SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


Peter Kieseberg moderating PwC event

Today Peter Kieseberg is moderating the PwC Security Trend event focusing on Business Continuity, Security Policies and the DSGVO.

Tomasz Miksa chairs the newly endorsed DMP Common Standards working group at the RDA

Tomasz Miksa has become the chair of the newly endorsed DMP Common Standards working group at the Research Data Alliance. He will present the goals of the group for the next 18 months at the 10th Research Data Alliance Plenary in Montreal, Canada.

The group brings together a broad spectrum of stakeholders from all around the world, such as: research funders, data repositories, ICT infrastructure providers, software developers, and researchers representing various scientific domains.

The specific focus of the working group is on developing common information model and specifying access mechanisms that make Data Management Plans (DMPs) machine-actionable. The outputs of this working group will help in making systems interoperable and will allow for automatic exchange, integration, and validation of information exchanged using research data infrastructures.

This should lead to higher reproducibility of computational workflows and increase of trust in scientific data.

To follow the activities and learn more about the DMP Commons Standards WG please visit its official web page.


Best Paper Session at ARES 2017

This year’s ARES conference had great papers in the best papers session and the first time-of-test award.

Featured article in newspaper

„Our KIRAS-project “Darknet Analysis” is currently featured with an article in the newspaper “derStandard”, as well as in “”:

Paper accepted @ ACSAC’17

The paper “Grid Shock: Coordinated Load-Change Attacks on Power Grids” by Adrian Dabrowski, Johanna Ullrich, and Edgar Weippl was accepted for publication at the 2017 Annual Computer Security Applications Conference (ACSAC 33).

Our work analyzes whether large-scale botnets are able to modulate electric power consumption in a coordinate way to bring down the power grid. ACSAC is a leading conference in applied computer security. In total, 48 out of 244 submissions were accepted, resulting in an acceptance rate of 19.7%. ACSAC 33 will be held in San Juan, Puerto Rico in December 2017.


Electric power grids are among the largest human-made control structures and are considered as critical infrastructure due to their importance for daily life. When operating a power grid, providers have to continuously maintain a balance between supply (i.e., production in power plants) and demand (i.e., power consumption) to keep the power grid’s nominal frequency of 50\,Hz or alternatively 60\,Hz. Power consumption is forecast by elaborated models including multiple parameters like weather, season, and time of the day; they are based on the premise of many small consumers averaging out their energy consumption spikes. 

In this paper, we develop attacks violating this assumption, investigate their impact on power grid operation and assess their feasibility for today’s adversaries. In our scenario, an adversary builds (or rents) a botnet of zombie computers and modulates their power consumption, e.g., by utilizing CPU, GPU, hard disks, screen brightness, and laser printers in a coordinated way over the Internet. Outperforming the grid’s countervailing mechanisms in time, the grid is pushed into unstable states triggering automated load shedding or tie-line tripping.

We show that an adversary does not have to rely on smart grid features to modulate power consumption given that an adequate communication infrastructure for striking the (legacy) power grid is currently nearly omnipresent: the Internet to whom more and more power-consuming devices are connected.​

Paper accepted @ CBT’17

The paper “Merged Mining: Curse or Cure?” by Aljosha Judmayer, Alexei Zamyatin, Nicholas Stifter, Artemios G. Voyiatzis, and  Edgar Weippl was accepted for publication at the 1st International Workshop on Cryptocurrencies and Blockchain Technology (CBT’17), held in conjunction with ESORICS 2017.

Merged mining refers to the concept of mining more than one cryptocurrency without necessitating additional proof-of-work effort. Although merged mining has been adopted by a number of cryptocurrencies already, to this date little is known about the effects and implications. We shed light on this topic area by performing a comprehensive analysis of merged mining in practice. As part of this analysis, we present a block attribution scheme for mining pools to assist in the evaluation of mining centralization. Our findings disclose that mining pools in merge-mined cryptocurrencies have operated at the edge of, and even beyond, the security guarantees offered by the underlying Nakamoto consensus for extended periods. We discuss the implications and security considerations for these cryptocurrencies and the mining ecosystem as a whole, and link our findings to the intended effects of merged mining.

An extended version of the paper is available at the Cryptology ePrint Archive: Report 2017/791.

