current research 2017/18 · current research 2017/18 ... use the force: evaluating force -sensitive...
TRANSCRIPT
Current Research 2017/18
Bundesministerium für Digitalisierung und Wirtschaftsstandort
Table of Contents
About SBA Research 1
Applied research – applied knowledge 2
AREA 1: Networked Systems Security
Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools G. Merzdovnik, M. Huber, D. Buhov, N. Nikiforakis, S. Neuner, M. Schmiedecker, E. Weippl
3
The Beauty or The Beast? Attacking Rate Limits of the Xen Hypervisor J. Ullrich, E. Weippl
4
A Wild Velvet Fork Appears! Inclusive Blockchain Protocol Changes in Practice A. Zamyatin, N. Stifter, P. Schindler, E. Weippl, W.J. Knottenbelt
5
Merged Mining: Curse or Cure? A. Judmayer, A. Zamyatin, N. Stifter, A. Voyiatzis, E. Weippl
6
Swimming with Fishes and Sharks: Beneath the Surface of Queue-based Ethereum Mining Pools A. Zamyatin, K. Wolter, S. Werner, C.E.A. Mulligan, P.G. Harrison and William J. Knottenbelt
7
Grid Shock: Coordinated Load-Changing Attacks on Power Grids A. Dabrowski, J. Ullrich, E. Weippl
8
AREA 2: Software Security
Protecting Software through Obfuscation: Can It Keep Pace with Progress in Code Analysis? S. Schrittwieser, S. Katzenbeisser, J. Kinder, G. Merzdovnik, E. Weippl
9
AREA 3: Privacy and Secure Societies
The Other Side of the Coin: User Experiences with Bitcoin Security and Privacy K. Krombholz, A. Judmayer, M. Gusenbauer, E. Weippl
10
Use the Force: Evaluating Force-Sensitive Authentication for Mobile Devices K. Krombholz, T. Hupperich, T. Holz
11
“I Have No Idea What I’m Doing” - On the Usability of Deploying HTTPS K. Krombholz, W. Mayer, M. Schmiedecker, E. Weippl
12
NavigaTor: Finding Faster Paths to Anonymity R. Anessi, M. Schmiedecker
13
The CyberROAD Project: A Research Roadmap against Cybercrime and Cyberterrorism P. Kieseberg
14
AREA 4: Applied Discrete Mathematics for Information Security
Combinatorial Security Testing (CST) D. E. Simos
15
Covering Arrays, Algorithms & Optimization (CALGO) D. E. Simos
16
ABOUT SBA RESEARCH
SBA Research was founded in 2006 as the first Austrian
research center for information security by the TU Wien,
the Graz University of Technology and the University of
Vienna. In recent years, the Vienna University of Economics
and Business, the AIT Austrian Institute of Technology
and the University of Applied Sciences St. Pölten joined
as academic partners.
Through scientific research of information security we
develop practical and applicable solutions, while focus-
ing on current issues like cyber security.
SBA Research employs approx. 100 people and is by
now the largest research center in Austria which exclu-
sively addresses information security. The center is part
of the Austrian COMET excellence program (COMET –
Competence Centers for Excellent Technologies).
SBA Research wurde 2006 als erstes österreichisches
Forschungszentrum für Informationssicherheit von der
Technischen Universität Wien, der Technischen Universität
Graz und der Universität Wien gegründet. In den letzten
Jahren sind die Wirtschaftsuniversität Wien, das AIT
Austrian Institute of Technology und die Fachhochschule
St. Pölten als akademische Partner beigetreten.
Durch die wissenschaftliche Auseinandersetzung mit
Informationssicherheit entwickeln wir – unter Berücksich-
tigung aktueller Themen wie Cybersecurity – praxis- und
anwendungsorientierte Lösungen.
