RuhrSec Archive

Past RuhrSec editions featured many cutting-edge talks from great speakers. If you want to see which talks have been given at RuhrSec in the past or want to enjoy one of the talks again you can find the program of all RuhrSec editions and all available videos here:
RuhrSec 2019 | RuhrSec 2018 | RuhrSec 2017 | RuhrSec 2016

RuhrSec 2019

Select the edition: 2019 | 2018 | 2017 | 2016

How to statically detect insecure uses of cryptography - at scale and with almost perfect precision

Prof. Dr. Eric Bodden (Paderborn University) – Keynote

Talk. How to statically detect insecure uses of cryptography - at scale and with almost perfect precision

Video. YouTube

Abstract. For decades, static code analysis has been notorious for being ineffective, due to high false positive rates. Yet, recent algorithmic breakthroughs have now given us the capability to build static analysis tools that not only rapidly analyze code bases with millions of lines of code, but also yield perfect precision in most practical cases.
In this talk I will highlight the main ideas behind those breakthroughs and will demonstrate CogniCrypt, a recent practical security code analysis tool that makes us of this leap in technology. CogniCrypt (www.cognicrypt.de) is an official Eclipse project integrating with various IDEs and CI environments, which allows code developers to precisely pinpoint security-critical misuses of APIs, particularly crypto APIs. It currently supports the analysis of Java and Android projects, but a variant for C/C++ is in the works as well.
I will conclude my talk with results from a large-scale study in which we applied CogniCrypt to security-sensitive Android apps and to all software artifacts on MavenCentral.

Biography. Eric Bodden is one of the leading experts on secure software engineering, with a specialty in building highly precise tools for automated program analysis. He is Professor for Software Engineering at Paderborn University and director for Software Engineering and IT-Security at Fraunhofer IEM, where he is collaborating with the leading national and international software development companies. Further, he is a member of the directorate of the Collaborative Research Center CROSSING at TU Darmstadt.

Prof. Bodden's research was awarded numerous times. At the German IT-Security Price, his group scored 1st place in 2016 and 2nd place in 2014. In 2014, the DFG awarded Bodden the Heinz Maier-Leibnitz-Preis, Germany's highest honour for young scientists. Prof. Bodden's research has received five ACM Distinguished Paper Awards in different communities.
Twitter: @profbodden

Publish-and-Forget: Longitudinal Privacy Techniques and User Behaviour

Ass.Prof. Dr. Christina Pöpper (NYU Abu Dhabi) – Keynote

Talk. Publish-and-Forget: Longitudinal Privacy Techniques and User Behaviour

Video. YouTube

Abstract. Technological development and the collection of digital data prompt individuals to rethink the boundaries of their privacy. At times of social media and our digital society where online opinion, images, and connections are what counts, longitudinal privacy techniques gain importance. The decision and action of sharing or withholding information cannot be left to the individual alone but need to be facilitated by technical and legal means. Data that is no longer relevant, whose original purpose has been satisfied, or where the owner is withdrawing consent for its online presence represent valid conditions that demand for means and techniques for data fading and disappearance. In this talk, we will review technical, legal, psychological, and usability-related aspects of sharing, withholding, and removing information and discuss how computer scientists and security researchers can contribute to address open challenges for providing better data control to users.

Biography. Christina Pöpper is a computer scientist with a focus on information and communication security. Her research goal is to better understand and enhance the security and privacy of current and future IT and communication systems. Specific interests are the security of wireless systems and applications, where she is working on topics like secure localization and jamming-resistant communication, mobile-, protocol- and system-level security as well as on aspects of privacy. She is teaching computer/IT security and general computer science classes. She is affiliated with the Center for Cyber Security at NYUAD.

Prior to joining NYUAD, Christina Pöpper was an assistant professor at Ruhr-University Bochum, Germany, where she headed the Information Security Group at the Electrical Engineering and Information Technology Department / Horst-Görtz-Institute for IT-Security. In the past, she taught specialized courses on wireless security as well as on private and anonymous communication. She received her doctoral and graduate degrees in computer science from ETH Zurich, Switzerland.

Her research interest is cybersecurity and privacy. One focus area is wireless and communication security, in particular securing wireless radio transmissions against jamming as well as securing localization techniques. She likes to combine systems and security mechanisms in different application settings. She addresses secure systems where cryptography alone is often not enough.


1 Trillion Dollar Refund – How To Spoof PDF Signatures

Dr.-Ing. Vladislav Mladenov (Ruhr-University Bochum) – Talk

Talk. 1 Trillion Dollar Refund – How To Spoof PDF Signatures

Video. YouTube

Abstract. The Portable Document Format (PDF) is the de-facto standard for document exchange worldwide. To guarantee authenticity and integrity of documents, digital signatures are used. Several public and private services ranging from governments, public enterprises, banks, and payment services rely on the security of PDF signatures.

In this talk, we present the first comprehensive security evaluation on digital signatures in PDFs. We introduce 3 novel attack classes which bypass the cryptographic protection of digitally signed PDF files allowing an attacker to spoof the content of a signed PDF.

We analyzed 22 different PDF viewers and found 21 of them to be vulnerable, including prominent and widely used applications such as Adobe Reader DC and Foxit. We additionally evaluated 8 online validation services and found 6 to be vulnerable. These results are due to the absence of a standard algorithm to verify PDF signatures – each client verifies signatures differently, and attacks can be tailored to these differences. We therefore propose the standardization of a secure verification algorithm, which we describe in this paper. All findings have been responsibly disclosed and the affected vendors were supported during fixing the issues. As a result 3 generic CVEs for each attack class were issued (CVE-2018-16042, CVE-2018-18688, CVE-2018-18689).

Biography. Vladislav Mladenov works as a security researcher at the Chair of Network and Data Security at the Ruhr-University Bochum since 2012. In his dissertation he analyzed the security of Single Sign-On protocols such as SAML 2.0, OpenID, OpenID Connect and OAuth and discovered various vulnerabilities. After completing his doctorate Vladislav Mladenov works as a PostDoc and additionally devotes his attention to the security of data description languages, e.g. JSON, XML and PostScript. Since 2018, Mr. Mladenov focused his research on the security of PDF files and recently published several attacks on PDF signatures.
Twitter: @v_mladenov

Are Microarchitectural Attacks still possible on Flawless Hardware?

Erik Kraft & Michael Schwarz (TU Graz) – Talk

Talk. Are Microarchitectural Attacks still possible on Flawless Hardware?

Video. YouTube

Abstract. In recent years, we have seen that optimizations in processors often enable new microarchitectural side channels. The severity of side-channel attacks varies widely, from small annoyances for which developers have to introduce workarounds in software, to highly critical attacks leaking arbitrary memory contents. While new attacks pop up regularly, finding defenses is not a trivial task.
In this talk, we first briefly overview the state of the art of microarchitectural attacks and defenses. We then assume that we have a futuristic CPU which magically hides all microarchitectural side effects, rendering all known attacks useless. Even in this thought experiment, we show that such attacks are not dead. In fact, we present ways of mounting well-known microarchitectural attacks without relying on any hardware effects, making these attacks hardware agnostic. We show that attack primitives exploiting the hardware can be shifted to the software level, making these attacks easier to mount and independent of the CPU. The attacks that we present work on Windows, Linux, and Android, both on x86 and ARM processors.

Biography. Erik Kraft is a master's student in Information and Computer Engineering at Graz University of Technology focusing on secure and correct systems. He holds a bachelor's degree in Information and Computer Engineering. In the past, he has been invited to teach computer science courses on undergraduate level. In his current research, he focuses on software-based side-channel attacks.
Twitter: @ekraft95

Michael Schwarz is an Infosec PhD candidate at Graz University of Technology with a focus on microarchitectural side-channel attacks and system security. He holds two master's degrees, one in computer science and one in software development with a strong focus on security. He frequently participates in CTFs and has also been a finalist in the European Cyber Security Challenge. He was a speaker at Black Hat Europe 2016, Black Hat Asia 2017 & 2018, and Black Hat US 2018, where he presented his research on microarchitectural side-channel attacks. He authored and co-authored several papers published at international academic conferences and journals, including USENIX Security 2016 & 2018, NDSS 2017, 2018 & 2019, IEEE S&P 2018 & 2019. He was part of one of the four research teams that found the Meltdown and Spectre bugs published in early 2018.
Twitter: @misc0110

Artifical Intelligence in Cyber Security: Threat, Tool or Target?

Tobias Burri & Elias Hazboun (Live Reply) – Talk

Talk. Artifical Intelligence in Cyber Security: Threat, Tool or Target?

Video. YouTube

Abstract. Recent machine learning algorithms such as Convolutional Neural Networks or LSTMs fueled by modern GPUs have produced astonishing results unimaginable only a few years ago. These developments bring a number of challenges and opportunities in the cyber security field. First, using AI maliciously can potentially result in threats that are faster, more complex and more difficult to detect. Second, recent developments in AI can be leveraged to improve our protection capabilities against cyber-attacks. Last, as AI technology becomes increasingly popular and available in more systems and services, new challenges emerge as this technology needs also to be protected from cyber threats. In this session we will present current developments in the field of AI and their relevance for cybersecurity. We will then cover some concepts and examples for each of the T's (threat, tool and target) both in the industry and research. We will close the session by presenting our views on trends and potential future scenarios.

Biography. Although having an academic background in Economics, Tobias Burri became interested in programming during his studies and started his professional career as a developer for a web-analytics platform. Today, he is a senior consultant in Live Reply's Cyber Security unit where he supports companies in both assessing their current security landscape and integrating new security components. Tobias is strongly focused on the rising relevance of AI in the field of cyber security, both in terms of malicious use as well as leveraging current developments for new security applications.
Twitter: @tobias_burri

Elias Hazboun is a security consultant at Live Reply Cyber Security unit with expertise in security assessment and testing. His responsibilities revolve around helping clients secure their current and future solutions, whether it is API, network equipment or cloud infrastructure. He is also a certified Penetration Tester (OSCP) and has worked on multiple offensive security projects including websites, VoIP and Chat-bots. He is currently contributing towards securing next generation carrier-grade software defined networks. Elias is a passionate advocate of security by design, privacy and the study of the intersection between future technology and society. He is also the recipient of DAAD Study Scholarship that allowed him to complete his Master studies with distinction in computer science at the Technical University of Munich.

Automate the generation of security documentation

Andreas Kuehne (trustable) & Jens Neuhalfen (Deutsche Post DHL Group) – Talk

Talk. Automate the generation of security documentation

Video. YouTube

Abstract. Formal security documentation is usually a neglected task. However, it’s a basic requirement to have comprehensive and recent documents in place, not only if you are facing some sort of audit. We will compare the aims and structure of "classical" security documentation and will show common shortcomings of these documents. Especially when moving from waterfall to a more agile approach there are new challenges:
- changes occur more frequently and must be reflected in the security documents,
- increasing numbers of (micro-) services require significantly more documentation efforts,
- resource-oriented services do not match well with usually established process-focused approaches,
- security documentation is the first victim in high frequency deployment environments.
The proven way to solve these issues is automation! We will outline an approach to take advantage of already existing meta information to derive a solid foundation of a security documentation. The process can be integrated into the usual build process and liberates the dev team from annoying documentation tasks.

The talk will be completed with a summary of documentation parts that can be produced by automation and parts that need human expertise. We will also give an outlook on aspects that maybe addressed in later stages of automation.

Biography. Andreas Kuehne is the founder of trustable Ltd., a security consultancy company and member of the FutureTrust project. He is an active initiator and contributor of several open source projects as well as the co-chair of the OASIS DSS-X committee.

