1 - 10 of 247
-
PublicationSovereignly Donating Medical Data as a Patient: A Technical Approach( 2022)Data is the new asset of the 21st century, and many new business models are based on data. However, data is also needed in the medical research domain, such as in the procedure of applying new machine learning methods for gaining new medical findings. Furthermore, the hurdle arises that medical data comprises personal data, and thus, it requires particular care and protection. Hence, patients must consent to the data donation process for general medical research but without selecting specific research projects. We argue that patients must gain more influence in the data donation process to cover this lack of data sovereignty. Therefore, we developed a concept and implementation empowering patients to make sovereign decisions about donating their medical data to specific medical research projects. Our work comprises concepts of the Medical Informatics Initiative, International Data Spaces, and MY DATA Control Technologies with new specific elements combining these components. This approach of patient empowerment enables a new kind of data sovereignty in the medical research domain.
-
PublicationBreaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC( 2022)FPGA-SoCs are heterogeneous embedded computing platforms consisting of reconfigurable hardware and high-performance processing units. This combination offers flexibility and good performance for the design of embedded systems. However, allowing the sharing of resources between an FPGA and an embedded CPU enables possible attacks from one system on the other. This work demonstrates that a malicious hardware block contained inside the reconfigurable logic can manipulate the memory and peripherals of the CPU. Previous works have already considered direct memory access attacks from malicious logic on platforms containing no memory isolation mechanism. In this work, such attacks are investigated on a modern platform which contains state-of-the-art memory and peripherals isolation mechanisms. We demonstrate two attacks capable of compromising a Trusted Execution Environment based on ARM TrustZone and show a new attack capable of bypassing the secure boot configuration set by a device owner via the manipulation of Battery-Backed RAM and eFuses from malicious logic.
-
PublicationMobile Contactless Fingerprint Recognition: Implementation, Performance and Usability Aspects( 2022)This work presents an automated contactless fingerprint recognition system for smart-phones. We provide a comprehensive description of the entire recognition pipeline and discuss important requirements for a fully automated capturing system. In addition, our implementation is made publicly available for research purposes. During a database acquisition, a total number of 1360 contactless and contact-based samples of 29 subjects are captured in two different environmental situations. Experiments on the acquired database show a comparable performance of our contactless scheme and the contact-based baseline scheme under constrained environmental influences. A comparative usability study on both capturing device types indicates that the majority of subjects prefer the contactless capturing method. Based on our experimental results, we analyze the impact of the current COVID-19 pandemic on fingerprint recognition systems. Finally, implementation aspects of contactless fingerp rint recognition are summarized.
-
PublicationDoes Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes( 2021)The amount of time in which a sample is executed is one of the key parameters of a malware analysis sandbox. Setting the threshold too high hinders the scalability and reduces the number of samples that can be analyzed in a day; too low and the samples may not have the time to show their malicious behavior, thus reducing the amount and quality of the collected data. Therefore, an analyst needs to find the 'sweet spot' that allows to collect only the minimum amount of information required to properly classify each sample. Anything more is wasting resources, anything less is jeopardizing the experiments. Despite its importance, there are no clear guidelines on how to choose this parameter, nor experiments that can help companies to assess the pros and cons of a choice over another. To fill this gap, in this paper we provide the first large-scale study of the impact that the execution time has on both the amount and the quality of the collected events. We measure the evolution of system calls and code coverage, to draw a precise picture of the fraction of runtime behavior we can expect to observe in a sandbox. Finally, we implemented a machine learning based malware detection method, and applied it to the data collected in different time windows, to also report on the relevance of the events observed at different points in time. Our results show that most samples run for either less than two minutes or for more than ten. However, most of the behavior (and 98% of the executed basic blocks) are observed during the first two minutes of execution, which is also the time windows that result in a higher accuracy of our ML classifier. We believe this information can help future researchers and industrial sandboxes to better tune their analysis systems.
-
PublicationA Comparative Security Analysis of the German Federal Postal Voting Process( 2021)
-
PublicationDecentralized Identities for Self-sovereign End-users (DISSENS)( 2021)This paper describes a comprehensive architecture and reference implementation for privacy-preserving identity management that bucks the trend towards centralization present in contemporary proposals. DISSENS integrates a technology stack which combines privacy-friendly online payments with self-sovereign personal data management using a decentralized directory service. This enables users to be in complete control of their digital identity and personal information while at the same time being able to selectively share information necessary to easily use commercial services. Our pilot demonstrates the viability of a sustainable, user-centric, standards-compliant and accessible use case for public service employees and students in the domain of retail e-commerce. We leverage innovative technologies including self-sovereign identity, privacy credentials, and privacy-friendly digital payments in combination with established standards to provide easy-to-adapt templates for the integration of various scenarios and use cases.
