34 research outputs found
"I don't know why I check this…" Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attacks
OpenPGP is one of the two major standards for end-to-end
email security. Several studies showed that serious usability
issues exist with tools implementing this standard. However,
a widespread assumption is that expert users can handle these
tools and detect signature spoofing attacks. We present a user
study investigating expert users’ strategies to detect signature
spoofing attacks in Thunderbird. We observed 25 expert users
while they classified eight emails as either having a legitimate
signature or not. Studying expert users explicitly gives us an
upper bound of attack detection rates of all users dealing with
PGP signatures. 52% of participants fell for at least one out
of four signature spoofing attacks. Overall, participants did\ud
not have an established strategy for evaluating email signature
legitimacy. We observed our participants apply 23 different
types of checks when inspecting signed emails, but only 8 of
these checks tended to be useful in identifying the spoofed or
invalid signatures. In performing their checks, participants
were frequently startled, confused, or annoyed with the user
interface, which they found supported them little. All these
results paint a clear picture: Even expert users struggle to
verify email signatures, usability issues in email security are
not limited to novice users, and developers may need proper
guidance on implementing email signature GUIs correctl
Attacking Deterministic Signature Schemes using Fault Attacks
Many digital signature schemes rely on random numbers that are unique and non-predictable per signature. Failures of random number generators may have catastrophic effects such as compromising private signature keys. In recent years, many widely-used cryptographic technologies adopted deterministic signature schemes because they are presumed to be safer to implement.
In this paper, we analyze the security of deterministic ECDSA and EdDSA signature schemes and show that the elimination of random number generators in these schemes enables new kinds of fault attacks. We formalize these attacks and introduce practical attack scenarios against EdDSA using the Rowhammer fault attack. EdDSA is used in many widely used protocols such as TLS, SSH and IPSec, and we show that these protocols are not vulnerable to our attack. We formalize the necessary requirements of protocols using these deterministic signature schemes to be vulnerable, and discuss mitigation strategies and their effect on fault attacks against deterministic signature schemes
Afferent Visual Pathway Affection in Patients with PMP22 Deletion-Related Hereditary Neuropathy with Liability to Pressure Palsies
Background The PMP22 gene encodes a protein integral to peripheral myelin. Its
deletion leads to hereditary neuropathy with liability to pressure palsies
(HNPP). PMP22 is not expressed in the adult central nervous system, but
previous studies suggest a role in CNS myelin development. The objective of
this study was to identify potential structural and functional alterations in
the afferent visual system in HNPP patients. Methods Twenty HNPP patients and
18 matched healthy controls (HC) were recruited in a cross-sectional study.
Participants underwent neurological examination including visual acuity,
visual evoked potential (VEP) examination, optical coherence tomography (OCT),
and magnetic resonance imaging with calculation of brain atrophy, regarding
grey and white matter, and voxel based morphometry (VBM), in addition answered
the National Eye Institute’s 39-item Visual Functioning Questionnaire (NEI-
VFQ). Thirteen patients and 6 HC were additionally examined with magnetic
resonance spectroscopy (MRS). Results All patients had normal visual acuity,
but reported reduced peripheral vision in comparison to HC in the NEI-VFQ (p =
0.036). VEP latency was prolonged in patients (P100 = 103.7±5.7 ms) in
comparison to healthy subjects (P100 = 99.7±4.2 ms, p = 0.007). In OCT,
peripapillary retinal nerve fiber layer thickness RNFL was decreased in the
nasal sector (90.0±15.5 vs. 101.8±16.5, p = 0.013), and lower nasal sector
RNFL correlated with prolonged VEP latency (Rho = -0.405, p = 0.012). MRS
revealed reduced tNAA (731.4±45.4 vs. 814.9±62.1, p = 0.017) and tCr
(373.8±22.2 vs. 418.7±31.1, p = 0.002) in the visual cortex in patients vs.
HC. Whole brain volume, grey and white matter volume, VBM and metabolites in a
MRS sensory cortex control voxel did not differ significantly between patients
and HC. Conclusion PMP22 deletion leads to functional, metabolic and macro-
structural alterations in the afferent visual system of HNPP patients. Our
data suggest a functional relevance of these changes for peripheral vision,
which warrants further investigation and confirmation
Listen to Your Heart: Evaluation of the Cardiologic Ecosystem
Modern implantable cardiologic devices communicate via radio frequency techniques and nearby gateways to a backend server on the internet. Those implanted devices, gateways, and servers form an ecosystem of proprietary hardware and protocols that process sensitive medical data and is often vital for patients’ health.
This paper analyzes the security of this Ecosystem, from technical gateway aspects, via the programmer, to configure the implanted device, up to the processing of personal medical data from large cardiological device producers. Based on a real-world attacker model, we evaluated different devices and found several severe vulnerabilities. Furthermore, we could purchase a fully functional programmer for implantable cardiological devices, allowing us to re-program such devices or even induce electric shocks on untampered implanted devices.
