The BibTex entries for our publications are available as well.
Qian Guo, Clemens Hlauschek, Thomas Johansson, Norman Lahr, Alexander Nilsson and Robin Leander Schröder. Don’t reject this: Key-recovery timing attacks due to rejection-sampling in HQC and BIKE. In Transactions on cryptographic hardware and embedded systems 2022 issue 3 (2022). [ Download: https://eprint.iacr.org/2021/1485 ]
Daniel Marth, Clemens Hlauschek, Christian Schanes and Thomas Grechenig. Abusing trust: Mobile kernel subversion via trustzone rootkits. In 16th ieee workshop on offensive technologies (2022). [ Download: https://github.com/establishingsecurity/trustzone-rootkit ]
The Arm TrustZone is the de facto standard for hardware-backed Trusted Execution Environments (TEEs) on mobile devices, providing isolation for secure computations to be shielded from the normal world, and thus from the rest of the system. Most real-world TEEs are proprietary, difficult- to-inspect, and notoriously insecure: In the past years, it has been demonstrated over and over again that TEEs of millions of devices worldwide, and the Trusted Applications (TAs) they harbor, are often vulnerable to attacks such as control flow hijacking. Not only do we have to trust these TEEs to provide a secure environment for TAs such as keystore and Digital Rights Management (DRM), code running in the secure world provided by the Arm TrustZone also has full access to the memory of the regular operating system (OS). Since Thomas Roth first proposed a TrustZone-based rootkit in 2013, progress regarding such rootkits seems to have stalled in the offensive research community. The biggest challenge for TrustZone rootkits is that no interpretation of normal world memory is available in the secure world. Automated reverse engineering of kernel data structures at runtime is one way to implement rootkit functions. We present mechanisms to engineer the interpretation of Linux kernel memory for malicious subversion and the circumvention of basic protection mechanisms from the secure world. We provide a fully working proof-of-concept rootkit located in the Arm TrustZone to demonstrate the proposed mechanisms. We evaluate and show compatibility of the rootkit across different versions of the Linux kernel despite changing data structures. Our results highlight the feasibility of TrustZone rootkits that potentially survive kernel updates and raise awareness about the real danger of having to put trust into unvetted proprietary vendor code, which, as we show, can easily be abused.
Clemens Hlauschek, Norman Lahr and Robin Leander Schröder. On the timing leakage of the deterministic re-encryption in HQC KEM (2021). [ Download: https://eprint.iacr.org/2021/1485/20211115:124514 ]
Well before large-scale quantum computers will be available, traditional cryptosystems must be transitioned to post-quantum secure schemes. The NIST PQC competition aims to standardize suitable cryptographic schemes. Candidates are evaluated not only on their formal security strengths, but are also judged based on the security of the optimized implementation, for example, with regard to resistance against side-channel attacks.HQC is a promising code-based key encapsulation scheme and selected as an alternate candidate in the third round of the competition, which puts it on track for getting standardized separately to the finalists, in a fourth round.Despite having already received heavy scrutiny with regard to side channel attacks, in this paper, we show a novel timing vulnerability in the optimized implementations of HQC, leading to a full secret key recovery. The attack is both practical, requiring only approx. 866,000 idealized decapsulation timing oracle queries in the 128-bit security setting, and structurally different from previously identified attacks on HQC: Previously, exploitable side-channel leakages have been identified in the BCH decoder of a previously submitted version, in the ciphertext check as well as in the PRF of the Fujisaki-Okamoto (FO) transformation employed by several NIST PQC KEM candidates. In contrast, our attack uses the fact that the rejection sampling routine invoked during the deterministic re-encryption of the KEM decapsulation leaks secret-dependent timing information. These timing leaks can be efficiently exploited to recover the secret key when HQC is instantiated with the (now constant-time) BCH decoder, as well as with the RMRS decoder of the current submission. Besides a detailed analysis of the new attack, we discuss possible countermeasures and their limits.
