Systems Security

A Survey on Hardware Approaches for Remote Attestation in Network Infrastructure PDF 1,714Kb

Abstract. Remote attestation schemes have been utilized for assuring the integrity of a network node to a remote verifier. In recent years, a number of remote attestation schemes have been proposed for various contexts such as cloud computing, Internet of Things (IoTs) and critical network infrastructures. These attestation schemes provide a different perspective in terms of security objectives, scalability and efficiency. In this report, we focus on remote attestation schemes that use a hardware device and cryptographic primitives to assist with the attestation of nodes in a network infrastructure. We also point towards the open research challenges that await the research community and propose possible avenues of addressing these challenges.

Note. Ioannis Sfyrakis and Thomas Gross. A Survey on Hardware Approaches for Remote Attestation in Network Infrastructures. arXiv:2005.12453, 2020.

Investigation of 3-D Secure’s Model for Fraud Detection PDF 1,714Kb

Abstract. 3-D Secure 2.0 (3DS 2.0) is an identity federation protocol authenticating the payment initiator for credit card transactions on the Web. We aim to quantify the impact of factors used by 3DS 2.0 in its fraud-detection decision making process. We ran credit card transactions with two Web sites systematically manipulating the nominal IVs machine_data, value, region, and website. We measured whether the user was challenged with an authentication, whether the transaction was declined, and whether the card was blocked as nominal DVs. While website and card largely did not show a significant impact on any outcome, machine_data, value and region did. A change in machine_data, region or value made it 5-7 times as likely to be challenged with password authentication. However, even in a foreign region with another factor being changed, the overall likelihood of being challenged only reached 60%. When in the card's home region, a transaction will be rarely declined (< 5% in control, 40% with one factor changed). However, in a region foreign to the card the system will more likely decline transactions anyway (about 60%) and any change in machine_data or value will lead to a near-certain declined transaction. The region was the only significant predictor for a card being blocked (OR=3). We found that the decisions to challenge the user with a password authentication, to decline a transaction and to block a card are governed by different weightings.

Note. Author's copy, definitive version published as:

Mohammed Aamir Ali, Thomas Groß, and Aad van Moorsel. Investigation of 3-D secure's model for fraud detection In proceedings of the 8th Workshop on Socio-Technical Aspects in Security and Trust (STAST'2018), December 2018, pp. 1-11.

The paper received the STAST'2018 best paper award.