Refine
Document Type
- Conference Proceeding (12)
- Report (3)
- Article (reviewed) (2)
- Book (1)
- Part of a Book (1)
- Article (unreviewed) (1)
Conference Type
- Konferenzartikel (12)
Has Fulltext
- no (20)
Is part of the Bibliography
- yes (20) (remove)
Keywords
- Bloom filters (2)
- Cloud Computing (2)
- Datensicherung (2)
- COVID-19 (1)
- Cloud computing (1)
- Corona (1)
- Datenmanagement (1)
- Dienstleistung (1)
- Informationstechnik (1)
- Informationsvermittlung (1)
Institute
Open Access
- Closed Access (11)
- Open Access (6)
- Diamond (1)
Remote code attestation protocols are an essential building block to offer a reasonable system security for wireless embedded devices. In the work at hand we investigate in detail the trustability of a purely software-based remote code attestation based inference mechanism over the wireless when e.g. running the prominent protocol derivate SoftWare-based ATTestation for Embedded Devices (SWATT). Besides the disclosure of pitfalls of such a protocol class we also point out good parameter choices which allow at least a meaningful plausibility check with a balanced false positive and false negative ratio.
Covert- and side-channels as well as techniques to establish them in cloud computing are in focus of research for quite some time. However, not many concrete mitigation methods have been developed and even less have been adapted and concretely implemented by cloud providers. Thus, we recently conceptually proposed C 3 -Sched a CPU scheduling based approach to mitigate L2 cache covert-channels. Instead of flushing the cache on every context switch, we schedule trusted virtual machines to create noise which prevents potential covert-channels. Additionally, our approach aims on preserving performance by utilizing existing instead of artificial workload while reducing covert-channel related cache flushes to cases where not enough noise has been achieved. In this work we evaluate cache covert-channel mitigation and performance impact of our integration of C 3 -Sched in the XEN credit scheduler. Moreover, we compare it to naive solutions and more competitive approaches.
UNIKOPS : Universell konfigurierbare Sicherheitslösung für Cyber-Physikalische heterogene Systeme
(2016)
Ziel von UNIKOPS (Universell konfigurierbare Sicherheitslösung für Cyberphysikalische heterogene Systeme) ist es, hochflexible Software- und teilweise auch Hardwarelösungen mit sehr hohem Sicherheitsniveau zu entwickeln, die in einer Vielzahl von CPS-Anwendungsfeldern, insbesondere mit Sensorknoten, einsetzbar sind.
The authors claim that location information of stationary ICT components can never be unclassified. They describe how swarm-mapping crowd sourcing is used by Apple and Google to worldwide harvest geo-location information on wireless access points and mobile telecommunication systems' base stations to build up gigantic databases with very exclusive access rights. After having highlighted the known technical facts, in the speculative part of this article, the authors argue how this may impact cyber deterrence strategies of states and alliances understanding the cyberspace as another domain of geostrategic relevance. The states and alliances spectrum of activities due to the potential existence of such databases may range from geopolitical negotiations by institutions understanding international affairs as their core business, mitigation approaches at a technical level, over means of cyber deterrence-by-retaliation.
We propose in this work to solve privacy preserving set relations performed by a third party in an outsourced configuration. We argue that solving the disjointness relation based on Bloom filters is a new contribution in particular by having another layer of privacy on the sets cardinality. We propose to compose the set relations in a slightly different way by applying a keyed hash function. Besides discussing the correctness of the set relations, we analyze how this impacts the privacy of the sets content as well as providing privacy on the sets cardinality. We are in particular interested in how having bits overlapping in the Bloom filters impacts the privacy level of our approach. Finally, we present our results with real-world parameters in two concrete scenarios.
While prospect of tracking mobile devices' users is widely discussed all over European countries to counteract COVID-19 propagation, we propose a Bloom filter based construction providing users' location privacy and preventing mass surveillance.
We apply a solution based on Bloom filters data structure that allows a third party, a government agency, to perform some privacy-preserving set relations on a mobile telco's access logfile.
By computing set relations, the government agency, given the knowledge of two identified persons, has an instrument that provides a (possible) infection chain from the initial to the final infected user no matter at which location on a worldwide scale they are.
The benefit of our approach is that intermediate possible infected users can be identified and subsequently contacted by the agency. With such approach, we state that solely identities of possible infected users will be revealed and location privacy of others will be preserved. To this extent, it meets General Data Protection Regulation (GDPR)requirements in this area.
Das Buch bietet eine fundierte Einführung in die Chronologie bekannter Angriffe und Verwundbarkeiten auf mobile Systeme und dessen konzeptionelle Einordnung der letzten zwei Dekaden. So erhält der Leser einen einmaligen Überblick über die Vielfältigkeit nachweisbar ausgenutzter Angriffsvektoren auf verschiedenste Komponenten mobiler drahtloser Geräte sowie den teilweise inhärent sicherheitskritischen Aktivitäten moderner mobiler OS. Eine für Laien wie Sicherheitsarchitekten gleichermaßen fesselnde Lektüre, die das Vertrauen in sichere mobile Systeme stark einschränken dürfte.
Der Inhalt
Verwundbarkeit von 802.15.4: PiP-Injektion
Verwundbarkeit von WLAN: KRACK-Angriff auf WPA2
Verwundbarkeit von Bluetooth: Blueborne und Co.
Verwundbarkeiten von NFC und durch NFC
Angriffe über das Baseband
Android Sicherheitsarchitektur
Horizontale Rechteausweitung
Techniken zu Obfuskierung und De-Obfuskierung von Apps
Apps mit erhöhten Sicherheitsbedarf: Banking Apps
Positionsbestimmung durch Swarm-Mapping
Seitenkanäle zur Überwindung des ‚Air-gap‘
Ausblick: 5G Sicherheitsarchitektur
Die Zielgruppen: Studierende der Informatik, Wirtschaftsinformatik, Elektrotechnik oder verwandter Studiengänge Praktiker, IT-Sicherheitsbeauftragte, Datenschutzbeauftragte, Entscheidungsträger, Nutzer drahtloser Geräte, die an einem ‚Blick unter die Motorhaube‘ interessiert sind.
In the work at hand, we combine a Private Information Retrieval (PIR) protocol with Somewhat Homomorphic Encryption (SHE) and use Searchable Encryption (SE) with the objective to provide security and confidentiality features for a third party cloud security audit. During the auditing process, a third party auditor will act on behalf of a cloud service user to validate the security requirements performed by a cloud service provider. Our concrete contribution consists of developing a PIR protocol which is proceeding directly on a log database of encrypted data and allowing to retrieve a sum or a product of multiple encrypted elements. Subsequently, we concretely apply our new form of PIR protocol to a cloud audit use case where searchable encryption is employed to allow additional confidentiality requirements to the privacy of the user. Exemplarily we are considering and evaluating an audit of client accesses to a controlled resource provided by a cloud service provider.