Publications

BibSonomy – The BibSonomy default CSL style

{ "authors" : [{ "lastname":"Lastname" , "initial":"F" , "url":"http://www.example.com" , "mail":"example(at)example.com" }]}

2022

SCRAPS: Scalable Collective Remote Attestation for Pub-Sub IoT Networks with Untrusted Proxy Verifier Petzi, Lukas; Ben Yahya, Ala Eddine; Dmitrienko, Alexandra; Tsudik, Gene; Prantl, Thomas; Kounev, Samuel; (2022). (Vol. USENIX Security ’22)

Coming Soon

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ]

@proceedings{petzi2022scraps,
  abstract = {Remote Attestation (RA) is a basic security mechanism that detects malicious presence on various types of computing components, e.g., IoT devices. In a typical IoT setting, RA involves a trusted Verifier that sends a challenge to an untrusted remote Prover, which must in turn reply with a fresh and authentic evidence of being in a trustworthy state. However,most current RA schemes assume a central Verifier, which rep-resents a single point of failure. This feature is problematic when mutually suspicious stakeholders are involved. Furthermore, scalability issues arise as the number of IoT devices (Provers) grows. Although some RA schemes allow peer Provers to act as Verifiers, they involve unrealistic (for IoT devices) requirements, such as time synchronization and synchronous communication. Moreover, they incur heavy memory, computation,and communication burdens, while not considering sleeping or otherwise disconnected devices. Motivated by the need to address these limitations, we construct Scalable Collective Remote Attestation for Pub-Sub (SCRAPS), a novel collective RA scheme. It achieves scalability by outsourcing Verifier duties to a smart contract and mitigates DoS attacks against both Provers and Verifiers. It also removes the need for synchronous communication. Furthermore,RA evidence in SCRAPS is publicly verifiable, which significantly reduces the number of attestation evidence computations, thus lowering Prover burden. We report on a prototype of SCRAPS over Hyperledger Sawtooth (a blockchain geared for IoT use-cases) and evaluate its performance, scalability, and security aspects.},
  author = {Petzi, Lukas and Ben Yahya, Ala Eddine and Dmitrienko, Alexandra and Tsudik, Gene and Prantl, Thomas and Kounev, Samuel},
  keywords = {sys:relevantfor:sss-group international-conference-workshop-papers-book-chapters myown sss-group},
  note = {Coming Soon},
  title = {SCRAPS: Scalable Collective Remote Attestation for Pub-Sub IoT Networks with Untrusted Proxy Verifier},
  volume = {USENIX Security '22},
  year = 2022
}

FedCRI: Federated Mobile Cyber-Risk Intelligence. Fereidooni, Hossein; Dmitrienko, Alexandra; Madlener, Felix; Rieger, Phillip; Miettinen, Markus; Sadeghi, Ahmad-Reza; in The Network and Distributed System Security Symposium (NDSS) (2022).

(to appear)

[ BibSonomy-Post ] [ BibTeX ]

2021

Performance Evaluation for a Post-Quantum Public-Key Cryptosystem. Prantl, Thomas; Prantl, Dominik; Beierlieb, Lukas; Iffländer, Lukas; Dmitrienko, Alexandra; Krupitzer, Christian; Kounev, Samuel; in 2021 IEEE 40th International Performance Computing and Communications Conference (IPCCC) (2021).

[ BibSonomy-Post ] [ BibTeX ] [ Download ]

RIP StrandHogg: A Practical StrandHogg Attack Detection Method on Android. Stang, Jasper; Dmitrienko, Alexandra; Roth, Sascha; in 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) (2021).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Benchmarking of Pre- and Post-Quantum Group Encryption Schemes with Focus on IoT. Prantl, Thomas; Prantl, Dominik; Bauer, André; Iffländer, Lukas; Dmitrenko, Alexandra; Krupitzer, Christian; Kounev, Samuel; in 2021 IEEE 40th International Performance Computing and Communications Conference (IPCCC) (2021).

[ BibSonomy-Post ] [ BibTeX ] [ Download ]

Increasing Security in Satellite Networks. Schilling, Klaus; Dmitrienko, Alexandra; in 72nd International Astronautical Congress (IAC) (2021).

[ BibSonomy-Post ] [ BibTeX ]

Vision: Challenges & Opportunities. Annaaram, Murali; Asokan, N.; Atli, Buse Gül; Avestimeh, Salman; Brasser, Ferdinand; Cammarota, Rosario; Dmitrienko, Alexandra; Dziedzic, Adam; Given-Wilson, Thomas; Gunn, Lachlan J.; Kerschbaum, Florian; Koushanfar, Farinaz; Legay, Axel; Miettinen, Markus; Nguyen, Thien Duc; Papernot, Nicolas; Sadeghi, Ahmad-Reza; Schunter, Matthias; Shokri, Reza; Smith, Virginia; in Vision Paper of the Private AI Collaborative Research Institute (2021).

[ BibSonomy-Post ] [ BibTeX ] [ Download ]

Security and Privacy Aspects of Digital Contact Tracing. Roos, Filipp; Thesis; University of Würzburg. (2021, October).

[ BibSonomy-Post ] [ BibTeX ] [ Download ]

Security Analysis of UniNow App. Zimmermann, Keven; Thesis; University of Würzburg. (2021, June).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@mastersthesis{noauthororeditor,
  abstract = {We performed a security analysis of the UniNow application, focusing on private user data. The application was chosen for its high popularity and amount of sensitive information handled through its new contact tracing functionality. This functionality is used by many universities for mandatory contact tracing against COVID-19. Our analysis concerned the Android mobile application and all web services. After mapping the attack surface using many tools to automate the process, we tested the potential issues in order of impact. We reveal multiple security issues with low to critical severity. Most of these vulnera�bilities threatened private user data directly. In particular, we found multiple disclosed secret keys that were used to encrypt user data on the client side, among others. Fur�thermore, we show how an in-app browser as well as an open redirect vulnerability were easing phishing attacks, and how university access tokens were shared with UniNow. Our more severe findings include how sensitive data was sent automatically to Google servers through backup files, how strict SSL certificate checking was disabled deliberately for many university endpoints, how JavaScript could be injected into the email viewer, and how ap�pointment invitations could be brute forced to get sensitive information about past and future appointments. The two critical security issues concern how user accounts could be taken over by using an account identifier, and how an internal service was accessible by anyone, allowing to change university configurations and potentially make user devices sent their user’s university credentials to the attacker. We performed a responsible disclosure, which serves as a reference to UniNow, enabling them to fix the discovered issues. Our work tangibly improves the security of student data handled by the company.},
  author = {Zimmermann, Keven},
  keywords = {sys:relevantfor:sss-group UniNowAapp security sss-group technical-reports thesis_supervised_by_SSS_member},
  month = {jun},
  school = {University of W{ü}rzburg},
  title = {Security Analysis of UniNow App},
  type = {Bachelor Thesis},
  year = 2021
}

Towards a Group Encryption Scheme Benchmark: A View on Centralized Schemes with focus on IoT. Prantl, Thomas; Ten, Peter; Iffländer, Lukas; Herrnleben, Stefan; Dmitrenko, Alexandra; Kounev, Samuel; Krupitzer, Christian; in 2021 ACM/SPEC International Conference on Performance Engineering (ICPE) (2021).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Intrusion Detection Using Machine Learning in Databases. Schindler, Sebastian; Thesis; University of Würzburg. (2021, April).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@mastersthesis{noauthororeditor,
  abstract = {Ransomware is a known threat that had a severe impact on computer security in the past five years. This type of malware has caused financial losses of about $13 Billion in 2017 and 2018 combined. Ransomware makes a user’s data unavailable to them, only granting access again when they pay a ransom. Traditionally, ransomware targeted the computer’s filesystem. Database ransomware is a new variant of the same principle. Instead of targeting individual files, it logs into DBMSs remotely and destroys the data, leaving only a ransom message behind. In most cases, attackers do not create a backup copy of the data. In this case, the data cannot be restored by the attackers, even if the ransom is paid. In 2018, Jobst et al. presented DIMAQS, a MySQL plugin to mitigate these attacks by detecting malicious activity through a Petri net classifier. Our work recognizes the main drawback of this approach: The Petri net cannot be easily adapted to new attack scenarios and has to be re-engineered manually. To solve this problem, we design a machine learning classifier to replace the original one. This approach yields a model that detects all attacks in our tests. Unfortunately, the model also produces a high number of false positives when trying to detect attacks before any harmful queries are issued. Overall, our approach achieves a 85.23% f1-score. The performance impact of the revised plugin is nonexistent for OLAP workloads and stays under 15% for OLTP tasks.},
  author = {Schindler, Sebastian},
  keywords = {machine_learning ml security sss-group thesis_supervised_by_SSS_member thesis_supervised_by_sss_member},
  month = {apr},
  school = {University of W{ü}rzburg},
  title = {Intrusion Detection Using Machine Learning in Databases},
  type = {Master Thesis},
  year = 2021
}

ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning. Lutz, Oliver; Chen, Huili; Fereidooni, Hossein; Sendner, Christoph; Dmitrienko, Alexandra; Sadeghi, Ahmad Reza; Koushanfar, Farinaz; in ArXiv | arXiv:2103.12607v1 (2021).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ URL ]

Ethereum smart contracts are automated decentralized applications on the blockchain that describe the terms of the agreement between buyers and sellers, reducing the need for trusted intermediaries and arbitration. However, the deployment of smart contracts introduces new attack vectors into the cryptocurrency systems. In particular, programming flaws in smart contracts can be and have already been exploited to gain enormous financial profits. It is thus an emerging yet crucial issue to detect vulnerabilities of different classes in contracts in an efficient manner. Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable, or train individual classifiers for each specific vulnerability, or demonstrate multi-class vulnerability detection without extensibility consideration. To overcome the scalability and generalization limitations of existing works, we propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for Ethereum smart contracts that support lightweight transfer learning on unseen security vulnerabilities, thus is extensible and generalizable. ESCORT leverages a multi-output NN architecture that consists of two parts: (i) A common feature extractor that learns the semantics of the input contract; (ii) Multiple branch structures where each branch learns a specific vulnerability type based on features obtained from the feature extractor. Experimental results show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract. When extended to new vulnerability types, ESCORT yields an average F1-score of 93%. To the best of our knowledge, ESCORT is the first framework that enables transfer learning on new vulnerability types with minimal modification of the DNN model architecture and re-training overhead.

@article{lutz2021escort,
  abstract = {Ethereum smart contracts are automated decentralized applications on the blockchain that describe the terms of the agreement between buyers and sellers, reducing the need for trusted intermediaries and arbitration. However, the deployment of smart contracts introduces new attack vectors into the cryptocurrency systems. In particular, programming flaws in smart contracts can be and have already been exploited to gain enormous financial profits. It is thus an emerging yet crucial issue to detect vulnerabilities of different classes in contracts in an efficient manner. Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable, or train individual classifiers for each specific vulnerability, or demonstrate multi-class vulnerability detection without extensibility consideration. To overcome the scalability and generalization limitations of existing works, we propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for Ethereum smart contracts that support lightweight transfer learning on unseen security vulnerabilities, thus is extensible and generalizable. ESCORT leverages a multi-output NN architecture that consists of two parts: (i) A common feature extractor that learns the semantics of the input contract; (ii) Multiple branch structures where each branch learns a specific vulnerability type based on features obtained from the feature extractor. Experimental results show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract. When extended to new vulnerability types, ESCORT yields an average F1-score of 93%. To the best of our knowledge, ESCORT is the first framework that enables transfer learning on new vulnerability types with minimal modification of the DNN model architecture and re-training overhead.},
  author = {Lutz, Oliver and Chen, Huili and Fereidooni, Hossein and Sendner, Christoph and Dmitrienko, Alexandra and Sadeghi, Ahmad Reza and Koushanfar, Farinaz},
  journal = {ArXiv | arXiv:2103.12607v1},
  keywords = {Smart_Contract cryptography myown security sss-group technical-reports},
  month = {mar},
  title = {ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning},
  year = 2021
}

All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers. Hagen, Christoph; Weinert, Christian; Sendner, Christoph; Dmitrienko, Alexandra; Schneider, Thomas; in Network and Distributed System Security Symposium (NDSS) (2021).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ URL ] [ Download ]

