Course Information Summer Semester 2012

Dienstag, 10. April 2012

We updated the course information for this summer semester, see the Teaching overview webpage.

ISPEC 2012

Mittwoch, 11. April 2012

We will be attending the 8th International Conference on Information Security Practice and Experience (ISPEC 2012) in Hangzhou, China and present our paper 'Structure-Based RSA Fault Attacks'.

Fokusseminar "Elektronik-Hardware für hohe Datensicherheitsanforderungen" der HRSST

Mittwoch, 04. April 2012

This seminar is part of the doctoral program of the Helmholtz Research School on Security Technologies.

June 25, 2012

9.00am - 5.30pm

TEL 6 (T-Labs / Technische Universität Berlin, Ernst-Reuter-Platz 7, 10587 Berlin)

Program (PDF, 285,5 KB)

SecT organisiert den 7. Graduierten-Workshop SPRING in Berlin

Montag, 26. März 2012

© FG SIDAR, GI

Die GI-Fachgruppe SIDAR bietet im Juli wieder eine Veranstaltung für den wissenschaftlichen Nachwuchs im Bereich Reaktive Sicherheit an. Das Themenspektrum der Reaktiven Sicherheit beinhaltet:

• Verwundbarkeitsanalyse
• Intrusion Detection
• Malware
• Incident Management
• Forensik

Eckdaten der Veranstaltung:

SPRING - 7. SIDAR Graduierten-Workshop über Reaktive Sicherheit
5./6. Juli 2012, Berlin
http://www.gi-fg-sidar.de/spring/
mailto: spring{at}gi-fg-sidar.de
bis 4. Juni 2012: Einreichung von Beiträgen

Nähere Informationen zur Veranstaltung finden sich im Call for Abstracts [PDF|TXT].

Droidcon 2012

Mittwoch, 14. März 2012

Prof. Seifert held a Keynote Speech at Droidcon 2012 about "Designing Security-Aware Android Applications for the Enterprise".

CeBit 2012

Dienstag, 06. März 2012

We attend CeBit 2012. You can find us in hall 26 at stand G30 of the Telekom Innovation Laboratories: T-Labs@CeBit

Hotmobile 2012

Dienstag, 28. Februar 2012

Steffen Liebergeld will present his poster about the impact of mobile virtualization on the power usage of mobile devices at Hotmobile 2012 in San Diego. Matthias Lange shows a demo of the L4Android security framework on the Samsung Galaxy S2.

Talks at Nokia, Samsung and Huawei Research

Donnerstag, 23. Februar 2012

Prior to Hotmobile 2012 Matthias Lange and Steffen Liebergeld will give talks about the L4Android security framework at Nokia Research, Samsung Research and Huawei Research in the silicon valley.

Mobile World Congress

Freitag, 17. Februar 2012

Prof. Dr. Jean-Pierre Seifert will be attending Mobile World Congress 2012 at Barcelona, Spain. 

NDSS 2012

Donnerstag, 09. Februar 2012

We attended and presented our paper ' Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications ' at 19th Annual Network and Distributed System Security Symposium, (NDSS 2012), San Diego. [PDF (PDF, 815,0 KB)]

Talk announcement: Sebastian Schinzel (Uni Erlangen)

Montag, 30. Januar 2012

Date/Time:  1. February 2012 - 14:00-15:00

Location: TEL1118/19

Title: Practical Side Channel Attacks on the Web

Abstract:

Inspired by the discrimination of covert timing channels and covert storage channels, we extend the general area of side channels by distinguishing storage side channels from timing side channels. We give a general method by which storage side channels can be detected in web applications. As main example we show that in several existing web applications with user management it is possible to find out whether a certain high-privileged user account exists or not. This information is usually treated as confidential because knowledge of high-privileged user names eases password guessing and phishing attacks. In another example, we show that an online gallery leaks the amount of hidden pictures in a given album to unprivileged users. Furthermore, we show a new method to exploit those timing side channels that have the property that the timing differences can be influenced by the attacker. We model these special timing side channels as a possibilistic timing side channel. The method allows very efficient timing side channel attacks even over noisy networks such as the Internet. We show that our method can break the confidentiality of XML Encryption messages in in realistic environments.

PhD Thesis Defense

Mittwoch, 14. Dezember 2011

PhD thesis defense: Collin Mulliner, "On the impact of the Cellular Modem on the Security of Mobile Phones". 

Location: Auditorium 3, TEL 20     Time: 14:00 - 17:00

Talk announcement: Angelos Keromytis (Columbia University) - Time: Friday 16/12/2011, 10 - 11h, Room: Auditorium 3 (20th floor, TEL)

Montag, 05. Dezember 2011

Ttitle: REASSURE: a self-contained software hardening and self-healing mechanism

Abstract: Software errors are frequently responsible for the limited availability of services, loss of data, and many security compromises. Self-healing using rescue points (RPs) is a novel mechanism that can be used to recover software from unforeseen errors until a more permanent remedy, like a patch or update, is available. I will discuss REASSURE, a self-contained mechanism for recovering from such errors using RPs. Essentially, RPs are existing code locations that handle certain anticipated errors in the target application, usually by returning an error code. REASSURE enables the use of these locations to also handle unexpected faults. I will discuss our work on software self-healing mechanisms, including REASSURE and its predecessor (ASSURE), and our other ongoing work on software hardening.

