-
Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments
Authors:
Felix Klement,
Alessandro Brighente,
Michele Polese,
Mauro Conti,
Stefan Katzenbeisser
Abstract:
In this paper, we investigate the security implications of virtualized and software-based Open Radio Access Network (RAN) systems, specifically focusing on the architecture proposed by the O-RAN ALLIANCE and O-Cloud deployments based on the O-RAN Software Community (OSC) stack and infrastructure. Our key findings are based on a thorough security assessment and static scanning of the OSC Near Real-…
▽ More
In this paper, we investigate the security implications of virtualized and software-based Open Radio Access Network (RAN) systems, specifically focusing on the architecture proposed by the O-RAN ALLIANCE and O-Cloud deployments based on the O-RAN Software Community (OSC) stack and infrastructure. Our key findings are based on a thorough security assessment and static scanning of the OSC Near Real-Time RAN Intelligent Controller (RIC) cluster. We highlight the presence of potential vulnerabilities and misconfigurations in the Kubernetes infrastructure supporting the RIC, also due to the usage of outdated versions of software packages, and provide an estimation of their criticality using various deployment auditing frameworks (e.g., MITRE ATT&CK and the NSA CISA). In addition, we propose methodologies to minimize these issues and harden the Open RAN virtualization infrastructure. These encompass the integration of security evaluation methods into the deployment process, implementing deployment hardening measures, and employing policy-based control for RAN components. We emphasize the need to address the problems found in order to improve the overall security of virtualized Open RAN systems.
△ Less
Submitted 3 May, 2024;
originally announced May 2024.
-
Risk Assessment Graphs: Utilizing Attack Graphs for Risk Assessment
Authors:
Simon Unger,
Ektor Arzoglou,
Markus Heinrich,
Dirk Scheuermann,
Stefan Katzenbeisser
Abstract:
Risk assessment plays a crucial role in ensuring the security and resilience of modern computer systems. Existing methods for conducting risk assessments often suffer from tedious and time-consuming processes, making it challenging to maintain a comprehensive overview of potential security issues. In this paper, we propose a novel approach that leverages attack graphs to enhance the efficiency and…
▽ More
Risk assessment plays a crucial role in ensuring the security and resilience of modern computer systems. Existing methods for conducting risk assessments often suffer from tedious and time-consuming processes, making it challenging to maintain a comprehensive overview of potential security issues. In this paper, we propose a novel approach that leverages attack graphs to enhance the efficiency and effectiveness of risk assessment. Attack graphs visually represent the various attack paths that adversaries can exploit within a system, enabling a systematic exploration of potential vulnerabilities. By extending attack graphs with capabilities to include countermeasures and consequences, they can be leveraged to constitute the complete risk assessment process. Our method offers a more streamlined and comprehensive analysis of system vulnerabilities, where system changes, or environment changes can easily be adapted and the issues exposing the highest risk can easily be identified. We demonstrate the effectiveness of our approach through a case study, as well as the applicability by combining existing risk assessment standards with our method. Our work aims to bridge the gap between risk assessment practices and evolving threat landscapes, offering an improved methodology for managing and mitigating risks in modern computer systems.
△ Less
Submitted 26 July, 2023;
originally announced July 2023.