Markus Gruber, Dirk Hoffstadt, Adnan Aziz, Florian Fankhauser, Christian Schanes, Erwin Rathgeb and Thomas Grechenig. Global voip security threats – large scale validation based on independent honeynets. In IFIP networking conference (ifip networking), 2015 (pp. 1–9) (May 2015). [ DOI: 10.1109/IFIPNetworking.2015.7145329 ]
Voice over IP (VoIP) gains more and more attractiveness by large companies as well as private users. Therefore, the risk increases that VoIP systems get attacked by hackers. In order to effectively protect VoIP users from misuse, researchers use, e.g., honeynets to capture and analyze VoIP attacks occurring in the Internet. Global VoIP security threats are analyzed by studying several millions of real-world attacks collected in independent VoIP honeynet solutions with different capture mechanisms over a long period of time. Due to the validation of results from several honeynet designs we have achieved a unique, much broader view on large scale attacks. The results show similar attacker behavior, confirm previous assumptions about attacks and present new insights in large scale VoIP attacks, e.g., for toll fraud.
Keywords: Engines;IP networks;Internet;Monitoring;Protocols;Security;Servers;Communication system security;Internet telephony;Intrusion detection;Security
Christof Kier, Gerald Madlmayr, Alexander Nawratil, Michael Schafferer, Christian Schanes and Thomas Grechenig. Mobile payment fraud: A practical view on the technical architecture and starting points for forensic analysis of new attack scenarios. In IT security incident management it forensics (imf), 2015 ninth international conference on (pp. 68–76) (May 2015). [ DOI: 10.1109/IMF.2015.14 ]
As payment cards and mobile devices are equipped with Near Field Communication (NFC) technology, electronic paymenttransactions at physical Point of Sale (POS) environments are changing. Payment transactions do not require the customerto insert their card into a slot of the payment terminal. The customer is able to simply swipe the payment card or mobilephone in front of a dedicated zone of the terminal to initiate a payment transaction. Secure Elements (SEs) in mobile phonesand payment cards with NFC should keep sensitive application data in a save place to protect it from abuse by attackers.Although hardware and the operating system of such a chip has to go through an intensive process of security testing, thecurrent integration of such a chip in mobile phones easily allows attackers to access the information stored. In the followingpaper we present the implementation of two different proof-of-concept attacks. Out of the analysis of the attack scenarios, wepropose various starting points for the forensic analysis in order to detect such fraudulent transactions. The presented conceptshould lead to fewer fraudulent transactions as well as protected evidence in case of fraud.
Keywords: Credit cards;Google;ISO Standards;Relays;Security;Smart phones;EMV Payment;Mobile Payment;NFC Transaction;Payment Fraud
Andreas Mauczka, Florian Brosch, Christian Schanes and Thomas Grechenig. Dataset of developer-labeled commit messages. In Mining software repositories (msr), 2015 ieee/acm 12th working conference on (pp. 490–493) (May 2015). [ DOI: 10.1109/MSR.2015.71 ]
Current research on change classification centers around automated and semi-automated approaches which are based on evaluation by either the researchers themselves or external experts. In most cases, the persons evaluating the effectiveness of the classification schemes are not the authors of the original changes and therefore can only make assumptions about the intent of the changes. To support validation of existing labeling mechanisms and to provide a training set for future approaches, we present a survey of source code changes that were labeled by their original authors. Seven developers from six different project applied three existing classification schemes from current literature to enrich their own changes with meta-information, so the intent of the changes becomes more evident. The final data set consists of 967 classified changes and is available as an SQLite database as part of the MSR data set.
