1 - 10 of 24
-
PublicationA Comparative Security Analysis of the German Federal Postal Voting Process( 2021)
-
PublicationSecurity Concept with Distributed Trust-Levels for Autonomous Cooperative Vehicle Networks( 2021)The newly proposed cooperative intelligent transportation system (cITS) is a big step towards completely autonomous driving. It is a key requirement for vehicles to exchange crucial information. Only with exchanged data, such as hazard warnings or route planning each vehicle will have enough information to find its way without a driver. However, this data has to be authentic and trustworthy, since it will directly influence the behavior of every vehicle inside such a network. For authentic messages, public key infrastructure (PKI)-based asymmetric cryptography mechanisms were already proposed by different organizations, such as the European Telecommunications Standards Institute (ETSI). The second crucial information of trustworthiness is still missing. In this paper, a new security concept is presented, which introduces a trust-level for each vehicle to enable an assessment, whether data is trustworthy or not. Besides, a Pretty Good Privacy (PGP)-inspired certificate administration is proposed to manage the certificates and their affiliated trust-level. The new concept mitigates sybil attacks and increases the speed of data processing inside vehicles.
-
PublicationLeveraging Edge Computing and Differential Privacy to Securely Enable Industrial Cloud Collaboration Along the Value Chain( 2021)
-
PublicationExploiting Interfaces of Secure Encrypted Virtual Machines( 2020)Cloud computing is a convenient model for processing data remotely. However, users must trust their cloud provider with the confidentiality and integrity of the stored and processed data. To increase the protection of virtual machines, AMD introduced SEV, a hardware feature which aims to protect code and data in a virtual machine. This allows to store and process sensitive data in cloud environments without the need to trust the cloud provider or the underlying software. However, the virtual machine still depends on the hypervisor for performing certain activities, such as the emulation of special CPU instructions, or the emulation of devices. Yet, most code that runs in virtual machines was not written with an attacker model which considers the hypervisor as malicious. In this work, we introduce a new class of attacks in which a malicious hypervisor manipulates external interfaces of an SEV or SEV-ES virtual machine to make it act against its own interests. We start by showing how we can make use of virtual devices to extract encryption keys and secret data of a virtual machine. We then show how we can reduce the entropy of probabilistic kernel defenses in the virtual machine by carefully manipulating the results of the CPUID and RDTSC instructions. We continue by showing an approach for secret data exfiltration and code injection based on the forgery of MMIO regions over the VM's address space. Finally, we show another attack which forces decryption of the VM's stack and uses Return Oriented Programming to execute arbitrary code inside the VM. While our approach is also applicable to traditional virtualization environments, its severity significantly increases with the attacker model of SEV-ES, which aims to protect a virtual machine from a benign but vulnerable hypervisor.
-
PublicationAntiPatterns Regarding the Application of Cryptographic Primitives by the Example of Ransomware( 2020)
-
PublicationIntegrating security evaluations into virtual commissioning( 2020)Virtual commissioning is an important part of modern plant and factory organization. Research in this area focuses on safety, reliability, liveness, and repeatability. Security evaluations are currently not considered in virtual commissioning research and applications. Vulnerabilities in controller software and in the implementation of industrial equipment are receiving increased attention from attackers and cyber criminals. This is due to the rapidly advancing interconnection in modern, digital factories. This increase of the possible attack surface needs to be addressed as a part of comprehensive risk analysis within the domain of Industrie 4.0.Virtual commissioning, as an established process, is well-suited to address this lack of security evaluation. In this work, we propose a conceptual architecture for a simulation testbed that can be integrated in the virtual commissioning toolchain and show how to model and evaluate industrial equipment.
-
PublicationTaking a Look into Execute-Only Memory( 2019)The development process of microcontroller firmware often involves multiple parties. In such a scenario, the Intellectual Property (IP) is not protected against adversarial developers which have unrestricted access to the firmware binary. For this reason, microcontroller manufacturers integrate eXecute-Only Memory (XOM) which shall prevent an unauthorized read-out of third-party firmware during development. The concept allows execution of code but disallows any read access to it. Our security analysis shows that this concept is insufficient for firmware protection due to the use of shared resources such as the CPU and SRAM. We present a method to infer instructions from observed state transitions in shared hardware. We demonstrate our method via an automatic recovery of protected firmware. We successfully performed experiments on devices from different manufacturers to confirm the practicability of our attack. Our research also reveals implementation flaws in some of the analyzed devices which enables an adversary to bypass the read-out restrictions. Altogether, the paper shows the insufficient security of the XOM concept as well as several implementations.
-
PublicationEdge-computing enhanced privacy protection for industrial ecosystems in the context of SMEs( 2019)The ongoing transformation of the manufacturing landscape introduces new business opportunities for enterprises but also brings new challenges with it. Especially small- and medium-sized companies (SMEs) require an increasing effort to stay competitive. Data produced on the shop-floor can be harnessed to conduct analyses useful to plant operators, e.g., for optimization of production capabilities or for increasing plant security. Therefore, we propose a privacy-preserving edge computing architecture to facilitate a platform for utilizing such applications. Our approach is motivated by requirements from SMEs in Germany, e.g., protection of intellectual property, and employs suitable privacy models. We demonstrate the viability of the proposed framework by evaluation of uses cases for machine chatter optimization and anomaly detection within plants.
-
PublicationSide-Channel Aware Fuzzing( 2019)Software testing is becoming a critical part of the development cycle of embedded devices, enabling vulnerability detection. A well-studied approach of software testing is fuzz-testing (fuzzing), during which mutated input is sent to an input-processing software while its behavior is monitored. The goal is to identify faulty states in the program, triggered by malformed inputs. Even though this technique is widely performed, fuzzing cannot be applied to embedded devices to its full extent. Due to the lack of adequately powerful I/O capabilities or an operating system the feedback needed for fuzzing cannot be acquired. In this paper we present and evaluate a new approach to extract feedback for fuzzing on embedded devices using information the power consumption leaks. Side-channel aware fuzzing is a threefold process that is initiated by sending an input to a target device and measuring its power consumption. First, we extract features from the power traces of the target device using machine learning algorithms. Subsequently, we use the features to reconstruct the code structure of the analyzed firmware. In the final step we calculate a score for the input, which is proportional to the code coverage. We carry out our proof of concept by fuzzing synthetic software and a light-weight AES implementation running on an ARM Cortex-M4 microcontroller. Our results show that the power side-channel carries information relevant for fuzzing.
-
PublicationMERCAT: A Metric for the Evaluation and Reconsideration of Certificate Authority Trustworthiness( 2019)
