News
Next Seminar on 27.03.2024
Written on 26.03.2024 11:40 by Mang Zhao
Dear All,
The next seminar(s) take place on 27.03.2024 at 14:00 (Session A) and 14:00 (Session B).
Session A: (14:00-15:30)
Leon Barth, Raik Schweigert, Luca Nimsgern
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B: (14:00-15:30)
Yannick Chording, Devi Faustine, Mitul Bipin
https://cispa-de.zoom-x.de/j/66136901453?pwd=YVBSZU9peUpvUlk4bWp3MDR4cGlUUT09
Session A:
14:00 - 14:30
Speaker: Leon Barth
Type of talk: Master Outro
Advisor: Dr. Nils Ole Tippenhauer
Title: Feasibility of IDS in Automotive Systems using the NXP S23G Platform
Research area: RA3: Threat Detection and Defenses
Abstract:
The Controller Area Network (CAN) was introduced in the 1980s and became the de facto standard communication protocol in the automotive industry. At that time, however, cars were much less digitized, which meant that potential security risks with CAN were less prevalent. Today, with connected cars and numerous digital control systems such as brake-by-wire, drive-by-wire, or autopilot, the risk is much higher. As a quasi-standard, the protocol cannot be easily replaced. Therefore, security measures are required. Intrusion Detection Systems (IDS), successfully used for other types of networks, are one way to detect attacks.
However, since CAN does not send or verify information about the sender or recipient of individual messages, this is a major challenge. Possible approaches attempt to infer anomalies and possible attacks from information about signal levels, temporal context, or message content. Methods ranging from simple statistics to deep learning are presented and evaluated. Unfortunately, most of the evaluation scenarios are not very close to practice due to the use of powerful computers, oscilloscopes, or synthetic evaluation data.
In this thesis, I investigate the feasibility of implementing such systems on next-generation automotive hardware using the NXP S32G platform as an example and realistic data. Therefore, I collect existing approaches for CAN IDS and CAN traffic datasets. The IDS is then analyzed with data as close to reality as possible, both on conventional high-performance x86-based hardware with a dedicated GPU and on the much more limited ARM-based NXP S32G platform. The results will be used to evaluate the feasibility of each concept in future vehicles.
14:30 - 15:00
Speaker: Raik Schweigert
Type of talk: Bachelor Intro
Advisor: Wouter Lueks, Sylvain Chatel
Title: Privacy Analysis of Digital Contact Tracing Systems
Research Area: RA1
Abstract:
In a pandemic like COVID-19, contact tracing is a key strategy that mitigates the spread of the virus by notifying people that have recently been in close proximity to a positively diagnosed individual.
However, the scale of manual contact tracing is limited. As an addition, digital contact tracing systems were proposed, which increase the scalability of contact tracing by letting mobile devices broadcast and capture tokens that can be matched later in case of a positive test to notify at-risk individuals.
While these systems automate contact tracing, requiring less work, they also handle sensitive data. Thus, digital contact tracing systems should respect the users’ privacy. This thesis analyzes contact tracing systems with respect to their privacy.
15:00 - 15:30
Speaker: Luca Nimsgern
Type of talk: Bachelor Intro
Advisor: Lucjan Hanzlik
Title: Multi-party signatures on FIDO tokens
Research Area: RA1
Abstract: Consisting of the W3C Web Authentication (WebAuthn) and the FIDO Client to Authenticator Protocol (CTAP), FIDO2 introduces a standard for strong authentication in the web environment.
In this thesis, we will implement a multi-party signature on FIDO keys. As the name suggests, in multi-party signatures the private key for signing a message is distributed by multiple parties.
The idea is that each FIDO key holds his own share of the private key, so in the end a certain amount of FIDO keys (which we can specify before) is needed to produce a valid signature.
After the implementation phase, we will evaluate this approach by its performance and security, in order to compare it with the common approach.
Session B:
14:00 - 14:30
Speaker: Yannick Schording
Type of talk: Master Intro
Advisor: Dr. Dominic Steinhöfel
Title: Specification based testing with JSON-schema
Research Area: 3
Abstract:
The JavaScript Object Notation (JSON) is one of the most widely used formats to interchange data. Due to its popularity, we need ways to test systems that use JSON files as their input. But how can we do so? One approach would be to feed it randomly generated JSON files. However, most of these files would not reach deep into the code since they do not conform to its expected input structure. By using the JSON-schema vocabulary as a basis for specification-based testing we can get around this issue. While tools that generate JSON files from schemas already exist they follow a monolithic approach as they combine the specification
handling and input generation into a single piece of software. In this thesis, we develop a tool that decouples these two parts. To do so we first translate JSON schema into an equivalent pair of a context-free grammar and a set of semantic constraints. We then use this specification to generate valid JSON files with the ISLa fuzzer. The benefits of this approach are that changes in the fuzzer do not necessitate rewriting the specification handling and vice versa. Another advantage is that based on this specification the ISLa fuzzer can also mutate, validate, or repair existing inputs.
