HGI-Kolloquium

Jedes Semester wird das HGI-Kolloquium zu aktuellen Themen der IT-Sicherheit angeboten. Es wird von den Lehrstühlen des Institutes organisiert und ist für alle interessierten Personen offen, externe Gäste sind immer willkommen. Wenn Sie den HGI-Newsletter abonnieren, bekommen Sie die Vortragsankündigungen rechtzeitig per E-Mail.

Das Seminar findet in der Regel donnerstags um 12:00 Uhr im Gebäude ID auf Etage 03 in Raum 411 statt Wegbeschreibung.

Dieses Semester wird das Seminar von der Arbeitsgruppe für Sichere Hardware organisiert. Untenstehend finden Sie eine ­Liste der geplante­n Termine und Vorträge für das ganze Semester. Falls nicht anders angekündigt, finden alle Vorträge um 12.00 Uhr s.t. statt.

Datum Vortragende Person Zugehörigkeit Titel Raumnummer Beginn
07.10.2013 Marc Tobias   Why Cryptography is largely irrelevant for high security lock design ID 03/445 11.00 Uhr
24.10.2013 Ludo Tolhuizen et al. Philips Research HIMMO: A collusion-resistant identity-based scheme for symmetric key generation ID 04/653 11.00 Uhr
31.10.2013 Ashar Javed Ruhr-Universität Bochum Trusted Friend Attack: Guardian Angels Strike ID 03/411 12.00 Uhr
06.11.2013 Andreas Kurtz FAU Erlangen-Nürnberg Pentesting iOS Apps - Runtime Analysis and Manipulation ID 03/445 16.00 Uhr
14.11.2013 Michael Weiner TU München Security Analysis of a Widely Deployed Locking System ID 03/411 12.00 Uhr
21.11.2013 Ingo von Maurich Ruhr-Universität Bochum Advances in Implementations of Code-based Cryptography on Reconfigurable Devices ID 03/411 12.00 Uhr
27.11.2013 Fabian Yamaguchi Universität Göttingen Information Retrieval and Machine Learning for Interactive Bug Hunting ID 03/445 16.00 Uhr
28.11.2013 Sebastian Uellenbeck Ruhr-Universität Bochum Quan­ti­fy­ing the Se­cu­ri­ty of Gra­phi­cal Pass­words: The Case of An­dro­id Un­lock Pat­terns ID 03/411 12.00 Uhr
05.12.2013 Nele Mentens, Jochen Vandorpe KU Leuven eDiViDe: European Digital Virtual Design Lab - A Remote Learning Platform for Digital Design ID 03/411 12.00 Uhr
19.12.2013 Fabian Hemmer Ruhr-Universität Bochum Dob­ber­tin Chal­len­ge 2013 So­lu­ti­on ID 03/411 12.00 Uhr
08.01.2014 Stefan Esser   iOS 7 Security Overview ID 03/445 16.00 Uhr
16.01.2014 Felix Schuster Ruhr-Universität Bochum Reverse Engineering and Cryptanalysis of the symmetric block cipher 'Chiasmus' ID 03/411 12.00 Uhr
22.01.2014 Srdjan Capkun ETH Zürich A Short Review of Physical-Layer Security ID 03/419 15.00 Uhr
29.01.2014 Thomas Roth   Advanced ARM exploitation: Breaking into ARM's TrustZone ID 03/445 16.00 Uhr
29.01.2014 Giorgio Giacinto University of Cagliari, Italy Machine Learning for Computer Security: Lessons Learned ID 04/653 11.30 Uhr
30.01.2014 Thomas Eisenbarth Worcester Polytechnic Institute Cryptography in the Presence of Side Channel Leakage ID 03/411 12.00 Uhr
04.02.2014 Yan Shoshitaishvili University of California in Santa Barbara (UCSB) SimuVEX: Using VEX in Symbolic Analysis ID 04/653 12.00 Uhr

Why Cryptography is largely irrelevant for high security lock design

Traditional mechanical locks have no intelligence and limitations on the security they can offer. Within the past five years, new security technology that integrates electronic credentials with mechanical cylinders have become common in many facilities and in some cases have completely replaced mechanical keys. While these credentials may increase certain aspects of security and user options for access control, they have done little to add to the overall security of most locks, whether electro-mechanical or completely electronic-based.

