Your search keyword '"Butler, Kevin"' showing total 15 results

1. Characterizing the Security of the SMS Ecosystem with Public Gateways.

Author

REAVES, BRADLEY, VARGAS, LUIS, SCAIFE, NOLEN, TIAN, DAVE, BLUE, LOGAN, TRAYNOR, PATRICK, and BUTLER, KEVIN R. B.

Subjects

SECURITY management, TEXT messages, GATEWAYS, ECOSYSTEMS, MULTI-factor authentication

Abstract

Recent years have seen the Short Message Service (SMS) become a critical component of the security infrastructure, assisting with tasks including identity verification and second-factor authentication. At the same time, this messaging infrastructure has become dramatically more open and connected to public networks than ever before. However, the implications of this openness, the security practices of benign services, and the malicious misuse of this ecosystem are not well understood. In this article, we provide a comprehensive longitudinal study to answer these questions, analyzing over 900,000 text messages sent to public online SMS gateways over the course of 28 months. From this data, we uncover the geographical distribution of spam messages, study SMS as a transmission medium of malicious content, and find that changes in benign and malicious behaviors in the SMS ecosystem have been minimal during our collection period. The key takeaways of this research show many services sending sensitive security-based messages through an unencrypted medium, implementing low entropy solutions for one-use codes, and behaviors indicating that public gateways are primarily used for evading account creation policies that require verified phone numbers. This latter finding has significant implications for combating phone-verified account fraud and demonstrates that such evasion will continue to be difficult to detect and prevent. [ABSTRACT FROM AUTHOR]

Published

2019

2. CPAC.

Author

Etigowni, Sriharsha, Tian, Dave (Jing), Hernandez, Grant, Zonouz, Saman, and Butler, Kevin

Published

2016

3. Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications.

Author

REAVES, BRADLEY, BOWERS, JASMINE, SCAIFE, NOLEN, BATES, ADAM, BHARTIYA, ARNAV, TRAYNOR, PATRICK, and BUTLER, KEVIN R. B.

Subjects

ELECTRONIC money, PAYMENT systems, GROSS domestic product, MOBILE app development, ELECTRONIC commerce

Abstract

Mobile money, also known as branchless banking, leverages ubiquitous cellular networks to bring muchneeded financial services to the unbanked in the developing world. These services are often deployed as smartphone apps, and although marketed as secure, these applications are often not regulated as strictly as traditional banks, leaving doubt about the truth of such claims. In this article, we evaluate these claims and perform the first in-depth measurement analysis of branchless banking applications. We first perform an automated analysis of all 46 known Android mobile money apps across the 246 known mobile money providers from 2015. We then perform a comprehensive manual teardown of the registration, login, and transaction procedures of a diverse 15% of these apps. We uncover pervasive vulnerabilities spanning botched certification validation, do-it-yourself cryptography, and other forms of information leakage that allow an attacker to impersonate legitimate users, modify transactions, and steal financial records. These findings show that the majority of these apps fail to provide the protections needed by financial services. In an expanded re-evaluation one year later, we find that these systems have only marginally improved their security. Additionally, we document our experiences working in this sector for future researchers and provide recommendations to improve the security of this critical ecosystem. Finally, through inspection of providers' terms of service, we also discover that liability for these problems unfairly rests on the shoulders of the customer, threatening to erode trust in branchless banking and hinder efforts for global financial inclusion. [ABSTRACT FROM AUTHOR]

Published

2017

4. *droid: Assessment and Evaluation of Android Application Analysis Tools.

Author

REAVES, BRADLEY, BOWERS, JASMINE, GORSKI III, SIGMUND ALBERT, ANISE, OLABODE, BOBHATE, RAHUL, CHO, RAYMOND, DAS, HIRANAVA, HUSSAIN, SHARIQUE, KARACHIWALA, HAMZA, SCAIFE, NOLEN, WRIGHT, BYRON, BUTLER, KEVIN, ENCK, WILLIAM, and TRAYNOR, PATRICK

Subjects

MOBILE apps, JAVA programming language, DATA privacy, SECURITY systems

Abstract

The security research community has invested significant effort in improving the security of Android applications over the past half decade. This effort has addressed a wide range of problems and resulted in the creation of many tools for application analysis. In this article, we perform the first systematization of Android security research that analyzes applications, characterizing the work published in more than 17 top venues since 2010. We categorize each paper by the types of problems they solve, highlight areas that have received the most attention, and note whether tools were ever publicly released for each effort. Of the released tools, we then evaluate a representative sample to determine how well application developers can apply the results of our community’s efforts to improve their products. We find not only that significant work remains to be done in terms of research coverage but also that the tools suffer from significant issues ranging from lack of maintenance to the inability to produce functional output for applications with known vulnerabilities. We close by offering suggestions on how the community can more successfully move forward. [ABSTRACT FROM AUTHOR]

Published

2016

5. Forgive and forget.

Author

Bishop, Matt, Butler, Emily Rine, Butler, Kevin, Gates, Carrie, and Greenspan, Steven

Published

2013

6. Towards secure provenance-based access control in cloud environments.

Author

Bates, Adam, Mood, Ben, Valafar, Masoud, and Butler, Kevin

Published

2013

7. Hi-Fi.

Author

Pohly, Devin J., McLaughlin, Stephen, McDaniel, Patrick, and Butler, Kevin

Published

2012

8. Abusing cloud-based browsers for fun and profit.

Author

Tendulkar, Vasant, Snyder, Ryan, Pletcher, Joe, Butler, Kevin, Shashidharan, Ashwin, and Enck, William

Published

2012

9. Kells.

Author

Butler, Kevin R. B., McLaughlin, Stephen E., and McDaniel, Patrick D.

Published

2010

10. Porscha.

Author

Ongtang, Machigar, Butler, Kevin, and McDaniel, Patrick

Published

2010

11. Rootkit-resistant disks.

Author

Butler, Kevin R.B., McLaughlin, Stephen, and McDaniel, Patrick D.

Published

2008

12. Non-volatile memory and disks:.

Author

Butler, Kevin R. B., McLaughlin, Stephen E., and McDaniel, Patrick D.

Published

2007

13. Optimizing BGP security by exploiting path stability.

Author

Butler, Kevin, McDaniel, Patrick, and Aiello, William

Published

2006

14. Design, implementation and evaluation of security in iSCSI-based network storage systems.

Author

Chaitanya, Shiva, Butler, Kevin, Sivasubramaniam, Anand, McDaniel, Patrick, and Vilayannur, Murali

Published

2006

15. Protecting portable storage with host validation.

Author

Butler, Kevin R.B., McLaughlin, Stephen E., and McDaniel, Patrick D.

Published

2010