To evaluate our tool we plan to compare it to existing generators regarding the diversity of the generated inputs, generation speed and the ability to find bugs in software.
14:30 - 15:00
Speaker: Devi Faustine
Type of talk: Bachelor Final
Advisor: Dr. Lucjan Hanzlik
Title: Efficiency of Post-Quantum Blind Signature built from secure Multi-Party Computation
Research Area: RA1
Abstract:
Nowadays Post-Quantum Cryptography (PQC) has been gaining more and more attention, as the development of quantum computers further progress. Taking this into consideration, we would like to make cryptographic primitives and protocols also quantum resistant. Blind signatures have also gained popularity as blockchain and electronic cash is also booming.
The idea of this thesis is to combine secure Multi-Party Computation (MPC) with a post-quantum digital signature in order to create fua post-quantum blind signature. Since MPC also keeps privacy of the parties' input, meaning this also fulfills the purpose of blind signatures. The digital signature used in this scheme would be SPHINCS+, which is a quantum-resistant, stateless hash-based signature scheme, specifically aimed at reducing signature size. We implement SPHINCS+ inside an MPC library and bench the performance of this construction.
15:00 - 15:30
Speaker: Mitul Bipin
Type of talk: Master Intro
Advisor: Cristian Alexandru Staicu, Masud Bhuiyan.
Title: Regular Expression Denial of Service (ReDoS) Defense Analysis. Research Area: RA3: Threat Detection and Defenses.
Abstract:
A Regular Expression Denial of Service (ReDoS) attack is a type of algorithmic complexity vulnerability in which an attacker sends a specially crafted input to exploit a vulnerable regex pattern to trigger excessive backtracking within a regular expression engine, leading to prolonged processing times and potentially crashing the system. Unlike traditional Denial of Service (DoS) attacks, which flood a system with high volumes of traffic, ReDoS attacks exploit inefficiencies in regular expression matching algorithms, making them harder to detect and mitigate. Developers typically rely on regular expressions to perform input validations, e.g., Email ID, phone number. Sometimes, developers may unintentionally write or copy vulnerable regex patterns, making their application vulnerable to a ReDoS attack. Furthermore, developers may import libraries, e.g., npm, that may contain a vulnerable regex pattern, thereby making the application susceptible to a ReDoS attack. In order to prevent a ReDoS attack, developers often choose one of the many mitigation approaches such as:
1. Timeout Mechanisms
2. Limit Backtracking
3. Use Traditional Regex Engines (that do not support extended features such as backtracking)
4. Repair the Vulnerable Regex Pattern.
5. Use an Alternate Logic. e.g., custom parser
6. Limit Input Length.
We refer to these approaches as "Standard Approaches," which involve modifying the underlying code and the vulnerable regex pattern. Additionally, researchers have developed solutions that mitigate a ReDoS attack on an application in real-time, i.e., block HTTP requests that potentially contain a specially crafted input to cause a ReDoS attack. We refer to these approaches as "Reactive Approaches". A Reactive Approach is typically deployed alongside the application, and all input validations will still be performed using a vulnerable regex pattern. It will be interesting to analyze whether the reactive approaches can block HTTP requests that can potentially cause a ReDoS attack.
The primary objective of the thesis is to determine the most effective method for mitigating a ReDoS attack. To achieve that, we will deploy an application that contains a vulnerable regex pattern prone to a ReDoS attack. We will then fix the underlying vulnerability with each of the techniques mentioned above. Lastly, we will simulate benign requests for a specific period and send malicious HTTP requests in frequent intervals to assess the effectiveness of each approach discussed above. During the experiment, we will record the latency and throughput experienced by benign users, recognizing these metrics as crucial parameters in identifying the most effective method for mitigating a ReDoS attack.
The "Master Intro" seminar gives a sneak peek into the results obtained by performing the above experiment on the PHP platform. It also highlights the motivation, along with the research contribution and the research questions answered in the thesis. Lastly, the seminar will shed light on the future scope and open the ground for discussions!