Skip to main content

Julian Schütte

Followers

16

Following

6

Co-authors

6

Public Views

Gerardo Canfora

Università degli Studi del Sannio

University of Victoria

Meredith White-McMahon

DIMITRIS GRITZALIS

Athens University of Economics and Business

The University of Iowa

Dharmaraj Patil

R.C.Patel Institute of Technology,Shirpur

Interests

Uploads

Papers by Julian Schütte

WebEye - Automated Collection of Malicious HTTP Traffic

arXiv (Cornell University), Feb 16, 2018

With malware detection techniques increasingly adopting machine learning approaches, the creation... more With malware detection techniques increasingly adopting machine learning approaches, the creation of precise training sets becomes more and more important. Large data sets of realistic web traffic, correctly classified as benign or malicious are needed, not only to train classic and deep learning algorithms, but also to serve as evaluation benchmarks for existing malware detection products. Interestingly, despite the vast number and versatility of threats a user may encounter when browsing the web, actual malicious content is often hard to come by, since prerequisites such as browser and operating system type and version must be met in order to receive the payload from a malware distributing server. In combination with privacy constraints on data sets of actual user traffic, it is difficult for researchers and product developers to evaluate anti-malware solutions against largescale data sets of realistic web traffic. In this paper we present WebEye, a framework that autonomously creates realistic HTTP traffic, enriches recorded traffic with additional information, and classifies records as malicious or benign, using different classifiers. We are using WebEye to collect malicious HTML and JavaScript and show how datasets created with WebEye can be used to train machine learning based malware detection algorithms. We regard WebEye and the data sets it creates as a tool for researchers and product developers to evaluate and improve their AI-based anti-malware solutions against large-scale benchmarks.

A taxonomy-based approach for security in software-defined networking

2017 IEEE International Conference on Communications (ICC), 2017

Software Defined Networking (SDN) promises to abstract hardware and hard-wired network topologies... more Software Defined Networking (SDN) promises to abstract hardware and hard-wired network topologies in favor of programmable dynamic infrastructures. However, especially features like multi-tenancy require for new ways to ensure that access to critical network resources are restricted to trusted applications and users. The challenge here is that these entities are not necessarily known at the time of planning and setup, but are rather added dynamically to the network at runtime. Controlling access to northbound interfaces of SDN controllers thus requires for new ways to express access control policies which are able to cope with this degree of complexity and abstraction. We thus introduce a taxonomy-based policy engine, which allows the definition of fine-grained security policies based on a first-order logic description of the network environment. We describe the taxonomy structure and show how it can be used in a Prolog-based policy engine to protect a secure SDN northbound interface developed in previous work. By evaluating the implementation in a virtual SDN environment, we found the performance overhead of our approach to be tolerable.

A Case for IoT Security Assurance

Internet of Things, 2017

Today the proliferation of ubiquitous devices interacting with the external environment and conne... more Today the proliferation of ubiquitous devices interacting with the external environment and connected by means of wired/wireless communication technologies points to the definition of a new vision of ICT called Internet of Things (IoT). In IoT, sensors and actuators, possibly embedded in more powerful devices, such as smartphones, interact with the surrounding environment. They collect information and supply it across networks to platforms where IoT applications are built. IoT services are then made available to final customers through these platforms. Needless to say, IoT scenario revolutionizes the concept of security, which becomes even more critical than before. Security protection must consider millions of devices that are under control of external entities, freshness and integrity of data that are produced by the latter devices, and heterogeneous environments and contexts that co-exist in the same IoT environment. These aspects make the need of a systematic way of assessing the quality and security of IoT systems evident, introducing the need of rethinking existing assurance methods to fit the IoT-based services. In this chapter, we discuss and analyze challenges in the design and development of assurance methods in IoT, focusing on traditional CIA properties, and provide a first process for the development of continuous assurance methods for IoT services. We also design a conceptual framework for IoT security assurance evaluation.

reclaimID: Secure, Self-Sovereign Identities Using Name Systems and Attribute-Based Encryption

