Markus Gruber

Currently I am a post doc researcher in the field of VoIP security.

Contact

e-mail:
    markus.gruber@inso.tuwien.ac.at
Office Location:
    Wiedner Hauptstraße 76/2/2
    1040 Vienna
    Austria
Office Hours:
    Monday 04.30-05.30PM
    (ESSE Office Hours: please write an e-mail to check whether I will be there myself)
Office Hours during holidays:
    by appointment

Research Interests

PhD Thesis

Title: Design, Implementation and Evaluation of a Secure VoIP System Based on Theoretical and Empirical Analysis of Threats and Attacks (Abstract)

Teaching

Projects

Currently I am working on security of VoIP honeynets. The VoIP honeynet help us to identify already known VoIP attacks and new VoIP attacks.

FREAVO to enable secure and private VoIP calls.

Publications

BibTex

Markus Gruber, Dirk Hoffstadt, Adnan Aziz, Florian Fankhauser, Christian Schanes, Erwin Rathgeb and Thomas Grechenig. Global voip security threats – large scale validation based on independent honeynets. In IFIP networking conference (ifip networking), 2015 (pp. 1–9) (May 2015). [ DOI: 10.1109/IFIPNetworking.2015.7145329 ]
Voice over IP (VoIP) gains more and more attractiveness by large companies as well as private users. Therefore, the risk increases that VoIP systems get attacked by hackers. In order to effectively protect VoIP users from misuse, researchers use, e.g., honeynets to capture and analyze VoIP attacks occurring in the Internet. Global VoIP security threats are analyzed by studying several millions of real-world attacks collected in independent VoIP honeynet solutions with different capture mechanisms over a long period of time. Due to the validation of results from several honeynet designs we have achieved a unique, much broader view on large scale attacks. The results show similar attacker behavior, confirm previous assumptions about attacks and present new insights in large scale VoIP attacks, e.g., for toll fraud.

Keywords: Engines;IP networks;Internet;Monitoring;Protocols;Security;Servers;Communication system security;Internet telephony;Intrusion detection;Security

Clemens Hlauschek, Markus Gruber, Florian Fankhauser and Christian Schanes. Prying open pandoras box: KCI attacks against TLS. In 9th usenix workshop on offensive technologies (woot 15) (August 2015). Washington, D.C.: USENIX Association. [ Download: https://www.usenix.org/conference/woot15/workshop-program/presentation/hlauschek ]
Protection of Internet communication is becoming more common in many products, as the demand for privacy in an age of state-level adversaries and crime syndicates is steadily increasing. The industry standard for doing this is TLS. The TLS protocol supports a multitude of key agreement and authentication options which provide various different security guarantees. Recent attacks showed that this plethora of cryptographic options in TLS (including long forgotten government backdoors, which have been cunningly inserted via export restriction laws) is a Pandoras box, waiting to be pried open by heinous computer whizzes. Novel attacks lay hidden in plain sight. Parts of TLS are so old that their foul smell of rot cannot be easily distinguished from the flowery smell of “strong” cryptography and water-tight security mechanisms. With an arcane (but well-known among some theoretical cryptographers) tool, we put new cracks into Pandoras box, achieving a full break of TLS security. This time, the tool of choice is KCI, or Key Compromise Impersonation. The TLS protocol includes a class of key agreement and authenticationmethods that are vulnerable to KCI attacks: non-ephemeralDiffie-Hellman key exchange with fixed Diffie-Hellman client authentication – both on elliptic curve groups, as well as on classical integer groups modulo a prime. We show that TLS clients that support these weak handshakes pose serious security concerns in modern systems, opening the supposedly securely encrypted communication to full-blown Man-in-the-Middle (MitM) attacks. This paper discusses and analyzes KCI attacks in regard to the TLS protocol. We present an evaluation of the TLS software landscape regarding this threat, including a successful MitM attack against the Safari Web Browser on Mac OS X. We conclude that the insecure TLS options that enable KCI attacks should be immediately disabled in TLS clients and removed from future versions and implementations of the protocol: their utility is extremely limited, their raison d’etre is practically nil, and the existence of these insecure key agreement options only adds to the arsenal of attack vectors against cryptographically secured communication on the Internet.

