Now showing 1 - 10 of 489
  • Publication
    GRAIN - Truly Privacy-friendly and Self-sovereign Trust Establishment with GNS and TRAIN
    Robust and secure trust establishment is an open problem in the domain of self-sovereign identities (SSI). The TRAIN [KR21] concept proposes to leverage the security guarantees and trust anchor of the DNS to publish and resolve pointers to trust lists from DNS. While the DNS is a corner stone of the Internet, its continued use is primarily a consequence of inertia due to its crucial function as the address discovery system for existing Internet services. Research and development in the area of SSI is — for the most part — green field. The choice of DNS as a core building block appears fainthearted given its open security issues. Recently, the IETF paved the way to experiment with alternative name systems in real world deployments by reserving the special-use top-level domain ".alt" in the domain name space [KH23]. This allows us to use alternative name systems such as the GNU Name System (GNS) [SGF23a] without intruding into the domain name space reserved for DNS. In this paper, we show how we can use the GNS as a drop-in replacement for DNS in TRAIN. We show how TRAIN-over-GNS (GRAIN) can deliver security and privacy improvements the security concept of TRAIN-over DNS and show that it is practically feasible with limited modifications of existing software stacks.
  • Publication
    Uniform instruction set extensions for multiplications in contemporary and post-quantum cryptography
    ( 2024)
    Oberhansl, Felix Fritz
    ;
    Fritzmann, Tim
    ;
    Pöppelmann, Thomas
    ;
    Basu Roy, Debapriya
    ;
    Hybrid key encapsulation is in the process of becoming the de-facto standard for integration of post-quantum cryptography (PQC). Supporting two cryptographic primitives is a challenging task for constrained embedded systems. Both contemporary cryptography based on elliptic curves or RSA and PQC based on lattices require costly multiplications. Recent works have shown how to implement lattice-based cryptography on big-integer coprocessors. We propose a novel hardware design that natively supports the multiplication of polynomials and big integers, integrate it into a RISC-V core, and extend the RISC-V ISA accordingly. We provide an implementation of Saber and X25519 to demonstrate that both lattice- and elliptic-curve-based cryptography benefits from our extension. Our implementation requires only intermediate logic overhead, while significantly outperforming optimized ARM Cortex M4 implementations, other hardware/software codesigns, and designs that rely on contemporary accelerators.
  • Publication
    Cybersecurity risk analysis of an automated driving system
    ( 2023-10-25) ;
    Puch, Nikolai
    ;
    Emeis, David
    New laws and technologies, but also persistent problems like truck driver shortage, have led to advances in the field of autonomous driving and consequently to new cyber risks. We present the results of our cyber security risk analysis for a Control Center-supervised Level 4 Automated Driving System (ADS), whose system model we created through expert interviews with a global truck manufacturer. Example damage scenarios with high impact rating include Disclosure of video data, Loss of ADS function in motion, Dangerous driving maneuvers, and Activation outside of Operational Design Domain. We have identified over 200 threat scenarios, consisting of a combination of main attack steps that threaten specific parts of the item and preparation steps that determine how these parts are accessed and by which type of attacker. Without taking controls into account, the realization of these threat scenarios results in 65 significant risks. We propose to treat the threat scenarios, on the one hand, by claims concerning implementation-relevant aspects as Detection of system failure and security controls such as Authentic transmission of data. We conclude by detailing principles we have extracted from our analysis that can be applied to other cyber security risk analyses of automated driving systems.