-
Practical Non-Invasive Probing Attacks Against Novel Carbon-Nanotube-Based Physical Unclonable Functions
Authors:
Nikolaos Athanasios Anagnostopoulos,
Alexander Braml,
Nico Mexis,
Florian Frank,
Simon Böttger,
Martin Hartmann,
Sascha Hermann,
Elif Bilge Kavun,
Stefan Katzenbeisser,
Tolga Arul
Abstract:
As the number of devices being interconnected increases, so does also the demand for (lightweight) security. To this end, Physical Unclonable Functions (PUFs) have been proposed as hardware primitives that can act as roots of trust and security. Recently, a new type of PUF based on Carbon NanoTubes (CNTs) has been proposed. At the same time, attacks and testing based on direct electrical probing a…
▽ More
As the number of devices being interconnected increases, so does also the demand for (lightweight) security. To this end, Physical Unclonable Functions (PUFs) have been proposed as hardware primitives that can act as roots of trust and security. Recently, a new type of PUF based on Carbon NanoTubes (CNTs) has been proposed. At the same time, attacks and testing based on direct electrical probing appear to be moving towards non-invasive techniques. In this context, this work attempts to examine the potential for practical non-invasive probing attacks against the CNT-PUF, a novel PUF based on CNTs. Our results indicate that direct probing might potentially compromise the security of this PUF. Nevertheless, we note that this holds true only in the case that the attacker can directly probe the wire corresponding to the secret value of each CNT-PUF cell. Thus, we can conclude that the examined CNT-PUFs are rather resilient to direct probing attacks, that non-invasive probing methods appear to be promising for testing such PUFs, and that, in order for the attacker to gain the full-length value of the secret, all the relevant channels would need to be probed. Nevertheless, as our work proves, practical non-invasive attacks against the CNT-PUF are feasible and adequate countermeasures need to be employed in order to address this issue.
△ Less
Submitted 3 July, 2023;
originally announced July 2023.
-
Real-World Chaos-Based Cryptography Using Synchronised Chua Chaotic Circuits
Authors:
Emiliia Nazarenko,
Nikolaos Athanasios Anagnostopoulos,
Stavros G. Stavrinides,
Nico Mexis,
Florian Frank,
Tolga Arul,
Stefan Katzenbeisser
Abstract:
This work presents the hardware demonstrator of a secure encryption system based on synchronised Chua chaotic circuits. In particular, the presented encryption system comprises two Chua circuits that are synchronised using a dedicated bidirectional synchronisation line. One of them forms part of the transmitter, while the other of the receiver. Both circuits are tuned to operate in a chaotic mode.…
▽ More
This work presents the hardware demonstrator of a secure encryption system based on synchronised Chua chaotic circuits. In particular, the presented encryption system comprises two Chua circuits that are synchronised using a dedicated bidirectional synchronisation line. One of them forms part of the transmitter, while the other of the receiver. Both circuits are tuned to operate in a chaotic mode. The output (chaotic) signal of the first circuit (transmitter) is digitised and then combined with the message to be encrypted, through an XOR gate. The second Chua circuit (receiver) is used for the decryption; the output chaotic signal of this circuit is similarly digitised and combined with the encrypted message to retrieve the original message. Our hardware demonstrator proves that this method can be used in order to provide extremely lightweight real-world, chaos-based cryptographic solutions.
△ Less
Submitted 13 July, 2023; v1 submitted 11 August, 2022;
originally announced October 2022.
-
Man-in-the-OBD: A modular, protocol agnostic firewall for automotive dongles to enhance privacy and security
Authors:
Felix Klement,
Henrich C. Pöhls,
Stefan Katzenbeisser
Abstract:
Third-party dongles for cars, e.g. from insurance companies, can extract sensitive data and even send commands to the car via the standardized OBD-II interface. Due to the lack of message authentication mechanisms, this leads to major security vulnerabilities for example regarding the connection with malicious devices. Therefore, we apply a modular, protocol-independent firewall approach by placin…
▽ More
Third-party dongles for cars, e.g. from insurance companies, can extract sensitive data and even send commands to the car via the standardized OBD-II interface. Due to the lack of message authentication mechanisms, this leads to major security vulnerabilities for example regarding the connection with malicious devices. Therefore, we apply a modular, protocol-independent firewall approach by placing a man-in-the-middle between the third-party dongle and the car's OBD-II interface. With this privileged network position, we demonstrate how the data flow accessible through the OBD-II interface can be modified or restricted. We can modify the messages contents or delay the arrival of messages by using our fine-granular configurable rewriting rules, specifically designed to work protocol agnostic. We have implemented our modular approach for a configurable firewall at the OBD-II interface and successfully tested it against third-party dongles available on the market. Thus, our approach enables a security layer to enhance automotive privacy and security of dongle users, which is of high relevance due to missing message authentications on the level of the electronic control units.
△ Less
Submitted 15 October, 2022;
originally announced October 2022.
