Publications

• Verify your Labels! Trustworthy Predictions and Datasets via Confidence Scores. Krauß, Torsten; Stang, Jasper; Dmitrienko, Alexandra; in the 33rd USENIX Security Symposium (USENIX Security 2024) (2024).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Machine learning is a rapidly evolving technology with manifold benefits. At its core lies the mapping between samples and corresponding target labels (SL-Mappings). Such mappings can originate from labeled dataset samples or from prediction generated during model inference. The correctness of SL-Mappings is crucial, both during training and for model predictions, especially when considering poisoning attacks. Existing standalone works from the dataset cleaning and prediction confidence scoring domains lack a dual-use tool offering an SL-Mappings score, which is impractical. Moreover, these works have drawbacks, e.g., dependence on specific model architectures and reliance on large datasets, which may not be accessible, or lack a meaningful confidence score. In this paper, we introduce LabelTrust, a versatile tool designed to generate confidence scores for SL-Mappings. We propose pipelines facilitating dataset cleaning and confidence scoring, mitigating the limitations of existing standalone approaches from each domain. Thereby, LabelTrust leverages a Siamese network trained via few-shot learning, requiring minimal clean samples and is agnostic to datasets and model architectures. We demonstrate LabelTrust’s efficacy in detecting poisoning attacks within samples and predictions alike, with a modest one-time training overhead of 34.56 seconds and an evaluation time of less than 1 second per SL-Mapping.

  @article{krauss2024verify, abstract = {Machine learning is a rapidly evolving technology with manifold benefits. At its core lies the mapping between samples and corresponding target labels (SL-Mappings). Such mappings can originate from labeled dataset samples or from prediction generated during model inference. The correctness of SL-Mappings is crucial, both during training and for model predictions, especially when considering poisoning attacks. Existing standalone works from the dataset cleaning and prediction confidence scoring domains lack a dual-use tool offering an SL-Mappings score, which is impractical. Moreover, these works have drawbacks, e.g., dependence on specific model architectures and reliance on large datasets, which may not be accessible, or lack a meaningful confidence score. In this paper, we introduce LabelTrust, a versatile tool designed to generate confidence scores for SL-Mappings. We propose pipelines facilitating dataset cleaning and confidence scoring, mitigating the limitations of existing standalone approaches from each domain. Thereby, LabelTrust leverages a Siamese network trained via few-shot learning, requiring minimal clean samples and is agnostic to datasets and model architectures. We demonstrate LabelTrust’s efficacy in detecting poisoning attacks within samples and predictions alike, with a modest one-time training overhead of 34.56 seconds and an evaluation time of less than 1 second per SL-Mapping.}, author = {Krauß, Torsten and Stang, Jasper and Dmitrienko, Alexandra}, journal = {the 33rd USENIX Security Symposium (USENIX Security 2024)}, keywords = {sssgroup}, title = {Verify your Labels! Trustworthy Predictions and Datasets via Confidence Scores}, year = 2024 }
• SPOQchain: Platform for Secure, Scalable, and Privacy-preserving Supply Chain Tracing and Counterfeit Protection. Finke, Moritz; Thesis; Master Thesis. (2024, June).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Product counterfeiting continues to cause damage for the global economy and poses consid- erable safety risks for consumers. The need for automated product verification systems is emphasized exemplarily by Customer-to-Customer (C2C) platforms that deal with prod- ucts of unknown origin and currently require significant additional work to verify the authenticity of incoming goods. To address the lack of trustworthy central instances and limited traceability within supply chains, several systems for product tracing have been proposed in recent years that employ blockchain technology. In some approaches, product identification is additionally secured through Physical Unclonable Functions (PUFs) that cannot be copied by counterfeiters. While the use of blockchain offers increased trust, it is also associated with considerable performance losses and increased transparency, limiting global deployments and risking the privacy of its users users. This work presents SPOQchain, a novel platform for the management of product lifecycles and counterfeit detection. With SPOQchain, a scalable, more efficient use of blockchains is achieved through the intelligent batching of individual products. By covering the entire lifecycle, SPOQchain can not only be used for tracing within supply chains but also for securing C2C relations. Users retain their privacy and decide autonomously over passing on product data. SPOQchain allows the physical verification by means of any desired PUF and incorporates current advancements that enable more efficient verification using Zero Knowledge (ZK) proofs. With this work, the architecture of SPOQchain is specified and compared with existing approaches. Furthermore, different operational modes of SPOQchain are discussed and its implementation as a software library, decentralized client, and backend system is de- scribed. Finally, the system’s security aspects are discussed in regard to potential attacks. Furthermore, the impact on user privacy and the performance of the utilized blockchain are evaluated. It is shown that SPOQchain is a beneficial solution for supply chain par- ticipants, end customers, etc., and that it enables insights into product lifecycles with minimal effort.

  @mastersthesis{finke2024spoqchain, abstract = {Product counterfeiting continues to cause damage for the global economy and poses consid- erable safety risks for consumers. The need for automated product verification systems is emphasized exemplarily by Customer-to-Customer (C2C) platforms that deal with prod- ucts of unknown origin and currently require significant additional work to verify the authenticity of incoming goods. To address the lack of trustworthy central instances and limited traceability within supply chains, several systems for product tracing have been proposed in recent years that employ blockchain technology. In some approaches, product identification is additionally secured through Physical Unclonable Functions (PUFs) that cannot be copied by counterfeiters. While the use of blockchain offers increased trust, it is also associated with considerable performance losses and increased transparency, limiting global deployments and risking the privacy of its users users. This work presents SPOQchain, a novel platform for the management of product lifecycles and counterfeit detection. With SPOQchain, a scalable, more efficient use of blockchains is achieved through the intelligent batching of individual products. By covering the entire lifecycle, SPOQchain can not only be used for tracing within supply chains but also for securing C2C relations. Users retain their privacy and decide autonomously over passing on product data. SPOQchain allows the physical verification by means of any desired PUF and incorporates current advancements that enable more efficient verification using Zero Knowledge (ZK) proofs. With this work, the architecture of SPOQchain is specified and compared with existing approaches. Furthermore, different operational modes of SPOQchain are discussed and its implementation as a software library, decentralized client, and backend system is de- scribed. Finally, the system’s security aspects are discussed in regard to potential attacks. Furthermore, the impact on user privacy and the performance of the utilized blockchain are evaluated. It is shown that SPOQchain is a beneficial solution for supply chain par- ticipants, end customers, etc., and that it enables insights into product lifecycles with minimal effort.}, author = {Finke, Moritz;}, keywords = {sssgroup}, month = {06}, publisher = {Master Thesis}, school = {University of Würzburg}, title = {SPOQchain: Platform for Secure, Scalable, and Privacy-preserving Supply Chain Tracing and Counterfeit Protection}, year = 2024 }
• PUF-based Authentication in IoT against Strong Physical Adversary using Zero-Knowledge Proofs. Petzi, Lukas; Dmitrienko, Alexandra; Visconti, Ivan; in SafeThings (2024).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @article{petzi2024pufbased, author = {Petzi, Lukas and Dmitrienko, Alexandra and Visconti, Ivan}, journal = {SafeThings}, keywords = {iot}, title = {PUF-based Authentication in IoT against Strong Physical Adversary using Zero-Knowledge Proofs}, year = 2024 }
• Time-Aware Face Anti-Spoofing with Rotation Invariant Local Binary Patterns and Deep Learning. Finke, Moritz; Dmitrienko, Alexandra; in ArXiv | arXiv:2408.14829 (2024).
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  @article{noauthororeditor2024, author = {Finke, Moritz and Dmitrienko, Alexandra}, journal = {ArXiv | arXiv:2408.14829}, keywords = {facialauthentication}, title = {Time-Aware Face Anti-Spoofing with Rotation Invariant Local Binary Patterns and Deep Learning}, year = 2024 }
• FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning. Fereidooni, Hossein; Pegoraro, Alessandro; Rieger, Phillip; Dmitrienko, Alexandra; Sadeghi, Ahmad-Reza; in ArXiv | arXiv:2312.04432v2 (2024).
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  @article{fereidooni2024freqfed, author = {Fereidooni, Hossein and Pegoraro, Alessandro and Rieger, Phillip and Dmitrienko, Alexandra and Sadeghi, Ahmad-Reza}, journal = {ArXiv | arXiv:2312.04432v2}, keywords = {sss-group}, title = {FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning}, year = 2024 }
• ClearStamp: A Human-Visible and Robust Model-Ownership Proof based on Transposed Model Training. Krauß, Torsten; Stang, Jasper; Dmitrienko, Alexandra; in the 33rd USENIX Security Symposium (USENIX Security 2024) (2024).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Due to costly efforts during data acquisition and model training, Deep Neural Networks (DNNs) belong to the intellectual property of the model creator. Hence, unauthorized use, theft, or modification may lead to legal repercussions. Existing DNN watermarking methods for ownership proof are often non-intuitive, embed human-invisible marks, require trust in algorithmic assessment that lacks human-understandable attributes, and rely on rigid thresholds, making it susceptible to failure in cases of partial watermark erasure. This paper introduces ClearStamp, the first DNN watermarking method designed for intuitive human assessment. ClearStamp embeds visible watermarks, enabling human decision-making without rigid value thresholds while allowing technology-assisted evaluations. ClearStamp defines a transposed model architecture allowing to use of the model in a backward fashion to interwove the watermark with the main task within all model parameters. Compared to existing watermarking methods, ClearStamp produces visual watermarks that are easy for humans to understand without requiring complex verification algorithms or strict thresholds. The watermark is embedded within all model parameters and entangled with the main task, exhibiting superior robustness. It shows an 8,544-bit watermark capacity comparable to the strongest existing work. Crucially, ClearStamp’s effectiveness is model and dataset-agnostic, and resilient against adversarial model manipulations, as demonstrated in a comprehensive study performed with four datasets and seven architectures.

  @article{torsten2024clearstamp, abstract = {Due to costly efforts during data acquisition and model training, Deep Neural Networks (DNNs) belong to the intellectual property of the model creator. Hence, unauthorized use, theft, or modification may lead to legal repercussions. Existing DNN watermarking methods for ownership proof are often non-intuitive, embed human-invisible marks, require trust in algorithmic assessment that lacks human-understandable attributes, and rely on rigid thresholds, making it susceptible to failure in cases of partial watermark erasure. This paper introduces ClearStamp, the first DNN watermarking method designed for intuitive human assessment. ClearStamp embeds visible watermarks, enabling human decision-making without rigid value thresholds while allowing technology-assisted evaluations. ClearStamp defines a transposed model architecture allowing to use of the model in a backward fashion to interwove the watermark with the main task within all model parameters. Compared to existing watermarking methods, ClearStamp produces visual watermarks that are easy for humans to understand without requiring complex verification algorithms or strict thresholds. The watermark is embedded within all model parameters and entangled with the main task, exhibiting superior robustness. It shows an 8,544-bit watermark capacity comparable to the strongest existing work. Crucially, ClearStamp’s effectiveness is model and dataset-agnostic, and resilient against adversarial model manipulations, as demonstrated in a comprehensive study performed with four datasets and seven architectures.}, author = {Krauß, Torsten and Stang, Jasper and Dmitrienko, Alexandra}, journal = {the 33rd USENIX Security Symposium (USENIX Security 2024)}, keywords = {sssgroup}, title = {ClearStamp: A Human-Visible and Robust Model-Ownership Proof based on Transposed Model Training}, year = 2024 }
• Triple-S: Security Scoring System for IoT Devices. Finke, Moritz; Dmitrienko, Alexandra; in IEEE International Conference on Omni-layer Intelligent Systems (COINS) (2024).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @article{finke2024triples, author = {Finke, Moritz and Dmitrienko, Alexandra}, journal = {IEEE International Conference on Omni-layer Intelligent Systems (COINS)}, keywords = {sssgroup}, title = {Triple-S: Security Scoring System for IoT Devices}, year = 2024 }
• Automatic Adversarial Adaption for Stealthy Poisoning Attacks in Federated Learning. Krauß, Torsten; König, Jan; Dmitrienko, Alexandra; Kanzow, Christian; in the Network and Distributed System Security Symposium (NDSS) (2024).
  • [ BibTeX ]
  • [ BibSonomy-Post ]
  @article{krauss2024automatic, author = {Krauß, Torsten and König, Jan and Dmitrienko, Alexandra and Kanzow, Christian}, journal = {the Network and Distributed System Security Symposium (NDSS)}, keywords = {jankounig}, title = {Automatic Adversarial Adaption for Stealthy Poisoning Attacks in Federated Learning}, year = 2024 }
• CrowdGuard: Federated Backdoor Detection in Federated Learning. Rieger, Phillip; Krauß, Torsten; Miettinen, Markus; Dmitrienko, Alexandra; Sadeghi, Ahmad-Reza; in the Network and Distributed System Security Symposium (NDSS) (2024).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @article{torsten2024crowdguard, author = {Rieger, Phillip and Krauß, Torsten and Miettinen, Markus and Dmitrienko, Alexandra and Sadeghi, Ahmad-Reza}, journal = {the Network and Distributed System Security Symposium (NDSS)}, keywords = {Private_AI}, title = {CrowdGuard: Federated Backdoor Detection in Federated Learning}, year = 2024 }
• Cloud-Based Machine Learning Models as Covert Communication Channels. Krauß, Torsten; Stang, Jasper; Dmitrienko, Alexandra; in the 19th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2024) (2024).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @article{torsten2024cloudbased, author = {Krauß, Torsten and Stang, Jasper and Dmitrienko, Alexandra}, journal = {the 19th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2024)}, keywords = {sssgroup}, title = {Cloud-Based Machine Learning Models as Covert Communication Channels}, year = 2024 }
• FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning. Fereidooni, Hossein; Pegoraro, Alessandro; Rieger, Phillip; Dmitrienko, Alexandra; Sadeghi, Ahmad-Reza; in the Network and Distributed System Security Symposium (NDSS) (2024).
  • [ BibTeX ]
  • [ BibSonomy-Post ]
  @article{fereidooni2024freqfed, author = {Fereidooni, Hossein and Pegoraro, Alessandro and Rieger, Phillip and Dmitrienko, Alexandra and Sadeghi, Ahmad-Reza}, journal = {the Network and Distributed System Security Symposium (NDSS)}, keywords = {sss-group}, title = {FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning}, year = 2024 }
• MirageFlow: A New Bandwidth Inflation Attack on Tor. Sendner, Christoph; Stang, Jasper; Dmitrienko, Alexandra; Wijewickrama, Raveen; Jadliwala, Murtuza; in the Network and Distributed System Security Symposium (NDSS) (2024).
  • [ BibTeX ]
  • [ BibSonomy-Post ]
  @article{sendner2024mirageflow, author = {Sendner, Christoph and Stang, Jasper and Dmitrienko, Alexandra and Wijewickrama, Raveen and Jadliwala, Murtuza}, journal = {the Network and Distributed System Security Symposium (NDSS)}, keywords = {sss-group}, title = {MirageFlow: A New Bandwidth Inflation Attack on Tor}, year = 2024 }
• SPOQchain: Platform for Secure, Scalable, and Privacy-Preserving Supply Chain Tracing and Counterfeit Protection. Finke, Moritz; Dmitrienko, Alexandra; Stang, Jasper; in ArXiv | arXiv:2408.17049 (2024).
  • [ Abstract ]
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  Product lifecycle tracing is increasingly in the focus of regulators and producers, as shown with the initiative of the Digital Product Pass. Likewise, new methods of counterfeit detection are developed that are, e.g., based on Physical Unclonable Functions (PUFs). In order to ensure trust and integrity of product lifecycle data, multiple existing supply chain tracing systems are built on blockchain technology. However, only few solutions employ secure identifiers such as PUFs. Furthermore, existing systems that publish the data of individual products, in part fully transparently, have a detrimental impact on scalability and the privacy of users. This work proposes SPOQchain, a novel blockchain-based platform that provides comprehensive lifecycle traceability and originality verification while ensuring high efficiency and user privacy. The improved efficiency is achieved by a sophisticated batching mechanism that removes lifecycle redundancies. In addition to the successful evaluation of SPOQchain's scalability, this work provides a comprehensive analysis of privacy and security aspects, demonstrating the need and qualification of SPOQchain for the future of supply chain tracing.

  @article{finke2024spoqchain, abstract = {Product lifecycle tracing is increasingly in the focus of regulators and producers, as shown with the initiative of the Digital Product Pass. Likewise, new methods of counterfeit detection are developed that are, e.g., based on Physical Unclonable Functions (PUFs). In order to ensure trust and integrity of product lifecycle data, multiple existing supply chain tracing systems are built on blockchain technology. However, only few solutions employ secure identifiers such as PUFs. Furthermore, existing systems that publish the data of individual products, in part fully transparently, have a detrimental impact on scalability and the privacy of users. This work proposes SPOQchain, a novel blockchain-based platform that provides comprehensive lifecycle traceability and originality verification while ensuring high efficiency and user privacy. The improved efficiency is achieved by a sophisticated batching mechanism that removes lifecycle redundancies. In addition to the successful evaluation of SPOQchain's scalability, this work provides a comprehensive analysis of privacy and security aspects, demonstrating the need and qualification of SPOQchain for the future of supply chain tracing.}, author = {Finke, Moritz and Dmitrienko, Alexandra and Stang, Jasper}, journal = {ArXiv | arXiv:2408.17049}, keywords = {sssgroup}, title = {SPOQchain: Platform for Secure, Scalable, and Privacy-Preserving Supply Chain Tracing and Counterfeit Protection}, year = 2024 }
• Kako: Mirai’s Vaccine Using Worm-Like Propagation Methods To Immunize Devices. Hack, Felix; Thesis; Bachelor Thesis. (2024, January).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  In 2016, multiple large Distributed Denial of Service (DDoS) attacks were observed and attributed to a new botnet called Mirai [1]. Instead of personal computers and mobile devices, Mirai targets Internet of Things (IoT) devices like routers and surveillence cam- eras. As these devices are often equipped with insecure credentials by default [2], Mirai features a scanner component to identify devices and target them with a dictionary attack of common logins to gain access to those devices. This poses a threat, as many traditional methods of securing devices are not applicable to IoT, due to their limitations in com- puting power and memory [3]. White-hat approaches were proposed, based on the idea of infecting devices with a benign Mirai, which protects these devices against malicious variants [4]. However, there is a potential danger that users will not be able to access their devices after being protected with a white-hat. In this thesis, we present Kako, our proposed solution for a white-hat Mirai, which aims to address the issue of locking users out of their devices, while ensuring device security. Kako introduces a web-based dashboard that will list all vulnerable devices connected. When Kako is loaded onto a device with insecure credentials, they are automatically changed to secure it. The new login information can then be retrieved from the dashboard, among other data collected, such as the Medium Access Control (MAC) address and the Linux kernel version. The device manufacturer is automatically determined to make recognizing devices easier. Our approach was evaluated in a virtual environment and confirmed to be effective, as machines can no longer be infected with Mirai after being secured with Kako. It is also shown how Mirai’s scanning component can still be used with Kako to automatically secure vulnerable devices. We believe that Kako can be used and extended in further research, to also protect devices from newer incarnations of Mirai and similar botnets.