Marc Weber Tobias is an investigative attorney, physical security expert, and Team Leader for a group of physical and cyber security professionals, whose task is to defeat electronic-based locks and to develop covert methods to circumvent their security, including cryptographic credentials, in seconds, without any trace. In this presentation, Marc will discuss why cryptography and the credentials it is designed to protect are largely irrelevant when considering the security of locks and access control systems. Marc will present several video segments that demonstrate a number of techniques that his team at Security Labs has developed in bypassing certain locks in order that participants can understand basic design issues and potential vulnerabilities so they can better protect their facilities and environments.

HIMMO: A collusion-resistant identity-based scheme for symmetric key generation

We describe HIMMO, a new scheme for identity-based symmetric key generation. Like the scheme of Blundo et al, HIMMO employs symmetric polynomials, which lead to very efficient implementations, but it is much less vulnerable against collusion attacks.

HIMMO employs mixing modular operations over different rings and hiding part of the result of polynomial evaluation by only considering its least significant bits.

We discuss the collusion resistance properties of HIMMO based on lattice-based cryptanalysis and provide figures on speed and memory usage of an implementation for various system parameters.

Trusted Friend Attack: Guardian Angels Strike

In this paper, we survey the "Forgot your password" functionality of fifty social networks and investigate the security of the password recovery mechanisms for the important special case that the user has also lost access to his email account. We were able to compromise accounts on six social networks (Delicious, Academia, GetGlue, Lokalisten, Freizeit-Freunde and StayFriends) and block account on MeetUp due to the weaknesses in the password recovery feature and help from their untrained support teams.

In addition, we were able to compromise Facebook users accounts through a novel attack on the password recovery feature of Facebook that we call Trusted Friend Attack (TFA). We were able to circumvent reputation-based security mechanisms of Facebook. The only prerequisite for TFA is that the victim accepts three friendship requests from different Facebook accounts of the attacker. We have responsibly reported all attacks to the respective security teams and they have acknowledged our work. In the end, we provide general security guidelines for users of social networks.

Pentesting iOS Apps - Runtime Analysis and Manipulation

Security testing of mobile apps and their environment has become increasingly important in recent years. However, there is still a lack of testing methodologies and supporting tools. Accordingly, the objective of this presentation is to close that gap. As in any kind of software security assessment two different approaches do exist: static and dynamic analysis. While static analysis gives detailed insights into a mobile app, it is not always the most practicable way. To evaluate the security level of a mobile app within an economically reasonable timeframe, it is worthwhile to combine both, static and dynamic analysis. During this talk, I will explain the basic concepts of Objective-C and its runtime. Objective-C supports the concepts of reflection, also known as introspection. This describes the ability to examine and modify the structure and behavior (specifically the values, meta-data, properties and functions) of an object at runtime.

Based on this dynamic nature of the Objective-C runtime, I will show how runtime analysis and manipulation eases security assessments of mobile apps. For this purpose, I will discuss the backgrounds, techniques, problems and solutions to Objective-C runtime analysis and manipulation. I will demonstrate how running applications can be extended with additional debugging and runtime tracing capabilities, and how this facilitates both dynamic and static analysis of Apple iOS apps. Moreover, a new tool to assist dynamic analysis and security assessments of iOS Apps will be demonstrated. This tool allows on-the-fly manipulations of arbitrary iOS Apps with an easy-to-use graphical user interface. Thus, bypassing client-side restrictions or unlocking additional features and premium content of Apps is going to be a child's play.

Security Analysis of a Widely Deployed Locking System

Electronic locking systems are rather new products in the physical access control market. In contrast to mechanical locking systems, they provide several convenient features such as more flexible access rights management, the possibility to revoke physical keys and the claim that electronic keys cannot be cloned as easily as their mechanical counterparts. While for some electronic locks, mechanical flaws have been found, only a few publications analyzed the cryptographic security of electronic locking systems. In this talk, the security analysis results of a widely deployed electronic locking system will be presented.

For the analysis, our team reverse-engineered the radio protocol and cryptographic primitives used in the system. While we consider the system concepts to be well-designed, we discovered some implementation flaws that allow the extraction of a system-wide master secret with a brute force attack or by performing a Differential Power Analysis attack to any electronic key. In addition, we discovered a weakness in the Random Number Generator that allows opening a door without breaking cryptography under certain circumstances.