2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018

In this paper we present reclaimID: An architecture that allows users to reclaim their digital id... more In this paper we present reclaimID: An architecture that allows users to reclaim their digital identities by securely sharing identity attributes without the need for a centralised service provider. We propose a design where user attributes are stored in and shared over a name system under user-owned namespaces. Attributes are encrypted using attribute-based encryption (ABE), allowing the user to selectively authorize and revoke access of requesting parties to subsets of his attributes. We present an implementation based on the decentralised GNU Name System (GNS) in combination with ciphertext-policy ABE using type-1 pairings. To show the practicality of our implementation, we carried out experimental evaluations of selected implementation aspects including attribute resolution performance. Finally, we show that our design can be used as a standard OpenID Connect Identity Provider allowing our implementation to be integrated into standard-compliant services. Index Terms-identity and access management, peer-to-peer, privacy, decentralisation, name systems, attribute-based encryption

BDABE - Blockchain-based Distributed Attribute based Encryption

Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, 2018

Attribute Based Encryption (ABE) denotes asymmetric cryptographic schemes where key pairs are cre... more Attribute Based Encryption (ABE) denotes asymmetric cryptographic schemes where key pairs are created for attribute owners and often applied to realize a fine-grained, cryptographic access control mechanism for outsourced data. Despite the benefits of ABE systems, there are still drawbacks when ABE systems are transformed into real world applications. Mainly, ABE systems suffer from non-efficiency or non-existence of revocation mechanisms and user key coordination problems. By introducing a consensus driven approach, we try to mitigate these issues in distributed systems. In this paper, we propose a collaborative attribute management protocol for Ciphertext-policy attribute-based encryption (CP-ABE) schemes based on our own scheme called a Blockchain-based Distributed Attribute Based Encryption (BDABE) scheme. Our construction realizes distributed issue, storage and revocation of private attribute keys by adding a consensus driven infrastructure, a blockchain. We enhance both security and efficiency of key management in distributed CP-ABE systems for the application of cloud data sharing.

cipherPath: Efficient Traversals over Homomorphically Encrypted Paths

We propose cipherPath, a novel graph encryption scheme that enables exact shortest distance queri... more We propose cipherPath, a novel graph encryption scheme that enables exact shortest distance queries on encrypted graphs. Shortest distance queries are very useful in a vast number of applications, including medical, social or geospatial. Our approach using somewhat homomorphic encryption in combination with structured encryption enables exact shortest distance queries on outsourced and encrypted graph data. Our approach upholds provable security against a semi-honest provider. We demonstrate our framework by means of two different shortest path algorithms on encrypted graphs: Dijkstra and Floyd. Finally, we evaluate the leakage profile of cipherPath.

Der Trusted Connector im Industrial Data Space

ArXiv, 2018

Digitalization affects all industrial domains and causes disruption of various business models. E... more Digitalization affects all industrial domains and causes disruption of various business models. Especially in domains such as logistics and manufacturing, inter-connected devices and near-realtime exchange of sensor data across enterprises allows to speed up processes, reduce costs and respond to customer's needs. However, the advent of the Industrial Internet of Things (IIoT) also raises challenges with respect to security and privacy of sensitive and personal data that is created by sensors and processed by services hosted in different administrative domains. The Industrial Data Space initiative addresses these challenges and proposes a secure edge gateway platform named "Trusted Connector". In this report, we introduce the main security building blocks of the Trusted Connector and point out how they help protecting business-critical data and preserving the user's privacy.

Blockchain for Education: Lifelong Learning Passport

ERCIM News, 2020

Certificates play an important role in education and in professional development in companies. In... more Certificates play an important role in education and in professional development in companies. Individual learning records become essential for people’s professional careers. It is therefore important that these records are stored in longterm available and tamper-proof ledgers. A blockchain records transactions in a verifiable and permanent way, therefore it is very suitable to store fingerprints of certificates or other educational items. Blockchain reveals forgery of certificates and it supports learning histories. In this paper, we present the Blockchain for Education platform as a practical solution for issuing, validating and sharing of certificates. At first, we describe the conceptual system overview and then we present in detail the platform implementation including management of certification authorities and certificates, smart contracts as well as services for certifiers, learners and third parties such as employers. Finally, we describe use cases and first evaluation resu...

