Entwicklung eines Systems zur dezentralen Online-Ticketerstellung und -kontrolle

Die Arbeit wendet sich der Distributionsphase des elektronischen Handels zu. Verkauf und Bezahlung sind in unsicheren Netzen möglich, aber die gekauften Waren oder Dienstleistungen können nur im Netz übermittelt werden, wenn sie vollständig digitalisierbar sind. Untersucht wird, ob und wie Fahr- und Eintrittskarten zur Übertragung in digitaler Form dargestellt werden können, ohne daß die leichte Kopierbarkeit solcher Daten Betrugsmöglichkeiten eröffnet. Es wird gezeigt, daß Eintrittskarten, die nur an einem Ort gültig sind, im Netz verkauft und vom Käufer selbst gedruckt werden können. Sie werden dazu mit einem 2D-Barcode versehen, der kryptographisch gesicherte Daten in maschinenlesbarer Form enthält. Durch eindeutige Numerierung kann sichergestellt werden, daß von mehreren Kopien einer solchen Eintrittskarte nur eine einzige benutzbar ist. Weiter wird ausgeführt, warum Fahrkarten nicht auf diese einfache und auch sonst auf keine praktisch brauchbare Weise in unsicheren Netzen verkauft werden können, jedenfalls dann nicht, wenn die Käufer anonym und die Kommunikationskosten gering bleiben sollen. Solche Tickets lassen sich nur mit Chipkarten realisieren; die Arbeit nennt Gründe, das lieber nicht zu tun. Neben der Anwendbarkeit kryptographischen Verfahren untersucht die Arbeit Fragen der praktischen Sicherheit sowie die Robustheit der gewählten Ticketdarstellung durch 2D-Matrixkodes unter Alltagsbedingungen. Für den Verkauf und die Kontrolle von Eintrittskarten wurde ein Prototyp implementiert. Als Nebenprodukt entstand Software zur Kodierung von Daten in Symbolen des Aztec-Kodes, die auch für andere Zwecke genutzt werden kann.The thesis looks into the distribution phase of electronic commerce. Sales and payment are possible on the Internet, but goods and services cannot be transmitted or used through the network unless they can be completely digitized. The thesis investigates whether and how admission tickets for events or for travel can be digitized and transmitted on the Internet. The main problem in here is the copyability of digital data which, if not prevented, would open an opportunity to defraud the vendor. It is shown that an admission ticket can be represented as an electronic document which is simply printed on paper by the customer using his own equipment, provided that there is an online connection from each possible checkpoint to some central computer. For that purpose Tickets are made machine readable using 2-dimensional barcodes, distinguishable by unique numbering and tamper-proof by means of cryptography. Further on the thesis explains why travel tickets cannot be represented in that simple way with low communications effort and customers remaining anonymous. Such tickets that can be used only once but at one out of many potential places need tamper-resistant devices like smart cards, but there are reasons not to use them. Besides use of cryptographic methods the thesis investigates questions of practical security and robustness under everyday life conditions. Part of the thesis is a prototype implementation of the main ideas. As a byproduct, generator software for the Aztec 2-dimensional barcode symbology was developed, which can be used for other purposes as well

Security Testing: Turning Practice into Theory

This position paper proposes a research agenda for the field of security testing. It gives a critical account of the state of the art as seen by a practitioner and identifies questions that research failed to answer so far, or failed to answer in such a way that it would have had an impact in the real world. Three categories of research problems are proposed: theory of vulnerabilities, theory of security testing, and tools and techniques. 1. About this Paper The science of security testing is still in its infancy. This paper proposes a research agenda for this field. It does so from a very specific perspective: that of a tester who, being aware of the lack of a scientific basis of his work, has to and wants to assess the securit

