Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport19H1: 45,000 apps removed from Google Play, 2% of them detected by antiviruses Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just...
ElevenPaths SealSign integration with the Azure Key Vault ElevenPaths and Microsoft, thanks to Gradiant technology, have integrated the Azure Key Vault into the SealSign platform. This partnership provides a server-based digital signature and certificate safekeeping service, based...
ElevenPaths #CyberSecurityPulse: The eternal dispute: backdoors and national security A bipartisan group of legislators from the house of representatives has introduced a piece of legistation which will prevent the federal government of the United States from demanding companies...
Innovation and Laboratory Area in ElevenPaths EasyDoH: our new extension for Firefox that makes DNS over HTTPS simpler A year ago, the IETF has raised to RFC the DNS over HTTPS proposal. This new is more important than it may seem. For two reasons: firstly, it’s a...
Sergio De Los Santos Facebook signed one of its apps with a private key shared with other Google Play apps since 2015 Facebook Basics is a Facebook app aimed at countries with poor connectivity, where a free access service to WhatsApp and Facebook is provided. It has been discovered that the Android version...
ElevenPaths You are less rational than you think when you take decisions under uncertain conditions I propose you the following game of luck: Option A: I give 1,000 € to you with a probability of 100%. Option B: Let’s leave it to heads or tails: if...
ElevenPaths New report: Twitter botnets detection in sports event We all know that a botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform DDoS attacks,...
Sergio De Los Santos Facebook signed one of its apps with a private key shared with other Google Play apps since 2015 Facebook Basics is a Facebook app aimed at countries with poor connectivity, where a free access service to WhatsApp and Facebook is provided. It has been discovered that the Android version...
ElevenPaths New tool: Masked Extension Control (MEC), don’t trust Windows extensions Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic...
ElevenPaths How to forecast the future and reduce uncertainty thanks to Bayesian inference (II) In the first part of this article we explained how Bayesian inference works. According to Norman Fenton, author of Risk Assessment and Decision Analysis with Bayesian Networks: Bayes’ theorem is...
ElevenPaths The Framing Effect: you make your choices depending on how information is presented You have received an alert from cyber intelligence. A terrible and enormous cyberattack is approaching. You must ensure the protection of 600 positions within your organization. You don’t have...
AuthCode: Our award-winning continuous-authentication system, jointly developed with the University of MurciaElevenPaths 11 December, 2018 Continuous-authentication systems aim to identify users’ behavior through interactions with their device. The main advantage of this type of authentication is that it improves users’ experience when using services or apps of their mobile device, free from intrusions. Fruit of a joint research with the University of Murcia, we were able to develop AuthCode. This project reached such a stage of maturity that we could present it over the Security Innovation Day 2018. Furthermore, it has won several awards and prizes. Let’s explain what AuthCode is in further detail. In most cases, continuous authentication avoids using passwords, access patterns, biometric recognition, etc. when the user wish to have access to an app or service requiring authentication. In this sense, permanent authentication increases users’ security regarding the operations executed on the device. Moreover, we can take advantage of this continuous trust status to make user app interactions much simpler and more fluent by doing so, users’ experience gets better. Despite the advantages of these continuous-authentication systems, current solutions raise a number of challenges, for instance: selecting the dimensions and features that allow to shape the owner’s behavior and be able to clearly and precisely discern its behavior from other users’ one; enabling system adaptability to slight changes in user’s behavior; reducing authentication time; using new functionalities or optimizing device resources’ use and consumption. These aspects are critical to provide the user with a satisfactory experience and not excessively impact the battery. Challenge background Aware of the usefulness and potential of this kind of systems, over the last 2017 National Colloquium on Cybersecurity Research (in Spanish, Jornadas Nacionales de Investigación en Ciberseguridad or JNIC ), ElevenPaths presented, within the Transference Track, a challenge on the development of a proof of concept for a continuous and adaptive authentication. This challenge was undertaken by the Cybersecurity and Cyberdefence Research Lab from the Faculty of Computer Science of the University of Murcia, that started working on it adapting their long-year knowledge on cybersecurity to meet the new and demanding requirements of the challenge raised. The team was composed of the students José María Jorquera Valero and Pedro Miguel Sánchez Sánchez, under the supervision of their mentors Alberto Huertas Celdrán and Gregorio Martínez Pérez, that were in charge of organizing the tasks to be performed by the the Department of Information and Communication Engineering and the Department of Computer Technology and Architecture from the University of Murcia. Proposed solution As of the mentioned challenge, a joint company-university arises with the aim of developing an accurate solution that can be useful for society, and all this beyond the transference track framework, i.e. with the will to push this project beyond a mere research proposal, so becoming an out-of-lab proof of concept to be successfully tested by the users in several and different real scenarios. The good understanding between university and company clearly showed the advantages of joining two different sectors and visions for a common purpose. The work performed consists of designing and implementing an adaptive continuous-authentication system for mobile devices, that allows an accurate identification of the device owner. This system has been named AuthCode. The proposed solution is based on the creation of user profiles by shaping the user behavior when using apps as well as on the evaluation of certain metrics collected through several device