SBA Research ist mit mehr als 100 Mitarbeitern und Mit-
arbeiterinnen mittlerweile das größte Forschungszentrum
Österreichs, das sich exklusiv mit Informationssicherheit
beschäftigt. Das Zentrum ist Teil des österreichischen
COMET-Exzellenzprogramms (COMET – Competence
Centers for Excellent Technologies).
SBA Research is the research center for information security in Austria.SBA Research ist das Forschungszentrum für Informationssicherheit in Österreich.
ÜBER SBA RESEARCH
1
The four research areas of SBA Research allow a compre-
hensive consideration of information security:
AREA 1 seeks approaches to the main security challenges
of networked systems; AREA 2 focuses on comprehen-
sive, lasting solutions to automatically and transparently
harden software; AREA 3 aims at privacy-protecting
mechanisms, the analysis of deployed systems and how
the privacy of individuals can be enhanced at large;
AREA 4 looks at the future of cryptography and combina-
torial security testing.
SBA Research researches and develops solutions in information security. Information security protects IT infrastructure and data
against damages done by persons or events. Thereby the
results of fundamental research are the basis for applied
research and development.
SBA Research erforscht und entwickelt Lösungen für Informationssicherheit.Informationssicherheit schützt IT-Infrastruktur und
Daten vor Schädigung durch Personen oder Ereignisse.
Die Ergebnisse aus der Grundlagenforschung bilden dabei
die Grundlage für anwendungsorientierte Forschung und
Entwicklung.
AREA 1 AREA 2 AREA 3 AREA 4
Software
Security
Privacy and
Secure Societies
Applied Discrete
Mathematics
for Information
Security
Networked
Systems
Security
APPLIED RESEARCH – APPLIED KNOWLEDGE
ANGEWANDTE FORSCHUNG – ANGEWANDTES WISSEN
Protection for Information ProcessingSchutz für Informationsverarbeitung
Die vier Forschungsbereiche von SBA Research ermög-
lichen eine ganzheitliche Betrachtung von Informations-
sicherheit:
AREA 1 sucht Antworten auf die wichtigsten Sicherheits-
fragen vernetzter Systeme; AREA 2 konzentriert sich
auf umfassende, dauerhafte Lösungen im Bereich der
Softwaresicherheit; AREA 3 widmet sich den Mechanis-
men zum Schutz von Privatsphäre, analysiert eingesetzte
Systeme und untersucht, wie die Privatsphäre von Indivi-
duen insgesamt verbessert werden kann; AREA 4 befasst
sich mit der Kryptographie der Zukunft und kombinato-
rischen Sicherheitstests.
2
�
�
�
�
[1-1
0k)
[20k-3
0k)
[40k-5
0k)
[60k-7
0k)
[80k-9
0k)
[100k-1
10k)
[120k-1
30k)
[140k-1
50k)
[160k-1
70k)
[180k-1
90k)
Alexa Rank
10%
20%
30%
40%
50%
60%
70%
80%
% o
f pages inclu
din
g 3
rd p
art
y d
om
ain
google-analytics.comdoubleclick.netgoogle.comgstatic.comfacebook.comgoogleapis.com
googlesyndication.comgoogleadservices.comfacebook.netadnxs.comtwitter.comfbcdn.net
�
���
[1-1
0k)
[20k-3
0k)
[40k-5
0k)
[60k-7
0k)
[80k-9
0k)
[100k-1
10k)
[120k-1
30k)
[140k-1
50k)
[160k-1
70k)
[180k-1
90k)
0%
20%
40%
60%
80%
100%
% o
f Thir
d P
art
y D
om
ain
ssti
ll inclu
ded (lower
is b
ett
er)
2 - 20
[1-1
0k)
[20k-3
0k)
[40k-5
0k)
[60k-7
0k)
[80k-9
0k)
[100k-1
10k)
[120k-1
30k)
[140k-1
50k)
[160k-1
70k)
[180k-1
90k)
20 - 200
[1-1
0k)
[20k-3
0k)
[40k-5
0k)
[60k-7
0k)
[80k-9
0k)
[100k-1
10k)
[120k-1
30k)
[140k-1
50k)
[160k-1
70k)
[180k-1
90k)
200 - 10000
disconnect combined ublock-origin privacybadger ghostery adblockplus
plain
adblockplus
disconnect
ghostery
privacybadger
ublock-origin
combined
Activated Browser Extension
0
20
40
60
80
100
Requests
to d
isti
nct
3rd
part
y d
om
ain
s in %
https only
http+https
http only
plain
easy
list
adaw
ay
moa
ab
Activated Blocklist (Android)
0
20
40
60
80
100
Requests
to d
isti
nct
3rd
part
y d
om
ain
s in %
plain
adblockplus
disconnect
ghostery
privacybadger
ublock-origin
combined
Activated Browser Extension
0
20
40
60
80
100
Requests
to 3
rd p
art
y d
om
ain
s in %
Social
Advertising
Analytics
Tag Manager
CDN
Affiliate Marketing
���
3
netbacknetfront
Rate LimitingRing Buffer
Domain0DomainN
......