@inproceedings{DBLP:conf/ndss/2021,
  abstract = {Contact discovery allows users of mobile messengers to conveniently connect with people in their address book. In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods. Our study of three popular mobile messengers (WhatsApp, Signal, and Telegram) shows that, contrary to expectations, largescale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we have queried 10 % of US mobile phone numbers for WhatsApp and 100 % for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service. We present interesting (crossmessenger) usage statistics, which also reveal that very few users change the default privacy settings. Regarding mitigations, we propose novel techniques to significantly limit the feasibility of our crawling attacks, especially a new incremental contact discovery scheme that strictly improves over Signal’s current approach. Furthermore, we show that currently deployed hashing-based contact discovery protocols are severely broken by comparing three methods for efficient hash reversal of mobile phone numbers. For this, we also propose a significantly improved rainbow table construction for non-uniformly distributed inputs that is of independent interest.},
  author = {Hagen, Christoph and Weinert, Christian and Sendner, Christoph and Dmitrienko, Alexandra and Schneider, Thomas},
  booktitle = {Network and Distributed System Security Symposium (NDSS)},
  keywords = {sys:relevantfor:sss-group Mobile_Privacy accepted dblp for:sss-group myown sss-group},
  month = {feb},
  publisher = {The Internet Society},
  title = {All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers},
  year = 2021
}

Remote Attestation for IoT with Smart Verifier. Petzi, Lukas; Thesis; University of Würzburg. (2021, January).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@mastersthesis{chan2019remote,
  abstract = {The Internet is evolving. The Internet of Things (IoT) is a disruptive technology, billions of small and smart devices are encompassing every aspect of our lives, which leads us to a new era of the Internet. IoT connects billions of heterogeneous embedded devices in large networks. Restricted capabilities of the devices in combination with various mutually mistrusting parties throughout the network pose new challenges to security. As IoT devices become increasingly important, so does trust in their secure and reliable operation. But before we can trust them, we need to establish the trust. In the past, remote attestation has emerged into a very powerful tool in order to establish trust between devices. Traditional remote attestation establishes a static trust between two devices. This approach suffers badly heterogeneity of IoT network and purely scales to a large number of devices. Furthermore, it is very vulnerable to Denial of Service attacks. Within this thesis, we present a new approach to Remote Attestation in IoT networks. Our design combines the core strength of Remote Attestation with the advantages blockchain technology in order to enable attestation and validation of attestation evidences in a scalable manner. At rst, we develop a remote attestation scheme on a low end device serving as an exemplary IoT device. Second, we design our smart verifier, a flexible system capable of validating and storing attestation evidence. The system is build on top of blockchain technology and solves several issues accompanied by Traditional Remote Attestation in IoT such as scalability and device heterogeneity. In the end, we build and evaluate a proof of concept implementation based on ARM TrustZone and Sawtooth Hyperledger. The proposed system architecture enables trust establishment in a scalable manner even in heterogeneous networks while preventing denial of service attacks},
  author = {Petzi, Lukas},
  booktitle = {CVPR Workshops},
  keywords = {IoT remote-attestation security sss-group thesis_supervised_by_SSS_member thesis_supervised_by_sss_member},
  month = {jan},
  school = {University of W{ü}rzburg},
  title = {Remote Attestation for IoT with Smart Verifier},
  type = {Bachelor Thesis},
  year = 2021
}

2020

Aggregatable Remote Attestation for IoT. Alistarov, Vasil; Thesis; University of Würzburg. (2020, December).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Contact Tracing by Giant Data Collectors: Opening Pandora’s Box of Threats to Privacy, Sovereignty and National Security Boutet, Antoine; Castelluccia, Claude; Cunche, Mathieu; Dmitrienko, Alexandra; Iovino, Vincenzo; Miettinen, Markus; Nguyen, Thien Duc; Roca, Vincent; Sadeghi, Ahmad-Reza; Vaudenay, Serge; Visconti, Ivan; Vuagnoux, Martin; (2020).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ URL ] [ Download ]

@techreport{boutet2020contact,
  abstract = {Many countries have introduced digital contact tracing apps to fight the COVID-19 pandemic. Such apps help to identify contacts between potentially infectious persons automatically and thus bear the promise of reducing the burden on manual contact tracers and increase tracing accuracy in situations in which people have difficulties identifying with whom they have been in contact. A number of different proposals for digital contact tracing systems have been made or deployed, ranging from heavily centralized to completely decentralized approaches, each with its own advantages and disadvantages in terms of tracing effectiveness and impact on user privacy. During the phase of highly dynamic evolution of these approaches, surprisingly, Google and Apple established an unprecedented friendship and agreed on a very special scheme for contact tracing, realizing this in the form of an API called GAEN that they quickly integrated into their mobile operating systems. A multitude of nationally rolled out tracing apps are now based on the GAEN approach. In this paper, we revisit such apps and the GAEN API on which they are built. In particular, we point out a number of very problematic aspects and threats that the GAEN approach creates through its security and privacy weaknesses but also through the threats that it poses on technological sovereignty and the public health system.},
  author = {Boutet, Antoine and Castelluccia, Claude and Cunche, Mathieu and Dmitrienko, Alexandra and Iovino, Vincenzo and Miettinen, Markus and Nguyen, Thien Duc and Roca, Vincent and Sadeghi, Ahmad-Reza and Vaudenay, Serge and Visconti, Ivan and Vuagnoux, Martin},
  institution = {{EPFL, Switzerland ; Inria, France ; JMU W{ü}rzburg, Germany ; University of Salerno, Italy ; base23, Geneva, Switzerland ; Technical University of Darmstadt, Germany}},
  keywords = {TraceCORONA collector contracts data international-conference-workshop-papers-book-chapters myown sss-group technical-reports tracing},
  month = {dec},
  title = {Contact Tracing by Giant Data Collectors: Opening Pandora’s Box of Threats to Privacy, Sovereignty and National Security},
  type = {University works},
  year = 2020
}

Testbed for Security Testing of Smart Contracts. Denk, Lukas; Thesis; University of Würzburg. (2020, November).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Ethereum, one of the most popular decentralized blockchain-based platforms [1], manages cryptocurrency worth more than 40 billion US Dollars [2]. A lot of the money is controlled by autonomous programs, so called smart contracts. They are executed on the platform and everyone can call their functions; vulnerabilities are therefore easily exploited. The immutable nature of the blockchain sharpens the problem even further by prohibiting belated bug fixes. In fact, there were several cases where attackers were able to steal cryptocurrency worth several millions of US Dollar [3]. This emphasises the need of soundly testing a smart contract before deployment. Unfortunately, existing security analysing tools each cover a different subsets of vulnerabilities [4]. Moreover, even when they test for the same security issues, they often find different results. A solid test run should therefore contain several tools, which makes the whole procedure very laborious. For these reasons, we provide a testbed which runs on a virtual machine (VM) with several smart contract security analysing tools integrated. It does not only offer a command line- but also an intuitive web interface. Both interfaces allow the user to analyse his contract with all the underlying tools in a single step. Additionally, our testbed provides a detailed report for each of the tools’ test runs as well as an overview of the overall security issues the different tools found. Our evaluation shows that our testbed identifies significantly more potential security issues than each of the compared smart contract analysing tools individually does. Indeed, we found 92% of our analysed contracts as potentially being vulnerable, while even the most sensitive tool only flagged 76% of its successfully analysed contracts. Furthermore, we observed that occasionally, two tools testing for the same vulnerability, contradict themselves in more than 81% of the contracts successfully analysed by both tools

@mastersthesis{denk2020testbed,
  abstract = {Ethereum, one of the most popular decentralized blockchain-based platforms [1], manages cryptocurrency worth more than 40 billion US Dollars [2]. A lot of the money is controlled by autonomous programs, so called smart contracts. They are executed on the platform and everyone can call their functions; vulnerabilities are therefore easily exploited. The immutable nature of the blockchain sharpens the problem even further by prohibiting belated bug fixes. In fact, there were several cases where attackers were able to steal cryptocurrency worth several millions of US Dollar [3]. This emphasises the need of soundly testing a smart contract before deployment. Unfortunately, existing security analysing tools each cover a different subsets of vulnerabilities [4]. Moreover, even when they test for the same security issues, they often find different results. A solid test run should therefore contain several tools, which makes the whole procedure very laborious. For these reasons, we provide a testbed which runs on a virtual machine (VM) with several smart contract security analysing tools integrated. It does not only offer a command line- but also an intuitive web interface. Both interfaces allow the user to analyse his contract with all the underlying tools in a single step. Additionally, our testbed provides a detailed report for each of the tools’ test runs as well as an overview of the overall security issues the different tools found. Our evaluation shows that our testbed identifies significantly more potential security issues than each of the compared smart contract analysing tools individually does. Indeed, we found 92% of our analysed contracts as potentially being vulnerable, while even the most sensitive tool only flagged 76% of its successfully analysed contracts. Furthermore, we observed that occasionally, two tools testing for the same vulnerability, contradict themselves in more than 81% of the contracts successfully analysed by both tools},
  author = {Denk, Lukas},
  keywords = {secure security smart-contracts sss-group thesis_supervised_by_SSS_member},
  month = {November},
  school = {University of W{ü}rzburg},
  title = {Testbed for Security Testing of Smart Contracts},
  type = {Bachelor Thesis},
  year = 2020
}

Evaluating the Performance of a State-of-the-Art Group-oriented Encryption Scheme for Dynamic Groups in an IoT Scenario. Prantl, Thomas; Ten, Peter; Iffländer, Lukas; Dmitrenko, Alexandra; Kounev, Samuel; Krupitzer, Christian; in 2020 IEEE 28th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS) (2020).

Acceptance Rate: 27%

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ]

New emerging technologies, such as autonomous driving, intelligent buildings, and smart cities, are promising to revolutionize user experience and offer new services. The world has to undergo large scale deployment of billions of things — cost-efficient intelligent sensors that will be interconnected into extensive networks and will collect and supply data to intelligent algorithms — to make it happen. To date, however, it is challenging to secure such an infrastructure for many-fold reasons, such as resource constraints of things, large scale deployment, manyto-many communication patterns, and dynamically changing communication groups. All these factors rule out most of the state-of-the-art encryption and key-management techniques. Group encryption algorithms are well-suitable for many-tomany communication patterns typical for IoT networks, and many of them can deal with dynamic groups. There are, however, very few constructions that could potentially fulfill the computational and storage constraints of IoT devices while providing sufficient scalability for large networks. The promising candidates, such as construction by Nishat et al. [1], were not evaluated using IoT platforms and under constraints typical for IoT networks. In this paper, we aim to fill this gap and present the evaluation of a state-of-the-art group-oriented encryption scheme by Nishat et al. to identify its applicability to IoT systems. In detail, we provide a measurement workflow, a revised version of the approach, and describe a reproducible hardware testbed. Using this evaluation environment, we analyze the performance of the encryption scheme in a typical IoT scenario from a group member perspective. The results show that all calculation times can be assumed to be constant and are always below 2 seconds. The memory requirement for permanent parameters can also be considered to be constant and are below 8.5 kbit in each case. However, the information that has to be stored temporarily for group updates has turned out to be the bottleneck of the scheme, since their memory requirements increase linearly with the group size.

@inproceedings{PrTeIfDmKo2020-MASCOTS-GroupEncryption,
  abstract = {New emerging technologies, such as autonomous driving, intelligent buildings, and smart cities, are promising to revolutionize user experience and offer new services. The world has to undergo large scale deployment of billions of things — cost-efficient intelligent sensors that will be interconnected into extensive networks and will collect and supply data to intelligent algorithms — to make it happen. To date, however, it is challenging to secure such an infrastructure for many-fold reasons, such as resource constraints of things, large scale deployment, manyto-many communication patterns, and dynamically changing communication groups. All these factors rule out most of the state-of-the-art encryption and key-management techniques. Group encryption algorithms are well-suitable for many-tomany communication patterns typical for IoT networks, and many of them can deal with dynamic groups. There are, however, very few constructions that could potentially fulfill the computational and storage constraints of IoT devices while providing sufficient scalability for large networks. The promising candidates, such as construction by Nishat et al. [1], were not evaluated using IoT platforms and under constraints typical for IoT networks. In this paper, we aim to fill this gap and present the evaluation of a state-of-the-art group-oriented encryption scheme by Nishat et al. to identify its applicability to IoT systems. In detail, we provide a measurement workflow, a revised version of the approach, and describe a reproducible hardware testbed. Using this evaluation environment, we analyze the performance of the encryption scheme in a typical IoT scenario from a group member perspective. The results show that all calculation times can be assumed to be constant and are always below 2 seconds. The memory requirement for permanent parameters can also be considered to be constant and are below 8.5 kbit in each case. However, the information that has to be stored temporarily for group updates has turned out to be the bottleneck of the scheme, since their memory requirements increase linearly with the group size.},
  author = {Prantl, Thomas and Ten, Peter and Iffländer, Lukas and Dmitrenko, Alexandra and Kounev, Samuel and Krupitzer, Christian},
  booktitle = {2020 IEEE 28th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS)},
  keywords = {sys:relevantfor:sss-group SIMPL Security for:sss-group myown sss-group},
  month = {November},
  note = {Acceptance Rate: 27\%},
  series = {MASCOTS '20},
  title = {Evaluating the Performance of a State-of-the-Art Group-oriented Encryption Scheme for Dynamic Groups in an IoT Scenario},
  year = 2020
}

Detection of Software Vulnerabilities in Smart Contracts using Deep Learning. Lutz, Oliver; Thesis; University of Würzburg. (2020, October).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

LegIoT: Ledgered Trust Management Platform for IoT. Neureither, Jens; Dmitrienko, Alexandra; Koisser, David; Brasser, Ferdinand; Sadeghi, Ahmad-Reza; in European Symposium on Research in Computer Security (ESORICS) (2020).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Mind the GAP: Security & Privacy Risks of Contact Tracing Apps. Baumgärtner, Lars; Dmitrienko, Alexandra; Freisleben, Bernd; Höchst, Jonas; Kühlberg, Joshua; Mezini, Mira; Miettinen, Markus; Muhamedagic, Anel; Nguyen, Thien Duc; Penning, Alvar; Pustelnik, Dermot Frederik; Roos, Filipp; Sadeghi, Ahmad-Reza; Schwarz, Michael; Uhl, Christian; in TrustCom 2020, Security Track (2020).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers. Hagen, Christoph; Weinert, Christian; Sendner, Christoph; Dmitrienko, Alexandra; Schneider, Thomas; in Cryptology ePrint Archive, Report 2020/1119 (2020).