-
PublicationTapeout of a RISC-V crypto chip with hardware trojans: A case-study on trojan design and pre-silicon detectability( 2021)This paper presents design and integration of four hardware Trojans (HTs) into a post-quantum-crypto-enhanced RISC-V micro-controller, which was taped-out in September 2020. We cover multiple HTs ranging from a simple denial-of-service HT to a side-channel HT transmitting arbitrary information to external observers. For each HT, we give estimations of the detectability by the microcontroller-integration team using design tools or by simulation. We conclude that some HTs are easily detected by design-tool warnings. Other powerful HTs, modifying software control flow, cause little disturbance, but require covert executable code modifications. With this work, we strengthen awareness for HT risks and present a realistic testing device for HT detection tools.
-
PublicationMachine learning of physical unclonable functions using helper data. Revealing a pitfall in the fuzzy commitment scheme( 2021)Physical Unclonable Functions (PUFs) are used in various key-generation schemes and protocols. Such schemes are deemed to be secure even for PUFs with challenge-response behavior, as long as no responses and no reliability information about the PUF are exposed. This work, however, reveals a pitfall in these constructions: When using state-of-the-art helper data algorithms to correct noisy PUF responses, an attacker can exploit the publicly accessible helper data and challenges. We show that with this public information and the knowledge of the underlying error correcting code, an attacker can break the security of the system: The redundancy in the error correcting code reveals machine learnable features and labels. Learning these features and labels results in a predictive model for the dependencies between different challenge-response pairs (CRPs) without direct access to the actual PUF response. We provide results based on simulated data of a k-SUM PUF model and an Ar biter PUF model. We also demonstrate the attack for a k-SUM PUF model generated from real data and discuss the impact on more recent PUF constructions such as the Multiplexer PUF and the Interpose PUF. The analysis reveals that especially the frequently used repetition code is vulnerable: For a SUM-PUF in combination with a repetition code, e.g., already the observation of 800 challenges and helper data bits suffices to reduce the entropy of the key down to one bit. The analysis also shows that even other linear block codes like the BCH, the Reed-Muller, or the Single Parity Check code are affected by the problem. The code-dependent insights we gain from the analysis allow us to suggest mitigation strategies for the identified attack. While the shown vulnerability advances Machine Learning (ML) towards realistic attacks on key-storage systems with PUFs, our analysis also facilitates a better understanding and evaluation of existing approaches and protocols with PUFs.
-
PublicationMESH: A Memory-Efficient Safe Heap for C/C++( 2021)While memory corruption bugs stemming from the use of unsafe programming languages are an old and well-researched problem, the resulting vulnerabilities still dominate real-world exploitation today. Various mitigations have been proposed to alleviate the problem, mainly in the form of language dialects, static program analysis, and code or binary instrumentation. Solutions like AdressSanitizer (ASan) and Softbound/CETS have proven that the latter approach is very promising, being able to achieve memory safety without requiring manual source code adaptions, albeit suffering substantial performance and memory overheads. While performance overhead can be seen as a flexible constraint, extensive memory overheads can be prohibitive for the use of such solutions in memory-constrained environments. To address this problem, we propose MESH, a highly memory-efficient safe heap for C/C++. With its constant, very small memory overhead (configurable up to 2 MB on x86-64) and constant complexity for pointer access checking, MESH offers efficient, byte-precise spatial and temporal memory safety for memory-constrained scenarios. Without jeopardizing the security of safe heap objects, MESH is fully compatible with existing code and uninstrumented libraries, making it practical to use in heterogeneous environments. We show the feasibility of our approach with a full LLVM-based prototype supporting both major architectures, i.e., x86-64 and ARM64, in a Linux runtime environment. Our prototype evaluation shows that, compared to ASan and Softbound/CETS, MESH can achieve huge memory savings while preserving similar execution performance.
-
PublicationDA3G: Detecting Adversarial Attacks by Analysing Gradients( 2021)Deep learning models are vulnerable to specifically crafted inputs, called adversarial examples. In this paper, we present DA3G, a novel method to reliably detect evasion attacks on neural networks. We analyse the behaviour of the network under test on the given input sample. Compared to the benign training data, adversarial examples cause a discrepancy between visual and causal perception. Although visually close to a benign input class, the output is shifted at the attacker's will. DA3G detects these changes in the pattern of the gradient using an auxiliary neural network. Our end-to-end approach readily integrates with a variety of existing architectures. DA3G reliably detects known as well as unknown attacks and increases the difficulty of adaptive attacks.
