping stage before the product goes through a large-scale fabrication and comes out in the market. However, an attacker can be far from being able to completely reconstruct the G/M-code due to lack of enough information leakage through the side-channels. In this paper, we propose a novel way to amplify the information leakage and thus boost the chances of recovery of G/M-code by surreptitiously altering the compiler. By using this compiler, an adversary may easily control various parameters to magnify the leakage of information from a 3D printer while still producing the desired object, thus remaining hidden from the authentic users. This type of attack may be implemented by strong attackers having access to the tool chain and seeking high level of stealth. We have implemented such a compiler and have demonstrated that it increases the success rate of recovering G/M-codes from the four side-channels (acoustic, power, vibration, and electromagnetic) by up to 39 percent compared to previously proposed attacks.}, number = {2}, journal = {IEEE Transactions on Dependable and Secure Computing}, author = {Chhetri, Sujit Rokka and Barua, Anomadarshi and Faezi, Sina and Regazzoni, Francesco and Canedo, Arquimedes and Al Faruque, Mohammad Abdullah}, month = mar, year = {2021}, note = {Conference Name: IEEE Transactions on Dependable and Secure Computing}, keywords = {Cyber-physical systems, Data models, Predictive models, Printers, Solid modeling, Three-dimensional displays, Tools, Vibrations, confidentiality, information, manufacturing, security}, pages = {667--678}, } @inproceedings{mccormack_SecurityAnalysisNetworked_2020, title = {Security {Analysis} of {Networked} {3D} {Printers}}, doi = {10.1109/SPW50608.2020.00035}, abstract = {Networked 3D printers are an emerging trend in manufacturing. However, many have poor security controls, allowing attackers to cause physical hazards, create defective safety-critical parts, steal proprietary data, and halt costly operations. Prior work has given limited attention to identifying if a network attacker is able to achieve these goals. In this work, we present C3PO, an open-source network security analysis tool that systematically identifies security threats to networked 3D printers. C3PO's design is guided by industry standards and best practices, identifying potential vulnerabilities in data transfer, the printing application, availability, and exposed network services. Furthermore, C3PO analyzes how a network deployment impacts a 3D printer's security, such as an attacker compromising an IoT camera in order to send malicious commands to a networked 3D printer. We use C3PO to analyze 13 networked 3D printers and 5 real-world manufacturing network deployments. We identified 8 types of network security vulnerabilities such as a susceptibility to low-rate denial of service attacks, the transmission of unencrypted data, and publicly accessible network deployments.}, booktitle = {2020 {IEEE} {Security} and {Privacy} {Workshops} ({SPW})}, author = {McCormack, Matthew and Chandrasekaran, Sanjay and Liu, Guyue and Yu, Tianlong and DeVincent Wolf, Sandra and Sekar, Vyas}, month = may, year = {2020}, keywords = {3D Printing, Communication networks, Manufacturing, Network security, Printers, Security, Systematics, Three-dimensional displays, Tools}, pages = {118--125}, } @article{do_DataExfiltrationRemote_2016, title = {A {Data} {Exfiltration} and {Remote} {Exploitation} {Attack} on {Consumer} {3D} {Printers}}, volume = {11}, issn = {1556-6021}, doi = {10.1109/TIFS.2016.2578285}, abstract = {With the increased popularity of 3D printers in homes, and industry sectors, such as biomedical and manufacturing, the potential for cybersecurity risks must be carefully considered. Risks may arise from factors such as printer manufacturers not having the requisite levels of security awareness, and not fully understanding the need for security measures to protect intellectual property, and other sensitive data that are stored, accessed, and transmitted from such devices. This paper examines the security features of two different models of MakerBot Industries' consumer-oriented 3D printers and proposes an attack technique that is able to, not only, exfiltrate sensitive data, but also allow for remote manipulation of these devices. The attack steps are discretely modeled using a threat model to enable formal representation of the attack. Specifically, we found that the printers stored the previously printed and currently printing objects on an unauthenticated web server. We also ascertain that the transport layer security implementation on these devices was flawed, which severely affected the security of these devices and allowed for remote exploitation. Countermeasures to the attack that are implementable by both the manufacturer and the user of the printer are presented.}, number = {10}, journal = {IEEE Transactions on Information Forensics and Security}, author = {Do, Quang and Martini, Ben and Choo, Kim-Kwang Raymond}, month = oct, year = {2016}, note = {Conference Name: IEEE Transactions on Information Forensics and Security}, keywords = {3D printing vulnerabilities, Internet of things, Printers, Security, Solid modeling, data exfiltration, remote attack, threat model}, pages = {2174--2186}, } @misc{mordorintelligence-3dp-market, title = {{3D} {Printing} {Market} {Size} \& {Share} {Analysis} - {Growth} {Trends} \& {Forecasts} (2024 - 2029)}, url = {https://www.mordorintelligence.com/industry-reports/3d-printing-market}, abstract = {The 3D Printing Market is segmented by Printer Type ( Desktop, Industry-grade), by Technology (Stereo Lithography, Fused Deposition Modelling, Selective Laser Sintering, Electron Beam Melting, Digital Light Processing), Material Type (Metal, Plastic, Ceramics), End-user Industry (Automotive, Aerospace, and Defense, Healthcare, Construction and Architecture, Energy, Food), and Geography.}, language = {english}, urldate = {2024-04-09}, journal = {Mordor Intelligence}, author = {{Mordor Intelligence Research \& Advisory}}, month = mar, year = {2024}, } @misc{wavefronttechnologies_AdvancedVisualizerAppendix_early1990s, title = {The {Advanced} {Visualizer} --- {Appendix} {B1}. {Object} {Files} (.obj)}, url = {https://www.loc.gov/preservation/digital/formats/fdd/fdd000507.shtml}, abstract = {Object files define the geometry and other properties for objects in Wavefront’s Advanced Visualizer. Object files can also be used to transfer geometric data back and forth between the Advanced Visualizer and other applications. Object files can be in ASCII format (.obj) or binary format (.mod). This appendix describes the ASCII format for object files. These files must have the extension .obj. In this release, the .obj file format supports both polygonal objects and free-form objects. Polygonal geometry uses points, lines, and faces to define objects while free-form geometry uses curves and surfaces.}, author = {{Wavefront Technologies}}, } @misc{arms_STLSTereoLithographyFile_2024, type = {web page}, title = {{STL} ({STereoLithography}) {File} {Format} {Family}}, copyright = {Text is U.S. government work}, url = {https://www.loc.gov/preservation/digital/formats/fdd/fdd000504.shtml}, abstract = {Format Description for STL\_family -- an openly documented plain text format for describing an object as a triangular mesh, i.e., as a representation of a 3-dimensional surface geometry in triangular facets. Each facet is described by a perpendicular (normal) direction and three points representing the vertices (corners) of the, triangle. The STL format was developed for stereolithography, a form of 3D printing, in the late 1980s.}, language = {english}, urldate = {2021-05-12}, author = {Arms, Caroline R. and Fleischhauer, Carl and Murray, Kate and Nappier, Marcus and Holdzkom, Liz}, month = apr, year = {2024}, } @techreport{3mf-core, title = {{3D} {Manufacturing} {Format} --- {Core} {Specification} \& {Reference} {Guide} v1.2.3}, url = {https://github.com/3MFConsortium/spec_core}, institution = {3MF Consortium}, author = {{3MF Consortium}}, month = apr, year = {2024}, } @misc{rossel_UsageStatistics3D_2022, title = {Usage {Statistics} of {3D} {Printing} {File} {Formats}}, url = {https://upb-syssec.github.io/blog/2022/3d-printing-file-format-usage/}, urldate = {2023-11-13}, author = {Rossel, Jost}, year = {2022}, } @misc{ideamaker_OmitRaiseTouchSpecified_, title = {Omit {RaiseTouch} {Specified} {Gcode}}, url = {https://www.ideamaker.io/dictionaryDetail.html?name=Omit%20RaiseTouch%20Specified%20Gcode}, abstract = {With this enabled, ideaMaker will omit outputting M1001, M1002 and M2000 custom gcode for RaiseTouch (Raise3D Touch Screen). Enable this when using third-party printers. M1001: The End of Start GCode M1002: The Start of End GCode M2000: Pause the current job}, urldate = {2024-03-20}, journal = {ideaMaker Term Dictionary}, author = {{ideaMaker} and {JZ}}, note = {Section: article:section ideaMaker Library: Find the best ideaMaker profile for your 3D printer}, } @article{zeltmann_ManufacturingSecurityChallenges_2016, title = {Manufacturing and {Security} {Challenges} in {3D} {Printing}}, volume = {68}, issn = {1543-1851}, url = {https://doi.org/10.1007/s11837-016-1937-7}, doi = {10.1007/s11837-016-1937-7}, abstract = {As the manufacturing time, quality, and cost associated with additive manufacturing (AM) continue to improve, more and more businesses and consumers are adopting this technology. Some of the key benefits of AM include customizing products, localizing production and reducing logistics. Due to these and numerous other benefits, AM is enabling a globally distributed manufacturing process and supply chain spanning multiple parties, and hence raises concerns about the reliability of the manufactured product. In this work, we first present a brief overview of the potential risks that exist in the cyber-physical environment of additive manufacturing. We then evaluate the risks posed by two different classes of modifications to the AM process which are representative of the challenges that are unique to AM. The risks posed are examined through mechanical testing of objects with altered printing orientation and fine internal defects. Finite element analysis and ultrasonic inspection are also used to demonstrate the potential for decreased performance and for evading detection. The results highlight several scenarios, intentional or unintentional, that can affect the product quality and pose security challenges for the additive manufacturing supply chain.}, language = {english}, number = {7}, urldate = {2021-04-12}, journal = {JOM}, author = {Zeltmann, Steven Eric and Gupta, Nikhil and Tsoutsos, Nektarios Georgios and Maniatakos, Michail and Rajendran, Jeyavijayan and Karri, Ramesh}, month = jul, year = {2016}, pages = {1872--1881}, } @misc{machmotion_Mach4AdvancedMCode_, title = {Mach4 {Advanced} {M}-{Code} {Reference}}, url = {https://support.machmotion.com/books/software/page/mach4-advanced-m-code-reference}, abstract = {Chapter 1 : Advanced Macros M-Code Descriptions M19 - Spindle Orient Command Spindle Orient with...}, language = {en-GB}, urldate = {2024-04-12}, author = {{MachMotion}}, } @article{beckwith_NeedleHaystackDetecting_2021, title = {Needle in a {Haystack}: {Detecting} {Subtle} {Malicious} {Edits} to {Additive} {Manufacturing} {G}-code {Files}}, shorttitle = {Needle in a {Haystack}}, doi = {10.1109/LES.2021.3129108}, abstract = {This work aims to quantify the hypothesis that the red- team aims to introduce subtle defects that would impact the properties (strengths) of the 3D printed parts, and the blue-team aims to detect these modifications in the absence of the golden models through a red-team/blue-team case study. Increasing usage of Digital Manufacturing (DM) in safety-critical domains is increasing attention on the cybersecurity of the manufacturing process, as malicious third parties might aim to introduce defects in digital designs. In general, the DM process involves creating a digital object (as CAD files) before using a slicer program to convert the models into printing instructions (e.g. g-code) suitable for the target printer. As the g-code is an intermediate machine format, malicious edits may be difficult to detect, especially when the golden (original) models are not available to the manufacturer. In this work we aim to quantify this hypothesis through a red-team/blue-team case study, whereby the red-team aims to introduce subtle defects that would impact the properties (strengths) of the 3D printed parts, and the blue-team aims to detect these modifications in the absence of the golden models. The case study had two sets of models, the first with 180 designs (with 2 compromised using 2 methods) and the second with 4320 designs (with 60 compromised using 6 methods). Using statistical modelling and machine learning (ML), the blue-team was able to detect all the compromises in the first set of data, and 50 of the compromises in the second.}, journal = {IEEE Embedded Systems Letters}, author = {Beckwith, Caleb and Naicker, Harsh Sankar and Mehta, Svara and Udupa, Viba R. and Nim, Nghia Tri and Gadre, Varun and Pearce, H. and Mac, Gary and Gupta, Nikhil}, year = {2021}, keywords = {Clustering algorithms, Information security, Machine learning, Manufacturing, Principal component analysis, Printers, Solid modeling, Three-dimensional displays, computer aided manufacturing, computer security}, } @article{pearce_FLAW3DTrojanbasedCyber_2022, title = {{FLAW3D}: {A} {Trojan}-based {Cyber} {Attack} on the {Physical} {Outcomes} of {Additive} {Manufacturing}}, shorttitle = {{FLAW3D}}, doi = {10.1109/tmech.2022.3179713}, abstract = {It is shown that the FLAW3D bootloader can hide from programming tools, and even within tight design constraints, it can compromise the quality of additively manufactured prints and reduce tensile strengths by up to 50\%. Additive Manufacturing (AM) systems such as 3D printers use inexpensive microcontrollers that rarely feature cybersecurity defenses. This is a risk, especially given the rising threat landscape within the larger digital manufacturing domain. In this work we demonstrate this risk by presenting the design and study of a malicious Trojan (the FLAW3D bootloader) for AVR-based Marlin-compatible 3D printers ({\textgreater}100 commercial models). We show that the Trojan can hide from programming tools, and even within tight design constraints (less than 1.7 kilobytes in size), it can compromise the quality of additively manufactured prints and reduce tensile strengths by up to 50\%.}, journal = {IEEE/ASME Transactions on Mechatronics}, author = {Pearce, H. and Yanamandra, K. and Gupta, Nikhil and Karri, R.}, year = {2022}, } @misc{lahteine_CommentIssue11934_2018, title = {Comment on {Issue} \#11934 of {MarlinFirmware}/{Marlin}}, url = {https://github.com/MarlinFirmware/Marlin/issues/11934#issuecomment-425274674}, language = {en}, urldate = {2024-04-12}, journal = {GitHub}, author = {Lahteine, Scott}, month = sep, year = {2018}, } @article{turner_BadPartsAre_2015, title = {Bad parts: {Are} our manufacturing systems at risk of silent cyberattacks?}, volume = {13}, issn = {1558-4046}, doi = {10.1109/MSP.2015.60}, abstract = {Recent cyberattacks have highlighted the risk of physical equipment operating outside designed tolerances to produce catastrophic failures. A related threat is cyberattacks that change the design and manufacturing of a machine's part, such as an automobile brake component, so it no longer functions properly. These risks stem from the lack of cyber-physical models to identify ongoing attacks as well as the lack of rigorous application of known cybersecurity best practices. To protect manufacturing processes in the future, research will be needed on a number of critical cyber-physical manufacturing security topics.}, number = {3}, journal = {IEEE Security and Privacy}, author = {Turner, Hamilton and White, Jules and Camelio, Jaime A. and Williams, Christopher and Amos, Brandon and Parker, Robert}, month = may, year = {2015}, pages = {40--47}, } @book{xu_IntegratingAdvancedComputerAided_2009, title = {Integrating {Advanced} {Computer}-{Aided} {Design}, {Manufacturing}, and {Numerical} {Control}: {Principles} and {Implementations}}, isbn = {978-1-59904-714-0}, abstract = {For many years, computers have been playing a prominent role in the process of product design and manufacture. As manufacturing continues to march into the future, there is a critical need to address the role of computer technologies in an integrated fashion, placing emphasis on product data exchange as well as product data management.}, language = {EN}, publisher = {Information Science Reference (an imprint of IGI Global)}, author = {Xu, Xun}, month = jan, year = {2009}, doi = {10.5555/1524218}, } @misc{repetier_ImplementedGCodes_2019, title = {Implemented {GCodes}}, url = {https://github.com/repetier/Repetier-Firmware/blob/master/src/ArduinoAVR/Repetier/Repetier.ino}, abstract = {Firmware for Arduino based RepRap 3D printer. Contribute to repetier/Repetier-Firmware development by creating an account on GitHub.}, language = {en}, urldate = {2023-11-30}, journal = {GitHub}, author = {{Repetier}}, month = sep, year = {2019}, } @misc{anonymous28_SistemaMozhetRasshifrovat_2022, title = {Forum {Post}: “Система может расшифровать {QUIC}\_V1 и декодировать {SNI}.”}, url = {https://ntc.party/t/1823/32}, language = {ru}, urldate = {2025-11-06}, author = {{anonymous28}}, month = may, year = {2022}, } @inproceedings{pearce_GlobalMeasurementDNS_2017, address = {Vancouver, BC, Canada}, title = {Global {Measurement} of {DNS} {Manipulation}}, isbn = {978-1-931971-40-9}, url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/pearce}, language = {en}, urldate = {2024-05-08}, booktitle = {26th {USENIX} {Security} {Symposium} ({USENIX} {Security} 17)}, publisher = {USENIX Association}, author = {Pearce, Paul and Jones, Ben and Li, Frank and Ensafi, Roya and Feamster, Nick and Weaver, Nick and Paxson, Vern}, year = {2017}, pages = {307--323}, } @inproceedings{ramesh_NetworkResponsesRussia_2023, address = {Anaheim, CA, USA}, title = {Network {Responses} to {Russia}'s {Invasion} of {Ukraine} in 2022: {A} {Cautionary} {Tale} for {Internet} {Freedom}}, isbn = {978-1-939133-37-3}, shorttitle = {Network {Responses} to {Russia}'s {Invasion} of {Ukraine} in 2022}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/ramesh-network-responses}, language = {en}, urldate = {2024-05-08}, booktitle = {32nd {USENIX} {Security} {Symposium} ({USENIX} {Security} 23)}, publisher = {USENIX Association}, author = {Ramesh, Reethika and Raman, Ram Sundara and Virkud, Apurva and Dirksen, Alexandra and Huremagic, Armin and Fifield, David and Rodenburg, Dirk and Hynes, Rod and Madory, Doug and Ensafi, Roya}, year = {2023}, pages = {2581--2598}, } @inproceedings{niere_TransportLayerObscurity_2025, address = {San Francisco, CA, USA}, title = {Transport {Layer} {Obscurity}: {Circumventing} {SNI} {Censorship} on the {TLS}-{Layer}}, isbn = {979-8-3315-2236-0}, shorttitle = {Transport {Layer} {Obscurity}}, url = {https://www.computer.org/csdl/proceedings-article/sp/2025/223600b288/26hiUekZ19S}, doi = {10.1109/SP61157.2025.00151}, abstract = {HTTPS composes large parts of today’s Internet traffic and has long been subject to censorship efforts in different countries. While censors analyze the Transport Layer Security (TLS) protocol to block encrypted HTTP traffic, censorship circumvention efforts have primarily focused on other protocols such as TCP. In this paper, we hypothesize that the TLS protocol offers previously unseen opportunities for censorship circumvention techniques. We tested our hypothesis by proposing possible censorship circumvention techniques that act on the TLS protocol. To validate the effectiveness of these techniques, we evaluate their acceptance by popular TLS servers and successfully demonstrate that these techniques can circumvent censors in China and Iran. In our evaluations, we discovered 38—partially standard-compliant—distinct censorship circumvention techniques, which we could group into 11 unique categories. Additionally, we provide novel insights into how China censors TLS traffic by presenting evidence of at least three distinct censorship appliances. We suspect that other parts of China’s censorship apparatus and other censors exhibit similar structures and advocate future censorship research to anticipate them. With this work, we hope to aid people affected by censorship and stimulate further research into censorship circumvention using cryptographic protocols.