[ BibSonomy-Post ] [ BibTeX ] [ URL ]

Evaluating the Privacy of Contact Discovery. Sendner, Christoph; Thesis; University of Würzburg. (2020, July).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@mastersthesis{sendner2020contactdiscovery,
  abstract = {Currently deployed contact discovery of mobile messengers is based on the transmission of phone numbers to the service provider. This information is private and anonymized by hashing them. In this work, we show, that this anonymization is pseudo-anonymous and can easily be broken by an attacker. For that, we develop two hash reversal techniques: one using brute-force approach and another one using look-up databases. We provide generic architectures for each of the ap- proaches. Additionally, we provide and compare two instantiations for each. Furthermore, we evaluate and compare them to the third approach based on rainbow tables. The evaluation shows near instant lookup-times of under 0.1 ms using in-memory lookup databases, this approach is however costly in terms of memory – it would require over 10 TB RAM, which would be difficult to obtain. Our brute-force approach shows an astonishing performance, being able to reverse any mobile number in under 100 seconds using consumer-level hardware. The rainbow tables produce lookup-times of 4.5 minutes with a success rate of over 99.99%. The results of our evaluation demonstrate, that hash reversals of mobile phone numbers are practical and near instant. Thus, an attacker can easily reverse hash digests of mobile phone numbers and de-anonymize personally identifiable information – like phone numbers transmitted to the service provider of mobile messenger apps.},
  author = {Sendner, Christoph},
  keywords = {Mobile_Privacy sss-group thesis thesis_supervised_by_SSS_member thesis_supervised_by_sss_member},
  month = {July},
  school = {University of W{ü}rzburg},
  title = {Evaluating the Privacy of Contact Discovery},
  type = {Master Thesis},
  year = 2020
}

Mind the GAP: Security & Privacy Risks of Contact Tracing Apps. Baumgärtner, Lars; Dmitrienko, Alexandra; Freisleben, Bernd; Gruler, Alexander; Höchst, Jonas; Kühlberg, Joshua; Mezini, Mira; Mitev, Richard; Miettinen, Markus; Muhamedagic, Anel; Nguyen, Thien Duc; Penning, Alvar; Pustelnik, Dermot Frederik; Roos, Filipp; Sadeghi, Ahmad-Reza; Schwarz, Michael; Uhl, Christian; in ArXiv | arXiv:2006.05914v2 (2020).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ URL ]

SIMPL: Secure IoT Management Platform. Prantl, Thomas; Ben Yahya, Ala Eddine; Dmitrienko, Alexandra; Kounev, Samuel; Lipp, Fabian; Hock, David; Rathfelder, Christoph; Hofherr, Martin; in ITG Workshop on IT Security (ITSec) (2020).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Strategies for the Security Assessment of IoT Devices by Certification Authorities. Finke, Moritz Anton; Thesis; University of Würzburg; Am Hubland, Informatikgebäude, 97074 Würzburg, Germany. (2020, May).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ]

The Internet of Things (IoT) is a global infrastructure that interconnects physical and virtual things based on evolving information and communication technologies. Along with the rise of the IoT, multiple unprecedented forms of security issues and attacks have emerged. While their limited resources disallow the utilization of computing-intensive security measures, the services of IoT devices represent an attractive target for vulnerability exploitation. Certification Authorities (CAs) have responded to the trend and offer security assessments and certification for IoT devices. To ensure qualitative and fair certification, security testing requires well-defined strategies. This bachelor thesis analyzes the existing IoT security assessment models and proposes a novel, CA oriented Testing Guide Model (TGM) for standardized and reproducible assessments. The TGM describes a complete security assessment approach for application in IoT device security certification procedures of CAs. As part of the bachelor thesis, the TGM is specified, implemented, and its applicability evaluated with the help of existing IoT devices. CAs account for the security of certified products. The certification of devices that (subsequently) prove to be insecure can lead to a consumer's loss of trust in the CA. Therefore, the decision for issuing certificates must be comprehensible and made carefully. For the risk estimation of security issues and vulnerabilities, it is common to make use of numerical scoring systems. Well-defined scoring systems allow precise and reproducible estimations. In addition to the introduction of the TGM, this bachelor thesis analyzes the scoring systems established in the field of IT security in regard to their applicability for the scoring of IoT related vulnerabilities, complete IoT devices, and for the specific requirements of CAs. This thesis uncovers incompatibilities and insufficiencies in the existing systems that disallow application for the scoring of IoT devices and for application by CAs. To counter these issues, the thesis introduces a novel Security Scoring System (SSS) for rating IoT devices based on the risks of their vulnerabilities, services, and operational contexts. The SSS is integrated into the TGM, implemented in software, and evaluated with a comparison to the existing scoring systems. To summarize, the contributions of this bachelor thesis are two novel models for the security assessment of devices of the IoT: the TGM and the SSS. The models are intended to find application for CAs and both standardize and improve the security testing and assessment procedures.

@mastersthesis{finke2020strategies,
  abstract = {The Internet of Things (IoT) is a global infrastructure that interconnects physical and virtual things based on evolving information and communication technologies. Along with the rise of the IoT, multiple unprecedented forms of security issues and attacks have emerged. While their limited resources disallow the utilization of computing-intensive security measures, the services of IoT devices represent an attractive target for vulnerability exploitation. Certification Authorities (CAs) have responded to the trend and offer security assessments and certification for IoT devices. To ensure qualitative and fair certification, security testing requires well-defined strategies. This bachelor thesis analyzes the existing IoT security assessment models and proposes a novel, CA oriented Testing Guide Model (TGM) for standardized and reproducible assessments. The TGM describes a complete security assessment approach for application in IoT device security certification procedures of CAs. As part of the bachelor thesis, the TGM is specified, implemented, and its applicability evaluated with the help of existing IoT devices. CAs account for the security of certified products. The certification of devices that (subsequently) prove to be insecure can lead to a consumer's loss of trust in the CA. Therefore, the decision for issuing certificates must be comprehensible and made carefully. For the risk estimation of security issues and vulnerabilities, it is common to make use of numerical scoring systems. Well-defined scoring systems allow precise and reproducible estimations. In addition to the introduction of the TGM, this bachelor thesis analyzes the scoring systems established in the field of IT security in regard to their applicability for the scoring of IoT related vulnerabilities, complete IoT devices, and for the specific requirements of CAs. This thesis uncovers incompatibilities and insufficiencies in the existing systems that disallow application for the scoring of IoT devices and for application by CAs. To counter these issues, the thesis introduces a novel Security Scoring System (SSS) for rating IoT devices based on the risks of their vulnerabilities, services, and operational contexts. The SSS is integrated into the TGM, implemented in software, and evaluated with a comparison to the existing scoring systems. To summarize, the contributions of this bachelor thesis are two novel models for the security assessment of devices of the IoT: the TGM and the SSS. The models are intended to find application for CAs and both standardize and improve the security testing and assessment procedures.},
  address = {Am Hubland, Informatikgebäude, 97074 Würzburg, Germany},
  author = {Finke, Moritz Anton},
  keywords = {IoT Security sss-group thesis_supervised_by_SSS_member},
  month = {may},
  school = {University of Würzburg},
  title = {Strategies for the Security Assessment of IoT Devices by Certification Authorities},
  type = {Bachelor Thesis},
  year = 2020
}

2019

DR.SGX: Automated and Adjustable Side-Channel Protection for SGX using Data Location Randomization. Brasser, Ferdinand; Capkun, Srdjan; Dmitrienko, Alexandra; Frassetto, Tommaso; Kostiainen, Kari; Sadeghi, Ahmad-Reza; in Annual Computer Security Applications Conference (ACSAC) New York, NY, USA (2019).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ URL ] [ Download ]

Implementation and Evaluation of a Group Encryption Scheme. Ten, Peter; Thesis; University of Würzburg. (2019, December).

[ BibSonomy-Post ] [ BibTeX ] [ Download ]

Hands Off my Database: Ransomware Detection in Databases through Dynamic Analysis of Query Sequences. Iffländer, Lukas; Dmitrienko, Alexandra; Hagen, Christoph; Jobst, Michael; Kounev, Samuel; in ArXiv | arXiv:1907.06775v1 (2019).

[ BibSonomy-Post ] [ BibTeX ] [ URL ]

2018

POSTER: Efficient and Effective Ransomware Detection in Databases. Hagen, Christoph; Dmitrienko, Alexandra; Iffländer, Lukas; Jobst, Michael; Kounev, Samuel; in 34th Annual Computer Security Applications Conference (ACSAC) (2018).

[ BibSonomy-Post ] [ BibTeX ] [ Download ]

SmarTor: Smarter Tor with Smart Contracts: Improving resilience of topology distribution in the Tor network. Greubel, Andre; Dmitrienko, Alexandra; Kounev, Samuel; in Annual Computer Security Applications Conference (ACSAC) (2018).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@inproceedings{GrDmKo2018-ACSAC-SmarTor,
  abstract = {In the Tor anonymity network, the distribution of topology information relies on the correct behavior of five out of the nine trusted directory authority servers. This centralization is concerning since powerful adversary might compromise these servers and conceal in-formation about honest nodes, leading to the full de-anonymization of all Tor users. Our work aims at distributing the work of these trusted authorities, such increasing resilience against attacks on core infrastructure components of the Tor network. In particular,we leverage several emerging technologies, such as blockchains,smart contracts, and trusted execution environments to design and prototype a system called SmarTor. This system replaces the directory authorities with a smart contract and a distributed network of untrusted entities responsible for bandwidth measurements. We prototyped SmarTorusing Ethereum smart contracts and Intel SGX secure hardware. In our evaluation, we show that SmarTor produces significantly more reliable and precise measurements compared to the current measurement system. Overall, our solution improves the decentralization of the Tor network, reduces trust assumptions and increases resilience against powerful adversaries like law enforcement and intelligence services.},
  author = {Greubel, Andre and Dmitrienko, Alexandra and Kounev, Samuel},
  booktitle = {Annual Computer Security Applications Conference (ACSAC)},
  keywords = {International-Conference-Workshop-Papers-Book-Chapters contracts for:sss-group myown resilience smart sss-group tor},
  month = {December},
  organization = {ACM},
  title = {{SmarTor: Smarter Tor with Smart Contracts: Improving resilience of topology distribution in the Tor network}},
  year = 2018
}

Design of a Shared Parking System with Special Attention to Security Aspects. Englert, Simon; Thesis; University of Würzburg. (2018, August).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Hardening Bitcoin Against Off-Topic Data Inclusion Attacks. Seeg, Andreas; Thesis; University of Würzburg. (2018, August).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Bitcoin is a novel peer to peer payment network that was started in 2009 and that has since flourished, gaining acceptance all over the world. By contributing their resourcefulness as network connectivity and computing power, all participants are creating the the Bitcoin network together. Designed as an open source software system, the participation rules for this network are not upheld by humans, but implemented in code, and generally allow anyone to join or leave the network at will.Since the time of Bitcoin’s inception, software errors had to be fixed and network attacks that tried to make parts of the network unavailable have been endured. This thesis provides a solution to the problem of illegal data inclusions within the blockchain, a data structure that cannot easily be changed and that has to be transmitted to participants of Bitcoin.The flaw, i.e. the possibility for any user of Bitcoin to potentially include illegal data and therefore illegalizes the whole blockchain, is not just a software flaw, but can be seen as a structural one if free participation and uncensorable payments are to be provided.The proposal to solve the problem is layered in two tiers. The first tier prevents effective data inclusion for some standard payment functions within Bitcoin. This allows participants to be certain that these transactions do not contain bad data, allowing them to be included into Bitcoin blocks. It also solves the problem of illegal data permanently occupying valuable resources on Bitcoin nodes, as parts of the provably clean transactions are generally held in RAM until they have been spent. The prevention mechanism is essentially a system that provides proof that bitcoins were sent to actual Bitcoin addresses,stopping data inclusion by address fields abusal.The second tier consists of rule changes for Bitcoin. First of all, all non-standard payment transactions are removed from Bitcoin, with the exception of the more computationally flexible and popular P2SH transactions. This limits the avenues for data inclusion in Bitcoin without destroying its flexibility or its smart contract capabilities. Then, P2SHtransactions are redesigned to allow for a more fine grained deletion of their data, so only offending parts could be removed without destroying the integrity of the rest. Finally, a special type of transaction is introduced that allows censorship of just the signature data of a P2SH transaction. This transaction has to include a payment equal to the Bitcoin provided by the previous P2SH transaction, however. By adding this requirement, the system is protected from becoming open to money creation attacks that might inflate the currency without the agreement of all participants.With these changes, illegal data inclusion becomes either impossible, or they can be re-moved without destroying the integrity of the payment system as a whole or for payments that have already happened.Implementing all proposed changes would go beyond the scope of a master thesis. Tier1 of the presented solution has been implemented as a proof-of-concept, though. As a basis, the most popular Bitcoin node software, Bitcoin Core, has been used. Additionally,the ideas behind tier 2 are explained in full, and the potential impact on the system is discussed.v This thesis also covers previous attempts to allow for data removal in similar systems. Their discussion is meant to encourage the adoption of the presented proposal, as it should causeless disruption than some more extreme measurements that might introduce centralization into a system that was meant to run decentralized.

