Logo des Repositoriums

P256 - Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit

Autor*innen mit den meisten Dokumenten  

Auflistung nach:

Neueste Veröffentlichungen

1 - 10 von 27
  • Konferenzbeitrag
    Surreptitious sharing on android
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Schürmann, Dominik; Wolf, Lars
    Many email and messaging applications on Android utilize the Intent API for sharing images, videos, and documents. Android standardizes Intents for sending and Intent Filters for receiving content. Instead of sending entire files, such as videos, via this API, only URIs are exchanged pointing to the actual storage position. In this paper we evaluate applications regarding a security vulnerability allowing privilege escalation and data leakage, which is related to the handling of URIs using the file scheme. We analyze a vulnerability called Surreptitious Sharing and present two scenarios showing how it can be exploited in practice. Based on these scenarios, 4 email and 8 messaging applications have been analyzed in detail. We found that 8 out of 12 applications are vulnerable. Guidelines how to properly handle file access on Android and a fix for the discussed vulnerability are attached.
  • Konferenzbeitrag
    A semantic framework for a better understanding, investigation and prevention of organized financial crime
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Merkel, Ronny; Kraetzer, Christian; Hildebrandt, Mario; Kiltz, Stefan; Kuhlmann, Sven; Dittmann, Jana
    Using semantic technology for data storage and exploration is an important issue in computer science, however barely applied to forensic investigations. In this paper, a conceptual framework is proposed for the detailed modeling of structured domain knowledge in the field of organized financial crime, with a special focus on sparse information (e.g. flows of money, data and know-how, exploited vulnerabilities and attackers motivation) and the proposition of a credibility measure (to rate the reliability of used information based on open source intelligence, expert surveys and captive interviews). In addition to the ontology-based, abstract domain knowledge model, the proposed framework consists of an explorative information discovery functionality, which can couple concrete, case-related data from different knowledge bases with the abstract domain knowledge, to assist experts in the investigation of crimes and the discovery of new relations between different pieces of evidence. The proposed framework is illustrated using the exemplary use case scenario of Point-of-Sale (POS) Skimming. Furthermore, its flexibility, scalability and a potential integration into current and emerging police standards is discussed.
  • Konferenzbeitrag
    Distributed evolutionary fuzzing with evofuzz
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Beterke, Fabian
    This paper describes the design of a tool (called Evofuzz) that implements the technique of evolutionary (or coverage-guided) fuzzing in a scalable, distributed manner. The architecture, design-choices and implementation specifics of this tool are examined, explained and criticized. After outlining possible improvements and future work that is not yet completed, the paper finishes by presenting the results from fuzzing real-world programs and explains how to recreate them using the provided tool.
  • Konferenzbeitrag
    Automotive Ethernet: security opportunity or challenge?
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Corbett, Christopher; Schoch, Elmar; Kargl, Frank; Preussner, Felix
    The automotive industry's future trends, such as automated driving or advanced driver assistance, require large bandwidths to handle massive data streams and strongly depend on well timed communication. The Ethernet technology is seen as a suitable candidate to cover those needs for vehicle-internal networks; however, Ethernet involves security issues. Thus, by discussing automotive Ethernet attributes with regard to the adaption of existing security mechanisms in contrast to the potential of creating new ones, several challenges and opportunities emerge in consideration of comparatively fewer available resources and the integration into a vehicle environment. Based on these results we derive and propose ideas for manipulation and misuse detection mechanisms.
  • Konferenzbeitrag
    Comparative evaluation of machine learning-based malware detection on android.
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Hahn, Sebastian; Protsenko, Mykola; Müller, Tilo
