TU Berlin

SecT News

isti-logo

Inhalt

zur Navigation

Online Attack/Defense CTF competition: 5th of July 2019 / 9:00 - 19:00 UTC Hosted by ENOFLAG and SecT of TU Berlin

Come play the Attack/Defense CTF our students created as part of their course, a first of its kind at SecT and TU Berlin.

More details at https://enowars.com/

Registration at https://enowars.com/register.html

1 Student worker position available. Apply now!

If you are looking for a job in software security (fuzzing) check out the job description here.

Cyber Attacks and Defenses: Trends, Challenges, and Outlook: Talk by Chancellor's Professor Michael Franz from the University of California, Irvine (UCI)

Date: 26.6.2019
Time: 14:00-15:00
Location: Marchstraße 23, 10587 Berlin, Room: MAR 6.011

Abstract: A cyber attacker needs to find only one way in, while defenders need to guard a lot of ground. Adversaries can fully debug and perfect their attacks on their own computers, exactly replicating the environment that they will later be targeting. This is the situation today, which has been exacerbated by an increasing trend towards a software "monoculture" (in which there are only two major desktop operating systems and two major phone operating systems, one major office software suite, and so on).

One possible defense is software diversity, which raises the bar to attackers. A lot of academic and industrial research is currently investigating such software diversity, from simple ASLR (address space layout randomization) to more complex whole-program randomization. In the latter, a diversification engine automatically generates a large number of different versions of the same program, potentially one unique version for every computer. These all behave in exactly the same way from the perspective of the end-user, but they implement their functionality in subtly different ways. As a result, a specific attack will succeed on only a small fraction of targets and a large number of different attack vectors would be needed to take over a significant percentage of them. Because an attacker has no way of knowing a priori which specific attack will succeed on which specific target, this method also very significantly increases the cost of attacks directed at specific targets.

Unfortunately, attackers have now started assembling their attacks on the target itself, circumventing diversity. Hence, in the arms race between attackers and defenders, we are already at the point where yet another set of defenses is needed, before the previous one is even fully deployed across the software industry. 

My talk will present a time-line of attacks and defenses, clearly illustrating a "cat and mouse game" in which defenses are almost always reactive to attacks that have already happened. I will discuss my vision of how to get ahead of the attackers, and close by stating why, in spite of the bleak situation today, I am confident that we will eventually be able to stop most kinds of cyber attacks completely.

Bio: Michael Franz is a Chancellor's Professor at the University of California, Irvine (UCI) and the director of its Secure Systems and Software Laboratory. He is a Professor of Computer Science in UCI's Donald Bren School of Information and Computer Sciences and a Professor of Electrical Engineering and Computer Science (by courtesy) in UCI's Henry Samueli School of Engineering. He is a Fellow of the ACM, a Fellow of the IEEE, and a winner of the Humboldt Research Award.

Prof. Franz was an early pioneer in the areas of mobile code and dynamic compilation. He created an early just-in-time compilation system, contributed to the theory and practice of continuous compilation and optimization, and co-invented the trace compilation technology that eventually became the JavaScript engine in Mozilla’s Firefox browser. He has graduated 28 Ph.D. students as their primary advisor. Franz received a Dr. sc. techn. degree in Computer Science and a Dipl. Informatik-Ing. ETH degree, both from the Swiss Federal Institute of Technology, ETH Zurich.

You can find more information on Prof. Franz's research and activities on his website.

We look forward to seeing you.

Canceled: Software Security lecture

The Software Security lecture on the 21st of May is canceled.

Neue Einstein-Professur für Sicherheit in der Telekommunikation

Prof. Dr. Jean-Pierre Seifert is awarded the Einstein Professorship.

Registration for SecLab opens 22.3.2019 at 10:00 CET

*** UPDATE(3.4.2019): The SecLab in SS2019 is full. Further registration mails will be ignored ***

Dear all,

the registration for the Embedded Systems Security  (SecLab) will open on the 22.3.2019 at 10:00 CET.

Registration is per Email only:

 

Any Email regarding registration arriving before the 22.3.2019 at 10:00 will be discarded without any answer.

 

 

Two open positions at ITK Engineering GmbH

Freitag, 01. Februar 2019

Our CTF team ENOFLAG bagged 2nd place at the P.W.N. CTF last weekend

Lupe
Lupe

Am letzten Oktober-Wochenende 2018 nahm das Team ENOFLAG unter seinem Alias LEGOFAN am P.W.N. University CTF teil. Ein Dutzend Studenten trafen sich  zum Hacken in der Uni. Weitere Teammitglieder nahmen von zu Hause aus teil.  In einem Feld von 257 Teams konnte sich ENOFLAG am Ende einen hervorragenden 2. Platz sichern, wobei in allen Kategorien Aufgaben gelöst wurden. Herzlichen Glückwunsch.

