Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

2 2 1
Reset filters

Settings
Now showing 1 - 10 of 27
No Thumbnail Available
Publication

A Comparative Security Analysis of the German Federal Postal Voting Process

2021 , Heinl, Michael , Gölz, Simon , Bösch, Christoph

The percentage of votes cast by postal voting increases with every election for the German federal parliament (Bundestag). However, especially compared to Internet voting, concerns regarding security, transparency, and trustworthiness of postal voting are rarely discussed. This paper outlines the established process of postal voting in Germany and evaluates it with regard to various security-relevant characteristics. For this evaluation, a methodology originally developed for Internet voting is used in order to ensure comparability. The aim is to identify weaknesses as well as potential for optimization, to compare German postal voting with selected Internet voting schemes, and to derive implications for policy and further research.

View
No Thumbnail Available
Publication

Leveraging Edge Computing and Differential Privacy to Securely Enable Industrial Cloud Collaboration Along the Value Chain

2021 , Giehl, Alexander , Heinl, Michael , Busch, Maximilian

Big data continues to grow in the manufacturing domain due to increasing interconnectivity on the shop floor in the course of the fourth industrial revolution. The optimization of machines based on either real-time or historical machine data provides benefits to both machine producers and operators. In order to be able to make use of these opportunities, it is necessary to access the machine data, which can include sensitive information such as intellectual property. Employing the use case of machine tools, this paper presents a solution enabling industrial data sharing and cloud collaboration while protecting sensitive information. It employs the edge computing paradigm to apply differential privacy to machine data in order to protect sensitive information and simultaneously allow machine producers to perform the necessary calculations and analyses using this data.

View
No Thumbnail Available
Publication

AntiPatterns Regarding the Application of Cryptographic Primitives by the Example of Ransomware

2020 , Heinl, Michael , Giehl, Alexander , Graif, Lukas

Cryptographic primitives are the basic building blocks for many cryptographic schemes and protocols. Implementing them incorrectly can lead to flaws, making a system or a product vulnerable to various attacks. As shown in the present paper, this statement also applies to ransomware. The paper surveys common errors occurring during the implementation of cryptographic primitives. Based on already existing research, it establishes a categorization framework to match selected ransomware samples by their respective vulnerabilities and assign them to the corresponding error categories. Subsequently, AntiPatterns are derived from the extracted error categories. These AntiPatterns are meant to support the field of software development by helping to detect and correct errors early during the implementation phase of cryptography.

View
No Thumbnail Available
Publication

Integrating security evaluations into virtual commissioning

2020 , Giehl, Alexander , Wiedermann, Norbert , Tayebi Gholamzadeh, Makan , Eckert, Claudia

Virtual commissioning is an important part of modern plant and factory organization. Research in this area focuses on safety, reliability, liveness, and repeatability. Security evaluations are currently not considered in virtual commissioning research and applications. Vulnerabilities in controller software and in the implementation of industrial equipment are receiving increased attention from attackers and cyber criminals. This is due to the rapidly advancing interconnection in modern, digital factories. This increase of the possible attack surface needs to be addressed as a part of comprehensive risk analysis within the domain of Industrie 4.0.Virtual commissioning, as an established process, is well-suited to address this lack of security evaluation. In this work, we propose a conceptual architecture for a simulation testbed that can be integrated in the virtual commissioning toolchain and show how to model and evaluate industrial equipment.

View
No Thumbnail Available
Publication

GAIA-X and IDS

2021 , Otto, Boris , Rubina, Alina , Eitel, Andreas , Teuscher, Andreas , Schleimer, Anna Maria , Lange, Christoph , Stingl, Dominik , Loukipoudis, Evgueni , Brost, Gerd , Boege, Gernot , Pettenpohl, Heinrich , Langkau, Jörg , Gelhaar, Joshua , Mitani, Koki , Hupperz, Marius , Huber, Monika , Jahnke, Nils , Brandstädter, Robin , Wessel, Sascha , Bader, Sebastian

View
No Thumbnail Available
Publication

Exploiting Interfaces of Secure Encrypted Virtual Machines

2020 , Radev, Martin , Morbitzer, Mathias

Cloud computing is a convenient model for processing data remotely. However, users must trust their cloud provider with the confidentiality and integrity of the stored and processed data. To increase the protection of virtual machines, AMD introduced SEV, a hardware feature which aims to protect code and data in a virtual machine. This allows to store and process sensitive data in cloud environments without the need to trust the cloud provider or the underlying software. However, the virtual machine still depends on the hypervisor for performing certain activities, such as the emulation of special CPU instructions, or the emulation of devices. Yet, most code that runs in virtual machines was not written with an attacker model which considers the hypervisor as malicious. In this work, we introduce a new class of attacks in which a malicious hypervisor manipulates external interfaces of an SEV or SEV-ES virtual machine to make it act against its own interests. We start by showing how we can make use of virtual devices to extract encryption keys and secret data of a virtual machine. We then show how we can reduce the entropy of probabilistic kernel defenses in the virtual machine by carefully manipulating the results of the CPUID and RDTSC instructions. We continue by showing an approach for secret data exfiltration and code injection based on the forgery of MMIO regions over the VM's address space. Finally, we show another attack which forces decryption of the VM's stack and uses Return Oriented Programming to execute arbitrary code inside the VM. While our approach is also applicable to traditional virtualization environments, its severity significantly increases with the attacker model of SEV-ES, which aims to protect a virtual machine from a benign but vulnerable hypervisor.

