Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

1
Reset filters

Settings
Now showing 1 - 10 of 489
No Thumbnail Available
Publication

GRAIN - Truly Privacy-friendly and Self-sovereign Trust Establishment with GNS and TRAIN

2024 , Schanzenbach, Martin , Nadler, Sebastian , Johnson Jeyakumar, Isaac Henderson

Robust and secure trust establishment is an open problem in the domain of self-sovereign identities (SSI). The TRAIN [KR21] concept proposes to leverage the security guarantees and trust anchor of the DNS to publish and resolve pointers to trust lists from DNS. While the DNS is a corner stone of the Internet, its continued use is primarily a consequence of inertia due to its crucial function as the address discovery system for existing Internet services. Research and development in the area of SSI is — for the most part — green field. The choice of DNS as a core building block appears fainthearted given its open security issues. Recently, the IETF paved the way to experiment with alternative name systems in real world deployments by reserving the special-use top-level domain ".alt" in the domain name space [KH23]. This allows us to use alternative name systems such as the GNU Name System (GNS) [SGF23a] without intruding into the domain name space reserved for DNS. In this paper, we show how we can use the GNS as a drop-in replacement for DNS in TRAIN. We show how TRAIN-over-GNS (GRAIN) can deliver security and privacy improvements the security concept of TRAIN-over DNS and show that it is practically feasible with limited modifications of existing software stacks.

View
No Thumbnail Available
Publication

MANTRA: A Graph-based Unified Information Aggregation Foundation for Enhancing Cybersecurity Management in Critical Infrastructures

2023-06 , Fuxen, Philipp , Hackenberg, Rudolf , Heinl, Michael , Ross, Mirko , Roßnagel, Heiko , Schunck, Christian Heinrich , Yahalom, Raphael

The digitization of almost all sectors of life and the quickly growing complexity of interrelationships between actors in this digital world leads to a dramatically increasing attack surface regarding both direct and also indirect attacks over the supply chain. These supply chain attacks can have different characters, e.g., vulnerabilities and backdoors in hardware and software, illegitimate access by compromised service providers, or trust relationships to suppliers and customers exploited in the course of business email compromise. To address this challenge and create visibility along these supply chains, threat-related data needs to be rapidly exchanged and correlated over organizational borders. The publicly funded project MANTRA is meant to create a secure and resilient framework for real-time exchange of cyberattack patterns and automated, contextualized risk management. The novel graph-based approach provides benefits for automation regarding cybersecurity management, especially when it comes to prioritization of measures for risk reduction and during active defense against cyberattacks. In this paper, we outline MANTRA's scope, objectives, envisioned scientific approach, and challenges.

View
No Thumbnail Available
Publication

Ist das die Wallet der Zukunft?

2023 , Krauß, Anna-Magdalena , Sellung, Rachelle , Kostic, Sandra

Heutzutage werden digitale Identitäten oft unsicher umgesetzt und sind mit der Erstellung von vielen unterschiedlichen Accounts durch Nutzende verbunden. Das soll langfristig durch die Nutzung sogenannter Digital Identity Wallets verbessert werden. Diese Wallets ermöglichen die Verwaltung und Nutzung von digitalen Identitäten sowie Nachweisdokumenten. Dazu gehören unter anderem Nachweise wie der Führerschein, der Bibliotheksausweis oder auch Flugtickets. Alle diese Daten können gemeinsam in einer Wallet-App auf den Endgeräten der Nutzenden gespeichert werden. Die Nutzenden verwalten ihre Daten eigenständig und entscheiden selbst darüber, welche und wie viele Daten sie über sich preisgeben wollen.Aktuelle Forschungen zeigen allerdings, dass die bisher entwickelten Wallets Usability-Probleme aufweisen, sodass Nutzende nur schwer das Konzept dieser Wallets greifen können. Zudem weisen heutige digitale Dienstleistungen zahlreiche Hürden auf, welche den Einsatz von digitalen Identitäten erschweren.In diesem Beitrag wird basierend auf einer Wallet-Analyse und User-Experience-Anforderungen ein Konzeptvorschlag für eine nutzungsfreundlichere Wallet vorgestellt, bei der die Nutzenden im Mittelpunkt stehen. So sieht dieses Konzept einen umfangreicheren Funktionsumfang im Vergleich zu aktuellen Wallet Umsetzungen vor, mit dem Ziel die Wallet stärker den Bedürfnissen der Nutzenden anzupassen. Darunter fallen Funktionen wie die Kommunikation zwischen Wallet und Dienstanbieter ohne die Notwendigkeit des Teilens von Kontaktdaten, die Option der Dauervollmachten zur Freigabe von Daten, die Möglichkeit der Verwaltung von Daten in Vertretung anderer Personen sowie die Organisation der eigenen Daten.