Jens Neuhalfen is Information Security Officer at Deutsche Post DHL Group and lives and breathes IT since 20 years. He is convinced that the interface between IT and non-IT is the most important lever to run a successful business for IT-centric ventures. Further, Jens is convinced that sensible IT security not only saves money but opens new business opportunities.

The Bicho: backdooring CAN bus for remote car hacking

Sheila Berta (Freelancer) – Talk

Talk. The Bicho: backdooring CAN bus for remote car hacking

Video. YouTube

Abstract. Attacks targeting connected cars have already been presented in several conferences, as well as different tools to spy on CAN buses. However, there have been only a few attempts to create “something similar” to a useful backdoor for the CAN bus. Moreover, some of those proofs of concept were built upon Bluetooth technology, limiting the attack range and therefore tampering its effects.

Now we are happy to say, “those things are old”!

We have successfully developed a hardware backdoor for the CAN bus, called “The Bicho”. Due to its powerful capabilities we can consider it as a very smart backdoor. Have you ever imagined the possibility of your car being automatically attacked based on its GPS coordinates, its current speed or any other set of parameters? Even more, have you ever imagined the possibility that your car suddenly stopped working, when you least expected it, due to a remote attack? Now all of this is possible.

The Bicho supports multiple attack payloads and it can be used against any vehicle that supports CAN, without limitations regarding manufacturer or model. Each one of the payloads is related to a command that can be delivered via SMS, this way it allows remote execution from any geographical location. Our backdoor is an open-hardware tool and it has an intuitive graphical interface, called “Car Backdoor Maker”, which is open-sourced too and allows payload customization.

The attack payload can be configured to be automatically executed once the target vehicle is proximate to a given GPS location. The execution can also be triggered by detecting the transmission of a particular CAN frame, which can be associated with any given factor, such as: the speed of the vehicle, its fuel level, and some other factors. Moreover, in our talk we will be presenting a new feature, that allows us to remotely kill the car’s ECU and consequently causing the car to stop working suddenly.

Biography. Sheila Ayelen Berta is an Information Security Specialist and Developer, who started at 12 years-old by herself. At the age of 15, she wrote her first book about Web Hacking, published by RedUSERS Editorial in several countries. Over the years, Sheila has discovered lots of vulnerabilities in popular web applications and softwares. She also has given courses of Hacking Techniques in universities and private institutes. Sheila currently works as Security Researcher who specializes in offensive techniques, reverse engineering and exploit writing. She is also a developer in ASM (microcontrollers, x32/x64), C/C++, Golang and Python. Sheila is an international speaker who has spoken at important security conferences such as Black Hat EU 2017, DEFCON 26, DEFCON 25 CHV, HITBSecConf, HackInParis, Ekoparty Security Conference, IEEE ArgenCon, Hack.Lu, OWASP Latam Tour and others.
Twitter: @UnaPibaGeek

Browser fingerprinting: past, present and possible future

Dr. Pierre Laperdrix (CISPA Helmholtz Center for Information Security) – Talk

Talk. Browser fingerprinting: past, present and possible future

Video. YouTube

Abstract. Browser fingerprinting has grown a lot since its debut in 2010. By collecting specific information in the browser, one can learn a lot about a device and its configuration. It has been shown in previous studies that it can even be used to track users online, bypassing current tracking methods like cookies. In this presentation, we will look at how this technique works and present an overview of the research performed in the domain. We will then see how this technique is currently used online before looking at its possible future.

Biography. Pierre Laperdrix is currently a postdoctoral researcher in the Secure Web Applications Group at the CISPA-Helmholtz Center for Information Security working with Ben Stock. Previously, he was a postdoctoral researcher in the PragSec lab at Stony Brook University working with Nick Nikiforakis. His current topics of research are Security and privacy on the Web. He obtained his PhD at Inria in Rennes working on the topic of browser fingerprinting. As part of his thesis, he developed the AmIUnique.org website to understand fingerprinting and worked with the Tor organization to improve the Tor browser fingerprinting defenses.
Twitter: @RockPartridge

Content-Security-Policies in mass-distributed web apps - doing the undoable

David Jardin (Joomla!) – Talk

Talk. Content-Security-Policies in mass-distributed web apps - doing the undoable

Video. YouTube

Abstract. Content-Security-Policy is a well-established technology that is able to catch Cross-Site-Scripting attacks in modern browsers. However, regardless of the benefits, usage in mass-distributed web-apps like WordPress or Joomla is still close to be non-existant. In this talk, we will talk about the concepts of CSP, the huge challenges that web app developers face during the implementation and potential workarounds to get CSP out of the door.

Biography. Born and living in Cologne, Germany, David got in touch with web development during school in 2002. After a few years working with plain HTML sites, he started to develop his own CMS in 2004 and switched to Mambo shortly after. He quickly became an active member of the German community and met them in person for the first time during JoomlaDay Germany 2006. After school, he started his business as a freelance webdeveloper and quickly got more involved in the community by giving support in the forums, co-organizing the German JoomlaDay and the J&Beyond conference, starting a Joomla Usergroup in his home town, developing own extensions and joining the board of the German Joomla association "J&Beyond e.V.". In 2012, he joined the Bug Squad and started contributing to the CMS code. In late 2012, he co-founded the CMS-Garden project, which is cooperation of 12 opensource CMS. In the CMS-Garden, volunteers from all participating systems combine their forces to improve their marketing and reach new potential users.
Twitter: @SniperSister

Don't Trust The Locals: Exploiting Persistent Client-Side Cross-Site Scripting in the Wild

Marius Steffens & Dr. Ben Stock (CISPA Helmholtz Center for Information Security) – Talk

Talk. Don't Trust The Locals: Exploiting Persistent Client-Side Cross-Site Scripting in the Wild

Video. YouTube

Abstract. The Web has become highly interactive and an important driver for modern life, enabling information retrieval, social exchange, and online shopping. From the security perspective, Cross-Site Scripting (XSS) is one of the most nefarious attacks against Web clients. Research has long focused on three categories of XSS: reflected, persistent, and DOM-based XSS. We argue, however, that this classification lacks a key threat in the modern Web: persistent Client-Side XSS.

In this talk, we not only provide an improved notion of the classes of XSS, but rather report on a real-world study which shows that of the Alexa Top 5,000 domains, around 2,000 make use of persisted data on the client. We conduct this study using a combination of taint tracking and a fully automated exploit generation pipeline. Doing so, we find that of these 2,000, over 20% make that use in an insecure way which enables an attacker to execute a persisted payload on every page load, allowing for nefarious long-term attacks such as JavaScript-based keyloggers, credential extraction from password managers, or cryptojacking. In addition, we analyze the end-to-end exploitability of the flaws we discovered based on two attacker models, showing that at least 70% of the sites with an insecure data flow can succesfully be infected with a malicious payload. We also discuss a number of real-world case studies to highlight the severity of this threat.

Based on our insights, we show that in many cases, the use case requires the execution of persisted JavaScript code. We identify four distinct classes of intended uses for the persisted data, and end our talk with a discussion of applicable countermeasures tailored for those cases.

Biography. Marius Steffens is a first year PhD student in the Secure Web Applications Group at the CISPA-Helmholtz Center for Information Security, where he is supervised by Ben Stock. Marius is currently interested in the area of Web Security, and specifically looking into the prevalence of vulnerabilities in client-side Web applications.
Twitter: @steffens_marius

Ben Stock is a Tenure-Track Faculty at the newly founded CISPA-Helmholtz Center for Information Security. In his PhD, Ben focussed on the detection and mitigation of Client-Side Cross-Site Scripting. During his PhD, he worked closely with SAP Research and interned with Microsoft Research. After his PhD, he joined CISPA as a postdoc, focussing on both Web Security as well as Usable Security research. He currently heads the Secure Web Applications Group at CISPA and is a regular speaker at academic and non-academic venues like CCS, USENIX Security, NDSS, Blackhat, and OWASP AppSec.
Twitter: @kcotsneb

Greybox Automatic Exploit Generation for Heap Overflows

Sean Heelan (University of Oxford) – Talk

Talk. Greybox Automatic Exploit Generation for Heap Overflows

Video. YouTube

Abstract. In this talk we will introduce a completely grey-box approach to automatic exploit generation for heap overflows. Heap overflows are difficult to generate exploits for as they require reasoning over another dimension not present when considering stack overflows, namely the layout of the heap. We will show how this problem can be compartmentalised and addressed separately from the remainder of the exploit generation task. Furthermore, we will show how dynamic analysis and learning from existing inputs can be used in place of expensive white-box techniques that are traditionally used for exploit generation.

Biography. Sean Heelan is a co-founder of Optimyze and a PhD candidate at the University of Oxford. In the former role he works on full-stack software optimisation, and in the latter he is investigating automated approaches to exploit generation. Previously he ran Persistence Labs, a reverse engineering tooling company, and worked as a senior security researcher at Immunity Inc. His primary interest is in building program analysis tools that allow the integration of static and dynamic techniques with expert knowledge.
Twitter: @seanhn

"Johnny, you are fired!" – Spoofing OpenPGP and S/MIME Signatures in Emails

Marcus Brinkmann (Ruhr-University Bochum) & Damian Poddebniak (Münster University of Applied Sciences) – Talk

Talk. "Johnny, you are fired!" – Spoofing OpenPGP and S/MIME Signatures in Emails

Video. YouTube

Abstract. OpenPGP and S/MIME are the two major standards to encrypt and digitally sign emails. Digital signatures are supposed to guarantee authenticity and integrity of messages. We show practical forgery attacks against various implementations of OpenPGP and S/MIME email signature verification in five attack classes: (1) We analyze edge cases in S/MIME's container format. (2) We exploit in-band signaling in the GnuPG API, the most widely used OpenPGP implementation. (3) We apply MIME wrapping attacks that abuse the email clients' handling of partially signed messages. (4) We analyze weaknesses in the binding of signed messages to the sender identity. (5) We systematically test email clients for UI redressing attacks.

Our attacks allow the spoofing of digital signatures for arbitrary messages in 14 out of 20 tested OpenPGP-capable email clients and 15 out of 22 email clients supporting S/MIME signatures. While the attacks do not target the underlying cryptographic primitives of digital signatures, they raise concerns about the actual security of OpenPGP and S/MIME email applications. Finally, we propose mitigation strategies to counter these attacks.

Biography. Marcus Brinkmann is a PhD student at the Ruhr-University Bochum, and interested in end-to-end security. He is a free software enthusiast with contributions in the Debian and GnuPG projects.
Twitter: @lambdafu

Damian Poddebniak is a PhD student at the University of Applied Sciences in Münster. He is co-author of the Efail attack paper and interested in email security, cryptography and privacy-related topics.
Twitter: @dues__

Reversing Fraudulent Apps

Abdullah Joseph (Adjust) – Talk

Talk. Reversing Fraudulent Apps

Video. YouTube

Abstract. Wherever there is money, there is fraud. Companies invest massive amounts on their ad campaigns to showcase their product to the world. In reality, however, most of that money goes to fraudsters and malicious app makers.

In this talk, the speaker will demonstrate how a popular app with over 100 million downloads conducts their mobile fraud operation and performs a commonplace mobile fraud technique: Click Injection.

