HGI-Kolloquium

Jedes Semester wird das HGI-Kolloquium zu aktuellen Themen der IT-Sicherheit angeboten. Es wird von den Lehrstühlen des Institutes organisiert und ist für alle interessierten Personen offen, externe Gäste sind immer willkommen. Wenn Sie den HGI-Newsletter abonnieren, bekommen Sie die Vortragsankündigungen rechtzeitig per E-Mail (Newsletter abbonieren).

Das Seminar findet in der Regel donnerstags um 12:00 Uhr im Raum ID 03/411 statt (Wegbeschreibung).

Im Wintersemester 2016/17 wird das Seminar von der Arbeitsgruppe Angewandte Kryptografie organisiert. Untenstehend finden Sie eine ­Liste der geplante­n Termine und Vorträge für das ganze Semester.

Datum Redner Zugehörigkeit Titel Raum Zeit
27.10.2016 Nele Mentens KU Leuven Implementation security through dynamic reconfiguration ID 03/411 12:00 Uhr
31.10.2016 Jakub Szefer Yale Magnetic Side- and Covert-Channels using Smartphone Magnetic Sensors ID 04/445 12:00 Uhr
15.12.2016 Sandip Kundu Univ. of Mas­sachu­setts Am­herst Securing Physically Unclonable Functions ID 03/455 11:00 Uhr
06.01.2017 Angela Sasse University College London Why Johnny, Jane, and their friends won't encrypt: barriers to the adoption of secure messaging tools ID 04/445 11:00 Uhr
11.01.2017 Anders Fogh G-DATA Advanced Analytics GmbH Covert shotgun: Automatically finding covert channels in SMT ID 03/445 16:00 Uhr
18.01.2017 Martin Schmiedecker SBA Research Vienna Turning Incident Response to Eleven ID 03/445 16:00 Uhr
19.01.2017 Tobias Schneider Ruhr-Universität Bochum Towards Combined Countermeasures against Side-Channel and Fault-Injection Attacks ID 03/411 12:00 Uhr
23.02.2017 Francois-Xavier Standaert Université catholique de Louvain Leakage-resilient symmetric cryptography ID 03/419 12:00 Uhr
28.03.2017 Jens Mül­ler Ruhr-Uni­ver­si­ty Bo­chum SoK: Ex­ploit­ing Net­work Prin­ters ID 03/463 12:00 Uhr

Implementation security through dynamic reconfiguration

In the past decade, a number of solutions for implementation security have been proposed based on dynamic hardware reconfiguration. This presentation gives an overview of the available architectures and technology for dynamic hardware reconfiguration, as well as the options for generating new configuration data. Further, we present a case study on pseudorandom number generators, exploring several dynamically reconfigurable architectures.

Magnetic Side- and Covert-Channels using Smartphone Magnetic Sensors

Side- and covert-channels are unintentional communication channels that can leak information about operations being performed on a computer, or serve as means of secrete commination between attackers, respectively. This presentation will discuss recent, new side- and covert-channels utilizing smartphone magnetic sensors. In particular, our work on these channels has shown that sensors outside of a computer hard drive can pick up the magnetic fields due to the moving hard disk head. With these measurements, we are able to deduce patterns about ongoing operations, such as detect what type of the operating system is booting up or what application is being started. Moreover, by inducing electromagnetic signals from a computer in a controlled way, attackers can modulate and transmit arbitrary binary data over the air. We show that modern smartphones are able to detect disturbances in the magnetic field at a distance of dozen or more cm from the computer, and can act as receivers of the transmitted information. Our methods do not require any additional equipment, firmware modifications or privileged access on either the computer (sender) or the smartphone (receiver). Based on the threats, potential counter-measures will be presented that can mitigate some of the channels.

Securing Physically Unclonable Functions

Proliferation of mobile computing hardware and emergence of Internet-of-Things have created a need for low-cost solutions for cryptographic functions such as authentication, encryption and digital signatures. Current best practices involve storing a secret key in a nonvolatile memory or battery backed SRAM which are vulnerable to invasive attacks. Physically Unclonable Functions (PUF) have been touted as an alternative for authentication and low-cost key generation. Due to the nature of applications, a PUF may operate in an untrusted environment where an adversary has the capability to eavesdrop on communications or even have physical possession of the PUF with the ability to apply any input and observe outputs. Securing PUF in this environment is challenging. While the actual threat model varies from application to application, there are some common security challenges for a PUF. In this talk, we will describe two such challenges: (i) ensuring uniqueness (ii) and thwarting modeling attacks. We will then present novel solutions to address those problems. Finally, we will conclude this talk with some open challenges.

Why Johnny, Jane, and their friends won't encrypt: barriers to the adoption of secure messaging tools

In 1999, Whitten & Tygar's "Why Johnny can't encrypt" identified a number of usability issues, and argued that these prevented non-expert users to use encryption correctly. In this talk, I will discuss to what extent these usability issues have been addressed by current tools. I will then present results from a study with 60 (mostly lapsed) users of secure messaging tools (such as Signal, Telegram and Threema) to explain that usability is only one of 3 classes of problems that stop people from using those tools - the other two categories being lack of utility, and fundamental misconceptions about the nature of threats, and how encryption safeguards against them. Based on these results, I will discuss how we can increase the utility of secure tools, and what types of communications/campaigns could transform the misconceptions.