}, language = {English}, urldate = {2025-05-16}, booktitle = {2025 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})}, publisher = {IEEE Computer Society}, author = {Niere, Niklas and Lange, Felix and Merget, Robert and Somorovsky, Juraj}, month = apr, year = {2025}, note = {ISSN: 2375-1207}, pages = {1344--1362}, } @misc{valdikss_ForumPostZamedlyayut_2024, title = {Forum {Post}: “Замедляют по {SNI} *.googlevideo.com — домена, с которого раздаётся видео {YouTube},”}, url = {https://ntc.party/t/8055/2}, language = {ru}, urldate = {2025-11-05}, author = {{ValdikSS}}, month = jul, year = {2024}, } @inproceedings{zohaib_ExposingCircumventingSNIbased_2025a, address = {Seattle, WA, USA}, title = {Exposing and {Circumventing} {SNI}-based {QUIC} {Censorship} of the {Great} {Firewall} of {China}}, isbn = {978-1-939133-52-6}, url = {https://www.usenix.org/conference/usenixsecurity25/presentation/zohaib}, language = {en}, urldate = {2025-10-28}, booktitle = {34th {USENIX} {Security} {Symposium} ({USENIX} {Security} 25)}, publisher = {USENIX Association}, author = {Zohaib, Ali and Zao, Qiang and Sippe, Jackson and Alaraj, Abdulrahman and Houmansadr, Amir and Durumeric, Zakir and Wustrow, Eric}, year = {2025}, pages = {783--802}, } @misc{valdikss_FiltrRabotaetTolko_2022, title = {Forum {Post}: “Фильтр работает только для пакетов с {UDP}-нагрузкой больше 1001 байтов (включительно). […]”}, url = {https://ntc.party/t/1823/10}, language = {ru}, author = {{ValdikSS}}, month = mar, year = {2022}, keywords = {quic}, } @misc{bolvan_TekushchayaSituaciyaPo_2023, title = {Forum {Post}: “Текущая ситуация по {QUIC} примерно такая. […]”}, url = {https://ntc.party/t/1823/74}, language = {ru}, author = {{bolvan}}, month = jul, year = {2023}, keywords = {quic}, } @misc{bolvan_PodtverzhdayuDobavlyuEtomu_2022, title = {Forum {Post}: “Подтверждаю. Добавлю к этому, что к входящим пакетам фильтрация не применяется и используется stateful фильтр. […]”}, url = {https://ntc.party/t/1823/11}, language = {ru}, author = {{bolvan}}, month = mar, year = {2022}, } @misc{serfreeman1337_NeUstanavlivaetsyaSoedinenie_2022, title = {Forum {Post}: “Не устанавливается соединение по {QUIC} для зарубежных сайтов. […]”}, url = {https://ntc.party/t/1823/1}, language = {ru}, author = {{serfreeman1337}}, month = mar, year = {2022}, keywords = {quic}, } @misc{valdikss_NachniteGoodbyedpiexeWrongchksum_2024, title = {Forum {Post}: “Начните с goodbyedpi.exe --wrong-chksum или goodbyedpi.exe --wrong-seq. […]”}, url = {https://ntc.party/t/8074/109}, language = {ru}, urldate = {2025-11-03}, author = {{ValdikSS}}, month = jul, year = {2024}, } @misc{valdikss_NachaliZamedlyatQUIC_2024, title = {Forum {Post}: “Начали замедлять и {QUIC} ({HTTP}/3) тоже. […]”}, url = {https://ntc.party/t/8055/79}, language = {ru}, urldate = {2025-10-29}, author = {{ValdikSS}}, month = jul, year = {2024}, } @misc{bolvan_NaMoemProvaydere_2022a, title = {Forum {Post}: “На моем провайдере с ТСПУ начались непонятные и хаотичные отрубы {QUIC} сессий, […]”}, url = {https://ntc.party/t/1823/17}, language = {ru}, author = {{bolvan}}, month = mar, year = {2022}, } @misc{bolvan_NaMoemProvaydere_2022, title = {Forum {Post}: “На моем провайдере tiera появился дополнительный {DPI} от gblnet […]”}, url = {https://ntc.party/t/1823/63}, language = {ru}, urldate = {2025-10-29}, author = {{bolvan}}, month = jul, year = {2022}, } @misc{bolvan_EshcheNemnogoPodrobnostey_2022, title = {Forum {Post}: “Еще немного подробностей Что считается {QUIC} initial.”}, url = {https://ntc.party/t/1823/66}, language = {ru}, author = {{bolvan}}, month = jul, year = {2022}, } @misc{loskiq_VidimoNachaliBlochit_2024, title = {Forum {Post}: “видимо, начали блочить домен www.youtube.com по {SNI} […]”}, url = {https://ntc.party/t/8055/145}, language = {ru}, urldate = {2025-10-29}, author = {{loskiq}}, month = aug, year = {2024}, } @misc{molchun_VremyaKakNa_2025, title = {Forum {Post}: “В то время как на йоте полный блок ВСЕХ ресурсов. […]”}, url = {https://ntc.party/t/8055/337}, language = {ru}, urldate = {2025-10-29}, author = {{Molchun}}, month = apr, year = {2025}, } @misc{anon60595749_BrauzerPodderzhivaetHTTP_2024, title = {Forum {Post}: “Браузер поддерживает {HTTP}/3 ({QUIC})? […]”}, url = {https://ntc.party/t/8074/132}, language = {ru}, urldate = {2025-11-03}, author = {{anon60595749}}, month = jul, year = {2024}, } @misc{_BlokirovkaGoogleLNR_2022, title = {Блокировка google в ЛНР}, url = {https://ntc.party/t/%D0%B1%D0%BB%D0%BE%D0%BA%D0%B8%D1%80%D0%BE%D0%B2%D0%BA%D0%B0-google-%D0%B2-%D0%BB%D0%BD%D1%80/2874/print}, abstract = {С 21.07.2022 прикрыли доступ к серверам гугла, хоть и не всем, но по всей видимости к самым большим, i.e. сам поисковик. Будет ли возможность добавить их домены в антизапрет лист как это было сказано в факе {\textgreater}(не считая единичных исключений)? Или всё так же придется крутиться-вертеться с кастомными прокси?}, language = {en-GB}, urldate = {2025-11-03}, journal = {NTC}, author = {{TODO}}, month = jul, year = {2022}, note = {Section: antizapret.prostovpn.org}, } @misc{kruope_DisruptedThrottledBlocked_2025, title = {Disrupted, {Throttled}, and {Blocked}}, url = {https://www.hrw.org/report/2025/07/30/disrupted-throttled-and-blocked/state-censorship-control-and-increasing-isolation}, abstract = {The 50-page report, “Disrupted, Throttled, and Blocked: State Censorship, Control, and Increasing Isolation of Internet Users in Russia,” documents the impact of the government’s increasing technological capacities and control over the internet infrastructure. Human Rights Watch found that this allows the authorities to carry out more widespread and nontransparent blocking and throttling of unwanted websites and censorship circumvention tools, as well as internet disruptions and shutdowns under the pretext of ensuring public safety and national security.}, language = {en}, urldate = {2025-10-31}, publisher = {Human Rights Watch}, author = {Kruope, Anastasiia}, month = jul, year = {2025}, } @misc{wkrp_LeakGeedgeNetworks_2025, title = {Leak of {Geedge} {Networks} internal documents (100,000+ from {Jira}, {Confluence}, {GitLab}) · {Issue} \#519 · net4people/bbs}, url = {https://github.com/net4people/bbs/issues/519}, abstract = {We have discussed the Chinese company Geedge Networks (积至). Last year, there was the news that Geedge had provided equipment for VPN blocking in Myanmar. One of the founders of the company is 方滨兴 (...}, language = {en}, urldate = {2025-11-03}, journal = {GitHub}, author = {{wkrp}}, month = sep, year = {2025}, } @misc{funk_FreedomNet2024_2024, title = {Freedom on the {Net} 2024}, url = {https://freedomhouse.org/report/freedom-net/2024/struggle-trust-online}, urldate = {2025-10-31}, publisher = {Freedom House}, author = {{Freedom House}}, editor = {Funk, Allie and Vesteinsson, Kian and Baker, Grant and Brody, Jennifer and Grothe, Cathryn and Agarwal, Aashna and Barak, Matthew and Loldj, Mina and Masinsin, Maddie and Sutterlin, Elizabeth}, year = {2024}, } @misc{_StruggleTrustOnline_, title = {The {Struggle} for {Trust} {Online}}, url = {https://freedomhouse.org/report/freedom-net/2024/struggle-trust-online}, abstract = {Around the world, voters have been forced to make major decisions about their future while navigating a censored, distorted, and unreliable information space.}, language = {en}, urldate = {2025-10-31}, journal = {Freedom House}, } @techreport{fielding_HTTPSemantics_2022, type = {Request for {Comments}}, title = {{HTTP} {Semantics}}, url = {https://datatracker.ietf.org/doc/rfc9110}, abstract = {The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes. This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230.}, number = {RFC 9110}, urldate = {2025-10-31}, institution = {Internet Engineering Task Force}, author = {Fielding, Roy T. and Nottingham, Mark and Reschke, Julian}, month = jun, year = {2022}, doi = {10.17487/RFC9110}, note = {Num Pages: 194}, } @misc{mediazona_16kilobyteCurtainHow_2025, title = {The 16‑kilobyte curtain. {How} {Russia}’s new data‑capping censorship is throttling {Cloudflare}}, url = {https://en.zona.media/article/2025/06/19/cloudflare}, abstract = {A new form of state-level internet filtering that restricts data flow is disrupting access to large portions of the global web for Russian citizens. Cloudflare, the world leader in...}, language = {en}, urldate = {2025-10-30}, journal = {Mediazona}, author = {{Mediazona}}, month = jun, year = {2025}, } @misc{aljazeera_RussianForcesLaunch_2022, title = {Russian forces launch full-scale invasion of {Ukraine}}, url = {https://www.aljazeera.com/news/2022/2/24/putin-orders-military-operations-in-eastern-ukraine-as-un-meets}, abstract = {Putin approves \&\#039;special military operation\&\#039; as Russia launches invasion of Ukraine by land, air and sea.}, language = {en}, urldate = {2025-10-30}, journal = {Al Jazeera}, author = {{Al Jazeera}}, month = feb, year = {2022}, } @misc{ericvandenberg_StrategischDirecteurAmsterdams_2025, title = {‘{Strategisch} directeur’ {Amsterdams} bedrijf deed zaken met {Telegram} en {FSB}}, copyright = {Copyright FD Mediagroep BV}, url = {https://www.bnr.nl/nieuws/tech-innovatie/10584966/strategisch-directeur-amsterdams-bedrijf-deed-zaken-met-telegram-en-fsb}, abstract = {Het gaat om Vladimir V. en Aleksei Z.}, language = {nl}, urldate = {2025-10-29}, journal = {bnr.nl}, author = {{Eric van den Berg} and {Thijs van Dorssen} and {Lisanne Wichgers}}, month = oct, year = {2025}, } @misc{_ExecutivesAmsterdambasedCompany_2025, title = {Executives of {Amsterdam}-based company doing business {Russian} secret service: report {\textbar} {NL} {Times}}, shorttitle = {Executives of {Amsterdam}-based company doing business {Russian} secret service}, url = {https://nltimes.nl/2025/10/15/executives-amsterdam-based-company-business-russian-secret-service-report}, abstract = {A company located in a small office in Amsterdam Zuidoost has managed Telegram services worldwide, according to research by BNR. From this same address, two Russians are doing business with the Russian armed forces and intelligence services, the broadcaster discovered.The company involved is GlobalNet. The Russian businessmen are 45-year-old Vladimir V., founder of GlobalNet, and 46-year-old Aleksei Z., director of GlobalNet since 2021. Last year, GlobalNet was acquired by V.’s brother-in-law.}, language = {en}, urldate = {2025-10-29}, month = oct, year = {2025}, } @misc{elmenhorst_BroadBlockingHTTP_2022, title = {Broad blocking of {HTTP}/3 traffic in {Russia} ({AS31213}, {AS12389})}, url = {https://github.com/kelmenhorst/quic-censorship/issues/4}, abstract = {Reports suggest that Russia started to block HTTP/3 traffic nationwide on the 4th of March 2022. With the increasing restrictions of media since the beginning of the invasion of Ukraine, internet c...}, language = {en}, urldate = {2025-10-29}, journal = {GitHub}, author = {Elmenhorst, Kathrin}, month = mar, year = {2022}, } @misc{elmenhorst_QuickLookQUIC_2022, title = {A {Quick} {Look} at {QUIC} {Censorship}}, url = {https://www.opentech.fund/news/a-quick-look-at-quic-censorship/}, journal = {Open Technology Fund}, author = {Elmenhorst, Kathrin}, month = apr, year = {2022}, } @misc{prince_PostMortemCloudflare_2023, title = {Post mortem on the {Cloudflare} {Control} {Plane} and {Analytics} {Outage}}, url = {https://blog.cloudflare.com/post-mortem-on-cloudflare-control-plane-and-analytics-outage/}, abstract = {Beginning on Thursday, November 2, 2023 at 11:43 UTC Cloudflare's control plane and analytics services experienced an outage. Here are the details}, language = {en}, urldate = {2025-10-27}, journal = {The Cloudflare Blog}, author = {Prince, Matthew}, month = nov, year = {2023}, } @techreport{bishop_HTTP3_2022, type = {Request for {Comments}}, title = {{HTTP}/3}, url = {https://datatracker.ietf.org/doc/rfc9114}, abstract = {The QUIC transport protocol has several features that are desirable in a transport for HTTP, such as stream multiplexing, per-stream flow control, and low-latency connection establishment. This document describes a mapping of HTTP semantics over QUIC. This document also identifies HTTP/2 features that are subsumed by QUIC and describes how HTTP/2 extensions can be ported to HTTP/3.}, number = {RFC 9114}, urldate = {2025-10-27}, institution = {Internet Engineering Task Force}, author = {Bishop, Mike}, month = jun, year = {2022}, doi = {10.17487/RFC9114}, note = {Num Pages: 57}, } @techreport{schwartz_ServiceBindingParameter_2023, type = {Request for {Comments}}, title = {Service {Binding} and {Parameter} {Specification} via the {DNS} ({SVCB} and {HTTPS} {Resource} {Records})}, url = {https://datatracker.ietf.org/doc/rfc9460}, abstract = {This document specifies the "SVCB" ("Service Binding") and "HTTPS" DNS resource record (RR) types to facilitate the lookup of information needed to make connections to network services, such as for HTTP origins. SVCB records allow a service to be provided from multiple alternative endpoints, each with associated parameters (such as transport protocol configuration), and are extensible to support future uses (such as keys for encrypting the TLS ClientHello). They also enable aliasing of apex domains, which is not possible with CNAME. The HTTPS RR is a variation of SVCB for use with HTTP (see RFC 9110, "HTTP Semantics"). By providing more information to the client before it attempts to establish a connection, these records offer potential benefits to both performance and privacy.}, number = {RFC 9460}, urldate = {2025-10-27}, institution = {Internet Engineering Task Force}, author = {Schwartz, Benjamin M. and Bishop, Mike and Nygren, Erik}, month = nov, year = {2023}, doi = {10.17487/RFC9460}, note = {Num Pages: 47}, } @inproceedings{xue_TSPURussiaDecentralized_2022, address = {New York, NY, USA}, series = {{IMC} '22}, title = {{TSPU}: {Russia}'s decentralized censorship system}, isbn = {978-1-4503-9259-4}, shorttitle = {{TSPU}}, url = {https://dl.acm.org/doi/10.1145/3517745.3561461}, doi = {10.1145/3517745.3561461}, abstract = {Russia's Sovereign RuNet was designed to build a Russian national firewall. Previous anecdotes and isolated events in the past two years reflected centrally coordinated censorship behaviors across multiple ISPs, suggesting the deployment of "special equipment" in networks, colloquially known as "TSPU". Despite the TSPU comprising a critical part of the technical stack of RuNet, very little is known about its design, its capabilities, or the extent of its deployment. In this paper, we develop novel techniques and run in-country and remote measurements to discover the how, what, and where of TSPU's interference with users' Internet traffic. We identify different types of blocking mechanisms triggered by SNI, IP, and QUIC, and we find the TSPU to be in-path and stateful, and possesses unique state-management characteristics. Using fragmentation behaviors as fingerprints, we identify over one million endpoints in Russia from 650 ASes that are behind TSPU devices and find that 70\% of them are at most two hops away from the end IP. Considering that TSPU devices progressed from ideation to deployment in three years, we fear that the emerging TSPU architecture may become a blueprint for other countries with similar network topology.}, urldate = {2024-05-08}, booktitle = {Proceedings of the 22nd {ACM} {Internet} {Measurement} {Conference}}, publisher = {Association for Computing Machinery}, author = {Xue, Diwen and Mixon-Baca, Benjamin and {ValdikSS} and Ablove, Anna and Kujath, Beau and Crandall, Jedidiah R. and Ensafi, Roya}, month = oct, year = {2022}, keywords = {Russia, censorship, interception, measurement}, pages = {179--194}, } @techreport{iyengar_QUICUDPBasedMultiplexed_2021, type = {Request for {Comments}}, title = {{QUIC}: {A} {UDP}-{Based} {Multiplexed} and {Secure} {Transport}}, shorttitle = {{QUIC}}, url = {https://datatracker.ietf.org/doc/rfc9000}, abstract = {This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm.}, number = {RFC 9000}, urldate = {2025-10-22}, institution = {Internet Engineering Task Force}, author = {Iyengar, Jana and Thomson, Martin}, month = may, year = {2021}, doi = {10.17487/RFC9000}, note = {Num Pages: 151}, } @misc{cloudflare_CloudflareRadar_2025, title = {Cloudflare {Radar}}, url = {https://radar.cloudflare.com/}, abstract = {Up to date global Internet trends and insights.}, language = {en-US}, urldate = {2025-10-21}, author = {{Cloudflare}}, month = oct, year = {2025}, } @misc{stucchi_QUICVsTLS_2022, title = {{QUIC} vs {TLS} on {Russian} {Networks}}, url = {https://pulse.internetsociety.org/blog/internet-perspectives-ukraine-and-russia#QUIC}, urldate = {2025-10-21}, journal = {Internet Society Pulse}, author = {Stucchi, Max and Wilton, Robin}, month = mar, year = {2022}, } @misc{society_InternetPerspectivesUkraine_2022, title = {Internet {Perspectives}: {Ukraine} and {Russia}}, shorttitle = {Internet {Perspectives}}, url = {https://pulse.internetsociety.org/blog/internet-perspectives-ukraine-and-russia}, abstract = {As events unfold in Ukraine and the world is focused on following what is happening, it’s important to remember that cr…}, language = {en}, urldate = {2025-10-21}, journal = {Internet Society Pulse}, author = {{Internet Society}}, month = mar, year = {2022}, } @misc{tremante_RussianInternetUsers_2025, title = {Russian {Internet} users are unable to access the open {Internet}}, url = {https://blog.cloudflare.com/russian-internet-users-are-unable-to-access-the-open-internet/}, abstract = {Since June 9, 2025, Internet users located in Russia and connecting to the open Internet have been throttled by Russian Internet Service Providers (ISPs).}, language = {en}, urldate = {2025-10-20}, journal = {The Cloudflare Blog}, author = {Tremante, Michael and Starzak, Alissa}, month = jun, year = {2025}, } @misc{_ZamedlenieBlokirovkaYouTube_2024a, title = {Замедление/блокировка {YouTube} в России}, url = {https://ntc.party/t/%D0%B7%D0%B0%D0%BC%D0%B5%D0%B4%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%D0%B1%D0%BB%D0%BE%D0%BA%D0%B8%D1%80%D0%BE%D0%B2%D0%BA%D0%B0-youtube-%D0%B2-%D1%80%D0%BE%D1%81%D1%81%D0%B8%D0%B8/8055}, abstract = {Эта тема без обсуждений. Обсуждение в Обсуждение: Замедление YouTube в России}, language = {en-GB}, urldate = {2025-10-17}, journal = {NTC}, author = {{TODO}}, month = jul, year = {2024}, note = {Section: Internet censorship all around the world}, } @misc{_ObsuzhdenieZamedlenieYouTube_, title = {Обсуждение: Замедление {YouTube} в России - {Russia} - {NTC}}, url = {https://ntc.party/t/%D0%BE%D0%B1%D1%81%D1%83%D0%B6%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5-%D0%B7%D0%B0%D0%BC%D0%B5%D0%B4%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5-youtube-%D0%B2-%D1%80%D0%BE%D1%81%D1%81%D0%B8%D0%B8/8074}, urldate = {2025-10-17}, author = {{TODO}}, } @misc{_OgranichenieHTTP3_2022, title = {Ограничение {HTTP}/3 ({QUIC})}, url = {https://ntc.party/t/%D0%BE%D0%B3%D1%80%D0%B0%D0%BD%D0%B8%D1%87%D0%B5%D0%BD%D0%B8%D0%B5-http3-quic/1823}, abstract = {Не устанавливается соединение по QUIC для зарубежных сайтов. Не приходит ответ от сервера на Initial пакет. Проверял на сайтах google (в том числе youtube), cloudflare-quic.com и quic.nginx.org. При этом vk.com продолжает работать по HTTP/3. Заметил на операторах Yota, Мегафон и проводном МТС.}, language = {en-GB}, urldate = {2025-10-17}, journal = {NTC}, author = {{TODO}}, month = mar, year = {2022}, note = {Section: Internet censorship all around the world}, } @inproceedings{bhaskar_UnderstandingRoutingInducedCensorship_2024, address = {New York, NY, USA}, series = {{CCS} '24}, title = {Understanding {Routing}-{Induced} {Censorship} {Changes} {Globally}}, isbn = {979-8-4007-0636-3}, url = {https://dl.acm.org/doi/10.1145/3658644.3670336}, doi = {10.1145/3658644.3670336}, abstract = {Internet censorship is pervasive, with significant effort dedicated to understanding what is censored, and where. Prior censorship measurements however have identified significant inconsistencies in their results; experiments show unexplained non-deterministic behaviors thought to be caused by censor load, end-host geographic diversity, or incomplete censorship—inconsistencies which impede reliable, repeatable and correct understanding of global censorship. In this work we investigate the extent to which Equal-cost Multi-path (ECMP) routing is the cause for these inconsistencies, developing methods to measure and compensate for them.We find ECMP routing significantly changes observed censorship across protocols, censor mechanisms, and in 17 countries. We identify that previously observed non-determinism or regional variations are attributable to measurements between fixed end-hosts taking different routes based on Flow-ID; i.e., choice of intra-subnet source IP or ephemeral source port changes observed censorship. By developing new route-stable censorship measurement methods that allow consistent measurement of DNS, HTTP, and HTTPS censorship, we find ECMP routing yields censorship changes across 42\% of IPs and 51\% of ASes, but that impact is not uniform. We also develop an application-level traceroute tool to construct network paths using specific censored packets, thus identifying numerous causes of differences, ranging from likely failed infrastructure, to routes to the same end-host taking geographically diverse paths which experience differences in censorship en-route. Finally, we examine our results in the context of prior global measurement studies, exploring the applicability of our findings to prior observed variations, and then demonstrating how specific experiments from two studies could be impacted by, and specific results are explainable by, ECMP routing. Our work points to methods for improving future studies, reducing inconsistencies and increasing repeatability.