  • Publication
    MANTRA: A Graph-based Unified Information Aggregation Foundation for Enhancing Cybersecurity Management in Critical Infrastructures
    ( 2023-06)
    Fuxen, Philipp
    ;
    Hackenberg, Rudolf
    ;
    ;
    Ross, Mirko
    ;
    ;
    Schunck, Christian Heinrich
    ;
    Yahalom, Raphael
    The digitization of almost all sectors of life and the quickly growing complexity of interrelationships between actors in this digital world leads to a dramatically increasing attack surface regarding both direct and also indirect attacks over the supply chain. These supply chain attacks can have different characters, e.g., vulnerabilities and backdoors in hardware and software, illegitimate access by compromised service providers, or trust relationships to suppliers and customers exploited in the course of business email compromise. To address this challenge and create visibility along these supply chains, threat-related data needs to be rapidly exchanged and correlated over organizational borders. The publicly funded project MANTRA is meant to create a secure and resilient framework for real-time exchange of cyberattack patterns and automated, contextualized risk management. The novel graph-based approach provides benefits for automation regarding cybersecurity management, especially when it comes to prioritization of measures for risk reduction and during active defense against cyberattacks. In this paper, we outline MANTRA's scope, objectives, envisioned scientific approach, and challenges.
  • Publication
    CompaSeC: A Compiler-Assisted Security Countermeasure to Address Instruction Skip Fault Attacks on RISC-V
    ( 2023-01-31)
    Geier, Johannes
    ;
    ;
    Mueller-Gritschneder, Daniel
    ;
    Sharif, Uzair
    ;
    Schlichtmann, Ulf
    Fault-injection attacks are a risk for any computing system executing security-relevant tasks, such as a secure boot process. While hardware-based countermeasures to these invasive attacks have been found to be a suitable option, they have to be implemented via hardware extensions and are thus not available in most Commonly used Off-The-Shelf (COTS) components. Software Implemented Hardware Fault Tolerance (SIHFT) is therefore the only valid option to enhance a COTS system’s resilience against fault attacks. Established SIHFT techniques usually target the detection of random hardware errors for functional safety and not targeted attacks. Using the example of a secure boot system running on a RISC-V processor, in this work we first show that when the software is hardened by these existing techniques from the safety domain, the number of vulnerabilities in the boot process to single, double, triple, and quadruple instruction skips cannot be fully closed. We extend these techniques to the security domain and propose Compiler-assisted Security Countermeasure (CompaSeC). We demonstrate that CompaSeC can close all vulnerabilities for the studied secure boot system. To further reduce performance and memory overheads we additionally propose a method for CompaSeC to selectively harden individual vulnerable functions without compromising the security against the considered instruction skip faults.
  • Publication
    Security Risk Assessments: Modeling and Risk Level Propagation
    ( 2023)
    Angermeier, Daniel
    ;
    Wester, Hannah
    ;
    Beilke, Kristian
    ;
    Hansch, Gerhard
    ;
    Eichler, Jörn
    Security risk assessment is an important task in systems engineering. It is used to derive security requirements for a secure system design and to evaluate design alternatives as well as vulnerabilities. Security risk assessment is also a complex and interdisciplinary task, where experts from the application domain and the security domain have to collaborate and understand each other. Automated and tool-supported approaches are desired to help manage the complexity. However, the models used for system engineering usually focus on functional behavior and lack security-related aspects. Therefore, we present our modeling approach that alleviates communication between the involved experts and features steps of computer-aided modeling to achieve consistency and avoid omission errors. We demonstrate our approach with an example. We also describe how to model impact rating and attack feasibility estimation in a modular fashion, along with the propagation and aggregation of these estimations through the model. As a result, experts can make local decisions or changes in the model, which in turn provides the impact of these decisions or changes on the overall risk profile. Finally, we discuss the advantages of our model-based method.
  • Publication
    Ist das die Wallet der Zukunft?