  @mastersthesis{hack2024mirais, abstract = {In 2016, multiple large Distributed Denial of Service (DDoS) attacks were observed and attributed to a new botnet called Mirai [1]. Instead of personal computers and mobile devices, Mirai targets Internet of Things (IoT) devices like routers and surveillence cam- eras. As these devices are often equipped with insecure credentials by default [2], Mirai features a scanner component to identify devices and target them with a dictionary attack of common logins to gain access to those devices. This poses a threat, as many traditional methods of securing devices are not applicable to IoT, due to their limitations in com- puting power and memory [3]. White-hat approaches were proposed, based on the idea of infecting devices with a benign Mirai, which protects these devices against malicious variants [4]. However, there is a potential danger that users will not be able to access their devices after being protected with a white-hat. In this thesis, we present Kako, our proposed solution for a white-hat Mirai, which aims to address the issue of locking users out of their devices, while ensuring device security. Kako introduces a web-based dashboard that will list all vulnerable devices connected. When Kako is loaded onto a device with insecure credentials, they are automatically changed to secure it. The new login information can then be retrieved from the dashboard, among other data collected, such as the Medium Access Control (MAC) address and the Linux kernel version. The device manufacturer is automatically determined to make recognizing devices easier. Our approach was evaluated in a virtual environment and confirmed to be effective, as machines can no longer be infected with Mirai after being secured with Kako. It is also shown how Mirai’s scanning component can still be used with Kako to automatically secure vulnerable devices. We believe that Kako can be used and extended in further research, to also protect devices from newer incarnations of Mirai and similar botnets.}, author = {Hack, Felix}, keywords = {sssgroup}, month = {01}, publisher = {Bachelor Thesis}, title = {Kako: Mirai’s Vaccine Using Worm-Like Propagation Methods To Immunize Devices}, year = 2024 }
• DNNShield: Embedding Identifiers for Deep Neural Network Ownership Verification. Stang, Jasper; Krauß, Torsten; Dmitrienko, Alexandra; in ArXiv | arXiv:2403.06581 (2024).
  • [ Abstract ]
  • [ BibTeX ]
  • [ URL ]
  • [ Download ]
  • [ BibSonomy-Post ]
  The surge in popularity of machine learning (ML) has driven significant investments in training Deep Neural Networks (DNNs). However, these models that require resource-intensive training are vulnerable to theft and unauthorized use. This paper addresses this challenge by introducing DNNShield, a novel approach for DNN protection that integrates seamlessly before training. DNNShield embeds unique identifiers within the model architecture using specialized protection layers. These layers enable secure training and deployment while offering high resilience against various attacks, including fine-tuning, pruning, and adaptive adversarial attacks. Notably, our approach achieves this security with minimal performance and computational overhead (less than 5% runtime increase). We validate the effectiveness and efficiency of DNNShield through extensive evaluations across three datasets and four model architectures. This practical solution empowers developers to protect their DNNs and intellectual property rights.

  @article{jasper2024dnnshield, abstract = {The surge in popularity of machine learning (ML) has driven significant investments in training Deep Neural Networks (DNNs). However, these models that require resource-intensive training are vulnerable to theft and unauthorized use. This paper addresses this challenge by introducing DNNShield, a novel approach for DNN protection that integrates seamlessly before training. DNNShield embeds unique identifiers within the model architecture using specialized protection layers. These layers enable secure training and deployment while offering high resilience against various attacks, including fine-tuning, pruning, and adaptive adversarial attacks. Notably, our approach achieves this security with minimal performance and computational overhead (less than 5% runtime increase). We validate the effectiveness and efficiency of DNNShield through extensive evaluations across three datasets and four model architectures. This practical solution empowers developers to protect their DNNs and intellectual property rights.}, author = {Stang, Jasper and Krauß, Torsten and Dmitrienko, Alexandra}, journal = {ArXiv | arXiv:2403.06581}, keywords = {sssgroup}, month = {03}, title = {DNNShield: Embedding Identifiers for Deep Neural Network Ownership Verification}, year = 2024 }
• Large-Scale Study of Vulnerability Scanners for Ethereum Smart Contracts. Sendner, Christoph; Petzi, Lukas; Stang, Jasper; Dmitrienko, Alexandra; in To appear in the IEEE Symposium on Security & Privacy (2024).
  • [ BibTeX ]
  • [ BibSonomy-Post ]
  @article{sendner2024largescale, author = {Sendner, Christoph and Petzi, Lukas and Stang, Jasper and Dmitrienko, Alexandra}, journal = {To appear in the IEEE Symposium on Security & Privacy}, keywords = {lukaspetzi}, month = {05}, title = {Large-Scale Study of Vulnerability Scanners for Ethereum Smart Contracts}, year = 2024 }
• PUF-Based Device-to-Device Authentication in IoT without Trusted Intermediaries. Petzi, Lukas; Thesis; Master Thesis. (2024, February).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  The Internet of Things (IoT) signifies a revolutionary shift wherein everyday objects are embedded with sensors, software, and connectivity capabilities, allowing them to communicate and exchange data with other devices and systems across the Internet. As these devices continuously collect and exchange data, and act upon the information received, the authentication of devices within our networks becomes crucial to prevent malicious actors from breaching the network. While sophisticated hardware security architectures like Intel SGX or Trusted Platform Modules are available for more powerful devices like laptops or smartphones, their cost often makes them impractical for the typically budgetsensitive IoT device manufacturers. As a result, IoT devices frequently rely on storing confidential information in non-volatile memory, which, as studies have shown, can be vulnerable to physical attacks thereby compromising device security. Physical Unclonable Functions (PUFs) present a cost-effective solution by generating a unique response, or ”hardware fingerprint,” to a given stimulus (challenge) based on the natural variations in electronic hardware components during manufacturing. This fingerprint, generated on demand and not stored on the device, remains secure against adversaries attempting to access non-volatile memory. Although previous research has demonstrated the utility of PUFs for device authentication, these methods often depend on a trusted verifier storing significant amounts of confidential data, a requirement that limits the ability of low-end IoT devices to act as verifiers and raises the risk of impersonation attacks if the verifier is compromised. In this thesis, we introduce and examine three distinct PUF-based authentication schemes. Each scheme is designed to facilitate secure authentication between two parties that do not trust each other. A key feature of these approaches is their reliance solely on public information, eliminating the need for verifiers to store any sensitive data. This crucial aspect not only removes the storage burden from the verifier but also prevents a potentially malicious verifier from impersonating the provers. The methods developed are (1) ZK-PUF, a system that enables PUF-based authentication using zero-knowledge proofs, (2) PAVOC, which guarantees secure authentication using one-way hash chains, and (3) PAWOS, which uses the concept of cryptographic one-time signatures for authentication. Each strategy is based on different design principles that meet different security and operational requirements. They have been tested on IoT development boards with limited resources and have proven their efficiency even with limited computing power while protecting against non-volatile memory attacks and network-level adversaries.

  @mastersthesis{petzi2024pufbased, abstract = {The Internet of Things (IoT) signifies a revolutionary shift wherein everyday objects are embedded with sensors, software, and connectivity capabilities, allowing them to communicate and exchange data with other devices and systems across the Internet. As these devices continuously collect and exchange data, and act upon the information received, the authentication of devices within our networks becomes crucial to prevent malicious actors from breaching the network. While sophisticated hardware security architectures like Intel SGX or Trusted Platform Modules are available for more powerful devices like laptops or smartphones, their cost often makes them impractical for the typically budgetsensitive IoT device manufacturers. As a result, IoT devices frequently rely on storing confidential information in non-volatile memory, which, as studies have shown, can be vulnerable to physical attacks thereby compromising device security. Physical Unclonable Functions (PUFs) present a cost-effective solution by generating a unique response, or ”hardware fingerprint,” to a given stimulus (challenge) based on the natural variations in electronic hardware components during manufacturing. This fingerprint, generated on demand and not stored on the device, remains secure against adversaries attempting to access non-volatile memory. Although previous research has demonstrated the utility of PUFs for device authentication, these methods often depend on a trusted verifier storing significant amounts of confidential data, a requirement that limits the ability of low-end IoT devices to act as verifiers and raises the risk of impersonation attacks if the verifier is compromised. In this thesis, we introduce and examine three distinct PUF-based authentication schemes. Each scheme is designed to facilitate secure authentication between two parties that do not trust each other. A key feature of these approaches is their reliance solely on public information, eliminating the need for verifiers to store any sensitive data. This crucial aspect not only removes the storage burden from the verifier but also prevents a potentially malicious verifier from impersonating the provers. The methods developed are (1) ZK-PUF, a system that enables PUF-based authentication using zero-knowledge proofs, (2) PAVOC, which guarantees secure authentication using one-way hash chains, and (3) PAWOS, which uses the concept of cryptographic one-time signatures for authentication. Each strategy is based on different design principles that meet different security and operational requirements. They have been tested on IoT development boards with limited resources and have proven their efficiency even with limited computing power while protecting against non-volatile memory attacks and network-level adversaries.}, author = {Petzi, Lukas}, keywords = {lukaspetzi}, month = {02}, publisher = {Master Thesis}, school = {University of Würzburg}, title = {PUF-Based Device-to-Device Authentication in IoT without Trusted Intermediaries}, year = 2024 }

• Gamification of Ethical Hacking Lab. Schraud, Johannes; Thesis; Bachelor Thesis. (2023, February).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Education is an important topic. Increasing the effectiveness and efficiency of conveying knowledge is interesting for schools of all kinds, in the professional world, but also in the private sector. In this paper, we deal with this highly important topic. Thus, we implement a promising approach for improving education called gamification, for the module Ethical Hacking Lab (EHL) of the Secure Software Systems Group of the Julius-Maximilians- University of Wuerzburg. Summarized into one sentence, in this paper we improve the EHL through gamification in the form of a so-called Capture The Flag (CTF) project. Specifically, on the one hand, we develop a CTF framework to provide and administer exercises. The framework also allows the integration of virtual laboratory environments. Furthermore, it contains statistics and various game elements to promote the game char- acteristics and to motivate the participants. On the other hand, we develop virtual laboratory environments for the binary exploitation exercises of the EHL. Hereby, we aim to further motivate and engage the participants by enabling an actual execution of their developed exploits against a virtual target. In addition, our laboratory environments relieve the participants from tedious setup tasks, as well as the tutors of the EHL from the manual correction of the submitted solutions. Furthermore, we integrate all other exercises of the EHL into our CTF framework. We implement this by extracting and integrating various questions about the exercises. By developing and executing detailed test plans, we ultimately ensure proper functionality of the CTF project.

  @mastersthesis{schraud2023gamification, abstract = {Education is an important topic. Increasing the effectiveness and efficiency of conveying knowledge is interesting for schools of all kinds, in the professional world, but also in the private sector. In this paper, we deal with this highly important topic. Thus, we implement a promising approach for improving education called gamification, for the module Ethical Hacking Lab (EHL) of the Secure Software Systems Group of the Julius-Maximilians- University of Wuerzburg. Summarized into one sentence, in this paper we improve the EHL through gamification in the form of a so-called Capture The Flag (CTF) project. Specifically, on the one hand, we develop a CTF framework to provide and administer exercises. The framework also allows the integration of virtual laboratory environments. Furthermore, it contains statistics and various game elements to promote the game char- acteristics and to motivate the participants. On the other hand, we develop virtual laboratory environments for the binary exploitation exercises of the EHL. Hereby, we aim to further motivate and engage the participants by enabling an actual execution of their developed exploits against a virtual target. In addition, our laboratory environments relieve the participants from tedious setup tasks, as well as the tutors of the EHL from the manual correction of the submitted solutions. Furthermore, we integrate all other exercises of the EHL into our CTF framework. We implement this by extracting and integrating various questions about the exercises. By developing and executing detailed test plans, we ultimately ensure proper functionality of the CTF project.}, author = {Schraud, Johannes}, keywords = {sssgroup}, month = {02}, publisher = {Bachelor Thesis}, school = {University of Würzburg}, title = {Gamification of Ethical Hacking Lab}, type = {Bachelor Thesis}, year = 2023 }
• CROSSCON: Interoperable IoT Security Stack - The RISC-V Opportunity. Pinto, Sandro; Breskvar, Matjaz; Gomes, Tiago; Koshutanski, Hristo; Pasic, Aljosa; Krol, Piotr; Amri, Emna; Puron, David; Hornak, Zoltan; Rovieri, Marco; Dmitrienko, Alexandra; Sadeghi, Ahmad-Reza; Crispo, Bruno; in RISC-V Summit Europe, Barcelona (2023).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @conference{sandro2023crosscon, author = {Pinto, Sandro and Breskvar, Matjaz and Gomes, Tiago and Koshutanski, Hristo and Pasic, Aljosa and Krol, Piotr and Amri, Emna and Puron, David and Hornak, Zoltan and Rovieri, Marco and Dmitrienko, Alexandra and Sadeghi, Ahmad-Reza and Crispo, Bruno}, booktitle = {RISC-V Summit Europe, Barcelona}, keywords = {sss-group}, title = {CROSSCON: Interoperable IoT Security Stack - The RISC-V Opportunity}, year = 2023 }
• Ensuring Integrity of NVMe Offloaded Data in Large-Scale Machine Learning. Götz, Raphael; Thesis; Master Thesis. (2023, January).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Machine learning is increasingly used in security-critical domains and therefore has become an attractive target for attackers. In a targeted poisoning attack, the machine learning model is trained to behave normally on benign input, however, when a certain trigger is present in the input, an attacker-chosen misbehavior is triggered. At the same time, neural networks are constantly increasing in size, especially in the natural language processing domain, because more parameters can achieve higher accuracy. In recent years, there have been impressive innovations that have led to networks such as the Megatron-Turing NLG 530B with 530 billion parameters. DeepSpeed is an open-source deep learning optimization library that enables the training of such large networks. One of many innovations it implements is a Non-Volatile Memory Express (NVMe) offload that increases memory efficiency by moving data from expensive GPU and CPU memory to cheap NVMe memory. However, this mechanism opens a potential attack surface that could be exploited to perform poisoning attacks. Therefore, this thesis investigates the security of the NVMe offload mechanism and improves it. To achieve this, first, untargeted poisoning attack scenarios are tested to show that the NVMe offload is actually vulnerable. Then a security extension, able to guarantee the integrity and freshness of the data offloaded to the NVMe is designed and extensively evaluated. During this process, various trade-offs between security and performance impact are carefully considered through the implementation and benchmarking of several different versions of the extension. Based on the experimental results, the security extension is then further improved. Furthermore, this thesis also investigates if multithreading and the use of previously generated hash tables can reduce the performance impact.

  @mastersthesis{gotz2023ensuring, abstract = {Machine learning is increasingly used in security-critical domains and therefore has become an attractive target for attackers. In a targeted poisoning attack, the machine learning model is trained to behave normally on benign input, however, when a certain trigger is present in the input, an attacker-chosen misbehavior is triggered. At the same time, neural networks are constantly increasing in size, especially in the natural language processing domain, because more parameters can achieve higher accuracy. In recent years, there have been impressive innovations that have led to networks such as the Megatron-Turing NLG 530B with 530 billion parameters. DeepSpeed is an open-source deep learning optimization library that enables the training of such large networks. One of many innovations it implements is a Non-Volatile Memory Express (NVMe) offload that increases memory efficiency by moving data from expensive GPU and CPU memory to cheap NVMe memory. However, this mechanism opens a potential attack surface that could be exploited to perform poisoning attacks. Therefore, this thesis investigates the security of the NVMe offload mechanism and improves it. To achieve this, first, untargeted poisoning attack scenarios are tested to show that the NVMe offload is actually vulnerable. Then a security extension, able to guarantee the integrity and freshness of the data offloaded to the NVMe is designed and extensively evaluated. During this process, various trade-offs between security and performance impact are carefully considered through the implementation and benchmarking of several different versions of the extension. Based on the experimental results, the security extension is then further improved. Furthermore, this thesis also investigates if multithreading and the use of previously generated hash tables can reduce the performance impact.}, author = {Götz, Raphael}, keywords = {sssgroup}, month = {01}, publisher = {Master Thesis}, school = {University of Würzburg}, title = {Ensuring Integrity of NVMe Offloaded Data in Large-Scale Machine Learning}, type = {Master Thesis}, year = 2023 }
• Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study. Sendner, Christoph; Petzi, Lukas; Stang, Jasper; Dmitrienko, Alexandra; in ArXiv | arXiv:2312.16533 (2023).
  • [ BibTeX ]
  • [ URL ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @article{sendner2023vulnerability, author = {Sendner, Christoph and Petzi, Lukas and Stang, Jasper and Dmitrienko, Alexandra}, journal = {ArXiv | arXiv:2312.16533}, keywords = {lukaspetzi}, month = 12, title = {Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study}, year = 2023 }
• Constrained Learning for Improved Attack Resilience in Federated Learning. Fella, Tobias; Thesis; Master Thesis. (2023, September).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Federated Learning is an approach to machine learning where several participants train models locally, followed by aggregating these models into a combined model. This ap- proach has several advantages over classic, centralized machine learning, e.g., that the training data does not have to leave the client’s devices. Defenses against poisoning at- tacks on Federated Learning are an area of active research. Most existing approaches detect malicious models by focusing only on the adversarial side. This thesis goes a differ- ent way, by proposing changes to benign training on the client side, which lead to improved detection capabilities of existing defense mechanisms. We do this by constraining certain model characteristics, so-called metrics, in benign learning. This causes the benign models to be more similar to each other within a certain metric that is leveraged by the defense mechanism. The central parts of our research are an evaluation of how to best constrain malicious learning, evaluating, among others, techniques from Multi-Task Learning. We then evaluate the system’s capability of detecting malicious models and other effects it has on the behavior of the Federated Learning environment.

  @mastersthesis{fella2023constrained, abstract = {Federated Learning is an approach to machine learning where several participants train models locally, followed by aggregating these models into a combined model. This ap- proach has several advantages over classic, centralized machine learning, e.g., that the training data does not have to leave the client’s devices. Defenses against poisoning at- tacks on Federated Learning are an area of active research. Most existing approaches detect malicious models by focusing only on the adversarial side. This thesis goes a differ- ent way, by proposing changes to benign training on the client side, which lead to improved detection capabilities of existing defense mechanisms. We do this by constraining certain model characteristics, so-called metrics, in benign learning. This causes the benign models to be more similar to each other within a certain metric that is leveraged by the defense mechanism. The central parts of our research are an evaluation of how to best constrain malicious learning, evaluating, among others, techniques from Multi-Task Learning. We then evaluate the system’s capability of detecting malicious models and other effects it has on the behavior of the Federated Learning environment.}, author = {Fella, Tobias}, institution = {Master Thesis}, keywords = {sssgroup}, month = {09}, publisher = {Master Thesis}, school = {University of Würzburg}, title = {Constrained Learning for Improved Attack Resilience in Federated Learning}, type = {Master Thesis}, year = 2023 }
• Penetration Testing of the eSano Platform. Schumacher, Moritz; Thesis; Bachelor Thesis. (2023, March).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  We performed a penetration test on the eSano eHealth platform. The platform provides internet- and mobile-based interventions for mental health and chronic disease treatment. The primary objective of the pentesting was to enhance the security of the eSano platform, which in turn ensures the protection of sensitive patient data used and stored within it. The scope of the pentesting was one of three sub-platforms of eSano, as well as the API which connects all sub-platforms with the backend database. We employed a combination of OWASP resources and various tools to identify potential attack vectors, and subsequently prioritized them based on their impact, enabling us to concentrate our e↵orts on addressing the most critical vulnerabilities first. During the penetration testing of the eSano platform, we identified several vulnerabilities. These included multiple vulnerabilities with low and medium impact, such as unused endpoints, functionalities, and missing rate limits at certain points. In addition to these lower impact vulnerabilities, we also identified several critical issues. One critical issue involved a clickjacking attack that could trick users into performing unintended actions. We could also query whether an email address was associated with a platform user, which could lead to further attacks. A misconfiguration in the CORS protocol allowed third- party websites to make privileged requests about authenticated users. Finally, we were able to bypass the file extension restrictions and perform successful XSS, SSRF, and DoS attacks on the file upload functionality. This could potentially lead to compromised user data, unauthorized access to sensitive information, and potential denial of service. The findings of the pentesting have been shared with the developers of the eSano project, enabling them to address the identified vulnerabilities. This will make the platform more secure for data belonging to future users.