@mastersthesis{seeg2018hardening,
  abstract = {Bitcoin is a novel peer to peer payment network that was started in 2009 and that has since flourished, gaining acceptance all over the world. By contributing their resourcefulness as network connectivity and computing power, all participants are creating the the Bitcoin network together. Designed as an open source software system, the participation rules for this network are not upheld by humans, but implemented in code, and generally allow anyone to join or leave the network at will.Since the time of Bitcoin’s inception, software errors had to be fixed and network attacks that tried to make parts of the network unavailable have been endured. This thesis provides a solution to the problem of illegal data inclusions within the blockchain, a data structure that cannot easily be changed and that has to be transmitted to participants of Bitcoin.The flaw, i.e. the possibility for any user of Bitcoin to potentially include illegal data and therefore illegalizes the whole blockchain, is not just a software flaw, but can be seen as a structural one if free participation and uncensorable payments are to be provided.The proposal to solve the problem is layered in two tiers. The first tier prevents effective data inclusion for some standard payment functions within Bitcoin. This allows participants to be certain that these transactions do not contain bad data, allowing them to be included into Bitcoin blocks. It also solves the problem of illegal data permanently occupying valuable resources on Bitcoin nodes, as parts of the provably clean transactions are generally held in RAM until they have been spent. The prevention mechanism is essentially a system that provides proof that bitcoins were sent to actual Bitcoin addresses,stopping data inclusion by address fields abusal.The second tier consists of rule changes for Bitcoin. First of all, all non-standard payment transactions are removed from Bitcoin, with the exception of the more computationally flexible and popular P2SH transactions. This limits the avenues for data inclusion in Bitcoin without destroying its flexibility or its smart contract capabilities. Then, P2SHtransactions are redesigned to allow for a more fine grained deletion of their data, so only offending parts could be removed without destroying the integrity of the rest. Finally, a special type of transaction is introduced that allows censorship of just the signature data of a P2SH transaction. This transaction has to include a payment equal to the Bitcoin provided by the previous P2SH transaction, however. By adding this requirement, the system is protected from becoming open to money creation attacks that might inflate the currency without the agreement of all participants.With these changes, illegal data inclusion becomes either impossible, or they can be re-moved without destroying the integrity of the payment system as a whole or for payments that have already happened.Implementing all proposed changes would go beyond the scope of a master thesis. Tier1 of the presented solution has been implemented as a proof-of-concept, though. As a basis, the most popular Bitcoin node software, Bitcoin Core, has been used. Additionally,the ideas behind tier 2 are explained in full, and the potential impact on the system is discussed.v This thesis also covers previous attempts to allow for data removal in similar systems. Their discussion is meant to encourage the adoption of the presented proposal, as it should causeless disruption than some more extreme measurements that might introduce centralization into a system that was meant to run decentralized.},
  author = {Seeg, Andreas},
  keywords = {sys:relevantfor:sss-group attacks for:sss-group international-conference-workshop-papers-book-chapters journal-and-magazine-articles sss-group technical-reports thesis_supervised_by_SSS_member},
  month = {aug},
  school = {University of W{ü}rzburg},
  title = {Hardening Bitcoin Against Off-Topic Data Inclusion Attacks},
  type = {Master Thesis},
  year = 2018
}

DIMAQS - Dynamic Identiﬁcation of Malicious Query Sequences. Jobst, Michael; Thesis; University of Würzburg. (2018, June).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@mastersthesis{jobst2018dimaqs,
  abstract = {Ransomware is an emerging threat which imposed 5 billion USD loss in 2017 and is predicted to hit 11.5 billion in 2019. While initially targeting PC (client) platforms,recently it made a leap to server-side databases – in January 2017 we faced MongoDB Apocalypse attack, followed by other attack waves targeting a wide range of DB technologies such as MongoDB, MySQL, ElasticSearch, Cassandra, Hadoop, and CouchDB. While previous research has developed countermeasures against client-side ransomware (e.g., CryptoDrop and ShieldFS), no attention was given to the problem of server-side ransomware yet.This thesis aims to bridge this gap and presents design and implementation of the tool DIMAQS (Dynamic Identification of Malicious Query Sequences) for MySQL servers that can efficiently and effectively detect server-side ransomware. DIMAQS performs run-time monitoring of incoming queries and pattern matching using a Colored Petri Net (CPN) for attack detection. The system design of DIMAQS exhibits several novel techniques to enable efficient detection of malicious query sequences globally (i.e., without limiting detection to distinct user connections). Evaluation results show high efficiency with no false positives and no false negatives,and a very moderate performance overhead (for a run-time monitoring tool) of under5% in worst case scenarios.},
  author = {Jobst, Michael},
  keywords = {for:sss-group international-conference-workshop-papers-book-chapters journal-and-magazine-articles sss-group thesis_supervised_by_SSS_member},
  month = {June},
  school = {University of W{ü}rzburg},
  title = {DIMAQS - Dynamic Identiﬁcation of Malicious Query Sequences},
  type = {Master Thesis},
  year = 2018
}

2017

DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization. Brasser, Ferdinand; Capkun, Srdjan; Dmitrienko, Alexandra; Frassetto, Tommaso; Kostiainen, Kari; Müller, Urs; Sadeghi, Ahmad-Reza; in ArXiv | arXiv:1709.09917v2 (2017).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ URL ]

Software Grand Exposure: SGX Cache Attacks Are Practical. Brasser, Ferdinand; Müller, Urs; Dmitrienko, Alexandra; Kostiainen, Kari; Capkun, Srdjan; Sadeghi, Ahmad-Reza; in ArXiv | arXiv:1702.07521v1 (2017).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ URL ] [ Download ]

@article{206170,
  abstract = {Side-channel information leakage is a known limitation of SGX. Researchers have demonstrated that secret-dependent information can be extracted from enclave execution through page-fault access patterns. Consequently, various recent research efforts are actively seeking countermeasures to SGX side-channel attacks. It is widely assumed that SGX may be vulnerable to other side channels, such as cache access pattern monitoring,as well. However, prior to our work, the practicality and the extent of such information leakage was not studied.In this paper we demonstrate that cache-based attacks are indeed a serious threat to the confidentiality of SGX-protected programs. Our goal was to design an attack that is hard to mitigate using known defenses, and there-fore we mount our attack without interrupting enclave execution. This approach has major technical challenges,since the existing cache monitoring techniques experience significant noise if the victim process is not interrupted. We designed and implemented novel attack techniques to reduce this noise by leveraging the capabilities of the privileged adversary. Our attacks are able to recover confidential information from SGX enclaves,which we illustrate in two example cases: extraction of an entire RSA-2048 key during RSA decryption, and detection of specific human genome sequences during genomic indexing. We show that our attacks are more effective than previous cache attacks and harder to mitigate than previous SGX side-channel attacks.},
  address = {Vancouver, BC},
  author = {Brasser, Ferdinand and M{ü}ller, Urs and Dmitrienko, Alexandra and Kostiainen, Kari and Capkun, Srdjan and Sadeghi, Ahmad-Reza},
  booktitle = {{USENIX} Workshop on Offensive Technologies ({WOOT} 17)},
  institution = {USENIX Association},
  journal = {ArXiv | arXiv:1702.07521v1},
  keywords = {sys:relevantfor:sss-group Attacks SGX for:sss-group myown sss-group},
  month = {aug},
  title = {Software Grand Exposure: {SGX} Cache Attacks Are Practical},
  year = 2017
}

Secure Wallet-Assisted Offline Bitcoin Payments with Double-Spender Revocation (distinguished paper award). Dmitrienko, Alexandra; Noack, David; Yung, Moti; in ACM Conference on Information, Computer and Communications Security (AsiaCCS) (2017).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@inproceedings{BitcoinOffline2017,
  abstract = {Bitcoin seems to be the most successful cryptocurrency so far given the growing real life deployment and popularity.While Bitcoin requires clients to be online to perform trans-actions and a certain amount of time to verify them, there are many real life scenarios that demand for offline and immediate payments (e.g., mobile ticketing, vending machines,etc). However, offline payments in Bitcoin raise non-trivial security challenges, as the payee has no means to verify the received coins without having access to the Bitcoin network.Moreover, even online immediate payments are shown to be vulnerable to double-spending attacks.In this paper, we propose the first solution for Bitcoin payments, which enables secure payments with Bitcoin in offline settings and in scenarios where payments need to be immediately accepted. Our approach relies on an offline wallet and deploys several novel security mechanisms to prevent double-spending and to verify the coin validity in offline set-ting. These mechanisms achieve probabilistic security to guarantee that the attack probability is lower than the de-sired threshold. We provide a security and risk analysis as well as model security parameters for various adversaries.We further eliminate remaining risks by detection of misbehaving wallets and their revocation.We implemented our solution for mobile Android client sand instantiated an offline wallet using a microSD security card. Our implementation demonstrates that smooth integration over a very prevalent platform (Android) is possible,and that offline and online payments can practically co-exist.We also discuss alternative deployment approach for the offline wallet which does not leverage secure hardware, but instead relies on a deposit system managed by the Bitcoin network.},
  author = {Dmitrienko, Alexandra and Noack, David and Yung, Moti},
  booktitle = {ACM Conference on Information, Computer and Communications Security (AsiaCCS)},
  keywords = {International-Conference-Workshop-Papers-Book-Chapters for:sss-group myown sss-group},
  month = {apr},
  title = {Secure Wallet-Assisted Offline {Bitcoin} Payments with Double-Spender Revocation (distinguished paper award)},
  year = 2017
}

Secure Free-Floating Car Sharing for Offline Cars. Dmitrienko, Alexandra; Plappert, Christian; in ACM Conference on Data and Application Security and Privacy (ACM CODASPY) (2017).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@inproceedings{CarSharing2017,
  abstract = {In this paper, we present a new access control system for free-floating car sharing, which achieves a number of appealing features not available in the state-of-the-art solutions.First of all, it does not require online connection for cars,and, therefore, allows car sharing providers to expand their services to areas without reliable network coverage (e.g., with blind spots). Second, the solution is compatible to RFID cards – the most commonly deployed authentication token sin car sharing, and can be deployed on standard mobile platforms with various hardware features. Third, it is fully compatible with off-the-shelf cars and does not require any intrusive modifications to car’s internals.These new properties can be achieved due to a novel system design which deploys two-factor authentication and combines an RFID card (the real one or emulated in software) with a”soft” authentication token stored on a mobile platform. Such a combination increases security of the solution, preserves backward compatibility to RFID technology and enables great flexibility in protection of authentication secrets on the mobile platform. To demonstrate such a flexibility, we present a platform security concept which can be instantiate din various deployment options and provides the means to achieve best possible security given available hardware.We implemented our solution on Android and instantiated the platform security concept in three different deployment options. We evaluate security of our solution and report performance measurements},
  author = {Dmitrienko, Alexandra and Plappert, Christian},
  booktitle = {ACM Conference on Data and Application Security and Privacy (ACM CODASPY)},
  keywords = {International-Conference-Workshop-Papers-Book-Chapters myown sss-group},
  month = {mar},
  title = {Secure Free-Floating Car Sharing for Offline Cars},
  year = 2017
}

POSTER: Secure Free-Floating Car Sharing for Offline Cars (an outstanding poster award). Dmitrienko, Alexandra; Plappert, Christian; in ACM Conference on Data and Application Security and Privacy (ACM CODASPY) (2017).