Entwicklung eines Systems zur dezentralen Online-Ticketerstellung und -kontrolle

Die Arbeit wendet sich der Distributionsphase des elektronischen Handels zu. Verkauf und Bezahlung sind in unsicheren Netzen möglich, aber die gekauften Waren oder Dienstleistungen können nur im Netz übermittelt werden, wenn sie vollständig digitalisierbar sind. Untersucht wird, ob und wie Fahr- und Eintrittskarten zur Übertragung in digitaler Form dargestellt werden können, ohne daß die leichte Kopierbarkeit solcher Daten Betrugsmöglichkeiten eröffnet. Es wird gezeigt, daß Eintrittskarten, die nur an einem Ort gültig sind, im Netz verkauft und vom Käufer selbst gedruckt werden können. Sie werden dazu mit einem 2D-Barcode versehen, der kryptographisch gesicherte Daten in maschinenlesbarer Form enthält. Durch eindeutige Numerierung kann sichergestellt werden, daß von mehreren Kopien einer solchen Eintrittskarte nur eine einzige benutzbar ist. Weiter wird ausgeführt, warum Fahrkarten nicht auf diese einfache und auch sonst auf keine praktisch brauchbare Weise in unsicheren Netzen verkauft werden können, jedenfalls dann nicht, wenn die Käufer anonym und die Kommunikationskosten gering bleiben sollen. Solche Tickets lassen sich nur mit Chipkarten realisieren; die Arbeit nennt Gründe, das lieber nicht zu tun. Neben der Anwendbarkeit kryptographischen Verfahren untersucht die Arbeit Fragen der praktischen Sicherheit sowie die Robustheit der gewählten Ticketdarstellung durch 2D-Matrixkodes unter Alltagsbedingungen. Für den Verkauf und die Kontrolle von Eintrittskarten wurde ein Prototyp implementiert. Als Nebenprodukt entstand Software zur Kodierung von Daten in Symbolen des Aztec-Kodes, die auch für andere Zwecke genutzt werden kann.The thesis looks into the distribution phase of electronic commerce. Sales and payment are possible on the Internet, but goods and services cannot be transmitted or used through the network unless they can be completely digitized. The thesis investigates whether and how admission tickets for events or for travel can be digitized and transmitted on the Internet. The main problem in here is the copyability of digital data which, if not prevented, would open an opportunity to defraud the vendor. It is shown that an admission ticket can be represented as an electronic document which is simply printed on paper by the customer using his own equipment, provided that there is an online connection from each possible checkpoint to some central computer. For that purpose Tickets are made machine readable using 2-dimensional barcodes, distinguishable by unique numbering and tamper-proof by means of cryptography. Further on the thesis explains why travel tickets cannot be represented in that simple way with low communications effort and customers remaining anonymous. Such tickets that can be used only once but at one out of many potential places need tamper-resistant devices like smart cards, but there are reasons not to use them. Besides use of cryptographic methods the thesis investigates questions of practical security and robustness under everyday life conditions. Part of the thesis is a prototype implementation of the main ideas. As a byproduct, generator software for the Aztec 2-dimensional barcode symbology was developed, which can be used for other purposes as well

Idea: Usable platforms for secure programming - mining unix for insight and guidelines

Just as security mechanisms for end users need to be usable, programming platforms and APIs need to be usable for programmers. To date the security community has assembled large catalogs of dos and donts for programmers, but rather little guidance for the design of APIs that make secure programming easy and natural. Unix with its setuid mechanism lets us study usable security issues of programming platforms. Setuid allows certain programs to run with higher privileges than the user or process controlling them. Operating across a privilege boundary entails security obligations for the program. Obligations are known and documented, yet developers often fail to fulfill them. Using concepts and vocabulary from usable security and usability of notations theory, we can explain how the Unix platform provokes vulnerabilities in such programs. This analysis is a first step towards developing platform design guidelines to address human factors issues in secure programming

Entwicklung eines Systems zur dezentralen Online-Ticketerstellung und -kontrolle

Die Arbeit wendet sich der Distributionsphase des elektronischen Handels zu. Verkauf und Bezahlung sind in unsicheren Netzen möglich, aber die gekauften Waren oder Dienstleistungen können nur im Netz übermittelt werden, wenn sie vollständig digitalisierbar sind. Untersucht wird, ob und wie Fahr- und Eintrittskarten zur Übertragung in digitaler Form dargestellt werden können, ohne daß die leichte Kopierbarkeit solcher Daten Betrugsmöglichkeiten eröffnet. Es wird gezeigt, daß Eintrittskarten, die nur an einem Ort gültig sind, im Netz verkauft und vom Käufer selbst gedruckt werden können. Sie werden dazu mit einem 2D-Barcode versehen, der kryptographisch gesicherte Daten in maschinenlesbarer Form enthält. Durch eindeutige Numerierung kann sichergestellt werden, daß von mehreren Kopien einer solchen Eintrittskarte nur eine einzige benutzbar ist. Weiter wird ausgeführt, warum Fahrkarten nicht auf diese einfache und auch sonst auf keine praktisch brauchbare Weise in unsicheren Netzen verkauft werden können, jedenfalls dann nicht, wenn die Käufer anonym und die Kommunikationskosten gering bleiben sollen. Solche Tickets lassen sich nur mit Chipkarten realisieren; die Arbeit nennt Gründe, das lieber nicht zu tun. Neben der Anwendbarkeit kryptographischen Verfahren untersucht die Arbeit Fragen der praktischen Sicherheit sowie die Robustheit der gewählten Ticketdarstellung durch 2D-Matrixkodes unter Alltagsbedingungen. Für den Verkauf und die Kontrolle von Eintrittskarten wurde ein Prototyp implementiert. Als Nebenprodukt entstand Software zur Kodierung von Daten in Symbolen des Aztec-Kodes, die auch für andere Zwecke genutzt werden kann.The thesis looks into the distribution phase of electronic commerce. Sales and payment are possible on the Internet, but goods and services cannot be transmitted or used through the network unless they can be completely digitized. The thesis investigates whether and how admission tickets for events or for travel can be digitized and transmitted on the Internet. The main problem in here is the copyability of digital data which, if not prevented, would open an opportunity to defraud the vendor. It is shown that an admission ticket can be represented as an electronic document which is simply printed on paper by the customer using his own equipment, provided that there is an online connection from each possible checkpoint to some central computer. For that purpose Tickets are made machine readable using 2-dimensional barcodes, distinguishable by unique numbering and tamper-proof by means of cryptography. Further on the thesis explains why travel tickets cannot be represented in that simple way with low communications effort and customers remaining anonymous. Such tickets that can be used only once but at one out of many potential places need tamper-resistant devices like smart cards, but there are reasons not to use them. Besides use of cryptographic methods the thesis investigates questions of practical security and robustness under everyday life conditions. Part of the thesis is a prototype implementation of the main ideas. As a byproduct, generator software for the Aztec 2-dimensional barcode symbology was developed, which can be used for other purposes as well