}, urldate = {2025-08-29}, booktitle = {Proceedings of the 2024 on {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Bhaskar, Abhishek and Pearce, Paul}, month = dec, year = {2024}, pages = {437--451}, } @misc{dong_DecipheringDigitalVeil_2024, title = {Deciphering the {Digital} {Veil}: {Exploring} the {Ecosystem} of {DNS} {HTTPS} {Resource} {Records}}, shorttitle = {Deciphering the {Digital} {Veil}}, url = {http://arxiv.org/abs/2403.15672}, abstract = {The DNS HTTPS resource record is a new DNS record type designed for the delivery of configuration information and parameters required to initiate connections to HTTPS network services. It provides the ability to perform zone apex redirection to a third-party provider, which the existing CNAME record cannot do. In addition, it is a key enabler for TLS Encrypted ClientHello (ECH) by providing the cryptographic keying material needed to encrypt the initial exchange. To understand the adoption and security of this new DNS HTTPS record, we perform a longitudinal study on the server-side deployment of DNS HTTPS for Tranco top 1 million domains over 8 months, as well as the client-side support for DNS HTTPS from major browsers. To the best of knowledge, our work is the first longitudinal study on DNS HTTPS server deployment, and the first known study on client-side support for DNS HTTPS. Despite the rapidly growing trend of DNS HTTPS adoption, our study highlights concerns in the deployment by both servers and clients, such as the complexity in properly maintaining HTTPS records and the concerning hardfail mechanisms in browser when using HTTPS records.}, language = {en}, urldate = {2024-09-11}, publisher = {arXiv}, author = {Dong, Hongying and Zhang, Yizhe and Lee, Hyeonmin and Huque, Shumon and Sun, Yixin}, month = mar, year = {2024}, note = {arXiv:2403.15672 [cs]}, keywords = {Computer Science - Networking and Internet Architecture}, } @inproceedings{nourin_NobodyThereGood_2025, title = {Is {Nobody} {There}? {Good}! {Globally} {Measuring} {Connection} {Tampering} {Without} {Responsive} {Endhosts}}, shorttitle = {Is {Nobody} {There}?}, url = {https://ieeexplore.ieee.org/abstract/document/11023398}, doi = {10.1109/SP61157.2025.00153}, abstract = {Many techniques have been introduced to measure network interference-tampering performed by nation-state censors or corporate firewalls to block unwanted traffic. How-ever, virtually all prior measurement techniques require some degree of participation from endpoints within each country of study: including VPNs, cloud providers, or volunteers willing to run measurement software on their personal devices at their own risk. However, such endpoints are not always available in all countries that tamper with connections, leaving many networks unmeasurable. In this paper, we present the first global, active, network interference measurements that require no participating end-points within any country of study. Our techniques extend two recent studies that use packet sequences that trigger network interference from outside the country of study by tricking middleboxes into believing a connection exists. Our system, Mint, generalizes and automates this approach-which had previously only been applied to two countries-to allow it to apply to the global IPv4 and IPv6 Internet. We use Mint to conduct the first global measurements of network interference without using any participating endpoints, and the first comprehensive scans of IPv6 interference. We show that we are able to measure networks, autonomous systems, and even entire countries that previous methods could not. We also present several case studies that highlight how our tool can be used to perform new measurement studies of network interference.}, urldate = {2025-08-28}, booktitle = {2025 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})}, author = {Nourin, Sadia and Rye, Erik and Bock, Kevin and Hoang, Nguyen Phong and Levin, Dave}, month = may, year = {2025}, note = {ISSN: 2375-1207}, keywords = {Atmospheric measurements, Censorship, Interference, Particle measurements, Protocols, Security, Software, Software measurement, Switches, Virtual private networks}, pages = {1400--1418}, } @inproceedings{wails_CensorshipEvasionUnidentified_2025, title = {Censorship {Evasion} with {Unidentified} {Protocol} {Generation}}, isbn = {978-1-939133-52-6}, url = {https://www.usenix.org/conference/usenixsecurity25/presentation/wails}, language = {en}, urldate = {2025-08-25}, author = {Wails, Ryan and Jansen, Rob and Johnson, Aaron and Sherr, Micah}, year = {2025}, pages = {763--782}, } @article{pereira_PositionPaperCase_2025, title = {Position {Paper}: {A} {Case} for {Machine}-{Checked} {Verification} of {Circumvention} {Systems}}, shorttitle = {Position {Paper}}, url = {https://www.petsymposium.org/foci/2025/foci-2025-0013.php}, urldate = {2025-07-10}, journal = {Free and Open Communications on the Internet}, author = {Pereira, Vitor and Irfan, Ahmed and Yegneswaran, Vinod and Feamster, Nick and Mittal, Prateek and Shmatikov, Vitaly}, year = {2025}, } @inproceedings{fenske_BytesSchlepUse_2024, address = {New York, NY, USA}, series = {{CCS} '24}, title = {Bytes to {Schlep}? {Use} a {FEP}: {Hiding} {Protocol} {Metadata} with {Fully} {Encrypted} {Protocols}}, isbn = {979-8-4007-0636-3}, url = {https://dl.acm.org/doi/10.1145/3658644.3690198}, doi = {10.1145/3658644.3690198}, abstract = {Fully Encrypted Protocols (FEPs) have arisen in practice as a technique to avoid network censorship. Such protocols are designed to produce messages that appear completely random. This design hides communications metadata, such as version and length fields, and makes it difficult to even determine what protocol is being used. Moreover, these protocols frequently support padding to hide the length of protocol fields and the contained message. These techniques have relevance well beyond censorship circumvention, as protecting protocol metadata has security and privacy benefits for all Internet communications. The security of FEP designs depends on cryptographic assumptions, but neither security definitions nor proofs exist for them. We provide novel security definitions that capture the metadata-protection goals of FEPs. Our definitions are given in both the datastream and datagram settings, which model the ubiquitous TCP and UDP interfaces available to protocol designers. We prove relations among these new notions and existing security definitions. We further present new FEP constructions and prove their security. Finally, we survey existing FEP candidates and characterize the extent to which they satisfy FEP security. We identify novel ways in which these protocols are identifiable, including their responses to the introduction of data errors and the sizes of their smallest protocol messages.}, urldate = {2025-07-10}, booktitle = {Proceedings of the 2024 on {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Fenske, Ellis and Johnson, Aaron}, month = dec, year = {2024}, pages = {1982--1996}, } @article{niere_EncryptedClientHello_2025, title = {Encrypted {Client} {Hello} ({ECH}) in {Censorship} {Circumvention}}, url = {https://www.petsymposium.org/foci/2025/foci-2025-0016.php}, urldate = {2025-07-03}, journal = {Free and Open Communications on the Internet}, author = {Niere, Niklas and Lange, Felix and Heitmann, Nico and Somorovsky, Juraj}, year = {2025}, } @inproceedings{backes_NovelApproachReasoning_2017, title = {A {Novel} {Approach} for {Reasoning} about {Liveness} in {Cryptographic} {Protocols} and {Its} {Application} to {Fair} {Exchange}}, url = {https://ieeexplore.ieee.org/document/7961953/}, doi = {10.1109/EuroSP.2017.12}, abstract = {In this paper, we provide the first methodology for reasoning about livenessproperties of cryptographic protocols in a machine-assisted manner withoutimposing any artificial, finite bounds on the protocols and execution models. To this end, we design an extension of the SAPiC process calculus so that itsupports key concepts for stating and reasoning about liveness properties, along with a corresponding translation into the formalism of multiset rewritingthat the state-of-the-art theorem prover Tamarin relies upon. We prove thatthis translation is sound and complete and can thereby automatically generatesound Tamarin specifications and automate the protocol analysis. Second, we applied our methodology to two widely investigated fair exchangeprotocols - ASW and GJM - and to the Secure Conversation Protocol standardfor industrial control systems, deployed by major players such as Siemens, SAPand ABB. For the fair exchange protocols, we not only re-discovered knownattacks, but also uncovered novel attacks that previous analyses based onfinite models and a restricted number of sessions did not detect. We suggestfixed versions of these protocols for which we prove both fairness andtimeliness, yielding the first automated proofs for fair exchange protocolsthat rely on a general model without restricting the number of sessions andmessage size. For the Secure Conversation Protocol, we prove several strongsecurity properties that are vital for the safety of industrial systems, inparticular that all messages (e.g., commands) are eventually delivered inorder.}, urldate = {2025-06-06}, booktitle = {2017 {IEEE} {European} {Symposium} on {Security} and {Privacy} ({EuroS}\&{P})}, author = {Backes, Michael and Dreier, Jannik and Kremer, Steve and Künnemann, Robert}, month = apr, year = {2017}, keywords = {Analytical models, Automated verification, Cognition, Cryptographic protocols, Mathematical model, Security, Tools, fair exchange, liveness}, pages = {76--91}, } @article{lee_MeasuringDNSoverHTTPSDowngrades_2024, title = {Measuring {DNS}-over-{HTTPS} {Downgrades}: {Prevalence}, {Techniques}, and {Bypass} {Strategies}}, volume = {2}, shorttitle = {Measuring {DNS}-over-{HTTPS} {Downgrades}}, url = {https://dl.acm.org/doi/10.1145/3696385}, doi = {10.1145/3696385}, abstract = {DNS-over-HTTPS (DoH) is a privacy-enhancing protocol that encrypts plaintext query data in DNS resolution. However, DoH often faces accessibility challenges due to phenomena known as DoH downgrades, where DoH queries are reverted to plaintext DNS queries. Unlike downgrades in other security protocols, which are undoubtedly malicious, the act of downgrading DoH queries can be both desirable and undesirable depending on the context; e.g., enterprise networks are officially advised to avoid or downgrade DoH for security reasons. Recent research has drawn attention to the deeper examination of the phenomena of DoH downgrades, focusing on the prevalence, techniques, and potential bypass strategies. However, existing studies on DoH downgrades have several limitations, notably that they severely overestimate the severity of DoH downgrades across the globe as they lack any distinction between desirable and undesirable downgrades of DoH. In this work, we conduct a large-scale measurement study to provide a more accurate depiction of the DoH downgrade landscape. By minimizing the influence of desirable downgrades of DoH in our measurement probes, we show a skewed long-tail distribution of DoH downgrades across the globe. Our stateful probing techniques also reveal hidden DoH filtering mechanisms that were previously undetected. Furthermore, we design near perfect bypass strategies against existing DoH downgrades. Our study expands our limited understanding of DoH downgrades, offering a more accurate, fine-grained, and comprehensive view of the phenomena.}, number = {CoNEXT4}, urldate = {2025-06-04}, journal = {Proc. ACM Netw.}, author = {Lee, Jinseo and Mohaisen, David and Kang, Min Suk}, month = nov, year = {2024}, pages = {28:1--28:22}, } @inproceedings{hoang_MeasuringAccessibilityDomain_2022, address = {Cham}, title = {Measuring the {Accessibility} of {Domain} {Name} {Encryption} and {Its} {Impact} on {Internet} {Filtering}}, isbn = {978-3-030-98785-5}, doi = {10.1007/978-3-030-98785-5_23}, abstract = {Most online communications rely on DNS to map domain names to their hosting IP address(es). Previous work has shown that DNS-based network interference is widespread due to the unencrypted and unauthenticated nature of the original DNS protocol. In addition to DNS, accessed domain names can also be monitored by on-path observers during the TLS handshake when the SNI extension is used. These lingering issues with exposed plaintext domain names have led to the development of a new generation of protocols that keep accessed domain names hidden. DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) hide the domain names of DNS queries, while Encrypted Server Name Indication (ESNI) encrypts the domain name in the SNI extension.}, language = {en}, booktitle = {Passive and {Active} {Measurement}}, publisher = {Springer International Publishing}, author = {Hoang, Nguyen Phong and Polychronakis, Michalis and Gill, Phillipa}, editor = {Hohlfeld, Oliver and Moura, Giovane and Pelsser, Cristel}, year = {2022}, keywords = {DNS, DoTH, Domain-based network interference, ESNI}, pages = {518--536}, } @inproceedings{wu_WallWallEmerging_2025, title = {A {Wall} {Behind} {A} {Wall}: {Emerging} {Regional} {Censorship} in {China}}, isbn = {979-8-3315-2236-0}, shorttitle = {A {Wall} {Behind} {A} {Wall}}, url = {https://www.computer.org/csdl/proceedings-article/sp/2025/223600b307/26hiUf1hfxu}, doi = {10.1109/SP61157.2025.00152}, abstract = {China has long orchestrated its Internet censorship through relatively centralized policies and a unified implementation, known as the Great Firewall of China (GFW). However, since August 2023, anecdotes suggest that the Henan Province has deployed its own regional censorship. In this work, we characterize provincial-level censorship in Henan, and compare it with the national-level GFW. We find that Henan has established TLS SNI-based and HTTP Host-based censorship that inspects and blocks traffic leaving the province. While the Henan Firewall is less sophisticated and less robust against typical network variability, its volatile and aggressive blocking of second-level domains made it block ten times more websites than the GFW at some points in time. Based on the observed parsing flaws and injection behaviors, we introduce simple client-side methods to bypass censorship in the Henan province. Our work documents an alarming sign of regional censorship emerging in China.}, language = {English}, urldate = {2025-06-02}, publisher = {IEEE Computer Society}, author = {Wu, Mingshi and Zohaib, Ali and Durumeric, Zakir and Houmansadr, Amir and Wustrow, Eric}, month = apr, year = {2025}, note = {ISSN: 2375-1207}, pages = {1363--1380}, } @misc{macmillan_EvaluatingSnowflakeIndistinguishable_2020, title = {Evaluating {Snowflake} as an {Indistinguishable} {Censorship} {Circumvention} {Tool}}, url = {http://arxiv.org/abs/2008.03254}, doi = {10.48550/arXiv.2008.03254}, abstract = {Tor is the most well-known tool for circumventing censorship. Unfortunately, Tor traffic has been shown to be detectable using deep-packet inspection. WebRTC is a popular web frame-work that enables browser-to-browser connections. Snowflake is a novel pluggable transport that leverages WebRTC to connect Tor clients to the Tor network. In theory, Snowflake was created to be indistinguishable from other WebRTC services. In this paper, we evaluate the indistinguishability of Snowflake. We collect over 6,500 DTLS handshakes from Snowflake, Facebook Messenger, Google Hangouts, and Discord WebRTC connections and show that Snowflake is identifiable among these applications with 100\% accuracy. We show that several features, including the extensions offered and the number of packets in the handshake, distinguish Snowflake among these services. Finally, we suggest recommendations for improving identification resistance in Snowflake. We have made the dataset publicly available.}, urldate = {2024-05-31}, publisher = {arXiv}, author = {MacMillan, Kyle and Holland, Jordan and Mittal, Prateek}, month = oct, year = {2020}, note = {arXiv:2008.03254 [cs]}, keywords = {Computer Science - Cryptography and Security, Computer Science - Networking and Internet Architecture}, } @misc{anderson_DimmingInternetDetecting_2013, title = {Dimming the {Internet}: {Detecting} {Throttling} as a {Mechanism} of {Censorship} in {Iran}}, shorttitle = {Dimming the {Internet}}, url = {http://arxiv.org/abs/1306.4361}, doi = {10.48550/arXiv.1306.4361}, abstract = {In the days immediately following the contested June 2009 Presidential election, Iranians attempting to reach news content and social media platforms were subject to unprecedented levels of the degradation, blocking and jamming of communications channels. Rather than shut down networks, which would draw attention and controversy, the government was rumored to have slowed connection speeds to rates that would render the Internet nearly unusable, especially for the consumption and distribution of multimedia content. Since, political upheavals elsewhere have been associated with headlines such as "High usage slows down Internet in Bahrain" and "Syrian Internet slows during Friday protests once again," with further rumors linking poor connectivity with political instability in Myanmar and Tibet. For governments threatened by public expression, the throttling of Internet connectivity appears to be an increasingly preferred and less detectable method of stifling the free flow of information. In order to assess this perceived trend and begin to create systems of accountability and transparency on such practices, we attempt to outline an initial strategy for utilizing a ubiquitious set of network measurements as a monitoring service, then apply such methodology to shed light on the recent history of censorship in Iran.}, urldate = {2024-05-17}, publisher = {arXiv}, author = {Anderson, Collin}, month = jun, year = {2013}, note = {arXiv:1306.4361 [cs]}, keywords = {Computer Science - Networking and Internet Architecture}, } @misc{brown_AugmentingRulebasedDNS_2023, title = {Augmenting {Rule}-based {DNS} {Censorship} {Detection} at {Scale} with {Machine} {Learning}}, url = {http://arxiv.org/abs/2302.02031}, doi = {10.48550/arXiv.2302.02031}, abstract = {The proliferation of global censorship has led to the development of a plethora of measurement platforms to monitor and expose it. Censorship of the domain name system (DNS) is a key mechanism used across different countries. It is currently detected by applying heuristics to samples of DNS queries and responses (probes) for specific destinations. These heuristics, however, are both platform-specific and have been found to be brittle when censors change their blocking behavior, necessitating a more reliable automated process for detecting censorship. In this paper, we explore how machine learning (ML) models can (1) help streamline the detection process, (2) improve the potential of using large-scale datasets for censorship detection, and (3) discover new censorship instances and blocking signatures missed by existing heuristic methods. Our study shows that supervised models, trained using expert-derived labels on instances of known anomalies and possible censorship, can learn the detection heuristics employed by different measurement platforms. More crucially, we find that unsupervised models, trained solely on uncensored instances, can identify new instances and variations of censorship missed by existing heuristics. Moreover, both methods demonstrate the capability to uncover a substantial number of new DNS blocking signatures, i.e., injected fake IP addresses overlooked by existing heuristics. These results are underpinned by an important methodological finding: comparing the outputs of models trained using the same probes but with labels arising from independent processes allows us to more reliably detect cases of censorship in the absence of ground-truth labels of censorship.