Logo des Repositoriums
 

P256 - Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit

https://dl.gi.de/handle/20.500.12116/20073

Autor*innen mit den meisten Dokumenten  

Kastner, Wolfgang
2
Müller, Tilo
2
Armknecht, Frederik
1
Astrakhantceva, Mariia
1
Benenson, Zinaida
1
Auflistung nach:

Neueste Veröffentlichungen

1 - 10 von 27
  • Konferenzbeitrag
    Comparative evaluation of machine learning-based malware detection on android.
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Hahn, Sebastian; Protsenko, Mykola; Müller, Tilo
    The Android platform is known as the market leader for mobile devices, but it also has gained much attention among malware authors in recent years. The widespread of malware, a consequence of its popularity and the design features of the Android ecosystem, constitutes a major security threat currently targeted by the research community. Among all counter methods proposed in previous publications, many rely on machine learning algorithms based on statically extracted attributes from an app. Machine learning, which is also inspired by the developed field of desktop malware detection, has proven to be a promising approach for fighting Android malware. Many publications, however, rely on different data sets for different application attributes, rendering the comparison of them difficult. Furthermore, there exist attribute sets known from the desktop world which have not been ported to Android yet. In this paper, we aim to step towards filling this gap by assessing the effectiveness of the total number of 11 attribute sets, including those never evaluated on Android before, using a consistent data set of 10,000 apps. Our comparative evaluation provides a ranking for the single attribute sets according the detection performance they can reach, and suggests the most effective combination of all attributes.
  • Konferenzbeitrag
    SDN malware: problems of current protection systems and potential countermeasures
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Röpke, Christian
    Software-Defined Networking (SDN) is an emerging topic and securing its data and control plane is of great importance. The main goal of malicious SDN applications would be to compromise the SDN controller which is responsible for managing the SDN-based network. In this paper, we discuss two existent mechanisms aiming at protecting aforementioned planes: (i) sandboxing of SDN applications and (ii) checking for network invariants. We argue that both fail in case of sophisticated malicious SDN applications such as a SDN rootkit. To fill the corresponding security gaps, we propose two security improvements. The first one aims at protecting the control plane by isolating SDN applications by means of virtualization techniques. Compared to recent efforts, we thereby allow a more stringent separation of malicious SDN applications. The goal of the second proposal is to allow policy checking mechanisms to run independently from SDN controllers while minimizing hardware costs. Thereby, we improve SDN security while taking into account that correct functioning of policy checking can be manipulated by a compromised SDN controller.
  • Konferenzbeitrag
    Attacks on fitness trackers revisited: a case-study of unfit firmware security
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Rieck, Jakob
    Fitness trackers - wearables that continuously record a wearer's step count and related activity data - are quickly gaining in popularity. Apart from being useful for individuals seeking a more healthy lifestyle, their data is also being used in court and by insurance companies to adjust premiums. For these use cases, it is essential to ensure authenticity and integrity of data. Here we demonstrate a flaw in the way firmware for Withings' Activité is verified, allowing an adversary to compromise the tracker itself. This type of attack has so far not been applied to fitness trackers. Vendors have started mitigating previous attacks, which manipulated data by interfering with wireless channels, or by physically moving the tracker to fool sensors. Hardware similarities amongst different trackers suggest findings can be transferred to other tracker as well.
  • Konferenzbeitrag
    Automotive Ethernet: security opportunity or challenge?
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Corbett, Christopher; Schoch, Elmar; Kargl, Frank; Preussner, Felix
    The automotive industry's future trends, such as automated driving or advanced driver assistance, require large bandwidths to handle massive data streams and strongly depend on well timed communication. The Ethernet technology is seen as a suitable candidate to cover those needs for vehicle-internal networks; however, Ethernet involves security issues. Thus, by discussing automotive Ethernet attributes with regard to the adaption of existing security mechanisms in contrast to the potential of creating new ones, several challenges and opportunities emerge in consideration of comparatively fewer available resources and the integration into a vehicle environment. Based on these results we derive and propose ideas for manipulation and misuse detection mechanisms.
  • Konferenzbeitrag
    Distributed evolutionary fuzzing with evofuzz
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Beterke, Fabian
    This paper describes the design of a tool (called Evofuzz) that implements the technique of evolutionary (or coverage-guided) fuzzing in a scalable, distributed manner. The architecture, design-choices and implementation specifics of this tool are examined, explained and criticized. After outlining possible improvements and future work that is not yet completed, the paper finishes by presenting the results from fuzzing real-world programs and explains how to recreate them using the provided tool.
  • Konferenzbeitrag
    A semantic framework for a better understanding, investigation and prevention of organized financial crime