View
No Thumbnail Available
Publication

Automating Security Risk and Requirements Management for Cyber-Physical Systems

2020 , Hansch, Gerhard

Cyber-Physical Systems enable various modern use cases and business models such as connected vehicles, the Smart (power) Grid, or the Industrial Internet of Things. Their key characteristics, complexity, heterogeneity, and longevity make the long-term protection of these systems a demanding but indispensable task. In the physical world, the laws of physics provide a constant scope for risks and their treatment. In cyberspace, on the other hand, there is no such constant to counteract the erosion of security features. As a result, existing security risks can constantly change and new ones can arise. To prevent damage caused by malicious acts, it is necessary to identify high and unknown risks early and counter them appropriately. Considering the numerous dynamic security-relevant factors re quires a new level of automation in the management of security risks and requirements, which goes beyond the current state of the art. Only in this way can an appropriate, comprehensive, and consistent level of security be achieved in the long term. This work addresses the pressing lack of an automation methodology for the security-risk assessment as well as the generation and management of security requirements for Cyber-Physical Systems. The presented framework accordingly comprises three components: (1) a model-based security risk assessment methodology, (2) methods to unify, deduce and manage security requirements, and (3) a set of tools and procedures to detect and respond to security-relevant situations. The need for protection and the appropriate rigor are determined and evaluated by the security risk assessment using graphs and a security-specific modeling. Based on the model and the assessed risks, well-founded security requirements for protecting the overall system and its functionality are systematically derived and formulated in a uniform, machine-readable structure. This machine-readable structure makes it possible to propagate security requirements automatically along the supply chain. Furthermore, they enable the efficient reconciliation of present capabilities with external security requirements from regulations, processes, and business partners. Despite all measures taken, there is always a slight risk of compromise, which requires an appropriate response. This residual risk is addressed by tools and processes that improve the local and large-scale detection, classification, and correlation of incidents. Integrating the findings from such incidents into the model often leads to updated assessments, new requirements, and improves further analyses. Finally, the presented framework is demonstrated by a recent application example from the automotive domain.

View
No Thumbnail Available
Publication

Chosen Ciphertext k-Trace Attacks on Masked CCA2 Secure Kyber

2021 , Hamburg, Mike , Hermelink, Julius , Primas, Robert , Samardjiska, Simona , Schamberger, Thomas , Streit, Silvan , Strieder, Emanuele , Vredendaal, Christine van

Single-trace attacks are a considerable threat to implementations of classic public-key schemes, and their implications on newer lattice-based schemes are still not well understood. Two recent works have presented successful single-trace attacks targeting the Number Theoretic Transform (NTT), which is at the heart of many lattice-based schemes. However, these attacks either require a quite powerful side-channel adversary or are restricted to specific scenarios such as the encryption of ephemeral secrets. It is still an open question if such attacks can be performed by simpler adversaries while targeting more common public-key scenarios. In this paper, we answer this question positively. First, we present a method for crafting ring/module-LWE ciphertexts that result in sparse polynomials at the input of inverse NTT computations, independent of the used private key. We then demonstrate how this sparseness can be incorporated into a side-channel attack, thereby significantly improving noise resistance of the attack compared to previous works. The effectiveness of our attack is shown on the use-case of CCA2 secure Kyber k-module-LWE, where k ∈ {2, 3, 4}. Our k-trace attack on the long-term secret can handle noise up to a s < 1.2 in the noisy Hamming weight leakage model, also for masked implementations. A 2k-trace variant for Kyber1024 even allows noise s < 2.2 also in the masked case, with more traces allowing us to recover keys up to s < 2.7. Single-trace attack variants have a noise tolerance depending on the Kyber parameter set, ranging from s < 0.5 to s < 0.7. As a comparison, similar previous attacks in the masked setting were only successful with s < 0.5.

View
No Thumbnail Available
Publication

Sicherheitsaspekte der Plattform ScaleIT im Kontext von DigitalTWIN

2020 , Wester, Hannah , Heinl, Michael , Schneider, Peter

View
No Thumbnail Available
Publication

Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers

2020 , Unterstein, Florian , Schink, Marc , Schamberger, Thomas , Tebelmann, Lars , Ilg, Manuel , Heyszl, Johann

The security of Internet of Things (IoT) devices relies on fundamental concepts such as cryptographically protected firmware updates. In this context attackers usually have physical access to a device and therefore side-channel attacks have to be considered. This makes the protection of required cryptographic keys and implementations challenging, especially for commercial off-the-shelf (COTS) microcontrollers that typically have no hardware countermeasures. In this work, we demonstrate how unprotected hardware AES engines of COTS microcontrollers can be efficiently protected against side-channel attacks by constructing a leakage resilient pseudo random function (LR-PRF). Using this side-channel protected building block, we implement a leakage resilient authenticated encryption with associated data (AEAD) scheme that enables secured firmware updates. We use concepts from leakage resilience to retrofit side-channel protection on unprotected hardware AES engines by means of software-only modifications. The LR-PRF construction leverages frequent key changes and low data complexity together with key dependent noise from parallel hardware to protect against side-channel attacks. Contrary to most other protection mechanisms such as time-based hiding, no additional true randomness is required. Our concept relies on parallel S-boxes in the AES hardware implementation, a feature that is fortunately present in many microcontrollers as a measure to increase performance. In a case study, we implement the protected AEAD scheme for two popular ARM Cortex-M microcontrollers with differing parallelism. We evaluate the protection capabilities in realistic IoT attack scenarios, where non-invasive EM probes or power consumption measurements are employed by the attacker. We show that the concept provides the side-channel hardening that is required for the long-term security of IoT devices.

View