  @mastersthesis{schumacher2023penetration, abstract = {We performed a penetration test on the eSano eHealth platform. The platform provides internet- and mobile-based interventions for mental health and chronic disease treatment. The primary objective of the pentesting was to enhance the security of the eSano platform, which in turn ensures the protection of sensitive patient data used and stored within it. The scope of the pentesting was one of three sub-platforms of eSano, as well as the API which connects all sub-platforms with the backend database. We employed a combination of OWASP resources and various tools to identify potential attack vectors, and subsequently prioritized them based on their impact, enabling us to concentrate our e↵orts on addressing the most critical vulnerabilities first. During the penetration testing of the eSano platform, we identified several vulnerabilities. These included multiple vulnerabilities with low and medium impact, such as unused endpoints, functionalities, and missing rate limits at certain points. In addition to these lower impact vulnerabilities, we also identified several critical issues. One critical issue involved a clickjacking attack that could trick users into performing unintended actions. We could also query whether an email address was associated with a platform user, which could lead to further attacks. A misconfiguration in the CORS protocol allowed third- party websites to make privileged requests about authenticated users. Finally, we were able to bypass the file extension restrictions and perform successful XSS, SSRF, and DoS attacks on the file upload functionality. This could potentially lead to compromised user data, unauthorized access to sensitive information, and potential denial of service. The findings of the pentesting have been shared with the developers of the eSano project, enabling them to address the identified vulnerabilities. This will make the platform more secure for data belonging to future users.}, author = {Schumacher, Moritz}, keywords = {sssgroup}, month = {03}, publisher = {Bachelor Thesis}, title = {Penetration Testing of the eSano Platform}, type = {Bachelor Thesis}, year = 2023 }
• TorMult: Introducing a Novel Tor Bandwidth Inflation Attack. Sendner, Christoph; Stang, Jasper; Dmitrienko, Alexandra; Wijewickrama, Raveen; Jadliwala, Murtuza; in ArXiv | arXiv.2307.08550 (2023).
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  @article{sendner2023tormult, author = {Sendner, Christoph and Stang, Jasper and Dmitrienko, Alexandra and Wijewickrama, Raveen and Jadliwala, Murtuza}, journal = {ArXiv | arXiv.2307.08550}, keywords = {sss-group}, title = {TorMult: Introducing a Novel Tor Bandwidth Inflation Attack}, year = 2023 }
• Avoid Adversarial Adaption in Federated Learning by Multi-Metric Investigations. Krauß, Torsten; Dmitrienko, Alexandra; in ArXiv | arXiv.2306.03600 (2023).
  • [ BibTeX ]
  • [ URL ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @article{krauss2023avoid, author = {Krauß, Torsten and Dmitrienko, Alexandra}, journal = {ArXiv | arXiv.2306.03600}, keywords = {Machine}, title = {Avoid Adversarial Adaption in Federated Learning by Multi-Metric Investigations}, year = 2023 }
• Adversarial Training in Federated Learning using Constrained Optimization Methods. König, Jan; Thesis; Master Thesis. (2023, May).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Federated Learning (FL) is an approach to machine learning that facilitates the collaborative training of models and allows participants to keep their local and potentially sensitive data private. Due to its decentralized nature, FL is especially vulnerable to certain types of attacks. In a so-called backdoor attack, adversaries submit manipulated updates to the model aggregation process. For adversary-determined inputs, the newly aggregated model will then generate targeted false predictions. A common defense so far has been to measure the deviation between a global model and the model trained by a participant and reject models with a deviation above a certain threshold. Adversaries can counteract by adjusting their training objective in a way that penalizes large deviations. However, this merely encourages and not guarantees that the deviation threshold is not exceeded. As the main contribution, this thesis reformulates the adversarial training objective as a constrained optimization problem, a class of problems well-researched in mathematics that often can be solved by the Augmented Lagrangian Method. This eliminates the dilemma that adversaries face when having to decide between the effectiveness of their backdoor and remaining undetected, as is the case with current methods. A secondary, independent contribution is a scheme to detect FL participants training a hidden objective, such as a backdoor, for linear approximations of non-linear models (Neural Tangent Kernels). Finally, to evaluate the effectiveness of the proposed attack- and defense mechanisms, this thesis evaluates them against several existing state-of-the-art backdoor types (e.g., Semantic backdoor).

  @mastersthesis{jan2023adversarial, abstract = {Federated Learning (FL) is an approach to machine learning that facilitates the collaborative training of models and allows participants to keep their local and potentially sensitive data private. Due to its decentralized nature, FL is especially vulnerable to certain types of attacks. In a so-called backdoor attack, adversaries submit manipulated updates to the model aggregation process. For adversary-determined inputs, the newly aggregated model will then generate targeted false predictions. A common defense so far has been to measure the deviation between a global model and the model trained by a participant and reject models with a deviation above a certain threshold. Adversaries can counteract by adjusting their training objective in a way that penalizes large deviations. However, this merely encourages and not guarantees that the deviation threshold is not exceeded. As the main contribution, this thesis reformulates the adversarial training objective as a constrained optimization problem, a class of problems well-researched in mathematics that often can be solved by the Augmented Lagrangian Method. This eliminates the dilemma that adversaries face when having to decide between the effectiveness of their backdoor and remaining undetected, as is the case with current methods. A secondary, independent contribution is a scheme to detect FL participants training a hidden objective, such as a backdoor, for linear approximations of non-linear models (Neural Tangent Kernels). Finally, to evaluate the effectiveness of the proposed attack- and defense mechanisms, this thesis evaluates them against several existing state-of-the-art backdoor types (e.g., Semantic backdoor).}, author = {König, Jan}, keywords = {sss-group}, month = {05}, publisher = {Master Thesis}, school = {University of Würzburg}, title = {Adversarial Training in Federated Learning using Constrained Optimization Methods}, type = {Master Thesis}, year = 2023 }
• Smarter Contracts: Detecting Vulnerabilities in Smart Contracts with Deep Transfer Learning. Sendner, Christoph; Chen, Huili; Fereidooni, Hossein; Petzi, Lukas; König, Jan; Stang, Jasper; Dmitrienko, Alexandra; Sadeghi, Ahmad-Reza; Koushanfar, Farinaz; in Network and Distributed System Security Symposium (NDSS) (2023).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @article{sendner2023smarter, author = {Sendner, Christoph and Chen, Huili and Fereidooni, Hossein and Petzi, Lukas and König, Jan and Stang, Jasper and Dmitrienko, Alexandra and Sadeghi, Ahmad-Reza and Koushanfar, Farinaz}, journal = {Network and Distributed System Security Symposium (NDSS)}, keywords = {lukaspetzi}, title = {Smarter Contracts: Detecting Vulnerabilities in Smart Contracts with Deep Transfer Learning}, year = 2023 }
• ClearMark: Intuitive and Robust Model Watermarking via Transposed Model Training. Krauß, Torsten; Stang, Jasper; Dmitrienko, Alexandra; in ArXiv | arXiv:2310.16453v1 (2023).
  • [ Abstract ]
  • [ BibTeX ]
  • [ URL ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Due to costly efforts during data acquisition and model training, Deep Neural Networks (DNNs) belong to the intellectual property of the model creator. Hence, unauthorized use, theft, or modification may lead to legal repercussions. Existing DNN watermarking methods for ownership proof are often non-intuitive, embed human-invisible marks, require trust in algorithmic assessment that lacks human-understandable attributes, and rely on rigid thresholds, making it susceptible to failure in cases of partial watermark erasure. This paper introduces ClearMark, the first DNN watermarking method designed for intuitive human assessment. ClearMark embeds visible watermarks, enabling human decision-making without rigid value thresholds while allowing technology-assisted evaluations. ClearMark defines a transposed model architecture allowing to use of the model in a backward fashion to interwove the watermark with the main task within all model parameters. Compared to existing watermarking methods, ClearMark produces visual watermarks that are easy for humans to understand without requiring complex verification algorithms or strict thresholds. The watermark is embedded within all model parameters and entangled with the main task, exhibiting superior robustness. It shows an 8,544-bit watermark capacity comparable to the strongest existing work. Crucially, ClearMark's effectiveness is model and dataset-agnostic, and resilient against adversarial model manipulations, as demonstrated in a comprehensive study performed with four datasets and seven architectures.

  @article{krauss2023clearmark, abstract = {Due to costly efforts during data acquisition and model training, Deep Neural Networks (DNNs) belong to the intellectual property of the model creator. Hence, unauthorized use, theft, or modification may lead to legal repercussions. Existing DNN watermarking methods for ownership proof are often non-intuitive, embed human-invisible marks, require trust in algorithmic assessment that lacks human-understandable attributes, and rely on rigid thresholds, making it susceptible to failure in cases of partial watermark erasure. This paper introduces ClearMark, the first DNN watermarking method designed for intuitive human assessment. ClearMark embeds visible watermarks, enabling human decision-making without rigid value thresholds while allowing technology-assisted evaluations. ClearMark defines a transposed model architecture allowing to use of the model in a backward fashion to interwove the watermark with the main task within all model parameters. Compared to existing watermarking methods, ClearMark produces visual watermarks that are easy for humans to understand without requiring complex verification algorithms or strict thresholds. The watermark is embedded within all model parameters and entangled with the main task, exhibiting superior robustness. It shows an 8,544-bit watermark capacity comparable to the strongest existing work. Crucially, ClearMark's effectiveness is model and dataset-agnostic, and resilient against adversarial model manipulations, as demonstrated in a comprehensive study performed with four datasets and seven architectures.}, author = {Krauß, Torsten and Stang, Jasper and Dmitrienko, Alexandra}, journal = {ArXiv | arXiv:2310.16453v1}, keywords = {sss-group}, month = 10, title = {ClearMark: Intuitive and Robust Model Watermarking via Transposed Model Training}, year = 2023 }
• MESAS: Poisoning Defense for Federated Learning Resilient against Adaptive Attackers. Torsten, Krauß; Alexandra, Dmitrienko; in ACM Conference on Computer and Communications Security (CCS) (2023).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @article{torsten2023mesas, author = {Torsten, Krauß and Alexandra, Dmitrienko}, journal = {ACM Conference on Computer and Communications Security (CCS)}, keywords = {sss-group}, title = {MESAS: Poisoning Defense for Federated Learning Resilient against Adaptive Attackers}, year = 2023 }
• Penetration Testing of the eSano Platform with the focus on Patient and eCoach components. Nolte, Alexander; Thesis; Bachelor Thesis. (2023, July).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  With the increasing digitization of healthcare and the growing demand for remote medical services, electronic health (electronic Health (eHealth)) platforms play a crucial role in facilitating doctor-patient communication and providing therapeutic support. However, ensuring the security and privacy of patient data on these platforms is of utmost importance. This thesis focuses on the penetration testing of the eSano platform, specifically targeting its Patient and eCoach components. The objective of the penetration testing is to assess the security posture of the eSano platform and identify potential vulnerabilities that could compromise the confidentiality, integrity, and availability of patient data. The testing follows a structured approach, incorporating the guidelines provided by the Open Web Application Security Project (OWASP). The identified vulnerabilities were mapped to the corresponding Common Weakness Enumeration (CWE) identifiers, providing a standardized framework for reporting and analysis. Throughout the penetration testing process, several critical vulnerabilities were discovered, including vulnerable file upload functionality, unprotected Application programming interface (API) endpoints, refreshment of expired authentication tokens, clickjacking vulnerabilities, user enumeration issues, email security vulnerabilities, and Comma Seperated Values (CSV) injection vulnerabilities. These vulnerabilities pose a substantial risk to the security and privacy of patient data, as they could allow unauthorized access, data manipulation, and the spread of malicious software. The results of the penetration testing underscore the critical need for robust security measures in eHealth platforms. By addressing the identified vulnerabilities and implementing the recommended security controls, based on the guidelines provided by OWASP and the corresponding CWE mappings, the eSano platform can enhance its security posture and protect sensitive patient information. The penetration testing report provided in this thesis serves as a valuable resource for the eSano developers, offering detailed insights into the vulnerabilities and recommendations for their remediation.

  @mastersthesis{nolte2023penetration, abstract = {With the increasing digitization of healthcare and the growing demand for remote medical services, electronic health (electronic Health (eHealth)) platforms play a crucial role in facilitating doctor-patient communication and providing therapeutic support. However, ensuring the security and privacy of patient data on these platforms is of utmost importance. This thesis focuses on the penetration testing of the eSano platform, specifically targeting its Patient and eCoach components. The objective of the penetration testing is to assess the security posture of the eSano platform and identify potential vulnerabilities that could compromise the confidentiality, integrity, and availability of patient data. The testing follows a structured approach, incorporating the guidelines provided by the Open Web Application Security Project (OWASP). The identified vulnerabilities were mapped to the corresponding Common Weakness Enumeration (CWE) identifiers, providing a standardized framework for reporting and analysis. Throughout the penetration testing process, several critical vulnerabilities were discovered, including vulnerable file upload functionality, unprotected Application programming interface (API) endpoints, refreshment of expired authentication tokens, clickjacking vulnerabilities, user enumeration issues, email security vulnerabilities, and Comma Seperated Values (CSV) injection vulnerabilities. These vulnerabilities pose a substantial risk to the security and privacy of patient data, as they could allow unauthorized access, data manipulation, and the spread of malicious software. The results of the penetration testing underscore the critical need for robust security measures in eHealth platforms. By addressing the identified vulnerabilities and implementing the recommended security controls, based on the guidelines provided by OWASP and the corresponding CWE mappings, the eSano platform can enhance its security posture and protect sensitive patient information. The penetration testing report provided in this thesis serves as a valuable resource for the eSano developers, offering detailed insights into the vulnerabilities and recommendations for their remediation.}, author = {Nolte, Alexander}, keywords = {sssgroup}, month = {07}, publisher = {Bachelor Thesis}, school = {University of Würzburg}, title = {Penetration Testing of the eSano Platform with the focus on Patient and eCoach components}, type = {Bachelor Thesis}, year = 2023 }
• Metadata-based Malware Detection on Android using Machine Learning. Hefter, Alexander; Sendner, Christoph; Dmitrienko, Alexandra; in ArXiv | arXiv.2307.08547 (2023).
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  @article{noauthororeditormetadatabased, author = {Hefter, Alexander and Sendner, Christoph and Dmitrienko, Alexandra}, journal = {ArXiv | arXiv.2307.08547}, keywords = {sss-group}, title = {Metadata-based Malware Detection on Android using Machine Learning}, year = 2023 }
• Email Discovery in Modern Applications. Pastukh, Andrii; Thesis; Bachelor Thesis. (2023, July).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Email Discovery and Contact Discovery are processes that allow a user to find out which contacts from his phone book are using the same service. In the first case, the email address is used as an identifier, and in the second, the phone number. However, these processes come with privacy vulnerabilities that need to be addressed. One significant vulnerability is the potential for uploading all contacts and data of individuals who have not explicitly given permission for their information to be shared. When a user grants access to their phone book or contact list to a service, the people listed in their contacts have not necessarily consented to their data being uploaded to the server. This problem opens up the possibility of unauthorized access to sensitive data by third parties or even employees of the service provider. Data leaks and server attacks are also potential risks. Additionally, enumeration and crawling attacks pose threats by exploiting the ability to access data from a user’s phone book during the Email or Contact Discovery process. The danger of crawling attacks lies in the fact that they can be carried out without requiring special equipment or in-depth knowledge of the process for each specific service. As shown in the previous work, almost all modern instant messengers that use Contact Discovery are vulnerable to such crawling attacks. The purpose of our work is to study the possibility of carrying out crawling attacks on services that use an email address as an identifier, i.e., applications using Email Discovery. We consider instant messengers, job search applications, as well as gaming platforms and other applications. Our work shows that there are three applications using Email Discovery that turned out to be vulnerable to such crawling attacks: Xing, LinkedIn, and Google Contacts. To do this, we generate millions of email addresses that are then uploaded to the services to get information about whether the user is registered and to discover what data we can get with this information. The attacks carried out manually on the LinkedIn and Xing services proved to be ineffective primarily due to the implementation of Rate Limits. These limits restrict the number of requests allowed within a specific time frame, thereby hindering the success of our attacks. Additionally, the inclusion of user IP Address verification further contributed to the inability to extract user data successfully. As a result, the outcome of our attacks yielded insufficient results in terms of accessing and retrieving user data. The attack on the Google Contacts application shows the most devastating results. We develop a crawler, which allowed us to carry out a major crawling attack on this application. As a result, we are able to check 3046656 generated contacts. We also find that there are no Rate Limits enforced by Google to prevent such attacks. Thus, we show that, using a regular user PC, it is possible to carry out a crawling attack and find out such personal data of users as first name, last name, photo, links to other social networks, as well as online status. Furthermore, we analyze existing methods for protecting the Email Discovery process and propose privacy enhancements for the Google Contacts service.

  @mastersthesis{pastukh2023email, abstract = {Email Discovery and Contact Discovery are processes that allow a user to find out which contacts from his phone book are using the same service. In the first case, the email address is used as an identifier, and in the second, the phone number. However, these processes come with privacy vulnerabilities that need to be addressed. One significant vulnerability is the potential for uploading all contacts and data of individuals who have not explicitly given permission for their information to be shared. When a user grants access to their phone book or contact list to a service, the people listed in their contacts have not necessarily consented to their data being uploaded to the server. This problem opens up the possibility of unauthorized access to sensitive data by third parties or even employees of the service provider. Data leaks and server attacks are also potential risks. Additionally, enumeration and crawling attacks pose threats by exploiting the ability to access data from a user’s phone book during the Email or Contact Discovery process. The danger of crawling attacks lies in the fact that they can be carried out without requiring special equipment or in-depth knowledge of the process for each specific service. As shown in the previous work, almost all modern instant messengers that use Contact Discovery are vulnerable to such crawling attacks. The purpose of our work is to study the possibility of carrying out crawling attacks on services that use an email address as an identifier, i.e., applications using Email Discovery. We consider instant messengers, job search applications, as well as gaming platforms and other applications. Our work shows that there are three applications using Email Discovery that turned out to be vulnerable to such crawling attacks: Xing, LinkedIn, and Google Contacts. To do this, we generate millions of email addresses that are then uploaded to the services to get information about whether the user is registered and to discover what data we can get with this information. The attacks carried out manually on the LinkedIn and Xing services proved to be ineffective primarily due to the implementation of Rate Limits. These limits restrict the number of requests allowed within a specific time frame, thereby hindering the success of our attacks. Additionally, the inclusion of user IP Address verification further contributed to the inability to extract user data successfully. As a result, the outcome of our attacks yielded insufficient results in terms of accessing and retrieving user data. The attack on the Google Contacts application shows the most devastating results. We develop a crawler, which allowed us to carry out a major crawling attack on this application. As a result, we are able to check 3046656 generated contacts. We also find that there are no Rate Limits enforced by Google to prevent such attacks. Thus, we show that, using a regular user PC, it is possible to carry out a crawling attack and find out such personal data of users as first name, last name, photo, links to other social networks, as well as online status. Furthermore, we analyze existing methods for protecting the Email Discovery process and propose privacy enhancements for the Google Contacts service.}, author = {Pastukh, Andrii}, keywords = {sssgroup}, month = {07}, publisher = {Bachelor Thesis}, school = {University of Würzburg}, title = {Email Discovery in Modern Applications}, type = {Bachelor Thesis}, year = 2023 }
• AuthentiSense: A Scalable Behavioral Biometrics Authentication Scheme using Few-Shot Learning for Mobile Platforms. Fereidooni, Hossein; König, Jan; Rieger, Philipp; Chilese, Markus; Finke, Moritz; Goekbakan, Bora; Dmitrienko, Alexandra; Sadeghi, Ahmad-Reza; in Network and Distributed System Security Symposium (NDSS) (2023).
  • [ BibTeX ]
  • [ BibSonomy-Post ]
  @article{hossein2023authentisense, author = {Fereidooni, Hossein and König, Jan and Rieger, Philipp and Chilese, Markus and Finke, Moritz and Goekbakan, Bora and Dmitrienko, Alexandra and Sadeghi, Ahmad-Reza}, journal = {Network and Distributed System Security Symposium (NDSS)}, keywords = {moritzfinke}, title = {AuthentiSense: A Scalable Behavioral Biometrics Authentication Scheme using Few-Shot Learning for Mobile Platforms}, year = 2023 }
• Sybil Attack in Tor - Shedding Light to the Diversity Problem in Tor. Schreider, Dominik; Thesis; Bachelor Thesis. (2023, August).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Tor is the most widely used anonymity communication network, which relies on voluntarily operated servers called relays to direct user traffic through its network. With an estimated daily user base of around 2 million, Tor stands as a widely adopted platform. However, the Tor network faces a significant challenge known as the ”Diversity Problem”, arising from a concentration of power, manifested through the trust and dependence placed upon a few dominant operators controlling a substantial portion of the network. For the analysis of this matter, we developed an Analysis Tool to aggregate and analyze Tor data. The Sybil attack within the Tor network includes two scenarios. (I) The attacker in- troduces additional relays into the network to increase their control and influence. The adversary’s objective in this scenario is to monitor a significant portion of the network traffic within Tor. (II) The attacker intentionally avoids associating the relays they man- age under a single entity, which is the typical practice expected from relay operators. As a result of this, they could potentially acquire advantageous visibility to observe connec- tions established via Tor by strategically placing their relays in critical positions of the circuit. Particularly concerning is the attacker’s capability to easily add relays to the Tor network and refrain from declaring relay ownership. The potential privacy risks for users emerge from both attack scenarios, with the combined effect being particularly concern- ing. Within this thesis, we extensively explore the Sybil attack to gain a comprehensive understanding of the factors that impact its effectiveness and how this attack affects the ”Diversity Problem”. By conducting a thorough analysis of the Sybil attack, we pinpoint the primary factors that shape its effectiveness. Moreover, we carry out simulations of the Sybil attack. An attacker who controls 100 Gbit/s of bandwidth could achieve up to a 40% likelihood of monitoring the exiting traffic or a 20% likelihood of observing incoming traffic within the Tor network. This capacity enables the attacker to potentially de-anonymize user connec- tions. We provide a proof of concept for the Sybil attack, critically analyzing the impact the attack can have on the Tor network. The rationale behind emphasizing this analysis is rooted in the absence of prior investigations into the Sybil attack’s effectiveness within the Tor ecosystem. Understanding the intricacies of the attack is essential to fortify Tor’s se- curity and preserve its mission of providing privacy and anonymity to its diverse user base. Furthermore, our aim extends to cultivating awareness among researchers and Tor users regarding the far-reaching implications of the ”Diversity Problem”, which subsequently affects the reliance and trust on a limited number of dominant entities.

