Now showing 1 - 10 of 321
  • Publication
    Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC
    ( 2022)
    Gross, M.
    ;
    Jacob, N.
    ;
    Zankl, A.
    ;
    Sigl, G.
    FPGA-SoCs are heterogeneous embedded computing platforms consisting of reconfigurable hardware and high-performance processing units. This combination offers flexibility and good performance for the design of embedded systems. However, allowing the sharing of resources between an FPGA and an embedded CPU enables possible attacks from one system on the other. This work demonstrates that a malicious hardware block contained inside the reconfigurable logic can manipulate the memory and peripherals of the CPU. Previous works have already considered direct memory access attacks from malicious logic on platforms containing no memory isolation mechanism. In this work, such attacks are investigated on a modern platform which contains state-of-the-art memory and peripherals isolation mechanisms. We demonstrate two attacks capable of compromising a Trusted Execution Environment based on ARM TrustZone and show a new attack capable of bypassing the secure boot configuration set by a device owner via the manipulation of Battery-Backed RAM and eFuses from malicious logic.
  • Publication
    Mobile Contactless Fingerprint Recognition: Implementation, Performance and Usability Aspects
    ( 2022)
    Priesnitz, J.
    ;
    Huesmann, R.
    ;
    Rathgeb, C.
    ;
    Buchmann, N.
    ;
    Busch, C.
    This work presents an automated contactless fingerprint recognition system for smart-phones. We provide a comprehensive description of the entire recognition pipeline and discuss important requirements for a fully automated capturing system. In addition, our implementation is made publicly available for research purposes. During a database acquisition, a total number of 1360 contactless and contact-based samples of 29 subjects are captured in two different environmental situations. Experiments on the acquired database show a comparable performance of our contactless scheme and the contact-based baseline scheme under constrained environmental influences. A comparative usability study on both capturing device types indicates that the majority of subjects prefer the contactless capturing method. Based on our experimental results, we analyze the impact of the current COVID-19 pandemic on fingerprint recognition systems. Finally, implementation aspects of contactless fingerp rint recognition are summarized.
  • Publication
    Sovereignly Donating Medical Data as a Patient: A Technical Approach
    Data is the new asset of the 21st century, and many new business models are based on data. However, data is also needed in the medical research domain, such as in the procedure of applying new machine learning methods for gaining new medical findings. Furthermore, the hurdle arises that medical data comprises personal data, and thus, it requires particular care and protection. Hence, patients must consent to the data donation process for general medical research but without selecting specific research projects. We argue that patients must gain more influence in the data donation process to cover this lack of data sovereignty. Therefore, we developed a concept and implementation empowering patients to make sovereign decisions about donating their medical data to specific medical research projects. Our work comprises concepts of the Medical Informatics Initiative, International Data Spaces, and MY DATA Control Technologies with new specific elements combining these components. This approach of patient empowerment enables a new kind of data sovereignty in the medical research domain.
  • Publication
    Decentralized Identities for Self-sovereign End-users (DISSENS)
    ( 2021) ;
    Grothoff, Christian
    ;
    Wenger, Hansjürg
    ;
    This paper describes a comprehensive architecture and reference implementation for privacy-preserving identity management that bucks the trend towards centralization present in contemporary proposals. DISSENS integrates a technology stack which combines privacy-friendly online payments with self-sovereign personal data management using a decentralized directory service. This enables users to be in complete control of their digital identity and personal information while at the same time being able to selectively share information necessary to easily use commercial services. Our pilot demonstrates the viability of a sustainable, user-centric, standards-compliant and accessible use case for public service employees and students in the domain of retail e-commerce. We leverage innovative technologies including self-sovereign identity, privacy credentials, and privacy-friendly digital payments in combination with established standards to provide easy-to-adapt templates for the integration of various scenarios and use cases.
  • Publication
    A Systematic Review on Model Watermarking for Neural Networks
    ( 2021)
    Boenisch, F.
    Machine learning (ML) models are applied in an increasing variety of domains. The availability of large amounts of data and computational resources encourages the development of ever more complex and valuable models. These models are considered the intellectual property of the legitimate parties who have trained them, which makes their protection against stealing, illegitimate redistribution, and unauthorized application an urgent need. Digital watermarking presents a strong mechanism for marking model ownership and, thereby, offers protection against those threats. This work presents a taxonomy identifying and analyzing different classes of watermarking schemes for ML models. It introduces a unified threat model to allow structured reasoning on and comparison of the effectiveness of watermarking methods in different scenarios. Furthermore, it systematizes desired security requirements and attacks against ML model watermarking. Based on that framework, representative literature from the field is surveyed to illustrate the taxonomy. Finally, shortcomings and general limitations of existing approaches are discussed, and an outlook on future research directions is given.