[ BibSonomy-Post ] [ BibTeX ] [ Download ]

μchain: How to Forget without Hard Forks. Puddu, I.; Dmitrienko, A.; Capkun, Srdjan; in IACR Cryptology ePrint Archive (IACR) (2017).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ URL ] [ Download ]

@article{Puddu2017chainHT,
  abstract = {In this paper, we explore an idea of making(proof-of-work) blockchains mutable. We propose and implement μchain, a mutable blockchain, that enables modifications of blockchain history. Blockchains are, by common definition,distributed and immutable data structures that store a history of events, such as transactions in a digital currency system. While the very idea of mutable event history may seem controversial at a first glance, we show thatμchain does not undermine security guarantees provided by immutable blockchains. In particular,all mutations in our system are controlled by fiat, enforced by consensus and are verifiable in the same way as regular transactions. At the same time,μchain provides a solution to a number of challenging problems, such as the patching of vulnerable smart contracts and removal of abusive content from blockchain history. It also gives rise to new blockchain applications that were not possible with immutable blockchains.For instance, governments and companies could now maintain registers of citizens and customers, while preserving their legislated rights to be forgotten. Banks could consider consolidation of cryptocurrency with traditional payments, which is hard to achieve without the ability to revert transactions. To further illustrate the power ofμchain on more concrete examples, we present two new applications, the collaborative recommendation system with the ability to censor inappropriate content, and a time-lock encryption mechanism that provides a method to decrypt messages after a certain deadline has passed.},
  author = {Puddu, I. and Dmitrienko, A. and Capkun, Srdjan},
  journal = {IACR Cryptology ePrint Archive (IACR)},
  keywords = {for:sss-group micro-chain myown sss-group},
  month = {feb},
  title = {μchain: How to Forget without Hard Forks},
  year = 2017
}

Phonion: Practical Protection of Metadata in Telephony Networks. Heuser, Stephan; Reaves, Bradley; Pendyala, Praveen Kumar; Carter, Henry; Dmitrienko, Alexandra; Enck, William; Kiyavash, Negar; Sadeghi, Ahmad-Reza; Traynor, Patrick; in Proceedings on Privacy Enhancing Technologies (PoPETs) (2017).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@inproceedings{Phonion2017,
  abstract = {The majority of people across the globe rely on telephony networks as their primary means of communication. As such, many of the most sensitive personal, corporate and government related communications pass through these systems every day. Unsurprisingly, such connections are subject to a wide range of attacks. Of increasing concern is the use of metadata contained in Call Detail Records (CDRs), which contain source, destination, start time and duration of a call.This information is potentially dangerous as the very act of two parties communicating can reveal significant details about their relationship and put them in the focus of targeted observation or surveillance, which is highly critical especially for journalists and activists.To address this problem, we develop the Phonion architecture to frustrate such attacks by separating call setup functions from call delivery. Specifically, Phonion allows users to preemptively establish call circuits across multiple providers and technologies before dialing into the circuit and does not require constant Internet connectivity. Since no single carrier can determine the ultimate destination of the call, it provides unlinkability for its users and helps them to avoid passive surveillance. We define and discuss a range of adversary classes and analyze why current obfuscation technologies fail to protect users against such metadata attacks. In our extensive evaluation we further analyze advanced anonymity technologies (e.g., VoIP over Tor), which do not preserve our functional requirements for high voice quality in the absence of constant broadband Internet connectivity and compatibility with landline and feature phones. Phonion is the first practical system to provide guarantees of unlinkable communication against a range of practical adversaries in telephony systems.},
  author = {Heuser, Stephan and Reaves, Bradley and Pendyala, Praveen Kumar and Carter, Henry and Dmitrienko, Alexandra and Enck, William and Kiyavash, Negar and Sadeghi, Ahmad-Reza and Traynor, Patrick},
  booktitle = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
  keywords = {sys:relevantfor:sss-group for:sss-group myown sss-group},
  month = {jan},
  title = {Phonion: Practical Protection of Metadata in Telephony Networks},
  year = 2017
}

2016

POSTER: Phonion: Frustrating Telephony Metadata Analysis. Heuser, Stephan; Reaves, Bradley; Pendyala, Praveen Kumar; Carter, Henry; Dmitrienko, Alexandra; Enck, William; Sadeghi, Ahmad-Reza; Traynor, Patrick; in Network and Distributed System Security Symposium (NDSS) (2016).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Phone companies record network use by individual customers via Call Detail Records (CDRs). CDRs contain important metadata ranging from call source and destination to duration of the connection, route through the network and identification of the network device writing the call record.Historically, CDRs have served as a means of not only properly billing customers for the services they use, but also as a way of identifying and debugging network errors.This metadata has most recently been associated with large-scale collection campaigns by intelligence agencies. While these organizations often assert that such programs are necessary to prevent crime and terrorism, privacy advocates argue that the complete cataloging of telephony actions erode civil liberties. However, what researchers and policy makers have generally failed to consider is that a range of other adversaries may also use CDRs to violate the privacy of targeted individuals. In 2006, for example, detectives hired by executives at HP were able to use social engineering to acquire phone records and determine the identity of an anonymous corporate board member who leaked sensitive information to journalists. Such attacks are not limited to private detectives, but have also been executed by jealous spouses, curious neighbors, companies paying for employee cell phones, rogue employees at cellular providers and more. In fact, last September it was revealed that Vodafone scoured a journalist’s personal phone records to discover her sources on a story about Vodafone security problems [1] . Accordingly, strong mechanisms for making analysis of CDRs difficult is crucial to the privacy of citizens across the world.Taking the importance of call metadata for user privacy into consideration, there are prior attempts to build anonymous telecommunication systems based on Voice over IP (VoIP) and anonymization networks like Tor. However, these solutions do not provide adequate quality of service for voice calls.Moreover, they require fast and reliable Internet connectivity,which might not always be available. For instance, Internet access in countries with a repressive regime can be shut down to prevent dissemination of non-censored information. Further,even if Internet access is generally available, access to the Tor network could be censored.

@inproceedings{PhonionPoster,
  abstract = {Phone companies record network use by individual customers via Call Detail Records (CDRs). CDRs contain important metadata ranging from call source and destination to duration of the connection, route through the network and identification of the network device writing the call record.Historically, CDRs have served as a means of not only properly billing customers for the services they use, but also as a way of identifying and debugging network errors.This metadata has most recently been associated with large-scale collection campaigns by intelligence agencies. While these organizations often assert that such programs are necessary to prevent crime and terrorism, privacy advocates argue that the complete cataloging of telephony actions erode civil liberties. However, what researchers and policy makers have generally failed to consider is that a range of other adversaries may also use CDRs to violate the privacy of targeted individuals. In 2006, for example, detectives hired by executives at HP were able to use social engineering to acquire phone records and determine the identity of an anonymous corporate board member who leaked sensitive information to journalists. Such attacks are not limited to private detectives, but have also been executed by jealous spouses, curious neighbors, companies paying for employee cell phones, rogue employees at cellular providers and more. In fact, last September it was revealed that Vodafone scoured a journalist’s personal phone records to discover her sources on a story about Vodafone security problems [1] . Accordingly, strong mechanisms for making analysis of CDRs difficult is crucial to the privacy of citizens across the world.Taking the importance of call metadata for user privacy into consideration, there are prior attempts to build anonymous telecommunication systems based on Voice over IP (VoIP) and anonymization networks like Tor. However, these solutions do not provide adequate quality of service for voice calls.Moreover, they require fast and reliable Internet connectivity,which might not always be available. For instance, Internet access in countries with a repressive regime can be shut down to prevent dissemination of non-censored information. Further,even if Internet access is generally available, access to the Tor network could be censored.},
  author = {Heuser, Stephan and Reaves, Bradley and Pendyala, Praveen Kumar and Carter, Henry and Dmitrienko, Alexandra and Enck, William and Sadeghi, Ahmad-Reza and Traynor, Patrick},
  booktitle = {Network and Distributed System Security Symposium (NDSS)},
  keywords = {International-Conference-Workshop-Papers-Book-Chapters for:sss-group myown sss-group},
  month = {February},
  title = {{POSTER}: Phonion: Frustrating Telephony Metadata Analysis},
  year = 2016
}

2015

Security and Privacy Aspects of Mobile Platforms and Applications. Dmitrienko, Alexandra; (2015, April).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Mobile smart devices (such as smartphones and tablets) emerged to dominant computing platforms for end-users. The capabilities of these convenient mini-computers seem nearly boundless: They feature compelling computing power and storage resources, new interfaces such as Near Field Communication (NFC) and Bluetooth Low Energy (BLE),connectivity to cloud services, as well as a vast number and variety of apps. By installing these apps, users can turn a mobile device into a music player, a gaming console,a navigation system, a business assistant, and more. In addition, the current trend of increased screen sizes make these devices reasonable replacements for traditional (mobile)computing platforms such as laptops.On the other hand, mobile platforms process and store the extensive amount of sensitive information about their users, ranging from the user ’s location data to credentials for online banking and enterprise Virtual Private Networks (VPNs). This raises many security and privacy concerns and makes mobile platforms attractive targets for attackers. The rapid increase in number, variety and sophistication of attacks demonstrate that the protection mechanisms offered by mobile systems today are insufficient and improvements are necessary in order to make mobile devices capable of withstanding modern security and privacy threats.This dissertation focuses on various aspects of security and privacy of mobile platforms.In particular, it consists of three parts: (i) advanced attacks on mobile platforms and countermeasures; (ii) online authentication security for mobile systems, and (iii) secure mobile applications and services.Specifically, the first part of the dissertation concentrates on advanced attacks on mobile platforms, such as code re-use attacks that hijack execution flow of benign apps without injecting malicious code, and application-level privilege escalation attacks that allow malicious or compromised apps to gain more privileges than were initially granted. In this context, we develop new advanced code re-use attack techniques that can bypass deployed protection mechanisms (e.g., Address Space Layout Randomization (ASLR)) and cannot be detected by any of the existing security tools (e.g., return address checkers). Further, we investigate the problem of application-level privilege escalation attacks on mobile platforms like Android, study and classify them, develop proof of concept exploits and propose countermeasures against these attacks. Our countermeasures can mitigate all types of application-level privilege escalation attacks, in contrast to alternative solutions proposed in literature.In the second part of the dissertation we investigate online authentication schemes frequently utilized by mobile users, such as the most common web authentication based upon the user’s passwords and the recently widespread mobile2-factor authentication(2FA) which extends the password-based approach with a secondary authenticator sent toa user ’s mobile device or generated on it (e.g, a One-time Password (OTP) or Transaction Authentication Number (TAN)). In this context we demonstrate various weaknesses ofmobile2FAschemes deployed for login verification by global Internet service providers(such as Google, Dropbox, Twitter, and Facebook) and by a popular Google Authenticator app. These weaknesses allow an attacker to impersonate legitimate users even if their mobile device with the secondary authenticator is not compromised. We then go one step further and develop a general attack method for bypassing mobile2FAschemes.Our method relies on a cross-platform infection (mobile-to-PC or PC-to-mobile) as a first step in order to compromise the Personal Computer (PC) and a mobile device of the same user. We develop proof-of-concept prototypes for a cross-platform infection and show how an attacker can bypass various instantiations of mobile2FAschemes once both devices,PC and the mobile platform, are infected. We then deliver proof-of-concept attack implementations that bypass online banking solutions based on SMS-based TAN sand visual cryptograms, as well as login verification schemes deployed by various Internet service providers. Finally, we propose a wallet-based secure solution for password-based authentication which requires no secondary authenticator, and yet provides better security guaranties than, e.g., mobile2FAschemes.The third part of the dissertation concerns design and development of security sensitive mobile applications and services. In particular, our first application allows mobile users to replace usual keys (for doors, cars, garages, etc.) with their mobile devices. It uses electronic access tokens which are generated by the central key server and then downloaded into mobile devices for user authentication. Our solution protects access tokens in transit (e.g., while they are downloaded on the mobile device) and when they are stored and processed on the mobile platform. The unique feature of our solution is offline delegation: Users can delegate (a portion of) their access rights to other users without accessing the key server. Further, our solution is efficient even when used with constraint communication interfaces like NFC.The second application we developed is devoted to resource sharing among mobile users in ad-hoc mobile networks. It enables users to, e.g., exchange files and text messages,or share their tethering connection. Our solution addresses security threats specific toresource sharing and features the required security mechanisms (e.g., access control of resources, pseudonymity for users, and accountability for resource use). One of the key features of our solution is a privacy-preserving access control of resources based on FoF Finder (FoFF) service, which provides a user-friendly means to configure access control based upon information from social networks (e.g., friendship information) while preserving user privacy (e.g., not revealing their social network identifiers).The results presented in this dissertation were included in several peer-reviewed publications [71,91,58,107,109,61,110,65,64,30] and extended technical reports [95,57,108,31]1. Some of these publications had significant impact on follow up research.For example, our publications on new forms of code re-use attacks [71,91] motivated researchers to develop more advanced forms of ASLR(e.g., [232,156,293,157]) and tore-consider the idea of using Control-Flow Integrity (CFI) (e.g., [51,300,303,182,233,77]). Further, our work on application-level privilege escalation attacks [94,57,59] was followed by many other publications addressing this problem (e.g., [106,122,209,155,146,69,63,302]). Moreover, our access control solution using mobile devices as access tokens[110,65] demonstrated significant practical impact: in2013it was chosen as a highlight of CeBIT – the world’s largest international computer expo, and was then deployed by a large enterprise to be used by tens of thousands of company employees and millions of customers.