  @mastersthesis{schreider2023sybil, abstract = {Tor is the most widely used anonymity communication network, which relies on voluntarily operated servers called relays to direct user traffic through its network. With an estimated daily user base of around 2 million, Tor stands as a widely adopted platform. However, the Tor network faces a significant challenge known as the ”Diversity Problem”, arising from a concentration of power, manifested through the trust and dependence placed upon a few dominant operators controlling a substantial portion of the network. For the analysis of this matter, we developed an Analysis Tool to aggregate and analyze Tor data. The Sybil attack within the Tor network includes two scenarios. (I) The attacker in- troduces additional relays into the network to increase their control and influence. The adversary’s objective in this scenario is to monitor a significant portion of the network traffic within Tor. (II) The attacker intentionally avoids associating the relays they man- age under a single entity, which is the typical practice expected from relay operators. As a result of this, they could potentially acquire advantageous visibility to observe connec- tions established via Tor by strategically placing their relays in critical positions of the circuit. Particularly concerning is the attacker’s capability to easily add relays to the Tor network and refrain from declaring relay ownership. The potential privacy risks for users emerge from both attack scenarios, with the combined effect being particularly concern- ing. Within this thesis, we extensively explore the Sybil attack to gain a comprehensive understanding of the factors that impact its effectiveness and how this attack affects the ”Diversity Problem”. By conducting a thorough analysis of the Sybil attack, we pinpoint the primary factors that shape its effectiveness. Moreover, we carry out simulations of the Sybil attack. An attacker who controls 100 Gbit/s of bandwidth could achieve up to a 40% likelihood of monitoring the exiting traffic or a 20% likelihood of observing incoming traffic within the Tor network. This capacity enables the attacker to potentially de-anonymize user connec- tions. We provide a proof of concept for the Sybil attack, critically analyzing the impact the attack can have on the Tor network. The rationale behind emphasizing this analysis is rooted in the absence of prior investigations into the Sybil attack’s effectiveness within the Tor ecosystem. Understanding the intricacies of the attack is essential to fortify Tor’s se- curity and preserve its mission of providing privacy and anonymity to its diverse user base. Furthermore, our aim extends to cultivating awareness among researchers and Tor users regarding the far-reaching implications of the ”Diversity Problem”, which subsequently affects the reliance and trust on a limited number of dominant entities.}, author = {Schreider, Dominik}, keywords = {sssgroup}, month = {08}, publisher = {Bachelor Thesis}, school = {University of Würzburg}, title = {Sybil Attack in Tor - Shedding Light to the Diversity Problem in Tor}, type = {Bachelor Thesis}, year = 2023 }
• G-Scan: Graph Neural Networks for Line-Level Vulnerability Identification in Smart Contracts. Sendner, Christoph; Zhang, Ruisi; Hefter, Alexander; Dmitrienko, Alexandra; Koushanfar, Farinaz; in arXiv:2307.08549 (2023).
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  @article{sendner2023gscan, author = {Sendner, Christoph and Zhang, Ruisi and Hefter, Alexander and Dmitrienko, Alexandra and Koushanfar, Farinaz}, journal = {arXiv:2307.08549}, keywords = {sss-group}, title = {G-Scan: Graph Neural Networks for Line-Level Vulnerability Identification in Smart Contracts}, year = 2023 }
• Security of NVMe Offloaded Data in Large-Scale Machine Learning. Krauß, Torsten; Götz, Raphael; Dmitrienko, Alexandra; in European Symposium on Research in Computer Security (ESORICS) (2023).
  • [ BibTeX ]
  • [ URL ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @article{krauss2024security, author = {Krauß, Torsten and Götz, Raphael and Dmitrienko, Alexandra}, journal = {European Symposium on Research in Computer Security (ESORICS)}, keywords = {Private_AI}, title = {Security of NVMe Offloaded Data in Large-Scale Machine Learning}, year = 2023 }
• Vulnerability Assessment of Smart Contracts using Explainable AI Methods. Hefter, Alexander; Thesis; Master Thesis. (2023, January).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Smart contracts are small computer programs stored on a blockchain and play an im- portant role in many cryptocurrencies, such as Ethereum. The code of a smart contract represents a sort of digital agreement between its users. However, like all computer pro- grams, smart contracts possibly contain security vulnerabilities an attacker can exploit to achieve goals beyond the original intent of the contract. Therefore, tools have been developed to identify smart contracts with vulnerabilities at source code or bytecode level. Some of these detection methods make use of deep neural networks, a machine learning technique. However, these methods only indicate whether a smart contract contains a certain vulnerability or not, but a programmer is also interested in its location in the code. The main problem is here that it is not obvious which parts of the source code are responsible for the prediction result of a neural network. This work describes two methods that determine whether a smart contract is vulnerable and find the locations of the vulnerabilities in the source code. Both methods are built on graph neural networks and, therefore, convert source code files into contract graphs. The first method identifies vulnerable contract graphs by graph classification. The vulnerability positions are figured out with an explainer, a program that determines the parts of the input graph that are responsible for the graph classification result. The second method is based on node classification. This method requires a dataset of source codes where the exact vulnerability positions are given by line numbers. Therefore, a dataset regarding the reentrancy vulnerability has been labeled by hand for this thesis. Both methods are tested and evaluated on this dataset. Although the first method reliably detects vulnerable contracts with a f1-score of up to 97.12%, the f1-score for locating the vulnerabilities does not exceed 9.0%. However, the second method determines vulnerable contracts with a f1-score of up to 93.02% and figures out the positions of the vulnerabilities with a f1-score of up to 93.69%. Moreover, the second method analyzes source codes in less than three seconds. Both methods can handle contract source codes of any lengths. The output of the analysis is in both cases given by the line numbers that contain the vulnerabilities.

  @mastersthesis{hefter2023vulnerability, abstract = {Smart contracts are small computer programs stored on a blockchain and play an im- portant role in many cryptocurrencies, such as Ethereum. The code of a smart contract represents a sort of digital agreement between its users. However, like all computer pro- grams, smart contracts possibly contain security vulnerabilities an attacker can exploit to achieve goals beyond the original intent of the contract. Therefore, tools have been developed to identify smart contracts with vulnerabilities at source code or bytecode level. Some of these detection methods make use of deep neural networks, a machine learning technique. However, these methods only indicate whether a smart contract contains a certain vulnerability or not, but a programmer is also interested in its location in the code. The main problem is here that it is not obvious which parts of the source code are responsible for the prediction result of a neural network. This work describes two methods that determine whether a smart contract is vulnerable and find the locations of the vulnerabilities in the source code. Both methods are built on graph neural networks and, therefore, convert source code files into contract graphs. The first method identifies vulnerable contract graphs by graph classification. The vulnerability positions are figured out with an explainer, a program that determines the parts of the input graph that are responsible for the graph classification result. The second method is based on node classification. This method requires a dataset of source codes where the exact vulnerability positions are given by line numbers. Therefore, a dataset regarding the reentrancy vulnerability has been labeled by hand for this thesis. Both methods are tested and evaluated on this dataset. Although the first method reliably detects vulnerable contracts with a f1-score of up to 97.12%, the f1-score for locating the vulnerabilities does not exceed 9.0%. However, the second method determines vulnerable contracts with a f1-score of up to 93.02% and figures out the positions of the vulnerabilities with a f1-score of up to 93.69%. Moreover, the second method analyzes source codes in less than three seconds. Both methods can handle contract source codes of any lengths. The output of the analysis is in both cases given by the line numbers that contain the vulnerabilities.}, author = {Hefter, Alexander}, keywords = {sss-group}, month = {01}, publisher = {Master Thesis}, school = {University of Würzburg}, title = {Vulnerability Assessment of Smart Contracts using Explainable AI Methods}, type = {Master Thesis}, year = 2023 }

• Contact Discovery in Mobile Messengers: Low-cost Attacks, Quantitative Analyses, and Efficient Mitigations. Hagen, Christoph; Weinert, Christian; Sendner, Christoph; Dmitrienko, Alexandra; Schneider, Thomas; in ACM Transactions on Privacy and Security (TOPS) (2022).
  • [ Abstract ]
  • [ BibTeX ]
  • [ BibSonomy-Post ]
  Contact discovery allows users of mobile messengers to conveniently connect with people in their address book. In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods and propose suitable mitigations. Our study of three popular messengers (WhatsApp, Signal, and Telegram) shows that large-scale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we queried 10% of US mobile phone numbers for WhatsApp and 100% for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service. We present interesting (cross-messenger) usage statistics, which also reveal that very few users change the default privacy settings. Furthermore, we demonstrate that currently deployed hashing-based contact discovery protocols are severely broken by comparing three methods for efficient hash reversal. Most notably, we show that with the password cracking tool “JTR” we can iterate through the entire world-wide mobile phone number space in < 150s on a consumer-grade GPU. We also propose a significantly improved rainbow table construction for non-uniformly distributed input domains that is of independent interest. Regarding mitigations, we most notably propose two novel rate-limiting schemes: our incremental contact discovery for services without server-side contact storage strictly improves over Signal’s current approach while being compatible with private set intersection, whereas our differential scheme allows even stricter rate limits at the overhead for service providers to store a small constant-size state that does not reveal any contact information.

  @article{hagen2022contact, abstract = {Contact discovery allows users of mobile messengers to conveniently connect with people in their address book. In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods and propose suitable mitigations. Our study of three popular messengers (WhatsApp, Signal, and Telegram) shows that large-scale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we queried 10% of US mobile phone numbers for WhatsApp and 100% for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service. We present interesting (cross-messenger) usage statistics, which also reveal that very few users change the default privacy settings. Furthermore, we demonstrate that currently deployed hashing-based contact discovery protocols are severely broken by comparing three methods for efficient hash reversal. Most notably, we show that with the password cracking tool “JTR” we can iterate through the entire world-wide mobile phone number space in < 150s on a consumer-grade GPU. We also propose a significantly improved rainbow table construction for non-uniformly distributed input domains that is of independent interest. Regarding mitigations, we most notably propose two novel rate-limiting schemes: our incremental contact discovery for services without server-side contact storage strictly improves over Signal’s current approach while being compatible with private set intersection, whereas our differential scheme allows even stricter rate limits at the overhead for service providers to store a small constant-size state that does not reveal any contact information.}, author = {Hagen, Christoph and Weinert, Christian and Sendner, Christoph and Dmitrienko, Alexandra and Schneider, Thomas}, journal = {ACM Transactions on Privacy and Security (TOPS)}, keywords = {security}, title = {Contact Discovery in Mobile Messengers: Low-cost Attacks, Quantitative Analyses, and Efficient Mitigations}, year = 2022 }
• Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges. Thien Duc, Nguyen; Markus, Miettinen; Alexandra, Dmitrienko; Ahmad-Reza, Sadeghi; Ivan, Visconti; in Cryptology ePrint Archive (2022).
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  @article{thienduc2022digital, author = {Thien Duc, Nguyen and Markus, Miettinen and Alexandra, Dmitrienko and Ahmad-Reza, Sadeghi and Ivan, Visconti}, journal = {Cryptology ePrint Archive}, keywords = {TraceCORONA}, month = 10, title = {Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges}, year = 2022 }
• Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges. Thien Duc, Nguyen; Markus, Miettinen; Alexandra, Dmitrienko; Ahmad-Reza, Sadeghi; Ivan, Visconti; in IEEE Transactions on Emerging Topics in Computing (2022).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @article{thienduc2022digital, author = {Thien Duc, Nguyen and Markus, Miettinen and Alexandra, Dmitrienko and Ahmad-Reza, Sadeghi and Ivan, Visconti}, journal = {IEEE Transactions on Emerging Topics in Computing}, keywords = {TraceCORONA}, month = 10, title = {Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges.}, year = 2022 }
• FedCRI: Federated Mobile Cyber-Risk Intelligence. Fereidooni, Hossein; Dmitrienko, Alexandra; Madlener, Felix; Rieger, Phillip; Miettinen, Markus; Sadeghi, Ahmad-Reza; in The Network and Distributed System Security Symposium (NDSS) (2022).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @inproceedings{fereidooni2022fedcri, author = {Fereidooni, Hossein and Dmitrienko, Alexandra and Madlener, Felix and Rieger, Phillip and Miettinen, Markus and Sadeghi, Ahmad-Reza}, booktitle = {The Network and Distributed System Security Symposium (NDSS)}, keywords = {security}, title = {FedCRI: Federated Mobile Cyber-Risk Intelligence}, year = 2022 }
• Contact Discovery in Mobile Messengers: Low-cost Attacks, Quantitative Analyses, and Efficient Mitigations. Hagen, Christoph; Weinert, Christian; Sendner, Christoph; Dmitrienko, Alexandra; Schneider, Thomas; in Cryptology ePrint Archive, Report 2022/875 (2022). (2022/875)
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  @article{hagen2022contact, author = {Hagen, Christoph and Weinert, Christian and Sendner, Christoph and Dmitrienko, Alexandra and Schneider, Thomas}, journal = {Cryptology ePrint Archive, Report 2022/875}, keywords = {security}, number = {2022/875}, publisher = {Cryptology ePrint}, title = {Contact Discovery in Mobile Messengers: Low-cost Attacks, Quantitative Analyses, and Efficient Mitigations}, year = 2022 }
• Ransomware Detection in Databases through Dynamic Analysis of Query Sequences. Sendner, Christoph; Iffländer, Lukas; Schindler, Sebastian; Jobst, Michael; Dmitrienko, Alexandra; Kounev, Samuel; in IEEE Conference on Communications and Network Security (CNS) (2022).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @conference{sendner2022ransomware, author = {Sendner, Christoph and Iffländer, Lukas and Schindler, Sebastian and Jobst, Michael and Dmitrienko, Alexandra and Kounev, Samuel}, booktitle = {IEEE Conference on Communications and Network Security (CNS)}, keywords = {ransomware}, title = {Ransomware Detection in Databases through Dynamic Analysis of Query Sequences}, year = 2022 }
• SCRAPS: Scalable Collective Remote Attestation for Pub-Sub IoT Networks with Untrusted Proxy Verifier Petzi, Lukas; Ben Yahya, Ala Eddine; Dmitrienko, Alexandra; Tsudik, Gene; Prantl, Thomas; Kounev, Samuel; (2022). (Vol. USENIX Security ’22)

  Coming Soon
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Remote Attestation (RA) is a basic security mechanism that detects malicious presence on various types of computing components, e.g., IoT devices. In a typical IoT setting, RA involves a trusted Verifier that sends a challenge to an untrusted remote Prover, which must in turn reply with a fresh and authentic evidence of being in a trustworthy state. However,most current RA schemes assume a central Verifier, which rep-resents a single point of failure. This feature is problematic when mutually suspicious stakeholders are involved. Furthermore, scalability issues arise as the number of IoT devices (Provers) grows. Although some RA schemes allow peer Provers to act as Verifiers, they involve unrealistic (for IoT devices) requirements, such as time synchronization and synchronous communication. Moreover, they incur heavy memory, computation,and communication burdens, while not considering sleeping or otherwise disconnected devices. Motivated by the need to address these limitations, we construct Scalable Collective Remote Attestation for Pub-Sub (SCRAPS), a novel collective RA scheme. It achieves scalability by outsourcing Verifier duties to a smart contract and mitigates DoS attacks against both Provers and Verifiers. It also removes the need for synchronous communication. Furthermore,RA evidence in SCRAPS is publicly verifiable, which significantly reduces the number of attestation evidence computations, thus lowering Prover burden. We report on a prototype of SCRAPS over Hyperledger Sawtooth (a blockchain geared for IoT use-cases) and evaluate its performance, scalability, and security aspects.