Biography. Abdullah Joseph works as a security specialist at Adjust, a mobile analytics company, as part of the company’s fraud team. His responsibilities include researching current and future mobile fraud schemes, reversing malicious apps and developing appropriate countermeasures. He is the holder of both GREM and GMOB certifications.
Twitter: @malwarecheese

Social Engineering through Social Media: profiling, scanning for vulnerabilities and victimizing

Christina Lekati (Cyber Risk GmbH) – Talk

Talk. Social Engineering through Social Media: profiling, scanning for vulnerabilities and victimizing

Video. YouTube

Abstract. Online presence is undeniably important. But despite the benefits social networking can create, a strong online presence can also create vulnerabilities. Christina will explain how the online presence of a company's employees on social media can attract social engineers to target them and victimize them to "open doors" through the organizational security. The talk covers the topic of information gathering through social media and explains how even seemingly innocent information can be used to manipulate targets, and in what way. Case studies will be provided. A two-part demonstration is included on how a hacker's mind works when harvesting information on social media; The first part includes real examples of posts that expose vulnerabilities, attract attackers and ultimately lead to security breaches. The second part includes a demonstration on how personal information provided online are gathered, categorized, analyzed and then used to craft an attack, as well as how one ends up revealing online more than he intends to. The talk closes with practical recommendations and best practices. The purpose on this talk is not to make everyone delete their online presence but rather, to urge them to use it responsibly. Training and awareness are often a catalytic factor between a successful and an unsuccessful attack attempt.

Biography. Christina Lekati is a psychologist and a social engineer. With her background and degree in psychology, she learned the mechanisms of behavior, motivation, decision making, as well as manipulation and deceit. She became particularly interested in human dynamics and passionate about social engineering.

Contrary to typical career paths, her history and involvement in the cybersecurity field started quite early in her life. Being raised by George Lekatis, a sought-after cyber security expert, she found herself magnetized by the security field at a very young age. Growing up, she was able to get involved in different projects that were often beyond her age, that gave her an edge in her own knowledge and experience.

Christina has participated among other things in penetration tests, in training to companies and organizations, and in needs and vulnerability assessments.

She is working with Cyber Risk GmbH as a social engineering expert and trainer. Christina is the main developer of the social engineering training programs provided by Cyber Risk GmbH. Those programs are intertwining the lessons learned from real life cases and previous experiences with the fields of cybersecurity, psychology and counterintelligence. They often cover unique aspects while their main goal is to inspire delegates with a sense of responsibility and a better relationship with security.
Twitter: @ChristinaLekati

RuhrSec 2018

Select the edition: 2019 | 2018 | 2017 | 2016

Securing the Development Lifecycle in Productions Systems Engineering

Priv.-Doz. Dr. Edgar Weippl (SBA Research) – Keynote

Talk. Securing the Development Lifecycle in Productions Systems Engineering

Video. YouTube

Abstract. Power plants and many other industrial plants are an integral part of a country’s critical infrastructure. As systems become more automated and networked and complicated software systems control entire systems, IT security is playing an increasingly important role. Previous attacks have mostly exploited existing vulnerabilities, future attackers will strive to intervene in the development process to build in vulnerabilities themselves.

Biography. After graduating with a Ph.D. from the TU Wien, Edgar worked in a research startup for two years. He then spent one year teaching as an Assistant Professor at Beloit College, WI. From 2002 to 2004, while with the software vendor ISIS Papyrus, he worked as a consultant in New York, NY and Albany, NY, and in Frankfurt, Germany. In 2004 he joined the TU Wien and founded the research center SBA Research together with A Min Tjoa and Markus Klemen. Edgar R. Weippl (CISSP, CISA, CISM, CRISC, CSSLP, CMC) is member of the editorial board of Computers & Security (COSE), organizes the ARES conference and is General Chair of SACMAT 2015, PC Chair of Esorics 2015, General Chair of ACM CCS 2016, and PC Chair of ACM SACMAT 2017.
Twitter: @weippl

Weird machines, exploitability and unexploitability

Thomas Dullien (Halvar Flake) (Google) – Keynote

Talk. Weird machines, exploitability and unexploitability

Video. YouTube

Abstract. In spite of being central to everything that is going on in IT security, the concept of "exploit" is surprisingly poorly formalized and understood only on an intuitive level by security practitioners. This lack of clear definition has all sorts of negative side-effects: From ineffictive teaching to muddled thinking about mitigations. In this talk, I will make an attempt to more clearly define what it is that attackers do when they write an exploit – and then talk about what this means for mitigations and secure coding.

Biography. Thomas Dullien / Halvar Flake started work in reverse engineering and digital rights management in the mid-90s, and began to apply reverse engineering to vulnerability research shortly thereafter. He pioneered early windows heap exploitaiton, patch diffing / bindiffing and various other reverse engineering techniques. In 2004, he started zynamics, a company focused on reverse engineering technologies. He continued to publish about reverse engineering, ROP gadget search, and knowledge management technologies in relation to reverse engineering. In 2011, zynamics was acquired by Google, and Halvar spent the next few years working on defensive technologies that leveraged the then hot buzzwords "big data" and "machine learning". In summer 2015, Halvar received the lifetime achievement Pwnie, and decided to take a year off to travel, read, and surf. Since November 2016, he is back at Google.
Twitter: @halvarflake


Consequences of Complexity in Group Instant Messaging using the Example of WhatsApp and Signal

Paul Rösler (Ruhr-University Bochum) – Talk

Talk. Consequences of Complexity in Group Instant Messaging using the Example of WhatsApp and Signal

Video. YouTube

Abstract. Group instant messaging is a complex primitive – due to the number of involved users and dynamic modifications to groups – that at the same time needs to provide high efficiency – for providing instant delivery of messages. As we show in our paper (Roesler, Mainka, Schwenk EuroS&P '18), most widespread messengers do not reach expected and required security guarantees for this primitive. This talk aims to provide an overview on the underlying reasons for this lack of security as well as on approaches how this issue can be solved, both on the constructive side and for the developers' view. After presenting the most severe attacks on WhatsApp and Signal, we aim to shed a light on the topic in a more general way. Thereby we want to motivate the reasons for end-to-end encryption more intuitively, provide an overview on what future secrecy means and how ratcheting can be used to reach this property. Of course the talk will include the protocol descriptions of the analyzed protocols and the respective attacks, but the focus will be more constructive. The talk will conclude with outlook questions (and answers): What are the expectable problems of intensive key protocols? How might they be solved by protocol and software developers? Is there a sensible threshold on which security guarantees should be achieved and which attacks can be disregarded when designing a protocol for instant messaging?

Biography. Paul Rösler is PhD student at the Chair for Network and Data Security, Ruhr-University Bochum. Instant messaging protocols and key exchange with special properties such as forward and future secrecy are some of his research topics. During his bachelor and master studies he worked for Qabel – a cloud software that converts established protocols via proxies into a security preserving wrapper-protocol.
Twitter: @roeslpa

Don't trust the DOM: Breaking XSS mitigations via Script Gadgets

Sebastian Lekies (Google) – Talk

Talk. Don't trust the DOM: Breaking XSS mitigations via Script Gadgets

Video. YouTube

Abstract. Cross-Site Scripting is a constant problem of the Web platform. Over the years many techniques have been introduced to prevent or mitigate XSS. Most of these techniques, thereby, focus on script tags and event handlers. HTML sanitizers, for example, aim at removing potentially dangerous tags and attributes. Another example is the Content Security Policy, which forbids inline event handlers and aims at white listing of legitimate scripts.

In this talk, we present a novel Web hacking technique that enables an attacker to circumvent most XSS mitigations. In order to do so, the attacker abuses so-called script gadgets. A script gadget Is a legitimate piece of JavaScript in a page that reads elements from the DOM via selectors and processes them in a way that results in script execution. To abuse a script gadget, the attacker injects a benign looking element into the page that matches the gadget's selector. Subsequently, the gadget selects the benign-looking element and executes attacker-controlled scripts. As the initially injected element is benign it passes HTML sanitizers and security policies. The XSS only surfaces when the gadget mistakenly elevates the privileges of the element.

In this talk, we will demonstrate that these gadgets are present in almost all modern JavaScript libraries, APIs and applications. We will present several case studies and real-world examples that demonstrate that many mitigation techniques are not suited for modern applications. As a result, we argue that the Web should start focusing more on preventive mechanisms instead of mitigations.

Biography. Sebastian Lekies is a senior software engineer and a web security researcher at Google. He is specializing in client-side web application security and automated web application security testing. At Google, Sebastian is a Tech Lead of the web security scanning and the security inventory teams. Before joining Google, Sebastian was part of SAP’s Security Research team, where he conducted academic research in the area of client-side Web application security. He is regularly speaking at academic and non-academic security conferences such as BlackHat US/EU/Asia, OWASP AppSec EU, DeepSec, Usenix Security, CCS, and many more.
Twitter: @slekies

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

Christian Dresen & Damian Poddebniak (Münster University of Applied Sciences) – Talk

Talk. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

Video. YouTube

Abstract. OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails. We describe novel attacks built upon a technique we call malleability gadgets to reveal the plaintext of encrypted emails. We use CBC/CFB gadgets to inject malicious plaintext snippets into encrypted emails that abuse existing and standard conforming backchannels, for example, in HTML, CSS, or x509 functionality, to exfiltrate the full plaintext after decryption. The attack works for emails even if they were collected long ago, and is triggered as soon as the recipient decrypts a single maliciously crafted email from the attacker. The attack has a large surface, since for each encrypted email sent to n recipients, there are n+1 mail clients that are susceptible to our attack.

We devise working attacks for both OpenPGP and S/MIME encryption, and show that exfiltration channels exist for 23 of the 35 tested S/MIME email clients and 10 of the 28 tested OpenPGP email clients. While it is necessary to change the OpenPGP and S/MIME standards to fix these vulnerabilities, some clients had even more severe implementation flaws allowing straightforward exfiltration of the plaintext.

Biography. Christian Dresen is PhD student at the University of Applied Sciences in Muenster and Ruhr-University Bochum. His field of research is IT security and he is also an enthusiastic CTF player.
Twitter: @dr4ys3n

Damian Poddebniak is a PhD student at the University of Applied Sciences in Münster. During his master's thesis he worked on fault attacks and applied them against deterministic signature schemes. He is interested in cryptography and privacy-related topics.
Twitter: @dues__

Exploring ROCA: Fun & troubles with RSA keypairs

Dr. Petr Svenda (Masaryk University) – Talk

Talk. Exploring ROCA: Fun & troubles with RSA keypairs

Video. YouTube

Abstract. The talk will cover our recent work which resulted in the discovery of an algorithmic flaw (CVE-2017-15361) in the construction of primes for RSA key generation in a widely-used library of a major manufacturer of cryptographic hardware. The primes generated by the library suffer from an entropy loss so severe, that practical factorization of commonly used key lengths up to 2048 bits is possible. Our method based on an extension of Coppersmith’s factorization attack requires no additional information except for the value of the public modulus and does not depend on a weak or a faulty random number generator. The library in question is found in NIST FIPS 140-2 and CC EAL 5+ certified devices used for a wide range of real-world applications, including citizens identity cards, Trusted Platform Modules, secure email, and tokens for authentication or software signing. The findings directly resulted in the revocation of millions of certificates in Estonia, Slovakia, Spain and other countries and major security update rolled by Microsoft, Google, HP, Lenovo, and others. The talk will discuss how the vulnerability was found, our experience from the responsible disclosure process and an options for mitigation including the systematic prevention using the secure multiparty computation efficient enough to run on cryptographic smartcards.

Biography. Petr is a security researcher at Masaryk University, Czech Republic. He engages in the area of cryptographic protocols for resource-limited devices like smartcards or wireless sensor networks including use and misuse of random number generators. He pushes for more openness and support for FOSS development on JavaCard platform and smartcards in general. He also focuses on a utilization of cryptographic smartcards in the complex scenarios and the development of secure applications on such platforms in Enigma Bridge, Cambridge, UK.
Twitter: @rngsec

Finding security vulnerabilities with modern fuzzing techniques

Rene Freingruber (SEC Consult) – Talk

Talk.