TX Driver QueueTX netif Queue
��
1 2 3 4 5 6 7 8 9 10 11 12
1 2 3 4 5 6 7 8 9Adversary Virtual Machine
Requests
Replies
Time Window t
4 65555<
Credit Rate c
...
...
1st2nd3rd4th5th6th7th8th9th
0 5 10 15 20 25 30 35 40 45 50
wind
ow ti
me
slot
time in ms
Echo Request Echo Reply
Victim
Benign Connection(ICMP)
AdversaryVirtual
Machine
Attack Connection(ICMP, UDP or TCP)
���
0
10
20
30
40
50
60
70
0 0.5 1 1.5 2
RTT
in m
s
Send Time of Echo Request in s
Attack Time
Received Echo RepliesDropped Echo Replies
0
10
20
30
40
50
60
70
0 0.5 1 1.5 2
RTT
in m
s
Send Time of Echo Request in s
Attack Time
Received Echo Replies
0
200
400
600
800
1000
1200
0 2 4 6 8 10 12 14 16 18
Rela
tive
TCP
Sequ
ence
Num
ber
in M
B
Send/Receipt Time of Acknowledgements/Data in s
Attack Time
TCP AcknowledgmentsTCP Data
0
2000
4000
6000
8000
10000
12000
14000
0 2 4 6 8 10 12 14 16 18
RTT
in m
s
Send Time of Echo Request in ms
Attack Time
Received Echo RepliesDropped Echo Replies
4
P → P′ V V′ P P′ N
V′ = V ∪ N ,∃ ∈ N : /∈ V V′ ⊃ V V′
V′ = V \ N ,N ⊂ V V′ ⊂ V V′ V
V′ =(V ∪ N ) \ (V ∩ N ) =
(V′ �⊆ V)(V �⊆ V′)′ ∩ �= ∅
V′ = V V′ = V
� P′ ′ P ′ ⊃P′
P P′ P
� P′′ ′ ⊂
P′ PP
�
� P′
P P′
P′ P ′ =
�
�
5
Block
#vtx
HashPrevBlocknVersion
vtx[]
HashMerkleRootnTimenBits (Target)nNonce
Block Header
Coinbase Transaction
nSequence
coinbaseLencoinbase
blockHeight
coinbaseLen
Coinbase
arbitraryData
[magic] BlockHash / MerkleRootMerkleSizeMerkleNonce
blockHeightLen
coin
base
Merged MinedCoinbase
[data]
coinbaseLencoinbase
= 1= 0= 232-1
= n
...
