I am a researcher at the ESSE group. I am always interested in exceptionally motivated students to work with me on challenging and highly technical topics. If you feel addressed and feel the intersection of our interests would build a good foundation, feel free to drop me an email to discuss possible topics for your thesis or practical coursework project. I have extensive industrial experience in systems security, security analysis, security engineering, and various forms of penetration testing. My mind is trained to work well on low level, close-to-the-hardware issues (binary reversing and exploitation, OS security), as well as on more abstract and theoretical problems (theoretical cryptography and complexity theory, machine learning and machine intelligence). In my research, I try to close the gap that exists between practitioners and theorists. Maybe the best way to get to know me personally is by joining our CTF team defragmented.brains and playing together with me and a bunch of smart, skilled, and rather swag fellows with various backgrounds at the next competition. Again, feel free to drop me an email and I will hook you up.
B6AA 79C5 1DE9 D630 2546 A952 8DCF E01A 58D9 ADBB
Wiedner Hauptstraße 76/2/2
Office Hours: by appointment: please write an e-mail.
Protection of Internet communication is becoming more common in many products, as the demand for privacy in an age of state-level adversaries and crime syndicates is steadily increasing. The industry standard for doing this is TLS. The TLS protocol supports a multitude of key agreement and authentication options which provide various different security guarantees. Recent attacks showed that this plethora of cryptographic options in TLS (including long forgotten government backdoors, which have been cunningly inserted via export restriction laws) is a Pandoras box, waiting to be pried open by heinous computer whizzes. Novel attacks lay hidden in plain sight. Parts of TLS are so old that their foul smell of rot cannot be easily distinguished from the flowery smell of ‘strong’ cryptography and water-tight security mechanisms. With an arcane (but well-known among some theoretical cryptographers) tool, we put new cracks into Pandoras box, achieving a full break of TLS security. This time, the tool of choice is KCI, or Key Compromise Impersonation. The TLS protocol includes a class of key agreement and authenticationmethods that are vulnerable to KCI attacks: non-ephemeralDiffie-Hellman key exchange with fixed Diffie-Hellman client authentication – both on elliptic curve groups, as well as on classical integer groups modulo a prime. We show that TLS clients that support these weak handshakes pose serious security concerns in modern systems, opening the supposedly securely encrypted communication to full-blown Man-in-the-Middle (MitM) attacks. This paper discusses and analyzes KCI attacks in regard to the TLS protocol. We present an evaluation of the TLS software landscape regarding this threat, including a successful MitM attack against the Safari Web Browser on Mac OS X. We conclude that the insecure TLS options that enable KCI attacks should be immediately disabled in TLS clients and removed from future versions and implementations of the protocol: their utility is extremely limited, their raison d’etre is practically nil, and the existence of these insecure key agreement options only adds to the arsenal of attack vectors against cryptographically secured communication on the Internet.
Groupsignatures allow a group member to sign anonymously on behalf of a group. In the dynamic case, a group manager can add and revoke group members. An opening manager can revoke the anonymity of a signature and trace it back to the original group member. We introduce limited-linkable group signatures: two signatures on identical messages by the same group member can be efficiently linked. Furthermore, we show how to distribute the opening manager, so that no trusted third party is required to guarantee anonymity. Our system generates short and efficient signatures, and is provably secure in the random oracle model.
Voice over Internet Protocol based systems become more and more part of business critical IT infrastructures. To increase the robustness of voice applications, automated security testing is required to detect security vulnerabilities in an efficient way. In this paper we present a fuzzer framework to detect security vulnerabilities in Voice over Internet Protocol Softphones, which implement Session Initiation Protocol. The presented approach automates the Graphical User Interface interaction for softphones during fuzzing and also observes the behavior of the softphone Graphical User Interfaces to automatically detect application errors. Results of testing two open source softphones by using our fuzzer showed that various unknown vulnerabilities could be identified with the implemented fuzzer and some vulnerabilities were found that are only detectable by using Graphical User Interface observation.
Keywords: ESSE, Software testing; Computer network security; Graphical user interfaces; Internet telephony; Fuzzing
Anti-malware companies receive thousands of malware samples every day. To process this large quantity, a number of automated analysis tools were developed. These tools execute a malicious program in a controlled environment and produce reports that summarize the program’s actions. Of course, the problem of analyzing the reports still re- mains. Recently, researchers have started to explore au- tomated clustering techniques that help to identify samples that exhibit similar behavior. This allows an analyst to dis- card reports of samples that have been seen before, while focusing on novel, interesting threats. Unfortunately, pre- vious techniques do not scale well and frequently fail to generalize the observed activity well enough to recognize related malware.In this paper, we propose a scalable clustering approach to identify and group malware samples that exhibit simi- lar behavior. For this, we first perform dynamic analysis to obtain the execution traces of malware programs. These execution traces are then generalized into behavioral pro- files, which characterize the activity of a program in more abstract terms. The profiles serve as input to an efficient clustering algorithm that allows us to handle sample sets that are an order of magnitude larger than previous ap- proaches. We have applied our system to real-world mal- ware collections. The results demonstrate that our tech- nique is able to recognize and group malware programs that behave similarly, achieving a better precision than previous approaches. To underline the scalability of the system, we clustered a set of more than 75 thousand samples in less than three hours.