Blockchain and smart contracts : Technologies, research issues and applications

LUCON: Data Flow Control for Message-Based IoT Systems

2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018

Today's emerging Industrial Internet of Things (IIoT) scenarios are characterized by the exchange... more Today's emerging Industrial Internet of Things (IIoT) scenarios are characterized by the exchange of data between services across enterprises. Traditional access and usage control mechanisms are only able to determine if data may be used by a subject, but lack an understanding of how it may be used. The ability to control the way how data is processed is however crucial for enterprises to guarantee (and provide evidence of) compliant processing of critical data, as well as for users who need to control if their private data may be analyzed or linked with additional information-a major concern in IoT applications processing personal information. In this paper, we introduce LUCON, a data-centric security policy framework for distributed systems that considers data flows by controlling how messages may be routed across services and how they are combined and processed. LUCON policies prevent information leaks, bind data usage to obligations, and enforce data flows across services. Policy enforcement is based on a dynamic taint analysis at runtime and an upfront static verification of message routes against policies. We discuss the semantics of these two complementing enforcement models and illustrate how LUCON policies are compiled from a simple policy language into a first-order logic representation. We demonstrate the practical application of LUCON in a realworld IoT middleware and discuss its integration into Apache Camel. Finally, we evaluate the runtime impact of LUCON and discuss performance and scalability aspects.

Towards Tracking Data Flows in Cloud Architectures

2020 IEEE 13th International Conference on Cloud Computing (CLOUD), 2020

As cloud services become central in an increasing number of applications, they process and store ... more As cloud services become central in an increasing number of applications, they process and store more personal and business-critical data. At the same time, privacy and compliance regulations such as GDPR, the EU ePrivacy regulation, PCI, and the upcoming EU Cybersecurity Act raise the bar for secure processing and traceability of critical data. Especially the demand to provide information about existing data records of an individual and the ability to delete them on demand is central in privacy regulations. Common to these requirements is that cloud providers must be able to track data as it flows across the different services to ensure that it never moves outside of the legitimate realm, and it is known at all times where a specific copy of a record that belongs to a specific individual or business process is located. However, current cloud architectures do neither provide the means to holistically track data flows across different services nor to enforce policies on data flows. In this paper, we point out the deficits in the data flow tracking functionalities of major cloud providers by means of a set of practical experiments. We then generalize from these experiments introducing a generic architecture that aims at solving the problem of cloud-wide data flow tracking and show how it can be built in a Kubernetes-based prototype implementation.

ZKlaims: Privacy-preserving Attribute-based Credentials using Non-interactive Zero-knowledge Techniques

Proceedings of the 16th International Joint Conference on e-Business and Telecommunications, 2019

In this paper we present ZKlaims: a system that allows users to present attribute-based credentia... more In this paper we present ZKlaims: a system that allows users to present attribute-based credentials in a privacypreserving way. We achieve a zero-knowledge property on the basis of Succinct Non-interactive Arguments of Knowledge (SNARKs). ZKlaims allow users to prove statements on credentials issued by trusted third parties. The credential contents are never revealed to the verifier as part of the proving process. Further, ZKlaims can be presented non-interactively, mitigating the need for interactive proofs between the user and the verifier. This allows ZKlaims to be exchanged via fully decentralized services and storages such as traditional peerto-peer networks based on distributed hash tables (DHTs) or even blockchains. To show this, we include a performance evaluation of ZKlaims and show how it can be integrated in decentralized identity provider services.

Annotary: A Concolic Execution System for Developing Secure Smart Contracts

Lecture Notes in Computer Science, 2019

Ethereum smart contracts are executable programs, deployed on a peer-to-peer network and executed... more Ethereum smart contracts are executable programs, deployed on a peer-to-peer network and executed in a consensus-based fashion. Their bytecode is public, immutable and once deployed to the blockchain, cannot be patched anymore. As smart contracts may hold Ether worth of several million dollars, they are attractive targets for attackers and indeed some contracts have successfully been exploited in the recent past, resulting in tremendous financial losses. The correctness of smart contracts is thus of utmost importance. While first approaches on formal verification exist, they demand users to be well-versed in formal methods which are alien to many developers and are only able to analyze individual contracts, without considering their execution environment, i.e., calls to external contracts, sequences of transaction, and values from the actual blockchain storage. In this paper, we present Annotary, a concolic execution framework to analyze smart contracts for vulnerabilities, supported by annotations which developers write directly in the Solidity source code. In contrast to existing work, Annotary supports analysis of inter-transactional, inter-contract control flows and combines symbolic execution of EVM bytecode with a resolution of concrete values from the public Ethereum blockchain. While the analysis of Annotary tends to weight precision higher than soundness, we analyze inter-transactional call chains to eliminate false positives from unreachable states that traditional symbolic execution would not be able to handle. We present the annotation and analysis concepts of Annotary, explain its implementation on top of the Laser symbolic virtual machine, and demonstrate its usage as a plugin for the Sublime Text editor.

