Zur Nutzung von Verkehrsdaten im Rahmen der Vorratsdatenspeicherung

Dieser Bericht entstand aus Anlass einer Anfrage des Bundesverfassungsgerichts im Rahmen der Verfassungsbeschwerden 1 BvR 256/08, 263/08, 586/08. Teil der Anfrage war ein Fragenkatalog, zu dem ich als sachkundiger Dritter Stellung nehmen sollte. Statt einer listenhaften Beantwortung der Fragen habe ich mir erlaubt, die technischen Hintergründe in einer zusammenhängenden Diskussion darzustellen. Der Bezug zu den Fragen aus dem Fragenkatalog, zu denen ich mich sachkundig fühlte, wird im Anhang explizit hergestellt

Automated Analysis of ARM Binaries using the Low-Level Virtual Machine Compiler Framework

Binary program analysis is a critical capability for offensive and defensive operations in Cyberspace. However, many current techniques are ineffective or time-consuming and few tools can analyze code compiled for embedded processors such as those used in network interface cards, control systems and mobile phones. This research designs and implements a binary analysis system, called the Architecture-independent Binary Abstracting Code Analysis System (ABACAS), which reverses the normal program compilation process, lifting binary machine code to the Low-Level Virtual Machine (LLVM) compiler\u27s intermediate representation, thereby enabling existing security-related analyses to be applied to binary programs. The prototype targets ARM binaries but can be extended to support other architectures. Several programs are translated from ARM binaries and analyzed with existing analysis tools. Programs lifted from ARM binaries are an average of 3.73 times larger than the same programs compiled from a high-level language (HLL). Analysis results are equivalent regardless of whether the HLL source or ARM binary version of the program is submitted to the system, confirming the hypothesis that LLVM is effective for binary analysis

A Survey on Security for Mobile Devices

Nowadays, mobile devices are an important part of our everyday lives since they enable us to access a large variety of ubiquitous services. In recent years, the availability of these ubiquitous and mobile services has signicantly increased due to the dierent form of connectivity provided by mobile devices, such as GSM, GPRS, Bluetooth and Wi-Fi. In the same trend, the number and typologies of vulnerabilities exploiting these services and communication channels have increased as well. Therefore, smartphones may now represent an ideal target for malware writers. As the number of vulnerabilities and, hence, of attacks increase, there has been a corresponding rise of security solutions proposed by researchers. Due to the fact that this research eld is immature and still unexplored in depth, with this paper we aim to provide a structured and comprehensive overview of the research on security solutions for mobile devices. This paper surveys the state of the art on threats, vulnerabilities and security solutions over the period 2004-2011. We focus on high-level attacks, such those to user applications, through SMS/MMS, denial-of-service, overcharging and privacy. We group existing approaches aimed at protecting mobile devices against these classes of attacks into dierent categories, based upon the detection principles, architectures, collected data and operating systems, especially focusing on IDS-based models and tools. With this categorization we aim to provide an easy and concise view of the underlying model adopted by each approach

Anomaly detection system using system calls for android smartphone system

A smartphone is a mobile phone that provides advanced functions compared to traditional mobile phones. Smartphone systems have evolved considerably in terms of their capacity and functionality. Therefore, it is excessively used in personal and business life. Users of smartphone systems store all kinds of personal, business and confidential information on their systems, such as credit card and bank account information. In view of this popularity and storing confidential information, the cyber criminals and malware developers have set their eyes on the smartphone systems. Recent malware analysis reports show scared information about the serious threats that face smartphone systems. Thus, their protection is very important. Smartphone malwares detection techniques have been actively studied. Broadly, the two main techniques are: the signature-based techniques and the anomaly-based techniques. Each technique has its own advantages and drawbacks. In this Thesis, we are mainly interested in anomaly detection techniques. These techniques are useful for unknown malwares and variants of known ones. However, they still need more study and investigation to improve the malware detection accuracy and to consume as less resources as possible. This Thesis makes contributions on three levels to improve the efficiency, accuracy and adaptability of anomaly-based techniques for smartphone system based on Android operating system. The first contribution presents a study and review of the existing malware detection techniques. This survey provides a comprehensive classification of the studied techniques according to well defined criteria. The second contribution is based upon the dataset level and it is twofold. Firstly, we introduce dataset feature vector representation as a new factor that can improve the efficiency and the accuracy of malware detection solution. Secondly, we introduce filtering and abstraction process that refines the system call traces. The refined traces are much more compact and are closer to the main application behavior. The third contribution of this Thesis is on the benign behavior model level and it is biflod. In the first place, we build canonical database representing generic benign behavior from limited number of representative applications. In the second place, instead of using single machine learning classifier to model the benign behavior, we use hybrid machine learning classifier

Security of Smartphones at the Dawn of their Ubiquitousness

The importance of researching in the field of smartphone security is substantiated in the increasing number of smartphones, which are expected to outnumber common computers in the future. Despite their increasing importance, it is unclear today if mobile malware will play the same role for mobile devices as for common computers today. Therefore, this thesis contributes to defining and structuring the field mobile device security with special concern on smartphones and on the operational side of security, i.e., with mobile malware as the main attacker model. Additionally, it wants to give an understanding of the shifting boundaries of the attack surface in this emerging research field. The first three chapters introduce and structure the research field with the main goal of showing what has to be defended against today. Besides introducing related work they structure mobile device attack vectors with regard to mobile malicious software and they structure the topic of mobile malicious software itself with regard to its portability. The technical contributions of this thesis are in Chapters 5 to 8, classified according to the location of the investigation (on the device, in the network, distributed in device and network). Located in the device is MobileSandbox, a software for dynamic malware analysis. As another device-centric contribution we investigate on the efforts that have to be taken to develop an autonomously spreading smartphone worm. The results of these investigations are used to show that device-centric parts are necessary for smartphone security. Additionally, we propose a novel device-centric security mechanism that aims at reducing the attack surface of mobile devices to mobile malware. The network-centric investigations show the possibilities that a mobile network operator can use in its own mobile network for protecting the mobile devices of its clients. We simulate the effectiveness of different security mechanisms. Finally, the distributed investigations show the feasibility of distributed computation algorithms with security modules. We give prototypic implementations of protocols for secure multiparty computation as a modularized version with failure detector and consensus algorithms, and for fair exchange with guardian angels