}, urldate = {2024-05-08}, publisher = {arXiv}, author = {Brown, Jacob and Jiang, Xi and Tran, Van and Bhagoji, Arjun Nitin and Hoang, Nguyen Phong and Feamster, Nick and Mittal, Prateek and Yegneswaran, Vinod}, month = jun, year = {2023}, note = {arXiv:2302.02031 [cs]}, keywords = {Computer Science - Artificial Intelligence, Computer Science - Computers and Society, Computer Science - Machine Learning, Computer Science - Networking and Internet Architecture}, } @misc{centreofmonitorandcontroloftheinternet_RekomenduemOtkazatsyaOt_2024, title = {Рекомендуем отказаться от {CDN}-сервиса {CloudFlare} {\textbar} Новости}, url = {https://portal.noc.gov.ru/ru/news/2024/11/07/%D1%80%D0%B5%D0%BA%D0%BE%D0%BC%D0%B5%D0%BD%D0%B4%D1%83%D0%B5%D0%BC-%D0%BE%D1%82%D0%BA%D0%B0%D0%B7%D0%B0%D1%82%D1%8C%D1%81%D1%8F-%D0%BE%D1%82-cdn-%D1%81%D0%B5%D1%80%D0%B2%D0%B8%D1%81%D0%B0-cloudflare/}, urldate = {2025-04-15}, author = {Centre of Monitor {and} Control of the Internet}, month = nov, year = {2024}, } @inproceedings{fan_WallbleedMemoryDisclosure_2025, address = {San Diego, CA, USA}, title = {Wallbleed: {A} {Memory} {Disclosure} {Vulnerability} in the {Great} {Firewall} of {China}}, isbn = {979-8-9894372-8-3}, shorttitle = {Wallbleed}, url = {https://www.ndss-symposium.org/wp-content/uploads/2025-237-paper.pdf}, doi = {10.14722/ndss.2025.230237}, abstract = {We present Wallbleed, a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China. Wallbleed caused certain nation-wide censorship middleboxes to reveal up to 125 bytes of their memory when censoring a crafted DNS query. It afforded a rare insight into one of the Great Firewall’s well-known network attacks, namely DNS injection, in terms of its internal architecture and the censor’s operational behaviors.}, language = {en}, urldate = {2025-04-14}, booktitle = {Proceedings 2025 {Network} and {Distributed} {System} {Security} {Symposium}}, publisher = {Internet Society}, author = {Fan, Shencha and Sippe, Jackson and San, Sakamoto and Sheffey, Jade and Fifield, David and Houmansadr, Amir and Wedwards, Elson and Wustrow, Eric}, year = {2025}, } @misc{heitmann_ChinaExtendedIts_2025, title = {China extended its {SNI} censorship to {QUIC}}, url = {https://upb-syssec.github.io/blog/2025/quic-china/}, urldate = {2025-04-10}, author = {Heitmann, Nico and {Anonymous} and Lange, Felix and Niere, Niklas}, year = {2025}, } @inproceedings{izhikevich_ZDNSFastDNS_2022a, address = {New York, NY, USA}, series = {{IMC} '22}, title = {{ZDNS}: a fast {DNS} toolkit for internet measurement}, isbn = {978-1-4503-9259-4}, shorttitle = {{ZDNS}}, url = {https://dl.acm.org/doi/10.1145/3517745.3561434}, doi = {10.1145/3517745.3561434}, abstract = {Active DNS measurement is fundamental to understanding and improving the DNS ecosystem. However, the absence of an extensible, high-performance, and easy-to-use DNS toolkit has limited both the reproducibility and coverage of DNS research. In this paper, we introduce ZDNS, a modular and open-source active DNS measurement framework optimized for large-scale research studies of DNS on the public Internet. We describe ZDNS's architecture, evaluate its performance, and present two case studies that highlight how the tool can be used to shed light on the operational complexities of DNS. We hope that ZDNS will enable researchers to better---and in a more reproducible manner---understand Internet behavior.}, urldate = {2025-04-10}, booktitle = {Proceedings of the 22nd {ACM} {Internet} {Measurement} {Conference}}, publisher = {Association for Computing Machinery}, author = {Izhikevich, Liz and Akiwate, Gautam and Berger, Briana and Drakontaidis, Spencer and Ascheman, Anna and Pearce, Paul and Adrian, David and Durumeric, Zakir}, month = oct, year = {2022}, pages = {33--43}, } @misc{kachalova_EncryptedClientHello_2024, title = {Encrypted {Client} {Hello} didn't solve censorship, but still may have a role to play}, url = {https://adguard-dns.io/en/blog/encrypted-client-hello-misconceptions-future.html}, abstract = {Encrypted Client Hello is a protocol designed to be the last piece to the privacy puzzle. But its implementation ran into unexpected obstacles.}, language = {en}, urldate = {2025-04-10}, journal = {AdGuard DNS Blog}, author = {Kachalova, Ekaterina}, month = nov, year = {2024}, } @misc{_TLSEncryptedClient_, title = {{TLS} {Encrypted} {Client} {Hello}}, url = {https://datatracker.ietf.org/doc/id/draft-ietf-tls-esni-08.html}, urldate = {2025-04-09}, } @inproceedings{jin_UnderstandingImpactEncrypted_2021, address = {Ljubljana Slovenia}, title = {Understanding the {Impact} of {Encrypted} {DNS} on {Internet} {Censorship}}, isbn = {978-1-4503-8312-7}, url = {https://dl.acm.org/doi/10.1145/3442381.3450084}, doi = {10.1145/3442381.3450084}, abstract = {DNS traffic is transmitted in plaintext, resulting in privacy leakage. To combat this problem, secure protocols have been used to encrypt DNS messages. Existing studies have investigated the performance overhead and privacy benefits of encrypted DNS communications, yet little has been done from the perspective of censorship. In this paper, we study the impact of the encrypted DNS on Internet censorship in two aspects. On one hand, we explore the severity of DNS manipulation, which could be leveraged for Internet censorship, given the use of encrypted DNS resolvers. In particular, we perform 7.4 million DNS lookup measurements on 3,813 DoT and 75 DoH resolvers and identify that 1.66\% of DoT responses and 1.42\% of DoH responses undergo DNS manipulation. More importantly, we observe that more than two-thirds of the DoT and DoH resolvers manipulate DNS responses from at least one domain, indicating that the DNS manipulation is prevalent in encrypted DNS, which can be further exploited for enhancing Internet censorship. On the other hand, we evaluate the effectiveness of using encrypted DNS resolvers for censorship circumvention. Specifically, we first discover those vantage points that involve DNS manipulation through on-path devices, and then we apply encrypted DNS resolvers at these vantage points to access the censored domains. We reveal that 37\% of the domains are accessible from the vantage points in China, but none of the domains is accessible from the vantage points in Iran, indicating that the censorship circumvention of using encrypted DNS resolvers varies from country to country. Moreover, for a vantage point, using a different encrypted DNS resolver does not lead to a noticeable difference in accessing the censored domains.}, language = {en}, urldate = {2025-04-09}, booktitle = {Proceedings of the {Web} {Conference} 2021}, publisher = {ACM}, author = {Jin, Lin and Hao, Shuai and Wang, Haining and Cotton, Chase}, month = apr, year = {2021}, pages = {484--495}, } @techreport{hall_SurveyWorldwideCensorship_2023, type = {Request for {Comments}}, title = {A {Survey} of {Worldwide} {Censorship} {Techniques}}, url = {https://datatracker.ietf.org/doc/rfc9505}, abstract = {This document describes technical mechanisms employed in network censorship that regimes around the world use for blocking or impairing Internet traffic. It aims to make designers, implementers, and users of Internet protocols aware of the properties exploited and mechanisms used for censoring end-user access to information. This document makes no suggestions on individual protocol considerations, and is purely informational, intended as a reference. This document is a product of the Privacy Enhancement and Assessment Research Group (PEARG) in the IRTF.}, number = {RFC 9505}, urldate = {2025-04-02}, institution = {Internet Engineering Task Force}, author = {Hall, Joseph Lorenzo and Aaron, Michael D. and Andersdotter, Amelia and Jones, Ben and Feamster, Nick and Knodel, Mallory}, month = nov, year = {2023}, doi = {10.17487/RFC9505}, note = {Num Pages: 34}, } @techreport{rescorla_TLSEncryptedClient_2025, type = {Internet {Draft}}, title = {{TLS} {Encrypted} {Client} {Hello}}, url = {https://datatracker.ietf.org/doc/draft-ietf-tls-esni}, abstract = {This document describes a mechanism in Transport Layer Security (TLS) for encrypting a ClientHello message under a server public key. Discussion Venues This note is to be removed before publishing as an RFC. Source for this draft and an issue tracker can be found at https://github.com/tlswg/draft-ietf-tls-esni (https://github.com/tlswg/draft-ietf-tls-esni).}, number = {draft-ietf-tls-esni-24}, urldate = {2025-03-31}, institution = {Internet Engineering Task Force}, author = {Rescorla, Eric and Oku, Kazuho and Sullivan, Nick and Wood, Christopher A.}, month = mar, year = {2025}, note = {Num Pages: 53}, } @article{lange_IranconsistenciesNovelInsights_2025, title = {I(ra)nconsistencies: {Novel} {Insights} into {Iran}’s {Censorship}}, shorttitle = {I(ra)nconsistencies}, url = {https://www.petsymposium.org/foci/2025/foci-2025-0002.php}, urldate = {2025-03-10}, journal = {Free and Open Communications on the Internet}, author = {Lange, Felix and Niere, Niklas and Niessen, Jonathan von and Suermann, Dennis and Heitmann, Nico and Somorovsky, Juraj}, year = {2025}, } @misc{baurichter_BuildingNetworkCensor_2024, title = {Building {A} {Network} {Censor}}, publisher = {\{P\}roject \{G\}roup at \{P\}aderborn \{U\}niversity, supervised by \{N\}iklas \{N\}iere and \{J\}uraj \{S\}omorovsky}, author = {Baurichter, Dennis and Bergmann, Paul and Breuch, Philipp Michael and Franckevics, Konstantins and Ghazal, Abdulkarim and Sharma, Ashwani}, year = {2024}, } @inproceedings{wang_YourStateNot_2017, address = {New York, NY, USA}, series = {{IMC} '17}, title = {Your {State} is {Not} {Mine}: {A} {Closer} {Look} at {Evading} {Stateful} {Internet} {Censorship}}, isbn = {978-1-4503-5118-8}, shorttitle = {Your state is not mine}, url = {https://dl.acm.org/doi/10.1145/3131365.3131374}, doi = {10.1145/3131365.3131374}, abstract = {Understanding the behaviors of, and evading state-level Internet-scale censorship systems such as the Great Firewall (GFW) of China, has emerged as a research problem of great interest. One line of evasion is the development of techniques that leverage the possibility that the TCP state maintained on the GFW may not represent the state at end-hosts. In this paper we undertake, arguably, the most extensive measurement study on TCP-level GFW evasion techniques, with several vantage points within and outside China, and with clients subscribed to multiple ISPs. We find that the state-of-the art evasion techniques are no longer very effective on the GFW. Our study further reveals that the primary reason that causes these failures is the evolution of GFW over time. In addition, other factors such as the presence of middleboxes on the route from the client to the server also contribute to previously unexpected behaviors. Our measurement study leads us to new understandings of the GFW and new evasion techniques. Evaluations of our new evasion strategies show that our new techniques provide much higher success rates of (compared to prior schemes) ≈ 90\% or higher. Our results further validate our new understandings of the GFW's evolved behaviors. We also develop a measurement-driven tool INTANG, that systematically looks for and finds the best strategy that works with a server and network path. Our measurements show that INTANG can yield near perfect evasion rates and is extremely effective in aiding various protocols such as HTTP, DNS over TCP, and Tor in evading the GFW.}, urldate = {2024-05-08}, booktitle = {Proceedings of the 2017 {Internet} {Measurement} {Conference}}, publisher = {Association for Computing Machinery}, author = {Wang, Zhongjie and Cao, Yue and Qian, Zhiyun and Song, Chengyu and Krishnamurthy, Srikanth V.}, month = nov, year = {2017}, keywords = {INTANG, TCP, censorship circumvention, the great firewall of china, traffic manipulation}, pages = {114--127}, } @misc{ujuiujumandan_NewQUICBlock_2023, title = {New {QUIC} block behaviour in {China} · {Issue} \#264 · net4people/bbs}, url = {https://github.com/net4people/bbs/issues/264}, abstract = {According to last report(\#113) by OONI in June 2022, there's no evidence that the Great Firewall specifically targets QUIC or HTTP/3. And 1 year after to today, the case seems have been changed. QU...}, language = {en}, urldate = {2025-03-03}, journal = {GitHub}, author = {{UjuiUjuMandan}}, month = jul, year = {2023}, } @inproceedings{khattak_IlluminatingCensorshipMonitors_2013, title = {Towards {Illuminating} a {Censorship} {Monitor}'s {Model} to {Facilitate} {Evasion}}, url = {https://www.usenix.org/conference/foci13/workshop-program/presentation/khattak}, language = {en}, urldate = {2025-02-27}, author = {Khattak, Sheharbano and Javed, Mobin and Anderson, Philip D. and Paxson, Vern}, year = {2013}, } @article{ververis_InternetCensorshipEuropean_, title = {Internet censorship in the {European} {Union}}, author = {Ververis, Vasilis}, } @inproceedings{anonymous_ComprehensivePictureGreat_2014, address = {San Diego, CA}, title = {Towards a {Comprehensive} {Picture} of the {Great} {Firewall}’s {DNS} {Censorship}}, url = {https://www.usenix.org/conference/foci14/workshop-program/presentation/anonymous}, booktitle = {4th {USENIX} {Workshop} on {Free} and {Open} {Communications} on the {Internet} ({FOCI} 14)}, publisher = {USENIX Association}, author = {Anonymous}, month = aug, year = {2014}, } @inproceedings{winter_HowGreatFirewall_2012, address = {Bellevue, WA}, title = {How the {Great} {Firewall} of {China} is {Blocking} {Tor}}, url = {https://www.usenix.org/conference/foci12/workshop-program/presentation/Winter}, booktitle = {2nd {USENIX} {Workshop} on {Free} and {Open} {Communications} on the {Internet} ({FOCI} 12)}, publisher = {USENIX Association}, author = {Winter, Philipp and Lindskog, Stefan}, month = aug, year = {2012}, } @inproceedings{harrity_GETOutAutomated_2022, address = {Boston, MA}, title = {{GET} /out: {Automated} {Discovery} of {Application}-{Layer} {Censorship} {Evasion} {Strategies}}, isbn = {978-1-939133-31-1}, url = {https://www.usenix.org/conference/usenixsecurity22/presentation/harrity}, booktitle = {31st {USENIX} {Security} {Symposium} ({USENIX} {Security} 22)}, publisher = {USENIX Association}, author = {Harrity, Michael and Bock, Kevin and Sell, Frederick and Levin, Dave}, month = aug, year = {2022}, pages = {465--483}, } @inproceedings{hoang_HowGreatGreat_2021, title = {How {Great} is the {Great} {Firewall}? {Measuring} {China}'s {DNS} {Censorship}}, isbn = {978-1-939133-24-3}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/hoang}, booktitle = {30th {USENIX} {Security} {Symposium} ({USENIX} {Security} 21)}, publisher = {USENIX Association}, author = {Hoang, Nguyen Phong and Niaki, Arian Akhavan and Dalek, Jakub and Knockel, Jeffrey and Lin, Pellaeon and Marczak, Bill and Crete-Nishihata, Masashi and Gill, Phillipa and Polychronakis, Michalis}, month = aug, year = {2021}, pages = {3381--3398}, } @inproceedings{bock_DetectingEvadingCensorshipinDepth_2020, title = {Detecting and {Evading} {Censorship}-in-{Depth}: {A} {Case} {Study} of {Iran}’s {Protocol} {Whitelister}}, url = {https://www.usenix.org/conference/foci20/presentation/bock}, booktitle = {10th {USENIX} {Workshop} on {Free} and {Open} {Communications} on the {Internet} ({FOCI} 20)}, publisher = {USENIX Association}, author = {Bock, Kevin and Fax, Yair and Reese, Kyle and Singh, Jasraj and Levin, Dave}, month = aug, year = {2020}, } @inproceedings{aryan_InternetCensorshipIran_2013, address = {Washington, D.C.}, title = {Internet {Censorship} in {Iran}: {A} {First} {Look}}, url = {https://www.usenix.org/conference/foci13/workshop-program/presentation/aryan}, booktitle = {3rd {USENIX} {Workshop} on {Free} and {Open} {Communications} on the {Internet} ({FOCI} 13)}, publisher = {USENIX Association}, author = {Aryan, Simurgh and Aryan, Homa and Halderman, J. Alex}, month = aug, year = {2013}, } @inproceedings{marczak_AnalysisChinasGreat_2015, address = {Washington, D.C.}, title = {An {Analysis} of {China}’s “{Great} {Cannon}”}, url = {https://www.usenix.org/conference/foci15/workshop-program/presentation/marczak}, booktitle = {5th {USENIX} {Workshop} on {Free} and {Open} {Communications} on the {Internet} ({FOCI} 15)}, publisher = {USENIX Association}, author = {Marczak, Bill and Weaver, Nicholas and Dalek, Jakub and Ensaf, Roya and Fifield, David and McKune, Sarah and Rey, Arn and Scott-Railton, John and Deibert, Ron and Paxson, Vern}, month = aug, year = {2015}, } @misc{basso_MeasuringDoTDoH_2022, title = {Measuring {DoT}/{DoH} {Blocking} {Using} {OONI} {Probe}: {A} {Preliminary} {Study}}, shorttitle = {Measuring {DoT}/{DoH} {Blocking} {Using} {OONI} {Probe}}, url = {https://ooni.org/post/2022-doh-dot-paper-dnsprivacy21/}, abstract = {This research paper examines encrypted DNS blocking in Iran, China, and Kazakhstan.}, language = {en}, urldate = {2025-01-22}, author = {Basso, Simone}, month = jun, year = {2022}, } @misc{lab_URLTestingLists_2014, title = {{URL} testing lists intended for discovering website censorship}, url = {https://github.com/citizenlab/test-lists}, author = {Lab, Citizen and {Others}}, year = {2014}, } @inproceedings{pearce_AugurInternetWideDetection_2017, title = {Augur: {Internet}-{Wide} {Detection} of {Connectivity} {Disruptions}}, shorttitle = {Augur}, url = {https://ieeexplore.ieee.org/document/7958591}, doi = {10.1109/SP.2017.55}, abstract = {Anecdotes, news reports, and policy briefings collectively suggest that Internet censorship practices are pervasive. The scale and diversity of Internet censorship practices makes it difficult to precisely monitor where, when, and how censorship occurs, as well as what is censored. The potential risks in performing the measurements make this problem even more challenging. As a result, many accounts of censorship begin-and end-with anecdotes or short-term studies from only a handful of vantage points. We seek to instead continuously monitor information about Internet reachability, to capture the onset or termination of censorship across regions and ISPs. To achieve this goal, we introduce Augur, a method and accompanying system that utilizes TCP/IP side channels to measure reachability between two Internet locations without directly controlling a measurement vantage point at either location. Using these side channels, coupled with techniques to ensure safety by not implicating individual users, we develop scalable, statistically robust methods to infer network-layer filtering, and implement a corresponding system capable of performing continuous monitoring of global censorship. We validate our measurements of Internet-wide disruption in nearly 180 countries over 17 days against sites known to be frequently blocked, we also identify the countries where connectivity disruption is most prevalent.}, urldate = {2025-01-20}, booktitle = {2017 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})}, author = {Pearce, Paul and Ensafi, Roya and Li, Frank and Feamster, Nick and Paxson, Vern}, month = may, year = {2017}, note = {ISSN: 2375-1207}, keywords = {Censorship, Extraterrestrial measurements, IP networks, Internet, Measurement, Monitoring, Network and systems security, Radiation detectors, Security and privacy policies, Time measurement}, pages = {427--443}, } @inproceedings{scott_SatelliteJointAnalysis_2016, title = {Satellite: {Joint} {Analysis} of \{{CDNs}\} and \{{Network}-{Level}\} {Interference}}, isbn = {978-1-931971-30-0}, shorttitle = {Satellite}, url = {https://www.usenix.org/conference/atc16/technical-sessions/presentation/scott}, language = {en}, urldate = {2025-01-20}, author = {Scott, Will and Anderson, Thomas and Kohno, Tadayoshi and Krishnamurthy, Arvind}, year = {2016}, pages = {195--208}, } @inproceedings{mi_ResidentEvilUnderstanding_2019, title = {Resident {Evil}: {Understanding} {Residential} {IP} {Proxy} as a {Dark} {Service}}, shorttitle = {Resident {Evil}}, url = {https://ieeexplore.ieee.org/document/8835239}, doi = {10.1109/SP.2019.00011}, abstract = {An emerging Internet business is residential proxy (RESIP) as a service, in which a provider utilizes the hosts within residential networks (in contrast to those running in a datacenter) to relay their customers' traffic, in an attempt to avoid server- side blocking and detection. With the prominent roles the services could play in the underground business world, little has been done to understand whether they are indeed involved in Cybercrimes and how they operate, due to the challenges in identifying their RESIPs, not to mention any in-depth analysis on them. In this paper, we report the first study on RESIPs, which sheds light on the behaviors and the ecosystem of these elusive gray services. Our research employed an infiltration framework, including our clients for RESIP services and the servers they visited, to detect 6 million RESIP IPs across 230+ countries and 52K+ ISPs. The observed addresses were analyzed and the hosts behind them were further fingerprinted using a new profiling system. Our effort led to several surprising findings about the RESIP services unknown before. Surprisingly, despite the providers' claim that the proxy hosts are willingly joined, many proxies run on likely compromised hosts including IoT devices. Through cross-matching the hosts we discovered and labeled PUP (potentially unwanted programs) logs provided by a leading IT company, we uncovered various illicit operations RESIP hosts performed, including illegal promotion, Fast fluxing, phishing, malware hosting, and others. We also reverse engi- neered RESIP services' internal infrastructures, uncovered their potential rebranding and reselling behaviors. Our research takes the first step toward understanding this new Internet service, contributing to the effective control of their security risks.