Congratulations to Dr. Merzdovnik, who defended his thesis yesterday!
Abstract: A timely reaction to security incidents is without doubts important. And while the techniques of digital forensics can come pretty close to perfect for single-host systems with small hard drive capacity, things can get easily messy with 10+ systems, a mixture of operating systems & mobile devices of various brands, or gigabit network traffic that is partly encrypted.
This talk contains two parts. For one, the do’s and don’ts for incident response from a forensic examiner’s point of view. Is it better to pull the plug, or gracefully shut the machine down, how to capture network traffic, and what to do if the machine is still running and you’d like to image the RAM. In particular, I’ll present a few methods how to capture network traffic for small networks that don’t have a dedicated monitoring port available, and what to do with them. Secondly, a list of things that went wrong when reality kicked in and good intentions do more harm than good. This will include the problems of tool dependency for specific tasks, free log aggregation using graylog and why there is no such thing a s a free lunch, GRR and the riddle for the perfect toolchain.
For the platform Blockchain Austria, a few well-known experts from different areas were found as partners. For example, Blockchainhub Graz, the research center SBA Research and the law firm Stadler Völkel are involved.
Some proposals are presentend in a “9 point plan for Austria”.
For more information please see this article (in german)
Adrian Dabrowski is attending Black Hat USA 2017 security conference, which takes place from July 22 – 27, 2017 in Las Vegas, NV, USA. More than 15.000 people are attending the 20th edition of the conference.
Johanna Ullrich gave a guest talk on the mysteries of IPv6 addressing at the Secure Systems Group of Professor Mangard at TU Graz.
Johanna Ullrich is attending the Meeting of the Internet Engineering Task Force (IETF99) in Prague at the moment. On Wednesday, she gave a talk presenting her survey on IPv6 security and privacy vulnerabilties.
The survey can be found here.
Letitia Kernschmidt spent last semester at Carnegie Mellon University (CMU). She took several courses and enjoyed in particular the course on Information Security Policy and Management. It focused on the non-technical aspects of information security such as product liability laws, cyber-insurance, data- breach notification laws, and regulations about minimum security requirements. Besides these university classes, she continued to work on a research project on the spreading of interacting epidemics in the context of computer malware (WU Vienna).
Letitia – who started with a FemTech internship at SBA Research and stayed on as researcher – enjoyed her time at CMU so much that she will continue her studies there.
We are proud to announce that we have created a new Twitter feed, @SBA_prime. It is a curated, low-volume infosec timeline, operated by numerous members of SBA.
The paper “Swimming with Fishes and Sharks: Beneath the Surface of Queue-based Ethereum Mining Pools” by Alexei Zamyatin, K. Wolter, S. Werner, C.E.A. Mulligan, P.G. Harrison and W.J. Knottenbelt was accepted for publication at the 25th IEEE International Symposium on the Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS) 2017.
Cryptocurrency mining can be said to be the modern alchemy, involving as it does the transmutation of electricity into digital gold. The goal of mining is to guess the solution to a cryptographic puzzle, the difficulty of which is determined by the network, and thence to win the block reward and transaction fees. Because the return on solo mining has a very high variance, miners band together to create so-called mining pools. These aggregate the power of several individual miners, and, by distributing the accumulated rewards according to some scheme, ensure a more predictable return for participants.
In this paper we formulate a model of the dynamics of a queue- based reward distribution scheme in a popular Ethereum mining pool and develop a corresponding simulation. We show that the underlying mechanism disadvantages miners with above-average hash rates. We then consider two-miner scenarios and show how large miners may perform attacks to increase their profits at the expense of other participants of the mining pool. The outcomes of our analysis show the queue-based reward scheme is vulnerable to manipulation in its current implementation.
Johanna Ullrich visited the 3. AG CYSIS Symposium in Frankfurt, Germany. CYSIS is initiated by Deutsche Bahn and TU Darmstadt to develop secure railway infrastructures.
At the symposium, the results of the working groups “Resilient Architectures”, “Business Continuity Management”, “Security for Safety”, and “ETCS with Security” were presented.
The ERCIM News No. 110 has just been published with a special theme on “Blockchain Engineering“.
SBA Research contributes two articles in this issue. The first article is by Aljosha Judmayer, Alexei Zamyatin, Nicholas Stifter and Edgar Weippl on “Bitcoin – Cryptocurrencies and Alternative Applications“. The second article is by Nicholas Stifter, Aljosha Judmayer, and Edgar Weippl on “A Holistic Approach to Smart Contract Security“.
The full issue is available in PDF format here.
At the Autonomous Machines World Edgar Weippl chairs a Security Cafe Session, 2.5 hours discussion on security on autonomous production machines.
Today at ‘International Conference on Algebraic Informatics’ [CAI], Dimitris Simos is chairing a session on Design Theory, where Ludwig Kampel is presenting a paper titled ‘Covering Arrays as Set Covers’ (Ludwig Kampel, Bernhard Garn, and Dimitris E. Simos). CAI brings together researchers from mathematics and computer science, with topics discussed being at the intersection of these two fields.
Rowhammer is an very interesting attack that can be used to flip bits in RAM, and can be used among other things to elevate privileges.
The Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks (TARGET) is being expanded in its third year. A new module is added, which is executed SBA Research, an external partner from Vienna, and the existing modules scope is extended.
Georg Merzdovnik and Edgar Weippl work on security aspects of container technology. SBA Research hosts this external module to further strengthen the cooperation with FH St. Pölten.
Markus Klemen gives the keynote speech “Employee Loyalty – a Feasible Goal?” at the (ISC)² Secure Summit DACH in Zürich today.
Further details can be found here.
Artemios G. Voyiatzis is representing SBA Research at the Special Interest Group (SIG) meetings on Digital Forensics (DF) and Teaching/Learning (TL) of the EU-funded project “Strengthening European Network Centres of Excellence in Cybercrime” (SENTER). The meetings take place on June 26-27, 2017 in Esslingen, Germany.