View
No Thumbnail Available
Publication

Universal Remote Attestation for Cloud and Edge Platforms

2023 , Ott, Simon , Kamhuber, Monika , Pecholt, Joana , Wessel, Sascha

With more computing workloads being shifted to the cloud, verifying the integrity of remote software stacks through remote attestation becomes an increasingly important topic. During remote attestation, a prover provides attestation evidence to a verifier, backed by a hardware trust anchor. While generating this information, which is essentially a list of hashes, is easy, examining the trustworthiness of the overall platform based on the provided list of hashes without context is difficult. Furthermore, as different trust anchors use different formats, interaction between devices using different attestation technologies is a complex problem. To address this problem, we propose a universal, hardware-agnostic device-identity and attestation framework. Our framework focuses on easing attestation by having provers present meaningful metadata to verify the integrity of the attestation evidence. We implemented and evaluated the framework for Trusted Platform Modules (TPM), AMD SEV-SNP attestation, and ARM PSA Entity Attestation Tokens (EATs).

View
No Thumbnail Available
Publication

Uniform instruction set extensions for multiplications in contemporary and post-quantum cryptography

2024 , Oberhansl, Felix Fritz , Fritzmann, Tim , Pöppelmann, Thomas , Basu Roy, Debapriya , Sigl, Georg

Hybrid key encapsulation is in the process of becoming the de-facto standard for integration of post-quantum cryptography (PQC). Supporting two cryptographic primitives is a challenging task for constrained embedded systems. Both contemporary cryptography based on elliptic curves or RSA and PQC based on lattices require costly multiplications. Recent works have shown how to implement lattice-based cryptography on big-integer coprocessors. We propose a novel hardware design that natively supports the multiplication of polynomials and big integers, integrate it into a RISC-V core, and extend the RISC-V ISA accordingly. We provide an implementation of Saber and X25519 to demonstrate that both lattice- and elliptic-curve-based cryptography benefits from our extension. Our implementation requires only intermediate logic overhead, while significantly outperforming optimized ARM Cortex M4 implementations, other hardware/software codesigns, and designs that rely on contemporary accelerators.

View
No Thumbnail Available
Publication

Cybersicherheit für kritische Infrastrukturen

2023-02 , Giehl, Alexander , Heinl, Michael

View
No Thumbnail Available
Publication

Security Risk Assessments: Modeling and Risk Level Propagation

2023 , Angermeier, Daniel , Wester, Hannah , Beilke, Kristian , Hansch, Gerhard , Eichler, Jörn

Security risk assessment is an important task in systems engineering. It is used to derive security requirements for a secure system design and to evaluate design alternatives as well as vulnerabilities. Security risk assessment is also a complex and interdisciplinary task, where experts from the application domain and the security domain have to collaborate and understand each other. Automated and tool-supported approaches are desired to help manage the complexity. However, the models used for system engineering usually focus on functional behavior and lack security-related aspects. Therefore, we present our modeling approach that alleviates communication between the involved experts and features steps of computer-aided modeling to achieve consistency and avoid omission errors. We demonstrate our approach with an example. We also describe how to model impact rating and attack feasibility estimation in a modular fashion, along with the propagation and aggregation of these estimations through the model. As a result, experts can make local decisions or changes in the model, which in turn provides the impact of these decisions or changes on the overall risk profile. Finally, we discuss the advantages of our model-based method.