}, urldate = {2025-01-15}, booktitle = {2019 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})}, author = {Mi, Xianghang and Feng, Xuan and Liao, Xiaojing and Liu, Baojun and Wang, XiaoFeng and Qian, Feng and Li, Zhou and Alrwais, Sumayah and Sun, Limin and Liu, Ying}, month = may, year = {2019}, note = {ISSN: 2375-1207}, keywords = {Anonymity, Companies, Computer crime, Embedded-systems-security, IP networks, Internet, Logic gates, Malware-and-unwanted-software, Network-and-systems-security, Security-and-privacy-for-the-Internet-of-Things, Servers, residential-IP-proxy-as-a-service, residential-ip, residential-proxy, web-proxy}, pages = {1185--1201}, } @inproceedings{xue_FingerprintingObfuscatedProxy_2024, title = {Fingerprinting {Obfuscated} {Proxy} {Traffic} with {Encapsulated} \{{TLS}\} {Handshakes}}, isbn = {978-1-939133-44-1}, url = {https://www.usenix.org/conference/usenixsecurity24/presentation/xue-fingerprinting}, language = {en}, urldate = {2024-12-06}, booktitle = {33rd {USENIX} {Security} {Symposium} ({USENIX} {Security} 24)}, author = {Xue, Diwen and Kallitsis, Michalis and Houmansadr, Amir and Ensafi, Roya}, year = {2024}, pages = {2689--2706}, } @inproceedings{vandersloot_QuackScalableRemote_2018, title = {Quack: {Scalable} {Remote} {Measurement} of {Application}-{Layer} {Censorship}}, isbn = {978-1-939133-04-5}, shorttitle = {Quack}, url = {https://www.usenix.org/conference/usenixsecurity18/presentation/vandersloot}, language = {en}, urldate = {2024-05-08}, booktitle = {27th {USENIX} {Security} {Symposium} ({USENIX} {Security} 18)}, author = {VanderSloot, Benjamin and McDonald, Allison and Scott, Will and Halderman, J. Alex and Ensafi, Roya}, year = {2018}, pages = {187--202}, } @inproceedings{crowder_CanShowYou_2024, address = {Hawaii}, title = {I {Can} {Show} {You} the {World} (of {Censorship}): {Extracting} {Insights} from {Censorship} {Measurement} {Data} {Using} {Statistical} {Techniques}}, booktitle = {{ACSAC} '24: {Proceedings} of the 40th {Annual} {Computer} {Security} {Applications} {Conference}}, author = {Crowder, Anna and Olszewski, Daniel and Traynor, Patrick and Butler, Kevin R. B.}, year = {2024}, } @article{raman_AdvancingArtCensorship_2023, title = {Advancing the {Art} of {Censorship} {Data} {Analysis}}, url = {https://petsymposium.org/foci/2023/foci-2023-0003.php}, urldate = {2024-12-19}, journal = {Free and Open Communications on the Internet}, author = {Raman, Ram Sundara and Virkud, Apurva and Laplante, Sarah and Fortuna, Vinicius and Ensafi, Roya}, year = {2023}, } @article{nourin_DetectingNetworkInterference_2023, title = {Detecting {Network} {Interference} {Without} {Endpoint} {Participation}}, url = {https://www.petsymposium.org/foci/2023/foci-2023-0010.php}, urldate = {2024-12-17}, journal = {Free and Open Communications on the Internet}, author = {Nourin, Sadia and Bock, Kevin and Hoang, Nguyen Phong and Levin, Dave}, year = {2023}, } @inproceedings{raman_MeasuringDeploymentNetwork_2020, title = {Measuring the {Deployment} of {Network} {Censorship} {Filters} at {Global} {Scale}.}, url = {https://pdfs.semanticscholar.org/8450/f1d586564b36c62e44eca2e383b16315d60f.pdf}, urldate = {2024-12-17}, booktitle = {{NDSS}}, author = {Raman, Ram Sundara and Stoll, Adrian and Dalek, Jakub and Ramesh, Reethika and Scott, Will and Ensafi, Roya}, year = {2020}, } @article{bailey_MenloReport_2012, title = {The {Menlo} {Report}}, volume = {10}, issn = {1558-4046}, url = {https://ieeexplore.ieee.org/abstract/document/6173001}, doi = {10.1109/MSP.2012.52}, abstract = {On 28 December 2011, the US Department of Homeland Security, Science and Technology, Cyber Security Division released "The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research" to the Federal Register to elicit the public's feedback. In this article, the authors briefly describe the road to this milestone, summarize the report and its companion document, and describe the next steps we should take as a community.}, number = {2}, urldate = {2024-11-28}, journal = {IEEE Security \& Privacy}, author = {Bailey, Michael and Dittrich, David and Kenneally, Erin and Maughan, Doug}, month = mar, year = {2012}, note = {Conference Name: IEEE Security \& Privacy}, keywords = {Computer security, Ethics, Privacy, Terrorism, computer crime, computer network security, computer security, ethics, professional societies, technology social factors}, pages = {71--75}, } @misc{stenberg_Curl_1996, title = {curl}, url = {https://curl.se/}, urldate = {2024-11-13}, author = {Stenberg, Daniel}, year = {1996}, } @misc{wkrp_BlockingCloudflareECH_2024, title = {Blocking of {Cloudflare} {ECH} in {Russia}, 2024-11-05 · {Issue} \#417 · net4people/bbs}, url = {https://github.com/net4people/bbs/issues/417}, abstract = {[Discussion moved from \#393 (comment). NTC threads are https://ntc.party/t/12837 (technical information) and https://ntc.party/t/12732 (discussion).] Cloudflare's deployment of Encrypted Client Hel...}, language = {en}, urldate = {2024-11-12}, journal = {GitHub}, author = {wkrp}, month = nov, year = {2024}, } @inproceedings{jones_EthicalConcernsCensorship_2015, address = {New York, NY, USA}, series = {{NS} {Ethics} '15}, title = {Ethical {Concerns} for {Censorship} {Measurement}}, isbn = {978-1-4503-3541-6}, url = {https://dl.acm.org/doi/10.1145/2793013.2793015}, doi = {10.1145/2793013.2793015}, abstract = {Based on our experiences in measuring censorship in several projects, we frame various ethical questions and challenges that we have encountered. We offer this short document to highlight open questions that we view as important to consider when establishing ethical norms for censorship measurement.}, urldate = {2024-11-05}, booktitle = {Proceedings of the 2015 {ACM} {SIGCOMM} {Workshop} on {Ethics} in {Networked} {Systems} {Research}}, publisher = {Association for Computing Machinery}, author = {Jones, Ben and Ensafi, Roya and Feamster, Nick and Paxson, Vern and Weaver, Nick}, month = aug, year = {2015}, pages = {17--19}, } @misc{gill_CaseStudyIran_2016, title = {A {Case} {Study} in {Iran}}, url = {https://iclab.gitlab.io/post/iran_case_study_2016/}, abstract = {In May of 2016, ICLab in collaboration with Smallmedia UK, conducted a case-study of censorship on 7 URLs in Iran to determine if they are blocked, and if so, what methods were used to block access to these URLs.}, language = {en-us}, urldate = {2024-10-21}, journal = {ICLab}, author = {Gill, Phillipa}, month = jun, year = {2016}, } @inproceedings{ensafi_ExaminingHowGreat_2015, address = {Tokyo Japan}, title = {Examining {How} the {Great} {Firewall} {Discovers} {Hidden} {Circumvention} {Servers}}, isbn = {978-1-4503-3848-6}, url = {https://dl.acm.org/doi/10.1145/2815675.2815690}, doi = {10.1145/2815675.2815690}, abstract = {Recently, the operators of the national censorship infrastructure of China began to employ “active probing” to detect and block the use of privacy tools. This probing works by passively monitoring the network for suspicious traffic, then actively probing the corresponding servers, and blocking any that are determined to run circumvention servers such as Tor.}, language = {en}, urldate = {2024-10-18}, booktitle = {Proceedings of the 2015 {Internet} {Measurement} {Conference}}, publisher = {ACM}, author = {Ensafi, Roya and Fifield, David and Winter, Philipp and Feamster, Nick and Weaver, Nicholas and Paxson, Vern}, month = oct, year = {2015}, pages = {445--458}, } @inproceedings{li_WorldwideViewReachability_2024, address = {Singapore Singapore}, title = {A {Worldwide} {View} on the {Reachability} of {Encrypted} {DNS} {Services}}, isbn = {9798400701719}, url = {https://dl.acm.org/doi/10.1145/3589334.3645539}, doi = {10.1145/3589334.3645539}, abstract = {To protect user DNS privacy, four DNS over Encryption (DoE) protocols have been proposed, including DNS over TLS (DoT), DNS over HTTPS (DoH), DNS over QUIC (DoQ), and DNS over HTTP/3 (DoH3). Ensuring reachability stands as a prominent prerequisite for the proper functionality of these DoE protocols, driving considerable efforts in this domain. However, existing studies predominantly concentrate on a limited number of DoT/DoH domains or employ a restricted subset of vantage points (VPs). In this paper, we present the first comprehensive worldwide view of DoE service reachability. By collecting data from our 15month-long scan, we elaborately built a list of 1302 operational DoE domains as measurement targets, 448 of which support IPv6. Then we performed 10M DoE over IPv4 (DoEv4) and 570K DoE over IPv6 (DoEv6) queries from 5K VPs over two months, encompassing 102 countries/regions. Our results reveal that the reachability of DoE services is poor in some countries/regions. Specifically, 592K (5.92\%) DoEv4 queries and 28K (4.91\%) DoEv6 queries are blocked. In countries/regions with strict Internet control, DoEv4 service blocking often occurs during TCP connection and QUIC version negotiation. Compared to DoEv4, the reachability of DoEv6 services is better. In particular, some DoE blocking policies target only specific IP addresses or DoE protocols, providing clients with the opportunity to access blocked DoE domains. Our study highlights the need for the DNS community to pay attention and improve the reachability of DoE services.}, language = {en}, urldate = {2024-10-18}, booktitle = {Proceedings of the {ACM} {Web} {Conference} 2024}, publisher = {ACM}, author = {Li, Ruixuan and Liu, Baojun and Lu, Chaoyi and Duan, Haixin and Shao, Jun}, month = may, year = {2024}, pages = {1193--1202}, } @techreport{perkins_WebProxyAutoDiscovery_1999, type = {Internet {Draft}}, title = {Web {Proxy} {Auto}-{Discovery} {Protocol}}, url = {https://datatracker.ietf.org/doc/draft-ietf-wrec-wpad-01}, abstract = {A mechanism is needed to permit web clients to locate nearby web proxy caches. Current best practice is for end users to hand configure their web client (i.e., browser) with the URL of an 'auto configuration file'. In large environments this presents a formidable support problem. It would be much more manageable for the web client software to automatically learn the configuration information for its web proxy settings. This is typically referred to as a resource discovery problem.}, number = {draft-ietf-wrec-wpad-01}, urldate = {2024-10-17}, institution = {Internet Engineering Task Force}, author = {Perkins, Charles E. and Cohen, Josh and Dunsmuir, Martin and Gauthier, Paul A. and Cooper, Ian and M.A, John W. Cohen}, month = jul, year = {1999}, note = {Num Pages: 18}, } @inproceedings{nazeri_CitationFilteredIrans_2013, title = {Citation {Filtered}: {Iran}’s {Censorship} of {Wikipedia}}, shorttitle = {Citation {Filtered}}, url = {https://www.semanticscholar.org/paper/Citation-Filtered%3A-Iran%E2%80%99s-Censorship-of-Wikipedia-Nazeri-Anderson/15f13eb5c7fa7128cd6551d0fe1c285a7763c0ea}, abstract = {Using proxy servers in Iran, researchers Collin Anderson and Nima Nazeri identified every blocked Persian language Wikipedia article and divided blocked pages into ten categories to determine the type of content state censors are most adverse. In total, 963 blocked articles were found, covering a range of sociopolitical and sexual content including politics, journalism, the arts, religion, sex, sexuality, and human rights. Censors repeatedly targeted Wikipedia pages about government rivals, minority religious beliefs, and criticisms of the state, officials, and the police. Just under half of the blocked Wiki-pages are biographies, including pages about individuals the authorities have allegedly detained or killed. Based on prior research, it is known that Iran’s Internet filtration relies on blacklists of specifically designated URLs and URL keywords. Keyword filtration blindly blocks pages that contain prohibited character patterns in the URL. Sexual content is the main target of keywords, for example most keywords are sexual and/or profane terms. We found dozens of pages that seem to be unintentionally censored by keyword filtering, meaning that they were misidentified as sexual or profane and contained no content likely to offend Iranian authorities. Disciplines Communication {\textbar} Communication Technology and New Media {\textbar} Near and Middle Eastern Studies Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License. This report is available at ScholarlyCommons: https://repository.upenn.edu/iranmediaprogram/10 Citation Filtered: Iran’s Censorship of Wikipedia !}, urldate = {2024-10-14}, author = {Nazeri, Nima and Anderson, Collin}, year = {2013}, } @inproceedings{burnett_EncoreLightweightMeasurement_2015, address = {London United Kingdom}, title = {Encore: {Lightweight} {Measurement} of {Web} {Censorship} with {Cross}-{Origin} {Requests}}, isbn = {978-1-4503-3542-3}, shorttitle = {Encore}, url = {https://dl.acm.org/doi/10.1145/2785956.2787485}, doi = {10.1145/2785956.2787485}, language = {en}, urldate = {2024-10-08}, booktitle = {Proceedings of the 2015 {ACM} {Conference} on {Special} {Interest} {Group} on {Data} {Communication}}, publisher = {ACM}, author = {Burnett, Sam and Feamster, Nick}, month = aug, year = {2015}, pages = {653--667}, } @misc{DPYProxy, title = {{DPYProxy}}, url = {https://github.com/UPB-SysSec/DPYProxy}, author = {{JonSnowWhite}}, year = {2024}, } @misc{_TlsattackerTLSAttacker_2024, title = {{TLS}-{Attacker}}, copyright = {Apache-2.0}, url = {https://github.com/tls-attacker/TLS-Attacker}, abstract = {TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.}, urldate = {2024-06-28}, publisher = {TLS-Attacker}, author = {{tls-attacker}}, month = jun, year = {2024}, } @misc{openobservatoryofnetworkinterference_OONIOpenObservatory_2024, title = {{OONI}: {Open} {Observatory} of {Network} {Interference}}, shorttitle = {{OONI}}, url = {https://ooni.org/}, abstract = {The Open Observatory of Network Interference (OONI) is a global community measuring internet censorship around the world. Run OONI Probe to detect internet censorship. Use OONI Explorer to track internet censorship worldwide in near real-time.}, language = {en}, urldate = {2024-05-08}, author = {{Open Observatory of Network Interference}}, month = may, year = {2024}, } @misc{tor_Snowflake_2024, title = {Snowflake}, url = {https://snowflake.torproject.org/}, urldate = {2023-05-03}, author = {{The Tor Project}}, year = {2024}, keywords = {Tools}, } @misc{nomoresat_DPITunnelandroid_2024, title = {{DPITunnel}-android}, copyright = {GPL-3.0}, url = {https://github.com/nomoresat/DPITunnel-android}, urldate = {2024-05-08}, author = {nomoresat}, month = may, year = {2024}, keywords = {Tools}, } @misc{macronut_Ghostcp_2024, title = {ghostcp}, copyright = {LGPL-3.0}, url = {https://github.com/macronut/ghostcp}, abstract = {GhosTCP is a program for Windows that protects the TCP connections from being interfered.}, urldate = {2024-05-08}, author = {macronut}, month = may, year = {2024}, keywords = {Tools}, } @misc{valdikss_GoodbyeDPI_2024, title = {{GoodbyeDPI}}, copyright = {Apache-2.0}, url = {https://github.com/ValdikSS/GoodbyeDPI}, abstract = {GoodbyeDPI — Deep Packet Inspection circumvention utility (for Windows)}, urldate = {2024-05-08}, author = {ValdikSS}, month = may, year = {2024}, keywords = {Tools, anticensorship, censorship-circumvention, deep-packet-inspection, dpi}, } @misc{hayeri_GreenTunnel_2024, title = {{GreenTunnel}}, copyright = {MIT}, url = {https://github.com/SadeghHayeri/GreenTunnel}, abstract = {GreenTunnel is an anti-censorship utility designed to bypass the DPI system that is put in place by various ISPs to block access to certain websites.}, urldate = {2024-05-08}, author = {Hayeri, Sadegh}, month = may, year = {2024}, keywords = {Tools, deep-packet-inspection, dpi, filtering, firewall-bypass, isp, proxy, sni, socks, vpn}, } @misc{googlejigsaw_JigsawCodeIntra_2024, title = {Jigsaw-{Code}/{Intra}}, copyright = {Apache-2.0}, url = {https://github.com/Jigsaw-Code/Intra}, abstract = {An experimental tool that allows you to test new DNS-over-HTTPS services on Android}, urldate = {2024-06-20}, publisher = {Jigsaw}, author = {{Google Jigsaw}}, month = jun, year = {2024}, } @misc{nemolian_NosniProxy_2023, title = {{NosniProxy}}, url = {https://github.com/nemolian/nosni_proxy}, abstract = {Bypass DPI and censorship with nosni proxy}, urldate = {2023-04-27}, author = {nemolian}, month = apr, year = {2023}, keywords = {dpi, dpi-bypassing, novpn, proxy-server}, } @misc{krlvm_PowerTunnel_2024, title = {{PowerTunnel}}, copyright = {GPL-3.0}, url = {https://github.com/krlvm/PowerTunnel}, abstract = {Powerful and extensible proxy server with anti-censorship functionality}, urldate = {2024-05-08}, author = {krlvm}, month = may, year = {2024}, keywords = {Tools, anti-censorship, anticensorship, censorship-circumvention, deep-packet-inspection, dpi, dpi-filtering, government-censorship, proxy}, } @misc{krlvm_PowerTunnelAndroid_2024, title = {{PowerTunnel}-{Android}}, copyright = {GPL-3.0}, url = {https://github.com/krlvm/PowerTunnel-Android}, abstract = {Powerful and extensible proxy server with anti-censorship functionality for Android}, urldate = {2024-05-08}, author = {krlvm}, month = may, year = {2024}, keywords = {Tools, anti-censorship, anticensorship, censorship-circumvention, deep-packet-inspection, dpi, dpi-filtering, government-censorship, proxy}, } @misc{xvzc_SpoofDPI_2024, title = {{SpoofDPI}}, copyright = {Apache-2.0}, url = {https://github.com/xvzc/SpoofDPI}, abstract = {A simple and fast anti-censorship tool written in Go}, urldate = {2024-05-08}, author = {xvzc}, month = may, year = {2024}, keywords = {Tools, anti-censorship, censorship-circumvention, censorship-free, deep-packet-inspection, dpi, dpi-bypassing, dpi-filtering, golang, proxy-server}, } @misc{zhongjiewang_SymTCPAutomaticDiscrepancy_2023, title = {{SymTCP} - {Automatic} {Discrepancy} {Discovery} for {DPI} ({Deep} {Packet} {Inspection}) {Elusion}}, url = {https://github.com/seclab-ucr/SymTCP}, abstract = {Automatic Discrepancy Discovery for DPI Elusion}, urldate = {2023-04-27}, publisher = {UCR Security Lab}, author = {{Zhongjie, Wang}}, month = apr, year = {2023}, keywords = {Tools}, } @misc{bol-van_Zapret_2024, title = {zapret}, url = {https://github.com/bol-van/zapret}, urldate = {2024-05-08}, author = {bol-van}, month = may, year = {2024}, keywords = {Tools, censorship-circumvention, dpi, freebsd, linux, macos, openbsd, openwrt, russian, wireguard-mod}, } @inproceedings{tsiatsikas_MeasuringAdoptionTLS_2023, address = {Cham}, title = {Measuring the {Adoption} of {TLS} {Encrypted} {Client} {Hello} {Extension} and {Its} {Forebear} in the {Wild}}, isbn = {978-3-031-25460-4}, doi = {10.1007/978-3-031-25460-4_10}, abstract = {The Transport Layer Security (TLS) protocol was introduced to solve the lack of security and privacy in the early versions of the world wide web. However, even though it has substantially evolved over the years, certain features still present privacy issues. One such feature is the Server Name Indication (SNI) extension, which allows multiple web servers to reside behind a provider hosting multiple domains with the same IP address; at the same time it allows third parties to discover the domains that end users visit. In the last few years, the Encrypted Server Name Indication (ESNI) Internet draft is being developed by the Internet Engineering Task Force (IETF); this encrypted variant of the extension was renamed to Encrypted Client Hello (ECH) in latest versions. In this paper, we measure the adoption of both these versions, given that they have substantial differences. By analyzing the top 1M domains in terms of popularity, we identify that only a small portion, less than 19\%, supports the privacy-preserving ESNI extension and practically no domain supports ECH. Overall, these results demonstrate that there is still a long way to go to ensure the privacy of end users visiting TLS-protected domains which are co-located behind a common Internet-facing server.