Last weekend SBA hosted the CTF Team “We_0wn_Y0u” (https://w0y.at) for another round of iCTF (International Capture the Flag), organized by UCSB. After a bumpy start, they were able to secure the 2nd place in the competition.

Congratulations also to Bushwhackers and [SPbCTF] Kappa, for scoring 1st and 3rd place respectively.

W0Y is mainly organized by lecturers and students from the security courses held by SBA Research at TU Wien, and is always open for interested students to join.

Rethink Cybersecurity (hosted by SBA and Anovis) took place on March 14, 2019 as a co event of the 2019 Vienna Cyber Security Week. The session brought together over one hundred decision makers in business, research and government. The agenda featured a total of eight talks and panels on future security threats in cyberspace and new ways of approaching upcoming challenges. On this note SBA introduced five European IT startups targeting respective issues and trying to come up with new ideas, products and services. The selected startups will be competing for the fifth Security Rockstars title.

Detailed Agenda

Alexei Zamyatin has a talk on “Decentralized Mining Pools: Security and Attacks”​ accepted at the Breaking Bitcoin Conference. The 2019 conference takes place in Amsterdam, from 8-9 June.

You are cordially invited to join Ulrich Habock´s talk on Friday, March 15, 4:00 pm @ SBA Research.

Title: Anonymous Credentials for the Cloud, Revisited.

Abstract: In an attribute-based credential (ABC) sys- tem, users obtain a digital certificate on their personal attributes, and can later prove possession of such a cer- tificate in an unlinkable way, thereby selectively disclos- ing chosen attributes to the service provider.

We present a revision of a previous work on ‘encrypted attribute-based credentials’ (EABC) by S. Krenn et al., which mitigates the security weaknesses of the original construction and moreover considers a much wider attack scenario.

This fundamentally modified system be the basis of our upfollowing prototype, and its reference integration into the web-based OpenID Connect identity layer.

Cyber attacks are all over the media and keep putting Austria´s digitization at risk. Global cyber crime and digital insecurities affect society and economy. Who will defend our connected systems in the future, and how will a possible defense look like? How can cyber security be implemented in order to secure future digital transformation in Austria?

Rethink Cybersecurity (hosted by Anovis, KSÖ and SBA) is set to target many more questions in the run of the 2019 Vienna Cyber Security Week. 11 speakers will attempt to provide applicable advice and engage in numerous panel discussions.

Press release APA OTS

Press release Börse-Express

Over 100 software developers received a good amount of practical advice at the first edition of sec4dev conference + bootcamp. Above all they learned how to include security in their process from day 1.

Futurezone article on sec4dev 2019

Hamza Abusalah has an SBA paper accepted at Eurocrypt 2019 taking place in Darmstadt, Germany from May 19-23, 2019.
Paper: Reversible Proofs of Sequential Work

We are also excited to announce that the paper “XCLAIM: Trustless, Interoperable Cryptocurrency-Backed Assets” by Alexei Zamyatin is accepted at IEEE S&P 2019, San Francisco, CA.
Paper: XCLAIM: Trustless, Interoperable, Cryptocurrency-Backed Assets

The first edition of sec4dev conference + bootcamp was hosted at TU Campus Gußhaus from February 25 -27, 2019 and welcomed more than 100 participants. After two all day bootcamps on Monday, the single track conference was kicked off on Tuesday morning with a keynote from Markus Sabadello on Decentralized Identifiers. The first day of the main track then featured Philippe De Ryck (Pragmatic Web Security) pointing out common API Security Pitfalls, Maha Sounble (A1) explaining the right way of storing and masking data and Tobias Zillner (Alpha Strike Labs) providing insights into the story of 500.000 recalled pacemakers. In the afternoon of the first day, Fefe (Fefes Blog) introduced “Trusted Computing Base”, Alexander Schatten (SBA) animated to question the complexity of today´s software systems, Martin Pirker (St. Pölten University of Applied Sciences) explained how to correctly pase input data, Stefan Vogl (Austrian State Printing House) introduced the security development process of the Austrian State Printing House and Philipp Krenn (Elastic) spoke about scalable auditing. The official conference dinner was hosted at the oldest Austrian “Heurigen”, 10er Marie. The second day of the main track started out with a round of Protection Poker conducted by Martin Gilje Jaatun (SINTEF). The rest of the agenda was packed with both technical and legal advice on how to achieve higher security. Christian Trummer (Bitpanda) took the audience on the journey on how Bitpanda has handled security challenges over time, Markus Dörfler (Kanzlei Höhne, In der Maur & Partner) proved that GDPR does not have to be a dry topic, Mathias Tausig (FH Campus Wien) gave a Crash Course on Crypto and Martin Reinhard (Holisticon) explained how to continuously get more secure. The afternoon featured Barbara Ondrisek (Women&Code) speaking about Privacy and Data Security of Chatbots, Pascal Schulz (Dynatrace) introducing a successful Bug Bounty Program and Florian Bogner (Bee IT Security) demonstrating how Exploit Developers work. The closing note on User Account Security 2019 was held by organizer Thomas Konrad (SBA Research).

The received feedback was throughout very positive and definitely confirms the existing demand for more application oriented conferences such as sec4dev. After the successful kick off the second edition of sec4dev will take place from February 24 – 27, 2020.

CONCORDIA is a major H2020 consortium to interconnect Europe’s Cybersecurity capabilities. It will establish a pilot for a Cybersecurity Competence Network and will lead the development of a common Cybersecurity Research & Innovation Roadmap for Europe.

Press release