Bio: Angelos D. Keromytis is an Associate Professor of Computer Science at Columbia University. His research interests are in the area of systems and network security, with a focus on software hardening and self-healing, artificial diversity, insider detection, and network denial of service protection. He is the author of more than 200 technical papers in conferences, journals and workshops, 10 issued patents, 7 Internet RFCs, a book on the use of graphics cards for cryptography and another on VoIP security. He has chaired or served on over 90 technical conference and workshop program committees. He has founded or co-founded 2 technology startups. He received his Ph.D. and M.Sc. from the University of Pennsylvania, and his B.Sc. from the University of Crete, in Greece.

NFC Privacy Paper with the Information & Privacy Commissioner Ontario, Canada

Dienstag, 29. November 2011

Mobile Near Field Communications (NFC) “Tap ‘n Go” – Keep it Secure and Private

This paper examines Near Field Communications (NFC) technologies and their growing deployment in mobile devices. Four consumer use cases illustrate NFC functionalities and benefits. Privacy and security risks are identified, and solutions are offered for NFC mobile device and application developers that are informed by the Privacy by Design Foundational Principles.

Paper

Keynote talk at C&ESAR

Dienstag, 29. November 2011

Prof. Jean-Pierre Seifert will be delivering a Keynote talk on 'Femtocell Security' at C&ESAR conference at Rennes, France on 30 Nov. 2011.

Workshop Digital Footprint in Mobile Environments

Montag, 28. November 2011

We are presenting on NFC Security at the Joint Research Center of the European Commission at Ispra, Italy. 28-29 November 2011

Archive

* 24/11/2011 Paper at NDSS'12

Our paper, titled "Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications" is accepted at NDSS'12.

* 24/11/2011 ETSI Security Workshop 2012

We will be attending 7th ETSI Security Workshop'12 to discuss 'security challenges for Femtocell communication architecture'.

* 24/11/2011 Vortrag: Sicherheit mobiler Anwendungen/IT

Prof. Seifert hielt heute seinen Vortrag "Sicherheit mobiler Anwendungen/IT" im Rahmen des ZUKUNFTSFORUM ÖFFENTLICHE SICHERHEIT XIV, "Unsicherheit in der digitalen Welt" im Deutschen Bundestag, Berlin

* 19/11/2011 Google Developer Day Berlin

We have a booth at the Google Developer Day in Berlin. We present the current status of the L4Android project including our demos running on the Galaxy S2 and the Odroid-A tablet.

* 10/11/2011 Talk announcement: Gabriela Gheorghes (University of Trento) - Time: Wednesday 23/11/2011, 10 - 11h, Room: Auditorium 3 (20th floor, TEL)

Title

"On seeing and believing that security mechanisms work"

Abstract
"Policy enforcement means how to make sure that software behaves in line with a set of rules, or policies. In a world that is mobile and service-based,  logical applications are  distributed across hosts that cannot be fully controlled and can be malicious. Enforcing distributed access control requirements is hence critical, but is also tough. How do you know that a part of your system has violated a policy? What do you do in the face of a violation? How do you know that your security mechanism is good enough that violations won't pass through? I think that building controls to enforce security constraints involves too much believing and too little seeing. I will present a security mechanism for  distributed access control that, as a middleware tool, can enforce distributed policies across application components. With today's underrated security assessment, I will also  discuss a method to automatically evaluate how well a security mechanism really works."

Bio
Gabriela Gheorghe has been working on policy enforcement in distributed systems. In the security scene, she started off in 2005 by working for an antivirus for Avira. In 2007, she received her MSc degree in Computer Science from "Politehnica" University of Bucharest, with a project on securing geospatial Web services, led at the Universitaet der Bundeswehr Muenchen. During her PhD, she was a visiting researcher in the Distrinet group of K.U. Leuven and an intern at BT's Security Futures Practice group. She will defend her PhD thesis at the University of Trento in December.

*21/10/2011 Talk at Präventionskongress der Berliner Polizei

We attended Präventionskongress der Berliner Polizei  at Berlin and Prof. Jean-Pierre Seifert gave a talk on 'Live Hacking – Methoden der Hacker im IT-Netz' under the Internetkriminalität und Prävention theme.

*17/10/2011: Poster presentation in Chicago

We will present our poster 'Towards Detecting DMA Malware' at the ACM CCS Poster and Demo session on Wednesday, October 19, 2011

*17/10/2011: Paper presentation in Chicago

We will present our paper 'L4Android: A Generic Operating System Framework for Secure Smartphones' at the ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices on Monday, October 17, 2011

*17/10/2011 Lecture "Foundations of Computer Security II"

This semester Prof. Jean-Pierre Seifert gives a lecture on the "Foundations of Computer Security II". It will take place in room TEL 1118/19 on Tuesdays, 08:00-10:00. The first meeting will take place on 25/10/201.