}, language = {en}, booktitle = {Computer {Security}. {ESORICS} 2022 {International} {Workshops}}, publisher = {Springer International Publishing}, author = {Tsiatsikas, Zisis and Karopoulos, Georgios and Kambourakis, Georgios}, editor = {Katsikas, Sokratis and Cuppens, Frédéric and Kalloniatis, Christos and Mylopoulos, John and Pallas, Frank and Pohle, Jörg and Sasse, M. Angela and Abie, Habtamu and Ranise, Silvio and Verderame, Luca and Cambiaso, Enrico and Maestre Vidal, Jorge and Sotelo Monge, Marco Antonio and Albanese, Massimiliano and Katt, Basel and Pirbhulal, Sandeep and Shukla, Ankur}, year = {2023}, keywords = {ECH, ESNI, Internet measurement, Network security, Privacy, TLS}, pages = {177--190}, } @inproceedings{satija_BlindTLSCircumventingTLSbased_2021, address = {Virtual Event USA}, title = {{BlindTLS}: {Circumventing} {TLS}-based {HTTPS} censorship}, isbn = {978-1-4503-8640-1}, shorttitle = {{BlindTLS}}, url = {https://dl.acm.org/doi/10.1145/3473604.3474564}, doi = {10.1145/3473604.3474564}, abstract = {Governments across the globe limit which sites their citizens can visit by employing multiple kinds of censorship techniques for different types of traffic. ISPs have been able to effectively censor HTTPS traffic by inspecting the TLS handshake which leaks the domain being visited. TLS1.3 attempts to solve this with a proposed ESNI extension which encrypts the SNI (server name indication) value. Since ESNI is optional, ISPs have been known to simply drop handshakes that attempt to use it; SNI based censorship is therefore still a problem even in TLS1.3. We present BlindTLS, a technique that hides the true SNI value in TLS1.2. BlindTLS requires no server modifications and expects only minimal (existing) external infrastructure to circumvent TLS-based censorship. We evaluate and show that BlindTLS is able to successfully provide access to a majority of websites blocked by a real-world ISP with minimal performance overhead.}, language = {en}, urldate = {2024-07-10}, booktitle = {Proceedings of the {ACM} {SIGCOMM} 2021 {Workshop} on {Free} and {Open} {Communications} on the {Internet}}, publisher = {ACM}, author = {Satija, Sambhav and Chatterjee, Rahul}, month = aug, year = {2021}, pages = {43--49}, } @inproceedings{muller_TurningAttacksAdvantages_2024, title = {Turning {Attacks} into {Advantages}: {Evading} {HTTP} {Censorship} with {HTTP} {Request} {Smuggling}}, url = {https://foci.community/foci24.html}, booktitle = {Free and {Open} {Communications} on the {Internet}}, author = {Müller, Philipp and Niere, Niklas and Lange, Felix and Somorovsky, Juraj}, year = {2024}, keywords = {Censorship, China, Fragmentation, GFW, TLS}, } @inproceedings{nourin_MeasuringEvadingTurkmenistan_2023, address = {Austin TX USA}, title = {Measuring and {Evading} {Turkmenistan}’s {Internet} {Censorship}: {A} {Case} {Study} in {Large}-{Scale} {Measurements} of a {Low}-{Penetration} {Country}}, isbn = {978-1-4503-9416-1}, shorttitle = {Measuring and {Evading} {Turkmenistan}’s {Internet} {Censorship}}, url = {https://dl.acm.org/doi/10.1145/3543507.3583189}, doi = {10.1145/3543507.3583189}, abstract = {Since 2006, Turkmenistan has been listed as one of the few Internet enemies by Reporters without Borders due to its extensively censored Internet and strictly regulated information control policies. Existing reports of fltering in Turkmenistan rely on a handful of vantage points or test a small number of websites. Yet, the country’s poor Internet adoption rates and small population can make more comprehensive measurement challenging. With a population of only six million people and an Internet penetration rate of only 38\%, it is challenging to either recruit in-country volunteers or obtain vantage points to conduct remote network measurements at scale. We present the largest measurement study to date of Turkmenistan’s Web censorship. To do so, we developed TMC, which tests the blocking status of millions of domains across the three foundational protocols of the Web (DNS, HTTP, and HTTPS). Importantly, TMC does not require access to vantage points in the country. We apply TMC to 15.5M domains, our results reveal that Turkmenistan censors more than 122K domains, using diferent blocklists for each protocol. We also reverse-engineer these censored domains, identifying 6K over-blocking rules causing incidental fltering of more than 5.4M domains. Finally, we use Geneva, an open-source censorship evasion tool, to discover fve new censorship evasion strategies that can defeat Turkmenistan’s censorship at both transport and application layers. We will publicly release both the data collected by TMC and the code for censorship evasion.}, language = {en}, urldate = {2024-06-28}, booktitle = {Proceedings of the {ACM} {Web} {Conference} 2023}, publisher = {ACM}, author = {Nourin, Sadia and Tran, Van and Jiang, Xi and Bock, Kevin and Feamster, Nick and Hoang, Nguyen Phong and Levin, Dave}, month = apr, year = {2023}, pages = {1969--1979}, } @misc{openssl_OpensslTLSSSL_2024, title = {openssl: {TLS}/{SSL} and crypto library}, url = {https://github.com/openssl/openssl}, urldate = {2024-06-20}, author = {{OpenSSL}}, year = {2024}, } @misc{google_Boringssl_2024, title = {boringssl}, url = {https://boringssl.googlesource.com/boringssl/}, urldate = {2024-06-20}, author = {{Google}}, year = {2024}, } @misc{hufrea_HufreaByedpiBypass_2024, title = {hufrea/byedpi: {Bypass} {DPI}}, url = {https://github.com/hufrea/byedpi}, urldate = {2024-06-20}, author = {{hufrea}}, year = {2024}, keywords = {Tools}, } @misc{v2fly_V2rayPlatformBuilding_2024, title = {v2ray: {A} platform for building proxies to bypass network restrictions.}, url = {https://github.com/v2fly/v2ray-core}, urldate = {2024-06-19}, author = {v2fly}, month = jun, year = {2024}, } @inproceedings{frolov_UseTLSCensorship_2019, title = {The use of {TLS} in {Censorship} {Circumvention}}, url = {https://www.ndss-symposium.org/ndss-paper/the-use-of-tls-in-censorship-circumvention/}, language = {en-US}, urldate = {2024-06-05}, booktitle = {Network and {Distributed} {System} {Security}}, publisher = {The Internet Society}, author = {Frolov, Sergey and Wustrow, Eric}, year = {2019}, } @inproceedings{xue_OpenVPNOpenVPN_2022, address = {Boston, MA}, title = {{OpenVPN} is open to {VPN} fingerprinting}, isbn = {978-1-939133-31-1}, url = {https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen}, booktitle = {31st {USENIX} security symposium ({USENIX} security 22)}, publisher = {USENIX Association}, author = {Xue, Diwen and Ramesh, Reethika and Jain, Arham and Kallitsis, Michalis and Halderman, J. Alex and Crandall, Jedidiah R. and Ensafi, Roya}, month = aug, year = {2022}, pages = {483--500}, } @inproceedings{nabi_AnatomyWebCensorship_2013, address = {Washington, D.C.}, title = {The anatomy of web censorship in pakistan}, url = {https://www.usenix.org/conference/foci13/workshop-program/presentation/nabi}, booktitle = {3rd {USENIX} workshop on free and open communications on the internet ({FOCI} 13)}, publisher = {USENIX Association}, author = {Nabi, Zubair}, month = aug, year = {2013}, } @inproceedings{chai_ImportanceEncryptedSNIESNI_2019, address = {Santa Clara, CA}, title = {On the importance of {Encrypted}-{SNI} ({ESNI}) to censorship circumvention}, url = {https://www.usenix.org/conference/foci19/presentation/chai}, booktitle = {9th {USENIX} workshop on free and open communications on the internet ({FOCI} 19)}, publisher = {USENIX Association}, author = {Chai, Zimo and Ghafari, Amirhossein and Houmansadr, Amir}, month = aug, year = {2019}, } @inproceedings{bhaskar_ManyRoadsLead_2022, address = {Boston, MA}, title = {Many roads lead to rome: {How} packet headers influence {DNS} censorship measurement}, isbn = {978-1-939133-31-1}, url = {https://www.usenix.org/conference/usenixsecurity22/presentation/bhaskar}, booktitle = {31st {USENIX} security symposium ({USENIX} security 22)}, publisher = {USENIX Association}, author = {Bhaskar, Abhishek and Pearce, Paul}, month = aug, year = {2022}, pages = {449--464}, } @inproceedings{anonymous_TripletCensorsDemystifying_2020, title = {Triplet censors: {Demystifying} great {Firewall}’s {DNS} censorship behavior}, url = {https://www.usenix.org/conference/foci20/presentation/anonymous}, booktitle = {10th {USENIX} workshop on free and open communications on the internet ({FOCI} 20)}, publisher = {USENIX Association}, author = {{Anonymous} and Niaki, Arian Akhavan and Hoang, Nguyen Phong and Gill, Phillipa and Houmansadr, Amir}, month = aug, year = {2020}, } @inproceedings{jermyn_AutosondaDiscoveringRules_2017, title = {Autosonda: {Discovering} {Rules} and {Triggers} of {Censorship} {Devices}}, shorttitle = {Autosonda}, url = {https://www.usenix.org/conference/foci17/workshop-program/presentation/jermyn}, language = {en}, urldate = {2024-06-13}, author = {Jermyn, Jill and Weaver, Nicholas}, year = {2017}, } @inproceedings{elmenhorst_WebCensorshipMeasurements_2021, address = {New York, NY, USA}, series = {{IMC} '21}, title = {Web censorship measurements of {HTTP}/3 over {QUIC}}, isbn = {978-1-4503-9129-0}, url = {https://dl.acm.org/doi/10.1145/3487552.3487836}, doi = {10.1145/3487552.3487836}, abstract = {Web traffic censorship limits the free access to information, making it a global human rights issue. The introduction of HTTP/3 (HTTP over QUIC) yields promising expectations to counteract such interference, due to its novelty, build-in encryption, and faster connection establishment. To evaluate this hypothesis and analyze the current state of HTTP/3 blocking, we extended the open-source censorship measurement-tool OONI with an HTTP/3 module. Using an input list of possibly-blocked websites, real-world measurements with HTTPS and HTTP/3 were conducted in selected Autonomous Systems in China, Iran, India, and Kazakhstan. The presented evaluation assesses the different blocking methodologies employed for TCP/TLS versus the ones employed for QUIC. The results reveal dedicated UDP blocking in Iran and major IP blocklisting affecting QUIC in China and India.}, urldate = {2024-06-05}, booktitle = {Proceedings of the 21st {ACM} {Internet} {Measurement} {Conference}}, publisher = {Association for Computing Machinery}, author = {Elmenhorst, Kathrin and Schütz, Bertram and Aschenbruck, Nils and Basso, Simone}, month = nov, year = {2021}, pages = {276--282}, } @inproceedings{bocovich_SnowflakeCensorshipCircumvention_2024, title = {Snowflake, a censorship circumvention system using temporary {WebRTC} proxies}, abstract = {Snowflake is a system for circumventing Internet censorship. Its blocking resistance comes from the use of numerous, ultralight, temporary proxies (“snowflakes”), which accept traffic from censored clients using peer-to-peer WebRTC protocols and forward it to a centralized bridge. The temporary proxies are simple enough to be implemented in JavaScript, in a web page or browser extension, making them much cheaper to run than a traditional proxy or VPN server. The large and changing pool of proxy addresses resists enumeration and blocking by a censor. The system is designed with the assumption that proxies may appear or disappear at any time. Clients discover proxies dynamically using a secure rendezvous protocol. When an in-use proxy goes offline, its client switches to another on the fly, invisibly to upper network layers. Snowflake has been deployed with success in Tor Browser and Orbot for several years. It has been a significant circumvention tool during high-profile network disruptions, including in Russia in 2021 and Iran in 2022. In this paper, we explain the composition of Snowflake’s many parts, give a history of deployment and blocking attempts, and reflect on implications for circumvention generally.}, language = {en}, booktitle = {33rd {USENIX} {Security} {Symposium} ({USENIX} {Security} 24)}, author = {Bocovich, Cecylia and Breault, Arlo and Fifield, David and Serene and Wang, Xiaokang}, year = {2024}, } @inproceedings{wu_HowGreatFirewall_2023, title = {How the {Great} {Firewall} of {China} {Detects} and {Blocks} {Fully} {Encrypted} {Traffic}}, isbn = {978-1-939133-37-3}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/wu-mingshi}, language = {en}, urldate = {2024-06-04}, author = {Wu, Mingshi and Sippe, Jackson and Sivakumar, Danesh and Burg, Jack and Anderson, Peter and Wang, Xiaokang and Bock, Kevin and Houmansadr, Amir and Levin, Dave and Wustrow, Eric}, year = {2023}, pages = {2653--2670}, } @inproceedings{bock_ComeYouAre_2020, address = {Virtual Event USA}, title = {Come as {You} {Are}: {Helping} {Unmodified} {Clients} {Bypass} {Censorship} with {Server}-side {Evasion}}, isbn = {978-1-4503-7955-7}, shorttitle = {Come as {You} {Are}}, url = {https://dl.acm.org/doi/10.1145/3387514.3405889}, doi = {10.1145/3387514.3405889}, abstract = {Decades of work on censorship evasion have resulted in myriad ways to empower clients with the ability to access censored content, but to our knowledge all of them have required some degree of client-side participation. Having to download and run anticensorship software can put users at risk, and does not help the many users who do not even realize they are being censored in the first place.}, language = {en}, urldate = {2024-06-04}, booktitle = {Proceedings of the {Annual} conference of the {ACM} {Special} {Interest} {Group} on {Data} {Communication} on the applications, technologies, architectures, and protocols for computer communication}, publisher = {ACM}, author = {Bock, Kevin and Hughey, George and Merino, Louis-Henri and Arya, Tania and Liscinsky, Daniel and Pogosian, Regina and Levin, Dave}, month = jul, year = {2020}, pages = {586--598}, } @misc{_HttpsWwwUsenix_b, title = {https://www.usenix.org/system/files/sec24fall-prepub-310-hoang.pdf}, url = {https://www.usenix.org/system/files/sec24fall-prepub-310-hoang.pdf}, urldate = {2024-06-04}, } @article{hoang_GFWebMeasuringGreat_, title = {{GFWeb}: {Measuring} the {Great} {Firewall}’s {Web} {Censorship} at {Scale}}, abstract = {Censorship systems such as the Great Firewall (GFW) have been continuously refined to enhance their filtering capabilities. However, most prior studies, and in particular the GFW, have been limited in scope and conducted over short time periods, leading to gaps in our understanding of the GFW’s evolving Web censorship mechanisms over time. We introduce GFWeb, a novel system designed to discover domain blocklists used by the GFW for censoring Web access. GFWeb exploits GFW’s bidirectional and loss-tolerant blocking behavior to enable testing hundreds of millions of domains on a monthly basis, thereby facilitating large-scale longitudinal measurement of HTTP and HTTPS blocking mechanisms.}, language = {en}, author = {Hoang, Nguyen Phong and Dalek, Jakub and Crete-Nishihata, Masashi and Christin, Nicolas and Yegneswaran, Vinod and Polychronakis, Michalis and Feamster, Nick}, } @article{fifield_BlockingresistantCommunicationDomain_2015, title = {Blocking-resistant communication through domain fronting}, volume = {2015}, copyright = {http://creativecommons.org/licenses/by-nc-nd/3.0/}, issn = {2299-0984}, url = {https://petsymposium.org/popets/2015/popets-2015-0009.php}, doi = {10.1515/popets-2015-0009}, abstract = {We describe “domain fronting,” a versatile censorship circumvention technique that hides the remote endpoint of a communication. Domain fronting works at the application layer, using HTTPS, to communicate with a forbidden host while appearing to communicate with some other host, permitted by the censor. The key idea is the use of different domain names at different layers of communication. One domain appears on the “outside” of an HTTPS request—in the DNS request and TLS Server Name Indication—while another domain appears on the “inside”—in the HTTP Host header, invisible to the censor under HTTPS encryption. A censor, unable to distinguish fronted and nonfronted traffic to a domain, must choose between allowing circumvention traffic and blocking the domain entirely, which results in expensive collateral damage. Domain fronting is easy to deploy and use and does not require special cooperation by network intermediaries. We identify a number of hard-to-block web services, such as content delivery networks, that support domain-fronted connections and are useful for censorship circumvention. Domain fronting, in various forms, is now a circumvention workhorse. We describe several months of deployment experience in the Tor, Lantern, and Psiphon circumvention systems, whose domain-fronting transports now connect thousands of users daily and transfer many terabytes per month.}, language = {en}, number = {2}, urldate = {2024-05-31}, journal = {Proceedings on Privacy Enhancing Technologies}, author = {Fifield, David and Lan, Chang and Hynes, Rod and Wegmann, Percy and Paxson, Vern}, month = jun, year = {2015}, pages = {46--64}, } @inproceedings{subramani_DiscoveringMeasuringCDNs_2024, address = {Singapore Singapore}, title = {Discovering and {Measuring} {CDNs} {Prone} to {Domain} {Fronting}}, isbn = {9798400701719}, url = {https://dl.acm.org/doi/10.1145/3589334.3645656}, doi = {10.1145/3589334.3645656}, abstract = {Domain fronting is a network communication technique that involves leveraging (or abusing) content delivery networks (CDNs) to disguise the final destination of network packets by presenting them as if they were intended for a different domain than their actual endpoint. This technique can be used for both benign and malicious purposes, such as circumventing censorship or hiding malware-related communications from network security systems. Since domain fronting has been known for a few years, some popular CDN providers have implemented traffic filtering approaches to curb its use at their CDN infrastructure. However, it remains unclear to what extent domain fronting has been mitigated.}, language = {en}, urldate = {2024-05-31}, booktitle = {Proceedings of the {ACM} on {Web} {Conference} 2024}, publisher = {ACM}, author = {Subramani, Karthika and Perdisci, Roberto and Skafidas, Pierros-Christos and Antonakakis, Manos}, month = may, year = {2024}, pages = {1859--1867}, } @mastersthesis{heitmann_AutomatedEvaluationQUIC_2024, title = {Automated {Evaluation} of {QUIC} {Censorship}}, school = {Paderborn University}, author = {Heitmann, Nico}, year = {2024}, } @article{master_WorldwideViewNationstate_2023, title = {A {Worldwide} {View} of {Nation}-state {Internet} {Censorship}}, url = {https://petsymposium.org/foci/2023/foci-2023-0008.php}, urldate = {2024-05-08}, journal = {Free and Open Communications on the Internet}, author = {Master, Alexander and Garman, Christina}, year = {2023}, } @misc{funkerwolf__2020, url = {https://qna.habr.com/q/862669}, urldate = {2022-01-07}, author = {{funkerwolf}}, year = {2020}, } @misc{cloudflare2023stats, title = {Internet traffic trends in {China}}, url = {https://radar.cloudflare.com/adoption-and-usage/cn}, author = {{Cloudflare}}, month = apr, year = {2023}, } @inproceedings{yadav_WhereLightGets_2018, address = {New York, NY, USA}, series = {{IMC} '18}, title = {Where {The} {Light} {Gets} {In}: {Analyzing} {Web} {Censorship} {Mechanisms} in {India}}, isbn = {978-1-4503-5619-0}, shorttitle = {Where {The} {Light} {Gets} {In}}, url = {https://doi.org/10.1145/3278532.3278555}, doi = {10.1145/3278532.3278555}, abstract = {In this work we present a detailed study of the Internet censorship mechanism in India. We consolidated a list of potentially blocked websites from various public sources to assess censorship mechanisms used by nine major ISPs. To begin with, we demonstrate that existing censorship detection tools like OONI are grossly inaccurate. We thus developed various techniques and heuristics to correctly assess censorship and study the underlying mechanism used by these ISPs. At every step we corroborated our finding manually to test the efficacy of our approach, an exercise largely ignored by several others. We fortify our findings by adjudging the coverage and consistency of censorship infrastructure, broadly in terms of average number of network paths and requested domains the infrastructure censors. Our results indicate a clear disparity among the ISPs, on how they install censorship infrastructure. For instance, in Idea network we observed the censorious middleboxes in over 90\% of our tested intra-AS paths, whereas for Vodafone, it is as low as 2.5\%. We conclude our research by devising our own novel anti-censorship strategies, that does not depend on third party tools (like proxies, Tor and VPNs etc.). We managed to access all blocked websites in all ISPs under test.