- KonferenzbeitragDistributed evolutionary fuzzing with evofuzz(Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Beterke, Fabian; Meier, Michael; Reinhardt, Delphine; Wendzel, SteffenThis paper describes the design of a tool (called Evofuzz) that implements the technique of evolutionary (or coverage-guided) fuzzing in a scalable, distributed manner. The architecture, design-choices and implementation specifics of this tool are examined, explained and criticized. After outlining possible improvements and future work that is not yet completed, the paper finishes by presenting the results from fuzzing real-world programs and explains how to recreate them using the provided tool.
- KonferenzbeitragAttacks on fitness trackers revisited: a case-study of unfit firmware security(Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Rieck, Jakob; Meier, Michael; Reinhardt, Delphine; Wendzel, SteffenFitness trackers - wearables that continuously record a wearer's step count and related activity data - are quickly gaining in popularity. Apart from being useful for individuals seeking a more healthy lifestyle, their data is also being used in court and by insurance companies to adjust premiums. For these use cases, it is essential to ensure authenticity and integrity of data. Here we demonstrate a flaw in the way firmware for Withings' Activité is verified, allowing an adversary to compromise the tracker itself. This type of attack has so far not been applied to fitness trackers. Vendors have started mitigating previous attacks, which manipulated data by interfering with wireless channels, or by physically moving the tracker to fool sensors. Hardware similarities amongst different trackers suggest findings can be transferred to other tracker as well.
- KonferenzbeitragAutomotive Ethernet: security opportunity or challenge?(Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Corbett, Christopher; Schoch, Elmar; Kargl, Frank; Preussner, Felix; Meier, Michael; Reinhardt, Delphine; Wendzel, SteffenThe automotive industry's future trends, such as automated driving or advanced driver assistance, require large bandwidths to handle massive data streams and strongly depend on well timed communication. The Ethernet technology is seen as a suitable candidate to cover those needs for vehicle-internal networks; however, Ethernet involves security issues. Thus, by discussing automotive Ethernet attributes with regard to the adaption of existing security mechanisms in contrast to the potential of creating new ones, several challenges and opportunities emerge in consideration of comparatively fewer available resources and the integration into a vehicle environment. Based on these results we derive and propose ideas for manipulation and misuse detection mechanisms.
- KonferenzbeitragSurreptitious sharing on android(Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Schürmann, Dominik; Wolf, Lars; Meier, Michael; Reinhardt, Delphine; Wendzel, SteffenMany email and messaging applications on Android utilize the Intent API for sharing images, videos, and documents. Android standardizes Intents for sending and Intent Filters for receiving content. Instead of sending entire files, such as videos, via this API, only URIs are exchanged pointing to the actual storage position. In this paper we evaluate applications regarding a security vulnerability allowing privilege escalation and data leakage, which is related to the handling of URIs using the file scheme. We analyze a vulnerability called Surreptitious Sharing and present two scenarios showing how it can be exploited in practice. Based on these scenarios, 4 email and 8 messaging applications have been analyzed in detail. We found that 8 out of 12 applications are vulnerable. Guidelines how to properly handle file access on Android and a fix for the discussed vulnerability are attached.
- KonferenzbeitragSDN malware: problems of current protection systems and potential countermeasures(Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Röpke, Christian; Meier, Michael; Reinhardt, Delphine; Wendzel, SteffenSoftware-Defined Networking (SDN) is an emerging topic and securing its data and control plane is of great importance. The main goal of malicious SDN applications would be to compromise the SDN controller which is responsible for managing the SDN-based network. In this paper, we discuss two existent mechanisms aiming at protecting aforementioned planes: (i) sandboxing of SDN applications and (ii) checking for network invariants. We argue that both fail in case of sophisticated malicious SDN applications such as a SDN rootkit. To fill the corresponding security gaps, we propose two security improvements. The first one aims at protecting the control plane by isolating SDN applications by means of virtualization techniques. Compared to recent efforts, we thereby allow a more stringent separation of malicious SDN applications. The goal of the second proposal is to allow policy checking mechanisms to run independently from SDN controllers while minimizing hardware costs. Thereby, we improve SDN security while taking into account that correct functioning of policy checking can be manipulated by a compromised SDN controller.