-
Abusing Commodity DRAMs in IoT Devices to Remotely Spy on Temperature
Authors:
Florian Frank,
Wenjie Xiong,
Nikolaos Athanasios Anagnostopoulos,
André Schaller,
Tolga Arul,
Farinaz Koushanfar,
Stefan Katzenbeisser,
Ulrich Ruhrmair,
Jakub Szefer
Abstract:
The ubiquity and pervasiveness of modern Internet of Things (IoT) devices opens up vast possibilities for novel applications, but simultaneously also allows spying on, and collecting data from, unsuspecting users to a previously unseen extent. This paper details a new attack form in this vein, in which the decay properties of widespread, off-the-shelf DRAM modules are exploited to accurately sense…
▽ More
The ubiquity and pervasiveness of modern Internet of Things (IoT) devices opens up vast possibilities for novel applications, but simultaneously also allows spying on, and collecting data from, unsuspecting users to a previously unseen extent. This paper details a new attack form in this vein, in which the decay properties of widespread, off-the-shelf DRAM modules are exploited to accurately sense the temperature in the vicinity of the DRAM-carrying device. Among others, this enables adversaries to remotely and purely digitally spy on personal behavior in users' private homes, or to collect security-critical data in server farms, cloud storage centers, or commercial production lines. We demonstrate that our attack can be performed by merely compromising the software of an IoT device and does not require hardware modifications or physical access at attack time. It can achieve temperature resolutions of up to 0.5°C over a range of 0°C to 70°C in practice. Perhaps most interestingly, it even works in devices that do not have a dedicated temperature sensor on board. To complete our work, we discuss practical attack scenarios as well as possible countermeasures against our temperature espionage attacks.
△ Less
Submitted 3 August, 2022;
originally announced August 2022.
-
Open or not open: Are conventional radio access networks more secure and trustworthy than Open-RAN?
Authors:
Felix Klement,
Stefan Katzenbeisser,
Vincent Ulitzsch,
Juliane Krämer,
Slawomir Stanczak,
Zoran Utkovski,
Igor Bjelakovic,
Gerhard Wunder
Abstract:
The Open RAN architecture is a promising and future-oriented architecture. It is intended to open up the radio access network (RAN) and enable more innovation and competition in the market. This will lead to RANs for current 5G networks, but especially for future 6G networks, evolving from the current highly integrated, vendor-specific RAN architecture towards disaggregated architectures with open…
▽ More
The Open RAN architecture is a promising and future-oriented architecture. It is intended to open up the radio access network (RAN) and enable more innovation and competition in the market. This will lead to RANs for current 5G networks, but especially for future 6G networks, evolving from the current highly integrated, vendor-specific RAN architecture towards disaggregated architectures with open interfaces that will enable to better tailor RAN solutions to the requirements of 5G and 6G applications. However, the introduction of such an open architecture substantially broadens the attack possibilities when compared to conventional RANs. In the past, this has often led to negative headlines that in summary have associated Open RAN with faulty or inadequate security. In this paper, we analyze what components are involved in an Open RAN deployment, how to assess the current state of security, and what measures need to be taken to ensure secure operation.
△ Less
Submitted 22 June, 2022; v1 submitted 26 April, 2022;
originally announced April 2022.
-
On the Sustainability of Lightweight Cryptography Based on PUFs Implemented on NAND Flash Memories Using Programming Disturbances
Authors:
Nikolaos Athanasios Anagnostopoulos,
Yufan Fan,
Muhammad Umair Saleem,
Nico Mexis,
Florian Frank,
Tolga Arul,
Stefan Katzenbeisser
Abstract:
In this work, we examine the potential of Physical Unclonable Functions (PUFs) that have been implemented on NAND Flash memories using programming disturbances to act as sustainable primitives for the purposes of lightweight cryptography. In particular, we investigate the ability of such PUFs to tolerate temperature and voltage variations, and examine the current shortcomings of existing NAND-Flas…
▽ More
In this work, we examine the potential of Physical Unclonable Functions (PUFs) that have been implemented on NAND Flash memories using programming disturbances to act as sustainable primitives for the purposes of lightweight cryptography. In particular, we investigate the ability of such PUFs to tolerate temperature and voltage variations, and examine the current shortcomings of existing NAND-Flash-memory PUFs that are based on programming disturbances as well as how these could potentially be addressed in order to provide more robust and more sustainable security solutions.