  @proceedings{petzi2022scraps, abstract = {Remote Attestation (RA) is a basic security mechanism that detects malicious presence on various types of computing components, e.g., IoT devices. In a typical IoT setting, RA involves a trusted Verifier that sends a challenge to an untrusted remote Prover, which must in turn reply with a fresh and authentic evidence of being in a trustworthy state. However,most current RA schemes assume a central Verifier, which rep-resents a single point of failure. This feature is problematic when mutually suspicious stakeholders are involved. Furthermore, scalability issues arise as the number of IoT devices (Provers) grows. Although some RA schemes allow peer Provers to act as Verifiers, they involve unrealistic (for IoT devices) requirements, such as time synchronization and synchronous communication. Moreover, they incur heavy memory, computation,and communication burdens, while not considering sleeping or otherwise disconnected devices. Motivated by the need to address these limitations, we construct Scalable Collective Remote Attestation for Pub-Sub (SCRAPS), a novel collective RA scheme. It achieves scalability by outsourcing Verifier duties to a smart contract and mitigates DoS attacks against both Provers and Verifiers. It also removes the need for synchronous communication. Furthermore,RA evidence in SCRAPS is publicly verifiable, which significantly reduces the number of attestation evidence computations, thus lowering Prover burden. We report on a prototype of SCRAPS over Hyperledger Sawtooth (a blockchain geared for IoT use-cases) and evaluate its performance, scalability, and security aspects.}, author = {Petzi, Lukas and Ben Yahya, Ala Eddine and Dmitrienko, Alexandra and Tsudik, Gene and Prantl, Thomas and Kounev, Samuel}, keywords = {sss-group}, note = {Coming Soon}, title = {SCRAPS: Scalable Collective Remote Attestation for Pub-Sub IoT Networks with Untrusted Proxy Verifier}, volume = {USENIX Security '22}, year = 2022 }
• Towards a Cryptography Benchmark: A View on Attribute Based Encryption Schemes. Prantl, Thomas; Zeck, Timo; Iffländer, Lukas; Beierlieb, Lukas; Dmitrenko, Alexandra; Krupitzer, Christian; Kounev, Samuel; in 2022 5th Conference on Cloud and Internet of Things (CIoT) (2022).
  • [ BibTeX ]
  • [ BibSonomy-Post ]
  @inproceedings{PrZeIfBeDmKrKo2022-CIoT-ABEBenchmark, author = {Prantl, Thomas and Zeck, Timo and Iffländer, Lukas and Beierlieb, Lukas and Dmitrenko, Alexandra and Krupitzer, Christian and Kounev, Samuel}, booktitle = {2022 5th Conference on Cloud and Internet of Things (CIoT)}, keywords = {sss-group}, organization = {IEEE}, title = {Towards a Cryptography Benchmark: A View on Attribute Based Encryption Schemes}, year = 2022 }
• An Experience Report on the Suitability of a Distributed Group Encryption Scheme for an IoT Use Case. Prantl, Thomas; Engel, Simon; Bauer, Andre; Ben Yahya, Ala Eddine; Herrnleben, Stefan; Iffländer, Lukas; Dmitrienko, Alexandra; Kounev, Samuel; in IEEE 95th Vehicular Technology Conference (VTC) (2022).
  • [ BibTeX ]
  • [ BibSonomy-Post ]
  @inproceedings{PrEnBaAlHeIfDmKo2022-IoT/CPS-DistributedGroupEncryption, author = {Prantl, Thomas and Engel, Simon and Bauer, Andre and Ben Yahya, Ala Eddine and Herrnleben, Stefan and Iffländer, Lukas and Dmitrienko, Alexandra and Kounev, Samuel}, booktitle = {IEEE 95th Vehicular Technology Conference (VTC)}, keywords = {IoT}, organization = {IEEE}, title = {An Experience Report on the Suitability of a Distributed Group Encryption Scheme for an IoT Use Case}, year = 2022 }
• A Survey on Secure Group Communication Schemes with Focus on IoT Communication. Prantl, Thomas; Zeck, Timo; Bauer, André; Ten, Peter; Prantl, Dominik; Ben Yahya, Ala Eddine; Iffländer, Lukas; Dmitrienko, Alexandra; Krupitzer, Christian; Kounev, Samuel; in IEEE Access (2022).
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  @article{PrZeBaTePrYaIfDmKrKo_IEEEAccess_SGCSurvey, author = {Prantl, Thomas and Zeck, Timo and Bauer, André and Ten, Peter and Prantl, Dominik and Ben Yahya, Ala Eddine and Iffländer, Lukas and Dmitrienko, Alexandra and Krupitzer, Christian and Kounev, Samuel}, journal = {IEEE Access}, keywords = {sssgroup}, publisher = {IEEE}, title = {A Survey on Secure Group Communication Schemes with Focus on IoT Communication}, year = 2022 }
• Digital contact Tracing solutions: Promises, Pitfalls and Challenges. Thien Duc, Nguyen; Markus, Miettinen; Alexandra, Dmitrienko; Ahmad-Reza, Sadeghi; Ivan, Visconti; in ArXiv I arXiv 2202.06698v2 (October 2022) (2022).
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  @article{thienduc2022digital, author = {Thien Duc, Nguyen and Markus, Miettinen and Alexandra, Dmitrienko and Ahmad-Reza, Sadeghi and Ivan, Visconti}, journal = {ArXiv I arXiv 2202.06698v2 (October 2022)}, keywords = {TraceCORONA}, month = 10, title = {Digital contact Tracing solutions: Promises, Pitfalls and Challenges.}, year = 2022 }
• Close the Gate: Detecting Backdoored Models in Federated Learning based on Client-Side Deep Layer Output Analysis. Rieger, Phillip; Krauß, Torsten; Miettinen, Markus; Dmitrienko, Alexandra; Sadeghi, Ahmad-Reza; in ArXiv | arXiv:2210.07714 (2022).
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  @article{https://doi.org/10.48550/arxiv.2210.07714, author = {Rieger, Phillip and Krauß, Torsten and Miettinen, Markus and Dmitrienko, Alexandra and Sadeghi, Ahmad-Reza}, journal = {ArXiv | arXiv:2210.07714}, keywords = {Private_AI}, publisher = {arXiv}, title = {Close the Gate: Detecting Backdoored Models in Federated Learning based on Client-Side Deep Layer Output Analysis}, year = 2022 }
• SCRAPS: Scalable Collective Remote Attestation for Pub-Sub IoT Networks with Untrusted Proxy Verifier. Petzi, Lukas; Ben Yahya, Ala Eddine; Dmitrienko, Alexandra; Tsudik, Gene; Prantl, Thomas; Kounev, Samuel; in USENIX Security (2022).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Remote Attestation (RA) is a basic security mechanism that detects malicious presence on various types of computing components, e.g., IoT devices. In a typical IoT setting, RA involves a trusted Verifier that sends a challenge to an untrusted remote Prover, which must in turn reply with a fresh and authentic evidence of being in a trustworthy state. However,most current RA schemes assume a central Verifier, which rep-resents a single point of failure. This feature is problematic when mutually suspicious stakeholders are involved. Furthermore, scalability issues arise as the number of IoT devices (Provers) grows. Although some RA schemes allow peer Provers to act as Verifiers, they involve unrealistic (for IoT devices) requirements, such as time synchronization and synchronous communication. Moreover, they incur heavy memory, computation,and communication burdens, while not considering sleeping or otherwise disconnected devices. Motivated by the need to address these limitations, we construct Scalable Collective Remote Attestation for Pub-Sub (SCRAPS), a novel collective RA scheme. It achieves scalability by outsourcing Verifier duties to a smart contract and mitigates DoS attacks against both Provers and Verifiers. It also removes the need for synchronous communication. Furthermore,RA evidence in SCRAPS is publicly verifiable, which significantly reduces the number of attestation evidence computations, thus lowering Prover burden. We report on a prototype of SCRAPS over Hyperledger Sawtooth (a blockchain geared for IoT use-cases) and evaluate its performance, scalability, and security aspects.

  @proceedings{petzi2022scraps, abstract = {Remote Attestation (RA) is a basic security mechanism that detects malicious presence on various types of computing components, e.g., IoT devices. In a typical IoT setting, RA involves a trusted Verifier that sends a challenge to an untrusted remote Prover, which must in turn reply with a fresh and authentic evidence of being in a trustworthy state. However,most current RA schemes assume a central Verifier, which rep-resents a single point of failure. This feature is problematic when mutually suspicious stakeholders are involved. Furthermore, scalability issues arise as the number of IoT devices (Provers) grows. Although some RA schemes allow peer Provers to act as Verifiers, they involve unrealistic (for IoT devices) requirements, such as time synchronization and synchronous communication. Moreover, they incur heavy memory, computation,and communication burdens, while not considering sleeping or otherwise disconnected devices. Motivated by the need to address these limitations, we construct Scalable Collective Remote Attestation for Pub-Sub (SCRAPS), a novel collective RA scheme. It achieves scalability by outsourcing Verifier duties to a smart contract and mitigates DoS attacks against both Provers and Verifiers. It also removes the need for synchronous communication. Furthermore,RA evidence in SCRAPS is publicly verifiable, which significantly reduces the number of attestation evidence computations, thus lowering Prover burden. We report on a prototype of SCRAPS over Hyperledger Sawtooth (a blockchain geared for IoT use-cases) and evaluate its performance, scalability, and security aspects.}, author = {Petzi, Lukas and Ben Yahya, Ala Eddine and Dmitrienko, Alexandra and Tsudik, Gene and Prantl, Thomas and Kounev, Samuel}, booktitle = {USENIX Security}, keywords = {sys:relevantfor:sss-group}, title = {SCRAPS: Scalable Collective Remote Attestation for Pub-Sub IoT Networks with Untrusted Proxy Verifier.}, year = 2022 }

• Remote Attestation for IoT with Smart Verifier. Petzi, Lukas; Thesis; Bachelor Thesis. (2021, January).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  The Internet is evolving. The Internet of Things (IoT) is a disruptive technology, billions of small and smart devices are encompassing every aspect of our lives, which leads us to a new era of the Internet. IoT connects billions of heterogeneous embedded devices in large networks. Restricted capabilities of the devices in combination with various mutually mistrusting parties throughout the network pose new challenges to security. As IoT devices become increasingly important, so does trust in their secure and reliable operation. But before we can trust them, we need to establish the trust. In the past, remote attestation has emerged into a very powerful tool in order to establish trust between devices. Traditional remote attestation establishes a static trust between two devices. This approach suffers badly heterogeneity of IoT network and purely scales to a large number of devices. Furthermore, it is very vulnerable to Denial of Service attacks. Within this thesis, we present a new approach to Remote Attestation in IoT networks. Our design combines the core strength of Remote Attestation with the advantages blockchain technology in order to enable attestation and validation of attestation evidences in a scalable manner. At rst, we develop a remote attestation scheme on a low end device serving as an exemplary IoT device. Second, we design our smart verifier, a flexible system capable of validating and storing attestation evidence. The system is build on top of blockchain technology and solves several issues accompanied by Traditional Remote Attestation in IoT such as scalability and device heterogeneity. In the end, we build and evaluate a proof of concept implementation based on ARM TrustZone and Sawtooth Hyperledger. The proposed system architecture enables trust establishment in a scalable manner even in heterogeneous networks while preventing denial of service attacks

  @mastersthesis{chan2019remote, abstract = {The Internet is evolving. The Internet of Things (IoT) is a disruptive technology, billions of small and smart devices are encompassing every aspect of our lives, which leads us to a new era of the Internet. IoT connects billions of heterogeneous embedded devices in large networks. Restricted capabilities of the devices in combination with various mutually mistrusting parties throughout the network pose new challenges to security. As IoT devices become increasingly important, so does trust in their secure and reliable operation. But before we can trust them, we need to establish the trust. In the past, remote attestation has emerged into a very powerful tool in order to establish trust between devices. Traditional remote attestation establishes a static trust between two devices. This approach suffers badly heterogeneity of IoT network and purely scales to a large number of devices. Furthermore, it is very vulnerable to Denial of Service attacks. Within this thesis, we present a new approach to Remote Attestation in IoT networks. Our design combines the core strength of Remote Attestation with the advantages blockchain technology in order to enable attestation and validation of attestation evidences in a scalable manner. At rst, we develop a remote attestation scheme on a low end device serving as an exemplary IoT device. Second, we design our smart verifier, a flexible system capable of validating and storing attestation evidence. The system is build on top of blockchain technology and solves several issues accompanied by Traditional Remote Attestation in IoT such as scalability and device heterogeneity. In the end, we build and evaluate a proof of concept implementation based on ARM TrustZone and Sawtooth Hyperledger. The proposed system architecture enables trust establishment in a scalable manner even in heterogeneous networks while preventing denial of service attacks}, author = {Petzi, Lukas}, booktitle = {CVPR Workshops}, keywords = {security}, month = {01}, publisher = {Bachelor Thesis}, school = {University of Würzburg}, title = {Remote Attestation for IoT with Smart Verifier}, type = {Bachelor Thesis}, year = 2021 }
• Sound Smart Contract Security Testing with Just One Tool. Dmitrienko, Alexandra; Chen, Huili; Fereidooni, Hossein; Sendner, Christoph; Sadeghi, Ahmad-Reza; Koushanfar, Farinaz; in CyberSec&AI 2021 (2021).
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  @conference{dmitrienko2021sound, author = {Dmitrienko, Alexandra and Chen, Huili and Fereidooni, Hossein and Sendner, Christoph and Sadeghi, Ahmad-Reza and Koushanfar, Farinaz}, booktitle = {CyberSec&AI 2021}, keywords = {sss-group}, title = {Sound Smart Contract Security Testing with Just One Tool}, year = 2021 }
• Increasing Security in Satellite Networks. Schilling, Klaus; Dmitrienko, Alexandra; in 72nd International Astronautical Congress (IAC) (2021).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @inproceedings{schilling2021increasing, author = {Schilling, Klaus and Dmitrienko, Alexandra}, booktitle = {72nd International Astronautical Congress (IAC)}, keywords = {security}, title = {Increasing Security in Satellite Networks}, year = 2021 }
• Benchmarking of Pre- and Post-Quantum Group Encryption Schemes with Focus on IoT. Prantl, Thomas; Prantl, Dominik; Bauer, André; Iffländer, Lukas; Dmitrenko, Alexandra; Krupitzer, Christian; Kounev, Samuel; in IEEE 40th International Performance Computing and Communications Conference (IPCCC) (2021).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @inproceedings{PrPrBaIfDmKrKo2021-IPCCC-QuantumGroupEncryption, author = {Prantl, Thomas and Prantl, Dominik and Bauer, André and Iffländer, Lukas and Dmitrenko, Alexandra and Krupitzer, Christian and Kounev, Samuel}, booktitle = {IEEE 40th International Performance Computing and Communications Conference (IPCCC)}, keywords = {sss-group}, title = {Benchmarking of Pre- and Post-Quantum Group Encryption Schemes with Focus on IoT}, year = 2021 }
• Security Analysis of UniNow App. Zimmermann, Keven; Thesis; Bachelor Thesis. (2021, June).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  We performed a security analysis of the UniNow application, focusing on private user data. The application was chosen for its high popularity and amount of sensitive information handled through its new contact tracing functionality. This functionality is used by many universities for mandatory contact tracing against COVID-19. Our analysis concerned the Android mobile application and all web services. After mapping the attack surface using many tools to automate the process, we tested the potential issues in order of impact. We reveal multiple security issues with low to critical severity. Most of these vulnera�bilities threatened private user data directly. In particular, we found multiple disclosed secret keys that were used to encrypt user data on the client side, among others. Fur�thermore, we show how an in-app browser as well as an open redirect vulnerability were easing phishing attacks, and how university access tokens were shared with UniNow. Our more severe findings include how sensitive data was sent automatically to Google servers through backup files, how strict SSL certificate checking was disabled deliberately for many university endpoints, how JavaScript could be injected into the email viewer, and how ap�pointment invitations could be brute forced to get sensitive information about past and future appointments. The two critical security issues concern how user accounts could be taken over by using an account identifier, and how an internal service was accessible by anyone, allowing to change university configurations and potentially make user devices sent their user’s university credentials to the attacker. We performed a responsible disclosure, which serves as a reference to UniNow, enabling them to fix the discovered issues. Our work tangibly improves the security of student data handled by the company.

  @mastersthesis{noauthororeditor, abstract = {We performed a security analysis of the UniNow application, focusing on private user data. The application was chosen for its high popularity and amount of sensitive information handled through its new contact tracing functionality. This functionality is used by many universities for mandatory contact tracing against COVID-19. Our analysis concerned the Android mobile application and all web services. After mapping the attack surface using many tools to automate the process, we tested the potential issues in order of impact. We reveal multiple security issues with low to critical severity. Most of these vulnera�bilities threatened private user data directly. In particular, we found multiple disclosed secret keys that were used to encrypt user data on the client side, among others. Fur�thermore, we show how an in-app browser as well as an open redirect vulnerability were easing phishing attacks, and how university access tokens were shared with UniNow. Our more severe findings include how sensitive data was sent automatically to Google servers through backup files, how strict SSL certificate checking was disabled deliberately for many university endpoints, how JavaScript could be injected into the email viewer, and how ap�pointment invitations could be brute forced to get sensitive information about past and future appointments. The two critical security issues concern how user accounts could be taken over by using an account identifier, and how an internal service was accessible by anyone, allowing to change university configurations and potentially make user devices sent their user’s university credentials to the attacker. We performed a responsible disclosure, which serves as a reference to UniNow, enabling them to fix the discovered issues. Our work tangibly improves the security of student data handled by the company.}, author = {Zimmermann, Keven}, keywords = {security}, month = {06}, publisher = {Bachelor Thesis}, school = {University of Würzburg}, title = {Security Analysis of UniNow App}, type = {Bachelor Thesis}, year = 2021 }
• RIP StrandHogg: A Practical StrandHogg Attack Detection Method on Android. Stang, Jasper; Dmitrienko, Alexandra; Roth, Sascha; in 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) (2021).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  StrandHogg vulnerabilities affect Android’s multitasking system and threaten up to 90% of Android platforms, which translates to millions of affected users. Existing countermeasures require modification of the OS, have usability drawbacks, or are limited to the detection of certain attack versions. In this work, we aim to develop a generic, efficient, and usability-friendly attack detection method, which does not require OS modifications and can be employed by apps installed on any vulnerable Android platform. To achieve our goal, we analyze StrandHogg attack techniques and develop two countermeasures, one using Machine Learning and the other one using ActivityCounter – a reliable attack indicator, which we could synthetically engineer. Our first approach achieves an average F1 score of 92% across all attack variations, while ActivityCounter shows superior performance and efficiently detects all attack versions without false positives. ActivityCounter is the first solution without practical limitations, which can be easily deployed in practice and protect millions of affected users.

  @inproceedings{stang2021strandhogg, abstract = {StrandHogg vulnerabilities affect Android’s multitasking system and threaten up to 90% of Android platforms, which translates to millions of affected users. Existing countermeasures require modification of the OS, have usability drawbacks, or are limited to the detection of certain attack versions. In this work, we aim to develop a generic, efficient, and usability-friendly attack detection method, which does not require OS modifications and can be employed by apps installed on any vulnerable Android platform. To achieve our goal, we analyze StrandHogg attack techniques and develop two countermeasures, one using Machine Learning and the other one using ActivityCounter – a reliable attack indicator, which we could synthetically engineer. Our first approach achieves an average F1 score of 92% across all attack variations, while ActivityCounter shows superior performance and efficiently detects all attack versions without false positives. ActivityCounter is the first solution without practical limitations, which can be easily deployed in practice and protect millions of affected users.}, author = {Stang, Jasper and Dmitrienko, Alexandra and Roth, Sascha}, booktitle = {14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)}, keywords = {Android}, title = {RIP StrandHogg: A Practical StrandHogg Attack Detection Method on Android}, year = 2021 }
• Performance Evaluation for a Post-Quantum Public-Key Cryptosystem. Prantl, Thomas; Prantl, Dominik; Beierlieb, Lukas; Iffländer, Lukas; Dmitrienko, Alexandra; Krupitzer, Christian; Kounev, Samuel; in IEEE 40th International Performance Computing and Communications Conference (IPCCC) (2021).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @inproceedings{PrPrBeIfDnKrKo2021-IPCCC-QuantumPublicKeyCryposystem, author = {Prantl, Thomas and Prantl, Dominik and Beierlieb, Lukas and Iffländer, Lukas and Dmitrienko, Alexandra and Krupitzer, Christian and Kounev, Samuel}, booktitle = {IEEE 40th International Performance Computing and Communications Conference (IPCCC)}, keywords = {security}, organization = {IEEE}, title = {Performance Evaluation for a Post-Quantum Public-Key Cryptosystem}, year = 2021 }
• Intrusion Detection Using Machine Learning in Databases. Schindler, Sebastian; Thesis; Master Thesis. (2021, April).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Ransomware is a known threat that had a severe impact on computer security in the past five years. This type of malware has caused financial losses of about $13 Billion in 2017 and 2018 combined. Ransomware makes a user’s data unavailable to them, only granting access again when they pay a ransom. Traditionally, ransomware targeted the computer’s filesystem. Database ransomware is a new variant of the same principle. Instead of targeting individual files, it logs into DBMSs remotely and destroys the data, leaving only a ransom message behind. In most cases, attackers do not create a backup copy of the data. In this case, the data cannot be restored by the attackers, even if the ransom is paid. In 2018, Jobst et al. presented DIMAQS, a MySQL plugin to mitigate these attacks by detecting malicious activity through a Petri net classifier. Our work recognizes the main drawback of this approach: The Petri net cannot be easily adapted to new attack scenarios and has to be re-engineered manually. To solve this problem, we design a machine learning classifier to replace the original one. This approach yields a model that detects all attacks in our tests. Unfortunately, the model also produces a high number of false positives when trying to detect attacks before any harmful queries are issued. Overall, our approach achieves a 85.23% f1-score. The performance impact of the revised plugin is nonexistent for OLAP workloads and stays under 15% for OLTP tasks.