}, urldate = {2024-05-03}, booktitle = {Proceedings of the {Internet} {Measurement} {Conference} 2018}, publisher = {Association for Computing Machinery}, author = {Yadav, Tarun Kumar and Sinha, Akshat and Gosain, Devashish and Sharma, Piyush Kumar and Chakravarty, Sambuddho}, month = oct, year = {2018}, keywords = {Censorship, India, OONI}, pages = {252--264}, } @misc{projectx_ProjectCommunity_, title = {Project {X} {Community}}, url = {https://github.com/XTLS}, abstract = {Cryptography and Internet. XTLS are brilliant ideas for TLS we study, while Xray is the best practice we maintain. - Project X Community}, language = {en}, urldate = {2024-05-13}, journal = {GitHub}, author = {{Project X}}, keywords = {Tools}, } @misc{psiphoninc._PsiphonUncensoredInternet_, title = {Psiphon {\textbar} {Uncensored} {Internet} access for {Windows} and {Mobile}}, url = {https://psiphon.ca/}, abstract = {Psiphon is circumvention software for Windows and Mobile platforms that provides uncensored access to Internet content}, urldate = {2023-05-03}, author = {{Psiphon Inc.}}, keywords = {Tools}, } @misc{greaterfire_TrojanProtocol_, title = {The {Trojan} {Protocol}}, url = {https://trojan-gfw.github.io/trojan/protocol.html}, abstract = {An unidentifiable mechanism that helps you bypass GFW.}, language = {en-US}, urldate = {2023-04-27}, journal = {trojan}, author = {{GreaterFire}}, keywords = {Tools}, } @misc{funkerwolf_PochemuRostelekomBlokiruet_2020, title = {Почему Ростелеком блокирует {ESNI} трафик?}, url = {https://qna.habr.com/q/862669}, abstract = {Ответили на вопрос 1 человек. Оцените лучшие ответы! И подпишитесь на вопрос, чтобы узнавать о появлении новых ответов.}, language = {ru}, urldate = {2024-05-08}, journal = {Хабр Q\&A — вопросы и ответы}, author = {Funkerwolf}, month = oct, year = {2020}, } @misc{wagner_PoliticsInternetFiltering_, title = {The {Politics} of {Internet} {Filtering}: {The} {United} {Kingdom} and {Germany} in a {Comparative} {Perspective} - {Ben} {Wagner}, 2014}, url = {https://journals.sagepub.com/doi/full/10.1111/1467-9256.12031}, urldate = {2024-05-08}, author = {Wagner, Ben}, } @misc{bock_ExposingCircumventingChina_2020, title = {Exposing and {Circumventing} {China}'s {Censorship} of {ESNI}}, url = {https://gfw.report/blog/gfw_esni_blocking/en/}, urldate = {2022-01-06}, author = {Bock, Kevin and {iyouport} and {Anonymous} and Merino, Louis-Henri and Fifield, David and Houmansadr, Amir and Levin, Dave}, year = {2020}, } @inproceedings{abdelberi_CensorshipWildAnalyzing_2014, title = {Censorship in the {Wild}: {Analyzing} {Internet} {Filtering} in {Syria}}, url = {https://doi.org/10.1145/2663716.2663720}, doi = {10.1145/2663716.2663720}, booktitle = {Proceedings of the 2014 {Internet} {Measurement} {Conference}, {IMC} 2014, {Vancouver}, {BC}, {Canada}, {November} 5-7, 2014}, publisher = {ACM}, author = {Abdelberi, Chaabane and Chen, Terence and Cunche, Mathieu and Cristofaro, Emiliano De and Friedman, Arik and Kâafar, Mohamed Ali}, editor = {Williamson, Carey and Akella, Aditya and Taft, Nina}, year = {2014}, keywords = {Syria}, pages = {285--298}, } @inproceedings{clayton_IgnoringGreatFirewall_2006, address = {Berlin, Heidelberg}, title = {Ignoring the {Great} {Firewall} of {China}}, isbn = {978-3-540-68793-1}, doi = {10.1007/11957454_2}, abstract = {The so-called “Great Firewall of China” operates, in part, by inspecting TCP packets for keywords that are to be blocked. If the keyword is present, TCP reset packets (viz: with the RST flag set) are sent to both endpoints of the connection, which then close. However, because the original packets are passed through the firewall unscathed, if the endpoints completely ignore the firewall’s resets, then the connection will proceed unhindered. Once one connection has been blocked, the firewall makes further easy-to-evade attempts to block further connections from the same machine. This latter behaviour can be leveraged into a denial-of-service attack on third-party machines.}, language = {en}, booktitle = {Privacy {Enhancing} {Technologies}}, publisher = {Springer}, author = {Clayton, Richard and Murdoch, Steven J. and Watson, Robert N. M.}, editor = {Danezis, George and Golle, Philippe}, year = {2006}, keywords = {Child Pornography, Domain Name System, Intrusion Detection System, Port Number, Transmission Control Protocol}, pages = {20--35}, } @misc{gfwatch_GFWatchDashboard_, title = {{GFWatch} {Dashboard}}, url = {https://gfwatch.org/overview}, urldate = {2023-05-09}, author = {{gfwatch}}, keywords = {Tools}, } @article{ermoshina_MarketBlackBoxes_2021, title = {A market of black boxes: {The} political economy of {Internet} surveillance and censorship in {Russia}}, volume = {19}, shorttitle = {A market of black boxes}, doi = {10.1080/19331681.2021.1905972}, abstract = {In recent years, the Russian Internet has developed according to strong centralizing and State-controlling tendencies, both in terms of legal instruments and technical infrastructure. This strategy implies a strong push to develop Russian-made technical solutions for censorship and traffic interception. Thus, a promising market has opened for Russian vendors of software and hardware solutions for traffic surveillance and filtering. Drawing from a mixed-methods approach and perspectives grounded primarily in Science and Technology Studies (STS), infrastructure studies and the political economy of information networks, this paper aims at exploring the flourishing sector of Russian industry of censorship and surveillance. We focus on two kinds of “black boxes” and examine their influence on the market of Internet Service Providers: surveillance systems known as SORM (System for Operative Investigative Activities), and traffic filtering solutions used to block access to websites that have been blacklisted by Roskomnadzor, the Russian federal watchdog for media and telecommunications. This research sheds light on the vivid debates around controversial technologies which Internet actors must adopt in order to avoid government fines, but which are expensive and complex to implement and raise a number of ethical and political concerns.}, journal = {Journal of Information Technology \& Politics}, author = {Ermoshina, Ksenia and Loveluck, Benjamin and Musiani, Francesca}, month = apr, year = {2021}, pages = {1--16}, } @inproceedings{bock_YourCensorMy_2021, title = {Your {Censor} is {My} {Censor}: {Weaponizing} {Censorship} {Infrastructure} for {Availability} {Attacks}}, shorttitle = {Your {Censor} is {My} {Censor}}, url = {https://ieeexplore.ieee.org/abstract/document/9474303}, doi = {10.1109/SPW53761.2021.00059}, abstract = {Nationwide Internet censorship threatens free and open access to communication and information for millions of users living inside of censoring regimes. In this paper, we show that this poses an even greater threat to the Internet than previously understood. We demonstrate an off-path attack that exploits a little-studied but widespread feature of many censoring infrastructures: residual censorship, in which a censor continues blocking traffic between two end-hosts for some time after a censorship event. Our attack sends spoofed packets with censored content, keeping two victim end-hosts separated by a censor from being able to communicate with one another. Although conceptually simple, this attack has several challenges, which we address. We demonstrate the feasibility of the attack through two studies: one to capture the current state of residual censorship, and another to actually launch the attack (against machines we control). We show that the attack can be launched despite stateful TCP tracking used by many censors, and that it also works against those who censor by null-routing. We will be making our code publicly available.}, urldate = {2024-05-08}, booktitle = {2021 {IEEE} {Security} and {Privacy} {Workshops} ({SPW})}, author = {Bock, Kevin and Bharadwaj, Pranav and Singh, Jasraj and Levin, Dave}, month = may, year = {2021}, keywords = {Censorship, Conferences, Internet, Open Access, Privacy, Security, Weapons, availability attacks, censorship, denial of service, weaponizing}, pages = {398--409}, } @inproceedings{ramesh_DecentralizedControlCase_2020, address = {San Diego, CA}, title = {Decentralized {Control}: {A} {Case} {Study} of {Russia}}, isbn = {978-1-891562-61-7}, shorttitle = {Decentralized {Control}}, url = {https://www.ndss-symposium.org/wp-content/uploads/2020/02/23098.pdf}, doi = {10.14722/ndss.2020.23098}, abstract = {Until now, censorship research has largely focused on highly centralized networks that rely on government-run technical choke-points, such as the Great Firewall of China. Although it was previously thought to be prohibitively difficult, large-scale censorship in decentralized networks are on the rise. Our in-depth investigation of the mechanisms underlying decentralized information control in Russia shows that such large-scale censorship can be achieved in decentralized networks through inexpensive commodity equipment. This new form of information control presents a host of problems for censorship measurement, including difficulty identifying censored content, requiring measurements from diverse perspectives, and variegated censorship mechanisms that require significant effort to identify in a robust manner.}, language = {en}, urldate = {2024-05-08}, booktitle = {Proceedings 2020 {Network} and {Distributed} {System} {Security} {Symposium}}, publisher = {Internet Society}, author = {Ramesh, Reethika and Raman, Ram Sundara and Bernhard, Matthew and Ongkowijaya, Victor and Evdokimov, Leonid and Edmundson, Anne and Sprecher, Steven and Ikram, Muhammad and Ensafi, Roya}, year = {2020}, } @article{baron_AccessOnlineInternet_2015, title = {Access {Online}: {Internet} {Governance} and {Image} in {Cuba}}, volume = {34}, copyright = {© 2014 The Authors. Bulletin of Latin American Research © 2014 Society for Latin American Studies. Published by John Wiley \& Sons Ltd}, issn = {1470-9856}, shorttitle = {Access {Online}}, url = {https://onlinelibrary.wiley.com/doi/abs/10.1111/blar.12263}, doi = {10.1111/blar.12263}, abstract = {This article examines the restrictions on internet access in Cuba and asks to what extent the lack of access to the World Wide Web has helped to maintain (with some evident changes), the socialist status quo on the island. The article will also examine how the internet is used to represent the nation externally and ultimately argues that the Cuban government is negotiating a fine line between taking full economic advantage of what the internet can offer and hampering its use as a mechanism for the subversion of the Revolution in the face of continued US aggression.}, language = {en}, number = {3}, urldate = {2024-05-08}, journal = {Bulletin of Latin American Research}, author = {Baron, Guy and Hall, Gareth}, year = {2015}, note = {\_eprint: https://onlinelibrary.wiley.com/doi/pdf/10.1111/blar.12263}, keywords = {Cuba, access, countries, developing, internet, online}, pages = {340--355}, } @inproceedings{padmanabhan_MultiperspectiveViewInternet_2021, address = {New York, NY, USA}, series = {{FOCI} '21}, title = {A multi-perspective view of {Internet} censorship in {Myanmar}}, isbn = {978-1-4503-8640-1}, url = {https://dl.acm.org/doi/10.1145/3473604.3474562}, doi = {10.1145/3473604.3474562}, abstract = {In the wake of a military coup in February 2021, Myanmar experienced unprecedented levels of Internet censorship. Beginning with haphazard blocking of social media and intermittent Internet connectivity outages, controls proceeded to stricter blocking of websites, the shutdown of cellular data in several networks, and nearly complete disconnection from the Internet every night. In this study, we use diverse datasets and measurement methods to offer a holistic view into the censorship events in Myanmar that occurred since the coup and show how Internet censorship evolved during this time.}, urldate = {2024-05-08}, booktitle = {Proceedings of the {ACM} {SIGCOMM} 2021 {Workshop} on {Free} and {Open} {Communications} on the {Internet}}, publisher = {Association for Computing Machinery}, author = {Padmanabhan, Ramakrishna and Filastò, Arturo and Xynou, Maria and Raman, Ram Sundara and Middleton, Kennedy and Zhang, Mingwei and Madory, Doug and Roberts, Molly and Dainotti, Alberto}, month = aug, year = {2021}, keywords = {Availability, Internet censorship, Internet outages, Myanmar}, pages = {27--36}, } @inproceedings{bock_GenevaEvolvingCensorship_2019, address = {New York, NY, USA}, series = {{CCS} '19}, title = {Geneva: {Evolving} {Censorship} {Evasion} {Strategies}}, isbn = {978-1-4503-6747-9}, shorttitle = {Geneva}, url = {https://dl.acm.org/doi/10.1145/3319535.3363189}, doi = {10.1145/3319535.3363189}, abstract = {Researchers and censoring regimes have long engaged in a cat-and-mouse game, leading to increasingly sophisticated Internet-scale censorship techniques and methods to evade them. In this paper, we take a drastic departure from the previously manual evade-detect cycle by developing techniques to automate the discovery of censorship evasion strategies. We present Geneva, a novel genetic algorithm that evolves packet-manipulation-based censorship evasion strategies against nation-state level censors. Geneva composes, mutates, and evolves sophisticated strategies out of four basic packet manipulation primitives (drop, tamper headers, duplicate, and fragment). With experiments performed both in-lab and against several real censors (in China, India, and Kazakhstan), we demonstrate that Geneva is able to quickly and independently re-derive most strategies from prior work, and derive novel subspecies and altogether new species of packet manipulation strategies. Moreover, Geneva discovers successful strategies that prior work posited were not effective, and evolves extinct strategies into newly working variants. We analyze the novel strategies Geneva creates to infer previously unknown behavior in censors. Geneva is a first step towards automating censorship evasion; to this end, we have made our code and data publicly available.}, urldate = {2024-05-08}, booktitle = {Proceedings of the 2019 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Bock, Kevin and Hughey, George and Qiang, Xiao and Levin, Dave}, month = nov, year = {2019}, keywords = {Geneva, censorship, genetic algorithms}, pages = {2199--2214}, } @inproceedings{singh_HowIndiaCensors_2020, address = {New York, NY, USA}, series = {{WebSci} '20}, title = {How {India} {Censors} the {Web}}, isbn = {978-1-4503-7989-2}, url = {https://dl.acm.org/doi/10.1145/3394231.3397891}, doi = {10.1145/3394231.3397891}, abstract = {One of the primary ways in which India engages in online censorship is by ordering Internet Service Providers (ISPs) operating in its jurisdiction to block access to certain websites for its users. This paper reports the different techniques Indian ISPs are using to censor websites, and investigates whether website blocklists are consistent across ISPs. We propose a suite of tests that prove more robust than previous work in detecting DNS and HTTP based censorship. Our tests also discern the use of SNI inspection for blocking websites, which is previously undocumented in the Indian context. Using information from court orders, user reports and government orders, we compile the largest known list of potentially blocked websites in India. We pass this list to our tests and run them from connections of six different ISPs, which together serve more than 98\% of Internet users in India. Our findings not only confirm that ISPs are using different techniques to block websites, but also demonstrate that different ISPs are not blocking the same websites.}, urldate = {2024-05-08}, booktitle = {Proceedings of the 12th {ACM} {Conference} on {Web} {Science}}, publisher = {Association for Computing Machinery}, author = {Singh, Kushagra and Grover, Gurshabad and Bansal, Varun}, month = jul, year = {2020}, keywords = {India, Internet Censorship Analysis, Internet Service Providers}, pages = {21--28}, } @article{jin_UnderstandingPracticesGlobal_2021, title = {Understanding the {Practices} of {Global} {Censorship} through {Accurate}, {End}-to-{End} {Measurements}}, volume = {5}, url = {https://dl.acm.org/doi/10.1145/3491055}, doi = {10.1145/3491055}, abstract = {It is challenging to conduct a large scale Internet censorship measurement, as it involves triggering censors through artificial requests and identifying abnormalities from corresponding responses. Due to the lack of ground truth on the expected responses from legitimate services, previous studies typically require a heavy, unscalable manual inspection to identify false positives while still leaving false negatives undetected. In this paper, we propose Disguiser, a novel framework that enables end-to-end measurement to accurately detect the censorship activities and reveal the censor deployment without manual efforts. The core of Disguiser is a control server that replies with a static payload to provide the ground truth of server responses. As such, we send requests from various types of vantage points across the world to our control server, and the censorship activities can be recognized if a vantage point receives a different response. In particular, we design and conduct a cache test to pre-exclude the vantage points that could be interfered by cache proxies along the network path. Then we perform application traceroute towards our control server to explore censors' behaviors and their deployment. With Disguiser, we conduct 58 million measurements from vantage points in 177 countries. We observe 292 thousand censorship activities that block DNS, HTTP, or HTTPS requests inside 122 countries, achieving a 10{\textasciicircum}-6 false positive rate and zero false negative rate. Furthermore, Disguiser reveals the censor deployment in 13 countries.}, number = {3}, urldate = {2024-05-08}, journal = {Proceedings of the ACM on Measurement and Analysis of Computing Systems}, author = {Jin, Lin and Hao, Shuai and Wang, Haining and Cotton, Chase}, month = dec, year = {2021}, keywords = {censorship, disguiser, end-to-end measurements}, pages = {43:1--43:25}, } @inproceedings{wails_PreciselyDetectingCensorship_2024, address = {San Diego, CA, USA}, title = {On {Precisely} {Detecting} {Censorship} {Circumvention} in {Real}-{World} {Networks}}, isbn = {978-1-891562-93-8}, url = {https://www.ndss-symposium.org/wp-content/uploads/2024-394-paper.pdf}, doi = {10.14722/ndss.2024.23394}, abstract = {The understanding of realistic censorship threats enables the development of more resilient censorship circumvention systems, which are vitally important for advancing human rights and fundamental freedoms. We argue that current stateof-the-art methods for detecting circumventing flows in Tor are unrealistic: they are overwhelmed with false positives ({\textgreater} 94\%), even when considering conservatively high base rates (10−3). In this paper, we present a new methodology for detecting censorship circumvention in which a deep-learning flow-based classifier is combined with a host-based detection strategy that incorporates information from multiple flows over time. Using over 60,000,000 real-world network flows to over 600,000 destinations, we demonstrate how our detection methods become more precise as they temporally accumulate information, allowing us to detect circumvention servers with perfect recall and no false positives. Our evaluation considers a range of circumventing flow base rates spanning six orders of magnitude and real-world protocol distributions. Our findings suggest that future circumvention system designs need to more carefully consider host-based detection strategies, and we offer suggestions for designs that are more resistant to these attacks.