@phdthesis{tuprints4611,
  abstract = {Mobile smart devices (such as smartphones and tablets) emerged to dominant computing platforms for end-users. The capabilities of these convenient mini-computers seem nearly boundless: They feature compelling computing power and storage resources, new interfaces such as Near Field Communication (NFC) and Bluetooth Low Energy (BLE),connectivity to cloud services, as well as a vast number and variety of apps. By installing these apps, users can turn a mobile device into a music player, a gaming console,a navigation system, a business assistant, and more. In addition, the current trend of increased screen sizes make these devices reasonable replacements for traditional (mobile)computing platforms such as laptops.On the other hand, mobile platforms process and store the extensive amount of sensitive information about their users, ranging from the user ’s location data to credentials for online banking and enterprise Virtual Private Networks (VPNs). This raises many security and privacy concerns and makes mobile platforms attractive targets for attackers. The rapid increase in number, variety and sophistication of attacks demonstrate that the protection mechanisms offered by mobile systems today are insufficient and improvements are necessary in order to make mobile devices capable of withstanding modern security and privacy threats.This dissertation focuses on various aspects of security and privacy of mobile platforms.In particular, it consists of three parts: (i) advanced attacks on mobile platforms and countermeasures; (ii) online authentication security for mobile systems, and (iii) secure mobile applications and services.Specifically, the first part of the dissertation concentrates on advanced attacks on mobile platforms, such as code re-use attacks that hijack execution flow of benign apps without injecting malicious code, and application-level privilege escalation attacks that allow malicious or compromised apps to gain more privileges than were initially granted. In this context, we develop new advanced code re-use attack techniques that can bypass deployed protection mechanisms (e.g., Address Space Layout Randomization (ASLR)) and cannot be detected by any of the existing security tools (e.g., return address checkers). Further, we investigate the problem of application-level privilege escalation attacks on mobile platforms like Android, study and classify them, develop proof of concept exploits and propose countermeasures against these attacks. Our countermeasures can mitigate all types of application-level privilege escalation attacks, in contrast to alternative solutions proposed in literature.In the second part of the dissertation we investigate online authentication schemes frequently utilized by mobile users, such as the most common web authentication based upon the user’s passwords and the recently widespread mobile2-factor authentication(2FA) which extends the password-based approach with a secondary authenticator sent toa user ’s mobile device or generated on it (e.g, a One-time Password (OTP) or Transaction Authentication Number (TAN)). In this context we demonstrate various weaknesses ofmobile2FAschemes deployed for login verification by global Internet service providers(such as Google, Dropbox, Twitter, and Facebook) and by a popular Google Authenticator app. These weaknesses allow an attacker to impersonate legitimate users even if their mobile device with the secondary authenticator is not compromised. We then go one step further and develop a general attack method for bypassing mobile2FAschemes.Our method relies on a cross-platform infection (mobile-to-PC or PC-to-mobile) as a first step in order to compromise the Personal Computer (PC) and a mobile device of the same user. We develop proof-of-concept prototypes for a cross-platform infection and show how an attacker can bypass various instantiations of mobile2FAschemes once both devices,PC and the mobile platform, are infected. We then deliver proof-of-concept attack implementations that bypass online banking solutions based on SMS-based TAN sand visual cryptograms, as well as login verification schemes deployed by various Internet service providers. Finally, we propose a wallet-based secure solution for password-based authentication which requires no secondary authenticator, and yet provides better security guaranties than, e.g., mobile2FAschemes.The third part of the dissertation concerns design and development of security sensitive mobile applications and services. In particular, our first application allows mobile users to replace usual keys (for doors, cars, garages, etc.) with their mobile devices. It uses electronic access tokens which are generated by the central key server and then downloaded into mobile devices for user authentication. Our solution protects access tokens in transit (e.g., while they are downloaded on the mobile device) and when they are stored and processed on the mobile platform. The unique feature of our solution is offline delegation: Users can delegate (a portion of) their access rights to other users without accessing the key server. Further, our solution is efficient even when used with constraint communication interfaces like NFC.The second application we developed is devoted to resource sharing among mobile users in ad-hoc mobile networks. It enables users to, e.g., exchange files and text messages,or share their tethering connection. Our solution addresses security threats specific toresource sharing and features the required security mechanisms (e.g., access control of resources, pseudonymity for users, and accountability for resource use). One of the key features of our solution is a privacy-preserving access control of resources based on FoF Finder (FoFF) service, which provides a user-friendly means to configure access control based upon information from social networks (e.g., friendship information) while preserving user privacy (e.g., not revealing their social network identifiers).The results presented in this dissertation were included in several peer-reviewed publications [71,91,58,107,109,61,110,65,64,30] and extended technical reports [95,57,108,31]1. Some of these publications had significant impact on follow up research.For example, our publications on new forms of code re-use attacks [71,91] motivated researchers to develop more advanced forms of ASLR(e.g., [232,156,293,157]) and tore-consider the idea of using Control-Flow Integrity (CFI) (e.g., [51,300,303,182,233,77]). Further, our work on application-level privilege escalation attacks [94,57,59] was followed by many other publications addressing this problem (e.g., [106,122,209,155,146,69,63,302]). Moreover, our access control solution using mobile devices as access tokens[110,65] demonstrated significant practical impact: in2013it was chosen as a highlight of CeBIT – the world’s largest international computer expo, and was then deployed by a large enterprise to be used by tens of thousands of company employees and millions of customers.},
  author = {Dmitrienko, Alexandra},
  keywords = {Theses for:sss-group myown privacy security sss-group},
  month = {April},
  school = {TU Darmstadt},
  title = {Security and Privacy Aspects of Mobile Platforms and Applications},
  year = 2015
}

Market-driven Code Provisioning to Mobile Secure Hardware. Dmitrienko, Alexandra; Heuser, Stephan; Nguyen, Thien Duc; da Silva Ramos, Marcos; Rein, Andre; Sadeghi, Ahmad-Reza; in Financial Cryptography and Data Security Conference (FC) (2015).

[ BibSonomy-Post ] [ BibTeX ] [ Download ]

2014

Security Analysis of Mobile Two-Factor Authentication Schemes. Dmitrienko, Alexandra; Liebchen, Christopher; Rossow, Christian; Sadeghi, Ahmad-Reza; in Intel Technology Journal (ITJ) (2014).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@article{DmLiRoSa2014,
  abstract = {Two-factor authentication (2FA) schemes aim at strengthening the security of login-password–based authentication by deploying secondary authentication tokens. In this context, mobile 2FA schemes require no additional hardware (such as a smartcard) to store and handle the secondary authentication token, and hence are considered as a reasonable trade off between security, usability, and cost. They are widely used in online banking and increasingly deployed by Internet service providers.In this article, we investigate 2FA implementations of several well-known Internet service providers such as Google, Dropbox, Twitter, and Facebook. We identify various weaknesses that allow an attacker to easily bypass 2FA, even when the secondary authentication token is not under the attacker’s control. We then go a step further and present a more general attack against mobile 2FA schemes. Our attack relies on a cross-platform infection that subverts control over both end points (PC and a mobile device) involved in the authentication protocol.We apply this attack in practice and successfully circumvent diverse schemes: SMS-based TAN solutions of four large banks, one instance of a visual TAN scheme, 2FA login verification systems of Google, Dropbox, Twitter, and Facebook accounts, and the Google Authenticator app currently used by 32 third-party service providers. Finally, we cluster and analyze hundreds of real-world malicious Android apps that target mobile 2FA schemes and show that banking Trojans already deploy mobile counterparts that steal 2FA credentials like TANs.},
  author = {Dmitrienko, Alexandra and Liebchen, Christopher and Rossow, Christian and Sadeghi, Ahmad-Reza},
  journal = {Intel Technology Journal (ITJ)},
  keywords = {Journal-and-Magazine-Articles for:sss-group myown sss-group},
  title = {Security Analysis of Mobile Two-Factor Authentication Schemes},
  year = 2014
}

On the (in)security of mobile two-factor authentication. Dmitrienko, Alexandra; Liebchen, Christopher; Rossow, Christian; Sadeghi, Ahmad-Reza; in CASED TUD-CS-2014-0029 (2014).

[ BibSonomy-Post ] [ BibTeX ]

On the (In)Security of Mobile Two-Factor Authentication. Dmitrienko, Alexandra; Liebchen, Christopher; Rossow, Christian; Sadeghi, Ahmad-Reza; in Financial Cryptography and Data Security Conference (FC) (2014).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@inproceedings{DLRS2014,
  abstract = {Two-factor authentication (2FA) schemes aim at strengthening the security of login password-based authentication by deploying secondary authentication tokens. In this context, mobile 2FA schemes re-quire no additional hardware (e.g., a smartcard) to store and handle the secondary authentication token, and hence are considered as a reasonable trade-off between security, usability and costs. They are widely used in online banking and increasingly deployed by Internet service providers.In this paper, we investigate 2FA implementations of several well-known Internet service providers such as Google, Dropbox, Twitter and Face-book. We identify various weaknesses that allow an attacker to easily bypass them, even when the secondary authentication token is not under attacker’s control. We then go a step further and present a more general attack against mobile 2FA schemes. Our attack relies on cross-platform infection that subverts control over both end points (PC and a mobile device) involved in the authentication protocol. We apply this at-tack in practice and successfully circumvent diverse schemes: SMS-based TAN solutions of four large banks, one instance of a visual TAN scheme,2FA login verification systems of Google, Dropbox, Twitter and Face-book accounts, and the Google Authenticator app currently used by 32third-party service providers. Finally, we cluster and analyze hundreds of real-world malicious Android apps that target mobile 2FA schemes and show that banking Trojans already deploy mobile counterparts that steal 2FA credentials like TANs.},
  author = {Dmitrienko, Alexandra and Liebchen, Christopher and Rossow, Christian and Sadeghi, Ahmad-Reza},
  booktitle = {Financial Cryptography and Data Security Conference (FC)},
  keywords = {Technical-Reports Two-Factor authentication for:sss-group myown sss-group},
  month = {March},
  title = {On the (In)Security of Mobile Two-Factor Authentication},
  year = 2014
}

POSTER. Bitcoin2Go: Secure Offline and Fast Payments with Bitcoins. Dmitrienko, Alexandra; Noack, David; Sadeghi, Ahmad-Reza; Yung, Moti; in Financial Cryptography and Data Security Conference (FC) (2014).

[ BibSonomy-Post ] [ BibTeX ] [ Download ]

On Offline Payments with Bitcoin. Dmitrienko, Alexandra; Noack, David; Sadeghi, Ahmad-Reza; Yung, Moti; in Workshop on Bitcoin Research (BITCOIN’14) (2014).

[ BibSonomy-Post ] [ BibTeX ] [ Download ]

Key2Share for Authentication Services. Busold, Christoph; Dmitrienko, Alexandra; Wachsmann, Christian; in SmartCard Workshop (SRC) (2014).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

2013

Mobile Platform Security Asokan, N.; Davi, Lucas; Dmitrienko, Alexandra; Heuser, Stephan; Kostiainen, Kari; Reshetova, Elena; Sadeghi, Ahmad-Reza; in Synthesis Lectures on Information Security, Privacy, and Trust 2013 (2013). (Vol. 4) Morgan & Claypool.