Keywords: Data mining;Data models;Databases;Labeling;Maintenance engineering;Usability
Clemens Hlauschek, Markus Gruber, Florian Fankhauser and Christian Schanes. Prying open pandoras box: KCI attacks against TLS. In 9th usenix workshop on offensive technologies (woot 15) (August 2015). Washington, D.C.: USENIX Association. [ Download: https://www.usenix.org/conference/woot15/workshop-program/presentation/hlauschek ]
Protection of Internet communication is becoming more common in many products, as the demand for privacy in an age of state-level adversaries and crime syndicates is steadily increasing. The industry standard for doing this is TLS. The TLS protocol supports a multitude of key agreement and authentication options which provide various different security guarantees. Recent attacks showed that this plethora of cryptographic options in TLS (including long forgotten government backdoors, which have been cunningly inserted via export restriction laws) is a Pandoras box, waiting to be pried open by heinous computer whizzes. Novel attacks lay hidden in plain sight. Parts of TLS are so old that their foul smell of rot cannot be easily distinguished from the flowery smell of “strong” cryptography and water-tight security mechanisms. With an arcane (but well-known among some theoretical cryptographers) tool, we put new cracks into Pandoras box, achieving a full break of TLS security. This time, the tool of choice is KCI, or Key Compromise Impersonation. The TLS protocol includes a class of key agreement and authenticationmethods that are vulnerable to KCI attacks: non-ephemeralDiffie-Hellman key exchange with fixed Diffie-Hellman client authentication – both on elliptic curve groups, as well as on classical integer groups modulo a prime. We show that TLS clients that support these weak handshakes pose serious security concerns in modern systems, opening the supposedly securely encrypted communication to full-blown Man-in-the-Middle (MitM) attacks. This paper discusses and analyzes KCI attacks in regard to the TLS protocol. We present an evaluation of the TLS software landscape regarding this threat, including a successful MitM attack against the Safari Web Browser on Mac OS X. We conclude that the insecure TLS options that enable KCI attacks should be immediately disabled in TLS clients and removed from future versions and implementations of the protocol: their utility is extremely limited, their raison d’etre is practically nil, and the existence of these insecure key agreement options only adds to the arsenal of attack vectors against cryptographically secured communication on the Internet.
Michael Schafferer, Markus Gruber and Thomas Grechenig. Implementing privacy sensitive governmental systems based on the concept of the austrian data retention exchange service. In EChallenges e-2014, 2014 conference (pp. 1–10) (October 2014).
With April 1st, 2012 the implementation of Directive 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services, or of public communications networks came into effect in Austria. With this implementation, not only the obligations of the providers of telecommunications services are controlled with respect to the retention of communications data, but also the powers of the security and law enforcement authorities with respect to request both retention data as well as traditional connection data (e.g., security police in the course of fulfilment of affairs). To make the retrieval of such data as transparent as possible, legally secure and traceable, all requests (with only few exceptions) must be carried out only via the so-called DLS, a central exchange service. This allows preventing unauthorized or hidden inquiries practically and not just legally. Both requests and replies must be transmitted only over HTTPS connections to the DLS and must further be secured using end-2-end encryption, enforcing a blind central service.
Keywords: data privacy;government data processing;information retrieval;Austrian data retention exchange service;HTTPS connections;blind central service;data retrieval;electronic communications services;law enforcement authorities;privacy sensitive governmental systems;public communications networks;retention data;security enforcement authorities;security police;telecommunications services;Authorization;Data privacy;Data transfer;Portals;Privacy;Telecommunication standards
Markus Gruber, Martin Maier, Michael Schafferer, Christian Schanes and Thomas Grechenig. Concept and Design of a Transparent Security Layer to Enable Anonymous VoIP Calls. In Proceedings of the international conference on advanced networking, distributed systems and applications (inds) (June 2014).
Voice over IP (VoIP) has gained widespread acceptance and is used for many business communications already. However, voice calls in traditional phone services, as well as in VoIP systems, have some security flaws and therefore can be easily intercepted, which can cause high damage by, e.g., industrial espionage. To establish secure and private phone calls, additional non-invasive measures are required to protect the signaling and voice channel between the parties for existing and well known VoIP applications. We propose an approach for secure and privacy sensitive VoIP communication by introducing an additional security layer. The introduced security layer can be applied to known VoIP solutions on different channels (e.g., soft phones or mobile phones) and is independent from the deployed VoIP implementation in order to improve security and privacy of VoIP calls for company systems.
Keywords: Security, Internet telephony, Communication system security
Michael Schafferer, Markus Gruber, Christian Schanes and Thomas Grechenig. Data Retention Services with Soft Privacy Impacts: Concept and Implementation. In Proceedings of the international conference on software engineering and service science (icsess) (June 2014).