- KonferenzbeitragA semantic framework for a better understanding, investigation and prevention of organized financial crime(Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Merkel, Ronny; Kraetzer, Christian; Hildebrandt, Mario; Kiltz, Stefan; Kuhlmann, Sven; Dittmann, Jana; Meier, Michael; Reinhardt, Delphine; Wendzel, SteffenUsing semantic technology for data storage and exploration is an important issue in computer science, however barely applied to forensic investigations. In this paper, a conceptual framework is proposed for the detailed modeling of structured domain knowledge in the field of organized financial crime, with a special focus on sparse information (e.g. flows of money, data and know-how, exploited vulnerabilities and attackers motivation) and the proposition of a credibility measure (to rate the reliability of used information based on open source intelligence, expert surveys and captive interviews). In addition to the ontology-based, abstract domain knowledge model, the proposed framework consists of an explorative information discovery functionality, which can couple concrete, case-related data from different knowledge bases with the abstract domain knowledge, to assist experts in the investigation of crimes and the discovery of new relations between different pieces of evidence. The proposed framework is illustrated using the exemplary use case scenario of Point-of-Sale (POS) Skimming. Furthermore, its flexibility, scalability and a potential integration into current and emerging police standards is discussed.
- KonferenzbeitragComparative evaluation of machine learning-based malware detection on android.(Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Hahn, Sebastian; Protsenko, Mykola; Müller, Tilo; Meier, Michael; Reinhardt, Delphine; Wendzel, SteffenThe Android platform is known as the market leader for mobile devices, but it also has gained much attention among malware authors in recent years. The widespread of malware, a consequence of its popularity and the design features of the Android ecosystem, constitutes a major security threat currently targeted by the research community. Among all counter methods proposed in previous publications, many rely on machine learning algorithms based on statically extracted attributes from an app. Machine learning, which is also inspired by the developed field of desktop malware detection, has proven to be a promising approach for fighting Android malware. Many publications, however, rely on different data sets for different application attributes, rendering the comparison of them difficult. Furthermore, there exist attribute sets known from the desktop world which have not been ported to Android yet. In this paper, we aim to step towards filling this gap by assessing the effectiveness of the total number of 11 attribute sets, including those never evaluated on Android before, using a consistent data set of 10,000 apps. Our comparative evaluation provides a ranking for the single attribute sets according the detection performance they can reach, and suggests the most effective combination of all attributes.
- KonferenzbeitragDesigning resilient and secure smart micro grids(Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Valipour, Siavash; Meier, Michael; Reinhardt, Delphine; Wendzel, SteffenThe research presented in this extended abstract paper depicts a smart grid management framework which enables a decentralized and autonomous organization of the energy participants within these grids. Based on basic requirements for operating such systems, challenges and tasks are being discussed here as a basis for future research. The discussion encompasses both fields of electrical engineering and computer science. The presented grid coordination and energy transfer schemes are briefly regarded and openly discussed.
- Editiertes BuchSicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit(2016) Meier, Michael; Reinhardt, Delphine; Wendzel, Steffen
- KonferenzbeitragSoftware security requirements in building automation(Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Praus, Friedrich; Kastner, Wolfgang; Palensky, Peter; Meier, Michael; Reinhardt, Delphine; Wendzel, SteffenWith today's ongoing integration of heterogeneous building automation systems, increased comfort, energy efficiency, improved building management, sustainability as well as advanced applications such as active \& assisted living scenarios become possible. Obviously, the demands - especially regarding security - increase: Secure communication becomes equally important as secure software being executed on the devices. While the former has been addressed by standardization committees and manufacturers, until recently no scientific research is available, that targets the problem of secure control applications in this domain. No attack model has been defined, no security measures have been recommended, existing measures from other domains are either too expensive or time intensive to deploy, cannot be trivially applied to or do not cover specific demands and constraints of the building automation domain. This paper provides an extensive survey of the security requirements for distributed control applications and analyzes software protection methods. An architecture tackling the problem on how to secure software running on different device classes and preventing attacks on smart homes and buildings is briefly introduced at the end.