Proceedings of the 34th Annual Computer Security Applications Conference, 2018

The capability of executing so-called smart contracts in a decentralised manner is one of the com... more The capability of executing so-called smart contracts in a decentralised manner is one of the compelling features of modern blockchains. Smart contracts are fully fledged programs which cannot be changed once deployed to the blockchain. They typically implement the business logic of distributed apps and carry billions of dollars worth of coins. In that respect, it is imperative that smart contracts are correct and have no vulnerabilities or bugs. However, research has identified different classes of vulnerabilities in smart contracts, some of which led to prominent multi-million dollar fraud cases. In this paper we focus on vulnerabilities related to integer bugs, a class of bugs that is particularly difficult to avoid due to some characteristics of the Ethereum Virtual Machine and the Solidity programming language. In this paper we introduce Osiris-a framework that combines symbolic execution and taint analysis, in order to accurately find integer bugs in Ethereum smart contracts. Osiris detects a greater range of bugs than existing tools, while providing a better specificity of its detection. We have evaluated its performance on a large experimental dataset containing more than 1.2 million smart contracts. We found that 42,108 contracts contain integer bugs. Besides being able to identify several vulnerabilities that have been reported in the past few months, we were also able to identify a yet unknown critical vulnerability in a couple of smart contracts that are currently deployed on the Ethereum blockchain. CCS CONCEPTS • Security and privacy → Domain-specific security and privacy architectures; Software security engineering; Logic and verification;

Generating Threat Profiles for Cloud Service Certification Systems

2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE), 2016

Cloud service certification aims at automatically validating whether a cloud service satisfies a ... more Cloud service certification aims at automatically validating whether a cloud service satisfies a predefined set of requirements. To that end, certification systems collect and evaluate sensitive data from various sources of a cloud service. At the same time, the certification system itself has to be resilient to attacks to generate trustworthy statements about the cloud service. Thus system architects are faced with the task of assessing the trustworthiness of different certification system designs. To cope with that challenge, we propose a method to model different architecture variants of cloud service certification systems and analyze threats these systems face. By applying our method to a specific cloud service certification system, we show how threats to such systems can be derived in a standardized way that allows us to evaluate different architecture configurations.

Sichere Bluetooth-Kommunikation in Ad-hoc-Situationen

ABSTRACT Bluetooth hat sich zur drahtlosen Datenübertragung auf kurzen Distanzen durchge setzt un... more ABSTRACT Bluetooth hat sich zur drahtlosen Datenübertragung auf kurzen Distanzen durchge setzt und dient dabei vor allem dem Datenaustausch zwischen mobilen Endgeräten. Durch die Verwendung von Handys und PDAs in Geschäftsanwendungen werden zunehm end sensible Daten über Bluetooth übertragen. Dabei werden Geräte nicht dauerha ft miteinander verbunden, sondern vernetzen sich nur kurzzeitig, um Daten ausz utauschen. In solchen Ad-hoc-Situationen ergeben sich einige Sicherheitsproblem e: Wie kann die Authentizität der Daten gesichert werden? Wie können Unbefugte daran gehindert werden, die Übertragung zu verfälschen oder mitzulesen? Wie kan n man die Übertragung sichern und gleichzeitig den Aufwand für die Benutzer mö glichst gering halten? Der Autor Julian Schütte gibt zunächst einen detailliert en Überblick über diese Probleme. Anhand dieser Anforderungen untersucht er die Schwächen bestehender Sicherheitsmechanismen und stellt Angriffe auf die Blue tooth-Sicherheit vor. Anschließend entwickelt er einen Ansatz zur sicheren Blue tooth-Kommunikation, der diese Schwächen ausgleicht. Das Buch richtet sich an a lle Personen aus dem IT-Sicherheitsumfeld: Administratoren, Berater, Forschende und Benutzer.