Video. YouTube

Abstract. Fuzzing is a very powerful technique to detect flaws and vulnerabilities in software. The aim of this talk is to demonstrate different techniques which can be used to fuzz applications or libraries. Choosing the correct and most effective fuzzing technique will be discussed with real-world examples. Moreover, hints according common problems and pitfalls during fuzzing will be given. The first part of the talk discusses general concepts of fuzzing whereas the second part covers important areas which influent the fuzzing results. A special focus of the talk will be the difference of fuzzing applications with source code available versus fuzzing closed-source applications.

Biography. René Freingruber has been working as a professional security consultant for SEC Consult for several years. He operates research in the fields of malware analysis, reverse engineering and exploit development. He also studies modern mitigation techniques and how they can be bypassed by attackers. In the course of that research he came across Microsofts Enhanced Mitigation Experience Toolkit and gave various talks about the (in)security of it at conferences such as RuxCon, ToorCon, ZeroNights, IT-Secx, DeepSec, 31C3 and NorthSec.
Twitter: @renefreingruber

From Discovering Vulnerabilities to Getting Them Fixed At Scale

Dr. Ben Stock (CISPA Helmholtz Center i.G.) – Talk

Talk. From Discovering Vulnerabilities to Getting Them Fixed At Scale

Video. YouTube

Abstract. Security researchers are often faced with a dilemma once they have discovered a new type of flaw, potentially affecting many servers or Web sites in the wild. On the one hand, their discovery may allow adversaries to find such flawed systems with ease and attack them quickly (as famously shown by the Drupageddon attack). On the other hand, there are no well-established channels which can be used reliably to notify the affected administrators.

In this talk, we will first discuss how the Web’s security evolved over time, highlighting that the need for notifications at scale is bigger then ever. Afterwards, we present results from two experiments on notifications at scale, trying to help site operators to secure their sites from nefarious attackers. We also discuss numerous roadblocks, starting from a complete lack of a usable email address to issues of trust arising when a non-native speakers calls people in the US.

Biography. Ben Stock is a Tenure-Track Faculty at the newly founded CISPA Helmholtz Center i.G., which is built from the Center for IT-Security, Privacy and Accountability (CISPA) at Saarland University. In his PhD, Ben focussed on the detection and mitigation of Client-Side Cross-Site Scripting. During his PhD, he worked closely with SAP Research and interned with Microsoft Research. After his PhD, he joined CISPA as postdoc, focussing on both Web Security as well as Usable Security research. He currently heads the Security Web Applications Group at CISPA and is a regular speaker at academic and non-academic venues like CCS, USENIX Security, NDSS, Blackhat, and OWASP AppSec.
Twitter: @kcotsneb

How client-side compilers help attackers to gain code execution

Dr. Robert Gawlik (Ruhr-University Bochum) – Talk

Talk. How client-side compilers help attackers to gain code execution

Video. YouTube

Abstract. Compilers of interpreter languages aim at speeding up execution in the race for web browser performance. Various compilers and analysis stages are involved to turn JavaScript code into machine code of the architecture the browser runs on. In order to maximize the performance of our indispensable browsers, Just-In-Time (JIT) compilation gained widespread adoption. It achieves near-native run time for otherwise slowly interpreted JavaScript code. But it is only the beginning, and Ahead-of-Time (AOT) compilers such as ASM.JS and its successor WebAssembly are emerging and won't disappear any time soon. Despite the intended performance gain, security concerns arise.

Attackers started to abuse JIT compilers by emitting desired machine code derived from controlled script constants. Armed with the ability to fill predictable address regions with hidden assembly instructions, they invented the JIT-Spray technique. Since then, many client-side JIT-Spray primitives were developed to ease the exploitation of various memory errors, which we'll revisit in the beginning of this presentation. Furthermore, we analyze flaws we found in ASM.JS of Mozilla Firefox, tracked as CVE-2017-5375 and CVE-2017-5400, allowing an attacker to jump to "JIT" sprayed executable code. Moreover, we take a look at three different Firefox CVEs and demonstrate alternative exploitation with ASM.JS JIT-Spray. On the road to remote code execution, we show how arbitrary ASM.JS payloads are generated and transformed automatically, allowing you to run your favorite code implant on vulnerable Firefox versions.

Biography. Robert is a security researcher at the Ruhr-University Bochum. He obtained his PhD in 2016 at the Systems Security Chair where he is currently working as PostDoc. His work focuses on various aspects of fuzzing, memory corruption vulnerabilities, and static/dynamic analysis of binary programs. He is experienced in low-level security such as detecting and analyzing client-side bugs, exploit development, and bypassing exploit mitigations.

Is there any Security (and Privacy) in the Internet of Things?

Dr. David Oswald (University of Birmingham, Kasper & Oswald) – Talk

Talk. Is there any Security (and Privacy) in the Internet of Things?

Video. YouTube

Abstract. Embedded (IoT) devices have become commonplace in many areas of our daily life, ranging from smart home assistants to resource-constrained medical devices. Unfortunately, the firmware of such devices is often closed-source and thus, the vendor's security and privacy promises cannot be independently verified. In this talk, we will discuss techniques to address this issue, for example by means of firmware extraction and analysis.

In the first of two case studies, we focus on the Amazon Echo product line and cover methods to extract complete filesystem images from both newer and older devices. We then describe the (solid) security measures implemented in the Echo (e.g. for software updates), and will also outline how Amazon handles the transmission of voice data from and to the backend.

Our second example is the Dexcom G4, a wide-spread continous blood glucose meter used in the treatment of diabetes. Through black-box analysis of the RF interface, we find that the Dexcom G4 does not implement cryptographic protections, which enables a range of attacks, including malicious modification of the transmitted measurements.

The talk concludes with lessons learned from these (and other) case studies and with ideas how the security and privacy of future embedded devices can be improved.

Biography. David Oswald is a lecturer (assistant professor) in the Security and Privacy Group at the University of Birmingham, UK. His main field of research is the security of embedded systems in the real world. On the one hand, the focus is on attack methods that exploit weaknesses in the physical implementation of mathematically secure cryptographic algorithms. Those techniques include both (passive) side-channel analysis and (active) fault injection, as well as reverse engineering. On the other hand, David is working on the practical realization of security systems in embedded applications. He is co-founder of the Kasper & Oswald GmbH, offering innovative products and services for security engineering. His research on vulnerabilities of various wide-spread systems (e.g. DESFire RFID smartcards, Yubikey two-factor authentication tokens, electronic locks, and VW/Hitag2 RKE systems) has created awareness for the crucial importance of security among developers of embedded devices.

Revisiting the X.509 Certification Path Validation

Dr. Falko Strenzke (cryptosource GmbH) – Talk

Talk. Revisiting the X.509 Certification Path Validation

Video. YouTube

Abstract. In this work we present a new testing tool for the X.509 certification path validation that was developed for the German Federal Office for Information Security (BSI). Furthermore, we report on the errors that were uncovered by applying the tool's default test suite to various test subjects such as cryptographic libraries and applications. The tool is free and open source, and allows the dynamic creation of test cases involving certificate chains and certificate revocation lists based on XML test specifications. It also facilitates the testing of TLS and IPsec applications as well as e-mail clients supporting S/MIME. The errors uncovered by the tool range from compatibility issues to actual security vulnerabilities.

Biography. After his physics diploma from TU Darmstadt in 2006, Falko Strenzke entered FlexSecure GmbH, where he worked in the areas of of trust center software, security certifications, cryptographic implementations and embedded security. He also led a number of security-oriented research projects. In 2013, he received his PhD in computer science for a work on efficient and secure cryptographic implementations, which he conducted in parallel to his job. Since 2014 Falko is the founder and managing director of cryptosource GmbH, a small start-up that focusses on software development and analysis in the areas of cryptography and security. His activities since then are various consulting and development projects in different industries and the development of a new TLS library for embedded systems.

The ROBOT Attack

Hanno Böck (Freelancer) – Talk

Talk. The ROBOT Attack

Video. YouTube

Abstract. 20 years ago Daniel Bleichenbacher discovered an attack against RSA as it was used in SSL and the padding mode PKCS #1 v1.5. Obviously such an old attack doesn't work any more today, because everyone has fixed it. Okay... That was a joke. It still works. With some minor modifications we were able to discover the ROBOT attack (Return Of Bleichenbachers Oracle Threat). It affected nine different vendors and we were able to sign a message with the private key from facebook.com. More info at https://robotattack.org/ and in the full paper at https://eprint.iacr.org/2017/1189

Biography. Hanno Böck is a freelance journalist and regularly covers IT security topics for Golem.de and other publications. He also writes the monthly Bulletproof TLS Newsletter. In 2014 he started the Fuzzing Project, an effort to improve the security of free software applications. This work is supported by the Linux Foundation's Core Infrastructure Initiative.
Twitter: @hanno

The Story of Meltdown and Spectre

Dr. Daniel Gruss (Graz University of Technology) & Jann Horn (Google Project Zero) – Talk

Talk. The Story of Meltdown and Spectre

Video. YouTube

Abstract. In this talk we will tell the story of Meltdown and Spectre. We will outline how research from the past two decades was the foundation of the discovery of these vulnerabilities while providing preliminary information. We will point out and illustrate how what the root causes of Meltdown and Spectre are. In the main part of the talk we will describe how Meltdown and Spectre work. We will discuss different attack scenarios and the impact of these attacks. Finally, we will outline countermeasures against the attacks.

Biography. Daniel Gruss is a PhD Student at Graz University of Technology. He has done his master's thesis on identifying and minimizing architecture dependent code in operating system kernels. Daniel's research focuses on software-based side-channel attacks that exploit timing differences in hardware and operating system. In July 2015, he and his colleagues demonstrated the first hardware fault attack performed through a remote website, known as Rowhammer.js.
Twitter: @lavados

Jann Horn is a security researcher working with Google Project Zero. He focuses primarily on kernel and hypervisor security.

Vulnerability handling process at Joomla!

David Jardin (Joomla!) – Talk

Talk. Vulnerability handling process at Joomla!

Video. YouTube

Abstract. In this talk, I will give you some first-hand insights into the work that the Joomla security team does. You will learn what attack vectors we are facing, how real-world exploits in popular web apps work and how we as a team try to keep up with these ongoing threats to keep millions of our users secure.

Biography. Born and living in Cologne, Germany, David got in touch with web development during school in 2002. After a few years working with plain HTML sites, he started to develop his own CMS in 2004 and switched to Mambo shortly after. He quickly became an active member of the German community and met them in person for the first time during JoomlaDay Germany 2006. After school, he started his business as a freelance webdeveloper and quickly got more involved in the community by giving support in the forums, co-organizing the German JoomlaDay and the J&Beyond conference, starting a Joomla Usergroup in his home town, developing own extensions and joining the board of the German Joomla association "J&Beyond e.V.". In 2012, he joined the Bug Squad and started contributing to the CMS code. In late 2012, he co-founded the CMS-Garden project, which is cooperation of 12 opensource CMS. In the CMS-Garden, volunteers from all participating systems combine their forces to improve their marketing and reach new potential users.
Twitter: @SniperSister

RuhrSec 2017

Select the edition: 2019 | 2018 | 2017 | 2016

How to Build Hardware Trojans

Prof. Dr. Christof Paar (Ruhr-University Bochum) – Keynote

Talk. How to Build Hardware Trojans

Video. YouTube

Abstract. Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of embedded systems are already security-critical, e.g., medical devices, automotive electronics, SCADA systems or network routers. If the underlying ICs in an applications are maliciously manipulated through hardware Trojans, the security of the entire system can be compromised. In recent years, hardware Trojans have drawn the attention of governments and the scientific community.

