Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

1
Reset filters

Settings
Now showing 1 - 10 of 352
  • Publication
    Cybersecurity risk analysis of an automated driving system
    ( 2023-10-25)
    Wagner, Patrick orcid-logo
    ;
    Puch, Nikolai
    ;
    Emeis, David
    New laws and technologies, but also persistent problems like truck driver shortage, have led to advances in the field of autonomous driving and consequently to new cyber risks. We present the results of our cyber security risk analysis for a Control Center-supervised Level 4 Automated Driving System (ADS), whose system model we created through expert interviews with a global truck manufacturer. Example damage scenarios with high impact rating include Disclosure of video data, Loss of ADS function in motion, Dangerous driving maneuvers, and Activation outside of Operational Design Domain. We have identified over 200 threat scenarios, consisting of a combination of main attack steps that threaten specific parts of the item and preparation steps that determine how these parts are accessed and by which type of attacker. Without taking controls into account, the realization of these threat scenarios results in 65 significant risks. We propose to treat the threat scenarios, on the one hand, by claims concerning implementation-relevant aspects as Detection of system failure and security controls such as Authentic transmission of data. We conclude by detailing principles we have extracted from our analysis that can be applied to other cyber security risk analyses of automated driving systems.
  • Publication
    MANTRA: A Graph-based Unified Information Aggregation Foundation for Enhancing Cybersecurity Management in Critical Infrastructures
    ( 2023-06)
    Fuxen, Philipp
    ;
    Hackenberg, Rudolf
    ;
    Heinl, Michael orcid-logo
    ;
    Ross, Mirko
    ;
    Roßnagel, Heiko
    ;
    Schunck, Christian Heinrich
    ;
    Yahalom, Raphael
    The digitization of almost all sectors of life and the quickly growing complexity of interrelationships between actors in this digital world leads to a dramatically increasing attack surface regarding both direct and also indirect attacks over the supply chain. These supply chain attacks can have different characters, e.g., vulnerabilities and backdoors in hardware and software, illegitimate access by compromised service providers, or trust relationships to suppliers and customers exploited in the course of business email compromise. To address this challenge and create visibility along these supply chains, threat-related data needs to be rapidly exchanged and correlated over organizational borders. The publicly funded project MANTRA is meant to create a secure and resilient framework for real-time exchange of cyberattack patterns and automated, contextualized risk management. The novel graph-based approach provides benefits for automation regarding cybersecurity management, especially when it comes to prioritization of measures for risk reduction and during active defense against cyberattacks. In this paper, we outline MANTRA's scope, objectives, envisioned scientific approach, and challenges.
  • Publication
    CompaSeC: A Compiler-Assisted Security Countermeasure to Address Instruction Skip Fault Attacks on RISC-V
    ( 2023-01-31)
    Geier, Johannes
    ;
    Auer, Lukas orcid-logo
    ;
    Mueller-Gritschneder, Daniel
    ;
    Sharif, Uzair
    ;
    Schlichtmann, Ulf
    Fault-injection attacks are a risk for any computing system executing security-relevant tasks, such as a secure boot process. While hardware-based countermeasures to these invasive attacks have been found to be a suitable option, they have to be implemented via hardware extensions and are thus not available in most Commonly used Off-The-Shelf (COTS) components. Software Implemented Hardware Fault Tolerance (SIHFT) is therefore the only valid option to enhance a COTS system’s resilience against fault attacks. Established SIHFT techniques usually target the detection of random hardware errors for functional safety and not targeted attacks. Using the example of a secure boot system running on a RISC-V processor, in this work we first show that when the software is hardened by these existing techniques from the safety domain, the number of vulnerabilities in the boot process to single, double, triple, and quadruple instruction skips cannot be fully closed. We extend these techniques to the security domain and propose Compiler-assisted Security Countermeasure (CompaSeC). We demonstrate that CompaSeC can close all vulnerabilities for the studied secure boot system. To further reduce performance and memory overheads we additionally propose a method for CompaSeC to selectively harden individual vulnerable functions without compromising the security against the considered instruction skip faults.