△ Less
Submitted 11 June, 2022; v1 submitted 5 April, 2022;
originally announced April 2022.
-
Evaluation of Cache Attacks on Arm Processors and Secure Caches
Authors:
Shuwen Deng,
Nikolay Matyunin,
Wenjie Xiong,
Stefan Katzenbeisser,
Jakub Szefer
Abstract:
Timing-based side and covert channels in processor caches continue to be a threat to modern computers. This work shows for the first time a systematic, large-scale analysis of Arm devices and the detailed results of attacks the processors are vulnerable to. Compared to x86, Arm uses different architectures, microarchitectural implementations, cache replacement policies, etc., which affects how att…
▽ More
Timing-based side and covert channels in processor caches continue to be a threat to modern computers. This work shows for the first time a systematic, large-scale analysis of Arm devices and the detailed results of attacks the processors are vulnerable to. Compared to x86, Arm uses different architectures, microarchitectural implementations, cache replacement policies, etc., which affects how attacks can be launched, and how security testing for the vulnerabilities should be done. To evaluate security, this paper presents security benchmarks specifically developed for testing Arm processors and their caches. The benchmarks are themselves evaluated with sensitivity tests, which examine how sensitive the benchmarks are to having a correct configuration in the testing phase. Further, to evaluate a large number of devices, this work leverages a novel approach of using a cloud-based Arm device testbed for architectural and security research on timing channels and runs the benchmarks on 34 different physical devices. In parallel, there has been much interest in secure caches to defend the various attacks. Consequently, this paper also investigates secure cache architectures using the proposed benchmarks. Especially, this paper implements and evaluates the secure PL and RF caches, showing the security of PL and RF caches, but also uncovers new weaknesses.
△ Less
Submitted 31 October, 2021; v1 submitted 26 June, 2021;
originally announced June 2021.
-
A Security Architecture for Railway Signalling
Authors:
Christian Schlehuber,
Markus Heinrich,
Tsvetoslava Vateva-Gurova,
Stefan Katzenbeisser,
Neeraj Suri
Abstract:
We present the proposed security architecture Deutsche Bahn plans to deploy to protect its trackside safety-critical signalling system against cyber-attacks. We first present the existing reference interlocking system that is built using standard components. Next, we present a taxonomy to help model the attack vectors relevant for the railway environment. Building upon this, we present the propose…
▽ More
We present the proposed security architecture Deutsche Bahn plans to deploy to protect its trackside safety-critical signalling system against cyber-attacks. We first present the existing reference interlocking system that is built using standard components. Next, we present a taxonomy to help model the attack vectors relevant for the railway environment. Building upon this, we present the proposed "compartmentalized" defence concept for securing the upcoming signalling systems.
△ Less
Submitted 9 September, 2020;
originally announced September 2020.
-
Rule-based Anomaly Detection for Railway Signalling Networks
Authors:
Markus Heinrich,
Arwed Gölz,
Tolga Arul,
Stefan Katzenbeisser
Abstract:
We propose a rule-based anomaly detection system for railway signalling that mitigates attacks by a Dolev-Yao attacker who is able to inject control commands and to perform semantic attacks. The system as well mitigates the effects of a compromised signal box that an attacker uses to issue licit but mistimed control messages. We consider an attacker that could cause train derailments and collision…
▽ More
We propose a rule-based anomaly detection system for railway signalling that mitigates attacks by a Dolev-Yao attacker who is able to inject control commands and to perform semantic attacks. The system as well mitigates the effects of a compromised signal box that an attacker uses to issue licit but mistimed control messages. We consider an attacker that could cause train derailments and collisions, if our countermeasure is not employed. We apply safety principles of railway operation to a distributed anomaly detection system that inspects incoming commands on the signals and points. The proposed anomaly detection system detects all attacks of our model without producing false positives, while it requires only a small amount of overhead in terms of network communication and latency compared to normal train operation.