Even though hardware Trojans have been studied over the last 10 years or so, little is known about how they might look, especially those that are particularly designed to avoid detection. In this talk we introduce several approaches with which a sophisticated attacker could insert Trojan into hardware platforms. We will look at hardware Trojans realized on both, ASICs (application specific integrated circuits) and FPGAs, i.e., programmable hardware.

Biography. Christof Paar has the Chair for Embedded Security at Ruhr-University Bochum, Germany, and is research professor at the University of Massachusetts Amherst. He co-founded CHES (Cryptographic Hardware and Embedded Systems), the leading international conference on applied cryptography. His research interests include efficient crypto implementations, hardware security, and security analysis of real-world systems. He also works on applications of embedded security, e.g., in cars or consumer devices. He holds an ERC Advanced Grant in hardware security and is spokesperson for the doctoral training school SecHuman. Christof has over 180 peer-reviewed publications and he is co-author of the textbook Understanding Cryptography (Springer, 2009). Christof is Fellow of the IEEE and the IACR and has given invited talks at MIT, Yale, Stanford, IBM Labs and Intel. Christof co-founded ESCRYPT GmbH, a leading system provider for automotive security, which is now part of Bosch.

SSH: Beyond Confidentiality and Integrity in Practice

Prof. Dr. Kenny Paterson (Royal Holloway, University of London) – Keynote

Talk. SSH: Beyond Confidentiality and Integrity in Practice

Video. YouTube

Abstract. This talk presents a systematic analysis of symmetric encryption modes for SSH that are in use on the Internet, providing deployment statistics, new attacks, and security proofs for widely used modes. We will also look at the on-going development of new encryption modes for SSH that offer superior security to the currently deployed modes at low additional cost.

Joint work with Martin Albrecht, Jean Paul Degabriele and Torben Brandt Hansen.

Biography. Prof Kenneth Paterson obtained a BSc in 1990 from the University of Glasgow and a PhD from the University of London in 1993, both in Mathematics. He was then a Royal Society Fellow at Institute for Signal and Information Processing at the Swiss Federal Institute of Technology, Zurich, from 1993 to 1994. After that, he was a Lloyd's of London Tercentenary Foundation Research Fellow at Royal Holloway, University of London from 1994 to 1996. In 1996, he joined Hewlett-Packard Laboratories Bristol, becoming a project manager in 1999. He then joined the Information Security Group at Royal Holloway in 2001, becoming a Reader in 2002 and Professor in 2004. From March 2010 to May 2015, he was an EPSRC Leadership Fellow working on a project entitled "Cryptography: Bridging Theory and Practice". In May 2015, he reverted to being a Professor of Information Security.

Kenny was program chair of Eurocrypt 2011, invited speaker at Asiacrypt 2014, and currently serves as Editor-in-Chief for the Journal of Cryptology. He is a co-founder of the "Real World Cryptography" workshop series. He also serves on the Executive Steering Board of the IoT Security Foundation, as co-chair of the Crypto Forum Research Group of the IRTF, and on the technical advisory board of SkyHighNetworks.

His research over the last decade has mostly been in the area of Cryptography, with a strong emphasis being on the analysis of deployed cryptographic systems and the development of provably secure solutions to real-world cryptographic problems. He is a winner of an Applied Networking Research Prize from the IRTF for his work on the Lucky 13 attack on TLS; a PETS award for Outstanding Research in Privacy Enhancing Technologies for his work with Mihir Bellare and Phil Rogaway on the Security of symmetric encryption against mass surveillance published at CRYPTO 2014; and a winner of a best paper award at ACM CCS 2016, with Martin Albrecht, Jean Paul Degabriele and Torben Hansen, for their work on SSH.


0-RTT Key Exchange with Full Forward Secrecy

Prof. Dr. Tibor Jager (University Paderborn) – Talk

Talk. 0-RTT Key Exchange with Full Forward Secrecy

Video. YouTube

Abstract. Reducing latency overhead while maintaining critical security guar- antees like forward secrecy has become a major design goal for key exchange (KE) protocols, both in academia and industry. Of particular interest in this re- gard are 0-RTT protocols, a class of KE protocols which allow a client to send cryptographically protected payload in zero round-trip time (0-RTT) along with the very first KE protocol message, thereby minimizing latency. Prominent ex- amples are Google’s QUIC protocol and the upcoming TLS protocol version 1.3. Intrinsically, the main challenge in a 0-RTT key exchange is to achieve forward secrecy and security against replay attacks for the very first payload message sent in the protocol. According to cryptographic folklore, it is impossible to achieve forward secrecy for this message, because the session key used to protect it must depend on a non-ephemeral secret of the receiver. If this secret is later leaked to an attacker, it should intuitively be possible for the attacker to compute the session key by performing the same computations as the receiver in the actual session.

We show that this belief is actually false. We construct the first 0-RTT key exchange protocol which provides full forward secrecy for all trans- mitted payload messages and is automatically resilient to replay attacks. In our construction we leverage a puncturable key encapsulation scheme which permits each ciphertext to only be decrypted once. Fundamentally, this is achieved by evolving the secret key after each decryption operation, but without modifying the corresponding public key or relying on shared state. Our construction can be seen as an application of the puncturable encryption idea of Green and Miers (S&P 2015). We provide a new generic and standard- model construction of this tool that can be instantiated with any selectively secure hierarchical identity-based key encapsulation scheme.

Biography. Tibor Jager teaches IT security and cryptography at Paderborn University. His research interests include applied and theoretical cryptography, with emphasis on the design and security analysis of digital signatures, public-key encryption schemes, and protocols, as well as practical attacks and countermeasures. He contributed to the discovery of security weaknesses in and practical attacks on major cryptographic standards and software libraries, including TLS, EAP-TLS, the W3C XML Encryption standard, and JSON Web Encryption/Web Signature.
Twitter: @tibor_jager

Advanced SSL/TLS Deployment Strategies

Frederik Braun (Mozilla) – Talk

Talk. Advanced SSL/TLS Deployment Strategies

Video. YouTube

Abstract. The web has evolved from hypertext to a powerful application platform. Powerful features like Geolocation, Push Notifications and Service Workers raise the stakes for application security.

Only HTTPS can guarantee integrity, confidentiality and authenticity of those web applications. We will cover deployment best practices that to strike a practical balance between security and compatibility. This includes a small digression into the inner guts of TLS to discuss cipher suites as well as certificate switching.

This talk also covers major deficiencies of the certificate ecosystems and demonstrates how to thwart the risks of misbehaving or even compromised Certificate Authorities with techniques like HTTPS Public Key Pinning or Certificate Transparancy.

Following this overview, common bypasses and shortcomings of these security mechanisms will also be discussed.

Biography. Frederik Braun is a Senior Security Engineer who works on Mozilla Firefox. Besides enhancing the built-in security checks, he has also been involved in web and mobile security. Frederik contributes to the W3C Web Application Security Working Group and co-authored the Subresource Integrity standard. He's also a former student of the Ruhr-University in Bochum and co-founded the CTF team Fluxfingers. When not working on computer security, Frederik spends time with his family in Berlin.
Twitter: @freddyb

Black-Box Security Analysis of State Machine Implementations

Dr. Joeri de Ruiter (Radboud University) – Talk

Talk. Black-Box Security Analysis of State Machine Implementations

Video. YouTube

Abstract. State machines play an important role when implementing any protocol. They specify which messages are to be sent at which state and how incoming messages should be processed at different stages of the protocol. Especially in security protocols, when mistakes are made in the implementation of the state machine this can lead to serious issues. In this talk we will show how black-box analysis techniques can be used to extract state machines from implementations and what kind of security issues this can reveal.

We applied this analysis on several protocols, including EMV and TLS. The analysis of TLS resulted, for example, in the discovery of a serious vulnerability in Java's TLS implementation, which made it possible to bypass encryption and certificate verification. The technique was also applied on 145 different version of OpenSSL and LibreSSL, which gave an interesting insight in the evolution of the implemented state machine and showed how several severe issues in the past can be observed.

The technique can also be used to analyse devices where physical input is required: with the help of a Lego robot we analysed handheld readers used for online banking. This could identify a vulnerability in the device where it is possible to bypass the acknowledgement from the user used to authorise a transaction.

The tool used in this research (StateLearner) is available as open source, and can easily be extended to support more protocols and systems.

Biography. Joeri de Ruiter is a researcher in the Digital Security group at the Radboud University in Nijmegen, The Netherlands. His research interests are in the analysis and design of real-world security protocols, such as TLS and EMV.
Twitter: @cypherpunknl

Breaking and Fixing a Cryptocurrency

Martin Grothe (Ruhr-University Bochum) – Talk

Talk. Breaking and Fixing a Cryptocurrency

Video. YouTube

Abstract. Bitcoin has been hailed as a new payment mechanism, and is currently accepted by millions of users. One of the major drawbacks of Bitcoin is the resource intensive Proof-of-Work computation. Proof-of-Work is used to establish the blockchain, but otherwise it does not bring any benefits and arguably is a waste of energy. To address this problem, several alternative cryptocurrencies have been presented. One of them is Gridcoin which rewards the users for solving BOINC problems. In our work we conducted the first security analysis of Gridcoin. We identified two critical security issues. The first issue allows an attacker to reveal all the e-mail addresses of the registered Gridcoin users. Even worse, the second issue gives an attacker the ability to steal the work performed by a BOINC user, and thus effectively steal his Gridcoins. These attacks have severe consequences and completely break the Gridcoin cryptocurrency. We practically evaluated and confirmed both attacks, and responsibly disclosed them to the Gridcoin maintainers, together with the proposed countermeasures.

Biography. Martin Grothe is a research assistant at the Chair for Network and Data Security at the Ruhr-University Bochum. Martin's research focuses on attacks against real-world protocols and security implementations. In August 2016, he and his colleagues demonstrated the first attacks against Microsofts Enterprise Rights Management (ERM) System, well known as Active Directory Rights Management Services (RMS). Further, in joined work with his colleagues at the Chair for Network and Data Security, he showed a new attack against PPTP VPNs, which utilizes RADIUS authentication.
Twitter: @ashitaka007

Five Years of Android Security Research: the Good, the Bad, the Ugly

Dr. Sven Bugiel (Saarland University) – Talk

Talk. Five Years of Android Security Research: the Good, the Bad, the Ugly

Video. YouTube

Abstract. Android security and privacy research has boomed in recent years, far outstripping investigations of other "appified" platforms. In this talk, we present an overview of the different research areas that have emerged around the Android ecosystem, their current state and outlook, as well as the lessons learned we can draw from Android for other contemporary or future appified platforms. In particular, in the last part of this talk, we will take a short look at ongoing investigations of third party code and tool-chain providers and their partly significant impact on the overall security state of the Android ecosystem.

Biography. Sven Bugiel is an Independent Research Group Leader and head of the Trusted Systems Group at the Center for IT-Security, Privacy and Accountability (CISPA), Saarland University. His research interests lie in the area of systems security and secure computing, where a particular focus is on mobile security, e.g., Android. In the past years, Sven’s research put a strong emphasis on novel access control solutions across the various layers of mobile software stacks, while more recently the ecosystem surrounding mobile platforms, such as third-party libraries, is of particular interest to him.
Twitter: @svebug

How to Hack Your Printer

Jens Müller (Ruhr-University Bochum) – Talk

Talk. How to Hack Your Printer

Video. YouTube

Abstract. The idea of a paperless office has been dreamed for more than three decades. However, nowadays printers are still one of the most essential devices for daily work and private people. Instead of getting rid of them, printers evolved from simple printing devices to complex network computer systems installed directly in company networks, and carrying lots of confidential data in their print jobs. This makes them to an attractive attack target.

