HGI-Kolloquium

Jedes Semester wird das HGI-Kolloquium zu aktuellen Themen der IT-Sicherheit angeboten. Es wird von den Lehrstühlen des Institutes organisiert und ist für alle interessierten Personen offen, externe Gäste sind immer willkommen. Wenn Sie den HGI-Newsletter abonnieren, bekommen Sie die Vortragsankündigungen rechtzeitig per E-Mail (Newsletter abbonieren).

Das Seminar findet in der Regel donnerstags um 12:00 Uhr im Gebäude ID auf Etage 03 in Raum 411 statt Wegbeschreibung.

Dieses Semester wird das Seminar vom Lehrstuhl für Netz- und Datensicherheit organisiert. Untenstehend finden Sie eine ­Liste der geplante­n Termine und Vorträge für das ganze Semester. Falls nicht anders angekündigt, finden alle Vorträge um 12.00 Uhr s.t. statt.

Datum Vortragende Person Zugehörigkeit Titel Raumnummer Beginn
09.10.2014 Joe Bonneau Center For Information Technology Policy, Princeton Bitcoin as a source of verifiable public randomness ID 03/411 12.00 Uhr
22.10.2014 Alexander Inführ   Adobe Reader - Pictures and Text on Steroids ID 03/445 16.00 Uhr
05.11.2014 Collin Mulliner Systems Security Lab, Northeastern University Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces ID 03/445 16.00 Uhr
13.11.2014 Florian Bergsma Ruhr-Universität Bochum Modeling advanced functionalities of cryptographic real-world protocols ID 03/411 12.00 Uhr
27.11.2014 Mauro Conti University of Padua, Italy Future Internet Security and Privacy (challenges) ID 03/411 12.00 Uhr
28.11.2014 Stavros Kousidis, Manfred Lochter Bundesamt für Sicherheit in der Informationstechnik Entwicklung von TLS ID 03/411 12.00 Uhr
08.01.2015 Robert Kübler Ruhr Universität Bochum Über die Dobbertin Challenge 2014 ID 03/411 12:00 Uhr
15.01.2015 Markus Kammerstetter Vienna University of Technology Breaking Integrated Circuit Device Security through Test Mode Silicon Reverse Engineering ID 04/471 14.00 Uhr
05.02.2015 Felix Schuster Ruhr Universität Bochum The Difficulty of Preventing Code Reuse Attacks ID 03/411 12:00 Uhr

Bitcoin as a source of verifiable public randomness

Many security protocols can be strengthened by a public randomness beacon: a source of randomness which can be sampled by anybody after time t, but is strongly unpredictable to anybody prior to time t. Applications include public lotteries, election auditing, and multiple cryptographic protocols such as cut-and-choose or fair contract signing. Until recently, all proposals for instantiating a beacon either rely on a trusted third party (such as the NIST beacon or random.org) or have difficult-to-evaluate security properties (such as hashing stock market data). In this talk we introduce a new construction for building a beacon based on Bitcoin's block chain. This beacon outputs 64 bits of min-entropy every 10 minutes on average and we can prove strong financial lower bounds on the cost of manipulating the output which are at least in the tens of thousands of dollars. We discuss constructions for building a manipulation-resistant lottery, a new security construction, on top of this primitive which can make attacks even more expensive. Finally, we discuss a number of interesting smart contracts that can be efficiently implemented by extending Bitcoin script to enable sampling the beacon output, including secure multi-party lotteries and self-enforcing non-interactive cut and choose.

Adobe Reader - Pictures and Text on Steroids

Adobe Reader is a widely known tool for viewing text and pictures. At least this is what the average user believes it does. This talk is not about another memory corruption bug in Adobe Reader. After being introduced into the most important concepts of PDF, the powerful features of PDF will be explored. During this talk you will see unpatched vulnerabilities, which were found during the research for this talk. In the end you will know, why PDF is a scary beast!

Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces

Graphical user interfaces (GUIs) contain a number of common visual elements or widgets such as labels, text fields, buttons, and lists. GUIs typically provide the ability to set attributes on these widgets to control their visibility, enabled status, and whether they are writable. While these attributes are extremely useful to provide visual cues to users to guide them through an application's GUI, they can also be misused for purposes they were not intended. In particular, in the context of GUI-based applications that include multiple privilege levels within the application, GUI element attributes are often misused as a mechanism for enforcing access control policies.

In this session, we introduce GEMs, or instances of GUI element misuse, as a novel class of access control vulnerabilities in GUI-based applications. We present a classification of different GEMs that can arise through misuse of widget attributes, and describe a general algorithm for identifying and confirming the presence of GEMs in vulnerable applications. We then present GEM Miner, an implementation of our GEM analysis for the Windows platform. We evaluate GEM Miner using real-world GUI-based applications that target the small business and enterprise markets, and demonstrate the efficacy of our analysis by finding numerous previously unknown access control vulnerabilities in these applications.

Modeling advanced functionalities of cryptographic real-world protocols

Cryptographic Authentication and Key-Exchange (AKE) protocols are the foundation of secure communication. Theoretically, secure communication is possible and proven to hold for the most important protocol on the Internet: The Transport Layer Security (TLS) protocol. Despite correct security proofs for some instantiations, new attacks on TLS are published frequently. Therefore, it is evident that a gap between theory and practice exists for real-world protocols.

This talk is on modeling and analyzing advanced functionalities of cryptographic real-world protocols. These functionalities are renegotiation of cryptographic parameters an authentication and public key reuse for signature keys.