  @mastersthesis{noauthororeditor, abstract = {Ransomware is a known threat that had a severe impact on computer security in the past five years. This type of malware has caused financial losses of about $13 Billion in 2017 and 2018 combined. Ransomware makes a user’s data unavailable to them, only granting access again when they pay a ransom. Traditionally, ransomware targeted the computer’s filesystem. Database ransomware is a new variant of the same principle. Instead of targeting individual files, it logs into DBMSs remotely and destroys the data, leaving only a ransom message behind. In most cases, attackers do not create a backup copy of the data. In this case, the data cannot be restored by the attackers, even if the ransom is paid. In 2018, Jobst et al. presented DIMAQS, a MySQL plugin to mitigate these attacks by detecting malicious activity through a Petri net classifier. Our work recognizes the main drawback of this approach: The Petri net cannot be easily adapted to new attack scenarios and has to be re-engineered manually. To solve this problem, we design a machine learning classifier to replace the original one. This approach yields a model that detects all attacks in our tests. Unfortunately, the model also produces a high number of false positives when trying to detect attacks before any harmful queries are issued. Overall, our approach achieves a 85.23% f1-score. The performance impact of the revised plugin is nonexistent for OLAP workloads and stays under 15% for OLTP tasks.}, author = {Schindler, Sebastian}, keywords = {ransomware}, month = {04}, publisher = {Master Thesis}, school = {University of Würzburg}, title = {Intrusion Detection Using Machine Learning in Databases}, type = {Master Thesis}, year = 2021 }
• Towards a Group Encryption Scheme Benchmark: A View on Centralized Schemes with focus on IoT. Prantl, Thomas; Ten, Peter; Iffländer, Lukas; Herrnleben, Stefan; Dmitrenko, Alexandra; Kounev, Samuel; Krupitzer, Christian; in ACM/SPEC International Conference on Performance Engineering (ICPE) (2021).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  The number of devices connected to the Internet of Things (IoT) is continuously increasing to several billion nowadays. As those devices often share sensitive data, encryption of those data is an important issue. The pure volume of data and the complexity of communication patterns increases, and, accordingly, the importance of group encryption is recently gaining more importance. Still, the choice of the best-suited group encryption scheme for a specific application is complicated. Benchmarks can support this choice. However, while literature distinguishes three categories for the schemes (central, decentral, and hybrid), a one-fits-all benchmark seems challenging to achieve. In this paper, we go the first step towards a structured benchmark for group encryption schemes by presenting a benchmark for centralized group encryption schemes in an IoT scenario. To this end, our benchmark includes a description of workloads, a baseline scheme, a measurement setup, and metrics while also considering the requirements and features of centralized group encryption schemes.

  @inproceedings{PrTeIfHeDmKo2021-ICPE-GroupEncryptionCentralizedBenchmark, abstract = {The number of devices connected to the Internet of Things (IoT) is continuously increasing to several billion nowadays. As those devices often share sensitive data, encryption of those data is an important issue. The pure volume of data and the complexity of communication patterns increases, and, accordingly, the importance of group encryption is recently gaining more importance. Still, the choice of the best-suited group encryption scheme for a specific application is complicated. Benchmarks can support this choice. However, while literature distinguishes three categories for the schemes (central, decentral, and hybrid), a one-fits-all benchmark seems challenging to achieve. In this paper, we go the first step towards a structured benchmark for group encryption schemes by presenting a benchmark for centralized group encryption schemes in an IoT scenario. To this end, our benchmark includes a description of workloads, a baseline scheme, a measurement setup, and metrics while also considering the requirements and features of centralized group encryption schemes.}, author = {Prantl, Thomas and Ten, Peter and Iffländer, Lukas and Herrnleben, Stefan and Dmitrenko, Alexandra and Kounev, Samuel and Krupitzer, Christian}, booktitle = {ACM/SPEC International Conference on Performance Engineering (ICPE)}, keywords = {security}, month = {04}, series = {ICPE'21}, title = {Towards a Group Encryption Scheme Benchmark: A View on Centralized Schemes with focus on IoT}, year = 2021 }
• ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning. Lutz, Oliver; Chen, Huili; Fereidooni, Hossein; Sendner, Christoph; Dmitrienko, Alexandra; Sadeghi, Ahmad Reza; Koushanfar, Farinaz; in ArXiv | arXiv:2103.12607v1 (2021).
  • [ Abstract ]
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  Ethereum smart contracts are automated decentralized applications on the blockchain that describe the terms of the agreement between buyers and sellers, reducing the need for trusted intermediaries and arbitration. However, the deployment of smart contracts introduces new attack vectors into the cryptocurrency systems. In particular, programming flaws in smart contracts can be and have already been exploited to gain enormous financial profits. It is thus an emerging yet crucial issue to detect vulnerabilities of different classes in contracts in an efficient manner. Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable, or train individual classifiers for each specific vulnerability, or demonstrate multi-class vulnerability detection without extensibility consideration. To overcome the scalability and generalization limitations of existing works, we propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for Ethereum smart contracts that support lightweight transfer learning on unseen security vulnerabilities, thus is extensible and generalizable. ESCORT leverages a multi-output NN architecture that consists of two parts: (i) A common feature extractor that learns the semantics of the input contract; (ii) Multiple branch structures where each branch learns a specific vulnerability type based on features obtained from the feature extractor. Experimental results show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract. When extended to new vulnerability types, ESCORT yields an average F1-score of 93%. To the best of our knowledge, ESCORT is the first framework that enables transfer learning on new vulnerability types with minimal modification of the DNN model architecture and re-training overhead.

  @article{lutz2021escort, abstract = {Ethereum smart contracts are automated decentralized applications on the blockchain that describe the terms of the agreement between buyers and sellers, reducing the need for trusted intermediaries and arbitration. However, the deployment of smart contracts introduces new attack vectors into the cryptocurrency systems. In particular, programming flaws in smart contracts can be and have already been exploited to gain enormous financial profits. It is thus an emerging yet crucial issue to detect vulnerabilities of different classes in contracts in an efficient manner. Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable, or train individual classifiers for each specific vulnerability, or demonstrate multi-class vulnerability detection without extensibility consideration. To overcome the scalability and generalization limitations of existing works, we propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for Ethereum smart contracts that support lightweight transfer learning on unseen security vulnerabilities, thus is extensible and generalizable. ESCORT leverages a multi-output NN architecture that consists of two parts: (i) A common feature extractor that learns the semantics of the input contract; (ii) Multiple branch structures where each branch learns a specific vulnerability type based on features obtained from the feature extractor. Experimental results show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract. When extended to new vulnerability types, ESCORT yields an average F1-score of 93%. To the best of our knowledge, ESCORT is the first framework that enables transfer learning on new vulnerability types with minimal modification of the DNN model architecture and re-training overhead.}, author = {Lutz, Oliver and Chen, Huili and Fereidooni, Hossein and Sendner, Christoph and Dmitrienko, Alexandra and Sadeghi, Ahmad Reza and Koushanfar, Farinaz}, journal = {ArXiv | arXiv:2103.12607v1}, keywords = {cryptography}, month = {03}, title = {ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning}, year = 2021 }
• All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers. Hagen, Christoph; Weinert, Christian; Sendner, Christoph; Dmitrienko, Alexandra; Schneider, Thomas; in Network and Distributed System Security Symposium (NDSS) (2021).
  • [ Abstract ]
  • [ BibTeX ]
  • [ URL ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Contact discovery allows users of mobile messengers to conveniently connect with people in their address book. In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods. Our study of three popular mobile messengers (WhatsApp, Signal, and Telegram) shows that, contrary to expectations, largescale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we have queried 10 % of US mobile phone numbers for WhatsApp and 100 % for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service. We present interesting (crossmessenger) usage statistics, which also reveal that very few users change the default privacy settings. Regarding mitigations, we propose novel techniques to significantly limit the feasibility of our crawling attacks, especially a new incremental contact discovery scheme that strictly improves over Signal’s current approach. Furthermore, we show that currently deployed hashing-based contact discovery protocols are severely broken by comparing three methods for efficient hash reversal of mobile phone numbers. For this, we also propose a significantly improved rainbow table construction for non-uniformly distributed inputs that is of independent interest.

  @inproceedings{DBLP:conf/ndss/2021, abstract = {Contact discovery allows users of mobile messengers to conveniently connect with people in their address book. In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods. Our study of three popular mobile messengers (WhatsApp, Signal, and Telegram) shows that, contrary to expectations, largescale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we have queried 10 % of US mobile phone numbers for WhatsApp and 100 % for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service. We present interesting (crossmessenger) usage statistics, which also reveal that very few users change the default privacy settings. Regarding mitigations, we propose novel techniques to significantly limit the feasibility of our crawling attacks, especially a new incremental contact discovery scheme that strictly improves over Signal’s current approach. Furthermore, we show that currently deployed hashing-based contact discovery protocols are severely broken by comparing three methods for efficient hash reversal of mobile phone numbers. For this, we also propose a significantly improved rainbow table construction for non-uniformly distributed inputs that is of independent interest.}, author = {Hagen, Christoph and Weinert, Christian and Sendner, Christoph and Dmitrienko, Alexandra and Schneider, Thomas}, booktitle = {Network and Distributed System Security Symposium (NDSS)}, keywords = {dblp}, month = {02}, publisher = {The Internet Society}, title = {All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers}, year = 2021 }
• Vision: Challenges & Opportunities. Annaaram, Murali; Asokan, N.; Atli, Buse Gül; Avestimeh, Salman; Brasser, Ferdinand; Cammarota, Rosario; Dmitrienko, Alexandra; Dziedzic, Adam; Given-Wilson, Thomas; Gunn, Lachlan J.; Kerschbaum, Florian; Koushanfar, Farinaz; Legay, Axel; Miettinen, Markus; Nguyen, Thien Duc; Papernot, Nicolas; Sadeghi, Ahmad-Reza; Schunter, Matthias; Shokri, Reza; Smith, Virginia; in Vision Paper of the Private AI Collaborative Research Institute (2021).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @inproceedings{annaaramvision, author = {Annaaram, Murali and Asokan, N. and Atli, Buse Gül and Avestimeh, Salman and Brasser, Ferdinand and Cammarota, Rosario and Dmitrienko, Alexandra and Dziedzic, Adam and Given-Wilson, Thomas and Gunn, Lachlan J. and Kerschbaum, Florian and Koushanfar, Farinaz and Legay, Axel and Miettinen, Markus and Nguyen, Thien Duc and Papernot, Nicolas and Sadeghi, Ahmad-Reza and Schunter, Matthias and Shokri, Reza and Smith, Virginia}, booktitle = {Vision Paper of the Private AI Collaborative Research Institute}, keywords = {Private_AI}, title = {Vision: Challenges & Opportunities.}, year = 2021 }

• Testbed for Security Testing of Smart Contracts. Denk, Lukas; Thesis; Bachelor Thesis. (2020, November).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Ethereum, one of the most popular decentralized blockchain-based platforms [1], manages cryptocurrency worth more than 40 billion US Dollars [2]. A lot of the money is controlled by autonomous programs, so called smart contracts. They are executed on the platform and everyone can call their functions; vulnerabilities are therefore easily exploited. The immutable nature of the blockchain sharpens the problem even further by prohibiting belated bug fixes. In fact, there were several cases where attackers were able to steal cryptocurrency worth several millions of US Dollar [3]. This emphasises the need of soundly testing a smart contract before deployment. Unfortunately, existing security analysing tools each cover a different subsets of vulnerabilities [4]. Moreover, even when they test for the same security issues, they often find different results. A solid test run should therefore contain several tools, which makes the whole procedure very laborious. For these reasons, we provide a testbed which runs on a virtual machine (VM) with several smart contract security analysing tools integrated. It does not only offer a command line- but also an intuitive web interface. Both interfaces allow the user to analyse his contract with all the underlying tools in a single step. Additionally, our testbed provides a detailed report for each of the tools’ test runs as well as an overview of the overall security issues the different tools found. Our evaluation shows that our testbed identifies significantly more potential security issues than each of the compared smart contract analysing tools individually does. Indeed, we found 92% of our analysed contracts as potentially being vulnerable, while even the most sensitive tool only flagged 76% of its successfully analysed contracts. Furthermore, we observed that occasionally, two tools testing for the same vulnerability, contradict themselves in more than 81% of the contracts successfully analysed by both tools

  @mastersthesis{denk2020testbed, abstract = {Ethereum, one of the most popular decentralized blockchain-based platforms [1], manages cryptocurrency worth more than 40 billion US Dollars [2]. A lot of the money is controlled by autonomous programs, so called smart contracts. They are executed on the platform and everyone can call their functions; vulnerabilities are therefore easily exploited. The immutable nature of the blockchain sharpens the problem even further by prohibiting belated bug fixes. In fact, there were several cases where attackers were able to steal cryptocurrency worth several millions of US Dollar [3]. This emphasises the need of soundly testing a smart contract before deployment. Unfortunately, existing security analysing tools each cover a different subsets of vulnerabilities [4]. Moreover, even when they test for the same security issues, they often find different results. A solid test run should therefore contain several tools, which makes the whole procedure very laborious. For these reasons, we provide a testbed which runs on a virtual machine (VM) with several smart contract security analysing tools integrated. It does not only offer a command line- but also an intuitive web interface. Both interfaces allow the user to analyse his contract with all the underlying tools in a single step. Additionally, our testbed provides a detailed report for each of the tools’ test runs as well as an overview of the overall security issues the different tools found. Our evaluation shows that our testbed identifies significantly more potential security issues than each of the compared smart contract analysing tools individually does. Indeed, we found 92% of our analysed contracts as potentially being vulnerable, while even the most sensitive tool only flagged 76% of its successfully analysed contracts. Furthermore, we observed that occasionally, two tools testing for the same vulnerability, contradict themselves in more than 81% of the contracts successfully analysed by both tools}, author = {Denk, Lukas}, keywords = {secure}, month = 11, publisher = {Bachelor Thesis}, school = {University of Würzburg}, title = {Testbed for Security Testing of Smart Contracts}, type = {Bachelor Thesis}, year = 2020 }
• Contact Tracing by Giant Data Collectors: Opening Pandora’s Box of Threats to Privacy, Sovereignty and National Security. Boutet, Antoine; Castelluccia, Claude; Cunche, Mathieu; Dmitrienko, Alexandra; Iovino, Vincenzo; Miettinen, Markus; Nguyen, Thien Duc; Roca, Vincent; Sadeghi, Ahmad-Reza; Vaudenay, Serge; Visconti, Ivan; Vuagnoux, Martin; (2020).
  • [ Abstract ]
  • [ BibTeX ]
  • [ URL ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Many countries have introduced digital contact tracing apps to fight the COVID-19 pandemic. Such apps help to identify contacts between potentially infectious persons automatically and thus bear the promise of reducing the burden on manual contact tracers and increase tracing accuracy in situations in which people have difficulties identifying with whom they have been in contact. A number of different proposals for digital contact tracing systems have been made or deployed, ranging from heavily centralized to completely decentralized approaches, each with its own advantages and disadvantages in terms of tracing effectiveness and impact on user privacy. During the phase of highly dynamic evolution of these approaches, surprisingly, Google and Apple established an unprecedented friendship and agreed on a very special scheme for contact tracing, realizing this in the form of an API called GAEN that they quickly integrated into their mobile operating systems. A multitude of nationally rolled out tracing apps are now based on the GAEN approach. In this paper, we revisit such apps and the GAEN API on which they are built. In particular, we point out a number of very problematic aspects and threats that the GAEN approach creates through its security and privacy weaknesses but also through the threats that it poses on technological sovereignty and the public health system.

  @techreport{boutet2020contact, abstract = {Many countries have introduced digital contact tracing apps to fight the COVID-19 pandemic. Such apps help to identify contacts between potentially infectious persons automatically and thus bear the promise of reducing the burden on manual contact tracers and increase tracing accuracy in situations in which people have difficulties identifying with whom they have been in contact. A number of different proposals for digital contact tracing systems have been made or deployed, ranging from heavily centralized to completely decentralized approaches, each with its own advantages and disadvantages in terms of tracing effectiveness and impact on user privacy. During the phase of highly dynamic evolution of these approaches, surprisingly, Google and Apple established an unprecedented friendship and agreed on a very special scheme for contact tracing, realizing this in the form of an API called GAEN that they quickly integrated into their mobile operating systems. A multitude of nationally rolled out tracing apps are now based on the GAEN approach. In this paper, we revisit such apps and the GAEN API on which they are built. In particular, we point out a number of very problematic aspects and threats that the GAEN approach creates through its security and privacy weaknesses but also through the threats that it poses on technological sovereignty and the public health system.}, author = {Boutet, Antoine and Castelluccia, Claude and Cunche, Mathieu and Dmitrienko, Alexandra and Iovino, Vincenzo and Miettinen, Markus and Nguyen, Thien Duc and Roca, Vincent and Sadeghi, Ahmad-Reza and Vaudenay, Serge and Visconti, Ivan and Vuagnoux, Martin}, institution = {{EPFL, Switzerland ; Inria, France ; JMU W{\"u}rzburg, Germany ; University of Salerno, Italy ; base23, Geneva, Switzerland ; Technical University of Darmstadt, Germany}}, keywords = {collector}, month = 12, title = {Contact Tracing by Giant Data Collectors: Opening Pandora’s Box of Threats to Privacy, Sovereignty and National Security.}, type = {University works}, year = 2020 }
• LegIoT: Ledgered Trust Management Platform for IoT. Neureither, Jens; Dmitrienko, Alexandra; Koisser, David; Brasser, Ferdinand; Sadeghi, Ahmad-Reza; in European Symposium on Research in Computer Security (ESORICS) (2020).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  We investigate and address the currently unsolved problem of trust establishment in large-scale Internet of Things (IoT) networks where heterogeneous devices and mutually mistrusting stakeholders are involved. We design, prototype and evaluate LegIoT, a novel, probabilistic trust management system that enables secure, dynamic and flexible(yet inexpensive) trust relationships in large IoT networks. The core component of LegIoT is a novel graph-based scheme that allows network devices (graph nodes) to re-use the already existing trust associations(graph edges) very efficiently; thus, significantly reducing the number of individually conducted trust assessments. Since no central trusted third party exists, LegIoT leverages Distributed Ledger Technology(DLT) to create and manage the trust relation graph in a decentralized manner.The trust assessment among devices can be instantiated by any appropriate assessment technique, for which we focus on remote attestation(integrity verification) in this paper. We prototyped LegIoT for Hyper-ledger Sawtooth and demonstrated through evaluation that the number of trust assessments in the network can be significantly reduced – e.g.,by a factor of 20 for a network of 400 nodes and factor 5 for 1000 nodes.

  @inproceedings{neureither2020legiot, abstract = {We investigate and address the currently unsolved problem of trust establishment in large-scale Internet of Things (IoT) networks where heterogeneous devices and mutually mistrusting stakeholders are involved. We design, prototype and evaluate LegIoT, a novel, probabilistic trust management system that enables secure, dynamic and flexible(yet inexpensive) trust relationships in large IoT networks. The core component of LegIoT is a novel graph-based scheme that allows network devices (graph nodes) to re-use the already existing trust associations(graph edges) very efficiently; thus, significantly reducing the number of individually conducted trust assessments. Since no central trusted third party exists, LegIoT leverages Distributed Ledger Technology(DLT) to create and manage the trust relation graph in a decentralized manner.The trust assessment among devices can be instantiated by any appropriate assessment technique, for which we focus on remote attestation(integrity verification) in this paper. We prototyped LegIoT for Hyper-ledger Sawtooth and demonstrated through evaluation that the number of trust assessments in the network can be significantly reduced – e.g.,by a factor of 20 for a network of 400 nodes and factor 5 for 1000 nodes.}, author = {Neureither, Jens and Dmitrienko, Alexandra and Koisser, David and Brasser, Ferdinand and Sadeghi, Ahmad-Reza}, booktitle = {European Symposium on Research in Computer Security (ESORICS)}, keywords = {sss-group}, month = {09}, title = {LegIoT: Ledgered Trust Management Platform for IoT}, year = 2020 }
• Evaluating the Performance of a State-of-the-Art Group-oriented Encryption Scheme for Dynamic Groups in an IoT Scenario. Prantl, Thomas; Ten, Peter; Iffländer, Lukas; Dmitrenko, Alexandra; Kounev, Samuel; Krupitzer, Christian; in IEEE 28th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS) (2020).

  Acceptance Rate: 27%
  • [ Abstract ]
  • [ BibTeX ]
  • [ BibSonomy-Post ]
  New emerging technologies, such as autonomous driving, intelligent buildings, and smart cities, are promising to revolutionize user experience and offer new services. The world has to undergo large scale deployment of billions of things — cost-efficient intelligent sensors that will be interconnected into extensive networks and will collect and supply data to intelligent algorithms — to make it happen. To date, however, it is challenging to secure such an infrastructure for many-fold reasons, such as resource constraints of things, large scale deployment, manyto-many communication patterns, and dynamically changing communication groups. All these factors rule out most of the state-of-the-art encryption and key-management techniques. Group encryption algorithms are well-suitable for many-tomany communication patterns typical for IoT networks, and many of them can deal with dynamic groups. There are, however, very few constructions that could potentially fulfill the computational and storage constraints of IoT devices while providing sufficient scalability for large networks. The promising candidates, such as construction by Nishat et al. [1], were not evaluated using IoT platforms and under constraints typical for IoT networks. In this paper, we aim to fill this gap and present the evaluation of a state-of-the-art group-oriented encryption scheme by Nishat et al. to identify its applicability to IoT systems. In detail, we provide a measurement workflow, a revised version of the approach, and describe a reproducible hardware testbed. Using this evaluation environment, we analyze the performance of the encryption scheme in a typical IoT scenario from a group member perspective. The results show that all calculation times can be assumed to be constant and are always below 2 seconds. The memory requirement for permanent parameters can also be considered to be constant and are below 8.5 kbit in each case. However, the information that has to be stored temporarily for group updates has turned out to be the bottleneck of the scheme, since their memory requirements increase linearly with the group size.