On the last weekend in October 2018 the ENOFLAG team participated in the P.W.N. University CTF security competition using the alias LEGOFAN. About a dozen students met for hacking at the university, additional team members played from home. In the end they could reach an excellent 2nd place out of 257 teams and were able to solve challenges in all categories. Congratulations!

[0] ctftime.org/event/639

[1] uni.hctf.fun

PUFmeter- New software available on TrustHub.org for download

We are pleased to introduce PUFmeter that is a toolbox, useful to evaluate the security-related properties of real-world physical unclonable functions (PUFs). This new software package can be found under ``Software'' (http://trust-hub.org/software). 
 
A PUF is a "digital fingerprint" that serves as a unique identifier, most commonly for integrated circuits (ICs). Introduced in 2002, PUFs are now beginning to appear in commercial products (e.g., FPGAs from Xilinx, Altera, and Microsemi) as secure alternatives to battery-backed storage of secret keys. While there are some standard metrics for estimating PUF quality, the most common approach for measuring resistance to machine learning is still empirical.
 
PUFmeter consists of in-house developed algorithms, written in Matlab, and with no specific toolbox is required to use the package. These algorithms trace their roots back to machine learning theory, Boolean analysis, and property testing. Moreover, new metrics and notions (e.g., the average sensitivity) that are known and well studied in these fields are re-introduced by PUFmeter to the hardware security community. These metrics can be considered as a new interpretation of the commonly used metrics, helpful when we evaluate the security of PUFs against ML. Furthermore, PUFmeter contains modules that are helpful to evaluate the reliability of a PUF and further enhance it.
 
This software package includes not only a detailed document describing how PUFmeter works, but also a set of examples to conduct preliminary experiments and explanation of how their results should be interpreted. This package has been made publicly accessible with the hope to fill the gap between ML theory and hardware security as well as to provide a standard benchmarking tool by which to compare real-world PUFs.
Please do not hesitate to contact Fatemeh Ganji () if you have any question about PUFmeter. And please stay tuned for more updates coming up in the future. 

Courses offered by SecT have been updated. Have a look at the courses page.

Registration for SecLab opens 15.9.2018 at 00:00 CET

Dear all,

the registration for the Embedded Systems Security  (SecLab) will open on the 15.9 at 00:00 CET.

Registration is per Email only:

 

Any Email regarding registration arriving before the 15.9 at 00:00 will be discarded without any answer.

 

 

Change in Quantum Computing lecture time on 12.7.2018

Quantum Computing lecture on 12.7.2018 is from 12-13:30, not 12:15-13:45.

1 Student worker position available. Apply now!

If you are looking for a job in cloud network security, consider applying to our cloud network security position.

Last Software Security Lecture on 12.7.2018

The last software security lecture is on 12.7.2018, it will only cover exam preparation.

No Software Security on 5.7.2018

There is no software security lecture on 5.7.2018.

Quantum cancelled - 21.6.2018

Due to sickness the Quantum lecture is cancelled to today (21.6.2018)

ENOFLAG participates in the FaustCTF

Freitag, 01. Juni 2018

# Englisch

On the 1st of June at 1pm our student hacking team ENOFLAG will participate in the international security contest FaustCTF hosted by the Friedrich-Alexander University Erlangen-Nürnberg. In this contest, teams from all over the world try to defend their services and attack the opposing teams. A copy of the services is sent to all teams at the beginning at the beginning.

Everyone interested in computer security is warmly invited to join ENOFLAG and to experience a live hacking contest. ENOFLAG will meet in EN 461 (Einsteinufer 17) at 1pm. The contest ends around midnight, so latecomers are also welcome. Refreshments will be supplied.

Further information is available at
enoflag.de
2018.faustctf.net
ctftime.org


# Deutsch

Am 01.06.2018 um 13 Uhr fällt im EN 461 (Einsteinufer 17) der Startschuss für den internationalen Securitywettbewerb FAUST CTF, an dem die von unserem Fachgebiet betreute AG Rechnersicherheit teilnimmt. In diesem Wettbewerb treten internationale Teams aus der ganzen Welt in einem Wettbewerb auf Zeit gegeneinander an, um ihre Services zu verteidigen und mit dem Wissen andere Teams zu attackieren. Eine Kopie der Services wird zu Beginn vom Veranstalter an alle Teams ausgegeben.

Jede/r, der/die an Themen der Rechnersicherheit interessiert ist, ist herzlich eingeladen, dem Team der AG Rechnersicherheit über die Schulter zu blicken und es zu unterstützen. ENOFLAG trifft sich um 13:00 Uhr im EN 461 (Einsteinufer 17) und der Wettbewerb endet gegen Mitternacht. Für Erfrischungen wird gesorgt.

Weitere Informationen auch unter
enoflag.de
2018.faustctf.net
ctftime.org

Seclab has reached max. student capacity!

We cannot take any more students for the Seclab this semester as we have reached the max. student strength.