View
No Thumbnail Available
Publication

Cybersecurity risk analysis of an automated driving system

2023-10-25 , Wagner, Patrick , Puch, Nikolai , Emeis, David

New laws and technologies, but also persistent problems like truck driver shortage, have led to advances in the field of autonomous driving and consequently to new cyber risks. We present the results of our cyber security risk analysis for a Control Center-supervised Level 4 Automated Driving System (ADS), whose system model we created through expert interviews with a global truck manufacturer. Example damage scenarios with high impact rating include Disclosure of video data, Loss of ADS function in motion, Dangerous driving maneuvers, and Activation outside of Operational Design Domain. We have identified over 200 threat scenarios, consisting of a combination of main attack steps that threaten specific parts of the item and preparation steps that determine how these parts are accessed and by which type of attacker. Without taking controls into account, the realization of these threat scenarios results in 65 significant risks. We propose to treat the threat scenarios, on the one hand, by claims concerning implementation-relevant aspects as Detection of system failure and security controls such as Authentic transmission of data. We conclude by detailing principles we have extracted from our analysis that can be applied to other cyber security risk analyses of automated driving systems.

View
No Thumbnail Available
Publication

CompaSeC: A Compiler-Assisted Security Countermeasure to Address Instruction Skip Fault Attacks on RISC-V

2023-01-31 , Geier, Johannes , Auer, Lukas , Mueller-Gritschneder, Daniel , Sharif, Uzair , Schlichtmann, Ulf

Fault-injection attacks are a risk for any computing system executing security-relevant tasks, such as a secure boot process. While hardware-based countermeasures to these invasive attacks have been found to be a suitable option, they have to be implemented via hardware extensions and are thus not available in most Commonly used Off-The-Shelf (COTS) components. Software Implemented Hardware Fault Tolerance (SIHFT) is therefore the only valid option to enhance a COTS system’s resilience against fault attacks. Established SIHFT techniques usually target the detection of random hardware errors for functional safety and not targeted attacks. Using the example of a secure boot system running on a RISC-V processor, in this work we first show that when the software is hardened by these existing techniques from the safety domain, the number of vulnerabilities in the boot process to single, double, triple, and quadruple instruction skips cannot be fully closed. We extend these techniques to the security domain and propose Compiler-assisted Security Countermeasure (CompaSeC). We demonstrate that CompaSeC can close all vulnerabilities for the studied secure boot system. To further reduce performance and memory overheads we additionally propose a method for CompaSeC to selectively harden individual vulnerable functions without compromising the security against the considered instruction skip faults.

View
No Thumbnail Available
Publication

Remote Electronic Voting in Uncontrolled Environments: A Classifying Survey

2023 , Heinl, Michael , Gölz, Simon , Bösch, Christoph

Remote electronic voting, often called online or Internet voting, has been subject to research for the last four decades. It is regularly discussed in public debates, especially in the context of enabling voters to conveniently cast their ballot from home using their personal devices. Since these devices are not under the control of the electoral authority and could be potentially compromised, this setting is referred to as an "uncontrolled environment" for which special security assumptions have to be considered. This paper employs general election principles to derive cryptographic, technical, and organizational requirements for remote electronic voting. Based on these requirements, we have extended an existing methodology to assess online voting schemes and develop a corresponding reference attacker model to support the preparation of tailored protection profiles for different levels of elections. After presenting a broad survey of different voting schemes, we use this methodology to assess and classify those schemes comparatively by leveraging four election-specific attacker models.

View