Apollon: Towards a Modular Semantic Policy Framework for Pervasive Systems

With increasing complexity of distributed systems, the ability to control access rights and secur... more With increasing complexity of distributed systems, the ability to control access rights and security settings becomes more and more critical. Especially pervasive systems, with ad-hoc-connectivity and semantic discovery of services, are a challenging environment when it comes to managing their security. Most policy frameworks come with a pre-defined policy model whose expressiveness can usually not be extended and is thus not adaptable to the high-level security model of an application. In order to overcome these limitations we designed Apollon, a policy framework featuring a modular policy model which can be extended or reduced as required by an application. While the policy model itself is formalized in Description Logics (DL), Apollon uses a hybrid decision engine which allows to combine DL-based reasoning with dedicated decision plugins. In this paper, we present the software architecture of Apollon, introduce a basic attribute-based policy model and show how further models, suc...

Apparecium: Revealing Data Flows in Android Applications

2015 IEEE 29th International Conference on Advanced Information Networking and Applications, 2015

With Android applications processing not only personal but also business-critical data, efficient... more With Android applications processing not only personal but also business-critical data, efficient and precise data flow analysis has become a major technique to detect apps handling critical data in unwanted ways. Although data flow analysis in general is a thoroughly researched topic, the event-driven lifecycle model of Android has its own challenges and practical application requires for reliable and efficient analysis techniques. In this paper we present Apparecium, a tool to reveal data flows in Android applications. Apparecium has conceptual differences to other techniques, and can be used to find arbitrary data flows inside Android applications. Details about the used techniques and the differences to existing data flow analysis tools are presented, as well as an evaluation against the data flow analysis framework FlowDroid.

NFC? Aber sicher

Datenschutz und Datensicherheit - DuD, 2014

ABSTRACT Mit Ausnahme von Apples iPhone zählt NFC mittlerweile zur Grundausstattung jedes High-En... more ABSTRACT Mit Ausnahme von Apples iPhone zählt NFC mittlerweile zur Grundausstattung jedes High-End-Smartphone und neue Anwendungen wie Mobile Payment halten derzeit Einzug. Doch das so praktische Bezahlen mit dem Smartphone hat auch Tücken. NFC bietet keinerlei Sicherheitsmechanismen und Apps sind leicht anzugreifen. Schon zeichnet sich eine ganze Reihe neuer Angriffsszenarien ab. Verschiedene Sicherheitsmechanismen können Abhilfe schaffen, doch ihr Einsatz hat sowohl technische, als auch organisatorische Hürden.

Towards Semantic Resolution of Security in

WebEye - Automated Collection of Malicious HTTP Traffic

arXiv (Cornell University), Feb 16, 2018

With malware detection techniques increasingly adopting machine learning approaches, the creation... more With malware detection techniques increasingly adopting machine learning approaches, the creation of precise training sets becomes more and more important. Large data sets of realistic web traffic, correctly classified as benign or malicious are needed, not only to train classic and deep learning algorithms, but also to serve as evaluation benchmarks for existing malware detection products. Interestingly, despite the vast number and versatility of threats a user may encounter when browsing the web, actual malicious content is often hard to come by, since prerequisites such as browser and operating system type and version must be met in order to receive the payload from a malware distributing server. In combination with privacy constraints on data sets of actual user traffic, it is difficult for researchers and product developers to evaluate anti-malware solutions against largescale data sets of realistic web traffic. In this paper we present WebEye, a framework that autonomously creates realistic HTTP traffic, enriches recorded traffic with additional information, and classifies records as malicious or benign, using different classifiers. We are using WebEye to collect malicious HTML and JavaScript and show how datasets created with WebEye can be used to train machine learning based malware detection algorithms. We regard WebEye and the data sets it creates as a tool for researchers and product developers to evaluate and improve their AI-based anti-malware solutions against large-scale benchmarks.

A taxonomy-based approach for security in software-defined networking

2017 IEEE International Conference on Communications (ICC), 2017

Software Defined Networking (SDN) promises to abstract hardware and hard-wired network topologies... more Software Defined Networking (SDN) promises to abstract hardware and hard-wired network topologies in favor of programmable dynamic infrastructures. However, especially features like multi-tenancy require for new ways to ensure that access to critical network resources are restricted to trusted applications and users. The challenge here is that these entities are not necessarily known at the time of planning and setup, but are rather added dynamically to the network at runtime. Controlling access to northbound interfaces of SDN controllers thus requires for new ways to express access control policies which are able to cope with this degree of complexity and abstraction. We thus introduce a taxonomy-based policy engine, which allows the definition of fine-grained security policies based on a first-order logic description of the network environment. We describe the taxonomy structure and show how it can be used in a Prolog-based policy engine to protect a secure SDN northbound interface developed in previous work. By evaluating the implementation in a virtual SDN environment, we found the performance overhead of our approach to be tolerable.