In this paper we conduct a large scale analysis of printer attacks and systematize our knowledge by providing a general methodology for security analyses of printers. Based on our methodology we implemented an open-source tool called PRinter Exploitation Toolkit (PRET). We used PRET to evaluate 20 printer models from different vendors and found all of them to be vulnerable to at least one of the tested attacks. These attacks included, for example, simple Denial-of-Service (DoS) attacks or skilled attacks extracting print jobs and system files.

On top of our systematic analysis we reveal novel insights that enable attacks from the Internet by using advanced cross-site printing techniques combined with printer CORS-Spoofing. Finally, we show how to apply our attacks to systems beyond typical printers like Google Cloud Print or document processing websites. We hope that novel aspects from our work will become the foundation for future researches, for example, for the analysis of IoT security.

Biography. Jens Müller received his M.Sc. degree in IT Security / Networks and Systems from the Ruhr-University Bochum in 2016. He has experience as a freelancer in network penetration testing and security auditing. In his spare time he develops free open source software, at present tools related to network printer exploitation.
Twitter: @jensvoid

The (In)Security of Automotive Remote Keyless Entry Systems revisited

Dr. David Oswald (Kasper & Oswald) – Talk

Talk. The (In)Security of Automotive Remote Keyless Entry Systems revisited

Video. YouTube

Abstract. Remote keyless entry (RKE) systems, usually based on so-called rolling codes, are the most widespread way of (un)locking vehicle doors, opening the trunk, and disarming the alarm system. RKE is based on the unidirectional transmission of an (increasing) counter value, authenticated by means of symmetric cryptography. There are two major ways of attacking RKE systems: (i) by exploiting vulnerable key distribution schemes, and (ii) by making use of cryptographical weaknesses in the employed ciphers. In this talk, we will give practical example for both cases (based on our Usenix Security 2016 paper). First, we show that the RKE system used by the VW group (Audi, Seat, Skoda, Volkswagen) was based on only a handful global keys over the past 20 years. By extracting these keys from ECU firmware, an adversary is able to clone the owner's remote control from a distance of up to 100m, using a single rolling code. Second, we present novel attacks on the Hitag2 RKE scheme (employed by Alfa Romeo, Peugeot, Lancia, Opel, Renault, and Ford among others). Based on black-box reverse-engineering of the protocol, we devise a new cryptanalytical attack on Hitag2 for full key recovery, requiring four to eight rolling codes and negligible computation. Finally, our talk also includes a brief survey of the state of automotive security in general, a discussion of the responsible disclosure process, and recommendations for designing more secure RKE systems.

Biography. David Oswald is a lecturer (assistant professor) in the Security and Privacy Group at the University of Birmingham, UK. His main field of research is the security of embedded systems in the real world. On the one hand, the focus is on attack methods that exploit weaknesses in the physical implementation of mathematically secure cryptographic algorithms. Those techniques include both (passive) side-channel analysis and (active) fault injection, as well as reverse engineering. On the other hand, David is working on the practical realization of security systems in embedded applications. He is co-founder of the Kasper & Oswald GmbH, offering innovative products and services for security engineering. His research on vulnerabilities of various wide-spread systems (e.g. DESFire RFID smartcards, Yubikey two-factor authentication tokens, electronic locks, and VW/Hitag2 RKE systems) has created awareness for the crucial importance of security among developers of embedded devices.

A new categorization system for Side-channel attacks on mobile devices & more

Dr. Veelasha Moonsamy (Radboud University) – Talk

Talk. A new categorization system for Side-channel attacks on mobile devices & more

Video. YouTube

Abstract. Side-channel attacks on mobile devices have gained increasing attention since their introduction in 2007. While traditional side-channel attacks, such as power analysis attacks and electromagnetic analysis attacks, required physical presence of the attacker as well as expensive equipment, an (unprivileged) application is all it takes to exploit the leaking information on modern mobile devices. Given the vast amount of sensitive information that are stored on smartphones, the ramifications of side-channel attacks affect both the security and privacy of users and their devices.

In this talk, I will begin with an overview of existing side-channel attacks on mobile devices and argue for the need of a new categorization system as side-channel attacks have evolved significantly since their introduction during the smartcard era. I will explain how our proposed categorization system will help to facilitate the development of novel countermeasures and provide insights into possible future research directions.

In the second part of my talk, I will present our latest work on how an adversary can exploit side-channel information, in this case power from the phone battery, to maliciously control a public charging station in order to exfiltrate data from a smartphone via a USB charging cable (i.e. without using the data transfer functionality).

Biography. Veelasha Moonsamy is a postdoctoral researcher in the Digital Security group at Radboud University in The Netherlands. She obtained her PhD from Deakin University in Melbourne (Australia), under the supervision of Prof. Lynn Batten. Her research interests revolves around security and privacy on mobile devices, in particular side- and covert-channel attacks, malware detection and mitigation of information leaks at application and hardware level.
Twitter: @veelasha_m

Rowhammer Attacks: A Walkthrough Guide

Dr. Clémentine Maurice & Daniel Gruss (Graz University of Technology) – Talk

Talk. Rowhammer Attacks: A Walkthrough Guide

Video. YouTube

Abstract. In the past 2 years the so-called Rowhammer bug has caught the attention of many academic and non-academic researchers. The scary aspect of the Rowhammer bug is that is entirely invalidates software security assumptions. Isolation mechanisms are ineffective to a degree where an attacker can run in a website and compromise the entire host system.

In this walkthrough guide I will walk you through all Rowhammer attacks that have been presented so far. We will start with the seminal work by Kim. et. al. 2014 and discuss the basic idea of triggering bitflips in software. Subsequently we will discuss how to use their findings in exploits, as demonstrated by Google researchers in 2015. The results from the works of these two groups is still of vital interest for the discussion of countermeasures that now may find their way into the Linux kernel.

Subsequently, we will discuss several attacks that are derived from these initial Rowhammer attacks. We will discuss attacks that lower requirements: Rowhammer.js, non-temporal-access-based attacks, DRAMA and Drammer. These attacks move Rowhammer from the strictly x86 native setting on DDR3 memory to new environments like the JavaScript sandbox, DDR4, or even mobile devices.

Another branch of attacks combine Rowhammer with other attack primitives. We will discuss attacks using deduplication (Dedup est Machina, Flip Feng Shui) and their impact. Furthermore, we will discuss the first Rowhammer attacks on cryptographic primitives that have been presented in 2016.

Finally, we will discuss countermeasures, i.e. Rowhammer detection and Rowhammer mitigation. While several countermeasures have been discussed and some have even been deployed, the problem is widely unsolved. We will shed light on the ongoing discussion amongst Linux kernel developers and point out dead ends that should be avoided in the future.

Biography. Clémentine Maurice is a postdoctoral researcher in the Secure Systems group at the Graz University of Technology, in Austria. She obtained her PhD from Telecom ParisTech in October 2015 while working at Technicolor in Rennes, jointly with the S3 group of Eurecom in Sophia Antipolis. Among other topics, she is interested in microarchitectural covert and side channels and reverse-engineering processor parts. Her research aims at finding new attack vectors on modern commodity devices such as servers, laptops, desktops and mobile devices. She also led the research on Rowhammer hardware fault attacks in JavaScript through a remote website, an attack also known as Rowhammer.js. She presented her work at several academic conferences and venues like the 32nd CCC and BlackHat Europe.
Twitter: @BloodyTangerine

Daniel Gruss is a PhD Student at Graz University of Technology. He has done his master's thesis on identifying and minimizing architecture dependent code in operating system kernels. Daniel's research focuses on software-based side-channel attacks that exploit timing differences in hardware and operating system. In July 2015, he and his colleagues demonstrated the first hardware fault attack performed through a remote website, known as Rowhammer.js.
Twitter: @lavados

Secrets of the Google Vulnerability Reward Program

Krzysztof Kotowicz (Google) – Talk

Talk. Secrets of the Google Vulnerability Reward Program

Video. YouTube

Abstract. In Google VRP, we receive and process over 600 vulnerability reports a month. While the majority of them end up being invalid, some of the vulnerabilities reported by our bughunters from all over the world are amazing, in terms of their severity, impact and/or the difficulty of patching them on a Google scale. While some of them were already described in the past at various security conferences or writeups, most of them remain unknown to the security community.

In this presentation, we'll highlight the most interesting bug reports submitted through Google VRP, with the root causes both in our products, open source libraries or common software stacks. We'll analyze the security patches to the libraries we helped create, and reveal the full story behind them. For example, you'll get to know what has the reason behind a couple of Angular security releases.

Additionally, we'll give insights on how we evaluate and deal with vulnerability reports internally. Special focus will be put on the remediation process - making sure that a given vulnerability is not only patched, but prevented from happening ever again.

Biography. Krzysztof Kotowicz is an Information Security Engineer at Google and a panel member of Google's Vulnerability Rewards Program. He's a web security researcher specialized in Javascript, browser extensions and client-side security. Author of multiple open-source pentesting tools, and recognized HTML5/UI redressing attack vectors. Speaker at international IT security conferences & meetings (Black Hat, BruCON, Hack In Paris, CONFidence, SecurityByte, HackPra, OWASP AppSec, Insomni'Hack).
Twitter: @kkotowicz

Teach a Man to Phish and You Feed Him for a Lifetime

Armin Buescher (Symantec) – Talk

Talk. Teach a Man to Phish and You Feed Him for a Lifetime

Video. YouTube

Abstract. Phishing might seem like a simple attack vector relying on gullible users to happily give up their credentials. When digging deeper into the topic however, one will find many interesting aspects of phishing that have not been widely reported.

This talk will dive into the analysis of so-called phishing kits: archives of server-side (mostly PHP) code that can be used to quickly turn a compromised or launched server into a phishing ground for the selected target. Leveraging the phishing detection capabilities of our team, we crawled known compromised servers and were able to download over five thousand phishing kits over the last couple of months.

Being able to analyze the server-side source code of phishing pages at large scale yields insights into the workings of phishing campaigns and opens new possibilities to the motivated security researcher:
- Finding and abusing bugs in the kits
- Evading evasion
- Automating the creation of robust detection
- Geographically tracking the phishers

Biography. Armin Buescher is a security researcher focused on the analysis of attack trends and transferring research results into the development of novel detection/prevention technologies and analysis tools. He has over 8 years of experience working in the security industry for companies with changing points of view ranging from the endpoint and malware sandboxes to network security and web gateways.
Twitter: @armbues

Using Microarchitectural Design to Break KASLR and More

Anders Fogh (GDATA Advanced Analytics) – Talk

Talk. Using Microarchitectural Design to Break KASLR and More

Video. YouTube

Abstract. Typically, hackers focus on software bugs to find vulnerabilities in the trust model of computers. In this talk, however, we'll focus on, how the micro architectural design of computers and how they enable an attacker to breach trust boundaries. Specifically, we'll focus on how an attacker with no special privileges can gain insights into the kernel and how these insights can enable further breaches of security. We will focus on the x86-64 architecture. Unlike software bugs, micro architectural design issues have applications across operating systems and are independent of easily fixable software bugs. In modern operating systems the security model is enforced by the kernel. The kernel itself runs in a processor supported and protected state often called supervisor or kernel mode. Thus the kernel itself is protected from introspection and attack by hardware. We will present a method that'll allow for fast and reliable introspection into the memory hierarchy in the kernel based on undocumented CPU behavior and show how attackers could make use of this information to mount attacks on the kernel and consequently of the entire security model of modern computers. Making a map of memory and breaking KASLR Modern operating systems use a number of methods to prevent an attacker from running unauthorized code in kernel mode. They range from requiring user-privileges to load drivers, over driver signing to hardware enabled features preventing execution in memory marked as data such as DEP (Data Execution Prevention) or more resonantly SMEP that prevents execution of user allocated code with kernel level privileges. Often used bypasses modify either page tables or use so called code reuse attacks. Either way an attacker needs to know where the code or page tables are located. To further complicate an attack modern operating system is equipped with "Kernel Address Space Randomized Layout" (KASLR) that randomizes the location of important system memory.