sensors. AuthCode can get adapted to new changes in user behaviors. Additionally, Machine Learning techniques are used as well (using the algorithm Isolation Forest), based on the detection of the appropriate anomalies for low-system-resource devices. As a proof of concept, the mentioned system has been implemented in Android (compatible with version 6.0 or later) and successfully tested with several groups of users. The system functioning is divided into four phases: Phase 0. Over this phase the most relevant dimensions and features intended to shape user’s behavior are selected. It should be highlighted that this selection process is a one-time process performed prior to system development over the design phase. Phase 1. Acquisition of the mobile device data to extract the predetermined features and create a dataset where such features will be stored. Data collection is periodically performed in one-minute cycles for two weeks. Phase 2. Firstly, Machine Learning algorithm is trained by means of the generated dataset in order to shape a profile for user’s behavior. Once this training has finished, the evaluation phase is triggered, over which the system compares the current user’s behavior with the one stored over the training phase. By doing so, the system returns an authentication level ranging from 0.0 and 0.1. This is a one-minute process as well. Phase 3. System adaptability to new changes in user’s behavior by insertion and removal of vectors within the dataset, keeping it updated and preventing system from overtraining. These phases, together with some steps in detail, are shown in the following figure. The mentioned authentication level is key to show the real goal of the technology developed: getting a determined value from the authentication level provided by the device, on the basis of user’s behavior. This value sets up trust levels that can be configured regarding user experience, thus allowing adaptability. That way a value near 1.0 would rid the user of entering passwords, using additional authentication factors and having limitations regarding the use of the device until its authentication has been completely verified. By doing so, AuthCode would only ease security needs in those cases where trust in user identity has been defined as accurate due to its behavior. In the worst-case scenario a range of palliative actions to be performed would be launched if the system detected that the user is not authorized to use the device. This would enable to perform a number of actions such as remote blockage, action log, taking pictures of the current user and sending, when appropriate, notifications or alerts. AuthCode allows system adaptability as long as user evaluation is positive. Otherwise, if the user generates a determined number of consecutive and negative evaluations (that can be configured according to the scenario), the device will be blocked and it will be necessary to enter the appropriate credentials to unblock it. In the following video you will find further details on the design and functioning of this system: Once the proof of concept has been implemented, a use case is developed in order to show how useful is this continuous-authentication system in a real environment. Such use case is an online banking application and its functionality has been integrated with the continuous authentication system. For this purpose, an app for mobile devices has been designed and implemented pretending to be an online banking application (our fictitious Nevele Bank) connected to this continuous authentication system. Awards and prizes The resulting solution for the Transference Track challenge was presented over the 2018 National Colloquium on Cybersecurity Research. It won the prize for the best solution proposed in relation to the challenges set out over the event. Once the challenge was concluded, the team kept working on the improvement of the proof of concept previously achieved. This additional research has resulted in an article published in the journal Sensors (classified as a Q2 according to the JCR). Furthermore, this challenge helped two students in Computer Engineering to develop their bachelor’s degree theses. These theses were presented over the Certamen Arquímedes driven by the Spanish Ministry of Science, Innovation and Universities, and they reached the final phase held from 21 to 23 November at the URJC (Universidad Rey Juan Carlos). Finally, a special prize was awarded by Fundación ONCE for the best research project targeted to improve the quality of life of disabled people, together with a secondary prize. Currently, AuthCode is being evaluated to be provided with funding by Fundación Séneca – Agencia de Ciencia y Tecnología, from the Region of Murcia. This way, it could become a completely-functional proof of concept tested by a great number of users in real scenarios. At the same time, ElevenPaths, the Telefónica’s Cybersecurity Unit, continues directly working and providing ideas and support with the research team of the University of Murcia to be able to further develop the proof of concept. All this with a strong commitment by ElevenPaths to enhance university and company innovation and knowledge transference. Innovations and Labs www.elevenpaths.com The Confirmation Bias: we seek the information that confirms our decisions, refusing their opposed evidencesNew report: Twitter botnets detection in sports event
Innovation and Laboratory Area in ElevenPaths EasyDoH: our new extension for Firefox that makes DNS over HTTPS simpler A year ago, the IETF has raised to RFC the DNS over HTTPS proposal. This new is more important than it may seem. For two reasons: firstly, it’s a...
Sergio De Los Santos Facebook signed one of its apps with a private key shared with other Google Play apps since 2015 Facebook Basics is a Facebook app aimed at countries with poor connectivity, where a free access service to WhatsApp and Facebook is provided. It has been discovered that the Android version...
ElevenPaths New tool: Masked Extension Control (MEC), don’t trust Windows extensions Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic...
Innovation and Laboratory Area in ElevenPaths Five interesting own tools that you may have missed (and a surprise) This time we are going to rehash a blog entry by gathering some of the own tools that we have recently developed and we consider of interest. We summarize...
Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport19H1: 45,000 apps removed from Google Play, 2% of them detected by antiviruses Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just...