A Case for IoT Security Assurance

Internet of Things, 2017

Today the proliferation of ubiquitous devices interacting with the external environment and conne... more Today the proliferation of ubiquitous devices interacting with the external environment and connected by means of wired/wireless communication technologies points to the definition of a new vision of ICT called Internet of Things (IoT). In IoT, sensors and actuators, possibly embedded in more powerful devices, such as smartphones, interact with the surrounding environment. They collect information and supply it across networks to platforms where IoT applications are built. IoT services are then made available to final customers through these platforms. Needless to say, IoT scenario revolutionizes the concept of security, which becomes even more critical than before. Security protection must consider millions of devices that are under control of external entities, freshness and integrity of data that are produced by the latter devices, and heterogeneous environments and contexts that co-exist in the same IoT environment. These aspects make the need of a systematic way of assessing the quality and security of IoT systems evident, introducing the need of rethinking existing assurance methods to fit the IoT-based services. In this chapter, we discuss and analyze challenges in the design and development of assurance methods in IoT, focusing on traditional CIA properties, and provide a first process for the development of continuous assurance methods for IoT services. We also design a conceptual framework for IoT security assurance evaluation.

reclaimID: Secure, Self-Sovereign Identities Using Name Systems and Attribute-Based Encryption

2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018

In this paper we present reclaimID: An architecture that allows users to reclaim their digital id... more In this paper we present reclaimID: An architecture that allows users to reclaim their digital identities by securely sharing identity attributes without the need for a centralised service provider. We propose a design where user attributes are stored in and shared over a name system under user-owned namespaces. Attributes are encrypted using attribute-based encryption (ABE), allowing the user to selectively authorize and revoke access of requesting parties to subsets of his attributes. We present an implementation based on the decentralised GNU Name System (GNS) in combination with ciphertext-policy ABE using type-1 pairings. To show the practicality of our implementation, we carried out experimental evaluations of selected implementation aspects including attribute resolution performance. Finally, we show that our design can be used as a standard OpenID Connect Identity Provider allowing our implementation to be integrated into standard-compliant services. Index Terms-identity and access management, peer-to-peer, privacy, decentralisation, name systems, attribute-based encryption

BDABE - Blockchain-based Distributed Attribute based Encryption

Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, 2018

Attribute Based Encryption (ABE) denotes asymmetric cryptographic schemes where key pairs are cre... more Attribute Based Encryption (ABE) denotes asymmetric cryptographic schemes where key pairs are created for attribute owners and often applied to realize a fine-grained, cryptographic access control mechanism for outsourced data. Despite the benefits of ABE systems, there are still drawbacks when ABE systems are transformed into real world applications. Mainly, ABE systems suffer from non-efficiency or non-existence of revocation mechanisms and user key coordination problems. By introducing a consensus driven approach, we try to mitigate these issues in distributed systems. In this paper, we propose a collaborative attribute management protocol for Ciphertext-policy attribute-based encryption (CP-ABE) schemes based on our own scheme called a Blockchain-based Distributed Attribute Based Encryption (BDABE) scheme. Our construction realizes distributed issue, storage and revocation of private attribute keys by adding a consensus driven infrastructure, a blockchain. We enhance both security and efficiency of key management in distributed CP-ABE systems for the application of cloud data sharing.

cipherPath: Efficient Traversals over Homomorphically Encrypted Paths

We propose cipherPath, a novel graph encryption scheme that enables exact shortest distance queri... more We propose cipherPath, a novel graph encryption scheme that enables exact shortest distance queries on encrypted graphs. Shortest distance queries are very useful in a vast number of applications, including medical, social or geospatial. Our approach using somewhat homomorphic encryption in combination with structured encryption enables exact shortest distance queries on outsourced and encrypted graph data. Our approach upholds provable security against a semi-honest provider. We demonstrate our framework by means of two different shortest path algorithms on encrypted graphs: Dijkstra and Floyd. Finally, we evaluate the leakage profile of cipherPath.

