Next Seminar on 30.08.2023
Written on 24.08.2023 21:52 by Mang Zhao
The next seminar takes place on 30.08.2023 at 14:00 (Session A). Please note that there is only one session.
Session A: (14:00-15:30)
Sven Kuppe, Leonard Niemann, Dominik Sautter
Meeting-ID: 967 8620 5841
14:00 - 14:30
Speaker: Sven Kuppe
Type of talk: Bachelor Intro
Advisor: Lucjan Hanzlik
Title: Blockchain-Based Verification of Android Keystore-Generated Key Attestations using Smart Contracts
Research Area: RA1
When we use cryptocurrencies, we want to make sure our transactions are safe.
Thereby, one question we have to ask ourselves is how can we be sure that our recipient has a reliable key management? Does he really store his private Key securely?
A secure way to store your private key is to use a hardware-backed keystore like Android keystore.
This project aims to achieve this safety property. By utilising Androids hardware-backed keystore feature, available in modern smartphones, to create a trust mechanism that verifies the presence of a hardware-backed key in a device. Which is then proven by a specialised smart contract.
The goal of this work is to develop an android application and the specialised smart contract. The application creates a key within the secure memory and and provides a proof that the key is inside secure memory. This establishes trust in the receiver's devices without the need for additional verification methods. As this provides an answer to the above mentioned security questions.
14:30 - 15:00
Speaker: Leonard Niemann
Type of talk: Master Final
Advisor: Dr. Michael Schwarz
Title: "Performance Counters Rethought: Actively Mitigating Microarchitectural Side Channels"
Research Area: RA3
In recent years, researchers have discovered new microarchitectural side-channel attacks regularly, which has gained them increasing popularity. These side-channel attacks leak secrets via metadata exposed through shared microarchitectural building blocks like the cache. Defenses are lacking behind, as they typically require expensive changes to the microarchitecture. Moreover, they are often overly specific to certain types of attacks and only work against a subset of all attacks. Recent research commonly proposes hardware performance monitoring counters for detecting attacks. However, most of these approaches do not specify the process after the detection but focus on the detection itself. Thus they do not prevent the leakage of sensitive data.
In this thesis, we present PMCDefender, which is a software-only toolkit for actively mitigating a variety of microarchitectural side-channel attacks. Similar to previous work, we rely on performance monitoring counters as the underlying mechanism. However, we do not actively query the counters and use machine learning. Instead, we present a synchronous way to immediately stop the execution of a victim program if an attack is detected by leveraging performance monitoring interrupts. Thereby, PMCDefender actively performance events data leakage or at least limits the amount of data that can leak to negligible. Moreover, our approach is portable, versatile, and allows fine-grained control. Our approach works against multiple cache-based side-channel attacks and Spectrestyle transient execution attacks.
We further demonstrate its applicability in two realworld case studies on the RSA implementation of GnuPG 1.4.13 and the AES routine of openSSL 1.0.1e. Across all attacks, PMCDefender achieves a detection rate of over 99 % and a false-positive rate of less than 1.5 %. The overhead is negligible with a runtime increase of 0.3 % for the RSA implementation and 1.8 % for an AES routine. Based on the results, we conclude that active mitigation of microarchitectural side-channel attacks works and that our approach’s capabilities are sufficient to prevent data leakage.
15:00 - 15:30
Speaker: Dominik Sautter
Type of talk: Master Intro
Advisor: Thorsten Holz, Bhupendra Acharya
Title: ScamChatBot: Analyzing the Fake Technical Support Scam in Social Media via Automated ChatGPT
Research Area: RA3
In the last few years, cryptocurrency users and value has been on the rise. The global market value for cryptocurrency is ever-rising and peaked at $2.9 Trillion in late 2021 . As the market share of cryptocurrency is ever-expanding, phishing attacks often target online wallet accounts. Such attacks are often found to compromise the wallet by either risk of losing access to the wallet or funds being stolen. Thus, it is crucial to understand the mechanics of cryptocurrency attacks and scams in the wild.
Moreover, the market trend for users is shifting where one in every three social media users prefers to reach the brand or business support via social media. Thus, it is not surprising to see users with technical issues reaching out to the brand via popular social media such as Twitter, Instagram, and others. This has lately attracted scammers to perform fake technical support scams via interaction with users’ public posts based on technical issues. Users seeking technical help via social media are often lured to share their credentials and private keys via direct messaging. In this work, we plan to interact with scammers who pretend to act as providing official technical support to regular Internet users. Regular Internet users often seek solutions related to the technical issue by searching on Google and posting on social media such as Facebook, Twitter, and Instagram. Apparently, this kind of search or posts in social media often lures such scammers whose intention is to fake as official support. Our motive is to understand such behavioral end-to-end analysis of chatting with scammers and analyze the tricks that scammers play in monetizing regular Internet users. In order to perform large-scale systematized work, we plan to integrate a ChatGPT-based automated end-to-end analysis of fake technical support by posting a honey tweet on Twitter. The automated chat system collects the scammer’s preferred payment profile. For the collected payment profile we plan to track and provide insights on money laundering techniques by analyzing the digital footprint of scammers.