SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


Adrian Dabrowski @ MoST 2016

Adrian Dabrowski gives a talk about “Browser History Stealing with Captive Wi-Fi Portals” at the Mobile Security Technologies (MoST) 2016, held as part of the IEEE Computer Society Security and Privacy Workshops, in conjunction with the IEEE Symposium on Security and Privacy in San José.

Abstract: In this paper we show that HSTS headers and long term cookies (such as those used for user tracking) are so prevailing that they allow a malicious Wi-Fi operator to gain significant knowledge about the past browsing history of users. We demonstrate how to combine both into a history stealing attack by including specially crafted references into a captive portal or by injecting them into legitimate HTTP traffic.

More information can be found here.

ITEA2-action DIAMONDS received EUREKA-award

We are proud to announce that the ITEA2-action DIAMONDS where SBA Research participated through the MobseTip project received the prestigious EUREKA-award.

For more information on relevant project aspects please contact Dimitris Simos.

SBA Research at IFIP Networking 2016

Damjan Buhov presents today our paper “Pin It! Improving Android Network Security At Runtime” (by Damjan Buhov, Markus Huber, Georg Merzdovnik, and Edgar Weippl) at the IFIP Networking 2016 Conference. IFIP Networking is a CORE A-ranked conference.

Talk at Blackhat USA 2016 accepted

Aaron Zauner, one of our researchers, has gotten a talk accepted at Blackhat USA 2016. Together with Sean Devlin, Hanno Böck and Philipp Jovanovic they identified a nonce re-use attack in the TLS GCM modes that can be used to inject additional content in the worst case. Overall, they identified more than 70,000 vulnerable websites on the Internet. You can read the abstract here.

Update: the corresponding paper is now online, you can find it here.

News coverage: ARS Technica

Dimitris Simos @ HCSS 2016

Dimitris Simos gives a talk on May, 11th about “Combinatorial Coverage Analysis of Subsets of the TLS Cipher Suite Registry” joint work with Kristoffer Kleine (SBA Research), Rick Kuhn (NIST), Raghu Kacker (NIST).

HCSS 2016 takes place from May 10th to May 12th in Annapolis, MD, USA. HCSS is organized by the NITRD group and brings together researchers from academia, industry and government agencies.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.