Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

1
Reset filters

Settings
Now showing 1 - 9 of 9
No Thumbnail Available
Publication

GAIA-X and IDS

2021 , Otto, Boris , Rubina, Alina , Eitel, Andreas , Teuscher, Andreas , Schleimer, Anna Maria , Lange, Christoph , Stingl, Dominik , Loukipoudis, Evgueni , Brost, Gerd , Boege, Gernot , Pettenpohl, Heinrich , Langkau, Jörg , Gelhaar, Joshua , Mitani, Koki , Hupperz, Marius , Huber, Monika , Jahnke, Nils , Brandstädter, Robin , Wessel, Sascha , Bader, Sebastian

View
No Thumbnail Available
Publication

SEVered: Subverting AMD's virtual machine encryption

2018 , Morbitzer, Mathias , Huber, Manuel , Horsch, Julian , Wessel, Sascha

AMD SEV is a hardware feature designed for the secure encryption of virtual machines. SEV aims to protect virtual machine memory not only from other malicious guests and physical attackers, but also from a possibly malicious hypervisor. This relieves cloud and virtual server customers from fully trusting their server providers and the hypervisors they are using. We present the design and implementation of SEVered, an attack from a malicious hypervisor capable of extracting the full contents of main memory in plaintext from SEV-encrypted virtual machines. SEVered neither requires physical access nor colluding virtual machines, but only relies on a remote communication service, such as a web server, running in the targeted virtual machine. We verify the effectiveness of SEVered on a recent A MD SEV-enabled server platform running different services, such as web or SSH servers, in encrypted virtual machines. With these examples, we demonstrate that SEVered reliably and efficiently extracts all memory contents even in scenarios where the targeted virtual machine is under high load.

View
No Thumbnail Available
Publication

Transparent page-based kernel and user space execution tracing from a custom minimal ARM hypervisor

2015 , Horsch, Julian , Wessel, Sascha

In this paper, we present a framework for transparent kernel and user execution tracing from a minimal ARM hypervisor. The framework utilizes hardware-supported virtualization on modern ARM CPUs to restrict the number of executable pages in the system without interfering with the traced guest. The resulting page faults give the framework access to page-granular control flow information. The framework is transparent and agnostic to kernel and user space software not requiring any changes or additional components in the traced guest. The application scenarios for the framework include malware analysis, malware detection and runtime integrity protection. We furthermore present a detailed example application for the framework which uses the provided trace data to enforce a particular page-granular control flow to defend the guest against control flow hijacking attacks like return-oriented programming. The detailed performance analysis of our prototype implementation running on a Cortex-A15 development board with Android shows that the framework and the example application perform well even in adverse benchmarking scenarios. Therefore, the framework not only can be useful for realizing virtualization-based security mechanisms known and researched on x86 platforms for ARM, but also shows that the very lightweight ARM hardware virtualization support allows for new mechanisms relying on very frequent interaction with the hypervisor.

View
No Thumbnail Available
Publication

Safety & security testing of cooperative automotive systems

2018 , Seydel, Dominique , Weiß, Gereon , Pöhn, Daniela , Wessel, Sascha , Wenninger, Franz

Cooperative behavior of automated traffic participants is one next step towards the goals of reducing the number of traffic fatalities and optimizing traffic flow. The notification of a traffic participant's intentions and coordination of driving strategies increase the reaction time for safety functions and allow a foresighted maneuver planning. When developing cooperative applications, a higher design complexity has to be handled, as components are distributed over heterogeneous systems that interact with a varying timing behavior and less data confidence. In this paper, we present a solution for the development, simulation and validation of cooperative automotive systems together with an exemplary development flow for safety and security testing.

View
No Thumbnail Available
Publication

TransCrypt: Transparent main memory encryption using a minimal ARM hypervisor

2017 , Horsch, Julian , Huber, Manuel , Wessel, Sascha

Attacks on memory, revealing secrets, for example, via DMA or cold boot, are a long known problem. In this paper, we present TransCrypt, a concept for transparent and guest-agnostic, dynamic kernel and user main memory encryption using a custom minimal hypervisor. The concept utilizes the address translation features provided by hardware-based virtualization support of modern CPUs to restrict the guest to a small working set of recently accessed physical pages. The rest of the pages, which constitute the majority of memory, remain securely encrypted. Furthermore, we present a transparent and guest-agnostic mechanism for recognizing pages to be excluded from encryption to still ensure correct system functionality, for example, for pages shared with peripheral devices. The detailed evaluation using our fully functional prototype on an ARM Cortex-A15 development board running Android shows that TransCrypt is able to effectively protect secrets in memory while keeping the p erformance impact small. For example, the system is able to keep the E-mail account password of a typical user in the Android mail app's memory encrypted 98.99% of the time, while still reaching 81.7% and 99.8% of native performance in different benchmarks.