Additionally, we sent several Art. 15 and Art. 20 GDPR inquiries to manufacturers of implantable cardiologic devices, revealing non-conforming processes and a lack of awareness about patients’ rights and companies’ obligations. This, and the fact that many vulnerabilities are still to be found after many vulnerability disclosures in recent years, present a worrying security state of the whole ecosystem
Unbeabsichtigte und verdeckte Informationslecks in vernetzten Softwareanwendungen
Side channels are vulnerabilities that can be attacked by observing the behaviour of applications and by inferring sensitive information just from this behaviour. Because side channel vulnerabilities appear in such a large spectrum of contexts, there does not seem to be a generic way to prevent all side channel attacks once and for all. A practical approach is to research for new side channels and to specifically tailor mitigations for new side channel attacks. In this thesis, we extend the field of side channel attacks by introducing new ways to attack and to mitigate side channels in web applications. We start by proposing a new classification scheme for information leaks based on the information decoding effort an attacker has to spend. The four differ- ent classes—sorted by the order of ascending effort for the attacker—are: direct deterministic information leaks, obfuscated deterministic information leaks, pos- sibilistic information leaks, and probabilistic information leaks. Storage side channels are a new type of side channels which leak information through redundancies in protocols such as HTTP or languages such as HTML. We formalise storage side channels and describe a new method that allows de- tecting obfuscated deterministic information leaks in storage side channels even in dynamic and noisy environments. We test our method by applying it to real- world web applications and find that several widely used web applications are prone to obfuscated deterministic information leaks. Furthermore, we show a new method to exploit those timing side channels that have the property that the timing differences can be influenced by the at- tacker. We model these special timing side channels as a possibilistic timing side channel. The method allows very efficient timing side channel attacks even over noisy networks such as the Internet. We show that our method can break the confidentiality of XML Encryption messages in realistic environments. Finally, we model common existing timing side channels in web applications as probabilistic information leaks and present a new method to mitigate them in web applications. The method works by padding the response time using a deterministic and unpredictable delay (DUD). We show that DUD offers security guarantees that can be freely traded with performance reduction. By applying this method to vulnerable web applications, we show that the method offers an effective and performant way to mitigate timing side channels.Seitenkanalangriffe funktionieren, indem man das Verhalten von Anwendungen beobachtet und auf geheime Informationen anhand von diesem Verhalten schließt. Da Seitenkana ̈le in vielen Kontexten auftauchen, scheint es keine generischen Gegenmaßnahmen zu geben. Ein pragmatisches Vorgehen ist jedoch, nach neuen Seitenkan ̈alen zu suchen und spezielle Gegenmaßnahmen fu ̈r neu entdeckte Seit- enkan ̈ale zu entwerfen. In dieser Dissertation untersuchen wir neue Seitenkana ̈le in Web-Anwendungen und Gegenmaßnahmen fu ̈r Seitenkanalangriffe. Zuerst ordnen wir den Aufwand eines Angreifers, um Informationslecks eines Seitenkanals zu dekodieren, in vier Klassen ein: direkte deterministische Informa- tionslecks, verschleierte deterministische Informationslecks, possibilistische Infor- mationslecks und probabilistische Informationslecks. Storage-Seitenkan ̈ale bilden eine neue Art von Seitenkana ̈len, die durch Redun- danzen in Protokollen wie z.B. HTTP oder in Sprachen wie z.B. HTML entste- hen. Wir formalisieren Storage-Seitenkana ̈le und stellen eine neue Methode vor, die es erlaubt, verschleierte deterministische Informationslecks durch Storage- Seitenkan ̈ale selbst in dynamischen und verrauschten Umgebungen zu entdecken. Wir validieren unsere Methode, indem wir sie an weit verbreiteten Anwendungen testen. Die Resultate zeigen, dass mehrere Anwendungen verschleierte determin- istische Informationslecks enthalten. Danach stellen wir einen neue und effiziente Angriffsmethode vor, um solche Timing-Seitenkan ̈ale auszunutzen, bei denen der Angreifer die Zeitunterschiede beeinflussen kann. Wir modellieren den Angriff als possibilistisches Informations- leck und zeigen, dass dadurch sehr effiziente Timing-Angriffe m ̈oglich werden, die sogar u ̈ber verrauschte Netzwerke, wie z.B. das Internet, funktionieren. Als prak- tische Anwendung zeigen wir, dass wir mit unserer Methode die Vertraulichkeit von XML Encryption-Nachrichten innerhalb von drei Stunden u ̈ber den Local- host und in weniger als einer Woche u ̈ber das Internet brechen ko ̈nnen. Abschließend modellieren wir existierende Timing-Seitenkan ̈ale in Web-Anwen- dungen als probabilistische Informationslecks und stellen eine neue Methode vor, mit der man solche Angriffe zuverla ̈ssig verhindern kann. Die Methode verwendet deterministische und nicht-vorhersagbare Verz ̈ogerungen (DUD), die Sicherheits- garantien bereits mit geringer Performanzreduktion bietet. Wir zeigen, dass die Methode Timing-Seitenkana ̈le effektiv und performanzeffizient verhindert
WAFFle: Fingerprinting filter rules of web application firewalls
Abstract-Web Application Firewalls (WAFs) are used to detect and block attacks against vulnerable web applications. They distinguish benign requests from rogue requests using a set of filter rules. We present a new timing side channel attack that an attacker can use to remotely distinguish passed requests from requests that the WAF blocked. The attack works also for transparent WAFs that do not leave any trace in responses. The attacker can either conduct our attack directly or indirectly by using Cross Site Request Forgeries (CSRF). The latter allows the attacker to get the results of the attack while hiding his identity and to circumvent any practical brute-force prevention mechanism in the WAF. By learning which requests the WAF blocks and which it passes to the application, the attacker can craft targeted attacks that use any existing loopholes in the WAF's filter rule set. We implemented this attack in the WAFFle tool and ran tests over the Internet against ModSecurity and PHPIDS. The results show that WAFFle correctly distinguished passed requests from blocked requests in more than 95 % of all requests just by measuring a single request