For more information on relevant project aspects please contact Dimitris Simos.
Damjan Buhov presents today our paper “Pin It! Improving Android Network Security At Runtime” (by Damjan Buhov, Markus Huber, Georg Merzdovnik, and Edgar Weippl) at the IFIP Networking 2016 Conference. IFIP Networking is a CORE A-ranked conference.
Aaron Zauner, one of our researchers, has gotten a talk accepted at Blackhat USA 2016. Together with Sean Devlin, Hanno Böck and Philipp Jovanovic they identified a nonce re-use attack in the TLS GCM modes that can be used to inject additional content in the worst case. Overall, they identified more than 70,000 vulnerable websites on the Internet. You can read the abstract here.
Update: the corresponding paper is now online, you can find it here.
Dimitris Simos gives a talk on May, 11th about “Combinatorial Coverage Analysis of Subsets of the TLS Cipher Suite Registry” joint work with Kristoffer Kleine (SBA Research), Rick Kuhn (NIST), Raghu Kacker (NIST).
ERCIM News No. 106 (July 2016)
DEADLINE FOR CONTRIBUTIONS: Tuesday 17 May 2016
Please read the guidelines below before submitting an article
The Special Theme and the Research and Innovation sections contain articles presenting a panorama of European research activities. The Special Theme focuses on a sector which has been selected by the editors from a short list of currently “hot” topics whereas the Research and Innovation section contains articles describing scientific activities, research results, and technical transfer endeavours in any sector of Information and Communication Science and Technology (ICST), telecommunications or applied mathematics. Submissions to the Special Theme section are subjected to an external review process coordinated by invited guest editors whereas submissions to the Research and Innovation section are checked and approved by the ERCIM News editorial board.
Special Theme: “Cybersecurity”
Fabio Martinelli (IIT-CNR, Italy)
Edgar Weippl (SBA Research, Austria)
Recently there were numerous papers on browser fingerprinting i.e. measuring the entropy of browser configurations to make them uniquely stand out among all others. Usually these methods run analysis on UserAgent strings, canvas fingerprinting, system fonts or the installed plugins. SBA Research has now setup its own fingerprinting website, which includes most methods available until today.
Please visit https://fingerprint.sba-research.org, and measure how unique your browser configuration is.
In case of questions, don’t hesitate to contact us at firstname.lastname@example.org
Researchers from SBA Research are presenting these days at the Linuxwochen Wien 2016:
- Today at 3:30pm, Katharina Krombholz will present the findings of the user study on security and privacy in Bitcoin.
- On Saturday, 12am Martin Schmiedecker will talk about digital forensics on Linux and recently published tools that can take investigations to an entirely new level regarding performance and possible insights.
Today and tomorrow, researchers from SBA are attending Ruhrsec which is a new & non-profit security conference in Bochum. Well-known presenters from the community include Mario Heiderich, Sebastian Schinzel, Daniel Gruss from IAIK Graz, Marion Marschalek and a keynote from Thorsten Holz.
Edgar Weippl gives a presentation on cybersecurity education and training at the RACVIAC CyberSecurity meeting in Zagreb.
Two papers have been accepted at the DFRWS USA ’16 conference on digital forensics, to be held from August 7th to 10th, 2016 in Seattle, WA:
- Time is on my side: Steganography in filesystem metadata
- PeekaTorrent: Leveraging P2P Hash Values for Digital Forensics
You can find pre-prints of the papers as well as the data sets on the corresponding websites.
The paper “Whom You Gonna Trust? A Longitudinal Study on TLS Notary Services” by Georg Merzdovnik, Klaus Falb, Martin Schmiedecker, Artemios Voyiatzis and Edgar Weippl has been accepted for publication in the 30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2016) which takes place from July, 18th-21th, 2016 in Trento, Italy. DBSec 2016 is an A-ranked in CORE.
Abstract: TLS is currently the most widely-used protocol on the Internet to facilitate secure communications, in particular secure web browsing. TLS relies on X.509 certificates as a major building block to establish a secure communication channel. Certificate Authorities (CAs) are trusted third parties that validate the TLS certificates and establish trust relationships between communication entities. To counter prevalent attack vectors – like hacked CAs issuing fraudulent certificates and active man-in-the-middle (MitM) attacks – TLS notary services were proposed as a solution to verify the legitimacy of certificates using alternative communication channels.
In this paper, we are the first to present a long-term study on the effectiveness of TLS notary services. We evaluated the services using active performance measurements over a timespan of one year, and discuss the effectiveness of TLS notary services in practice. Based on our findings we propose the usage of multiple notary services in conjunction with a semi-trusted centralized proxy approach, so as to protect arbitrarily-sized networks on the network level without the need to install any software on the client machines. Lastly, we identify multiple issues that prevent the widespread use of TLS notary services in practice, and propose steps to overcome them.
Aljosha Judmayr’s Tutorial on Cryptocurrencies at WWW 2016 was very well received.
The abstract is published in ACM DL. Aljosha Judmayer and Edgar Weippl. 2016. Cryptographic Currencies Crash Course (C4): Tutorial. In Proceedings of the 25th International Conference Companion on World Wide Web (WWW ’16 Companion). International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland, 1021-1024. DOI=http://dx.doi.org/10.1145/2872518.2891066
Katharina Krombholz was invited to participate in the kick-off event and press conference of “Lange Nacht der Forschung” together with Gerald Klug (technology minister), Hannes Androsch (Austrian Council for Research and Technology Development) and Clara Eibensteiner (bmvit-research trainee).
Martin Schmiedecker and Sebastian Neuer gave insights into how hackers really worked in contrast to the what is portrayed in movies. A second exhibit showed how mobile devices may compromise their owners’ privacy.
You can find the pictures from the OCG here.
On April 22, 2016, Adrian Dabrowski is a guest at Ö1 “Nachtquartier” and speaks about “to hack or not to hack”. He will answer questions from the audience about the life of a hacker and IT security researcher.
April 22, 2016, 00:05, http://oe1.orf.at/programm/434407
Under the lead of TU Austria, we organize an Alpbach Breakout Session on Cyber-Security as a fundamental right. Participants include Isao Echizen (NII), Lokke Moerel (Tilburg University), Günter Müller (University of Freiburg), Reinhard Posch (TU Graz), and Bart Preneel (University of Leuven).