Data retention is a controversial instrument of governments and their agencies with the background of fighting terrorism and crime. In 2006 the European Union (EU) passed the directive 2006/24/EC, which is about the retention of data generated or processed in connection with the provision of publicly available electronic communications services, or of public communications networks. Based on the Austrian approach, this paper shows how it is possible for governments to implement a data retention system supporting authorities while taking into account a best possible protection of their citizens’ personal data and privacy. The authors implemented a proof-of-concept using a centrally managed service to exchange necessary retention data between corresponding authorities and provider. The concept is based on strong cryptographic algorithms ensuring end-to-end encryption while enabling central monitoring and administration. Therefore it is in conformity with the directive, as well as Austrian law, and enforces a core aspect to guarantee citizens privacy.
Keywords: Data retention, Law enforcement, Privacy, National security, Cryptography
Bernhard Isemann, Markus Gruber, Janki Grünberger, Christian Schanes and Thomas Grechenig. Chaotic ad-hoc data network – a bike based system for city networks. In The 2014 ieee fifth international conference on communications and electronics (icce) (July 2014).
Cities are facing an increasing number of bicycles being used by urban citizen and the need of monitoring and managing this type of traffic becomes part of municipality and city administration. Bicycles shall be able to communicate between each other, exchange data with information service providers in the city and broadcast alarm and emergency messages. In this work we describe a wireless sensor network infrastructure approach designed especially for data messaging for bicycles, being independent of existing networks of telecommunication operators. The proposed communication network is assumed to be a decentralized, chaotic ad-hoc network established by a transceiver mounted on each bicycle. With this approach important information from bicycles moving around in the city can be gathered without depending on 3rd party network infrastructures. This network can build the basis for further applications for bicycles like optimized traffic management.
Keywords: Radio transceivers;ad-hoc networks;asynchronous transfer mode;bicycles;wireless sensor networks
Markus Gruber, Christian Schanes, Florian Fankhauser, Martin Moutran and Thomas Grechenig. Architecture for trapping toll fraud attacks using a voip honeynet approach. In Proceedings of the 7th international conference on network and system security (nss) (June 2013).
Voice over IP systems are more and more replacing Public Switched Telephone Network infrastructures. The number of voice telephony installations and the number of Session Initiation Protocol users is constantly increasing. Attacks against Voice over IP systems are becoming more imaginative and many attacks can cause financial damage, e.g., attackers gain money or create costs for the victim. Therefore, the dependency on available and secure Voice over IP systems to conduct secure business is given. We provide an environment to uncover real-world toll fraud attacks by collecting data using a Voice over IP honeynet solution.
Keywords: Communication System Security, Honeynet, Fraud
Markus Gruber, Christian Schanes, Florian Fankhauser and Thomas Grechenig. Voice calls for free: How the black market establishes free phone calls – trapped and uncovered by a voip honeynet. In Proceedings of the international conference on privacy, security and trust (pst) (July 2013).
The complexity of IT systems and the criticality of robust IT systems is constantly increasing. Testing a system requires consideration of different protocols and interfaces, which makes testing hard and expensive. Test automation is required to improve the quality of systems without cost explosion. Many standards like HTML and FTP are semiformally defined in RFCs, which makes a generic algorithm for test data generation based on RFC relevant. The proposed approach makes it possible to automatically generate test data for protocols defined as ABNF in RFCs for robustness tests. The introduced approach was shown in practice by generating SIP messages based on the RFC specification of SIP. This approach shows the possibility to generate data for any RFC that uses ABNF, and provides a solid foundation for further empirical evaluation and extension for software testing purposes.
Keywords: Security, Internet telephony, Intrusion detection, Communication system security
Markus Gruber, Phillip Wieser, Stefan Nachtnebel, Christian Schanes and Thomas Grechenig. Extraction of abnf rules from rfcs to enable automated test data generation. In Proceedings of the 28th ifip tc-11 sec 2013 international information security and privacy conference (sec) (July 2013).