  • Publication
    A more User-Friendly Digital Wallet?
    ( 2023)
    Krauß, Anna-Magdalena
    ;
    Kostic, Sandra
    ;
    Sellung, Rachelle
    Identity wallets enable the management and use of digital identities and verification documents stored in one app. Users manage their data independently and decide for themselves which data they want to disclose for identification purposes. Recent research shows that current digital wallets face many usability problems, which makes it difficult for users to grasp their concept and how to use them. This paper presents an enhanced concept of a wallet, where its functionality is presented with user scenarios that have a user centric approach. The user scenarios illustrate a variety of possible uses of the wallet. For example, the new wallet concept envisions, how data can be transferred from one wallet to another person's wallet, how data can be managed by different people in one wallet, or how only individual pieces of information from credentials can be shared to maintain greater privacy for users.
  • Publication
    CryptSan: Leveraging ARM Pointer Authentication for Memory Safety in C/C++
    ( 2023)
    Hohentanner, Konrad
    ;
    Zieris, Philipp
    ;
    Horsch, Julian
    Memory safety bugs remain in the top ranks of security vulnerabilities, even after decades of research on their detection and prevention. Various mitigations have been proposed for C/C++, ranging from language dialects to instrumentation. Among these, compiler-based instrumentation is particularly promising, not requiring manual code modifications and being able to achieve precise memory safety. Unfortunately, existing compiler-based solutions compromise in many areas, including performance but also usability and memory safety guarantees. New developments in hardware can help improve performance and security of compiler-based memory safety. ARM Pointer Authentication, added in the ARMv8.3 architecture, is intended to enable hardware-assisted Control Flow Integrity (CFI). But since its operations are generic, it also enables other, more comprehensive hardware-supported runtime integrity approaches. As such, we propose CryptSan, a memory safety approach based on ARM Pointer Authentication. CryptSan uses pointer signatures to retrofit memory safety to C/C++ programs, protecting heap, stack, and globals against temporal and spatial vulnerabilities. We present a full LLVM-based prototype implementation, running on an M1 MacBook Pro, i.e., on actual ARMv8.3 hardware. Our prototype evaluation shows that the system outperforms similar approaches under real-world conditions. This, together with its interoperability with uninstrumented libraries and cryptographic protection against attacks on metadata, makes CryptSan a viable solution for retrofitting memory safety to C/C++ programs.
  • Publication
    R2-AD2: Detecting Anomalies by Analysing the Raw Gradient
    ( 2023)
    Schulze, Jan-Philipp
    ;
    Sperl, Philip
    ;
    Răduțoiu, Ana Teodora
    ;
    Sagebiel, Carla
    ;
    Böttinger, Konstantin
    Neural networks follow a gradient-based learning scheme, adapting their mapping parameters by back-propagating the output loss. Samples unlike the ones seen during training cause a different gradient distribution. Based on this intuition, we design a novel semi-supervised anomaly detection method called R2-AD2. By analysing the temporal distribution of the gradient over multiple training steps, we reliably detect point anomalies in strict semi-supervised settings. Instead of domain dependent features, we input the raw gradient caused by the sample under test to an end-to-end recurrent neural network architecture. R2-AD2 works in a purely data-driven way, thus is readily applicable in a variety of important use cases of anomaly detection.
  • Publication
    HWASanIO: Detecting C/C++ Intra-object Overflows with Memory Shading
    ( 2023)
    Hohentanner, Konrad
    ;
    Kasten, Florian Maximilian
    ;
    Auer, Lukas orcid-logo
    C/C++ are often used in high-performance areas with critical security demands, such as operating systems, browsers, and libraries. One major drawback from a security standpoint is their susceptibility to memory bugs, which are often hard to spot during development. A possible solution is the deployment of a memory safety framework such as the memory tagging framework Hardware-Assisted AddressSanitizer (HWASan). The dynamic analysis tool instruments object allocations and inserts additional check logic to detect memory violations during runtime. A current limitation of memory tagging is its inability to detect intra-object memory violations i.e., over-and underflows between fields and members of structs and classes. This work addresses the issue by applying the concept of memory shading to memory tagging. We then present HWASanIO, a HWASan-based sanitizer implementing the memory shading concept to detect intra-object violations. Our evaluation shows that this increases the bug detection rate from 85.4% to 100% in the memory corruptions test cases of the Juliet Test Suite while maintaining high interoperability with existing C/C++ code.