No introduction class this semester

There will be no introduction class this semester from SecT. Please register for/attend the respective courses you are interested in.

Neue Technologien Ringvorlesung im SoSe 2018

Montags, 12.15-13.45 Uhr, Marchstraße 23, Raum MAR 1.001
30. April
Prof. Dr. Karsten Neuhoff
Politiken für Low-Carbon Technologien bei Grundstoffen
14. Mai
Prof. Dr. Hans-Georg Schnauffer (GfWM) 
Wissensmanagement und Wissensvernetzung im Kontext von Digitalisierung und Industrie 4.0
28. Mai
Markus Graebig
Das Energiewende-Reallabor WindNODE: erste Ergebnisse
4. Juni
Prof. Dr. Petra Lucht
Beitragsvergrößerung des Schienengüterverkehrs zur Erreichung der Klimaziele
11. Juni
Prof. Dr.-Ing. Markus Hecht 
Beitragsvergrößerung des Schienengüterverkehrs zur Erreichung der Klimaziele
18. Juni
Prof. Dr.-Ing. Dirk Heinrichs
Autonomes Fahren findet Stadt: Szenarien und mögliche Wirkungen auf Verkehr und städtischen Raum 
25. Juni
Dr. Melanie Jaeger-Erben
Gibt es geplante Obsoleszenz? Möglichkeiten und Grenzen der Planung von Lebensdauern bei Elektronik
2. Juli
 Dr. Leon Hempel
Das Komplexität-Problem im Kontext der Technikfolgenabschätzung
9. Juli
Prof. Dr. Jean-Pierre Seifert 
Mobile and Smart Phone Security
16. Juli
Dr. Sören Müller 
Globalen Herausforderungen durch Materialwissenschaft und Umformtechnik begegnen

2 Student worker positions available. Apply now!

If you are looking for a job in security, consider applying to our mobile security position and cloud security position.

Best paper award at the Symposium on SDN Research 2018

Mittwoch, 28. März 2018

The paper titled "Taking Control of SDN-based Cloud Systems via the Data Plane" by Kashyap Thimmaraju, Bhargava Shastry, Dr.-Ing Tobias Fiebig, Felicitas Hetzelt, Prof. Dr. Jean-Pierre Seifert, Prof. Dr. Anja Feldmann and Prof. Dr. Stefan Schmid received the best paper award at the ACM Symposium on SDN Research (SOSR) 2018, the premier venue for SDN research.

The paper is a result of collaboration between the Security in Telecommunications and Internet Network Architecture Chair at TU Berlin. The paper discusses how an attacker can easily gain privileged and remote access to an entire SDN-based cloud system, thereby compromising the security of the cloud tenants and the cloud provider. The authors cast light on the insecurities of virtual networking that can be leveraged by an attacker in and SDN-based cloud. Virtual networking is a crucial requirement for cloud providers such as Amazon, Google, Microsoft and Detusche Telekom to isolate their tenants from each other. The attack was demonstrated using Open vSwitch and OpenStack, an open-source SDN-based cloud system. A preliminary version of the paper appeared in the ACM Cloud Computing Security Workshop 2017.

SecLab registration summer 2018.

The registration for the Security Lab is now open.

New student job opening: Android security

Freitag, 02. März 2018

We have a student job opening in the field of Android security. Ideal candidates will have some experience programming in Java, and writing simple web applications using SpringBoot. We are looking for a student who can start as soon as possible. The project duration is 6 months and permits up to 80 hours of work per month. If you are interested, please contact Bhargava Shastry.

Cryptography for Security: lecture on 1st of November is cancelled

Montag, 23. Oktober 2017

Cryptography for Security: The lecture on 1st of November is cancelled!

SecT introduction

Donnerstag, 14. September 2017

SecT introduction with information on all our courses in winter term 2017/2018 will be held on Monday 16th of October, 10am in TEL Audi 3

SecLab registration

Donnerstag, 14. September 2017

The registration for the Security Lab is now open. Update 2017-10-12: Unfortunately we can no longer accept new registrations; the course is full and we have a considerable number of students on the waiting list.

New student projects, theses and jobs on network virtualization and machine learning

Freitag, 01. September 2017

We are searching for students/researchers with experience in network virtualization (e.g., DPDK, SR-IOV and Open vSwitch), or machine learning and SDN (e.g., OpenFlow, NetConf). If you are interested please contact Kashyap Thimmaraju.

Three open positions at VMRay

Donnerstag, 31. August 2017

SGS8 biometric authentication hacked

Dienstag, 23. Mai 2017

SecT researcher Jan Krissler has broken the iris-based lock mechanism of the Samsung Galaxy S8! Read the full story here:

http://www.zeit.de/digital/datenschutz/2017-05/samsung-galaxy-s8-biometrie-auge-gehackt

Navigation

Direktzugang

Schnellnavigation zur Seite über Nummerneingabe