  @inproceedings{PrTeIfDmKo2020-MASCOTS-GroupEncryption, abstract = {New emerging technologies, such as autonomous driving, intelligent buildings, and smart cities, are promising to revolutionize user experience and offer new services. The world has to undergo large scale deployment of billions of things — cost-efficient intelligent sensors that will be interconnected into extensive networks and will collect and supply data to intelligent algorithms — to make it happen. To date, however, it is challenging to secure such an infrastructure for many-fold reasons, such as resource constraints of things, large scale deployment, manyto-many communication patterns, and dynamically changing communication groups. All these factors rule out most of the state-of-the-art encryption and key-management techniques. Group encryption algorithms are well-suitable for many-tomany communication patterns typical for IoT networks, and many of them can deal with dynamic groups. There are, however, very few constructions that could potentially fulfill the computational and storage constraints of IoT devices while providing sufficient scalability for large networks. The promising candidates, such as construction by Nishat et al. [1], were not evaluated using IoT platforms and under constraints typical for IoT networks. In this paper, we aim to fill this gap and present the evaluation of a state-of-the-art group-oriented encryption scheme by Nishat et al. to identify its applicability to IoT systems. In detail, we provide a measurement workflow, a revised version of the approach, and describe a reproducible hardware testbed. Using this evaluation environment, we analyze the performance of the encryption scheme in a typical IoT scenario from a group member perspective. The results show that all calculation times can be assumed to be constant and are always below 2 seconds. The memory requirement for permanent parameters can also be considered to be constant and are below 8.5 kbit in each case. However, the information that has to be stored temporarily for group updates has turned out to be the bottleneck of the scheme, since their memory requirements increase linearly with the group size.}, author = {Prantl, Thomas and Ten, Peter and Iffländer, Lukas and Dmitrenko, Alexandra and Kounev, Samuel and Krupitzer, Christian}, booktitle = {IEEE 28th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS)}, keywords = {sss-group}, month = 11, note = {Acceptance Rate: 27%}, series = {MASCOTS '20}, title = {Evaluating the Performance of a State-of-the-Art Group-oriented Encryption Scheme for Dynamic Groups in an IoT Scenario}, year = 2020 }
• Strategies for the Security Assessment of IoT Devices by Certification Authorities. Finke, Moritz Anton; Thesis; Bachelor Thesis. (2020, May).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  The Internet of Things (IoT) is a global infrastructure that interconnects physical and virtual things based on evolving information and communication technologies. Along with the rise of the IoT, multiple unprecedented forms of security issues and attacks have emerged. While their limited resources disallow the utilization of computing-intensive security measures, the services of IoT devices represent an attractive target for vulnerability exploitation. Certification Authorities (CAs) have responded to the trend and offer security assessments and certification for IoT devices. To ensure qualitative and fair certification, security testing requires well-defined strategies. This bachelor thesis analyzes the existing IoT security assessment models and proposes a novel, CA oriented Testing Guide Model (TGM) for standardized and reproducible assessments. The TGM describes a complete security assessment approach for application in IoT device security certification procedures of CAs. As part of the bachelor thesis, the TGM is specified, implemented, and its applicability evaluated with the help of existing IoT devices. CAs account for the security of certified products. The certification of devices that (subsequently) prove to be insecure can lead to a consumer's loss of trust in the CA. Therefore, the decision for issuing certificates must be comprehensible and made carefully. For the risk estimation of security issues and vulnerabilities, it is common to make use of numerical scoring systems. Well-defined scoring systems allow precise and reproducible estimations. In addition to the introduction of the TGM, this bachelor thesis analyzes the scoring systems established in the field of IT security in regard to their applicability for the scoring of IoT related vulnerabilities, complete IoT devices, and for the specific requirements of CAs. This thesis uncovers incompatibilities and insufficiencies in the existing systems that disallow application for the scoring of IoT devices and for application by CAs. To counter these issues, the thesis introduces a novel Security Scoring System (SSS) for rating IoT devices based on the risks of their vulnerabilities, services, and operational contexts. The SSS is integrated into the TGM, implemented in software, and evaluated with a comparison to the existing scoring systems. To summarize, the contributions of this bachelor thesis are two novel models for the security assessment of devices of the IoT: the TGM and the SSS. The models are intended to find application for CAs and both standardize and improve the security testing and assessment procedures.

  @mastersthesis{finke2020strategies, abstract = {The Internet of Things (IoT) is a global infrastructure that interconnects physical and virtual things based on evolving information and communication technologies. Along with the rise of the IoT, multiple unprecedented forms of security issues and attacks have emerged. While their limited resources disallow the utilization of computing-intensive security measures, the services of IoT devices represent an attractive target for vulnerability exploitation. Certification Authorities (CAs) have responded to the trend and offer security assessments and certification for IoT devices. To ensure qualitative and fair certification, security testing requires well-defined strategies. This bachelor thesis analyzes the existing IoT security assessment models and proposes a novel, CA oriented Testing Guide Model (TGM) for standardized and reproducible assessments. The TGM describes a complete security assessment approach for application in IoT device security certification procedures of CAs. As part of the bachelor thesis, the TGM is specified, implemented, and its applicability evaluated with the help of existing IoT devices. CAs account for the security of certified products. The certification of devices that (subsequently) prove to be insecure can lead to a consumer's loss of trust in the CA. Therefore, the decision for issuing certificates must be comprehensible and made carefully. For the risk estimation of security issues and vulnerabilities, it is common to make use of numerical scoring systems. Well-defined scoring systems allow precise and reproducible estimations. In addition to the introduction of the TGM, this bachelor thesis analyzes the scoring systems established in the field of IT security in regard to their applicability for the scoring of IoT related vulnerabilities, complete IoT devices, and for the specific requirements of CAs. This thesis uncovers incompatibilities and insufficiencies in the existing systems that disallow application for the scoring of IoT devices and for application by CAs. To counter these issues, the thesis introduces a novel Security Scoring System (SSS) for rating IoT devices based on the risks of their vulnerabilities, services, and operational contexts. The SSS is integrated into the TGM, implemented in software, and evaluated with a comparison to the existing scoring systems. To summarize, the contributions of this bachelor thesis are two novel models for the security assessment of devices of the IoT: the TGM and the SSS. The models are intended to find application for CAs and both standardize and improve the security testing and assessment procedures.}, author = {Finke, Moritz Anton}, keywords = {IoT}, month = {05}, publisher = {Bachelor Thesis}, school = {University of Würzburg}, title = {Strategies for the Security Assessment of IoT Devices by Certification Authorities}, type = {Bachelor Thesis}, year = 2020 }
• Evaluating the Privacy of Contact Discovery. Sendner, Christoph; Thesis; Master Thesis. (2020, July).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Currently deployed contact discovery of mobile messengers is based on the transmission of phone numbers to the service provider. This information is private and anonymized by hashing them. In this work, we show, that this anonymization is pseudo-anonymous and can easily be broken by an attacker. For that, we develop two hash reversal techniques: one using brute-force approach and another one using look-up databases. We provide generic architectures for each of the ap- proaches. Additionally, we provide and compare two instantiations for each. Furthermore, we evaluate and compare them to the third approach based on rainbow tables. The evaluation shows near instant lookup-times of under 0.1 ms using in-memory lookup databases, this approach is however costly in terms of memory – it would require over 10 TB RAM, which would be difficult to obtain. Our brute-force approach shows an astonishing performance, being able to reverse any mobile number in under 100 seconds using consumer-level hardware. The rainbow tables produce lookup-times of 4.5 minutes with a success rate of over 99.99%. The results of our evaluation demonstrate, that hash reversals of mobile phone numbers are practical and near instant. Thus, an attacker can easily reverse hash digests of mobile phone numbers and de-anonymize personally identifiable information – like phone numbers transmitted to the service provider of mobile messenger apps.

  @mastersthesis{sendner2020contactdiscovery, abstract = {Currently deployed contact discovery of mobile messengers is based on the transmission of phone numbers to the service provider. This information is private and anonymized by hashing them. In this work, we show, that this anonymization is pseudo-anonymous and can easily be broken by an attacker. For that, we develop two hash reversal techniques: one using brute-force approach and another one using look-up databases. We provide generic architectures for each of the ap- proaches. Additionally, we provide and compare two instantiations for each. Furthermore, we evaluate and compare them to the third approach based on rainbow tables. The evaluation shows near instant lookup-times of under 0.1 ms using in-memory lookup databases, this approach is however costly in terms of memory – it would require over 10 TB RAM, which would be difficult to obtain. Our brute-force approach shows an astonishing performance, being able to reverse any mobile number in under 100 seconds using consumer-level hardware. The rainbow tables produce lookup-times of 4.5 minutes with a success rate of over 99.99%. The results of our evaluation demonstrate, that hash reversals of mobile phone numbers are practical and near instant. Thus, an attacker can easily reverse hash digests of mobile phone numbers and de-anonymize personally identifiable information – like phone numbers transmitted to the service provider of mobile messenger apps.}, author = {Sendner, Christoph}, keywords = {sss-group}, month = {07}, publisher = {Master Thesis}, school = {University of Würzburg}, title = {Evaluating the Privacy of Contact Discovery}, type = {Master Thesis}, year = 2020 }
• Mind the GAP: Security & Privacy Risks of Contact Tracing Apps. Baumgärtner, Lars; Dmitrienko, Alexandra; Freisleben, Bernd; Höchst, Jonas; Kühlberg, Joshua; Mezini, Mira; Miettinen, Markus; Muhamedagic, Anel; Nguyen, Thien Duc; Penning, Alvar; Pustelnik, Dermot Frederik; Roos, Filipp; Sadeghi, Ahmad-Reza; Schwarz, Michael; Uhl, Christian; in TrustCom, Security Track (2020).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". We demonstrate that in real-world scenarios the current GAP design is vulnerable to (i) profiling and possibly de-anonymizing infected persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts with the potential of affecting the accuracy of an app-based contact tracing system. For both types of attack, we have built tools that can easily be used on mobile phones or Raspberry Pis (e.g., Bluetooth sniffers). The goal of our work is to perform a reality check towards possibly providing empirical real-world evidence for these two privacy and security risks. We hope that our findings provide valuable input for developing secure and privacy-preserving digital contact tracing systems.

  @inproceedings{baumgartner2020security, abstract = {Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". We demonstrate that in real-world scenarios the current GAP design is vulnerable to (i) profiling and possibly de-anonymizing infected persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts with the potential of affecting the accuracy of an app-based contact tracing system. For both types of attack, we have built tools that can easily be used on mobile phones or Raspberry Pis (e.g., Bluetooth sniffers). The goal of our work is to perform a reality check towards possibly providing empirical real-world evidence for these two privacy and security risks. We hope that our findings provide valuable input for developing secure and privacy-preserving digital contact tracing systems.}, author = {Baumgärtner, Lars and Dmitrienko, Alexandra and Freisleben, Bernd and Höchst, Jonas and Kühlberg, Joshua and Mezini, Mira and Miettinen, Markus and Muhamedagic, Anel and Nguyen, Thien Duc and Penning, Alvar and Pustelnik, Dermot Frederik and Roos, Filipp and Sadeghi, Ahmad-Reza and Schwarz, Michael and Uhl, Christian}, booktitle = {TrustCom, Security Track}, keywords = {TraceCORONA}, month = {09}, title = {Mind the GAP: Security & Privacy Risks of Contact Tracing Apps}, year = 2020 }
• Mind the GAP: Security & Privacy Risks of Contact Tracing Apps. Baumgärtner, Lars; Dmitrienko, Alexandra; Freisleben, Bernd; Gruler, Alexander; Höchst, Jonas; Kühlberg, Joshua; Mezini, Mira; Mitev, Richard; Miettinen, Markus; Muhamedagic, Anel; Nguyen, Thien Duc; Penning, Alvar; Pustelnik, Dermot Frederik; Roos, Filipp; Sadeghi, Ahmad-Reza; Schwarz, Michael; Uhl, Christian; in ArXiv | arXiv:2006.05914v2 (2020).
  • [ Abstract ]
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". We demonstrate that in real-world scenarios the current GAP design is vulnerable to (i) profiling and possibly de-anonymizing infected persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts with the potential of affecting the accuracy of an app-based contact tracing system. For both types of attack, we have built tools that can easily be used on mobile phones or Raspberry Pis (e.g., Bluetooth sniffers). The goal of our work is to perform a reality check towards possibly providing empirical real-world evidence for these two privacy and security risks. We hope that our findings provide valuable input for developing secure and privacy-preserving digital contact tracing systems.

  @article{mindthegap, abstract = {Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". We demonstrate that in real-world scenarios the current GAP design is vulnerable to (i) profiling and possibly de-anonymizing infected persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts with the potential of affecting the accuracy of an app-based contact tracing system. For both types of attack, we have built tools that can easily be used on mobile phones or Raspberry Pis (e.g., Bluetooth sniffers). The goal of our work is to perform a reality check towards possibly providing empirical real-world evidence for these two privacy and security risks. We hope that our findings provide valuable input for developing secure and privacy-preserving digital contact tracing systems.}, author = {Baumgärtner, Lars and Dmitrienko, Alexandra and Freisleben, Bernd and Gruler, Alexander and Höchst, Jonas and Kühlberg, Joshua and Mezini, Mira and Mitev, Richard and Miettinen, Markus and Muhamedagic, Anel and Nguyen, Thien Duc and Penning, Alvar and Pustelnik, Dermot Frederik and Roos, Filipp and Sadeghi, Ahmad-Reza and Schwarz, Michael and Uhl, Christian}, journal = {ArXiv | arXiv:2006.05914v2}, keywords = {TraceCORONA}, month = {06}, title = {Mind the GAP: Security & Privacy Risks of Contact Tracing Apps}, year = 2020 }
• Aggregatable Remote Attestation for IoT. Alistarov, Vasil; Thesis; Bachelor Thesis. (2020, December).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  With the recent spike of Internet of Things (IoT) and "smart" devices, there has also been an increase in the amount of attacks on IoT networks. Wide-reaching attacks such as the one from the Mirai botnet in 2016 show how crucial it is to know that a device can be trusted before initiating communication. Remote Attestation (RA) is a proven method for asserting that a device is in a benign state. It is a challenge-response process between two parties, where the first checks the trustworthiness of the second. However, it is characterizable with low scalability a critical issue in the IoT sector. In our work, we model a new RA protocol, called Aggregatable Remote Attestation, which would allow a device to process multiple RA challenges simultaneously. We base it on the already existing SIMPLE architecture and implement it as a Proof-of-Concept (PoC) by modifying the code of the Security MicroVisor the core component of SIMPLE. We evaluate our work in terms of security and performance and show that it greatly outperforms the underlying SIMPLE. We discuss the relevance of our design in relation to the IoT sphere and denote a small set of potential topics for future work and research.

  @mastersthesis{alistarov2020aggregatable, abstract = {With the recent spike of Internet of Things (IoT) and "smart" devices, there has also been an increase in the amount of attacks on IoT networks. Wide-reaching attacks such as the one from the Mirai botnet in 2016 show how crucial it is to know that a device can be trusted before initiating communication. Remote Attestation (RA) is a proven method for asserting that a device is in a benign state. It is a challenge-response process between two parties, where the first checks the trustworthiness of the second. However, it is characterizable with low scalability a critical issue in the IoT sector. In our work, we model a new RA protocol, called Aggregatable Remote Attestation, which would allow a device to process multiple RA challenges simultaneously. We base it on the already existing SIMPLE architecture and implement it as a Proof-of-Concept (PoC) by modifying the code of the Security MicroVisor the core component of SIMPLE. We evaluate our work in terms of security and performance and show that it greatly outperforms the underlying SIMPLE. We discuss the relevance of our design in relation to the IoT sphere and denote a small set of potential topics for future work and research.}, author = {Alistarov, Vasil}, keywords = {security}, month = 12, publisher = {Bachelor Thesis}, school = {University of Würzburg}, title = {Aggregatable Remote Attestation for IoT}, type = {Bachelor Thesis}, year = 2020 }
• All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers. Hagen, Christoph; Weinert, Christian; Sendner, Christoph; Dmitrienko, Alexandra; Schneider, Thomas; in Cryptology ePrint Archive, Report 2020/1119 (2020).
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  @article{cryptoeprint:2020:1119, author = {Hagen, Christoph and Weinert, Christian and Sendner, Christoph and Dmitrienko, Alexandra and Schneider, Thomas}, journal = {Cryptology ePrint Archive, Report 2020/1119}, keywords = {security}, month = {09}, title = {All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers}, year = 2020 }
• SIMPL: Secure IoT Management Platform. Prantl, Thomas; Ben Yahya, Ala Eddine; Dmitrienko, Alexandra; Kounev, Samuel; Lipp, Fabian; Hock, David; Rathfelder, Christoph; Hofherr, Martin; in ITG Workshop on IT Security (ITSec) (2020).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  The proliferation of IoT devices is increasing at a fast pace, whether for private or business use. However,despite their growing popularity, their safe operation is often not guaranteed. To tackle the security challenges of modern IoT environments, the German Federal Ministry of Education and Research is funding the SIMPL project in order to support research in this area. The contribution of this paper is to introduce the main goal, objectives, and key features of SIMPL

  @inproceedings{prantl2020simpl, abstract = {The proliferation of IoT devices is increasing at a fast pace, whether for private or business use. However,despite their growing popularity, their safe operation is often not guaranteed. To tackle the security challenges of modern IoT environments, the German Federal Ministry of Education and Research is funding the SIMPL project in order to support research in this area. The contribution of this paper is to introduce the main goal, objectives, and key features of SIMPL}, author = {Prantl, Thomas and Ben Yahya, Ala Eddine and Dmitrienko, Alexandra and Kounev, Samuel and Lipp, Fabian and Hock, David and Rathfelder, Christoph and Hofherr, Martin}, booktitle = {ITG Workshop on IT Security (ITSec)}, keywords = {secure}, month = {05}, title = {SIMPL: Secure IoT Management Platform}, year = 2020 }
• Understanding UI attacks on Android. Jasper, Stang; Thesis; Bachelor Thesis. (2020, December).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  In this thesis, we closely examine an important type of attack against Android smart- phones that exploit weaknesses in the user interface. In particular, we study, analyze and implement the “Keystroke Inference #3” attack from the “Cloak and Dagger” paper by Fratantonio et al. [1, 2], which enables an attacker to steal sensitive input such as pass- words. The attack takes advantage of a vulnerability that was subsequently patched on all newer Android versions. Yet, it still affects a significant user base that utilizes older devices. In this paper, we present the end-to-end attack implementation of the “Keystroke Inference #3” concept and elaborate on in-depth details. In order to make the attack fea- sible certain technical challenges needed to be solved, therefore our developed approaches are presented as well. After the evaluation of the results, we show that the implementa- tion is applicable to a wide range of Android versions. We then present our novel defense technique OverlayShifter, which fully prevents the attack while being independent of operating system modifications. Moreover, characteristics that facilitate the detection of the attack are discussed.