  • Publication
    Post-quantum Security for the Extended Access Control Protocol
    ( 2023)
    Fischlin, Marc
    ;
    Heyden, Jonas von der
    ;
    Margraf, Marian
    ;
    Morgner, Frank
    ;
    Wallner, Andreas
    ;
    Bock, Holger
    The Extended Access Control (EAC) protocol for authenticated key agreement is mainly used to secure connections between machine-readable travel documents (MRTDs) and inspection terminals, but it can also be adopted as a universal solution for attribute-based access control with smart cards. The security of EAC is currently based on the Diffie-Hellman problem, which may not be hard when considering quantum computers. In this work we present PQ-EAC, a quantum-resistant version of the EAC protocol. We show how to achieve post-quantum confidentiality and authentication without sacrificing real-world usability on smart cards. To ease adoption, we present two main versions of PQ-EAC: One that uses signatures for authentication and one where authentication is facilitated using long-term KEM keys. Both versions can be adapted to achieve forward secrecy and to reduce round complexity. To ensure backwards-compatibility, PQ-EAC can be implemented using only Application Protocol Data Units (APDUs) specified for EAC in standard BSI TR-03110. Merely the protocol messages needed to achieve forward secrecy require an additional APDU not specified in TR-03110. We prove security of all versions in the real-or-random model of Bellare and Rogaway. To show real-world practicality of PQ-EAC we have implemented a version using signatures on an ARM SC300 security controller, which is typically deployed in MRTDs. We also implemented PQ-EAC on a VISOCORE® terminal for border control. We then conducted several experiments to evaluate the performance of PQ-EAC executed between chip and terminal under various real-world conditions. Our results strongly suggest that PQ-EAC is efficient enough for use in border control.
  • Publication
    Structured Design and Evaluation of a Resistor-Based PUF Robust Against PVT-Variations
    ( 2023)
    Riehm, Carl
    ;
    Frisch, Christoph
    ;
    Burcea, Florin
    ;
    Hiller, Matthias
    ;
    Pehl, Michael
    ;
    Brederlow, Ralf
    This paper proposes a new fully CMOS-compatible PUF primitive robust against process variations, supply voltage variations and temperature drift (PVT) based on resistive structures that implements advanced compensation mechanisms already on circuit level. Based on analog simulation data, the PUF is evaluated regarding its unpredictability and its reliability. The results indicate a high quality. Further, a structured approach for designing a suitable error correction is presented to illustrate the whole PUF system.
  • Publication
    Quantum-Resistant MACsec and IPsec for Virtual Private Networks
    ( 2023)
    Gazdag, Stefan-Lukas
    ;
    Grundner-Culemann, Sophia
    ;
    Heider, Tobias
    ;
    Herzinger, Daniel
    ;
    Schärtl, Felix
    ;
    Cho, Joo Yeon
    ;
    Guggemos, Tobias
    ;
    Loebenberger, Daniel
    Despite considerable progress in theoretical post-quantum cryptography we have yet to see significant advances in its practical adoption. The necessary protocol modifications need to be identified, implemented and tested; good solutions need to be standardized and finally adopted in the real world. This work executes the first steps needed to standardize quantum-proof Virtual Private Networks (VPNs) on Layers 2 and 3 of the OSI model employing the MACsec/MKA and IPsec/IKEv2 protocols, respectively. We identify requirements and assemble a list of ideal features, discuss difficulties and possible solutions, point out our standardization efforts, and provide the results of some sample implementations for both layers.