�
�
�
�
�
�
�
6
�,† †,‡ † † † †�
‡†
(1)
( (1)) := ( (1)) − ( (2))
�
�
�λ =
�
� = 2.726 · 10−6
�
1.406 · 10−10
�
��
��
��
7
= 10
= 6
47.5
48
48.5
49
49.5
50
0 5 10 15 20 25 30
Freq
uenc
y in
Hz
Time in s
0.51
1.52
2.53
3.5
= 10
47.5
48
48.5
49
49.5
50
0 5 10 15 20 25 30
Freq
uenc
y in
Hz
Time in s
0.51
1.52
2.53
3.5
= 6
47.5
48
48.5
49
49.5
50
0 5 10 15 20 25 30
Freq
uenc
y in
Hz
Time in s
0.51
1.52
2.53
3.5
= 10
47.5
48
48.5
49
49.5
50
0 5 10 15 20 25 30
Freq
uenc
y in
Hz
Time in s
0.51
1.52
2.53
3.5
= 6
47.5
48
48.5
49
49.5
50
0 5 10 15 20 25 30
Freq
uenc
y in
Hz
Time in s
0.51
1.52
2.53
3.5
= 10
47.5
48
48.5
49
49.5
50
0 5 10 15 20 25 30
Freq
uenc
y in
Hz
Time in s
0.51
1.52
2.53
3.5
= 6
48.5
49
49.5
50
50.5
51
0 20 40 60 80 100 120
Freq
uenc
y in
Hz
Time in s
6s10s
48.5
49
49.5
50
50.5
51
0 20 40 60 80 100 120
Freq
uenc
y in
Hz
Time in s
6s10s
48.5
49
49.5
50
50.5
51
0 20 40 60 80 100 120
Freq
uenc
y in
Hz
Time in s
6s10s
Δ
� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �
8
�
�
�
�
�
�
�
PM Autom.Static Autom.Dynamic Human Assisted
Name LD LC LD LC EC UC LD LC EC UC LD LC EC UC
Data obfuscation
Reorderingdata X XChangingencodings X XConverting static data toprocedures X X XStatic code rewriting
Replacing instructions XOpaquepredicates XInsertingdead code X X XInserting irrelevant code XReorderingLoop transformationsFunction splitting/recombination XAliasing X XControl f ow obfuscation X X X X XParallelized codeNamescrambling XRemoving standard library calls XBreaking relationsDynamic code rewriting
Packing/Encryption X X X X X XDynamic codemodif cationsEnvironmental requirementsHardware-assisted codeobfuscation XVirtualization X X X X XAnti-debugging techniques X ? X X X
obfuscation breaks analysis fundamentallyobfuscation is not unbreakable, but makes analysis moreexpensive
Legend obfuscation only results in minor increases of costs for analysisX A checkmark indicates that the rating is supported by results in the literature.
Scenarios without a checkmark wereclassif ed based on theoretical evaluation.
�
�
�
�
WFW
9
��
���
�����
��
�
��
���
�
Das Kompetenzzentrum SBA Research wird im Rahmen von COMET – Competence Centers for Excellent Technologies durch BMVIT, BMWFW und das Land Wien gefördert. Das Programm COMET wird durch die FFG abgewickelt.
10
�
�
���
���
�����
��
Das Kompetenzzentrum SBA Research wird im Rahmen von COMET – Competence Centers for Excellent Technologies durch BMVIT, BMWFW und das Land Wien gefördert. Das Programm COMET wird durch die FFG abgewickelt.
11
��
���
����
�
�
�
������
����
12
�����
�����
����
����
���
��
13
������
�
�����
�����
�����
�����
Das Kompetenzzentrum SBA Research wird im Rahmen von COMET – Competence Centers for Excellent Technologies durch BMVIT, BMWFW und das Land Wien gefördert. Das Programm COMET wird durch die FFG abgewickelt.
14
��
�
�
��
���
��
� ⇒
��
∏179=1 , ∈ {2, . . . , 100}
�
��
�
�
��
�
�
���
�
��
� ≤�
�2128 = 3.4 × 1038
�
15
���
���
��
�
��
��
����
� λ
���
�� λ
��
���
�
( ; 3, 6, ) ( ; 4, , 8)
��
���
16