Michael Schafferer, Markus Gruber and Thomas Grechenig. Implementing privacy sensitive governmental systems based on the concept of the austrian data retention exchange service. In EChallenges e-2014, 2014 conference (pp. 1–10) (October 2014).
With April 1st, 2012 the implementation of Directive 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services, or of public communications networks came into effect in Austria. With this implementation, not only the obligations of the providers of telecommunications services are controlled with respect to the retention of communications data, but also the powers of the security and law enforcement authorities with respect to request both retention data as well as traditional connection data (e.g., security police in the course of fulfilment of affairs). To make the retrieval of such data as transparent as possible, legally secure and traceable, all requests (with only few exceptions) must be carried out only via the so-called DLS, a central exchange service. This allows preventing unauthorized or hidden inquiries practically and not just legally. Both requests and replies must be transmitted only over HTTPS connections to the DLS and must further be secured using end-2-end encryption, enforcing a blind central service.

Keywords: data privacy;government data processing;information retrieval;Austrian data retention exchange service;HTTPS connections;blind central service;data retrieval;electronic communications services;law enforcement authorities;privacy sensitive governmental systems;public communications networks;retention data;security enforcement authorities;security police;telecommunications services;Authorization;Data privacy;Data transfer;Portals;Privacy;Telecommunication standards

Markus Gruber, Martin Maier, Michael Schafferer, Christian Schanes and Thomas Grechenig. Concept and Design of a Transparent Security Layer to Enable Anonymous VoIP Calls. In Proceedings of the international conference on advanced networking, distributed systems and applications (inds) (June 2014).
Voice over IP (VoIP) has gained widespread acceptance and is used for many business communications already. However, voice calls in traditional phone services, as well as in VoIP systems, have some security flaws and therefore can be easily intercepted, which can cause high damage by, e.g., industrial espionage. To establish secure and private phone calls, additional non-invasive measures are required to protect the signaling and voice channel between the parties for existing and well known VoIP applications. We propose an approach for secure and privacy sensitive VoIP communication by introducing an additional security layer. The introduced security layer can be applied to known VoIP solutions on different channels (e.g., soft phones or mobile phones) and is independent from the deployed VoIP implementation in order to improve security and privacy of VoIP calls for company systems.

Keywords: Security, Internet telephony, Communication system security

Michael Schafferer, Markus Gruber, Christian Schanes and Thomas Grechenig. Data Retention Services with Soft Privacy Impacts: Concept and Implementation. In Proceedings of the international conference on software engineering and service science (icsess) (June 2014).
Data retention is a controversial instrument of governments and their agencies with the background of fighting terrorism and crime. In 2006 the European Union (EU) passed the directive 2006/24/EC, which is about the retention of data generated or processed in connection with the provision of publicly available electronic communications services, or of public communications networks. Based on the Austrian approach, this paper shows how it is possible for governments to implement a data retention system supporting authorities while taking into account a best possible protection of their citizens’ personal data and privacy. The authors implemented a proof-of-concept using a centrally managed service to exchange necessary retention data between corresponding authorities and provider. The concept is based on strong cryptographic algorithms ensuring end-to-end encryption while enabling central monitoring and administration. Therefore it is in conformity with the directive, as well as Austrian law, and enforces a core aspect to guarantee citizens privacy.

Keywords: Data retention, Law enforcement, Privacy, National security, Cryptography

Bernhard Isemann, Markus Gruber, Janki Grünberger, Christian Schanes and Thomas Grechenig. Chaotic ad-hoc data network – a bike based system for city networks. In The 2014 ieee fifth international conference on communications and electronics (icce) (July 2014).
Cities are facing an increasing number of bicycles being used by urban citizen and the need of monitoring and managing this type of traffic becomes part of municipality and city administration. Bicycles shall be able to communicate between each other, exchange data with information service providers in the city and broadcast alarm and emergency messages. In this work we describe a wireless sensor network infrastructure approach designed especially for data messaging for bicycles, being independent of existing networks of telecommunication operators. The proposed communication network is assumed to be a decentralized, chaotic ad-hoc network established by a transceiver mounted on each bicycle. With this approach important information from bicycles moving around in the city can be gathered without depending on 3rd party network infrastructures. This network can build the basis for further applications for bicycles like optimized traffic management.