    ( 2023)
    Krauß, Anna-Magdalena
    ;
    ;
    Kostic, Sandra
    Heutzutage werden digitale Identitäten oft unsicher umgesetzt und sind mit der Erstellung von vielen unterschiedlichen Accounts durch Nutzende verbunden. Das soll langfristig durch die Nutzung sogenannter Digital Identity Wallets verbessert werden. Diese Wallets ermöglichen die Verwaltung und Nutzung von digitalen Identitäten sowie Nachweisdokumenten. Dazu gehören unter anderem Nachweise wie der Führerschein, der Bibliotheksausweis oder auch Flugtickets. Alle diese Daten können gemeinsam in einer Wallet-App auf den Endgeräten der Nutzenden gespeichert werden. Die Nutzenden verwalten ihre Daten eigenständig und entscheiden selbst darüber, welche und wie viele Daten sie über sich preisgeben wollen.Aktuelle Forschungen zeigen allerdings, dass die bisher entwickelten Wallets Usability-Probleme aufweisen, sodass Nutzende nur schwer das Konzept dieser Wallets greifen können. Zudem weisen heutige digitale Dienstleistungen zahlreiche Hürden auf, welche den Einsatz von digitalen Identitäten erschweren.In diesem Beitrag wird basierend auf einer Wallet-Analyse und User-Experience-Anforderungen ein Konzeptvorschlag für eine nutzungsfreundlichere Wallet vorgestellt, bei der die Nutzenden im Mittelpunkt stehen. So sieht dieses Konzept einen umfangreicheren Funktionsumfang im Vergleich zu aktuellen Wallet Umsetzungen vor, mit dem Ziel die Wallet stärker den Bedürfnissen der Nutzenden anzupassen. Darunter fallen Funktionen wie die Kommunikation zwischen Wallet und Dienstanbieter ohne die Notwendigkeit des Teilens von Kontaktdaten, die Option der Dauervollmachten zur Freigabe von Daten, die Möglichkeit der Verwaltung von Daten in Vertretung anderer Personen sowie die Organisation der eigenen Daten.
  • Publication
    Quantum-Resistant MACsec and IPsec for Virtual Private Networks
    ( 2023)
    Gazdag, Stefan-Lukas
    ;
    Grundner-Culemann, Sophia
    ;
    Heider, Tobias
    ;
    Herzinger, Daniel
    ;
    Schärtl, Felix
    ;
    Cho, Joo Yeon
    ;
    Guggemos, Tobias
    ;
    Loebenberger, Daniel
    Despite considerable progress in theoretical post-quantum cryptography we have yet to see significant advances in its practical adoption. The necessary protocol modifications need to be identified, implemented and tested; good solutions need to be standardized and finally adopted in the real world. This work executes the first steps needed to standardize quantum-proof Virtual Private Networks (VPNs) on Layers 2 and 3 of the OSI model employing the MACsec/MKA and IPsec/IKEv2 protocols, respectively. We identify requirements and assemble a list of ideal features, discuss difficulties and possible solutions, point out our standardization efforts, and provide the results of some sample implementations for both layers.
  • Publication
    VE-FIDES: Designing Trustworthy Supply Chains Using Innovative Fingerprinting Implementations
    ( 2023)
    Lippmann, Bernhard
    ;
    Hatsch, Joel
    ;
    Seidl, Stefan
    ;
    Houdeau, Detlef
    ;
    Subrahmanyam, Niranjana Papagudi
    ;
    Schneider, Daniel
    ;
    Safieh, Malek
    ;
    Passarelli, Anne
    ;
    Maftun, Aliza
    ;
    Brunner, Michaela
    ;
    Music, Tim
    ;
    Pehl, Michael
    ;
    Siddiqui, Tauseef
    ;
    Brederlow, Ralf
    ;
    Schlichtmann, Ulf
    ;
    Driemeyer, Bjoern
    ;
    Ortmanns, Maurits
    ;
    ;
    The project VE-FIDES will contribute with a solution based on an innovative multi-level fingerprinting approach to secure electronics supply chains against the threats of malicious modification, piracy, and counterfeiting. Hardware-fingerprints are derived from minuscule, unavoidable process variations using the technology of Physical Unclonable Functions (PUFs). The derived fingerprints are processed to a system fingerprint enabling unique identification, not only of single components but also on PCB level. With the proposed concept, we show how the system fingerprint can enhance the trustworthiness of the overall system. For this purpose, the complete system including tiny sensors, a Secure Element and its interface to the application is considered in VE-FIDES. New insights into methodologies to derive component and system fingerprints are gained. These techniques for the verification of system integrity are complemented by methods for preventing reverse engineering. Two application scenarios are in the focus of VE-FIDES: Industrial control systems and an automotive use case are considered, giving insights to a wide spectrum of requirements for products built from components provided by international supply chains.