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Merkel, Ronny; Kraetzer, Christian; Hildebrandt, Mario; Kiltz, Stefan; Kuhlmann, Sven; Dittmann, Jana
    Using semantic technology for data storage and exploration is an important issue in computer science, however barely applied to forensic investigations. In this paper, a conceptual framework is proposed for the detailed modeling of structured domain knowledge in the field of organized financial crime, with a special focus on sparse information (e.g. flows of money, data and know-how, exploited vulnerabilities and attackers motivation) and the proposition of a credibility measure (to rate the reliability of used information based on open source intelligence, expert surveys and captive interviews). In addition to the ontology-based, abstract domain knowledge model, the proposed framework consists of an explorative information discovery functionality, which can couple concrete, case-related data from different knowledge bases with the abstract domain knowledge, to assist experts in the investigation of crimes and the discovery of new relations between different pieces of evidence. The proposed framework is illustrated using the exemplary use case scenario of Point-of-Sale (POS) Skimming. Furthermore, its flexibility, scalability and a potential integration into current and emerging police standards is discussed.
  • Konferenzbeitrag
    Surreptitious sharing on android
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Schürmann, Dominik; Wolf, Lars
    Many email and messaging applications on Android utilize the Intent API for sharing images, videos, and documents. Android standardizes Intents for sending and Intent Filters for receiving content. Instead of sending entire files, such as videos, via this API, only URIs are exchanged pointing to the actual storage position. In this paper we evaluate applications regarding a security vulnerability allowing privilege escalation and data leakage, which is related to the handling of URIs using the file scheme. We analyze a vulnerability called Surreptitious Sharing and present two scenarios showing how it can be exploited in practice. Based on these scenarios, 4 email and 8 messaging applications have been analyzed in detail. We found that 8 out of 12 applications are vulnerable. Guidelines how to properly handle file access on Android and a fix for the discussed vulnerability are attached.
  • Konferenzbeitrag
    Increasing security and availability in KNX networks
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Glanzer, Harald; Krammer, Lukas; Kastner, Wolfgang
    Buildings contain a number of technical systems in order to be able to fulfill their task of providing a comfortable, secure and safe environment. Apart from heating, ventilation and airconditioning as well as lighting and shading, critical services such as fire alarm or access control systems are added to building automation. The latter services require secure communication and high availability and are currently implemented by isolated subsystems. However, a tighter integration into an overall building automation network can raise synergies such as cost reduction, improvements in building control as well as easier management. For this purpose, the underlying communication system has to be robust and reliable against malicious manipulations. This paper proposes an extension for KNX paving the way for its deployment even in critical environments. For this purpose, it is necessary to detect and guard against malicious attacks as well as to cope with randomly occurring hardware faults. The former can be achieved through cryptography, whereas the latter by implementing structural redundancy. The proposal divides KNX installations into insecure and secure parts. While insecure parts allow to use standard KNX devices, secure parts are protected against malicious attacks and are realized in a redundant way. This allows to partially resist against transient hardware faults.
  • Konferenzbeitrag
    Order preserving encryption for wide column stores
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Waage, Tim
    Order-preserving encryption (OPE) allows encrypting without losing information about the order relation between the encrypted data items. Thus, the execution of compare, order and grouping operations can be done like on plaintext data. In particular it allows databases to do range queries over encrypted data, which is a useful feature especially for cloud databases that usually run in untrusted environments. Several OPE schemes have been proposed in the last years, but almost none of them are used in real world scenarios. While OPE was at least implemented for some SQL- based prototype systems before (e.g. [Po11, Tu13], our work identifies the practical requirements for utilizing OPE in existing NoSQL cloud database technologies. It also provides runtime analyses of two popular OPE schemes combined with two popular NoSQL wide column store databases.
  • Konferenzbeitrag
    Towards adaptive event prioritization for network security - ideas and challenges
    (Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit, 2016) Renners, Leonard
    In the network security domain Intrusion detection systems (IDS) are known for their problems in creating huge amounts of data and especially false positives. Several approaches, originating in the machine learning domain, have been proposed for a better classification. However, threat prioritization has also shown, that a distinction in true and false positives is not always sufficient for a profound security analysis. We therefore propose an approach to combine several aspects from those two areas. On the one hand, threat and event prioritization approaches are rather static with fixed calculation rules, whereas rule learning in alert verification focuses mostly on a binary