Keywords: Radio transceivers;ad-hoc networks;asynchronous transfer mode;bicycles;wireless sensor networks

Markus Gruber, Christian Schanes, Florian Fankhauser, Martin Moutran and Thomas Grechenig. Architecture for trapping toll fraud attacks using a voip honeynet approach. In Proceedings of the 7th international conference on network and system security (nss) (June 2013).
Voice over IP systems are more and more replacing Public Switched Telephone Network infrastructures. The number of voice telephony installations and the number of Session Initiation Protocol users is constantly increasing. Attacks against Voice over IP systems are becoming more imaginative and many attacks can cause financial damage, e.g., attackers gain money or create costs for the victim. Therefore, the dependency on available and secure Voice over IP systems to conduct secure business is given. We provide an environment to uncover real-world toll fraud attacks by collecting data using a Voice over IP honeynet solution.

Keywords: Communication System Security, Honeynet, Fraud

Markus Gruber, Christian Schanes, Florian Fankhauser and Thomas Grechenig. Voice calls for free: How the black market establishes free phone calls – trapped and uncovered by a voip honeynet. In Proceedings of the international conference on privacy, security and trust (pst) (July 2013).
The complexity of IT systems and the criticality of robust IT systems is constantly increasing. Testing a system requires consideration of different protocols and interfaces, which makes testing hard and expensive. Test automation is required to improve the quality of systems without cost explosion. Many standards like HTML and FTP are semiformally defined in RFCs, which makes a generic algorithm for test data generation based on RFC relevant. The proposed approach makes it possible to automatically generate test data for protocols defined as ABNF in RFCs for robustness tests. The introduced approach was shown in practice by generating SIP messages based on the RFC specification of SIP. This approach shows the possibility to generate data for any RFC that uses ABNF, and provides a solid foundation for further empirical evaluation and extension for software testing purposes.

Keywords: Security, Internet telephony, Intrusion detection, Communication system security

Markus Gruber, Phillip Wieser, Stefan Nachtnebel, Christian Schanes and Thomas Grechenig. Extraction of abnf rules from rfcs to enable automated test data generation. In Proceedings of the 28th ifip tc-11 sec 2013 international information security and privacy conference (sec) (July 2013).
The complexity of IT systems and the criticality of robust IT systems is constantly increasing. Testing a system requires consideration of different protocols and interfaces, which makes testing hard and expensive. Test automation is required to improve the quality of systems without cost explosion. Many standards like HTML and FTP are semiformally defined in RFCs, which makes a generic algorithm for test data generation based on RFC relevant. The proposed approach makes it possible to automatically generate test data for protocols defined as ABNF in RFCs for robustness tests. The introduced approach was shown in practice by generating SIP messages based on the RFC specification of SIP. This approach shows the possibility to generate data for any RFC that uses ABNF, and provides a solid foundation for further empirical evaluation and extension for software testing purposes.

Keywords: Security, Test Data Generation, Software Testing

Markus Gruber, Florian Fankhauser, Stefan Taber, Christian Schanes and Thomas Grechenig. Security status of voip based on the observation of real-world attacks on a honeynet. In The third ieee international conference on information privacy, security, risk and trust (passat) (October 2011a).
VoIP (Voice over IP) systems more and more replacing PSTN (Public Switched Telephone Network) infrastructures what increases dependency of available and secure VoIP systems for successful business. Attacks against VoIP systems are becoming more imaginative and many attacks can cause damage, e.g., gain money for attackers or create costs for the victim. Therefore, in this paper the current security status of VoIP systems are described with observations of VoIP attacks in a honeynet. The achieved results can help to adapt existing prevention system to avoid the recognized and analyzed attacks in a productive environment.

Keywords: Security, Internet telephony, Intrusion detection, Communication system security

Markus Gruber, Florian Fankhauser, Stefan Taber, Christian Schanes and Thomas Grechenig. Trapping and analyzing malicious voip traffic using a honeynet approach. In The 6th international conference on internet technology and secured transactions (icitst) (December 2011b).
Since several years the number of VoIP (Voice over IP) infrastructures increases and, consequently, the number of VoIP users increases too. Under these circumstances VoIP systems get more and more attractive for attackers, since the probability of successful attacks increases and attackers gain benefits, e.g., money with fee-based telephone numbers. Therefore, this paper describes a solution to capture, monitor and report VoIP attacks to gain more knowledge on current and new VoIP attacks.

Keywords: Security, Internet telephony, Intrusion detection, Communication system security

Back to Top