Future Internet Security and Privacy (challenges)

The Internet is an amazing success story, connecting hundreds of millions of users. However, in the last decade, there has been a growing realization that the current Internet Protocol is reaching the limits of its senescence. In fact, the way people access and utilize it has changed radically since the 1970-s when its architecture was conceived.This has prompted several research efforts that aim to design potential next-generation Internet architectures. In particular, Content-Centric Networking (CCN) is an emerging networking paradigm being considered as a possible replacement for the current IP-based host-centric Internet infrastructure. CCN focuses on content distribution, which is arguably not well served by IP. Named-Data Networking (NDN) is an example of CCN. NDN is also an active research project under the NSF Future Internet Architectures (FIA) program. FIA emphasizes security and privacy from the outset and by design. To be a viable Internet architecture, NDN must be resilient against current and emerging threats. In this talk, we highlight the main security and privacy issues we identified in NDN. Then, as a representative case, we discuss interest flooding, a possible denial-of-service attack that exploits key architectural features of NDN. We show that an adversary with limited resources can implement such attack, having a significant impact on network performance. We then introduce Poseidon: a framework for detecting and mitigating interest flooding attacks. Finally, we report on results of extensive simulations assessing proposed countermeasure.

Entwicklung von TLS

1) Die TLS Arbeitsgruppe der IETF hat beschlossen wegen mangelnder Perfect Forward Secrecy (PFS) den RSA-Schlüsseltransport aus der TLS 1.3 Spezifikation zu entfernen und sich in Zukunft auf Diffie-Hellman zu beschränken. Vorgestellt werden einige Überlegungen, warum ein Schlüsseltransport in TLS aus PQ-Sicht sinnvoll sein kann und wie man eine PFS-Variante definieren kann.

2) Auf Bitte der TLS Arbeitsgruppe diskutiert die CFRG (Crypto Forum Research Group) neue Elliptische Kurven für ECC. Es werden verschiedene Aspekte dieses Auswahlprozesses besprochen.

Über die Dobbertin Challenge 2014

Die Dob­ber­tin Chal­len­ge for­dert seit 2006 Stu­die­ren­de auf sich kryp­to­gra­phi­schen Her­aus­for­de­run­gen zu stel­len. Der Dob­ber­tin Preis wird in Er­in­ne­rung an Prof. Hans Dob­ber­tin, dem Grün­dungs­di­rek­tor des Horst Görtz In­sti­tuts für IT-Si­cher­heit (HGI) und In­ha­ber des Lehr­stuhls für Kryp­to­lo­gie und In­for­ma­ti­ons­si­cher­heit der Ruhr-Uni­ver­si­tät Bo­chum von 2001-2006, jährlich ver­ge­ben. Dob­ber­tin er­lang­te in den 90er-Jah­ren als Kryp­to­graph Welt­ruhm durch seine Ar­bei­ten über An­grif­fe auf Hash-Funk­tio­nen. Er zähl­te zu den bes­ten Kryp­to­lo­gen der Welt, und wurde als "Deutsch­lands bes­ter Code­kna­cker" be­zeich­net.

Dieses Jahr musste das Verschlüsselungssystem NTRU mit Hilfe von Seitenkanalinformationen aus einem Cold Boot Angriff geknackt werden. Der Vortragende wird seine Lösung vorstellen.

Breaking Integrated Circuit Device Security through Test Mode Silicon Reverse Engineering

Integrated Circuit (IC) device manufacturing is a challenging task and often results in subtle defects that can render a chip unusable. To detect these defects at multiple stages during the IC production process, test modes are inserted (Design For Testability). On the downside, attackers can use these test modes to break IC device security and extract sensitive information such as the firmware implementation or secret key material. While in high security smart cards the testing circuits are physically removed during production for this reason, in the majority of digital ICs the testing modes remain intact. Often they are undocumented, well-hidden and contain secret test commands. Utilizing search algorithms and/or side channel information, several attacks on secret testing modes have been presented lately. Accordingly, countermeasures that frequently rely on obfuscation techniques have been proposed as more advanced cryptographic methods would require significantly more space on the die and thus cause higher production costs. In this work, we show that limited effort silicon reverse engineering can be effectively used to discover secret testing modes and that proposed obfuscation based countermeasures can be circumvented without altering the analysis technique. We describe our approach in detail at the example of a proprietary cryptographic game authentication chip of a well known gaming console and present an FPGA implementation of the previously secret authentication algorithm.

The Difficulty of Preventing Code Reuse Attacks

In this talk, I will give a brief introduction to code reuse attacks - e.g., return-oriented programming - and give an overview on recent developments in defenses; including academic proposal as well as actually deployed ones such as EMET and CFG.

I will present my own work on two advanced attack techniques dubbed "Branch History Flushing" (RAID 2014) and "Counterfeit Object-oriented Programming" (short COOP; in submission). COOP abuses common artifacts in binary C++ code and breaks with long-held assumptions on the nature of code reuse attacks. Consequently, it bypasses a wide range of existing defenses including the recently proposed "Code-Pointer Separation" (practical "Code-Pointer Integrity"; OSDI 2014) and Windows 10's CFG. I will discuss in particular why currently no strong defense against COOP exists that does not require access to a software's source code and why designing a strong binary-only defense will be challenging.

The main takeaway should be that many of today's defenses are built on improper assumptions and that even supposedly small "wiggle room" for an attacker can still lead to full system compromise.