The complexity of IT systems and the criticality of robust IT systems is constantly increasing. Testing a system requires consideration of different protocols and interfaces, which makes testing hard and expensive. Test automation is required to improve the quality of systems without cost explosion. Many standards like HTML and FTP are semiformally defined in RFCs, which makes a generic algorithm for test data generation based on RFC relevant. The proposed approach makes it possible to automatically generate test data for protocols defined as ABNF in RFCs for robustness tests. The introduced approach was shown in practice by generating SIP messages based on the RFC specification of SIP. This approach shows the possibility to generate data for any RFC that uses ABNF, and provides a solid foundation for further empirical evaluation and extension for software testing purposes.
Keywords: Security, Test Data Generation, Software Testing
Clemens Hlauschek, John Black, Giovanni Vigna and Christopher Kruegel. Limited-linkable group signatures with distributed-trust traceability (2012). Vienna University of Technology. [ DOI: http://dx.doi.org/10.13140/RG.2.1.1414.3121 ]
Groupsignatures allow a group member to sign anonymously on behalf of a group. In the dynamic case, a group manager can add and revoke group members. An opening manager can revoke the anonymity of a signature and trace it back to the original group member. We introduce limited-linkable group signatures: two signatures on identical messages by the same group member can be efficiently linked. Furthermore, we show how to distribute the opening manager, so that no trusted third party is required to guarantee anonymity. Our system generates short and efficient signatures, and is provably secure in the random oracle model.
Andreas Mauczka, Markus Huber, Christian Schanes, Wolfgang Schramm, Mario Bernhart and Thomas Grechenig. Tracing your maintenance work - a cross-project validation of an automated classification dictionary for commit messages. In J. de Lara & A. Zisman (Eds.), Fundamental approaches to software engineering, Lecture notes in computer science (Vol. 7212, pp. 301–315) (2012). Springer Berlin / Heidelberg.
A commit message is a description of a change in a Version Control System (VCS). Besides the actual description of the change, it can also serve as an indicator for the purpose of the change, e.g. a change to refactor code might be accompanied by a commit message in the form of “Refactored class XY to improve readability”. We would label the change in our example a perfective change, according to maintenance literature. This simplified example shows how it is possible to classify a change by its commit message. However, commit messages are unstructured, textual data and efforts to automatically label changes into categories like perfective have only been applied to a small set of projects within the same company or the same community. In this work, we present a cross-project evaluated and valid mapping of changes to the code base and their purpose that is usable without any customization on any open-source project. We provide further the Eclipse Plug-In Subcat which allows for a comfortable analysis of projects from within Eclipse. By using Subcat, we are able to automatically assess if a commit to the code was e.g. a bug fix or a refactoring. This information is very useful for e.g. developer profiling or locating bad smells in modules.
Christian Schanes, Stefan Taber, Karin Popp, Florian Fankhauser and Thomas Grechenig. Security test approach for automated detection of vulnerabilities of sip-based voip softphones. International Journal On Advances in Security, 4, 95–105 (September 2011). IEEE Computer Society Press.
Voice over Internet Protocol based systems replace phone lines in many scenarios and are in wide use today. Automated security tests of such systems are required to detect implementation and configuration mistakes early and in an efficient way. In this paper we present a plugin for our fuzzer framework fuzzolution to automatically detect security vulnerabilities in Session Initiation Protocol based Voice over Internet Protocol softphones, which are examples for endpoints in such telephone systems. The presented approach automates the interaction with the Graphical User Interface of the softphones during test execution and also observes the behavior of the softphones using multiple metrics. Results of testing two open source softphones by using our fuzzer showed that various unknown vulnerabilities could be identified with the implemented plugin for our fuzzing framework.
Keywords: Software testing; Computer network security; Graphical user interfaces; Internet telephony; Fuzzing
Markus Gruber, Florian Fankhauser, Stefan Taber, Christian Schanes and Thomas Grechenig. Security status of voip based on the observation of real-world attacks on a honeynet. In The third ieee international conference on information privacy, security, risk and trust (passat) (October 2011a).