△ Less
Submitted 12 August, 2020;
originally announced August 2020.
-
Secure Computation of the kth-Ranked Element in a Star Network
Authors:
Anselme Tueno,
Florian Kerschbaum,
Stefan Katzenbeisser,
Yordan Boev,
Mubashir Qureshi
Abstract:
We consider the problem of securely computing the kth-ranked element in a sequence of n private integers distributed among n parties. The kth-ranked element (e.g., minimum, maximum, median) is of particular interest in benchmarking, which allows a company to compare its own key performance indicator to the statistics of its peer group. The individual integers are sensitive data, yet the kth-ranked…
▽ More
We consider the problem of securely computing the kth-ranked element in a sequence of n private integers distributed among n parties. The kth-ranked element (e.g., minimum, maximum, median) is of particular interest in benchmarking, which allows a company to compare its own key performance indicator to the statistics of its peer group. The individual integers are sensitive data, yet the kth-ranked element is of mutual interest to the parties. Previous secure computation protocols for the kth-ranked element require a communication channel between each pair of parties. They do not scale to a large number of parties as they are highly interactive resulting in longer delays. Moreover, they are difficult to deploy as special arrangements are required between each pair of parties to establish a secure connection. A server model naturally fits with the client-server architecture of Internet applications in which clients are connected to the server and not to other clients. It can simplify secure computation by reducing the number of rounds, and as a result, improve its performance and scalability. In this model, there are communication channels only between each client and the server, while only clients provide inputs to the computation. Hence, it is a centralized communication pattern, i.e., a star network. We propose different approaches for privately computing the kth-ranked element in the server model, using either garbled circuits or threshold homomorphic encryption. Our schemes have a constant number of rounds and can compute the kth-ranked element within seconds for up to 50 clients in a WAN.
△ Less
Submitted 18 September, 2019;
originally announced September 2019.
-
MagneticSpy: Exploiting Magnetometer in Mobile Devices for Website and Application Fingerprinting
Authors:
Nikolay Matyunin,
Yujue Wang,
Tolga Arul,
Kristian Kullmann,
Jakub Szefer,
Stefan Katzenbeisser
Abstract:
Recent studies have shown that aggregate CPU usage and power consumption traces on smartphones can leak information about applications running on the system or websites visited. In response, access to such data has been blocked for mobile applications starting from Android 8. In this work, we explore a new source of side-channel leakage for this class of attacks. Our method is based on the fact th…
▽ More
Recent studies have shown that aggregate CPU usage and power consumption traces on smartphones can leak information about applications running on the system or websites visited. In response, access to such data has been blocked for mobile applications starting from Android 8. In this work, we explore a new source of side-channel leakage for this class of attacks. Our method is based on the fact that electromagnetic activity caused by mobile processors leads to noticeable disturbances in magnetic sensor measurements on mobile devices, with the amplitude being proportional to the CPU workload. Therefore, recorded sensor data can be analyzed to reveal information about ongoing activities. The attack works on a number of devices: we evaluated 80 models of modern smartphones and tablets and observed the reaction of the magnetometer to the CPU activity on 56 of them. On selected devices we were able to successfully identify which application has been opened (with up to 90% accuracy) or which web page has been loaded (up to 91% accuracy). The presented side channel poses a significant risk to end users' privacy, as the sensor data can be recorded from native apps or even from web pages without user permissions. Finally, we discuss possible countermeasures to prevent the presented information leakage.
△ Less
Submitted 7 September, 2019; v1 submitted 26 June, 2019;
originally announced June 2019.