Point-and-Shoot Security Design: Can We Build Better Tools for Developers?

Security property degrees systematize the angles from which one can discuss the security of a system. Microscopic properties characterize how specific actions affect parts of a system. Mesoscopic properties describe how the pursuit of an attack objective may affect the system and the attacker. Macroscopic properties represent the interaction of a threat environment with a system. Properties of different degrees are interdependent, but not in a simple and universal manner. Security design aims to control security properties, shaping them in a favorable way. Its objective is macroscopic control through design decisions on all three degrees. Design tools today occupy mostly the lower half of the property degree scale. A few macroscopic design aids exist but provide little guidance to engineers. Security designers are thus in a similar situation as photographers, having to make fundamental design decisions without methodologies other than their private, homegrown approaches. This is essential for art but a deficiency in engineering. Standardized mechanization in point-and-shoot cameras helps inexpert photographers to a limited extent but can get in the way of the experienced and ambitious. Point-and-shoot security design, shorthand for current practice as well as a widely held expectation, may do the same to security engineers

Managing security work in scrum: Tensions and challenges

We advocate a change of perspective in the question of agile secure software development and analyze what makes it difficult to address security needs in Scrum. The literature focuses on the integration of security activities into agile development processes. However, detailed prescriptions for security work would be misplaced in a generic management framework like Scrum. Therefore we take a closer look at the tensions between Scrums way of organizing work and the characteristics of security requirements. Our previous work suggests that Scrum works well as a management model and security development requires iterations as in agile development, yet Scrum teams can fail to address security needs due to their low visibility, competing objectives, and Scrums division of labor. Tensions ar ise as Scrum is optimized to fulfill explicit requirements and maximize business value, whereas security is often an implicit requirement with a different value proposition, which nevertheless requires substantial work and cannot be addressed by bug fixing or quality assurance alone. As a consequence, promising research directions are the reflective discovery of security needs, the valuation and prioritization of security work, collaboration between Scrum teams and security experts, and verification and feedback mechanisms for security

Testing Production Systems Safely: Common Precautions in Penetration Testing

Unlike testing in a laboratory or test bed situation, the testing of production systems requires precautions to avoid side effects that might damage or disturb the system, its environment, or its users. This paper outlines safety precautions to be taken when testing production systems. Specifically we discuss precautions for penetration testing aiming at identifying security vulnerabilities. We generalize and document experience we gained as penetration testers, describing how the risks of testing can be mitigated through selection of test cases and techniques, partial isolation of subsystems and organizational measures. Though some of the precautions are specific to security testing, our experience might be helpful to anyone testing production systems

Quantifying the Attack Surface of a Web Application

The attack surface of a system represents the exposure of application objects to attackers and is affected primarily by architecture and design decisions. Given otherwise consistent conditions, reducing the attack surface of a system or an application is expected to reduce its overall vulnerability. So far, only systems have been considered but not single applications. As web applications provide a large set of applications built upon a common set of concepts and technologies, we choose them as an example, and provide qualitative and quantitative indicators. We propose a multidimensional metric for the attack surface of web applications, and discuss the rationale behind. Our metric is easy to use. It comprises both a scalar numeric indicator for easy comparison and a more detailed vector representation for deeper analysis. The metric can be used to guide security testing and development. We validate the applicability and suitability of the metric with popular web applications, of which knowledge about their vulnerability already exists.