Congratulations, Dr. Merzdovnik!

Congratulations to Dr. Merzdovnik, who defended his thesis yesterday!

SBA at @SHA2017Camp

Numerous members of SBA Research are currently at the SHA2017 hackercamp in the Netherlands. Martin Schmiedecker will present “An academic’s view to incident response” (Details here).

Abstract: A timely reaction to security incidents is without doubts important. And while the techniques of digital forensics can come pretty close to perfect for single-host systems with small hard drive capacity, things can get easily messy with 10+ systems, a mixture of operating systems & mobile devices of various brands, or gigabit network traffic that is partly encrypted.

This talk contains two parts. For one, the do’s and don’ts for incident response from a forensic examiner’s point of view. Is it better to pull the plug, or gracefully shut the machine down, how to capture network traffic, and what to do if the machine is still running and you’d like to image the RAM. In particular, I’ll present a few methods how to capture network traffic for small networks that don’t have a dedicated monitoring port available, and what to do with them. Secondly, a list of things that went wrong when reality kicked in and good intentions do more harm than good. This will include the problems of tool dependency for specific tasks, free log aggregation using graylog and why there is no such thing a s a free lunch, GRR and the riddle for the perfect toolchain.


Blockchain Austria platform

For the platform Blockchain Austria, a few well-known experts from different areas were found as partners. For example, Blockchainhub Graz, the research center SBA Research and the law firm Stadler Völkel are involved.

Some proposals are presentend in a “9 point plan for Austria”.

For more information please see this article (in german)

Black Hat USA 2017

Adrian Dabrowski is attending Black Hat USA 2017 security conference, which takes place from July 22 – 27, 2017 in Las Vegas, NV, USA. More than 15.000 people are attending the 20th edition of the conference.

Johanna Ullrich @ TU Graz

Johanna Ullrich gave a guest talk on the mysteries of IPv6 addressing at the Secure Systems Group of Professor Mangard at TU Graz.

Johanna Ullrich @ IETF99

Johanna Ullrich is attending the Meeting of the Internet Engineering Task Force (IETF99) in Prague at the moment. On Wednesday, she gave a talk presenting her survey on IPv6 security and privacy vulnerabilties.

The survey can be found here.

Letitia Kernschmidt @ CMU

Letitia Kernschmidt spent last semester at Carnegie Mellon University (CMU). She took several courses and enjoyed in particular the course on Information Security Policy and Management. It focused on the non-technical aspects of information security such as product liability laws, cyber-insurance, data- breach notification laws, and regulations about minimum security requirements. Besides these university classes, she continued to work on a research project on the spreading of interacting epidemics in the context of computer malware (WU Vienna).

Letitia – who started with a FemTech internship at SBA Research and stayed on as researcher – enjoyed her time at CMU so much that she will continue her studies there.

#FF for @SBA_Prime

We are proud to announce that we have created a new Twitter feed, @SBA_prime. It is a curated, low-volume infosec timeline, operated by numerous members of SBA.

Paper accepted @ MASCOTS 2017

The paper “Swimming with Fishes and Sharks: Beneath the Surface of Queue-based Ethereum Mining Pools” by Alexei Zamyatin, K. Wolter, S. Werner, C.E.A. Mulligan, P.G. Harrison and W.J. Knottenbelt was accepted for publication at the 25th IEEE International Symposium on the Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS) 2017.

Cryptocurrency mining can be said to be the modern alchemy, involving as it does the transmutation of electricity into digital gold. The goal of mining is to guess the solution to a cryptographic puzzle, the difficulty of which is determined by the network, and thence to win the block reward and transaction fees. Because the return on solo mining has a very high variance, miners band together to create so-called mining pools. These aggregate the power of several individual miners, and, by distributing the accumulated rewards according to some scheme, ensure a more predictable return for participants.

In this paper we formulate a model of the dynamics of a queue- based reward distribution scheme in a popular Ethereum mining pool and develop a corresponding simulation. We show that the underlying mechanism disadvantages miners with above-average hash rates. We then consider two-miner scenarios and show how large miners may perform attacks to increase their profits at the expense of other participants of the mining pool. The outcomes of our analysis show the queue-based reward scheme is vulnerable to manipulation in its current implementation.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.