-
Intrinsic Rowhammer PUFs: Leveraging the Rowhammer Effect for Improved Security
Authors:
André Schaller,
Wenjie Xiong,
Nikolaos Athanasios Anagnostopoulos,
Muhammad Umair Saleem,
Sebastian Gabmeyer,
Stefan Katzenbeisser,
Jakub Szefer
Abstract:
Physically Unclonable Functions (PUFs) have become an important and promising hardware primitive for device fingerprinting, device identification, or key storage. Intrinsic PUFs leverage components already found in existing devices, unlike extrinsic silicon PUFs, which are based on customized circuits that involve modification of hardware. In this work, we present a new type of a memory-based intr…
▽ More
Physically Unclonable Functions (PUFs) have become an important and promising hardware primitive for device fingerprinting, device identification, or key storage. Intrinsic PUFs leverage components already found in existing devices, unlike extrinsic silicon PUFs, which are based on customized circuits that involve modification of hardware. In this work, we present a new type of a memory-based intrinsic PUF, which leverages the Rowhammer effect in DRAM modules; the Rowhammer PUF. Our PUF makes use of bit flips, which occur in DRAM cells due to rapid and repeated access of DRAM rows. Prior research has mainly focused on Rowhammer attacks, where the Rowhammer effect is used to illegitimately alter data stored in memory, e.g., to change page table entries or enable privilege escalation attacks. Meanwhile, this is the first work to use the Rowhammer effect in a positive context: to design a novel PUF. We extensively evaluate the Rowhammer PUF using commercial, off-the-shelf devices, not relying on custom hardware or an FPGA-based setup. The evaluation shows that the Rowhammer PUF holds required properties needed for the envisioned security applications, and could be deployed today.
△ Less
Submitted 12 February, 2019;
originally announced February 2019.
-
On (The Lack Of) Location Privacy in Crowdsourcing Applications
Authors:
Spyros Boukoros,
Mathias Humbert,
Stefan Katzenbeisser,
Carmela Troncoso
Abstract:
Crowdsourcing enables application developers to benefit from large and diverse datasets at a low cost. Specifically, mobile crowdsourcing (MCS) leverages users' devices as sensors to perform geo-located data collection. The collection of geolocated data raises serious privacy concerns for users. Yet, despite the large research body on location privacy-preserving mechanisms (LPPMs), MCS developers…
▽ More
Crowdsourcing enables application developers to benefit from large and diverse datasets at a low cost. Specifically, mobile crowdsourcing (MCS) leverages users' devices as sensors to perform geo-located data collection. The collection of geolocated data raises serious privacy concerns for users. Yet, despite the large research body on location privacy-preserving mechanisms (LPPMs), MCS developers implement little to no protection for data collection or publication. To understand this mismatch, we study the performance of existing LPPMs on publicly available data from two mobile crowdsourcing projects. Our results show that well-established defenses are either not applicable or offer little protection in the MCS setting. Additionally, they have a much stronger impact on applications' utility than foreseen in the literature. This is because existing LPPMs, designed with location-based services (LBSs) in mind, are optimized for utility functions based on users' locations, while MCS utility functions depend on the values (e.g., measurements) associated with those locations. We finally outline possible research avenues to facilitate the development of new location privacy solutions that fit the needs of MCS so that the increasing number of such applications do not jeopardize their users' privacy.
△ Less
Submitted 5 June, 2019; v1 submitted 15 January, 2019;
originally announced January 2019.
-
QRES: Quantitative Reasoning on Encrypted Security SLAs
Authors:
Ahmed Taha,
Spyros Boukoros,
Jesus Luna,
Stefan Katzenbeisser,
Neeraj Suri
Abstract:
While regulators advocate for higher cloud transparency, many Cloud Service Providers (CSPs) often do not provide detailed information regarding their security implementations in their Service Level Agreements (SLAs). In practice, CSPs are hesitant to release detailed information regarding their security posture for security and proprietary reasons. This lack of transparency hinders the adoption o…
▽ More
While regulators advocate for higher cloud transparency, many Cloud Service Providers (CSPs) often do not provide detailed information regarding their security implementations in their Service Level Agreements (SLAs). In practice, CSPs are hesitant to release detailed information regarding their security posture for security and proprietary reasons. This lack of transparency hinders the adoption of cloud computing by enterprises and individuals. Unless CSPs share information regarding the technical details of their security proceedings and standards, customers cannot verify which cloud provider matched their needs in terms of security and privacy guarantees. To address this problem, we propose QRES, the first system that enables (a) CSPs to disclose detailed information about their offered security services in an encrypted form to ensure data confidentiality, and (b) customers to assess the CSPs' offered security services and find those satisfying their security requirements. Our system preserves each party's privacy by leveraging a novel evaluation method based on Secure Two Party Computation (2PC) and Searchable Encryption techniques. We implement QRES and highlight its usefulness by applying it to existing standardized SLAs. The real world tests illustrate that the system runs in acceptable time for practical application even when used with a multitude of CSPs. We formally prove the security requirements of the proposed system against a strong realistic adversarial model, using an automated cryptographic protocol verifier.
