Shared file protection against unauthorised encryption using a Buffer-Based Signature Verification Method

Arash Mahboubi; Seyit Camtepe; Keyvan Ansari; Marcin Pawłowski; Paweł Morawiecki; Hamed Aboutorab; Josef Pieprzyk; Jarek Duda

doi:10.1016/j.jisa.2024.103873

Back

Shared file protection against unauthorised encryption using a Buffer-Based Signature Verification Method

Journal article

Open access

Peer reviewed

Shared file protection against unauthorised encryption using a Buffer-Based Signature Verification Method

Arash Mahboubi, Seyit Camtepe, Keyvan Ansari, Marcin Pawłowski, Paweł Morawiecki, Hamed Aboutorab, Josef Pieprzyk and Jarek Duda

Journal of information security and applications, Vol.86, 103873

2024

DOI: https://doi.org/10.1016/j.jisa.2024.103873

Files and links (1)

pdf

Published2.40 MBDownload View

CC BY V4.0, Open Access

Abstract

Coloured Petri net

Data encryption

Data protection

Ransomware

Signature embedding

Storage-level signature validation

Trusted Platform Module

Understanding the attributes of critical data and implementing suitable security measures help organisations bolster their data-protection strategies and diminish the potential impacts of ransomware incidents. Unauthorised extraction and acquisition of data are the principal objectives of most cyber invasions. We underscore the severity of this issue using a recent attack by the Clop ransomware group, which exploited the MOVEit Transfer vulnerability and bypassed network-detection mechanisms to exfiltrate data via a Command and Control server. As a countermeasure, we propose a method called Buffer-Based Signature Verification (BBSV). This approach involves embedding 32-byte tags into files prior to their storage in the cloud, thus offering enhanced data protection. The BBSV method can be integrated into software like MOVEit Secure Managed File Transfer, thereby thwarting attempts by ransomware to exfiltrate data. Empirically tested using a BBSV prototype, our approach was able to successfully halt the encryption process for 80 ransomware instances from 70 ransomware families. BBSV not only stops the encryption but also prevents data exfiltration when data are moved or written from the original location by adversaries. We further develop a hypothetical exploit scenario in which an adversary manages to bypass the BBSV, illicitly transmits data to a Command and Control server, and then removes files from the original location. We construct an extended state space, in which each state represents a tuple that integrates user authentication and system components at the filesystem level.

Details

Title: Shared file protection against unauthorised encryption using a Buffer-Based Signature Verification Method
Authors/Creators: Arash Mahboubi - Charles Sturt University
Seyit Camtepe - Commonwealth Scientific and Industrial Research Organisation
Keyvan Ansari - Murdoch University, College of Science, Technology, Engineering and Mathematics
Marcin Pawłowski - Jagiellonian University
Paweł Morawiecki - Polish Academy of Sciences
Hamed Aboutorab - Charles Sturt University, Australia
Josef Pieprzyk - Data61
Jarek Duda - Jagiellonian University
Publication Details: Journal of information security and applications, Vol.86, 103873
Publisher: Elsevier Ltd
Identifiers: 991005701566507891
Murdoch Affiliation: Murdoch University
Language: English
Resource Type: Journal article

Metrics

3 File views/ downloads

35 Record Views