Privacy in Smart Homes
Prof. Christoph Sorge and his team analyzed for example the information an adversary can deduce from tapping wireless building automation systems and the effectiveness of protection mechanisms concluding that current mechanisms in place do not at all suffice as protection. Metadata such as the type of the device or the amount of data exchanged allow for detailed conclusions on the absence or presence of the residents. Sorges research aims at developing solutions that enable privacy-preserving encrypted wireless communication of building automation systems, while still preserving a reasonable battery lifetime. Read the press release by Saarland University on this project.
AUTOGRAM and tribble – Massive Automated Security Testing
Prof. Andreas Zeller’s group developed two tools for security testing. Given a set of program runs with inputs our “AUTOGRAM” tool automatically produces a so-called “context-free grammar”. The result is very accurate and readable, facilitates understanding the input structure, and can be used by a computer to parse, decompose, and analyze other inputs, and, most importantly, serve as input for massive systematic security testing. Their “tribble” tool uses a grammar to automatically produce millions of random yet valid inputs to a software system, which makes it infinitely more powerful than any traditional fuzzing system. With both tools security testing becomes fully automatic. Read the press release on Prof. Zeller’s projects.
This project is presented by Prof. Michael Backes, director of CISPA and head of the Information Security & Cryptography Group at Saarland University, and his team. Since Machine Learning relies on different aspects than human perception, small perturbations of the input may already lead to critical changes in computation. ML and Data Mining were not designed for a context in which an adversary tampers with the data. Due to their increased usage security aspects have become crucial. Backes’ ongoing research on adversarial learning for the android malware classifier shows that consequences can be serious: Adding carefully selected permissions to a malware application, the intelligent malware classifier suddenly classifies this App as benign. Their research aims at methods to detect and prevent such malignant perturbations, e.g. by training the machine learning algorithm itself to identify such perturbed inputs in the future.
Android Middleware Security Testing
Dr. Sven Bugiel’s project focuses on smart devices like smartphones or tablets. To protect private data on these devices, robust security and and privacy mechanisms are required that both perform correct access controls against malicious applications and prevent attacks from escalating their privileges on the device. Thorough security testing of the software stack’s code base is needed to ensure these properties. Classical testing techniques quickly reach their limits considering the high complexity and size of mobile software stacks. Thus, Bugiel presented the Android Middleware Fuzzer, an ongoing research project, to discover security-critical bugs using a unique approach through targeted graybox fuzz testing.
Genetic Privacy – Towards Health Data Privacy
Prof. Backes’s team around Pascal Berrang and Mathias Humbert demonstrate in their research that there are significant risks for the privacy of patients in epigenetics. They are developing technical solutions to reduce this risk when publishing epigenetic data for research purposes.
Read the press release by Saarland University on this project.
Early Warning System for DDoS Attacks Against Critical Infrastructure
Mass attacks on the Internet that aim at blocking a particular service called “Distributed Denial of Service (DDoS) Attack” are easy to implement and therefore widespread. Prof. Christian Rossow’s team has developed honeypots, systems especially prepared to be attacked to subsequently monitor the attacker’s actions, for distributed attacks. With their global sensor network, they have managed to document more than 1.5 million attacks, identify the different phases of these attacks to develop an early warning system, and also derive clues about the attackers’ identity using a special fingerprinting method.
vatiCAN – Vetted, Authenticated CAN Bus
Car manufacturers use a so-called CAN bus to facilitate communication between devices and units inside a car. However, this comes at a price: Once an attacker controls a device connected to the bus, he can pretend to be a different component and manipulate messages. Stefan Nürnberger and Prof. Rossow developed a system that enables components to trust both the source and contenct of messages on the CAN bus. The software called “vatiCAN” only enables real and honest senders to attach the required authentication codes to messages, allowing for a security check. Additional computations introduces by the software only slow down the communication by two milliseconds, acceptable even while active steering, when immediate actions are required.