Towards Combined Countermeasures against Side-Channel and Fault-Injection Attacks

Side-channel analysis and fault-injection attacks are known as major threats to any cryptographic implementation. Hardening cryptographic implementations with appropriate countermeasures is thus essential before they are deployed in the wild. However, countermeasures for both threats are of completely different nature: Side-channel analysis is mitigated by techniques that hide or mask key-dependent information while resistance against fault-injection attacks can be achieved by redundancy in the computation for immediate error detection. Since already the integration of any single countermeasure in cryptographic hardware comes with significant costs in terms of performance and area, a combination of multiple countermeasures is expensive and often associated with undesired side effects. In this talk, we introduce a countermeasure for cryptographic hardware implementations that combines the concept of a provably-secure masking scheme (i.e., threshold implementation) with an error detecting approach against fault injection. As a case study, we apply our generic construction to the lightweight LED cipher. Our LED instance achieves first-order resistance against side-channel attacks combined with a fault detection capability that is superior to that of simple duplication for most error distributions at an increased area demand of 12%.

Covert shotgun: Automatically finding covert channels in SMT

In this talk I will be discuss covert channels in modern CPUs. Covert channels present a way for an attacker to exfiltrate information or build command and control functionality when the attacker and victim share the same computer, but are isolated in different security domains with communication either disabled or monitored. This situation is common in cloud computing as well as in personal computers through execution of downloaded code such as Java script. The talk will focus on finding covert channels in the pipeline of modern x86-64 CPU. Initially the talk will introduce the concept of covert channels and the confinement problem as defined by Lampson in 1973. A short discussion of how covert channels are usually found will be given. I'll continue with showing how Simultaneous Multi-Threading (SMT) is implemented in the pipeline on Intel CPUs since Sandy Bridge and how this design gives rise to covert channels. Further we'll discuss how and why I automated the search for covert channels with a tool called Covert Shotgun. The results from Covert Shotgun will be presented and placed in a larger perspective.

Turning Incident Response to Eleven

We've all been there - this one course at university where they tell you to actually read the log files, do proper incident response, and document everything. And its all fun and games, until you get hit by reality and have to analyze a possible security incident with a laterally moving attacker, and possibly more than 100 affected systems. Or 1000. Or even more ... Next thing you remember is waking up in a room without windows, packed with hard drives that are labeled obscurely, and a hardware write blocker that only does USB 2.0.

Leakage-resilient symmetric cryptography

Side-channel analysis is an important concern for the security of cryptographic implementations, and may lead to powerful key recovery attacks if no countermeasures are deployed. Therefore, various types of protection mechanisms have been proposed over the last 20 years. The first solutions in this direction were typically aiming at reducing the amount of information leakage directly at the hardware level, and independent of the algorithm implemented. Over the years, a complementary approach (next denoted as leakage-resilience) emerged, trying to exploit the formalism of modern cryptography in order to design new constructions and security models in which the guarantees of provable security can be extended from mathematical objects towards physical ones. This naturally raises the question whether the formal results obtained in these models are practically relevant (both in terms of performance and security)? The development of sound connections between the formal models of leakageresilient (symmetric) cryptography and the practice of side-channel attacks was one of the main objectives of the CRASH project funded by the European Research Council. In this talk, I will survey a number of results we obtained in this direction. For this purpose, I will start with a separation result for the security of stateful and stateless primitives. I will then follow with a discussion of (i) pseudorandom building blocks together with the theoretical challenges they raise, and (ii) authentication, encryption and authenticated encryption schemes together with the practical challenges they raise. I will finally conclude by discussing emerging trends in the field of physically secure implementations.

SoK: Ex­ploit­ing Net­work Prin­ters

The idea of a pa­per­less of­fice has been drea­med for more than three deca­des. Howe­ver, no­wa­days prin­ters are still one of the most es­sen­ti­al de­vices for daily work and pri­va­te peop­le. In­s­tead of get­ting rid of them, prin­ters evol­ved from sim­ple prin­ting de­vices to com­plex net­work com­pu­ter sys­tems in­stal­led di­rect­ly in com­pa­ny net­works, and car­ry­ing lots of con­fi­den­ti­al data in their print jobs. This makes them to an attrac­tive at­tack tar­get. In this paper we con­duct a large scale ana­ly­sis of prin­ter at­tacks and sys­te­ma­ti­ze our know­ledge by pro­vi­ding a ge­ne­ral me­tho­do­lo­gy for se­cu­ri­ty ana­ly­ses of prin­ters. Based on our me­tho­do­lo­gy we im­ple­men­ted an open-sour­ce tool cal­led PRin­ter Ex­ploi­ta­ti­on Tool­kit (PRET). We used PRET to eva­lua­te 20 prin­ter mo­dels from dif­fe­rent ven­dors and found _all_ of them to be vul­nerable to at least one of the tested at­tacks. These at­tacks in­clu­ded, for ex­amp­le, sim­ple DoS at­tacks or skil­led at­tacks extrac­ting print jobs and sys­tem files. On top of our sys­te­ma­tic ana­ly­sis we re­veal novel in­sights that enable at­tacks from the In­ter­net by using ad­van­ced cross-si­te prin­ting tech­ni­ques com­bined with prin­ter CORS-Spoo­fing. Fi­nal­ly, we show how to apply our at­tacks to sys­tems bey­ond ty­pi­cal prin­ters like Goog­le Cloud Print or do­cu­ment pro­ces­sing web­sites. We hope that novel as­pects from our work will be­co­me the fo­un­da­ti­on for fu­ture re­se­ar­ches, for ex­amp­le, for the ana­ly­sis of IoT se­cu­ri­ty.