VoIP (Voice over IP) systems more and more replacing PSTN (Public Switched Telephone Network) infrastructures what increases dependency of available and secure VoIP systems for successful business. Attacks against VoIP systems are becoming more imaginative and many attacks can cause damage, e.g., gain money for attackers or create costs for the victim. Therefore, in this paper the current security status of VoIP systems are described with observations of VoIP attacks in a honeynet. The achieved results can help to adapt existing prevention system to avoid the recognized and analyzed attacks in a productive environment.
Keywords: Security, Internet telephony, Intrusion detection, Communication system security
Christian Schanes, Florian Fankhauser, Stefan Taber and Thomas Grechenig. Generic data format approach for generation of security test data. In The third international conference on advances in system testing and validation lifecycle, october 2011, barcelona, spain (October 2011). IEEE Computer Society Press.
Security testing is an important and at the same time also expensive task for developing robust and secure systems. Test automation can reduce costs of security tests and increase test coverage and, therefore, increase the number of detected security issues during development. A common data format as the basis for specific test cases ensures that the implementation of the generation logic for security test data is only needed once and can be used for various data formats by transforming the data to the common data format, generating the test data and transforming back to the original data format. The introduced approach enables to generate test data for various formats using a single implementation of the generation algorithm and applying the results for specific test cases in different data formats.
Keywords: Software testing; Computer network security; Fuzzing
Florian Fankhauser, Maximilian Ronniger, Christian Schanes and Thomas Grechenig. Security test environment for voip research. International Journal for Information Security Research, 1, 53–60 (March 2011). Infonomics Society.
Voice over IP (VoIP) is in wide use today, replacing phone lines in many scenarios. However, often, security isn’t considered well enough, even though many security attacks are already known. More research on VoIP security is needed to enhance the level of security of VoIP systems and to show the implications of failing to take appropriate security measures. This paper presents a short introduc- tion in testing VoIP components, proposes an architecture and implementation of a robust, flexible and efficient VoIP test environment for security related tests. Experiences us- ing the implemented environment for different VoIP security tests are shown to demonstrate the suitability of the pro- posed test environment for research and teaching purposes.
Markus Gruber, Florian Fankhauser, Stefan Taber, Christian Schanes and Thomas Grechenig. Trapping and analyzing malicious voip traffic using a honeynet approach. In The 6th international conference on internet technology and secured transactions (icitst) (December 2011b).
Since several years the number of VoIP (Voice over IP) infrastructures increases and, consequently, the number of VoIP users increases too. Under these circumstances VoIP systems get more and more attractive for attackers, since the probability of successful attacks increases and attackers gain benefits, e.g., money with fee-based telephone numbers. Therefore, this paper describes a solution to capture, monitor and report VoIP attacks to gain more knowledge on current and new VoIP attacks.
Keywords: Security, Internet telephony, Intrusion detection, Communication system security
Maximilian Ronniger, Florian Fankhauser, Christian Schanes and Thomas Grechenig. A robust and flexible test environment for voip security tests. In Internet technology and secured transactions (icitst), 2010 international conference for (pp. 1–6) (November 2010).
Voice over IP (VoIP) is in wide use today, replacing phone lines in many scenarios. However, often, security isn’t considered well enough, even though many security attacks are already known. More research on VoIP security is needed to enhance the level of security of VoIP systems and to show the implications of failing to take appropriate security measures. This paper presents an architecture and implementation of a robust and flexible VoIP test environment for security related tests. Experiences using the implemented environment for different VoIP security tests are shown to demonstrate the suitability of the proposed test environment for research purposes.
Andreas Mauczka, Christian Schanes, Florian Fankhauser, Mario Bernhart and Thomas Grechenig. Mining security changes in freebsd. In Mining software repositories (msr), 2010 7th ieee working conference on (pp. 90–93) (feb--mar 2010). [ DOI: 10.1109/MSR.2010.5463289 ]
Current research on historical project data is rarely touching on the subject of security related information. Learning how security is treated in projects and which parts of a software are historically security relevant or prone to security changes can enhance the security strategy of a software project. We present a mining methodology for security related changes by modifying an existing method of software repository analysis. We use the gathered security changes to find out more about the nature of security in the FreeBSD project and we try to establish a link between the identified security changes and a tracker for security issues (security advisories). We give insights how security is presented in the FreeBSD project and show how the mined data and known security problems are connected.