}, language = {en}, urldate = {2024-05-08}, booktitle = {Proceedings 2024 {Network} and {Distributed} {System} {Security} {Symposium}}, publisher = {Internet Society}, author = {Wails, Ryan and Sullivan, George Arnold and Sherr, Micah and Jansen, Rob}, year = {2024}, } @inproceedings{tsai_ModelingDetectingInternet_2024, address = {San Diego, CA, USA}, title = {Modeling and {Detecting} {Internet} {Censorship} {Events}}, isbn = {978-1-891562-93-8}, url = {https://www.ndss-symposium.org/wp-content/uploads/2024-409-paper.pdf}, doi = {10.14722/ndss.2024.23409}, abstract = {Publicly accessible censorship datasets, such as OONI and Censored Planet, provide valuable resources for understanding global censorship events. However, censorship event detection in these datasets is challenging due to the overwhelming amount of data, the dynamic nature of censorship, and potentially heterogeneous blocking policies across networks in the same country. This paper presents CenDTect, an unsupervised learning system based on decision trees that overcomes the scalability issue of manual analysis and the interpretability issues of previous timeseries methods. CenDTect employs iterative parallel DBSCAN to identify domains with similar blocking patterns, using an adapted cross-classification accuracy as the distance metric. The system analyzes more than 70 billion data points from Censored Planet between January 2019 and December 2022, discovering 15,360 HTTP(S) event clusters in 192 countries and 1,166 DNS event clusters in 77 countries. By evaluating CenDTect’s findings with a curated list of 38 potential censorship events from news media and reports, we show how all events confirmed by the manual inspection are easy to characterize with CenDTect’s output. We report more than 100 ASes in 32 countries with persistent ISP blocking. Additionally, we identify 11 temporary blocking events in clusters discovered in 2022, observed during periods of election, political unrest, protest, and war. Our approach provides informative and interpretable outputs, making censorship data more accessible to data consumers including researchers, journalists, and NGOs.}, language = {en}, urldate = {2024-05-08}, booktitle = {Proceedings 2024 {Network} and {Distributed} {System} {Security} {Symposium}}, publisher = {Internet Society}, author = {Tsai, Elisa and Raman, Ram Sundara and Prakash, Atul and Ensafi, Roya}, year = {2024}, } @inproceedings{raman_NetworkMeasurementMethods_2022, address = {New York, NY, USA}, series = {{CoNEXT} '22}, title = {Network measurement methods for locating and examining censorship devices}, isbn = {978-1-4503-9508-3}, url = {https://dl.acm.org/doi/10.1145/3555050.3569133}, doi = {10.1145/3555050.3569133}, abstract = {Advances in networking and firewall technology have led to the emergence of network censorship devices that can perform large-scale, highly-performant content blocking. While such devices have proliferated, techniques to locate, identify, and understand them are still limited, require cumbersome manual effort, and are developed on a case-by-case basis. In this paper, we build robust, general-purpose methods to understand various aspects of censorship devices, and study devices deployed in 4 countries (Azerbaijan, Belarus, Kazakhstan, and Russia). We develop a censorship traceroute method, CenTrace, that automatically identifies the network location of censorship devices. We use banner grabs to identify vendors from potential censorship devices. To collect more features about the devices themselves, we build a censorship fuzzer, CenFuzz, that uses various HTTP request and TLS Client Hello fuzzing strategies to examine the rules and triggers of censorship devices. Finally, we use features collected using these methods to cluster censorship devices and explore device characteristics across deployments. Using CenTrace measurements, we find that censorship devices are often deployed in ISPs upstream to clients, sometimes even in other countries. Using data from banner grabs and injected block-pages, we identify 23 commercial censorship device deployments in Azerbaijan, Belarus, Kazakhstan, and Russia. We observe that certain CenFuzz strategies such as using a different HTTP method succeed in evading a large portion of these censorship devices, and observe that devices manufactured by the same vendors have similar evasion behavior using clustering. The methods developed in this paper apply consistently and rapidly across a wide range of censorship devices and enable continued understanding and monitoring of censorship devices around the world.}, urldate = {2024-05-08}, booktitle = {Proceedings of the 18th {International} {Conference} on emerging {Networking} {EXperiments} and {Technologies}}, publisher = {Association for Computing Machinery}, author = {Raman, Ram Sundara and Wang, Mona and Dalek, Jakub and Mayer, Jonathan and Ensafi, Roya}, month = nov, year = {2022}, keywords = {censorship, measurement, network fingerprinting}, pages = {18--34}, } @inproceedings{niaki_ICLabGlobalLongitudinal_2020, title = {{ICLab}: {A} {Global}, {Longitudinal} {Internet} {Censorship} {Measurement} {Platform}}, shorttitle = {{ICLab}}, url = {https://ieeexplore.ieee.org/document/9152784}, doi = {10.1109/SP40000.2020.00014}, abstract = {Researchers have studied Internet censorship for nearly as long as attempts to censor contents have taken place. Most studies have however been limited to a short period of time and / or a few countries; the few exceptions have traded off detail for breadth of coverage. Collecting enough data for a comprehensive, global, longitudinal perspective remains challenging.In this work, we present ICLab, an Internet measurement platform specialized for censorship research. It achieves a new balance between breadth of coverage and detail of measurements, by using commercial VPNs as vantage points distributed around the world. ICLab has been operated continuously since late 2016. It can currently detect DNS manipulation and TCP packet injection, and overt "block pages" however they are delivered. ICLab records and archives raw observations in detail, making retrospective analysis with new techniques possible. At every stage of processing, ICLab seeks to minimize false positives and manual validation.Within 53,906,532 measurements of individual web pages, collected by ICLab in 2017 and 2018, we observe blocking of 3,602 unique URLs in 60 countries. Using this data, we compare how different blocking techniques are deployed in different regions and/or against different types of content. Our longitudinal monitoring pinpoints changes in censorship in India and Turkey concurrent with political shifts, and our clustering techniques discover 48 previously unknown block pages. ICLab's broad and detailed measurements also expose other forms of network interference, such as surveillance and malware injection.}, urldate = {2024-05-08}, booktitle = {2020 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})}, author = {Niaki, Arian Akhavan and Cho, Shinyoung and Weinberg, Zachary and Hoang, Nguyen Phong and Razaghpanah, Abbas and Christin, Nicolas and Gill, Phillipa}, month = may, year = {2020}, note = {ISSN: 2375-1207}, keywords = {Browsers, Censorship, IP networks, Internet, Monitoring, Servers, Virtual private networks}, pages = {135--151}, } @inproceedings{li_LibErateLibrary_2017, address = {New York, NY, USA}, series = {{IMC} '17}, title = {lib•erate, (n): a library for exposing (traffic-classification) rules and avoiding them efficiently}, isbn = {978-1-4503-5118-8}, shorttitle = {lib•erate, (n)}, url = {https://dl.acm.org/doi/10.1145/3131365.3131376}, doi = {10.1145/3131365.3131376}, abstract = {Middleboxes implement a variety of network management policies (e.g., prioritizing or blocking traffic) in their networks. While such policies can be beneficial (e.g., blocking malware) they also raise issues of network neutrality and freedom of speech when used for application-specific differentiation and censorship. There is a poor understanding of how such policies are implemented in practice, and how they can be evaded efficiently. As a result, most circumvention solutions are brittle, point solutions based on manual analysis. This paper presents the design and implementation of lib•erate, a tool for automatically identifying middlebox policies, reverse-engineering their implementations, and adaptively deploying custom circumvention techniques. Unlike previous work, our approach is application-agnostic, can be deployed unilaterally (i.e., only at one endpoint) on unmodified applications via a linked library or transparent proxy, and can adapt to changes to classifiers at runtime. We implemented a lib•erate prototype as a transparent proxy and evaluate it both in a testbed environment and in operational networks that throttle or block traffic based on DPI-based classifier rules, and show that our approach is effective across a wide range of middlebox deployments.}, urldate = {2024-05-08}, booktitle = {Proceedings of the 2017 {Internet} {Measurement} {Conference}}, publisher = {Association for Computing Machinery}, author = {Li, Fangfan and Razaghpanah, Abbas and Kakhki, Arash Molavi and Niaki, Arian Akhavan and Choffnes, David and Gill, Phillipa and Mislove, Alan}, month = nov, year = {2017}, keywords = {network neutrality, traffic differentiation}, pages = {128--141}, } @inproceedings{bock_EvenCensorsHave_2021, address = {New York, NY, USA}, series = {{FOCI} '21}, title = {Even {Censors} {Have} a {Backup}: {Examining} {China}'s {Double} {HTTPS} {Censorship} {Middleboxes}}, isbn = {978-1-4503-8640-1}, shorttitle = {Even {Censors} {Have} a {Backup}}, url = {https://dl.acm.org/doi/10.1145/3473604.3474559}, doi = {10.1145/3473604.3474559}, abstract = {The Great Firewall of China (GFW) has long censored HTTPS (via the Server Name Indication field, or SNI). Its mechanism for doing so has been studied, with various evasion strategies discovered in recent years. In this paper, we have evidence that suggests the GFW has deployed a second HTTPS censorship middlebox that runs in parallel to the first. We present a detailed analysis of this secondary censorship middlebox---how it operates, the content it blocks, and how it interacts with the primary middlebox---and present evidence that this has been in operation since at least September 2019. We also present several packet-based evasion strategies for the secondary middlebox and demonstrate that the primary censorship middlebox can be defeated independently from the secondary. Our code is publicly available.}, urldate = {2024-05-08}, booktitle = {Proceedings of the {ACM} {SIGCOMM} 2021 {Workshop} on {Free} and {Open} {Communications} on the {Internet}}, publisher = {Association for Computing Machinery}, author = {Bock, Kevin and Naval, Gabriel and Reese, Kyle and Levin, Dave}, month = aug, year = {2021}, keywords = {Censorship, Censorship-in-Depth, Geneva}, pages = {1--7}, } @inproceedings{xu_InternetCensorshipChina_2011, address = {Berlin, Heidelberg}, title = {Internet {Censorship} in {China}: {Where} {Does} the {Filtering} {Occur}?}, isbn = {978-3-642-19260-9}, shorttitle = {Internet {Censorship} in {China}}, doi = {10.1007/978-3-642-19260-9_14}, abstract = {China filters Internet traffic in and out of the country. In order to circumvent the firewall, it is helpful to know where the filtering occurs. In this work, we explore the AS-level topology of China’s network, and probe the firewall to find the locations of filtering devices. We find that even though most filtering occurs in border ASes, choke points also exist in many provincial networks. The result suggests that two major ISPs in China have different approaches placing filtering devices.}, language = {en}, booktitle = {Passive and {Active} {Measurement}}, publisher = {Springer}, author = {Xu, Xueyang and Mao, Z. Morley and Halderman, J. Alex}, editor = {Spring, Neil and Riley, George F.}, year = {2011}, keywords = {Censorship, China, network measurement, topology}, pages = {133--142}, } @article{ensafi_AnalyzingGreatFirewall_2015, title = {Analyzing the {Great} {Firewall} of {China} {Over} {Space} and {Time}}, issn = {2299-0984}, url = {https://petsymposium.org/popets/2015/popets-2015-0005.php}, urldate = {2024-05-04}, journal = {Proceedings on Privacy Enhancing Technologies}, author = {Ensafi, Roya and Winter, Philipp and Mueen, Abdullah and Crandall, Jedidiah R.}, year = {2015}, keywords = {China}, } @inproceedings{sundararaman_CensoredPlanetInternetwide_2020, address = {New York, NY, USA}, series = {{CCS} '20}, title = {Censored {Planet}: {An} {Internet}-wide, {Longitudinal} {Censorship} {Observatory}}, isbn = {978-1-4503-7089-9}, shorttitle = {Censored {Planet}}, url = {https://dl.acm.org/doi/10.1145/3372297.3417883}, doi = {10.1145/3372297.3417883}, abstract = {Remote censorship measurement techniques offer capabilities for monitoring Internet reachability around the world. However, operating these techniques continuously is labor-intensive and requires specialized knowledge and synchronization, leading to limited adoption. In this paper, we introduce Censored Planet, an online censorship measurement platform that collects and analyzes measurements from ongoing deployments of four remote measurement techniques (Augur, Satellite/Iris, Quack, and Hyperquack). Censored Planet adopts a modular design that supports synchronized baseline measurements on six Internet protocols as well as customized measurements that target specific countries and websites. Censored Planet has already collected and published more than 21.8 billion data points of longitudinal network observations over 20 months of operation. Censored Planet complements existing censorship measurement platforms such as OONI and ICLab by offering increased scale, coverage, and continuity. We introduce a new representative censorship metric and show how time series analysis can be applied to Censored Planet's longitudinal measurements to detect 15 prominent censorship events, two-thirds of which have not been reported previously. Using trend analysis, we find increasing censorship activity in more than 100 countries, and we identify 11 categories of websites facing increasing censorship, including provocative attire, human rights issues, and news media. We hope that the continued publication of Censored Planet data helps counter the proliferation of growing restrictions to online freedom.}, urldate = {2024-05-03}, booktitle = {Proceedings of the 2020 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}}, publisher = {Association for Computing Machinery}, author = {Sundara Raman, Ram and Shenoy, Prerana and Kohls, Katharina and Ensafi, Roya}, month = nov, year = {2020}, keywords = {availability, censorship, empirical security, measurement}, pages = {49--66}, } @inproceedings{gebhart_InternetCensorshipThailand_2017, title = {Internet {Censorship} in {Thailand}: {User} {Practices} and {Potential} {Threats}}, shorttitle = {Internet {Censorship} in {Thailand}}, url = {https://ieeexplore.ieee.org/document/7961994}, doi = {10.1109/EuroSP.2017.50}, abstract = {The "cat-and-mouse" game of Internet censorship and circumvention cannot be won by capable technology alone. Instead, that technology must be available, comprehensible, and trustworthy to users. However, the field largely focuses only on censors and the technical means to circumvent them. Thailand, with its superlatives in Internet use and government information controls, offers a rich case study for exploring users' assessments of and interactions with censorship. We survey 229 and interview 13 Internet users in Thailand, and report on their current practices, experienced and perceived threats, and unresolved problems regarding censorship and digital security. Our findings indicate that existing circumvention tools were adequate for respondents to access blocked information, that respondents relied to some extent on risky tool selection and inaccurate assessment of blocked content, and that attempts to take action with sensitive content on social media led to the most concrete threats with the least available technical defenses. Based on these findings and in direct response to these problems, we make recommendations for shifting objectives in anti-censorship work, as well as for technical directions and future research to address users' on-the-ground needs.}, urldate = {2024-05-03}, booktitle = {2017 {IEEE} {European} {Symposium} on {Security} and {Privacy} ({EuroS}\&{P})}, author = {Gebhart, Genevieve and Kohno, Tadayoshi}, month = apr, year = {2017}, keywords = {Censorship, Government, Internet, Internet censorship, Interviews, Security, Social network services, Thailand, Tools, censorship circumvention, human aspects of security and privacy, social media, user perspective, web filtering}, pages = {417--432}, } @inproceedings{raman_InvestigatingLargeScale_2020, address = {New York, NY, USA}, series = {{IMC} '20}, title = {Investigating {Large} {Scale} {HTTPS} {Interception} in {Kazakhstan}}, isbn = {978-1-4503-8138-3}, url = {https://dl.acm.org/doi/10.1145/3419394.3423665}, doi = {10.1145/3419394.3423665}, abstract = {Increased adoption of HTTPS has created a largely encrypted web, but these security gains are on a collision course with governments that desire visibility into and control over user communications. Last year, the government of Kazakhstan conducted an unprecedented large-scale HTTPS interception attack by forcing users to trust a custom root certificate. We were able to detect the interception and monitor its scale and evolution using measurements from in-country vantage points and remote measurement techniques. We find that the attack targeted connections to 37 unique domains, with a focus on social media and communication services, suggesting a surveillance motive, and that it affected a large fraction of connections passing through the country's largest ISP, Kazakhtelecom. Our continuous real-time measurements indicated that the interception system was shut down after being intermittently active for 21 days. Subsequently, supported by our findings, two major browsers (Mozilla Firefox and Google Chrome) completely blocked the use of Kazakhstan's custom root. However, the incident sets a dangerous precedent, not only for Kazakhstan but for other countries that may seek to circumvent encryption online.}, urldate = {2024-05-03}, booktitle = {Proceedings of the {ACM} {Internet} {Measurement} {Conference}}, publisher = {Association for Computing Machinery}, author = {Raman, Ram Sundara and Evdokimov, Leonid and Wurstrow, Eric and Halderman, J. Alex and Ensafi, Roya}, month = oct, year = {2020}, keywords = {Certificates, HTTPS, Interception, Kazakhstan, MitM}, pages = {125--132}, } @inproceedings{xue_ThrottlingTwitterEmerging_2021, address = {New York, NY, USA}, series = {{IMC} '21}, title = {Throttling {Twitter}: an emerging censorship technique in {Russia}}, isbn = {978-1-4503-9129-0}, shorttitle = {Throttling {Twitter}}, url = {https://dl.acm.org/doi/10.1145/3487552.3487858}, doi = {10.1145/3487552.3487858}, abstract = {In March 2021, the Russian government started to throttle Twitter on a national level, marking the first ever use of large-scale, targeted throttling for censorship purposes. The slowdown was intended to pressure Twitter to comply with content removal requests from the Russian government. In this paper, we take a first look at this emerging censorship technique. We work with local activists in Russia to detect and measure the throttling and reverse engineer the throttler from in-country vantage points. We find that the throttling is triggered by Twitter domains in the TLS SNI extension, and the throttling limits both upstream and downstream traffic to a value between 130 kbps and 150 kbps by dropping packets that exceed this rate. We also find that the throttling devices appear to be located close to end-users, and that the throttling behaviors are consistent across different ISPs suggesting that they are centrally coordinated. Notably, this deployment marks a departure from Russia's previously decentralized model to a more centralized one that gives significant power to the authority to impose desired restrictions unilaterally. Russia's throttling of Twitter serves as a wake-up call to censorship researchers, and we hope to encourage future work in detecting and circumventing this emerging censorship technique.}, urldate = {2024-05-03}, booktitle = {Proceedings of the 21st {ACM} {Internet} {Measurement} {Conference}}, publisher = {Association for Computing Machinery}, author = {Xue, Diwen and Ramesh, Reethika and S, Valdik S and Evdokimov, Leonid and Viktorov, Andrey and Jain, Arham and Wustrow, Eric and Basso, Simone and Ensafi, Roya}, month = nov, year = {2021}, keywords = {Russia, censorship, interception, throttling}, pages = {435--443}, }