  • Publication
    Chosen Ciphertext k-Trace Attacks on Masked CCA2 Secure Kyber
    ( 2021)
    Hamburg, Mike
    ;
    Hermelink, Julius
    ;
    Primas, Robert
    ;
    Samardjiska, Simona
    ;
    Schamberger, Thomas
    ;
    ; ;
    Vredendaal, Christine van
    Single-trace attacks are a considerable threat to implementations of classic public-key schemes, and their implications on newer lattice-based schemes are still not well understood. Two recent works have presented successful single-trace attacks targeting the Number Theoretic Transform (NTT), which is at the heart of many lattice-based schemes. However, these attacks either require a quite powerful side-channel adversary or are restricted to specific scenarios such as the encryption of ephemeral secrets. It is still an open question if such attacks can be performed by simpler adversaries while targeting more common public-key scenarios. In this paper, we answer this question positively. First, we present a method for crafting ring/module-LWE ciphertexts that result in sparse polynomials at the input of inverse NTT computations, independent of the used private key. We then demonstrate how this sparseness can be incorporated into a side-channel attack, thereby significantly improving noise resistance of the attack compared to previous works. The effectiveness of our attack is shown on the use-case of CCA2 secure Kyber k-module-LWE, where k ∈ {2, 3, 4}. Our k-trace attack on the long-term secret can handle noise up to a s < 1.2 in the noisy Hamming weight leakage model, also for masked implementations. A 2k-trace variant for Kyber1024 even allows noise s < 2.2 also in the masked case, with more traces allowing us to recover keys up to s < 2.7. Single-trace attack variants have a noise tolerance depending on the Kyber parameter set, ranging from s < 0.5 to s < 0.7. As a comparison, similar previous attacks in the masked setting were only successful with s < 0.5.
  • Publication
    The Stream Exchange Protocol: A Secure and Lightweight Tool for Decentralized Connection Establishment
    ( 2021)
    Tatschner, S.
    ;
    Jarisch, F.
    ;
    Giehl, A.
    ;
    Plaga, S.
    ;
    Newe, T.
    With the growing availability and prevalence of internet-capable devices, the complexity of networks and associated connection management increases. Depending on the use case, different approaches in handling connectivity have emerged over the years, tackling diverse challenges in each distinct area. Exposing centralized web-services facilitates reachability; distributing information in a peer-to-peer fashion offers availability; and segregating virtual private sub-networks promotes confidentiality. A common challenge herein lies in connection establishment, particularly in discovering, and securely connecting to peers. However, unifying different aspects, including the usability, scalability, and security of this process in a single framework, remains a challenge. In this paper, we present the Stream Exchange Protocol (SEP) collection, which provides a set of building blocks for secure, lightweight, and decentralized connection establishment. These building blocks use unique identities that enable both the identification and authentication of single communication partners. By utilizing federated directories as decentralized databases, peers are able to reliably share authentic data, such as current network locations and available endpoints. Overall, this collection of building blocks is universally applicable, easy to use, and protected by state-of-the-art security mechanisms by design. We demonstrate the capabilities and versatility of the SEP collection by providing three tools that utilize our building blocks: a decentralized file sharing application, a point-to-point network tunnel using the SEP trust model, and an application that utilizes our decentralized discovery mechanism for authentic and asynchronous data distribution.
  • Publication
    Analyzing requirements for post quantum secure machine readable travel documents
    ( 2021)
    Morgner, F.
    ;
    Heyden, J. von der
    In a post-quantum world, the security of digital signatures and key agreements mechanisms used for Machine Readable Travel Documents (MRTDs) will be threatened by Shor's algorithm. Due to the long validity period of MRTDs, upgrading travel documents with practical mechanisms which are resilient to attacks using quantum computers is an urgent issue. In this paper, we analyze potential quantum-resistant replacements that are suitable for those protocols and the ressource-constrained environment of embedded security chips.
  • Publication
    Activation Anomaly Analysis
    Inspired by recent advances in coverage-guided analysis of neural networks, we propose a novel anomaly detection method. We show that the hidden activation values contain information useful to distinguish between normal and anomalous samples. Our approach combines three neural networks in a purely data-driven end-to-end model. Based on the activation values in the target network, the alarm network decides if the given sample is normal. Thanks to the anomaly network, our method even works in semi-supervised settings. Strong anomaly detection results are achieved on common data sets surpassing current baseline methods. Our semi-supervised anomaly detection method allows to inspect large amounts of data for anomalies across various applications.
  • Publication
    Cloud Property Graph: Connecting Cloud Security Assessments with Static Code Analysis
    ( 2021)
    Banse, C.
    ;
    Kunz, I.
    ;
    Schneider, A.
    ;
    Weiss, K.
    In this paper, we present the Cloud Property Graph (CloudPG), which bridges the gap between static code analysis and runtime security assessment of cloud services. The CloudPG is able to resolve data flows between cloud applications deployed on different resources, and contextualizes the graph with runtime information, such as encryption settings. To provide a vendorand technology-independent representation of a cloud service's security posture, the graph is based on an ontology of cloud resources, their functionalities and security features. We show, using an example, that our CloudPG framework can be used by security experts to identify weaknesses in their cloud deployments, spanning multiple vendors or technologies, such as AWS, Azure and Kubernetes. This includes misconfigurations, such as publicly accessible storages or undesired data flows within a cloud service, as restricted by regulations such as GDPR.