    The Android platform is known as the market leader for mobile devices, but it also has gained much attention among malware authors in recent years. The widespread of malware, a consequence of its popularity and the design features of the Android ecosystem, constitutes a major security threat currently targeted by the research community. Among all counter methods proposed in previous publications, many rely on machine learning algorithms based on statically extracted attributes from an app. Machine learning, which is also inspired by the developed field of desktop malware detection, has proven to be a promising approach for fighting Android malware. Many publications, however, rely on different data sets for different application attributes, rendering the comparison of them difficult. Furthermore, there exist attribute sets known from the desktop world which have not been ported to Android yet. In this paper, we aim to step towards filling this gap by assessing the effectiveness of the total number of 11 attribute sets, including those never evaluated on Android before, using a consistent data set of 10,000 apps. Our comparative evaluation provides a ranking for the single attribute sets according the detection performance they can reach, and suggests the most effective combination of all attributes.
  • Konferenzbeitrag
    SDN malware: problems of current protection systems and potential countermeasures
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Röpke, Christian
    Software-Defined Networking (SDN) is an emerging topic and securing its data and control plane is of great importance. The main goal of malicious SDN applications would be to compromise the SDN controller which is responsible for managing the SDN-based network. In this paper, we discuss two existent mechanisms aiming at protecting aforementioned planes: (i) sandboxing of SDN applications and (ii) checking for network invariants. We argue that both fail in case of sophisticated malicious SDN applications such as a SDN rootkit. To fill the corresponding security gaps, we propose two security improvements. The first one aims at protecting the control plane by isolating SDN applications by means of virtualization techniques. Compared to recent efforts, we thereby allow a more stringent separation of malicious SDN applications. The goal of the second proposal is to allow policy checking mechanisms to run independently from SDN controllers while minimizing hardware costs. Thereby, we improve SDN security while taking into account that correct functioning of policy checking can be manipulated by a compromised SDN controller.
  • Konferenzbeitrag
    Attacks on fitness trackers revisited: a case-study of unfit firmware security
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Rieck, Jakob
    Fitness trackers - wearables that continuously record a wearer's step count and related activity data - are quickly gaining in popularity. Apart from being useful for individuals seeking a more healthy lifestyle, their data is also being used in court and by insurance companies to adjust premiums. For these use cases, it is essential to ensure authenticity and integrity of data. Here we demonstrate a flaw in the way firmware for Withings' Activité is verified, allowing an adversary to compromise the tracker itself. This type of attack has so far not been applied to fitness trackers. Vendors have started mitigating previous attacks, which manipulated data by interfering with wireless channels, or by physically moving the tracker to fool sensors. Hardware similarities amongst different trackers suggest findings can be transferred to other tracker as well.
  • Konferenzbeitrag
    Designing resilient and secure smart micro grids
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Valipour, Siavash
    The research presented in this extended abstract paper depicts a smart grid management framework which enables a decentralized and autonomous organization of the energy participants within these grids. Based on basic requirements for operating such systems, challenges and tasks are being discussed here as a basis for future research. The discussion encompasses both fields of electrical engineering and computer science. The presented grid coordination and energy transfer schemes are briefly regarded and openly discussed.
  • Konferenzbeitrag
    On the security of the ZigBee light link touchlink commissioning procedure
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Müller, Christian; Armknecht, Frederik; Benenson, Zinaida; Morgner, Philipp
    Specifications of security mechanisms often lack explicit descriptions of the envisioned security goals and the underlying assumptions. This makes it difficult for developers and customers to understand the level of security provided by the systems. Moreover, this omission has repeatedly resulted in practical attacks that violate the implicit security assumptions of the specifications. In this work, we illustrate this effect on the example of the ZigBee Light Link (ZLL) profile, currently one of the most popular standards for smart lighting in domestic environments. We first provide a concise description of ZLL commissioning procedure for initiating and extending a network of smart bulbs, extracted directly from the specification. We then discuss how the commissioning protocol can be transformed into a formal security model, but also highlight where this is subject to interpretations because of the unclear implicit security assumptions. The proposed security model is flexible, i.e., it can be extended to capture further security requirements or attacker classes, and hence provides a solid foundation for rigorous security analyses of ZLL and other ZigBee profiles.