Jedes Semester wird das HGI-Kolloquium zu aktuellen Themen der IT-Sicherheit angeboten. Es wird von den Lehrstühlen des Institutes organisiert und ist für alle interessierten Personen offen, externe Gäste sind immer willkommen. Wenn Sie den HGI-Newsletter abonnieren, bekommen Sie die Vortragsankündigungen rechtzeitig per E-Mail (Newsletter abbonieren).
Das Seminar findet in der Regel donnerstags um 12:00 Uhr im Raum ID 03/411 statt (Wegbeschreibung).
Im Wintersemester 2016/17 wird das Seminar von der Arbeitsgruppe Angewandte Kryptografie organisiert. Untenstehend finden Sie eine Liste der geplanten Termine und Vorträge für das ganze Semester.
|27.10.2016||Nele Mentens||KU Leuven||Implementation security through dynamic reconfiguration||ID 03/411||12:00 Uhr|
|31.10.2016||Jakub Szefer||Yale||Magnetic Side- and Covert-Channels using Smartphone Magnetic Sensors||ID 04/445||12:00 Uhr|
|15.12.2016||Sandip Kundu||Univ. of Massachusetts Amherst||Securing Physically Unclonable Functions||ID 03/455||11:00 Uhr|
|06.01.2017||Angela Sasse||University College London||Why Johnny, Jane, and their friends won't encrypt: barriers to the adoption of secure messaging tools||ID 04/445||11:00 Uhr|
|11.01.2017||Anders Fogh||G-DATA Advanced Analytics GmbH||Covert shotgun: Automatically finding covert channels in SMT||ID 03/445||16:00 Uhr|
|18.01.2017||Martin Schmiedecker||SBA Research Vienna||Turning Incident Response to Eleven||ID 03/445||16:00 Uhr|
|19.01.2017||Tobias Schneider||Ruhr-Universität Bochum||Towards Combined Countermeasures against Side-Channel and Fault-Injection Attacks||ID 03/411||12:00 Uhr|
|23.02.2017||Francois-Xavier Standaert||Université catholique de Louvain||Leakage-resilient symmetric cryptography||ID 03/419||12:00 Uhr|
|28.03.2017||Jens Müller||Ruhr-University Bochum||SoK: Exploiting Network Printers||ID 03/471||12:00 Uhr|
Implementation security through dynamic reconfiguration
In the past decade, a number of solutions for implementation security have been proposed based on dynamic hardware reconfiguration. This presentation gives an overview of the available architectures and technology for dynamic hardware reconfiguration, as well as the options for generating new configuration data. Further, we present a case study on pseudorandom number generators, exploring several dynamically reconfigurable architectures.
Magnetic Side- and Covert-Channels using Smartphone Magnetic Sensors
Side- and covert-channels are unintentional communication channels that can leak information about operations being performed on a computer, or serve as means of secrete commination between attackers, respectively. This presentation will discuss recent, new side- and covert-channels utilizing smartphone magnetic sensors. In particular, our work on these channels has shown that sensors outside of a computer hard drive can pick up the magnetic fields due to the moving hard disk head. With these measurements, we are able to deduce patterns about ongoing operations, such as detect what type of the operating system is booting up or what application is being started. Moreover, by inducing electromagnetic signals from a computer in a controlled way, attackers can modulate and transmit arbitrary binary data over the air. We show that modern smartphones are able to detect disturbances in the magnetic field at a distance of dozen or more cm from the computer, and can act as receivers of the transmitted information. Our methods do not require any additional equipment, firmware modifications or privileged access on either the computer (sender) or the smartphone (receiver). Based on the threats, potential counter-measures will be presented that can mitigate some of the channels.
Securing Physically Unclonable Functions
Proliferation of mobile computing hardware and emergence of Internet-of-Things have created a need for low-cost solutions for cryptographic functions such as authentication, encryption and digital signatures. Current best practices involve storing a secret key in a nonvolatile memory or battery backed SRAM which are vulnerable to invasive attacks. Physically Unclonable Functions (PUF) have been touted as an alternative for authentication and low-cost key generation. Due to the nature of applications, a PUF may operate in an untrusted environment where an adversary has the capability to eavesdrop on communications or even have physical possession of the PUF with the ability to apply any input and observe outputs. Securing PUF in this environment is challenging. While the actual threat model varies from application to application, there are some common security challenges for a PUF. In this talk, we will describe two such challenges: (i) ensuring uniqueness (ii) and thwarting modeling attacks. We will then present novel solutions to address those problems. Finally, we will conclude this talk with some open challenges.
Why Johnny, Jane, and their friends won't encrypt: barriers to the adoption of secure messaging tools
In 1999, Whitten & Tygar's "Why Johnny can't encrypt" identified a number of usability issues, and argued that these prevented non-expert users to use encryption correctly. In this talk, I will discuss to what extent these usability issues have been addressed by current tools. I will then present results from a study with 60 (mostly lapsed) users of secure messaging tools (such as Signal, Telegram and Threema) to explain that usability is only one of 3 classes of problems that stop people from using those tools - the other two categories being lack of utility, and fundamental misconceptions about the nature of threats, and how encryption safeguards against them. Based on these results, I will discuss how we can increase the utility of secure tools, and what types of communications/campaigns could transform the misconceptions.