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ]

Do I know you? - Efficient and Privacy-Preserving Common Friend-Finder Protocols and Applications. Nagy, Marcin; Cristofaro, Emiliano De; Dmitrienko, Alexandra; Asokan, N.; Sadeghi, Ahmad-Reza; in Annual Computer Security Applications Conference (ACSAC) (2013).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@inproceedings{NCDAS2013,
  abstract = {The increasing penetration of Online Social Networks (OSNs)prompts the need for effectively accessing and utilizing social net-working information. In numerous applications, users need to make trust and/or access control decisions involving other (possibly stranger) users, and one important factor is often the existence of common social relationships. This motivates the need for secure and privacy-preserving techniques allowing users to assess whether or not they have mutual friends.This paper introduces the Common Friends service, a frame-work for finding common friends which protects privacy of non-mutual friends and guarantees authenticity of friendships. First,we present a generic construction that reduces to secure computation of set intersection, while ensuring authenticity of announced friends via bearer capabilities. Then, we propose an efficient instantiation, based on Bloom filters, that only incurs a constant number of public-key operations and appreciably low communication overhead. Our software is designed so that developers can easily integrate Common Friends into their applications, e.g., to en-force access control based on users’ social proximity in a privacy-preserving manner. Finally, we showcase our techniques in the con-text of an existing application for sharing (tethered) Internet access,whereby users decide to share access depending on the existence of common friends. A comprehensive experimental evaluation attests to the practicality of proposed techniques.},
  author = {Nagy, Marcin and Cristofaro, Emiliano De and Dmitrienko, Alexandra and Asokan, N. and Sadeghi, Ahmad-Reza},
  booktitle = {Annual Computer Security Applications Conference (ACSAC)},
  keywords = {International-Conference-Workshop-Papers-Book-Chapters for:sss-group myown sss-group},
  month = {dec},
  organization = {ACM},
  title = {Do {I} know you? - {Efficient} and Privacy-Preserving Common Friend-Finder Protocols and Applications},
  year = 2013
}

Just-In-Time Code Reuse: The More Things Change, the More They Stay the Same. Snow, Kevin Z.; Davi, Lucas; Dmitrienko, Alexandra; Liebchen, Christopher; Monrose, Fabian; Sadeghi, Ahmad-Reza; in BlackHat USA (2013).

[ BibSonomy-Post ] [ BibTeX ] [ Download ]

CrowdShare: Secure Mobile Resource Sharing. Asokan, N.; Dmitrienko, Alexandra; Nagy, Marcin; Reshetova, Elena; Sadeghi, Ahmad-Reza; Schneider, Thomas; Stelle, Stanislaus; in International Conference on Applied Cryptography and Network Security (ACNS) (2013).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Gadge Me If You Can -- Secure and Efficient Ad-hoc Instruction-Level Randomization for x86 and ARM. Davi, Lucas; Dmitrienko, Alexandra; Nürnberger, Stefan; Sadeghi, Ahmad-Reza; in ACM Conference on Computer and Communications Security (ACM CCS) (2013).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization (best student paper award). Snow, Kevin Z.; Davi, Lucas; Dmitrienko, Alexandra; Liebchen, Christopher; Monrose, Fabian; Sadeghi, Ahmad-Reza; in IEEE Symposium on Security and Privacy (S&P) (2013).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Smart Keys for Cyber-Cars: Secure Smartphone-Based NFC-Enabled Car Immobilizer. Busold, Christoph; Taha, Ahmed; Wachsmann, Christian; Dmitrienko, Alexandra; Seudie, Hervé; Sobhani, Majid; Sadeghi, Ahmad-Reza; in ACM Conference on Data and Application Security and Privacy (ACM CODASPY), E. Bertino, R. S. Sandhu, L. Bauer, J. Park (eds.) (2013).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ URL ] [ Download ]

@inproceedings{conf/codaspy/BusoldTWDSSS13,
  abstract = {Smartphones have become very popular and versatile de-vices. An emerging trend is the integration of smartphones into automotive systems and applications, particularly access control systems to unlock cars (doors and immobilizers). Smartphone-based automotive solutions promise to greatly enhance the user’s experience by providing advanced features far beyond the conventional dedicated tokens/tranponders. We present the first opensecurity framework for secure smartphone-based immobilizers. Our generic security architecture protects the electronic access tokens on the smart-phone and provides advanced features such as context-aware access policies, remote issuing and revocation of access rights and their delegation to other users. We discuss various approaches to instantiate our security architecture based on different hardware-based trusted execution environments, and elaborate on their security properties. We implemented our immobilizer system based on the latest Android-based smartphone and a microSD smartcard. Further, we support the algorithmic proofs of the security of the underlying protocols with automated formal verification tools.},
  author = {Busold, Christoph and Taha, Ahmed and Wachsmann, Christian and Dmitrienko, Alexandra and Seudie, Hervé and Sobhani, Majid and Sadeghi, Ahmad-Reza},
  booktitle = {ACM Conference on Data and Application Security and Privacy (ACM CODASPY)},
  editor = {Bertino, Elisa and Sandhu, Ravi S. and Bauer, Lujo and Park, Jaehong},
  keywords = {International-Conference-Workshop-Papers-Book-Chapters for:sss-group myown sss-group},
  month = {feb},
  publisher = {ACM},
  title = {Smart Keys for Cyber-Cars: Secure Smartphone-Based NFC-Enabled Car Immobilizer},
  year = 2013
}

POSTER: Secure Smartphone-based NFC-enabled Car Immobilizer (an outstanding poster award). Busold, Christoph; Dmitrienko, Alexandra; Seudie, Herve; Taha, Ahmed; Sobhani, Majid; Wachsmann, Christian; Sadeghi, Ahmad-Reza; in ACM Conference on Data and Application Security and Privacy (ACM CODASPY) (2013).

[ BibSonomy-Post ] [ BibTeX ] [ Download ]

2012

Over-the-air Cross-Platform Infection for Breaking mTAN-based Online Banking Authentication. Davi, Lucas; Dmitrienko, Alexandra; Liebchen, Christopher; Sadeghi, Ahmad-Reza; in BlackHat Abu Dhabi (2012).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@inproceedings{TUD-CS-2012-0230,
  abstract = {We present a novel stealthy cross-platform infection attack in WiFi networks. Our attack has high impact on two-factor authentication schemes that make use of mobile phones. In particular, we apply our attack to break mTAN authentication, one of the most used scheme for online banking worldwide (Europe, US, China). We present the design and implementation of the online banking Trojan which spreads over the WiFi network from the user's PC to her mobile phone and automatically pairs these devices. When paired, the host and the mobile malware deliver to the attacker authentication secrets which allow her to successfully authenticate against the online-banking portal and perform financial transactions in the name of the user. Our attack is stealthy compared to the known banking Trojans ZeuS/ZitMo and SpyEye/Spitmo, as it does not rely on phishing or naive user behavior for malware spreading and pairing. Our reference implementation targets Windows PCs and Android based smartphones, although our attack is not platform specific. To achieve cross-platform infection, we applied and adapted attack techniques such as remote code execution, privilege escalation, GOT overwriting, DLL injection and function hooking. Our attack can he implemented by knowledgeable attackers and calls for re-thinking of security measures deployed for protection of online transactions by banks.},
  author = {Davi, Lucas and Dmitrienko, Alexandra and Liebchen, Christopher and Sadeghi, Ahmad-Reza},
  booktitle = {BlackHat Abu Dhabi},
  keywords = {International-Conference-Workshop-Papers-Book-Chapters for:sss-group myown sss-group},
  month = {December},
  title = {Over-the-air Cross-Platform Infection for Breaking {mTAN}-based Online Banking Authentication},
  year = 2012
}

XIFER: A Software Diversity Tool Against Code-Reuse Attacks. Davi, Lucas; Dmitrienko, Alexandra; Nürnberger, Stefan; Sadeghi, Ahmad-Reza; in ACM International Workshop on Wireless of the Students, by the Students, for the Students (ACM MOBICOM) (2012).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

SmartTokens: Delegable Access Control with NFC-enabled Smartphones. Dmitrienko, Alexandra; Sadeghi, Ahmad-Reza; Tamrakar, Sandeep; Wachsmann, Christian; in International Conference on Trust and Trustworthy Computing (TRUST) (2012).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@inproceedings{TUD-CS-2012-0071,
  abstract = {Today’s smartphones and tablets offer compelling computing and storage capabilities enabling a variety of mobile applications with rich functionality. The integration of new interfaces, in particular near field communication (NFC) opens new opportunities for new applications and business models, as the most recent trend in industry for payment and ticketing shows. These applications require storing and processing security-critical data on smartphones, making them attractive targets fora variety of attacks. The state of the art to enhance platform security concerns outsourcing security-critical computations to hardware-isolated Trusted Execution Environments (TrEE). However, since these TrEEsare used by software running in commodity operating systems, malware could impersonate the software and use the TrEE in an unintended way.Further, existing NFC-based access control solutions for smartphones are either not public or based on strong assumptions that are hard to achieve in practice. We present the design and implementation of a generic access control system for NFC-enabled smartphones based on a multi-level security architecture for smartphones. Our solution allows users to delegate their access rights and addresses the bandwidth constraints of NFC.Our prototype captures electronic access to facilities, such as entrances and offices, and binds NFC operations to a software-isolated TrEE established on the widely used Android smartphone operating system. We provide a formal security analysis of our protocols and evaluated the performance of our solution.},
  author = {Dmitrienko, Alexandra and Sadeghi, Ahmad-Reza and Tamrakar, Sandeep and Wachsmann, Christian},
  booktitle = {International Conference on Trust and Trustworthy Computing (TRUST)},
  keywords = {for:sss-group myown sss-group},
  month = {June},
  publisher = {Springer},
  title = {{SmartTokens}: Delegable Access Control with {NFC}-enabled Smartphones},
  year = 2012
}

Towards Taming Privilege-Escalation Attacks on Android. Bugiel, Sven; Davi, Lucas; Dmitrienko, Alexandra; Fischer, Thomas; Sadeghi, Ahmad-Reza; Shastry, Bhargava; in Network and Distributed System Security Symposium (NDSS) (2012).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@inproceedings{TUD-CS-2012-0002,
  abstract = {Android’s security framework has been an appealing subject of research in the last few years. Android has been shown to be vulnerable to application-level privilege escalation attacks, such as confused deputy attacks, and more recently, attacks by colluding applications. While most of the proposed approaches aim at solving confused deputy at-tacks, there is still no solution that simultaneously addresses collusion attacks.In this paper, we investigate the problem of designing and implementing a practical security framework for Android to protect against confused deputy and collusion attacks. We realize that defeating collusion attacks calls for a rather system-centric solution as opposed to application-dependent policy enforcement. To support our design decisions, we conduct a heuristic analysis of Android’s system behavior(with popular apps) to identify attack patterns, classify different adversary models, and point out the challenges to be tackled. Then we propose a solution for a system-centric and policy-driven runtime monitoring of communication channels between applications at multiple layers: 1) at the middleware we control IPCs between applications and indirect communication via Android system components. Moreover,inspired by the approach in QUIRE, we establish semantic links between IPCs and enable the reference monitor to verify the call-chain; 2) at the kernel level we realize mandatory access control on the file system (including Unix domain sockets) and local Internet sockets. To allow for runtime,dynamic low-level policy enforcement, we provide a callback channel between the kernel and the middleware. Finally, we evaluate the efficiency and effectiveness of our framework on known confused deputy and collusion attacks, and discuss future directions.},
  author = {Bugiel, Sven and Davi, Lucas and Dmitrienko, Alexandra and Fischer, Thomas and Sadeghi, Ahmad-Reza and Shastry, Bhargava},
  booktitle = {Network and Distributed System Security Symposium (NDSS)},
  keywords = {International-Conference-Workshop-Papers-Book-Chapters for:sss-group myown sss-group},
  month = {February},
  title = {Towards Taming Privilege-Escalation Attacks on {Android}},
  year = 2012
}

MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones. Davi, Lucas; Dmitrienko, Alexandra; Egele, Manuel; Fischer, Thomas; Holz, Thorsten; Hund, Ralf; Nürnberger, Stefan; Sadeghi, Ahmad-Reza; in Network and Distributed System Security Symposium (NDSS) (2012).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ URL ] [ Download ]

@inproceedings{TUD-CS-2012-0001,
  abstract = {Runtime and control-flow attacks (such as code injection or return-oriented programming) constitute one of the most severe threats to software programs. These attacks are prevalent and have been recently applied to smartphone applications as well, of which hundreds of thousands are downloaded by users every day. While a framework for control-flow integrity (CFI) enforcement, an approach to prohibit this kind of attacks, exists for the Intel x86 plat-form, there is no such a solution for smartphones.In this paper, we present a novel framework, MoCFI(Mobile CFI), that provides a general countermeasure against control-flow attacks on smartphone platforms by en-forcing CFI. We show that CFI on typical smartphone plat-forms powered by an ARM processor is technically involved due to architectural differences between ARM and Intel x86,as well as the specifics of smartphone OSes. Our framework performs CFI on-the-fly during runtime without requiring the application’s source code. For our reference implementation we chose Apple’s iOS, because it has been an attractive target for control-flow attacks. Nevertheless, our frame-work is also applicable to other ARM-based devices such as Google’s Android. Our performance evaluation demon-strates that MoCFI is efficient and does not induce notable overhead when applied to popular iOS applications.},
  author = {Davi, Lucas and Dmitrienko, Alexandra and Egele, Manuel and Fischer, Thomas and Holz, Thorsten and Hund, Ralf and N{ü}rnberger, Stefan and Sadeghi, Ahmad-Reza},
  booktitle = {Network and Distributed System Security Symposium (NDSS)},
  keywords = {Attacks Control-Flow International-Conference-Workshop-Papers-Book-Chapters Mitigate MoCFI Smartphones for:sss-group myown sss-group sys:relevantfor:sss-group},
  month = {feb},
  publisher = {The Internet Society},
  title = {{MoCFI}: A Framework to Mitigate Control-Flow Attacks on Smartphones},
  year = 2012
}