*11/10/2011 Talk at SKMM and HITB 2011 Kuala Lampur

Femtocell security team will be speaking at HITBSecConf 2011 Kuala Lampur on 13th October conference.hitb.org/hitbsecconf2011kul/ and invited at Malaysian Communications and Multimedia Commission (MCMC/SKMM) to attend network security workshop.

*10/10/2011: 6. Präventionskongress der Berliner Polizei am 20.10.11 zum Thema Internetkriminalität und Prävention

Auf dem 6. Präventionskongress der Berliner Polizei wird Prof. Seifert und sein Team einen Vortrag zum Thema Hackermethoden halten. Es wird eine Live-Demo präsentiert. Die Demo zeigt, wie Hacker Zugangsdaten für das Online-Banking sowie die mTAN erlangen können.

* 04/10/2011 Talk announcement: S. P. T. Krishnan (Institute for Infocomm Research, Singapore) - Time: Tuesday 11/10/2011, 16 - 18h, Room: TEL 1118/19

"Exploiting and Defending Smartphones on a larger-scale - an experience"

In this talk, I will share some of his research and development work done  in      the field of mobile exploitation and protecton. We have developed two major
toolchains STAMP (Security Testing Arsenal for Mobile Phones) and VEST (Vulnerability & Exploit Shield Trinity) for exposing platform vulnerabilities and shielding potential victims. Using our toolchain we have exposed vulnerabilities in multiple platforms - Symbian, iOS and recently Android. I will show a demo of our toolchains and also seek feedback from the audience.

Bio: S. P. T. Krishnan is a group leader and heads the mobile security group at Institute for Infocomm Research, Singapore.

*15/08/2011 Prof. Jean-Pierre Seifert will be delivering keynote talk at IFIP Summer School 2011 at University of Trento, Italy.

*12/08/2011 We will present our paper 'SMS-of-Death' at USENIX Security in San Francisco

*01/08/2011 We will be presenting our new results at Blackhat USA 11 talk on  'Femtocells: A poisonous needle in the operator's hay stack '.

*14/06/2011 Prof. Jean-Pierre Seifert will be giving a keynote talk on 'Access control (in theory) and modern Linux Phones' at ACM SACMAT.

*08/04/2011 We gave a talk on ' Femtocells: inexpensive devices to test UMTS/3G security' at HES 2011.

*30/03/2011 We attended Troopers 2011 security conference and presented our new results on femtocell security.

*29/03/2011 We attended ASMONIA workshop and gave a talk on Femtocell Security.

*09/03/2011 We are attending CanSecWest 2011 to give a talk on SMS security of Feature Phones.

*05/03/2011 We have released our L4Android project to the public as an open source project. L4Android runs Android on top of a L4-based microkernel. Check out our website l4android.org and follow us on twitter.

*01/03/2011 - 05/03/2011 We attended the Cebit 2011 in Hannover. Our booth was located in hall 9 booth B39 at the Berlin-Brandenburg booth.

*17/02/2011 We attended the Mobile World Congress in Barcelona to present two research projects

*27/12/2010 We are attending the 27th Chaos Communication Congress to give a talk on SMS security of Feature Phones.

*28/10/2010 We created an ISIS course for our lecture Hardware Security ([2010/2011 WiSe] Hardware Security). You can register for the course via: https://www.isis.tu-berlin.de/course/view.php?id=4116

*20/10/2010 The topics for the Computer Security Seminar as well as for the Computer Security Project are now online. Please come to the next Computer Security meeting (25th October, 10am room TEL 1118/19) to get your seminar/project topic. Your matriculation number (Matrikelnummer) is required. The meeting is a preparatory meeting, i.e., we will present the supervisors and topics.

*14/10/2010 We are attending NordSec 2010 and presenting a paper on Femtocell Security.

*14/10/2010 We are attendning Malware 2010 and presenting a paper on mobile botnets.

*14/10/2010 We attended ICIN 2010 conference and presented two papers on M2M Security [1] & on privacy leaks in mobile Internet access [2]. Collin Mulliner received "Best Paper" award for the paper on privacy leaks.

*9/10/2010 We attended ACM CCS 2010 and presented a poster and a demo.

* 21/06/2010 Ravishankar Borgaonkar and Kevin Redon gave a talk on 'Immature Femtocells' at EUSecWest 2010.

* 16/03/2010 Prof. Jean-Pierre Seifert will be attending WiSec 10.

* 12/3/2010 Collin Mulliner will be giving a talk on " Mobile Phone Security (Random tales from a mobile phone hacker) " at CanSecWest 2010.

* 3/3/2010 We attended CeBIT 2010 and demonstrated a poster on  "A secure and Reliable OS for Automotive Applications "

* 28/12/2009 Collin Mulliner gave a talk on " Fuzzing the Phone in your Phone " in 26th Chaos Communication Congress (26C3) Berlin, Germany.