View
No Thumbnail Available
Publication

SobTra - A software-based trust anchor for ARM cortex application processors

2014 , Horsch, Julian , Wessel, Sascha , Stumpf, Frederic , Eckert, Claudia

In this paper, we present SobTrA, a Software-based Trust Anchor for ARM Cortex-A processors to protect systems against software-based attacks. SobTrA enables the implementation of a software-based secure boot controlled by a third party independent from the manufacturer. Compared to hardware-based trust anchors, our concept provides some other advantages like being updateable and also usable on legacy hardware. The presented software-based trust anchor involves a trusted third party device, the verifier, locally connected to the untrusted device, e.g., via the microSD card slot of a smartphone. The verifier is verifying the integrity of the untrusted device by making sure that a piece of code is executed untampered on it using a timing-based approach. This code can then act as an anchor for a chain of trust similar to a hardware-based secure boot. Tests on our prototype showed that tampered and untampered execution of SobTrA can be clearly and reliably distinguished.

View
No Thumbnail Available
Publication

A Rapid Innovation Framework for Connected Mobility Applications

2018 , Pöhn, Daniela , Wessel, Sascha , Fischer, Felix , Braunsdorf, Oliver , Wenninger, Franz , Seydel, Dominique , Weiß, Gereon , Roscher, Karsten , Freese-Wagner, Manuela

Connected Mobility Applications help to continuously improve traffic safety and efficiency. Today, much time and effort have to be invested to bring an idea into a safe prototype and to finally launch a reliable product.Software development tools have to adapt to these requirements. They have to support a rapid and continuous development process, that allows to test and validate the distributed application as one overall system. When developing cooperative applications, a higher design complexity has to be handled, as components are distributed over heterogeneous systems that interact with a varying timing behavior and less data confidence. Also, test and validation become more complex. Our Innovation Framework is intended to rapidly bring an idea for a connected application into a prototype so the investment risk for innovative applications is reduced. In this whitepaper we describe the approach of a Rapid InnovationTool Kit that is intended to speed up the development process for connected mobility applications. Thereby, a safe and secure prototype is available at an early development phase to gain experience within field tests that help to rapidly improve the intended application. Our software tool kit is able to find deviations from the specified behaviour and also it can instantly locate and identify erroneous functions within distributed systems. Extensive security tests can then be applied on the implemented application to ensure a secure operation. Another use case for the described testbed is to evaluate communication technologies and to find the most suitable transmission technology for a certain application. For example, short range communication with the 802.11p WLAN technology or the upcoming LTE enhancement LTE-V2X are comparable within specific scenarios. This evaluation can help to reduce the investment risk for the deployment of connected applications.

View
No Thumbnail Available
Publication

CoKey: Fast token-based cooperative cryptography

2016 , Horsch, Julian , Wessel, Sascha , Eckert, Claudia

Keys for symmetric cryptography are usually stored in RAM and therefore susceptible to various attacks, ranging from simple buffer overflows to leaks via cold boot, DMA or side channels. A common approach to mitigate such attacks is to move the keys to an external cryptographic token. For low-throughput applications like asymmetric signature generation, the performance of these tokens is sufficient. For symmetric, data-intensive use cases, like disk encryption on behalf of the host, the connecting interface to the token often is a serious bottleneck. In order to overcome this problem, we present CoKey, a novel concept for partially moving symmetric cryptography out of the host into a trusted detachable token. CoKey combines keys from both entities and securely encrypts initialization vectors on the token which are then used in the cryptographic operations on the host. This forces host and token to cooperate during the whole encryption and decryption process. Our concept strongly and efficiently binds encrypted data on the host to the specific token used for their encryption, while still allowing for fast operation. We implemented the concept using Linux hosts and the USB armory, a USB thumb drive sized ARM computer, as detachable crypto token. Our detailed performance evaluation shows that our prototype is easily fast enough even for data-intensive and performance-critical use cases like full disk encryption, thus effectively improving security for symmetric cryptography in a usable way.

View
No Thumbnail Available
Publication

TrustID: Trustworthy identities for untrusted mobile devices

2014 , Horsch, Julian , Böttinger, Konstantin , Weiß, Michael , Wessel, Sascha , Stumpf, Frederic

Identity theft has deep impacts in today's mobile ubiquitous environments. At the same time, digital identities are usually still protected by simple passwords or other insuficient security mechanisms. In this paper, we present the TrustID architecture and protocols to improve this situation. Our architecture utilizes a Secure Element (SE) to store multiple context-specific identities securely in a mobile device, e.g., a smartphone. We introduce protocols for securely deriving identities from a strong root identity into the SE inside the smartphone as well as for using the newly derived IDs. Both protocols do not require a trustworthy smartphone operating system or a Trusted Execution Environment. In order to achieve this, our concept includes a secure combined PIN entry mechanism for user authentication, which prevents attacks even on a malicious device. To show the feasibility of our approach, we implemented a prototype running on a Samsung Galaxy SIII smartphone utilizing a microSD card SE. The German identity card nPA is used as root identity to derive context-specific identities.

View