We'll present a fast and reliable method to map where the kernel has mapped pages in the kernel mode area. Further, we'll present a method for locating specific kernel modules thus by passing KASLR and paving the way for classic privileged elevation attacks. Neither method requires any special privileges and they even run from a sandboxed environment. Also relevant is that our methods are more flexible than traditional software information leaks, since they leak information on the entire memory hierarchy. The core idea of the work is that the prefetch instructions leaks information about the caches that are related to translating a virtual address into a physical address. Also significant is that the prefetch instruction is unprivileged and does not cause exceptions nor does it have any privilege verification. Thus it can be used on any address in the address space. Physical to virtual address conversion A number of micro-architectural attacks is possible on modern computers. The Row hammer is probably the most famous of these attacks. But attacks methodologies such as cache side channel attacks have proven to be able to exfiltrate private data, such as private keys, across trust boundaries. These two attack methodologies have in common that they require information about how virtual memory is mapped to physical memory. Both methodologies have thus far either used the "/proc/PID/pagemap" which is now accessible only with administrator privileges or by using approximations. We will discuss a method where an unprivileged user is able to reconstruct this mapping. This goes a long way towards making the row hammer attack a practical attack vector and can be a valuable assistance in doing cache side channel attacks. Again we use the prefetch's instructions lack of privilege checking, but instead of using the timing that it leaks we now use the instructions ability to load CPU caches and that timing of memory access instructions depend heavily on the cache state. Finally, we will shortly outline a possible defense.

Biography. Anders Fogh has led numerous low level engineering efforts in the past 11 years. Prior to that he worked at VOB GmbH and Pinnacle System where he was responsible for major developments in video and CD/DVD recording software. Since 1993 he has been an avid malware hobbyist and has reverse engineering experience with operating systems from DOS to present day OSs as well as devices ranging from DVD players to USB sticks. He holds a master's degree in economics from the University of Aarhus. He was the first to suggest a software solution to the row hammer bug and spoke at Black Hat 2015 with Nishat Herath on the topic of using performance counters for security out comes.
Twitter: @anders_fogh

RuhrSec 2016

Select the edition: 2019 | 2018 | 2017 | 2016

Code-Reuse Attacks and Beyond

Prof. Dr. Thorsten Holz (Ruhr-University Bochum) - Keynote

Talk. Code-Reuse Attacks and Beyond

Video. YouTube

Abstract. Code-reuse attacks have become a prevalent technique to exploit memory corruption vulnerabilities in software programs. The focus of most attacks is on modifying code pointer and a variety of corresponding defenses has been proposed, of which many have already been successfully bypassed — and the arms race continues. In this talk, we provide an overview of some recent work we performed at Ruhr-University Bochum towards code-reuse attacks with and without modifying code pointers. On the one hand, we present some recent results on a technique called counterfeit object-oriented programming (COOP). We demonstrate that many existing defenses that do not consider object-oriented C++ or Objective-C semantics precisely can be generically bypassed in practice. On the other hand, we focus on non-control data attacks. We demonstrate some potential attacks and focus on data-only attacks that can bypass many of the existing defenses. We conclude the talk with an overview of potential other targets of code-reuse attacks and an outlook of future challenges.

Biography. Thorsten Holz is a professor in the Faculty of Electrical Engineering and Information Technology at Ruhr-University Bochum, Germany. His research interests include systems oriented aspects of secure systems, with a specific focus on applied computer security. Currently, his work concentrates on automated analysis of malicious software, reverse engineering, and studying latest attack vectors. He received the Dipl.-Inform. degree in Computer Science from RWTH Aachen, Germany (2005), and the Ph.D. degree from University of Mannheim (2009). Prior to joining Ruhr-University Bochum in April 2010, he was a postdoctoral researcher in the Automation Systems Group at the Technical University of Vienna, Austria.
Twitter: @thorstenholz

Transport Layer Security – TLS 1.3 and backwards security issues

Prof. Dr. Jörg Schwenk (Ruhr-University Bochum) - Keynote

Talk. Transport Layer Security – TLS 1.3 and backwards security issues

Video. YouTube

Abstract. Since the publication of CRIME and BEAST, many new attacks on TLS implementations surfaced each year. It turned out that some of the basic designs of TLS were flawed, e.g. the MAC-then-PAD-then-ENCRYPT construction of the TLS Record Layer. The IETF has therefore initiated work on TLS version 1.3, a major revision of the TLS standard. This new standard is influenced by Google's QUIC protocol, has lower latency, and improved security features.

In this talk, the outlines of the new standard will be sketched, and the current state of standardization described. In addition, we will have a look at backwards compatibility attacks, and ask if simply adding a new TLS version without deactivating the older ones will really improve security.

Biography. Since September 2003, Prof. Dr. Jörg Schwenk is the owner of the Chair for Network and Data Security at the Ruhr-University Bochum. The chair belongs to the renowned Horst Görtz Institute for IT Security. Professor Schwenk is an internationally recognized expert in the areas of cryptography and IT security. After completing his doctorate in the Department of Mathematics at the University of Giessen he moved in 1993 to Darmstadt, where he worked at the Telekom Technology center for applied research in the field of IT security. Professor Schwenk is an author of numerous international publications in renowned conferences (for example Eurocrypt, Asiacrypt or Communications and Multimedia Security), author of textbooks on cryptography and Internet security, and about 60 patents in the field of IT security.
Twitter: @JoergSchwenk


An Abusive Relationship with AngularJS v2

Dr. Mario Heiderich (Cure 53) - Talk

Talk. An Abusive Relationship with AngularJS v2

Video. YouTube

Abstract. Some voices claim that "Angular is what HTML would have been if it had been designed for building web applications". While this statement may or may not be true, is certainly accounts as one of the bolder ones a JavaScript web framework can ever issue. And where boldness is glistening like a German Bratwurst sausage in the evening sun, a critical review from a grumpy old security person shouldn’t be too far away.

This talk will have a stern, very stern look at AngularJS 1.x in particular and shed light on the security aspects of this ever-popular tool. Did the super-hero framework do everything right and follow its
own super-heroic principles? Does AngularJS increase or rather decrease the attack surface of a web application? How does AngularJS play along with the Content Security Policy, and was it a good idea to combine this kind of security with futuristic feature creep? And what about AngularJS version 2.0?

Beware that we won’t stop at glancing at the code itself, investigating security best practices, and verifying compatibility and other common things that contribute to robust security (or lack thereof). We will cross the moral border and see if the AngularJS team could notice rogue bug tickets. A pivotal question that everyone is wondering about is: Have they successfully kept evil minds like yours truly speaker here from introducing new security bugs into the code base?

This talk is a reckoning with a modern JavaScript framework that promises a lot and keeps even more, not necessarily for the best for developers and users. We will conclude in deriving a general lesson
learnt and hopefully agree that progress doesn't invariably mean an enhancement.

Biography. Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) “security researcher” is from Berlin, likes everything between lesser- and greater-than, leads the small yet exquisite pen-test company called Cure53 and pesters peaceful attendees on various 5th tier conferences with his hastily assembled powerpoint-slides. Other than that, Mario is a very simple person and only parses three-word sentences so don’t even bother addressing him with complex topics or rhetoric.

Automatic Extraction of Indicators of Compromise for Web Applications

Dr. Marco Balduzzi (Trend Micro Research) - Talk

Talk. Automatic Extraction of Indicators of Compromise for Web Applications

Video. YouTube

Abstract. Indicators of Compromise (IOCs) are forensic artifacts that are used as signs that a system has been compromised by an attack or that it has been infected with a particular malicious software. In this paper we propose for the first time an automated technique to extract and validate IOCs for web applications, by analyzing the information collected by a high-interaction honeypot. Our approach has several advantages compared with traditional techniques used to detect malicious websites. First of all, not all the compromised web pages are malicious or harmful for the user. Some may be defaced to advertise product or services, and some may be part of affiliate programs to redirect users toward (more or less legitimate) online shopping websites. In any case, it is important to detect those pages to inform their owners and to alert the users on the fact that the content of the page has been compromised and cannot be trusted. Also in the case of more traditional drive-by-download pages, the use of IOCs allows for a prompt detection and correlation of infected pages, even before they may be blocked by more traditional URLs blacklists. Our experiments show that our system is able to automatically generate web indicators of compromise that have been used by attackers for several months (and sometimes years) in the wild without being detected. So far, these apparently harmless scripts were able to stay under the radar of the existing detection methodologies – resisting for long time on public web sites.

Biography. Marco Balduzzi holds a Ph.D. in applied IT security from Télécom ParisTech and a M.Sc. in computer engineering from the University of Bergamo. His interests concern all aspect of computer security, with particular emphasis on real problems that affect systems and networks. Some topics on which he worked on are web and browser security, code analysis, botnets detection, cybercrime investigation, privacy and threats in social networks, malware and intrusion detection systems.
Twitter: @embyte

The beast within - Evading dynamic malware analysis using Microsoft COM

Ralf Hund (VMRay GmbH) - Talk

Talk. The beast within - Evading dynamic malware analysis using Microsoft COM

Video. YouTube

Abstract. Microsoft Common Object Model (COM) is technology which aims at providing binary programming interface for Windows programs. Despite its age almost ancient age, it still forms the internal fundament of many new Microsoft technologies such as .NET. However, in more than twenty years of further development, the inevitable pressure to retain backwards compatibility have turned the COM runtime into a obscure beast. These days, many COM interfaces exist that mirror almost the same functionality provided by common Windows APIs. Malware authors can easily execute almost any operation (creating files, starting new processes, etc.) only using COM calls. Dynamic malware analyzers must deal with this accordingly without getting lost in the shadowy depths of the COM runtime. The talk presents various aspects of automated dynamic COM malware analysis and shows which approaches are actually realizable and which ones are hopeless.

Biography. Ralf achieved his Ph.D. in computer science / IT-security at the Ruhr-University of Bochum in 2013. During his studies he focused on new analysis methods for binary software, with a strong focus on malware. Since then, he has been one of the co-founders and the CTO of VMRay GmbH, a Bochum-based IT-security company focusing on 3rd generation threat analysis and detection using advanced hypervisor-based dynamic analysis. He has experience in malware research and software development for more than 15 years and is an active speaker at various academic and industrial conferences. His special interests lie in virtualization techniques and its application to software analysis.

Cache Side-Channel Attacks and the case of Rowhammer

Daniel Gruss (University Of Technology Graz) - Talk

Talk. Cache Side-Channel Attacks and the case of Rowhammer

Video. YouTube

Abstract. Software security relies on isolation mechanisms provided by hardware and operating system.  However, isolation mechanisms are often insufficient, for instance due to the existence of  caches in hardware and software. Caches keep frequently used data in faster memory to reduce access time and to reduce the access frequency on slower memory. This introduces timing differences that can be exploited in side-channel attacks.