△ Less
Submitted 12 April, 2018;
originally announced April 2018.
-
PROPYLA: Privacy Preserving Long-Term Secure Storage
Authors:
Matthias Geihs,
Nikolaos Karvelas,
Stefan Katzenbeisser,
Johannes Buchmann
Abstract:
An increasing amount of sensitive information today is stored electronically and a substantial part of this information (e.g., health records, tax data, legal documents) must be retained over long time periods (e.g., several decades or even centuries). When sensitive data is stored, then integrity and confidentiality must be protected to ensure reliability and privacy. Commonly used cryptographic…
▽ More
An increasing amount of sensitive information today is stored electronically and a substantial part of this information (e.g., health records, tax data, legal documents) must be retained over long time periods (e.g., several decades or even centuries). When sensitive data is stored, then integrity and confidentiality must be protected to ensure reliability and privacy. Commonly used cryptographic schemes, however, are not designed for protecting data over such long time periods. Recently, the first storage architecture combining long-term integrity with long-term confidentiality protection was proposed (AsiaCCS'17). However, the architecture only deals with a simplified storage scenario where parts of the stored data cannot be accessed and verified individually. If this is allowed, however, not only the data content itself, but also the access pattern to the data (i.e., the information which data items are accessed at which times) may be sensitive information. Here we present the first long-term secure storage architecture that provides long-term access pattern hiding security in addition to long-term integrity and long-term confidentiality protection. To achieve this, we combine information-theoretic secret sharing, renewable timestamps, and renewable commitments with an information-theoretic oblivious random access machine. Our performance analysis of the proposed architecture shows that achieving long-term integrity, confidentiality, and access pattern hiding security is feasible.
△ Less
Submitted 27 April, 2019; v1 submitted 27 November, 2017;
originally announced November 2017.
-
Scalable Attestation Resilient to Physical Attacks for Embedded Devices in Mesh Networks
Authors:
Florian Kohnhäuser,
Niklas Büscher,
Sebastian Gabmeyer,
Stefan Katzenbeisser
Abstract:
Interconnected embedded devices are increasingly used invarious scenarios, including industrial control, building automation, or emergency communication. As these systems commonly process sensitive information or perform safety critical tasks, they become appealing targets for cyber attacks. A promising technique to remotely verify the safe and secure operation of networked embedded devices is rem…
▽ More
Interconnected embedded devices are increasingly used invarious scenarios, including industrial control, building automation, or emergency communication. As these systems commonly process sensitive information or perform safety critical tasks, they become appealing targets for cyber attacks. A promising technique to remotely verify the safe and secure operation of networked embedded devices is remote attestation. However, existing attestation protocols only protect against software attacks or show very limited scalability. In this paper, we present the first scalable attestation protocol for interconnected embedded devices that is resilient to physical attacks. Based on the assumption that physical attacks require an adversary to capture and disable devices for some time, our protocol identifies devices with compromised hardware and software. Compared to existing solutions, our protocol reduces ommunication complexity and runtimes by orders of magnitude, precisely identifies compromised devices, supports highly dynamic and partitioned network topologies, and is robust against failures. We show the security of our protocol and evaluate it in static as well as dynamic network topologies. Our results demonstrate that our protocol is highly efficient in well-connected networks and robust to network disruptions.
△ Less
Submitted 27 January, 2017;
originally announced January 2017.
