5. April 2017

CeBIT 2017: CISPA Exhibits 7 Selected Research Projects

CISPA presented a selection of their research projects at this year’s CeBIT. Due to the continuing growth of the Saarbruecken Center for IT-Security, the projects could be presented at their own stall.

Privacy in Smart Homes
Prof. Christoph Sorge and his team analyzed for example the information an adversary can deduce from tapping wireless building automation systems and the effectiveness of protection mechanisms concluding that current mechanisms in place do not at all suffice as protection. Metadata such as the type of the device or the amount of data exchanged allow for detailed conclusions on the absence or presence of the residents. Sorges research aims at developing solutions that enable privacy-preserving encrypted wireless communication of building automation systems, while still preserving a reasonable battery lifetime. Read the press release by Saarland University on this project.

AUTOGRAM and tribble – Massive Automated Security Testing

Prof. Andreas Zeller’s group developed two tools for security testing. Given a set of program runs with inputs our “AUTOGRAM” tool automatically produces a so-called “context-free grammar”. The result is very accurate and readable, facilitates understanding the input structure, and can be used by a computer to parse, decompose, and analyze other inputs, and, most importantly, serve as input for massive systematic security testing. Their “tribble” tool uses a grammar to automatically produce millions of random yet valid inputs to a software system, which makes it infinitely more powerful than any traditional fuzzing system. With both tools security testing becomes fully automatic. Read the press release on Prof. Zeller’s projects.

Adversarial Learning
This project is presented by Prof. Michael Backes, director of CISPA and head of the Information Security & Cryptography Group at Saarland University, and his team. Since Machine Learning relies on different aspects than human perception, small perturbations of the input may already lead to critical changes in computation. ML and Data Mining were not designed for a context in which an adversary tampers with the data. Due to their increased usage security aspects have become crucial. Backes’ ongoing research on adversarial learning for the android malware classifier shows that consequences can be serious: Adding carefully selected permissions to a malware application, the intelligent malware classifier suddenly classifies this App as benign. Their research aims at methods to detect and prevent such malignant perturbations, e.g. by training the machine learning algorithm itself to identify such perturbed inputs in the future.

Android Middleware Security Testing
Dr. Sven Bugiel’s project focuses on smart devices like smartphones or tablets. To protect private data on these devices, robust security and and privacy mechanisms are required that both perform correct access controls against malicious applications and prevent attacks from escalating their privileges on the device. Thorough security testing of the software stack’s code base is needed to ensure these properties. Classical testing techniques quickly reach their limits considering the high complexity and size of mobile software stacks. Thus, Bugiel presented the Android Middleware Fuzzer, an ongoing research project, to discover security-critical bugs using a unique approach through targeted graybox fuzz testing.

Genetic Privacy – Towards Health Data Privacy
Prof. Backes’s team around Pascal Berrang and Mathias Humbert demonstrate in their research that there are significant risks for the privacy of patients in epigenetics. They are developing technical solutions to reduce this risk when publishing epigenetic data for research purposes.
Read the press release by Saarland University on this project.

Early Warning System for DDoS Attacks Against Critical Infrastructure
Mass attacks on the Internet that aim at blocking a particular service called “Distributed Denial of Service (DDoS) Attack” are easy to implement and therefore widespread. Prof. Christian Rossow’s team has developed honeypots, systems especially prepared to be attacked to subsequently monitor the attacker’s actions, for distributed attacks. With their global sensor network, they have managed to document more than 1.5 million attacks, identify the different phases of these attacks to develop an early warning system, and also derive clues about the attackers’ identity using a special fingerprinting method.

vatiCAN – Vetted, Authenticated CAN Bus
Car manufacturers use a so-called CAN bus to facilitate communication between devices and units inside a car. However, this comes at a price: Once an attacker controls a device connected to the bus, he can pretend to be a different component and manipulate messages. Stefan Nürnberger and Prof. Rossow developed a system that enables components to trust both the source and contenct of messages on the CAN bus. The software called “vatiCAN” only enables real and honest senders to attach the required authentication codes to messages, allowing for a security check. Additional computations introduces by the software only slow down the communication by two milliseconds, acceptable even while active steering, when immediate actions are required.