The first half of this talk is about state-of-the-art cache side-channel attacks. Most cache attacks target  cryptographic implementations and even full key recovery attacks cross-core, cross-VM in public clouds have been demonstrated. We recently found that cache attacks can be fully automatized, cache attacks are not limited to specific architectures, and cache attacks can be implemented based on a variety of  hardware features. This broadens the field of cache attacks and increases their impact significantly.

The second half of this talk is about the so-called Rowhammer effect, which can be exploited to gain  unrestricted access to systems. Recent studies have found that in most DDR3 DRAM modules random bit flips can occur due to the Rowhammer effect. These hardware faults can be triggered by an attacker without accessing the corresponding memory location, but by accessing other memory locations in a high frequency. The first attacks used cache maintenance operations as caches would prevent such frequent accesses. Frequent accesses from JavaScript would allow a remote attacker to exploit the Rowhammer effect. For this purpose it is necessary to defeat the complex cache replacement policies. We showed that this is possible last year. In this talk we will detail how to evaluate the huge parameter space of eviction strategies, discuss intuitive and counter-intuitive timing effects, and thereby close the gap between local Rowhammer exploits in native code and remote Rowhammer exploits through websites.

Biography. Daniel Gruss is a PhD Student at Graz University of Technology. He has done his master's thesis on identifying and minimizing architecture dependent code in operating system kernels. Daniel's research focuses on software-based side-channel attacks that exploit timing differences in hardware and operating system. In July 2015, he and his colleagues demonstrated the first hardware fault attack performed through a remote website, known as Rowhammer.js.
Twitter: @lavados

Cheshire Cat's Grin

Marion Marschalek (G Data) - Talk

Talk. Cheshire Cat's Grin

Video. N.A.

Abstract. There is malware, and then, there is m.a.l.w.a.r.e. Last year we got our fingers on a set of exquisite binaries which were definitely not the usual kind. No I'd never call malware sophisticated, after all thats not what it takes to be dangerous; or interesting. But those were a challenging beast, unusually intriguing.

For the lack of a better name, and given all the whacky traits the binaries come with, we dubbed the family CheshireCat. Thats the pink cat in Alice's wonderland with the most stupid grin. The CheshireCat binaries have been around since 2002, some are built for workstations as old as Windows NT4, they support dial-up connections and executable header checks for the NewExecutable file format. Go figure. We came to the conclusion, someone very dedicated has built CheshireCat for very special networks and kept his operation under the radar for more than a decade.

This talk will introduce CheshireCat's implementation traits, stealth tactics and wonderous functionalities. The term attribution might appear, once, to leave some clues about where CheshireCat might have come from.

Biography. Marion Marschalek is Principal Malware Researcher at GData AdvancedAnalytics, focusing on the analysis of emerging threats. Marion startedher career within the anti-virus industry and also worked on advancedthreat protection systems where she built a thorough understanding ofhow threats and protection systems work and how both occasionally fail.Next to that Marion teaches malware analysis at University of AppliedSciences St. Pölten and frequently contributes to articles and papers.She has spoken at international conferences around the globe, amongothers Blackhat, RSA, SyScan, hack.lu and Troopers. Marion came off aswinner of the Female Reverse Engineering Challenge 2013, organized by REprofessional Halvar Flake. She practices martial arts and has a vividpassion to take things apart. Preferably, other people's things.

The DROWN Attack

Prof. Dr. Sebastian Schinzel (Münster University of Applied Sciences) - Talk

Talk. The DROWN Attack

Video. YouTube

Abstract. We present DROWN, a novel cross-protocol attack thatcan decrypt passively collected TLS sessions from up-to-dateclients by using a server supporting SSLv2 as aBleichenbacher RSA padding oracle. We implemented theattack and can decrypt a TLS 1.2 handshake using 2048-bit RSA in under 8 hours using Amazon EC2, at a costof $440. Using Internet-wide scans, we find that 33% ofall HTTPS servers and 22% of those with browser-trustedcertificates are vulnerable to this protocol-level attack,due to widespread key and certificate reuse.

Biography. Sebastian is a professor for computer security at Münster University of Applied Sciences since 2013. His research topics include penetrationtesting techniques, applied cryptography, side channel attacks, and he speaks regularly at information security conferences.
Twitter: @seecurity

Eavesdropping on WebRTC Communication with Funny Cat Pictures

Dr. Martin Johns (SAP Research) - Talk

Talk. Eavesdropping on WebRTC Communication with Funny Cat Pictures

Video. YouTube

Abstract. WebRTC is one of the newest additions to the ever growing arsenal of Web browser-based technologies. In a shift away from the Web's classic Server-client architecture, WebRTC enables the creation of peer-to-peer channels between browsers, that do not traverse the Web server after initialization, allowing direct data transfer as well as audio/video chat. Well established protocols, such as HTTPS and DTLS/SCTP, outfit WebRTC's network communication (Both the browser-server as well as the browser-to-browser connections) with strong security guarantees, that render Man-in-the-Middle attacks virtually impossible. But -- not uncommon in Web scenarios -- the weakest link of the chain can be found on the JavaScript layer in the browser.

In this talk, we will show how a single Cross-site Scripting vulnerability, a compromised signaling server, or a malicious CDN can be utilized to fully intercept Web RTC communication and leak video & audio of both participants of the communication to a malicious third party. The attack is fully hidden from the compromised parties and requires no server infrastructure on the attacker's site.

Biography. Dr. Martin Johns is a Research Expert in the Security and Trust group within SAP AG, where he leads the web application security team. Furthermore, he serves on the board of the German OWASP chapter. Before joining SAP, Martin studied Mathematics and Computer Science at the Universities of Hamburg, Santa Cruz (CA), and Passau. During the 1990s and the early years of the new millennium, he earned his living as a software engineer in German companies (including Infoseek Germany, and TC Trustcenter). He holds a diploma in Computer Science from the University of Hamburg and a Doctorate from the University of Passau. Martin has a track record of over eight years applied WebAppSec research, published more than 20 papers on the subject, and is a regular speaker at international security conferences, including Black Hat, the OWASP AppSec series, CCS, ACSAC, ESORICS, PacSec, HackInTheBox, RSA Europe, and the CCC Congress.
Twitter: @datenkeller

Hacking with Unicode in 2016

Mathias Bynens (Opera) - Talk

Talk. Hacking with Unicode in 2016

Video. YouTube

Abstract. This presentation explores common mistakes made by programmers whendealing with Unicode support and character encodings on the Web. Foreach mistake, I explain how to fix/prevent it, but also how it couldpossibly be exploited.

Biography. Mathias is a Belgian web standards freak. He likes HTML, CSS, JavaScript, Unicode, performance, and security. At Opera Software he’s a member of the Developer Relations team.
Twitter: @mathias

Java deserialization vulnerabilities - The forgotten bug class

Matthias Kaiser (Code White GmbH) - Talk

Talk. Java deserialization vulnerabilities - The forgotten bug class

Video. YouTube

Abstract. Java deserialization vulnerabilities are a bug class on its own. Although several security researchers have published details in the past, still the bug class is fairly unknown. This talk is about finding and exploiting deserialization flaws in Java. Details on a new gadget will be disclosed, allowing Remote Code Execution. And several vulnerabilities discovered by Code White will be shown as Case Studies including a 0day.

Biography. Matthias is the Head of Vulnerability Research at Code White. He enjoys bug-hunting in Java Software because it's so easy. He found vulnerabilities in products of Oracle, IBM, SAP, Symantec, Apache, Adobe, Atlassian, etc. Currently, he enjoys researching deserialization and looking into COM/OLE.
Twitter: @matthias_kaiser

On the Security of Browser Extensions

Nicolas Golubovic (Ruhr-University Bochum) - Talk

Talk. On the Security of Browser Extensions

Video. YouTube

Abstract. In an everlasting struggle to find the balance between security, privacy and that toolbar which slipped in after you've installed Java, browser extension systems constantly evolve. Three years after Kotowicz has pwned our stuff, we will explore old and new attack techniques for both Firefox and Chrome. Finally, we will engage in a jolly expedition to long-forgotten extension types and convince them to exploit the browser itself.

Biography. Nicolas is a soon-to-be former student of the Ruhr-University Bochum. After finishing his master's degree, he will move to Zurich to join Google's web security efforts. Due to being a HackPra supervisor for roughly three years, Nicolas had the pleasure of listening to many great speakers and is eager to show that he has learned quite a few tricks of their trade over time.
Twitter: @_qll_

On Securing Legacy Software Against Code-Reuse Attacks

Dr. Lucas Vincenzo Davi (Technical University of Darmstadt) - Talk

Talk. On Securing Legacy Software Against Code-Reuse Attacks

Video. YouTube

Abstract. Code-Reuse attacks such as return-oriented programming constitute a powerful exploitation  technique that is frequently leveraged to compromise software on a wide range of architectures. These attacks generate malicious computation based on existing code (so-called gadgets) residing in linked  libraries. Both academia and industry have recently proposed defense techniques to mitigate code-reuse attacks. However, a continuous arms race has evolved between attacks and defenses. In this talk, we  will elaborate on the evolution of code-reuse attacks. In particular, we explore prominent defense  techniques that are based on control-flow integrity (CFI) enforcement and code randomization. Further, we discuss promising research directions such as hardware-assisted defenses and protection against  these attacks at the kernel layer.

Biography. Lucas Davi is an independent Claude Shannon research group leader of the Secure and Trustworthy Systems group at Technische Universität Darmstadt, Germany. He received his PhD from Technische Universität Darmstadt, Germany in computer science. He is also a researcher at the Intel Collaborative Research Institute for Secure Computing (ICRI-SC). His research focuses on software exploitation technique and defenses. In particular, he explores modern software exploitation attacks such as return-oriented programming (ROP) for ARM and Intel-based systems.

Security Nightmares in the Internet of Things: Electronic Locks and More

Dr. Timo Kasper (Kasper & Oswald GmbH) - Talk

Talk. Security Nightmares in the Internet of Things: Electronic Locks and More

Video. N.A.

Abstract. Wireless embedded devices have become omnipresent in applications such as access control (to doors or to PCs), identification, and payments. The talk reviews the security of several commercial devices that typically employ cryptographic mechanisms as a protection against ill-intended usage or to prevent unauthorized access to secured data. A combination of side-channel attacks, reverse-engineering and mathematical cryptanalysis helps to reveal and exploit weaknesses in the systems that for example allow opening secured doors in seconds. At hand of the real-world examples, the implications of a key extraction for the security of the respective contactless application are illustrated. As a powerful tool for security-analyzing and pentesting NFC and RFID systems, the open source project  "ChameleonMini" is presented: Besides virtualization and emulation of contactless cards, the device allows to log the NFC communication, and in its latest revision acts as an active RFID reader.

Biography. Timo Kasper studied electrical engineering and information technology at the Ruhr-University Bochum and at the University of Sheffield, UK. In 2006, his Diploma thesis "Embedded Security Analysis of RFID Devices" won the first place award for IT security (CAST, Darmstadt). Timo Kasper has been research assistant at the Chair for Embedded Security of the Horst Görtz Institute for IT Security (HGI) since October 2006. He completed his studies 2011 with a PhD in Engineering. In 2012, his PhD thesis "Security Analysis of Pervasive Wireless Devices - Physical and Protocol Attacks in Practice" won the first place award for IT security (CAST, Darmstadt). Timo is co-founder of Kasper & Oswald GmbH offering innovative products and services for security engineering.

Follow us

Twitter

Follow our tweets

YouTube

Enjoy our videos

Flickr

Refresh your memories

Calendar

Save the date