publications

2022

1. Mobicom’22

   Uncovering insecure designs of cellular emergency services (911)

   Hu, Yiwen, Chen, Min-Yue, Tu, Guan-Hua, Li, Chi-Yu, Wang, Sihan, Shi, Jingwen, Xie, Tian, Xiao, Li, Peng, Chunyi, Tan, Zhaowei, and others,

   In Proceedings of the 28th Annual International Conference on Mobile Computing And Networking 2022
2. TMC’22

   MPKIX: Towards More Accountable and Secure Internet Application Services via Mobile Networked Systems

   Xie, Tian*, Wang, Sihan* (*: Co-Primary), Lei, Xinyu, Shi, Jingwen, Tu, Guan-Hua, and Li, Chi-Yu

   In IEEE Transactions on Mobile Computing 2022

   Abs Website

   Nowadays, both Internet Application Service (IAS) providers and users face various security threats and legal issues. Due to the lack of reliable user information verification mechanisms, adversaries can abuse IASs to launch various cyberattacks, such as misinformation distributing and phishing, by using fake user accounts. IAS providers may thus inadvertently offer inappropriate content to restricted users, thereby suffering a serious risk of prosecution under local or international laws. Also, IAS users may suffer from nefarious ID theft attacks. In this paper, we proposed a novel security framework, MPKIX, designated as Mobile-assisted PKIX (Public-Key Infrastructure X.509). MPKIX secures both IAS providers and users by leveraging the broadly used PKIX services and mobile networked systems. It not only provides IAS providers with a reliable user verification mechanism while simultaneously enabling cross-IAS user privacy protection, but also largely mitigates the possibility of ID theft attacks and benefits other involved parties, such as cellular network operators and PKIX service providers. We further conduct a security analysis of MPKIX and implement an MPKIX prototype. The evaluation results based on the prototype confirm the effectiveness and efficiency of MPKIX with low overhead.

2021

1. Mobicom’21

   Insecurity of Operational Cellular IoT Service: New Vulnerabilities, Attacks, and Countermeasures

   Wang, Sihan, Tu, Guan-Hua, Lei, Xinyu, Xie, Tian, Li, Chi-Yu, Chou, Po-Yi, Hsieh, Fucheng, Hu, Yiwen, Xiao, Li, and Peng, Chunyi

   In Proceedings of the 27th Annual International Conference on Mobile Computing and Networking 2021

   Abs Website

   More than 150 cellular networks worldwide have rolled out massive IoT services such as smart metering and environmental monitoring. Such cellular IoT services share the existing cellular network architecture with non-IoT (e.g., smartphone) ones. When they are newly integrated into the cellular network, new security vulnerabilities may happen from imprudent integration. In this work, we explore the security vulnerabilities of the cellular IoT from both system-integrated and service-integrated aspects. We discover five vulnerabilities spanning cellular standard design defects, network operation slips, and IoT device implementation flaws. Threateningly, they allow an adversary to remotely identify IP addresses and phone numbers assigned to cellular IoT devices and launch data/text spamming attacks against them. We experimentally validate these vulnerabilities and attacks with three major U.S. IoT carriers. The attack evaluation result shows that the adversary can raise an IoT data bill by up to 226 with less than 120 MB spam traffic and increase an IoT text bill at a rate of 5 per second; moreover, cellular IoT devices may suffer from denial of IoT services. We finally propose, prototype, and evaluate recommended solutions.

2. CodaSpy’21

   BFastPay: A Routing-free Protocol for Fast Payment in Bitcoin Network

   Lei, Xinyu, Tu, Guan-Hua, Xie, Tian, and Wang, Sihan

   In Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy 2021

   Abs Website

   Bitcoin is the most popular cryptocurrency which supports payment services via the Bitcoin peer-to-peer network. However, Bitcoin suffers from a fundamental problem. In practice, a secure Bitcoin transaction requires the payee to wait for at least 6 block confirmations (one hour) to be validated. Such a long waiting time thwarts the wide deployment of the Bitcoin payment services because many usage scenarios require a much shorter waiting time. In this paper, we propose BFastPay to accelerate the Bitcoin payment validation. BFastPay employs a smart contract called BFPayArbitrator to host the payer’s security deposit and fulfills the role of a trusted payment arbitrator which guarantees that a payee always receives the payment even if attacks occur. BFastpay is a routing-free solution that eliminates the requirement for payment routing in the traditional payment routing network (e.g., Lightning Network). The theoretical and experimental results show that BFast is able to significantly reduce the Bitcoin payment waiting time (e.g., from 60 mins to less than 1 second) with nearly no extra operation cost.

3. CodaSpy’21

   Security Threats from Bitcoin Wallet Smartphone Applications: Vulnerabilities, Attacks, and Countermeasures

   Hu, Yiwen, Wang, Sihan, Tu, Guan-Hua, Xiao, Li, Xie, Tian, Lei, Xinyu, and Li, Chi-Yu

   In Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy 2021

   Abs Website

   Nowadays, Bitcoin is the most popular cryptocurrency. With the proliferation of smartphones and the high-speed mobile Internet, more and more users have started accessing their Bitcoin wallets on their smartphones. Users can download and install a variety of Bitcoin wallet applications (e.g., Coinbase, Luno, Bitcoin Wallet) on their smartphones and access their Bitcoin wallets anytime and anywhere. However, it is still unknown whether these Bitcoin wallet smartphone applications are secure or if they are new attack surfaces for adversaries to attack these application users. In this work, we explored the insecurity of the 10 most popular Bitcoin wallet smartphone applications and discovered three security vulnerabilities. By exploiting them, adversaries can launch various attacks including Bitcoin deanonymization, reflection and amplification spamming, and wallet fraud attacks. To address the identified security vulnerabilities, we developed a phone-side Bitcoin Security Rectifier to secure Bitcoin wallet smartphone application users. The developed rectifier does not require any modifications to current wallet applications and is compliant with Bitcoin standards.

2019

1. SSCI’19

   Exploring the Insecurity of Google Account Registration Protocol via Model Checking

   Xie, Tian, Wang, Sihan, Tu, Guan-Hua, Li, Chi-Yu, and Lei, Xinyu

   In 2019 IEEE Symposium Series on Computational Intelligence (SSCI) 2019

   Abs Website

   People nowadays use online service accounts (e.g., Google, Facebook, Twitter) to access certain services. Among them, Google accounts have become increasingly important for users. Not only do many Google services (e.g., Gmail, Google Voice, Google Play, etc.) require them, but many online services also trust and rely on them for operational needs (e.g., login based on Google accounts). This trend introduces a new type of attacks that create a large number of fake, but valid, Google accounts. The fake Google accounts allow the adversary to launch various cyber attacks towards Google account-related services. It motivates us to conduct an empirical security study on the Google account registration service. In this paper, we apply model checking techniques to systematically analyze the insecurity of Google account registration service. We develop a model-checking tool, GAcctAnalyzer, which consists of two phases: (1) service screening phase, which generates counterexamples from the violation of desired properties, and (2) experimental validation phase, which validates the counterexamples through real experiments. We use GAcctAnalyzer to discover four security vulnerabilities including design defects, operational slips, etc. Based on the discovered vulnerabilities, we devise two practical attacks against mobile users and Google: fake Google account generation and Google text/voice spamming attack. They can not only threaten the security of mobile applications and online services, but also cause the Google company to receive user complaints and lawsuits. We finally confirm the feasibility of these attacks through experiments, assess the real-world impact, and propose recommended solutions.