Towards Combined Countermeasures against Side-Channel and Fault-Injection Attacks
Side-channel analysis and fault-injection attacks are known as major threats to any cryptographic implementation. Hardening cryptographic implementations with appropriate countermeasures is thus essential before they are deployed in the wild. However, countermeasures for both threats are of completely different nature: Side-channel analysis is mitigated by techniques that hide or mask key-dependent information while resistance against fault-injection attacks can be achieved by redundancy in the computation for immediate error detection. Since already the integration of any single countermeasure in cryptographic hardware comes with significant costs in terms of performance and area, a combination of multiple countermeasures is expensive and often associated with undesired side effects. In this talk, we introduce a countermeasure for cryptographic hardware implementations that combines the concept of a provably-secure masking scheme (i.e., threshold implementation) with an error detecting approach against fault injection. As a case study, we apply our generic construction to the lightweight LED cipher. Our LED instance achieves first-order resistance against side-channel attacks combined with a fault detection capability that is superior to that of simple duplication for most error distributions at an increased area demand of 12%.
Covert shotgun: Automatically finding covert channels in SMT
In this talk I will be discuss covert channels in modern CPUs. Covert channels present a way for an attacker to exfiltrate information or build command and control functionality when the attacker and victim share the same computer, but are isolated in different security domains with communication either disabled or monitored. This situation is common in cloud computing as well as in personal computers through execution of downloaded code such as Java script. The talk will focus on finding covert channels in the pipeline of modern x86-64 CPU. Initially the talk will introduce the concept of covert channels and the confinement problem as defined by Lampson in 1973. A short discussion of how covert channels are usually found will be given. I'll continue with showing how Simultaneous Multi-Threading (SMT) is implemented in the pipeline on Intel CPUs since Sandy Bridge and how this design gives rise to covert channels. Further we'll discuss how and why I automated the search for covert channels with a tool called Covert Shotgun. The results from Covert Shotgun will be presented and placed in a larger perspective.
Turning Incident Response to Eleven
We've all been there - this one course at university where they tell you to actually read the log files, do proper incident response, and document everything. And its all fun and games, until you get hit by reality and have to analyze a possible security incident with a laterally moving attacker, and possibly more than 100 affected systems. Or 1000. Or even more ... Next thing you remember is waking up in a room without windows, packed with hard drives that are labeled obscurely, and a hardware write blocker that only does USB 2.0.
Leakage-resilient symmetric cryptography
Side-channel analysis is an important concern for the security of cryptographic implementations, and may lead to powerful key recovery attacks if no countermeasures are deployed. Therefore, various types of protection mechanisms have been proposed over the last 20 years. The first solutions in this direction were typically aiming at reducing the amount of information leakage directly at the hardware level, and independent of the algorithm implemented. Over the years, a complementary approach (next denoted as leakage-resilience) emerged, trying to exploit the formalism of modern cryptography in order to design new constructions and security models in which the guarantees of provable security can be extended from mathematical objects towards physical ones. This naturally raises the question whether the formal results obtained in these models are practically relevant (both in terms of performance and security)? The development of sound connections between the formal models of leakageresilient (symmetric) cryptography and the practice of side-channel attacks was one of the main objectives of the CRASH project funded by the European Research Council. In this talk, I will survey a number of results we obtained in this direction. For this purpose, I will start with a separation result for the security of stateful and stateless primitives. I will then follow with a discussion of (i) pseudorandom building blocks together with the theoretical challenges they raise, and (ii) authentication, encryption and authenticated encryption schemes together with the practical challenges they raise. I will finally conclude by discussing emerging trends in the field of physically secure implementations.
SoK: Exploiting Network Printers
The idea of a paperless office has been dreamed for more than three decades. However, nowadays printers are still one of the most essential devices for daily work and private people. Instead of getting rid of them, printers evolved from simple printing devices to complex network computer systems installed directly in company networks, and carrying lots of confidential data in their print jobs. This makes them to an attractive attack target. In this paper we conduct a large scale analysis of printer attacks and systematize our knowledge by providing a general methodology for security analyses of printers. Based on our methodology we implemented an open-source tool called PRinter Exploitation Toolkit (PRET). We used PRET to evaluate 20 printer models from different vendors and found _all_ of them to be vulnerable to at least one of the tested attacks. These attacks included, for example, simple DoS attacks or skilled attacks extracting print jobs and system files. On top of our systematic analysis we reveal novel insights that enable attacks from the Internet by using advanced cross-site printing techniques combined with printer CORS-Spoofing. Finally, we show how to apply our attacks to systems beyond typical printers like Google Cloud Print or document processing websites. We hope that novel aspects from our work will become the foundation for future researches, for example, for the analysis of IoT security.