All Wi-Fi networks periodically broadcast beacons to announce their presence to nearby clients. These beacons contain various properties of the network, including dynamic information to manage the behavior of clients. We first show that an adversary can forge beacons to carry out various known as well as novel attacks. Motivated by these attacks, we propose a scheme to authenticate beacon frames that is efficient and has low bandwidth overhead. We evaluate the security properties of this scheme, and discuss its current implementation in Linux. By collaborating with industry partners, our scheme also got incorporated into the draft 802.11 standard, increasing the chance of it being implemented by vendors.

Inspired by the rapid development of Large Language Models (LLMs), LLM agents have evolved to perform complex tasks. LLM agents are now extensively applied across various domains, handling vast amounts of data to interact with humans and execute tasks. The widespread applications of LLM agents demonstrate their significant commercial value; however, they also expose security and privacy vulnerabilities. At the current stage, comprehensive research on the security and privacy of LLM agents is highly needed. This survey aims to provide a comprehensive overview of the newly emerged privacy and security issues faced by LLM agents. We begin by introducing the fundamental knowledge of LLM agents, followed by a categorization and analysis of the threats. We then discuss the impacts of these threats on humans, environment, and other agents. Subsequently, we review existing defensive strategies, and finally explore future trends. Additionally, the survey incorporates diverse case studies to facilitate a more accessible understanding. By highlighting these critical security and privacy issues, the survey seeks to stimulate future research towards enhancing the security and privacy of LLM agents, thereby increasing their reliability and trustworthiness in future applications.

Summary

 The-Emerged-Security-and-Privacy-of-LLM-Agent-A-Survey-with-Case-Studies_pub.pptx

Paper 

Data-driven research on the automated discovery and repair of security vulnerabilities in source code requires comprehensive datasets
of real-life vulnerable code and their fixes. To assist in such research, we propose a method to automatically collect and curate a comprehensive vulnerability dataset from Common Vulnerabilities and Exposures (CVE) records in the public National Vulnerability Database (NVD). We implement our approach in a fully automated dataset collection tool and share an initial release of the resulting vulnerability dataset named CVEfixes. The CVEfixes collection tool automatically fetches all available CVE records from the NVD, gathers the vulnerable code and corresponding fixes from associated open-source repositories, and organizes the collected information in a relational database. Moreover, the dataset is enriched with meta-data such as programming language, and detailed code and security metrics at five levels of abstraction. The collection can easily be repeated to keep up-to date with newly discovered or patched vulnerabilities. The initial release of CVEfixes spans all published CVEs up to 9 June 2021 covering 5365 CVE records for 1754 open-source projects that were addressed in a total of 5495 vulnerability fixing commits. CVEfixes supports various types of data-driven software security research, such as vulnerability prediction, vulnerability classification, vulnerability severity prediction, analysis of vulnerabilityrelated code changes, and automated vulnerability repair.

메인세미나 발표 자료 업로드 합니다.

Abstract:
We construct a sublinear-time single-server preprocessing Private Information Retrieval (PIR) scheme with an optimal tradeoff between client storage and server computation (up to poly-logarithmic factors). Our scheme achieves amortized ~O(√n) server and client computation and O(√n) online communication per query, and requires ~Oλ(√n) client storage. Unlike prior single-server PIR schemes that rely on heavy cryptographic machinery such as Homomorphic Encryption, our scheme relies only on Pseudo-Random Functions (PRF). To the best of our knowledge, Piano is the first practical single-server sublinear-time PIR scheme, and we outperform the state-of-the-art single-server PIR by 10×-300×. In comparison with the best known two-server PIR scheme, Piano enjoys comparable performance but our construction is considerably simpler. Experimental results show that for a 100GB database and with 60ms round-trip latency, Piano achieves 93ms response time, while the best known prior scheme requires 11s or more.

Abstract

Creating secure Wi-Fi hotspots has historically been challenging: when using an open network it is trivial for an adversary to eavesdrop traffic. Alternatively, when using a password-protected network and sharing the password publicly, anyone who knows the password can create a rogue clone of the network to intercept traffic. To overcome this problem, the Wi-Fi Alliance released SAE-PK as part of an update to WPA3, which we will call WPA3-PK. In this protocol, a public key is used to verify the hotspot’s authenticity, and the password of the network encodes a fingerprint of this public key. As a result, someone who knows the password can no longer clone the network, because they do not know the corresponding private key.

In this paper, we systematically analyze the security of WPA3-PK. We first study implementations, where we show that the private WPA3-PK password gets leaked when using a flawed random number generator, and confirm that this may indeed happen in practice. We then study network aspects, where we show how a malicious insider can intercept the traffic of others. Our third focus is cryptographic attacks, where we perform an evaluation of time-memory trade-off attacks against WPA3-PK, and we optimize these attacks by combining the technique of rainbow tables with distinguished points. Additionally, we construct multi-network password collisions that allow an adversary to build a single rainbow table that can be used to attack multiple networks. Finally, we discuss defenses against our attacks and propose updates to the WPA3-PK standard

The number of applications of unmanned aerial vehicles (UAVs) (aka drones) is rapidly expanding. However, the wireless and broadcast nature of communications between the drones and their operators (i.e., Ground control station (GCS)) presents a risk for this channel to be exploited by outsiders. Specifically, an attacker can abuse benign communications as a cover to leak sensitive drone data secretly to nearby adversaries within the transmission range of a drone. Therefore, in this paper, we investigate the threat of information leakage through MAVLink, a drone control protocol that is widely used in the majority of drone autopilot systems and is considered a de-facto standard. We show that multiple covert channels can be created in MAVLink by exploiting its lack of security mechanisms, default broadcast messages, and redundant features. We design and implement the novel covert channels on a realistic drone testbed in practical settings and assess their feasibility. Our extensive results demonstrate that attackers can effectively exfiltrate different types of sensitive data from drones with a high throughput via MAVLink-based covert channels in the presence of an active warden at the GCS. Finally, we provide an in-depth analysis of several countermeasures for MAVLink-based covert channels to improve the protocol's security. To the best of our knowledge, this is the first work exploiting the popular MAVLink protocol for covert communications and demonstrating how it can be manipulated by the adversary for secret communications over commodity drones.