News
Next Seminar on 20.07.2022
Written on 15.07.2022 10:50 by Mang Zhao
Dear All,
The next seminar(s) take place on 20.07. at 14:00 (Session A) and 14:30 (Session B).
Session A: (RA1,3,4) (14:00-15:30)
Christian Schumacher, Ole Heydt, Yassir Kozha
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B: (RA 3,4)(14:30-15:30)
Ulysse Planta, Eric Minas
https://cispa-de.zoom.us/j/99025989421?pwd=cWJIM29LYktsbStxTXlKUStZRi9MUT09
Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$
Session A:
14:00-14:30
Speaker: Christian Schumacher
Type of talk: Bachelor Intro
Advisor: Dr. Nils Ole Tippenhauer
Title: Security Analysis of IoT Devices and Vulnerable User Notification
Research Area: RA3
Abstract:
IoT devices become more and more common in everyone's daily live. With every new device the chance that they are wrongly configured or outdated rises. I will analyze smart home devices (predominantly security cameras and routers) and check their currently implemented security features by inspecting their interfaces and their manuals. In addition, I plan to look at this also from a usable security standpoint to see if the manufacturers could help reduce the amount of badly secured devices by implementing known security ideas. I plan to systematically investigate such different solutions and to analyse what they would accomplish for the respective device.
Furthermore, I plan to address the question "How could someone contact affected people of wrongly configured or outdated devices?". Most of the time a security researcher would only have the IP address of the affected device. What are the steps one has to go through to contact the owner? Is it even possible to contact them knowing only their IP and how have other researchers dealt with the problem of reaching people of compromised devices in the past.
14:30-15:00
Speaker: Ole Heydt
Type of talk: Bachelor Final
Advisor: Nils Ole Tippenhauer, Alessandro Erba, John Henry Alvarado
Title: Systematic Evaluation of Stealthy Attacks against Quadcopter Drones
Research Area: RA4
Abstract:
Drones, rovers or more generally Robotic Vehicles (RVs) have long since ceased to be science-fiction. The usability of cyber-physical
systems in customer industry or the military is widely known. Take for example the advances of Amazon with their "Prime Air" project
where the aim is to create a drone delivery system for customers that could potentially massively impact the delivery market as a whole.
With both the commercial but also political impact that RVs can potentially hold, one needs to develop security mechanisms which are
elaborate enough to defend against - on one hand commercial loss (e.g. delivery services), on the other the endangerment of human life (e.g. military drone missions).
The corruption of cyber-physical systems holds much power as past attacks like Stuxnet prove.
The main challenges of cyber-physical-system security originate from the generally complicated nature of such, as e.g. drones or rovers
operate on both cyber (software) and physical (robotics) layers. Previous work shows that there already exist various possible attacks
on RVs like GPS spoofing or acoustic attacks on e.g. gyroscopes that can significantly deviate the vehicles from their programmed paths
or even lead to crashes. Advances in physics as well as software development and maths are required to develop security mechanisms for RVs.
In our work we want to discuss and and evaluate attacks against drones (more specifically quad-copters) that were introduced in recent research efforts.
Additionally we aim to find and create a systematic way of testing and evaluating countermeasures against such attacks.
15:00-15:30
Speaker: Yassir Kozha
Type of talk: Master Final
Advisor: Dr. Robert Künnemann
Title: Formalising Privilege Escalation Attacks in Kubernetes
Research Area: RA1
Abstract:
Analysing networks and systems has become a necessity in modern and big companies. Finding vulnerabilities and fixing them requires a solid knowledge of the network topology and a great consideration of the effort lying behind finding mitigation techniques. Tools scanning networks for susceptible hosts, rely on known vulnerabilities from public databases. However, the information on the impact of a an exploit is partially vague.
Network's topology and infrastructure integrates in many cases Kubernetes. Kubernetes is an open-source container-orchestration system that automate creating and managing containers. The spread of Kubernetes opens a new world for cybercriminals. Moreover, it adds new challenges for network scanning tools to consider Kubernetes components and their relations.
%Most implementations regard attacks with no regard to possible host-level privilege escalation.
In this thesis, we base on the work of Künnemann et al., which introduced a concept of scanning networks and using the information available to detect potential privilege escalations within nested access control contexts. Our approach is to extend their work to consider Kubernetes clusters. We analyse the Kubernetes structure and components and provide a mapping from Kubernetes descriptions to the model defined in their paper.
Session B:
14:30-15:00
Speaker: Ulysse Planta
Type of talk: Bachelor Intro
Advisor: Michael Schwarz
Title: Frequency Side-Channels on AMD Processors
Research Area: RA3
Abstract:
Traditionally, power side-channels were limited to an attack model with full physical access
and external hardware to measure the power consumption of the system under attack. With the
addition of software interfaces like RAPL, software-only power side-channels became feasible.
As a reaction to this new category of attacks, CPU vendors lowered the precision of reported energy
consumption and operating systems restricted access to energy measuring interfaces to
privileged programs only. Because modern processors continuously vary their operating
frequency depending on the workload, temperature, and energy constraints, we can draw a
conclusion about the type of workload solely from the frequency that the processor is operating at.
Using the RDPRU instruction introduced by AMD with its Zen 2 microarchitecture, an unprivileged
attacker can access two different processor internal registers, yielding a primitive, that allows for
frequency measurements with previously unreachable temporal resolution.
We investigate the resulting side channel on recent AMD processors to see what an attacker can
infer from frequency measurements on these processors and how these attacks can be mitigated.
15:00-15:30
Speaker: Eric Minas
Type of talk: Bachelor intro talk
Advisor: Marius Smytzek
Title: Structured Test Generation for Audio Formats
Research Area: 4
Abstract: Fuzzing is a great way to test programs on their inputs, but when the input is a file, it gets complicated. This is because most fuzzers are format-agnostic, meaning that they cannot generate structured data. Format Fuzzer is a program that lets its users write a template for files with a specific format and then generate these files with random data that still adheres to the specification and more importantly to the context and dependencies to other parts of the file, such as checksums.
I created two specifications for audio files, namely for the OGG and fLaC format. These chunk-based formats are quite similar in their structure, though, fLaC has more complex chunks that had to be implemented.
The generated files were then used to test open-source programs on their ability to parse these files with random data. The results of that were the compared to using American Fuzzy Lop (AFL).