This talk gives a description of our analysis methods, the results and its implications. Furthermore, possible administrative and technical countermeasures against all discovered attacks are discussed. The talk is concluded by an examination of electronic lock security standards and recommends changes to one widely used standard that can help to improve the security of newly developed products.

Advances in Implementations of Code-based Cryptography on Reconfigurable Devices

Public-key schemes used in practice are either based on the factorization or the discrete logarithm problem. Since both problems are closely related, a major breakthrough in cryptanalysis (e.g., with the advent of quantum computing) will render nearly all currently employed security system useless. Code-based public-key cryptography is an established alternative that can be a potential replacement. This talk highlights recent advances in implementations of code-based cryptography on reconfigurable devices and demonstrates that efficient alternatives to classical asymmetric public-key schemes are already available.

Information Retrieval and Machine Learning for Interactive Bug Hunting

Discovering vulnerabilities in real world code can be a tremendous challenge. As many of today's security critical code bases have evolved to become research topics in their own right, fully automated, general purpose vulnerability discovery tools usually fail in practice. In consequence, tedious manual auditing of code remains a necessity to date.

Fortunately, practical bug hunting can benefit from tools that aim to assist rather than replace analysts. For example, interception proxies, tracers, disassemblers and fuzzers have shown to be highly effective at supporting the discovery of vulnerabilities. Following this notion, my work mostly focuses on the development of new techniques for assisted vulnerability discovery, particularly to deal with large and complex code bases.

In this talk, I will be presenting a new open-source code analysis platform which you can use to mine large C/C++ code bases for vulnerabilities using complex graph database queries. In addition, we will see that the graph database offers a useful source of information for custom analysis scripts. In particular, a tool built as a script on top of the analysis platform is presented that automatically derives simple programming rules from code using machine learning techniques. By employing anomaly detection, we are additionally able to detect deviations from these patterns and make them visible to auditors as they browse code.

Quan­ti­fy­ing the Se­cu­ri­ty of Gra­phi­cal Pass­words: The Case of An­dro­id Un­lock Pat­terns

Graphical passwords were proposed as an alternative to overcome the inherent limitations of text-based passwords, inspired by research that shows that the graphical memory of humans is particularly well developed. A graphical password scheme that has been widely adopted is the emph{Android Unlock Pattern}, a special case of the Pass-Go scheme with grid size restricted to $3 times 3$ points and restricted stroke count.

In this paper, we study the security of Android Unlock Patterns. By performing a large-scale user study, we measure actual user choices of patterns instead of theoretical considerations on password spaces. From this data we construct a model based on Markov chains that enables us to quantify the strength of Android Unlock Patterns. We found empirically that there is a high bias in the pattern selection process, e. g., the upper left corner and three-point long straight lines are very typical selection strategies. Consequently, the entropy of patterns is rather low, and our results indicate that the security offered by the scheme is less than the security of only three digit randomly-assigned PINs for guessing 20 % of all passwords (i. e., we estimate a partial guessing entropy $G_{0.2}$ of $9.10$ bit).

Based on these insights, we systematically improve the scheme by finding a small, but still effective change in the pattern layout that makes graphical user logins substantially more secure. By means of another user study, we show that some changes improve the security by more than doubling the space of actually used passwords (i. e., increasing the partial guessing entropy $G_{0.2}$ to $10.81$ bit).

eDiViDe: European Digital Virtual Design Lab - A Remote Learning Platform for Digital Design

In this seminar, the results of the eDiViDe project are presented and demonstrated. eDiViDe is a European project funded by the Erasmus action in the Lifelong Learning Program (LLP). The project is a cooperation between four partners: Katholieke Universiteit Leuven, Bonn-Rhein-Sieg University of Applied Sciences, Technical University of Kosice and University of Oslo.

The first goal of the project is the development of a remote learning platform for digital design. The platform consists of FPGA-driven setups that are locally hosted by the partner universities in Europe. Students can get access to the FPGA setups through a central server and portal website, which allows them to configure the setups and monitor the results via video and/or audio feedback. The setups are accompanied by exercises and examples that guide the students through the process of learning digital design. In general, the platform offers a motivating environment to learn digital design based on real-life applications.

The second goal of eDiViDe is to stimulate the integration of research into education, which is achieved by including research-related setups in the platform. This way, students can remotely get in touch or even cooperate with researchers all over the world. It also gives researches the possibility to make their research results visible.