-
General Impossibility of Group Homomorphic Encryption in the Quantum World
Authors:
Frederik Armknecht,
Tommaso Gagliardoni,
Stefan Katzenbeisser,
Andreas Peter
Abstract:
Group homomorphic encryption represents one of the most important building blocks in modern cryptography. It forms the basis of widely-used, more sophisticated primitives, such as CCA2-secure encryption or secure multiparty computation. Unfortunately, recent advances in quantum computation show that many of the existing schemes completely break down once quantum computers reach maturity (mainly du…
▽ More
Group homomorphic encryption represents one of the most important building blocks in modern cryptography. It forms the basis of widely-used, more sophisticated primitives, such as CCA2-secure encryption or secure multiparty computation. Unfortunately, recent advances in quantum computation show that many of the existing schemes completely break down once quantum computers reach maturity (mainly due to Shor's algorithm). This leads to the challenge of constructing quantum-resistant group homomorphic cryptosystems.
In this work, we prove the general impossibility of (abelian) group homomorphic encryption in the presence of quantum adversaries, when assuming the IND-CPA security notion as the minimal security requirement. To this end, we prove a new result on the probability of sampling generating sets of finite (sub-)groups if sampling is done with respect to an arbitrary, unknown distribution. Finally, we provide a sufficient condition on homomorphic encryption schemes for our quantum attack to work and discuss its satisfiability in non-group homomorphic cases. The impact of our results on recent fully homomorphic encryption schemes poses itself as an open question.
△ Less
Submitted 13 January, 2014; v1 submitted 10 January, 2014;
originally announced January 2014.
-
Hardware-based Security for Virtual Trusted Platform Modules
Authors:
Sami Alsouri,
Thomas Feller,
Sunil Malipatlolla,
Stefan Katzenbeisser
Abstract:
Virtual Trusted Platform modules (TPMs) were proposed as a software-based alternative to the hardware-based TPMs to allow the use of their cryptographic functionalities in scenarios where multiple TPMs are required in a single platform, such as in virtualized environments. However, virtualizing TPMs, especially virutalizing the Platform Configuration Registers (PCRs), strikes against one of the co…
▽ More
Virtual Trusted Platform modules (TPMs) were proposed as a software-based alternative to the hardware-based TPMs to allow the use of their cryptographic functionalities in scenarios where multiple TPMs are required in a single platform, such as in virtualized environments. However, virtualizing TPMs, especially virutalizing the Platform Configuration Registers (PCRs), strikes against one of the core principles of Trusted Computing, namely the need for a hardware-based root of trust. In this paper we show how strength of hardware-based security can be gained in virtual PCRs by binding them to their corresponding hardware PCRs. We propose two approaches for such a binding. For this purpose, the first variant uses binary hash trees, whereas the other variant uses incremental hashing. In addition, we present an FPGA-based implementation of both variants and evaluate their performance.
△ Less
Submitted 7 August, 2013;
originally announced August 2013.
-
Enforcing Semantic Integrity on Untrusted Clients in Networked Virtual Environments
Authors:
Uwe Hermann,
Stefan Katzenbeisser,
Christian Schallhart,
Helmut Veith
Abstract:
During the last years, large-scale simulations of realistic physical environments which support the interaction of multiple participants over the Internet have become increasingly available and economically significant, most notably in the computer gaming industry. Such systems, commonly called networked virtual environments (NVEs), are usually based on a client-server architecture where for per…
▽ More
During the last years, large-scale simulations of realistic physical environments which support the interaction of multiple participants over the Internet have become increasingly available and economically significant, most notably in the computer gaming industry. Such systems, commonly called networked virtual environments (NVEs), are usually based on a client-server architecture where for performance reasons and bandwidth restrictions, the simulation is partially deferred to the clients. This inevitable architectural choice renders the simulation vulnerable to attacks against the semantic integrity of the simulation: malicious clients may attempt to compromise the physical and logical laws governing the simulation, or to alter the causality of events a posteriori. In this paper, we initiate the systematic study of semantic integrity in NVEs from a security point of view. We argue that naive policies to enforce semantic integrity involve intolerable network load, and are therefore not practically feasible. We present a new semantic integrity protocol based on cryptographic primitives which enables the server system to audit the local computations of the clients on demand. Our approach facilitates low network and CPU load, incurs reasonable engineering overhead, and maximally decouples the auditing process from the soft real time constraints of the simulation.
△ Less
Submitted 29 March, 2005;
originally announced March 2005.