Upload File

error-correcting codes as source for decoding...

  • Home
  • Documents
  • Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously
26

Upload: truongbao

Post on 28-Aug-2018

225 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously
Page 2: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Error-Correcting Codes as Source for Decoding

AmbiguityAdrian Dabrowski, Isao Echizen,

Edgar [email protected]

2015-05-21

Page 3: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Preface

● File format == data format == protocol == language

● File == transmission == data stream== packet(s)

Page 4: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Input path

Page 5: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Input path

Page 6: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Input pathe.g. ●Synchronizer●Layered Data●Compressed Data●Error Correction●Container Formats

Page 7: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Input path

e.g. Format Dissector

Page 8: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Input path

Page 9: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Binary Polyglots

● One file

● Valid as PDF ZIP JPEG simultaneously

● e.g. new editions of POC||GTFO

Ange Albertini, http://code.google.com/p/corkami/#Binary_files

somefile.{pdf|zip|jpg}

Page 10: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Polyglot

Page 11: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Polyglot

Page 12: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Error Correction

● Data transmission● Digital Radio Broadcast (DAB), Digital Video Broadcast (DVB-T,

DVB-S, DVB-C)● Phone Networks (GSM, UMTS, LTE, Tetra)

● Storage● Tapes, HDD, Arrays, Flash, Cloud Storage, Server RAM● Barcodes

Page 13: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Packet in Packet – via ECC

Page 14: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Packet in Packet – via ECC

Page 15: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Application: Barcodes

Page 16: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

(some) 2D Barcodes

PDF417 Aztech Maxicode

Data Matrix Quick Response Code Microsoft Tag(High Capacity Color Barcode)

3-DI Shotcode

Page 17: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Testing

Page 18: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Some examples: Aztec

Page 19: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

DM in QR

Page 20: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

QR in QR

Many more examples in:Dabrowski et al. “Barcode-in-Barcode Inception”

Page 21: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Decoding sequence

Page 22: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

QR: Only harmless fun?

● 2012: USSD-Codes in Tel:-URLs encoded in Barcodes could wipe a phone.

● Generate Premium-Rate SMS● URLs can trigger exploits in Web-Browser,

Renderer, OS, code Injection, ...● Used for financial transactions

● Paypal & Bitcoin

Page 23: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Countermeasures for QR

● Stringent decoding order● Root cause of decoding ambiguity

● Present user a visual excerpt

● Notification of all codes found

● Detect & display alien data in barcode

● Do not automaticallyretrieve & display target URL

● Only decode, what you are looking for

Page 24: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Generic Countermeasures

● Both transmissions are standard compliant!

● Application specific:● Drop ambiguities – but need to detect!● Choose higher data density

● No easy way – any heuristic (aka guessing) is a risc

Page 25: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Wrap Up

● ECC used in many applications● Radio, Broadcast, Storage, ….

● Can be used to include alternative data (streams)● Implementation specific / probabilistic

● Any ambiguity is insecurity● Detecting (in general case) is not easy

Page 26: Error-Correcting Codes as Source for Decoding Ambiguityspw15.langsec.org/slides/dabrowski-langsec2015-slides.pdf · Binary Polyglots One file Valid as PDF ZIP JPEG simultaneously

Error-Correcting Codes as Source for Decoding

AmbiguityAdrian Dabrowski, Isao Echizen,

Edgar [email protected]

2015-05-21


A. Dabrowski, 22 January 2008

Polyglots – the people of the 21 st century

Managing capital flows in a globalized economy_Marek Dabrowski

Marek Dabrowski Policy challenges faced by low-income CIS … · 2010-01-08 · Marek Dabrowski Policy challenges faced by ... Geographical structure of exports, 2005, in % of total

The true meaning of data by Maciej Dabrowski

D Dabrowski, Adam Dahia, Karim Darbon, Jerome Dargent ...D Dabrowski, Adam Dahia, Karim Darbon, Jerome Dargent, Regis Daudet, Laurent David, Bertrand David, Sebastien Davies, Mike

Adrian dabrowski imsi-catcher-catcher-acsac2014-preprint-20140820

One Thousand Polyglots

A Hermeneutic Historical Study of Kazimierz Dabrowski and ... · i Abstract A Hermeneutic Historical Study of Kazimierz Dabrowski and his Theory of Positive Disintegration Marjorie

DRAFT DOCUMENT, Christopher Dabrowski, 9/10/2007 DRAFT …xml.coverpages.org/Dabrowski-GridReliability2007.pdf · 2007-09-10 · DRAFT DOCUMENT, Christopher Dabrowski, 9/10/2007 1

Dabrowski - David Bohm's Theory of the Implicate Order

[Hans-Peter Dabrowski] Heinkel He 100 World Recor(BookSee.org)

Anne Dabrowski Northwestern University NA48/2 Semileptonics Meeting 22 nd February 2005 Update Kmu3 Branching Ratio measurement A. Dabrowski, February

J.M. Dabrowski , J. Dabrowski , P. MacMillan and L. Hill

OMiG Digital Summit 2016 - Maciej Dabrowski - Altocloud

Gambles in Your Life Andre Dabrowski Mathematics and Statistics

Polyglots and Their Approaches

POLYGLOTS IN ROMAN ANTIQUITY. WRITING SOCIO-CULTURAL

Polyglots: Crossing Origins by Crossing Formatsandrei/ccs13.pdfCrossing origins by crossing formats. This paper focuses on a new breed of attacks and its root cause: polyglots. A polyglot

PDF-based polyglots through SVG images

Dabrowski v ABAX Inc. - - New York State Unified

Trud Istnienia Kazimierz Dabrowski

Parental Polyglots Linking Language classrooms with the community

A. Dabrowski, 22 January 2008 Bunch length monitoring at CTF3 Anne Dabrowski (CERN) On behalf of all involved CTF3 Technical Meeting 22 January 2008

Konrad Dabrowski School of Environment and Natural ... · Konrad Dabrowski. School of Environment and Natural Resources. Ohio State University. Columbus, Ohio . ... (D’Abramo et

Marek Dabrowski, Malgorzata Antczak and Michal Gorzelak Fiscal

A. Dabrowski, June 08 2005 Ratio(ke3/pipi0) 1 Final Results Γ(Ke3)/ Γ(pipi0) Anne Dabrowski Northwestern University NA48/2 Collaboration Meeting 08 June

Adsorption Theory to Practice Journal paper by Dabrowski

Teoría de Desintegración Positiva - Dabrowski

Mike Dabrowski - Cal Polymstl.atl.calpoly.edu/~workshop/archive/2006/Spring/10-Dabrowski-ION CubeSat.pdfMike Dabrowski ExGraduate Student University of Illinois at UrbanaChampaign

 · Studnicka Helena *1808 Dabrowski Kazimierz Dabrowski Franciszek * 1823 Zduóska Wola +15-03-1897 (74) Ogrodzisko alŽ. 10-05-1850 Grzybowska Agnieszka Klinicki Bogurnil Klinicka

krzysztof dabrowski - praca magisterska

Joel Janek Dabrowski - repository.up.ac.za

Classic Rocker Team 7 Thomas Dabrowski Sarah Philo Adam Rauwerdink

Longitudinal Diagnostics for CLIC A. Dabrowski, 20/10/2010 Longitudinal Diagnostics for CLIC Anne Dabrowski CERN BE/BI Significant input from T. Lefevre,