Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

Reset filters

Settings
Now showing 1 - 10 of 247
No Thumbnail Available
Publication

Sovereignly Donating Medical Data as a Patient: A Technical Approach

2022 , Lauf, Florian , Meyer zum Felde, Hendrik , Klötgen, Marcel , Brandstädter, Robin , Schönborn, Robin

Data is the new asset of the 21st century, and many new business models are based on data. However, data is also needed in the medical research domain, such as in the procedure of applying new machine learning methods for gaining new medical findings. Furthermore, the hurdle arises that medical data comprises personal data, and thus, it requires particular care and protection. Hence, patients must consent to the data donation process for general medical research but without selecting specific research projects. We argue that patients must gain more influence in the data donation process to cover this lack of data sovereignty. Therefore, we developed a concept and implementation empowering patients to make sovereign decisions about donating their medical data to specific medical research projects. Our work comprises concepts of the Medical Informatics Initiative, International Data Spaces, and MY DATA Control Technologies with new specific elements combining these components. This approach of patient empowerment enables a new kind of data sovereignty in the medical research domain.

View
No Thumbnail Available
Publication

Advanced System Resiliency Based on Virtualization Techniques for IoT Devices

2021 , Röckl, J. , Protsenko, M. , Huber, M. , Müller, T. , Freiling, F.C.

An increasing number of powerful devices are equipped with network connectivity and are connected to the Internet of Things (IoT). Influenced by the steady growth of computing power of the devices, the paradigm of IoT-based service deployment is expected to change, following the example of cloud-based infrastructure: An embedded platform can be provided as-a-service to several independent application service suppliers. This fosters additional challenges concerning security and isolation. At the same time, recently revealed critical vulnerabilities like Ripple20 and Amnesia:33 show that embedded devices are not spared from wide-spread attacks. In this paper, we define new trusted computing concepts, focusing on privilege separation among several entities sharing one physical device. The concepts guarantee remote recovery capabilities within a bounded amount of time, even if notable portions of the software stack have been compromised. We derive a resilient system architecture suitable for the secure operation of multiple isolated services on one embedded device. We integrate an interface for detecting intrusions and anomalies to enable the automatic recovery of compromised devices and prototype our system on a Nitrogen8M development board. Our evaluation shows that the overhead in terms of network throughput and CPU performance is low so that we believe that our concept is a meaningful step towards more resilient future IoT devices.

View
No Thumbnail Available
Publication

Machine learning of physical unclonable functions using helper data. Revealing a pitfall in the fuzzy commitment scheme

2021 , Strieder, E. , Frisch, C. , Pehl, M.

Physical Unclonable Functions (PUFs) are used in various key-generation schemes and protocols. Such schemes are deemed to be secure even for PUFs with challenge-response behavior, as long as no responses and no reliability information about the PUF are exposed. This work, however, reveals a pitfall in these constructions: When using state-of-the-art helper data algorithms to correct noisy PUF responses, an attacker can exploit the publicly accessible helper data and challenges. We show that with this public information and the knowledge of the underlying error correcting code, an attacker can break the security of the system: The redundancy in the error correcting code reveals machine learnable features and labels. Learning these features and labels results in a predictive model for the dependencies between different challenge-response pairs (CRPs) without direct access to the actual PUF response. We provide results based on simulated data of a k-SUM PUF model and an Ar biter PUF model. We also demonstrate the attack for a k-SUM PUF model generated from real data and discuss the impact on more recent PUF constructions such as the Multiplexer PUF and the Interpose PUF. The analysis reveals that especially the frequently used repetition code is vulnerable: For a SUM-PUF in combination with a repetition code, e.g., already the observation of 800 challenges and helper data bits suffices to reduce the entropy of the key down to one bit. The analysis also shows that even other linear block codes like the BCH, the Reed-Muller, or the Single Parity Check code are affected by the problem. The code-dependent insights we gain from the analysis allow us to suggest mitigation strategies for the identified attack. While the shown vulnerability advances Machine Learning (ML) towards realistic attacks on key-storage systems with PUFs, our analysis also facilitates a better understanding and evaluation of existing approaches and protocols with PUFs.

View
No Thumbnail Available
Publication

Decentralized Identities for Self-sovereign End-users (DISSENS)

2021 , Schanzenbach, Martin , Grothoff, Christian , Wenger, Hansjürg , Kaul, Maximilian

This paper describes a comprehensive architecture and reference implementation for privacy-preserving identity management that bucks the trend towards centralization present in contemporary proposals. DISSENS integrates a technology stack which combines privacy-friendly online payments with self-sovereign personal data management using a decentralized directory service. This enables users to be in complete control of their digital identity and personal information while at the same time being able to selectively share information necessary to easily use commercial services. Our pilot demonstrates the viability of a sustainable, user-centric, standards-compliant and accessible use case for public service employees and students in the domain of retail e-commerce. We leverage innovative technologies including self-sovereign identity, privacy credentials, and privacy-friendly digital payments in combination with established standards to provide easy-to-adapt templates for the integration of various scenarios and use cases.

View
No Thumbnail Available
Publication

Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC

2022 , Gross, M. , Jacob, N. , Zankl, A. , Sigl, G.