The final goal of the project is to expand the use and the size of the platform. After contacting the project leader or one of the other partners, (1) access to the platform can be granted and/or (2) guidelines are provided on how to add a setup to the platform. Companies are also encouraged to use the platform for training or recruiting purposes or for promoting new products.

Dob­ber­tin Chal­len­ge 2013 So­lu­ti­on

In this presentation, the result of the Dobbertin Challenge 2013 is presented.

The challenge constisted a memo system with a Windows Kernel Module, which employed several anti-debugging techniques. The goal of the challenge was to break into the memo system and retrieve a secret message.

The focus of this presentation lies on the the cryptographic implementation and the kernel driver. Additionally, the different mechanisms used to prevent reverse engineering and ways to circumvent them are explained.

iOS 7 Security Overview

This session will give an overview over iOS security features and implemented attack mitigations that are present in iOS 7. Starting from the low level trusted boot chain we will cover security improvements up to the UI level. Among the topics covered are kernel level mitigations, code-signing, the application sandbox, user space mitigations and iOS's anti-persitence features. We will also discuss jailbreaking and how jailbreaking your iPhone weakens the overall protection.

Reverse Engineering and Cryptanalysis of the symmetric block cipher 'Chiasmus'

The Chiasmus algorithm was designed for the encryption of data with low to medium confidentiality requirements within German government institutions. So far no official public description of the algorithm exists. The talk outlines the process of reverse engineering the algorithm from publically available software. The cryptographic properties of the algorithm are described. Furthermore it is demonstrated how the specific publically available implementation of the algorithm can be broken completely.

A Short Review of Physical-Layer Security

In this talk we will review physical-layer security schemes that are used to enforce confidentiality and access control on the wireless channel. We will discuss the main assumptions made by these schemes as well as attacks that illustrate their limitations. Our review will include schemes based on channel reciprocity, friendly jamming schemes and schemes that leverage MIMO to achieve confidentiality and access control. We will conclude the talk with an analysis of a friendly jamming scheme proposed for the protection of medical implants.

Advanced ARM exploitation: Breaking into ARM's TrustZone

Modern smartphones and embedded platforms have to keep a lot of data secret: Credit-card data for NFC wallets, DRM keys, fingerprints etc. Recently, vendors started using a hardware security feature in modern ARM processors called TrustZone, a special, 'trusted' execution zone. This talk will give an introduction on how TrustZone works and afterwards discuss the lessons learned while (successfully) trying to exploit and rootkit TrustZone in a way that is agnostic and invisible to the normal operating system running on the device.

Machine Learning for Computer Security: Lessons Learned

Cryptography in the Presence of Side Channel Leakage

The security of many embedded computing solutions relies on cryptographic engines. A remaining threat to embedded cryptographic engines are side-channel attacks. While their applicability is limited to cases where an adversary can sample the side-channel leakage, the attacks usually succeed easily in those cases, unless the implementer invested considerable effort to prevent these attacks. However, common countermeasures against physical attacks are not completely fail-safe and overly expensive for most applications. This presentation will provide insight into some of the challenges of embedded security design; how side-channel leakage can be exploited, and how novel methods may make attacks infeasible in future applications.

SimuVEX: Using VEX in Symbolic Analysis

VEX, as part of Valgrind, is well-established in the world of dynamic analysis. However, there are certain questions that are best answered by symbolic analyses. In this talk I will describe the ideas behind symbolic analysis, detail challenges frequently faced when attempting to implement it, and introduce the work ongoing at UC Santa Barbara to use VEX to address these challenges, and implement a large-scale symbolic analysis system.

VEX is designed and widely used in dynamic analysis, in the form of Valgrind. Barring some implementation issues, VEX's side-effects-free, mostly-architecture-independent implementation provides an effective base on which to build non-dynamic analyses, as well. Specifically, we have used VEX to implement architecture-independent static and symbolic analyses.

Symbolic analysis is an active area of research, and many challenges are faced when attempting to implement it. These challenges include tradeoffs between tractability and precision when reasoning about symbolic memory, the NP-completeness of the underlying SMT-solving algorithms, difficult-to-analyze program actions, and many others. Some of these challenges are unsolveable, but compromises can be made to achieve useful results with symbolic analysis. This talk attempts to outline these challenges, describe some solutions, and provide a guide for parties interested in symbolic analysis with VEX.