Peter Steinbacher, Florian Fankhauser, Christian Schanes and Thomas Grechenig. Work in progress: Black-Box approach for testing quality of service in case of security incidents on the example of a SIP-based VoIP service. In Principles, systems and applications of ip telecommunications (iptcomm’10) (pp. 101–110) (August 2010). New York, NY, USA: ACM. [ DOI: http://doi.acm.org/10.1145/1941530.1941545 ]
One of the main security objective for internet systems which provide services like Voice over Internet Protocol (VoIP) is to ensure robustness against security attacks to fulfill Quality of Service (QoS). To avoid system failures during attacks, service providers have to integrate countermeasures which have to be tested. This work evaluates a test approach to determine the efficiency of countermeasures to fulfill QoS for Session Initiation Protocol (SIP) based VoIP systems even under attack. The main objective of the approach is the evaluation of service availability of a System Under Test (SUT) during security attacks, e.g., Denial of Service (DoS) attacks. Therefore, a simulated system load based on QoS requirements is combined with different security attacks. The observation of the system is based on black-box testing. By monitoring quality metrics of SIP transactions the behavior of the system is measurable. The concept was realized as a prototype and was evaluated using different VoIP systems. For this, multiple security attacks are integrated to the testing scenarios. The outcome showed that the concept provides sound test results, which reflect the behavior of SIP systems availability under various attacks. Thus, security problems can be found and QoS for SIP-based VoIP communication under attack can be predicted.
Keywords: ESSE, Software/Program Verification;Security;Verification;Reliability;Performance;
Stefan Taber, Christian Schanes, Clemens Hlauschek, Florian Fankhauser and Thomas Grechenig. Automated security test approach for sip-based voip softphones. In The second international conference on advances in system testing and validation lifecycle, august 2010, nice, france (August 2010). IEEE Computer Society Press. [ DOI: https://doi.org/10.1109/VALID.2010.20 ]
Voice over Internet Protocol based systems become more and more part of business critical IT infrastructures. To increase the robustness of voice applications, automated security testing is required to detect security vulnerabilities in an efficient way. In this paper we present a fuzzer framework to detect security vulnerabilities in Voice over Internet Protocol Softphones, which implement Session Initiation Protocol. The presented approach automates the Graphical User Interface interaction for softphones during fuzzing and also observes the behavior of the softphone Graphical User Interfaces to automatically detect application errors. Results of testing two open source softphones by using our fuzzer showed that various unknown vulnerabilities could be identified with the implemented fuzzer and some vulnerabilities were found that are only detectable by using Graphical User Interface observation.
Keywords: ESSE, Software testing; Computer network security; Graphical user interfaces; Internet telephony; Fuzzing
Christian Schanes, Florian Fankhauser, Thomas Grechenig, Michael Schafferer, Kai Behning and Dieter Hovemeyer. Problem space and special characteristics of security testing in live and operational environments of large systems exemplified by a nationwide it infrastructure. In The first international conference on advances in system testing and validation lifecycle, september 2009, porto, portugal (September 2009). IEEE Computer Society Press.
The paper discusses foundations and requirements for testing security robustness aspects in operational environments while adhering to defined protection values for data. It defines the problem space and special characteristics of security testing in large IT infrastructures. In this area there are different environments with varying characteristics, e.g., regarding confidentiality of data. Common environments based on an existing IT project are defined. Testing in dedicated test environments is state of the art, however, sometimes this is not sufficient and testing in operational environments is required. Case studies showed many restrictions in the security test process, e.g., limited access for testers, which have to be addressed. The problems of testing in these operational environments are pointed out. Experiences and some current solution approaches for testing these special environments are shown (e.g., usage of disaster/recovery mechanism).
Keywords: Data security; Testing; Privacy; Communication system operations and management
Christian Schanes, Andreas Mauczka, Uwe Kirchengast, Thomas Grechenig and Sven Marx. Nationwide pki testing - ensuring interoperability of ocsp server and client implementations early during component tests. In Sixth european workshop on public key services, applications and infrastructures, september 2009, pisa, italy (pp. 115–130) (September 2009). Springer Berlin / Heidelberg.
