News
Update: Next Seminar on 28.09.2022 (Sessions Merger)
Written on 24.09.2022 20:07 by Mang Zhao
Update:
To simplify the seminar organization on 28.09, we merge two sessions into one, i.e., Session A.
Please do NOT join Session B.
Dear All,
The next seminar(s) take place on 28.09 at 14:00 (Session A).
Session A: (RA 1,4,5) (14:00-15:30)
Abdullah Imad Malallah, Erfan Balazadeh, Norman Ziebal
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session A:
14:00-14:30
Speaker: Abdullah Imad Malallah
Type of talk: Bachelor Intro
Advisor: Sven Bugiel
Title: Exploring API behaviour in android applications using Word2Vec
Research Area: RA4
Abstract:
Most of android applications use services embedded in the mobile phone e.g. WiFi, Bluetooth, GPS, Camera, etc. To interact with these services you should use something called API.
An API is a type of program that contains code, which could be called into your application. This code normally allows you to add certain functionalities to your application. Since these APIs interact with the hardware services like GPS, they can retrieve sensitive information about the user (e.g. location of the user).
The ability to verify whether an Android application performs as advertised has long been a challenge for analysts. How do we know that an application use these APIs in a good behavior? Does this application harm the privacy of the user for example by leaking their location?
The problem is not whether an app's behavior fits a certain pattern or not, but rather, if the program behaves as promised. In this work, we make an effort to compare actual app behavior to that which has been advertised. We use android apps as a data set for this work, because of its market share and history of attacks. The main idea is to cluster APIs based on their code context and combine those with the app descriptions and rationales to detect outliers by using Word2Vec.
14:30-15:00
Speaker: Erfan Balazadeh
Type of talk: Bachelor Final
Advisor: Dr. Lucjan Hanzlik
Title: Timed-Release Cryptography using a Proof-of-Stake Blockchain
Research Area: 1
Abstract: Imagine a scenario where you want to encrypt a message, but you don't want it to be able to be decrypted by the receiving party right away.
The concept of "encrypting a message to the future" is not new and has been around for many years. The proposed solutions so far, like time-lock puzzles or verifiable delay functions, for instance,
are not perfect however. They require a lot of computing power and the speed can vary drastically depending on the hardware being used.
The thesis' goal was to implement a new encryption scheme, which is efficiently computable and which gets rid of the previously mentioned solutions' weaknesses, inside of a real-world setting.
The idea is to make use of the existing Proof-of-Stake architecture in the Ethereum 2.0 consensus protocol, where so called committees vote on new blocks by using an aggregatable signature scheme named BLS. One of the implementation tasks of the thesis was to see if it is possible to listen to the unaggregated BLS signatures and the signed message, which are necessary for the encryption scheme. Once enough of these unaggregated signatures are accumulated, we can go on to decrypt the message. Basically, a receiving party can only decrypt the message once certain conditions are met that the encrypter knows will happen in a desired amount of time in the future.
This talk will present the results and the findings of the thesis.
15:00-15:30
Speaker: Norman Ziebal
Type of talk: Bachelor Final
Advisor: Prof. Andreas Zeller, Dr. Dominic Steinhoefel
Title: Bidirectional Conversion between Context-Free Grammars and Binary Templates
Research Area: RA5
Abstract: Most programs expect highly structured inputs, which makes black-box fuzzing rather inefficient because inputs get rejected very early in the program flow.
Grammar-based fuzzing is a common technique to provide much better inputs to programs based on a specification.
FormatFuzzer is a generator for format-specific fuzzers. It takes a Binary Template as input, a format specification for a binary format,
and produces a highly efficient and fast parser and generator, which is conform to the provided specification.
Hundreds of Binary Templates already exist for various formats, but they can not be utilized by other grammar-based fuzzing tools,
due to Binary Templates being written in an imperative C-Style.
Grammar-based fuzzing tools commonly rely on a more declarative type of specification, like context-free grammars.
Context-free grammars are widely used when it comes to grammar-based fuzzing. They are easy to read and write for humans and have proven to be a good way of specifying a format.
Therefore many grammar-based fuzzing tools work well with context-free grammars as input.
This work aims to combine the benefits of context-free grammars and Binary Templates for fuzzing.
We will implement a framework for bidirectional conversion between context-free grammars and binary templates.
With this framework, we will, on one hand, be able to leverage the vast quantity of existing binary templates with already existing fuzzing tools and techniques
and on the other hand, combine the simplicity of context-free grammars with the speed and efficiency of FormatFuzzer.