Der Trusted Connector im Industrial Data Space

ArXiv, 2018

Digitalization affects all industrial domains and causes disruption of various business models. E... more Digitalization affects all industrial domains and causes disruption of various business models. Especially in domains such as logistics and manufacturing, inter-connected devices and near-realtime exchange of sensor data across enterprises allows to speed up processes, reduce costs and respond to customer's needs. However, the advent of the Industrial Internet of Things (IIoT) also raises challenges with respect to security and privacy of sensitive and personal data that is created by sensors and processed by services hosted in different administrative domains. The Industrial Data Space initiative addresses these challenges and proposes a secure edge gateway platform named "Trusted Connector". In this report, we introduce the main security building blocks of the Trusted Connector and point out how they help protecting business-critical data and preserving the user's privacy.

Blockchain for Education: Lifelong Learning Passport

ERCIM News, 2020

Certificates play an important role in education and in professional development in companies. In... more Certificates play an important role in education and in professional development in companies. Individual learning records become essential for people’s professional careers. It is therefore important that these records are stored in longterm available and tamper-proof ledgers. A blockchain records transactions in a verifiable and permanent way, therefore it is very suitable to store fingerprints of certificates or other educational items. Blockchain reveals forgery of certificates and it supports learning histories. In this paper, we present the Blockchain for Education platform as a practical solution for issuing, validating and sharing of certificates. At first, we describe the conceptual system overview and then we present in detail the platform implementation including management of certification authorities and certificates, smart contracts as well as services for certifiers, learners and third parties such as employers. Finally, we describe use cases and first evaluation resu...

Blockchain and smart contracts : Technologies, research issues and applications

LUCON: Data Flow Control for Message-Based IoT Systems

2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018

Today's emerging Industrial Internet of Things (IIoT) scenarios are characterized by the exchange... more Today's emerging Industrial Internet of Things (IIoT) scenarios are characterized by the exchange of data between services across enterprises. Traditional access and usage control mechanisms are only able to determine if data may be used by a subject, but lack an understanding of how it may be used. The ability to control the way how data is processed is however crucial for enterprises to guarantee (and provide evidence of) compliant processing of critical data, as well as for users who need to control if their private data may be analyzed or linked with additional information-a major concern in IoT applications processing personal information. In this paper, we introduce LUCON, a data-centric security policy framework for distributed systems that considers data flows by controlling how messages may be routed across services and how they are combined and processed. LUCON policies prevent information leaks, bind data usage to obligations, and enforce data flows across services. Policy enforcement is based on a dynamic taint analysis at runtime and an upfront static verification of message routes against policies. We discuss the semantics of these two complementing enforcement models and illustrate how LUCON policies are compiled from a simple policy language into a first-order logic representation. We demonstrate the practical application of LUCON in a realworld IoT middleware and discuss its integration into Apache Camel. Finally, we evaluate the runtime impact of LUCON and discuss performance and scalability aspects.

Towards Tracking Data Flows in Cloud Architectures

2020 IEEE 13th International Conference on Cloud Computing (CLOUD), 2020

As cloud services become central in an increasing number of applications, they process and store ... more As cloud services become central in an increasing number of applications, they process and store more personal and business-critical data. At the same time, privacy and compliance regulations such as GDPR, the EU ePrivacy regulation, PCI, and the upcoming EU Cybersecurity Act raise the bar for secure processing and traceability of critical data. Especially the demand to provide information about existing data records of an individual and the ability to delete them on demand is central in privacy regulations. Common to these requirements is that cloud providers must be able to track data as it flows across the different services to ensure that it never moves outside of the legitimate realm, and it is known at all times where a specific copy of a record that belongs to a specific individual or business process is located. However, current cloud architectures do neither provide the means to holistically track data flows across different services nor to enforce policies on data flows. In this paper, we point out the deficits in the data flow tracking functionalities of major cloud providers by means of a set of practical experiments. We then generalize from these experiments introducing a generic architecture that aims at solving the problem of cloud-wide data flow tracking and show how it can be built in a Kubernetes-based prototype implementation.