Interoperability issues between different implementations in large-scale systems is one of the major reasons for increased effort during system test. This paper addresses this problem in the context of the Online Certificate Status Protocol (OCSP) in a Public Key Infrastructure (PKI), which is part of the certificate verification process of many components. The high interconnection of OCSP clients and server increases the complexity of system tests to ensure interoperation. This paper provides a component based testing method for clients and servers using OCSP exemplified by testing PKI components of a nationwide IT infrastructure. The method ensures high interoperability requirements of large-scale infrastructures during component tests and reduces efforts for test execution.
Keywords: Online Certificate Status Protocol, Interoperability Testing, Public Key Infrastructure
Stefan Bachl, Andreas Mauczka, Wolfgang Schramm and Florian Fankhauser. Softwaretechnik – mit fallbeispielen aus realen entwicklungsprojekten. In (1st ed., pp. 651–668) (2009). München: Pearson Studium. [ Download: http://www.inso.tuwien.ac.at/publications/softwaretechnik/ ]
Ulrich Bayer, Paolo Milani Comparetti, Clemens Hlauschek, Christopher Kruegel and Engin Kirda. Scalable, Behavior-Based Malware Clustering. In 16th symposium on network and distributed system security (ndss) (2009). [ Download: https://sites.cs.ucsb.edu/~chris/research/doc/ndss09_cluster.pdf ]
Anti-malware companies receive thousands of malware samples every day. To process this large quantity, a number of automated analysis tools were developed. These tools execute a malicious program in a controlled environment and produce reports that summarize the program’s actions. Of course, the problem of analyzing the reports still re- mains. Recently, researchers have started to explore au- tomated clustering techniques that help to identify samples that exhibit similar behavior. This allows an analyst to dis- card reports of samples that have been seen before, while focusing on novel, interesting threats. Unfortunately, pre- vious techniques do not scale well and frequently fail to generalize the observed activity well enough to recognize related malware. In this paper, we propose a scalable clustering approach to identify and group malware samples that exhibit simi- lar behavior. For this, we first perform dynamic analysis to obtain the execution traces of malware programs. These execution traces are then generalized into behavioral pro- files, which characterize the activity of a program in more abstract terms. The profiles serve as input to an efficient clustering algorithm that allows us to handle sample sets that are an order of magnitude larger than previous ap- proaches. We have applied our system to real-world mal- ware collections. The results demonstrate that our tech- nique is able to recognize and group malware programs that behave similarly, achieving a better precision than previous approaches. To underline the scalability of the system, we clustered a set of more than 75 thousand samples in less than three hours.
Florian Fankhauser, Christian Schanes and Christian Brem. Softwaretechnik – mit fallbeispielen aus realen entwicklungsprojekten. In (1st ed., pp. 593–650) (2009). München: Pearson Studium. [ Download: http://www.inso.tuwien.ac.at/publications/softwaretechnik/ ]
Florian Fankhauser, Thomas Grechenig, Detlef Hühnlein and Manfred Lohmaier. Die Basiskonzepte der Sicherheitsarchitektur bei der Einführung der eGK. In P. Horster (Ed.), D*A*CH security 2007 (pp. 326–337) (2007). syssec.
Bei der Einführung der elektronischen Gesundheitskarte (eGK) in Deutschland und der dafür notwendigen Telematikinfrastruktur spielen Datenschutz und die Datensicherheit zentrale Rollen. Die grundsätzliche Konzeption der Sicherheitsarchitektur abgeleitet aus den Prämissen des Deutschen Datenschutzes und seinen Ausprägungen für persönliche Gesundheitsdaten wird dargestellt. Die Kernaspekte der Sicherheitsarchitektur der Telematikinfrastruktur (TI) für die Anwendungen der elektronischen Gesundheitskarte werden erläutert. Die im Feld sicherheitserzeugenden Komponenten werden anhand ihrer Rolle und Funktion in der Gesamtarchitektur erläutert.