2011

Securing the Access to Electronic Health Records on Mobile Phones. Dmitrienko, Alexandra; Hadzic, Zecir; Löhr, Hans; Sadeghi, Ahmad-Reza; Winandy, Marcel; in Biomedical Engineering Systems and Technologies (BIOSTEC) (2011).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@inproceedings{DLSW2011b,
  abstract = {Mobile phones are increasingly used in the e-health domain.In this context, enabling secure access to health records from mobile de-vices is of particular importance because of the high security and privacy requirements for sensitive medical data. Standard operating systems and software, as they are deployed on current smartphones, cannot protect sensitive data appropriately, even though modern mobile hardware plat-forms often provide dedicated security features. Current mobile phones are prone to attacks by malicious software, which might gain unauthorized access to sensitive medical data.In this paper, we present a security architecture for the protection of electronic health records and authentication credentials that are used to access e-health services. Our architecture is derived from a generic solution and tailored specifically to current mobile platforms with hardware security extensions. Authentication data are protected by a trusted wallet (TruWallet), which leverages trusted hardware features of the phone and isolated application environments provided by a secure operating system. A separate application environment is used to provide runtime protection of medical data. Furthermore, we present a prototype implementation of TruWallet on the Nokia N900 mobile phone. In contrast to commodity systems, our architecture enables healthcare professionals to securely access medical data on their mobile devices without the risk of disclosing sensitive information.},
  author = {Dmitrienko, Alexandra and Hadzic, Zecir and L{ö}hr, Hans and Sadeghi, Ahmad-Reza and Winandy, Marcel},
  booktitle = {Biomedical Engineering Systems and Technologies (BIOSTEC)},
  keywords = {sys:relevantfor:sss-group International-Conference-Workshop-Papers-Book-Chapters for:sss-group myown sss-group},
  title = {Securing the Access to Electronic Health Records on Mobile Phones},
  year = 2011
}

A Security Architecture for Accessing Health Records on Mobile Phones. Dmitrienko, Alexandra; Hadzic, Zecir; Löhr, Hans; Sadeghi, Ahmad-Reza; Winandy, Marcel; in International Conference on Health Informatics (HEALTHINF) (2011).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@inproceedings{DLSW2011,
  abstract = {Using mobile phones to access healthcare data is an upcoming application scenario of increasing importance in the near future. However, important aspects to consider in this context are the high security and privacy requirements for sensitive medical data. Current mobile phones using standard operating systems and software cannot offer appropriate protection for sensitive data, although the hardware platform often offers dedicated security features. Malicious software (malware) like Trojan horses on the mobile phone could gain unauthorized access to sensitive medical data.In this paper, we propose a complete security framework to protect medical data (such as electronic health records) and authentication credentials that are used to access e-health servers. Derived from a generic architecture that can be used for PCs, we introduce a security architecture specifically for mobile phones, based on existing hardware security extensions. We describe security building blocks, including trusted hardware features, a security kernel providing isolated application environments as well as a secure graphical user interface, and a trusted wallet (TruWallet) for secure authentication to e-health servers. Moreover, we present a prototype implementation of the trusted wallet on a current smartphone: the Nokia N900. Based on our architecture, health care professionals can safely and securely process medical data on their mobile phones without the risk of disclosing sensitive information as compared to commodity mobile operating systems.},
  author = {Dmitrienko, Alexandra and Hadzic, Zecir and L{ö}hr, Hans and Sadeghi, Ahmad-Reza and Winandy, Marcel},
  booktitle = {International Conference on Health Informatics (HEALTHINF)},
  keywords = {International-Conference-Workshop-Papers-Book-Chapters for:sss-group myown sss-group sys:relevantfor:sss-group},
  month = {October},
  title = {A Security Architecture for Accessing Health Records on Mobile Phones},
  year = 2011
}

Trusted Virtual Domains on OKL4: Secure Information Sharing on Smartphones. Davi, Lucas; Dmitrienko, Alexandra; Kowalski, Christoph; Winandy, Marcel; in ACM Workshop on Scalable Trusted Computing (ACM STC) (2011).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Practical and Lightweight Domain Isolation on Android. Bugiel, Sven; Davi, Lucas; Dmitrienko, Alexandra; Heuser, Stephan; Sadeghi, Ahmad-Reza; Shastry, Bhargava; in ACM Workshop on Security and Privacy in Mobile Devices (SPSM) (2011).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@inproceedings{TUD-CS-2011-0218,
  abstract = {In this paper, we introduce a security framework for practical and lightweight domain isolation on Android to mitigate unauthorized data access and communication among applications of different trust levels (e.g., private and corporate). We present the design and implementation of our framework,TrustDroid, which in contrast to existing solutions enables isolation at different layers of the Android software stack:(1) at the middleware layer to prevent inter-domain application communication and data access, (2) at the kernel layer to enforce mandatory access control on the file system and on InterProcess Communication (IPC) channels, and (3) at the network layer to mediate network traffic. For instance, (3)allows network data to be only read by a particular domain,or enables basic context-based policies such as preventing Internet access by untrusted applications while an employee is connected to the company’s network.Our approach accurately addresses the demands of the business world, namely to isolate data and applications of different trust levels in a practical and lightweight way. More-over, our solution is the first leveraging mandatory access control with TOMOYO Linux on a real Android device(Nexus One). Our evaluation demonstrates that TrustDroidonly adds a negligible overhead, and in contrast to contemporary full virtualization, only minimally affects the battery’s life-time.},
  author = {Bugiel, Sven and Davi, Lucas and Dmitrienko, Alexandra and Heuser, Stephan and Sadeghi, Ahmad-Reza and Shastry, Bhargava},
  booktitle = {ACM Workshop on Security and Privacy in Mobile Devices (SPSM)},
  keywords = {International-Conference-Workshop-Papers-Book-Chapters for:sss-group myown sss-group},
  month = {October},
  publisher = {ACM Press},
  title = {Practical and Lightweight Domain Isolation on {Android}},
  year = 2011
}

POSTER: The Quest for Security against Privilege Escalation Attacks on Android. Bugiel, Sven; Davi, Lucas; Dmitrienko, Alexandra; Fischer, Thomas; Sadeghi, Ahmad-Reza; Shastry, Bhargava; in ACM Conference on Computer and Communications Security (CCS) (2011).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

POSTER: Control-Flow Integrity for Smartphones. Davi, Lucas; Dmitrienko, Alexandra; Egele, Manuel; Fischer, Thomas; Holz, Thorsten; Hund, Ralf; Nürnberger, Stefan; Sadeghi, Ahmad-Reza; in ACM Conference on Computer and Communications Security (CCS) (2011).

[ BibSonomy-Post ] [ BibTeX ] [ Download ]

CFI Goes Mobile: Control-Flow Integrity for Smartphones. Davi, Lucas; Dmitrienko, Alexandra; Egele, Manuel; Fischer, Thomas; Holz, Thorsten; Hund, Ralf; Nürnberger, Stefan; Sadeghi, Ahmad-Reza; in International Workshop on Trustworthy Embedded Devices (TrustED) (2011).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks. Bugiel, Sven; Davi, Lucas; Dmitrienko, Alexandra; Fischer, Thomas; Sadeghi, Ahmad-Reza; in TR-2011-04 (2011).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

@inproceedings{BDDFS2011,
  abstract = {Google Android has become a popular mobile operating system which is increasingly deployed by mobile device manufactures for various platforms. Recent attacks show that Android’s permission framework is vulnerable to application-level privilege escalation attacks, i.e., an application may indirectly gain privileges to perform unauthorized actions.The existing proposals for security extensions to Android’s middle-ware (e.g., Kirin, Saint, TaintDroid, or QUIRE) can-not fully and adequately mitigate these attacks or detect Trojans such as Soundcomber that exploit covert channels in the Android system. In this paper we present the design and implementation of XManDroid(eXtended Monitoring on Android), a security framework that extends the monitoring mechanism of Android to detect and prevent application-level privilege escalation attacks at runtime based on a system-centric system policy. Our implementation dynamically analyzes applications’ transitive permission usage while inducing a minimal performance overhead unnoticeable for the user.Depending on system policy our system representation al-lows for an effective detection of (covert) channels established through the Android system services and content providers while simultaneously optimizing the rate of false positives.We evaluate the effectiveness of XManDroidon our test suite that simulates known application-level privilege escalation attacks (including Soundcomber), and demonstrate successful detection of attacks that use Android’s inter-component communication (ICC) framework (standard for most attacks). We also performed a usability test to evaluate the impact of XManDroid on the user-experience with third party applications. Moreover, we analyze sources of false positives and discuss how this rate can be further significantly reduced.},
  author = {Bugiel, Sven and Davi, Lucas and Dmitrienko, Alexandra and Fischer, Thomas and Sadeghi, Ahmad-Reza},
  booktitle = {TR-2011-04},
  howpublished = {\url{http://www.trust.informatik.tu-darmstadt.de/publications/publication-details/?no_cache=1&tx_bibtex_pi1%5Bpub_id%5D=TUD-CS-2011-0127}},
  institution = {Ruhr-University Bochum, System Security Lab},
  keywords = {Technical-Reports for:sss-group myown sss-group},
  month = {April},
  title = {{XManDroid}: A New {Android} Evolution to Mitigate Privilege Escalation Attacks},
  year = 2011
}

Trusted embedded System Operating System (TeSOS) -- Study and Design. Dmitrienko, Alexandra; Gessner, Dennis; Sadeghi, Ahmad-Reza; Schulz, Steffen; Stueble, Christian; Ullmann, Markus; in HGI-TR-2011-004 (2011).

[ BibSonomy-Post ] [ BibTeX ] [ Download ]

2010

TruWalletM: Secure Web Authentication on Mobile Platforms. Bugiel, Sven; Dmitrienko, Alexandra; Kostiainen, Kari; Sadeghi, Ahmad-Reza; Winandy, Marcel; in International Conference on Trusted Systems (INTRUST) (2010).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Privilege Escalation Attacks on Android. Davi, Lucas; Dmitrienko, Alexandra; Sadeghi, Ahmad-Reza; Winandy, Marcel; in Information Security Conference (ISC) (2010).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Return-Oriented Programming without Returns. Checkoway, Stephen; Davi, Lucas; Dmitrienko, Alexandra; Sadeghi, Ahmad-Reza; Shacham, Hovav; Winandy, Marcel; in ACM Conference on Computer and Communications Security (CCS) (2010).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Key Attestation from Trusted Execution Environments. Kostiainen, Kari; Dmitrienko, Alexandra; Ekberg, Jan-Erik; Sadeghi, Ahmad-Reza; Asokan, N.; in International Conference on Trust and Trustworthy Computing (TRUST) (2010).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

Return-Oriented Programming without Returns on ARM. Davi, Lucas; Dmitrienko, Alexandra; Sadeghi, Ahmad-Reza; Winandy, Marcel; (2010).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

2009

Trusted Virtual Domains - Design, Implementation and Lessons Learned. Catuogno, Luigi; Dmitrienko, Alexandra; Sadeghi, Ahmad-Reza; Schulz, Steffen; Winandy, Marcel; Zhan, Jing; Eriksson, Konrad; Kuhlmann, Dirk; Ramunno, Gianluca; Schunter, Matthias; in International Conference on Trusted Systems (INTRUST) (2009).

[ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Download ]

2007

Zigbee-to-TCP/IP Gateway: New Opportunities for ZigBee-based Sensor Networks. Dmitrienko, Alexandra; in International Workshop on Ambient Intelligence and Embedded Systems (AmiEs) (2007).

[ BibSonomy-Post ] [ BibTeX ]

2006

WIZnet W3150A network co-processor: New features for embedded devices. Dmitrienko, Alexandra; in Components and Technologies (2006).

[ BibSonomy-Post ] [ BibTeX ]

Publications

Tag cloud of all publications:

Publications

Hinweis zum Datenschutz

Hinweis zum Datenschutz

Bildnachweise