FPGA-SoCs are heterogeneous embedded computing platforms consisting of reconfigurable hardware and high-performance processing units. This combination offers flexibility and good performance for the design of embedded systems. However, allowing the sharing of resources between an FPGA and an embedded CPU enables possible attacks from one system on the other. This work demonstrates that a malicious hardware block contained inside the reconfigurable logic can manipulate the memory and peripherals of the CPU. Previous works have already considered direct memory access attacks from malicious logic on platforms containing no memory isolation mechanism. In this work, such attacks are investigated on a modern platform which contains state-of-the-art memory and peripherals isolation mechanisms. We demonstrate two attacks capable of compromising a Trusted Execution Environment based on ARM TrustZone and show a new attack capable of bypassing the secure boot configuration set by a device owner via the manipulation of Battery-Backed RAM and eFuses from malicious logic.

View
No Thumbnail Available
Publication

DA3G: Detecting Adversarial Attacks by Analysing Gradients

2021 , Schulze, J.-P. , Sperl, P. , Böttinger, K.

Deep learning models are vulnerable to specifically crafted inputs, called adversarial examples. In this paper, we present DA3G, a novel method to reliably detect evasion attacks on neural networks. We analyse the behaviour of the network under test on the given input sample. Compared to the benign training data, adversarial examples cause a discrepancy between visual and causal perception. Although visually close to a benign input class, the output is shifted at the attacker's will. DA3G detects these changes in the pattern of the gradient using an auxiliary neural network. Our end-to-end approach readily integrates with a variety of existing architectures. DA3G reliably detects known as well as unknown attacks and increases the difficulty of adaptive attacks.

View
No Thumbnail Available
Publication

The Stream Exchange Protocol: A Secure and Lightweight Tool for Decentralized Connection Establishment

2021 , Tatschner, S. , Jarisch, F. , Giehl, A. , Plaga, S. , Newe, T.

With the growing availability and prevalence of internet-capable devices, the complexity of networks and associated connection management increases. Depending on the use case, different approaches in handling connectivity have emerged over the years, tackling diverse challenges in each distinct area. Exposing centralized web-services facilitates reachability; distributing information in a peer-to-peer fashion offers availability; and segregating virtual private sub-networks promotes confidentiality. A common challenge herein lies in connection establishment, particularly in discovering, and securely connecting to peers. However, unifying different aspects, including the usability, scalability, and security of this process in a single framework, remains a challenge. In this paper, we present the Stream Exchange Protocol (SEP) collection, which provides a set of building blocks for secure, lightweight, and decentralized connection establishment. These building blocks use unique identities that enable both the identification and authentication of single communication partners. By utilizing federated directories as decentralized databases, peers are able to reliably share authentic data, such as current network locations and available endpoints. Overall, this collection of building blocks is universally applicable, easy to use, and protected by state-of-the-art security mechanisms by design. We demonstrate the capabilities and versatility of the SEP collection by providing three tools that utilize our building blocks: a decentralized file sharing application, a point-to-point network tunnel using the SEP trust model, and an application that utilizes our decentralized discovery mechanism for authentic and asynchronous data distribution.

View
No Thumbnail Available
Publication

Mobile Contactless Fingerprint Recognition: Implementation, Performance and Usability Aspects

2022 , Priesnitz, J. , Huesmann, R. , Rathgeb, C. , Buchmann, N. , Busch, C.

This work presents an automated contactless fingerprint recognition system for smart-phones. We provide a comprehensive description of the entire recognition pipeline and discuss important requirements for a fully automated capturing system. In addition, our implementation is made publicly available for research purposes. During a database acquisition, a total number of 1360 contactless and contact-based samples of 29 subjects are captured in two different environmental situations. Experiments on the acquired database show a comparable performance of our contactless scheme and the contact-based baseline scheme under constrained environmental influences. A comparative usability study on both capturing device types indicates that the majority of subjects prefer the contactless capturing method. Based on our experimental results, we analyze the impact of the current COVID-19 pandemic on fingerprint recognition systems. Finally, implementation aspects of contactless fingerp rint recognition are summarized.

View
No Thumbnail Available
Publication

GAIA-X and IDS

2021 , Otto, Boris , Rubina, Alina , Eitel, Andreas , Teuscher, Andreas , Schleimer, Anna Maria , Lange, Christoph , Stingl, Dominik , Loukipoudis, Evgueni , Brost, Gerd , Boege, Gernot , Pettenpohl, Heinrich , Langkau, Jörg , Gelhaar, Joshua , Mitani, Koki , Hupperz, Marius , Huber, Monika , Jahnke, Nils , Brandstädter, Robin , Wessel, Sascha , Bader, Sebastian

View
No Thumbnail Available
Publication

Tapeout of a RISC-V crypto chip with hardware trojans: A case-study on trojan design and pre-silicon detectability

2021 , Hepp, A. , Sigl, G.

This paper presents design and integration of four hardware Trojans (HTs) into a post-quantum-crypto-enhanced RISC-V micro-controller, which was taped-out in September 2020. We cover multiple HTs ranging from a simple denial-of-service HT to a side-channel HT transmitting arbitrary information to external observers. For each HT, we give estimations of the detectability by the microcontroller-integration team using design tools or by simulation. We conclude that some HTs are easily detected by design-tool warnings. Other powerful HTs, modifying software control flow, cause little disturbance, but require covert executable code modifications. With this work, we strengthen awareness for HT risks and present a realistic testing device for HT detection tools.

View