  @mastersthesis{jasper2020understanding, abstract = {In this thesis, we closely examine an important type of attack against Android smart- phones that exploit weaknesses in the user interface. In particular, we study, analyze and implement the “Keystroke Inference #3” attack from the “Cloak and Dagger” paper by Fratantonio et al. [1, 2], which enables an attacker to steal sensitive input such as pass- words. The attack takes advantage of a vulnerability that was subsequently patched on all newer Android versions. Yet, it still affects a significant user base that utilizes older devices. In this paper, we present the end-to-end attack implementation of the “Keystroke Inference #3” concept and elaborate on in-depth details. In order to make the attack fea- sible certain technical challenges needed to be solved, therefore our developed approaches are presented as well. After the evaluation of the results, we show that the implementa- tion is applicable to a wide range of Android versions. We then present our novel defense technique OverlayShifter, which fully prevents the attack while being independent of operating system modifications. Moreover, characteristics that facilitate the detection of the attack are discussed.}, author = {Jasper, Stang}, keywords = {sssgroup}, month = 12, publisher = {Bachelor Thesis}, school = {University of Würzburg}, title = {Understanding UI attacks on Android}, type = {Bachelor Thesis}, year = 2020 }
• Detection of Software Vulnerabilities in Smart Contracts using Deep Learning. Lutz, Oliver; Thesis; Master Thesis. (2020, October).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Der Missbrauch von Programmierfehlern in Kryptowährungsplattformen kann zu großen wirtschaftlichen Schäden fuhren. Deshalb wird in dieser Arbeit analysiert, wie Deep-Learning genutzt werden kann, um Schwachstellen in Ethereum Smart Contracts aufzudecken. Als Ergebnis ist ein Framework entwickelt worden, das sich um die Datengewinnung, Vorklassifizierung und Modellbildung kummert. Mit diesem Framework können Deep-Learning-Modelle entwickelt, trainiert und evaluiert werden, um einen KI-Scanner zu erstellen. Selbst bei einfachen neuronalen Netz-Architekturen erreicht der KI-Scanner, der acht verschiedene Arten von Schwachstellen erkennen kann, eine Genauigkeit von 98%. Dieser KI-Scanner kann zur weiteren Verwendung eingesetzt werden. Er kann jedoch auch um Schwachstellentypen erweitert werden, um ein noch mächtigeres Tool zu bilden.

  @mastersthesis{lutz2020detection, abstract = {Der Missbrauch von Programmierfehlern in Kryptowährungsplattformen kann zu großen wirtschaftlichen Schäden fuhren. Deshalb wird in dieser Arbeit analysiert, wie Deep-Learning genutzt werden kann, um Schwachstellen in Ethereum Smart Contracts aufzudecken. Als Ergebnis ist ein Framework entwickelt worden, das sich um die Datengewinnung, Vorklassifizierung und Modellbildung kummert. Mit diesem Framework können Deep-Learning-Modelle entwickelt, trainiert und evaluiert werden, um einen KI-Scanner zu erstellen. Selbst bei einfachen neuronalen Netz-Architekturen erreicht der KI-Scanner, der acht verschiedene Arten von Schwachstellen erkennen kann, eine Genauigkeit von 98%. Dieser KI-Scanner kann zur weiteren Verwendung eingesetzt werden. Er kann jedoch auch um Schwachstellentypen erweitert werden, um ein noch mächtigeres Tool zu bilden.}, author = {Lutz, Oliver}, keywords = {Private_AI}, month = 10, publisher = {Master Thesis}, school = {University of Würzburg}, title = {Detection of Software Vulnerabilities in Smart Contracts using Deep Learning}, type = {Master Thesis}, year = 2020 }

• DR.SGX: Automated and Adjustable Side-Channel Protection for SGX using Data Location Randomization. Brasser, Ferdinand; Capkun, Srdjan; Dmitrienko, Alexandra; Frassetto, Tommaso; Kostiainen, Kari; Sadeghi, Ahmad-Reza; in Annual Computer Security Applications Conference (ACSAC) (2019).
  • [ Abstract ]
  • [ BibTeX ]
  • [ URL ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Recent research has demonstrated that Intel’s SGX is vulnerable to software-based side-channel attacks. In a common attack, the adversary monitors CPU caches to infer secret-dependent data accesses patterns. Known defenses have major limitations, as they require either error-prone developer assistance, incur extremely high runtime overhead, or prevent only specific attacks.In this paper, we propose data location randomization as a novel defense against side-channel attacks that target data access patterns.Our goal is to break the link between the memory observations by the adversary and the actual data accesses by the victim. We design and implement a compiler-based tool called DR.SGX that instruments the enclave code, permuting data locations at fine granularity.To prevent correlation of repeated memory accesses we periodically re-randomize all enclave data. Our solution requires no developer assistance and strikes the balance between side-channel protection and performance based on an adjustable security parameter.

  @inproceedings{brasser2019drsgx, abstract = {Recent research has demonstrated that Intel’s SGX is vulnerable to software-based side-channel attacks. In a common attack, the adversary monitors CPU caches to infer secret-dependent data accesses patterns. Known defenses have major limitations, as they require either error-prone developer assistance, incur extremely high runtime overhead, or prevent only specific attacks.In this paper, we propose data location randomization as a novel defense against side-channel attacks that target data access patterns.Our goal is to break the link between the memory observations by the adversary and the actual data accesses by the victim. We design and implement a compiler-based tool called DR.SGX that instruments the enclave code, permuting data locations at fine granularity.To prevent correlation of repeated memory accesses we periodically re-randomize all enclave data. Our solution requires no developer assistance and strikes the balance between side-channel protection and performance based on an adjustable security parameter.}, author = {Brasser, Ferdinand and Capkun, Srdjan and Dmitrienko, Alexandra and Frassetto, Tommaso and Kostiainen, Kari and Sadeghi, Ahmad-Reza}, booktitle = {Annual Computer Security Applications Conference (ACSAC)}, keywords = {sss-group}, month = 12, publisher = {ACM}, title = {DR.SGX: Automated and Adjustable Side-Channel Protection for SGX using Data Location Randomization}, year = 2019 }
• Implementation and Evaluation of a Group Encryption Scheme. Ten, Peter; Thesis; Bachelor Thesis. (2019, December).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @mastersthesis{2019-BA-Peter-Ten, author = {Ten, Peter}, keywords = {group}, month = 12, publisher = {Bachelor Thesis}, school = {University of Würzburg}, title = {Implementation and Evaluation of a Group Encryption Scheme}, type = {Bachelor Thesis}, year = 2019 }
• Hands off my Database: Ransomware Detection in Databases through Dynamic Analysis of Query Sequences. Iffländer, Lukas; Dmitrienko, Alexandra; Hagen, Christoph; Jobst, Michael; Kounev, Samuel; in ArXiv | arXiv:1907.06775v1 (2019).
  • [ BibTeX ]
  • [ URL ]
  • [ BibSonomy-Post ]
  @article{DBLP:journals/corr/abs-1907-06775, author = {Iffländer, Lukas and Dmitrienko, Alexandra and Hagen, Christoph and Jobst, Michael and Kounev, Samuel}, journal = {ArXiv | arXiv:1907.06775v1}, keywords = {ransomware}, month = {07}, title = {Hands off my Database: Ransomware Detection in Databases through Dynamic Analysis of Query Sequences}, year = 2019 }

• DIMAQS - Dynamic Identification of Malicious Query Sequences. Jobst, Michael; Thesis; Master Thesis. (2018, June).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Ransomware is an emerging threat which imposed 5 billion USD loss in 2017 and is predicted to hit 11.5 billion in 2019. While initially targeting PC (client) platforms,recently it made a leap to server-side databases – in January 2017 we faced MongoDB Apocalypse attack, followed by other attack waves targeting a wide range of DB technologies such as MongoDB, MySQL, ElasticSearch, Cassandra, Hadoop, and CouchDB. While previous research has developed countermeasures against client-side ransomware (e.g., CryptoDrop and ShieldFS), no attention was given to the problem of server-side ransomware yet.This thesis aims to bridge this gap and presents design and implementation of the tool DIMAQS (Dynamic Identification of Malicious Query Sequences) for MySQL servers that can efficiently and effectively detect server-side ransomware. DIMAQS performs run-time monitoring of incoming queries and pattern matching using a Colored Petri Net (CPN) for attack detection. The system design of DIMAQS exhibits several novel techniques to enable efficient detection of malicious query sequences globally (i.e., without limiting detection to distinct user connections). Evaluation results show high efficiency with no false positives and no false negatives,and a very moderate performance overhead (for a run-time monitoring tool) of under5% in worst case scenarios.

  @mastersthesis{jobst2018dimaqs, abstract = {Ransomware is an emerging threat which imposed 5 billion USD loss in 2017 and is predicted to hit 11.5 billion in 2019. While initially targeting PC (client) platforms,recently it made a leap to server-side databases – in January 2017 we faced MongoDB Apocalypse attack, followed by other attack waves targeting a wide range of DB technologies such as MongoDB, MySQL, ElasticSearch, Cassandra, Hadoop, and CouchDB. While previous research has developed countermeasures against client-side ransomware (e.g., CryptoDrop and ShieldFS), no attention was given to the problem of server-side ransomware yet.This thesis aims to bridge this gap and presents design and implementation of the tool DIMAQS (Dynamic Identification of Malicious Query Sequences) for MySQL servers that can efficiently and effectively detect server-side ransomware. DIMAQS performs run-time monitoring of incoming queries and pattern matching using a Colored Petri Net (CPN) for attack detection. The system design of DIMAQS exhibits several novel techniques to enable efficient detection of malicious query sequences globally (i.e., without limiting detection to distinct user connections). Evaluation results show high efficiency with no false positives and no false negatives,and a very moderate performance overhead (for a run-time monitoring tool) of under5% in worst case scenarios.}, author = {Jobst, Michael}, keywords = {ransomware}, month = {06}, publisher = {Master Thesis}, school = {University of Würzburg}, title = {DIMAQS - Dynamic Identification of Malicious Query Sequences}, type = {Master Thesis}, year = 2018 }
• POSTER: Efficient and Effective Ransomware Detection in Databases. Hagen, Christoph; Dmitrienko, Alexandra; Iffländer, Lukas; Jobst, Michael; Kounev, Samuel; in 34th Annual Computer Security Applications Conference (ACSAC) (2018).
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  @inproceedings{Hagen2018_EfficientandEffectiveRansomwareDetectioninDatabases, author = {Hagen, Christoph and Dmitrienko, Alexandra and Iffländer, Lukas and Jobst, Michael and Kounev, Samuel}, booktitle = {34th Annual Computer Security Applications Conference (ACSAC)}, keywords = {ransomware}, month = 12, organization = {ACM}, title = {POSTER: Efficient and Effective Ransomware Detection in Databases}, year = 2018 }
• Hardening Bitcoin Against Off-Topic Data Inclusion Attacks. Seeg, Andreas; Thesis; University of Würzburg. (2018, August).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  Bitcoin is a novel peer to peer payment network that was started in 2009 and that has since flourished, gaining acceptance all over the world. By contributing their resourcefulness as network connectivity and computing power, all participants are creating the the Bitcoin network together. Designed as an open source software system, the participation rules for this network are not upheld by humans, but implemented in code, and generally allow anyone to join or leave the network at will.Since the time of Bitcoin’s inception, software errors had to be fixed and network attacks that tried to make parts of the network unavailable have been endured. This thesis provides a solution to the problem of illegal data inclusions within the blockchain, a data structure that cannot easily be changed and that has to be transmitted to participants of Bitcoin.The flaw, i.e. the possibility for any user of Bitcoin to potentially include illegal data and therefore illegalizes the whole blockchain, is not just a software flaw, but can be seen as a structural one if free participation and uncensorable payments are to be provided.The proposal to solve the problem is layered in two tiers. The first tier prevents effective data inclusion for some standard payment functions within Bitcoin. This allows participants to be certain that these transactions do not contain bad data, allowing them to be included into Bitcoin blocks. It also solves the problem of illegal data permanently occupying valuable resources on Bitcoin nodes, as parts of the provably clean transactions are generally held in RAM until they have been spent. The prevention mechanism is essentially a system that provides proof that bitcoins were sent to actual Bitcoin addresses,stopping data inclusion by address fields abusal.The second tier consists of rule changes for Bitcoin. First of all, all non-standard payment transactions are removed from Bitcoin, with the exception of the more computationally flexible and popular P2SH transactions. This limits the avenues for data inclusion in Bitcoin without destroying its flexibility or its smart contract capabilities. Then, P2SHtransactions are redesigned to allow for a more fine grained deletion of their data, so only offending parts could be removed without destroying the integrity of the rest. Finally, a special type of transaction is introduced that allows censorship of just the signature data of a P2SH transaction. This transaction has to include a payment equal to the Bitcoin provided by the previous P2SH transaction, however. By adding this requirement, the system is protected from becoming open to money creation attacks that might inflate the currency without the agreement of all participants.With these changes, illegal data inclusion becomes either impossible, or they can be re-moved without destroying the integrity of the payment system as a whole or for payments that have already happened.Implementing all proposed changes would go beyond the scope of a master thesis. Tier1 of the presented solution has been implemented as a proof-of-concept, though. As a basis, the most popular Bitcoin node software, Bitcoin Core, has been used. Additionally,the ideas behind tier 2 are explained in full, and the potential impact on the system is discussed.v This thesis also covers previous attempts to allow for data removal in similar systems. Their discussion is meant to encourage the adoption of the presented proposal, as it should causeless disruption than some more extreme measurements that might introduce centralization into a system that was meant to run decentralized.

  @mastersthesis{seeg2018hardening, abstract = {Bitcoin is a novel peer to peer payment network that was started in 2009 and that has since flourished, gaining acceptance all over the world. By contributing their resourcefulness as network connectivity and computing power, all participants are creating the the Bitcoin network together. Designed as an open source software system, the participation rules for this network are not upheld by humans, but implemented in code, and generally allow anyone to join or leave the network at will.Since the time of Bitcoin’s inception, software errors had to be fixed and network attacks that tried to make parts of the network unavailable have been endured. This thesis provides a solution to the problem of illegal data inclusions within the blockchain, a data structure that cannot easily be changed and that has to be transmitted to participants of Bitcoin.The flaw, i.e. the possibility for any user of Bitcoin to potentially include illegal data and therefore illegalizes the whole blockchain, is not just a software flaw, but can be seen as a structural one if free participation and uncensorable payments are to be provided.The proposal to solve the problem is layered in two tiers. The first tier prevents effective data inclusion for some standard payment functions within Bitcoin. This allows participants to be certain that these transactions do not contain bad data, allowing them to be included into Bitcoin blocks. It also solves the problem of illegal data permanently occupying valuable resources on Bitcoin nodes, as parts of the provably clean transactions are generally held in RAM until they have been spent. The prevention mechanism is essentially a system that provides proof that bitcoins were sent to actual Bitcoin addresses,stopping data inclusion by address fields abusal.The second tier consists of rule changes for Bitcoin. First of all, all non-standard payment transactions are removed from Bitcoin, with the exception of the more computationally flexible and popular P2SH transactions. This limits the avenues for data inclusion in Bitcoin without destroying its flexibility or its smart contract capabilities. Then, P2SHtransactions are redesigned to allow for a more fine grained deletion of their data, so only offending parts could be removed without destroying the integrity of the rest. Finally, a special type of transaction is introduced that allows censorship of just the signature data of a P2SH transaction. This transaction has to include a payment equal to the Bitcoin provided by the previous P2SH transaction, however. By adding this requirement, the system is protected from becoming open to money creation attacks that might inflate the currency without the agreement of all participants.With these changes, illegal data inclusion becomes either impossible, or they can be re-moved without destroying the integrity of the payment system as a whole or for payments that have already happened.Implementing all proposed changes would go beyond the scope of a master thesis. Tier1 of the presented solution has been implemented as a proof-of-concept, though. As a basis, the most popular Bitcoin node software, Bitcoin Core, has been used. Additionally,the ideas behind tier 2 are explained in full, and the potential impact on the system is discussed.v This thesis also covers previous attempts to allow for data removal in similar systems. Their discussion is meant to encourage the adoption of the presented proposal, as it should causeless disruption than some more extreme measurements that might introduce centralization into a system that was meant to run decentralized.}, author = {Seeg, Andreas}, keywords = {journal-and-magazine-articles}, month = {08}, school = {University of Würzburg}, title = {Hardening Bitcoin Against Off-Topic Data Inclusion Attacks}, type = {Master Thesis}, year = 2018 }
• Design of a Shared Parking System with Special Attention to Security Aspects. Englert, Simon; Thesis; Bachelor Thesis. (2018, August).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  As major cities are growing more and more, the parking situation in those cities is becoming more precarious than ever. Parking demand already exceeds the limited amount of parking spaces available, and thus people searching for a place to park generate a significant part of those cities traffic. This leads to frustration with drivers, more traffic jams, unnecessary use of petrol and further air pollution. The creation of new parking spaces is often either difficult or very expansive, which means existing parking spots have to be used more efficiently. Solutions realizing that idea to try and solve those problems are for the most part called intelligent parking systems. This thesis is focused on Shared Parking, a special kind of intelligent parking system, which opens the possibility of sharing a parking place between different people. This work features the design and implementation of such a system with special attention given to security aspects.

  @mastersthesis{2018-BA-Simon-Engelert, abstract = {As major cities are growing more and more, the parking situation in those cities is becoming more precarious than ever. Parking demand already exceeds the limited amount of parking spaces available, and thus people searching for a place to park generate a significant part of those cities traffic. This leads to frustration with drivers, more traffic jams, unnecessary use of petrol and further air pollution. The creation of new parking spaces is often either difficult or very expansive, which means existing parking spots have to be used more efficiently. Solutions realizing that idea to try and solve those problems are for the most part called intelligent parking systems. This thesis is focused on Shared Parking, a special kind of intelligent parking system, which opens the possibility of sharing a parking place between different people. This work features the design and implementation of such a system with special attention given to security aspects.}, author = {Englert, Simon}, keywords = {sss-group}, month = {08}, publisher = {Bachelor Thesis}, title = {Design of a Shared Parking System with Special Attention to Security Aspects}, type = {Bachelor Thesis}, year = 2018 }
• SmarTor: Smarter Tor with Smart Contracts: Improving resilience of topology distribution in the Tor network. Greubel, Andre; Dmitrienko, Alexandra; Kounev, Samuel; in Annual Computer Security Applications Conference (ACSAC) (2018).
  • [ Abstract ]
  • [ BibTeX ]
  • [ Download ]
  • [ BibSonomy-Post ]
  In the Tor anonymity network, the distribution of topology information relies on the correct behavior of five out of the nine trusted directory authority servers. This centralization is concerning since powerful adversary might compromise these servers and conceal in-formation about honest nodes, leading to the full de-anonymization of all Tor users. Our work aims at distributing the work of these trusted authorities, such increasing resilience against attacks on core infrastructure components of the Tor network. In particular,we leverage several emerging technologies, such as blockchains,smart contracts, and trusted execution environments to design and prototype a system called SmarTor. This system replaces the directory authorities with a smart contract and a distributed network of untrusted entities responsible for bandwidth measurements. We prototyped SmarTorusing Ethereum smart contracts and Intel SGX secure hardware. In our evaluation, we show that SmarTor produces significantly more reliable and precise measurements compared to the current measurement system. Overall, our solution improves the decentralization of the Tor network, reduces trust assumptions and increases resilience against powerful adversaries like law enforcement and intelligence services.

  @inproceedings{GrDmKo2018-ACSAC-SmarTor, abstract = {In the Tor anonymity network, the distribution of topology information relies on the correct behavior of five out of the nine trusted directory authority servers. This centralization is concerning since powerful adversary might compromise these servers and conceal in-formation about honest nodes, leading to the full de-anonymization of all Tor users. Our work aims at distributing the work of these trusted authorities, such increasing resilience against attacks on core infrastructure components of the Tor network. In particular,we leverage several emerging technologies, such as blockchains,smart contracts, and trusted execution environments to design and prototype a system called SmarTor. This system replaces the directory authorities with a smart contract and a distributed network of untrusted entities responsible for bandwidth measurements. We prototyped SmarTorusing Ethereum smart contracts and Intel SGX secure hardware. In our evaluation, we show that SmarTor produces significantly more reliable and precise measurements compared to the current measurement system. Overall, our solution improves the decentralization of the Tor network, reduces trust assumptions and increases resilience against powerful adversaries like law enforcement and intelligence services.}, author = {Greubel, Andre and Dmitrienko, Alexandra and Kounev, Samuel}, booktitle = {Annual Computer Security Applications Conference (ACSAC)}, keywords = {smart}, month = 12, organization = {ACM}, title = {SmarTor: Smarter Tor with Smart Contracts: Improving resilience of topology distribution in the Tor network.}, year = 2018 }