ERC grants are awarded on a regular basis by the European Research Council and are considered the most important and prestigious awards for research in Europe.]]>
Saarland University has published a Press Release .
fltr: Prof. Christoph Sorge, Stefan Hessel, Photo: Ehrlich
List of selected articles/news:
Frankfurter Rundschau (German)
More than 150 people accepted CISPA’s invitation to “Landesvertretung des Saarlandes”.
After a welcome speech by the Prime Minister of Saarland, Ms. Annegret Kramp-Karrenbauer, Prof. Michael Backes, director of CISPA, gave a speech on “Autonomous Systems of the Future”, followed by a Panel Discussion.
Panel(ltr): Michael Hankel, Nadine Schön (MdB), Federal Minister of Education and Research Prof. Johanna Wanka, Prime Minister of Saarland Annegret Kramp-Karrenbauer, Prof. Michael Backes, Reinhard Karger]]>
Cybersecurity and civil liberties – how the new U.S. government will approach cyber threats
Timothy H. Edgar is the author ofBeyond Snowden: Privacy, Mass Surveillance and the Struggle to Reform the NSA(forthcoming 2017).
He served under President Obama from 2009 to 2010 as the first director of privacy and civil liberties for the White House National Security Staff, focusing on cyber security, open government, and data privacy initiatives.
From 2006 to 2009, he was the first deputy for civil liberties for the director of national intelligence, reviewing new surveillance authorities, the terrorist watchlist, and other sensitive programs.
He holds a JD from Harvard Law School, where he served on the Harvard Law Review, and an AB from Dartmouth College.
Mr Edgar’s talk is made possible through the support of the Embassy of the United States of America and the Deutsch-Amerikanisches Institut Saarbrücken.
For further information visit his Personal Website .
State of the net: Weaponized information, manipulated elections – How can IT security safeguard civil liberties & political independence?
Title : APP STORE 2.0: From Crowd Information to Actionable Feedback in Mobile Ecosystems
Building: E9 1 (CISPA), Room 0.01
Given the increasing competition in mobile app markets, improving the experience of users has become a major goal for app vendors. Previous studies have demonstrated that app users who encounter issues (e.g., crashes, unresponsive apps) frequently uninstall apps and move to alternative apps. Hence, quickly detecting and preventing issues is crucial for staying competitive in the market. This presentation introduces a visionary app store, called APP STORE 2.0, which exploits crowdsourced information about apps, devices and users to increase the overall quality of the delivered mobile apps. The APP STORE 2.0 contributes to the delivery of actionable feedbacks to deal with potential errors and threats that affect mobile apps prior to publication or even when the apps are in the hands of end-users. These feedbacks span over risk reports to support the decision process of app store moderators, reproducible scenarios to support the reproduction task of app developers, performance reports for app developers, and app patches for app users. We have prototyped these systems in the context of the Android ecosystem.
I am a postdoctoral researcher at Inria Lille - Nord Europe research center working with the SPIRALS team. I have recently obtained the International PhD in Computer Science, supervised by Prof. Romain Rouvoy and Prof. Lionel Seinturier at Inria Lille and the University of Lille. My research focuses on the automatic detection, reproduction, and repair of bugs in mobile applications in the wild by using crowdsourcing. My area of research includes Software Engineering, Mobile Computing, App Store Analysis and Crowdsourcing. During my PhD I had the pleasure to collaborate with internationally recognized researchers. In 2015 I obtained a Mitacs Globalink Research Award and I spent three months working with Dr. Bram Adams in the MCISgroup at Polytechnique Montréal (Montreal, Canada). In 2016, I spent four months working with Prof. Walid Maalej in the MAST group at the University of Hamburg (Hamburg, Germany).]]>
NDSS is one of the top-tier conferences in the area of IT security, with the major goal to "encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies".
CISPA researchers will present their papers at the conference venue in San Diego, CA, USA from 26 Feb - 01 Mar 2017.