ZKlaims: Privacy-preserving Attribute-based Credentials using Non-interactive Zero-knowledge Techniques

Proceedings of the 16th International Joint Conference on e-Business and Telecommunications, 2019

In this paper we present ZKlaims: a system that allows users to present attribute-based credentia... more In this paper we present ZKlaims: a system that allows users to present attribute-based credentials in a privacypreserving way. We achieve a zero-knowledge property on the basis of Succinct Non-interactive Arguments of Knowledge (SNARKs). ZKlaims allow users to prove statements on credentials issued by trusted third parties. The credential contents are never revealed to the verifier as part of the proving process. Further, ZKlaims can be presented non-interactively, mitigating the need for interactive proofs between the user and the verifier. This allows ZKlaims to be exchanged via fully decentralized services and storages such as traditional peerto-peer networks based on distributed hash tables (DHTs) or even blockchains. To show this, we include a performance evaluation of ZKlaims and show how it can be integrated in decentralized identity provider services.

Annotary: A Concolic Execution System for Developing Secure Smart Contracts

Lecture Notes in Computer Science, 2019

Ethereum smart contracts are executable programs, deployed on a peer-to-peer network and executed... more Ethereum smart contracts are executable programs, deployed on a peer-to-peer network and executed in a consensus-based fashion. Their bytecode is public, immutable and once deployed to the blockchain, cannot be patched anymore. As smart contracts may hold Ether worth of several million dollars, they are attractive targets for attackers and indeed some contracts have successfully been exploited in the recent past, resulting in tremendous financial losses. The correctness of smart contracts is thus of utmost importance. While first approaches on formal verification exist, they demand users to be well-versed in formal methods which are alien to many developers and are only able to analyze individual contracts, without considering their execution environment, i.e., calls to external contracts, sequences of transaction, and values from the actual blockchain storage. In this paper, we present Annotary, a concolic execution framework to analyze smart contracts for vulnerabilities, supported by annotations which developers write directly in the Solidity source code. In contrast to existing work, Annotary supports analysis of inter-transactional, inter-contract control flows and combines symbolic execution of EVM bytecode with a resolution of concrete values from the public Ethereum blockchain. While the analysis of Annotary tends to weight precision higher than soundness, we analyze inter-transactional call chains to eliminate false positives from unreachable states that traditional symbolic execution would not be able to handle. We present the annotation and analysis concepts of Annotary, explain its implementation on top of the Laser symbolic virtual machine, and demonstrate its usage as a plugin for the Sublime Text editor.

Proceedings of the 34th Annual Computer Security Applications Conference, 2018

The capability of executing so-called smart contracts in a decentralised manner is one of the com... more The capability of executing so-called smart contracts in a decentralised manner is one of the compelling features of modern blockchains. Smart contracts are fully fledged programs which cannot be changed once deployed to the blockchain. They typically implement the business logic of distributed apps and carry billions of dollars worth of coins. In that respect, it is imperative that smart contracts are correct and have no vulnerabilities or bugs. However, research has identified different classes of vulnerabilities in smart contracts, some of which led to prominent multi-million dollar fraud cases. In this paper we focus on vulnerabilities related to integer bugs, a class of bugs that is particularly difficult to avoid due to some characteristics of the Ethereum Virtual Machine and the Solidity programming language. In this paper we introduce Osiris-a framework that combines symbolic execution and taint analysis, in order to accurately find integer bugs in Ethereum smart contracts. Osiris detects a greater range of bugs than existing tools, while providing a better specificity of its detection. We have evaluated its performance on a large experimental dataset containing more than 1.2 million smart contracts. We found that 42,108 contracts contain integer bugs. Besides being able to identify several vulnerabilities that have been reported in the past few months, we were also able to identify a yet unknown critical vulnerability in a couple of smart contracts that are currently deployed on the Ethereum blockchain. CCS CONCEPTS • Security and privacy → Domain-specific security and privacy architectures; Software security engineering; Logic and verification;

Generating Threat Profiles for Cloud Service Certification Systems

2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE), 2016

Cloud service certification aims at automatically validating whether a cloud service satisfies a ... more Cloud service certification aims at automatically validating whether a cloud service satisfies a predefined set of requirements. To that end, certification systems collect and evaluate sensitive data from various sources of a cloud service. At the same time, the certification system itself has to be resilient to attacks to generate trustworthy statements about the cloud service. Thus system architects are faced with the task of assessing the trustworthiness of different certification system designs. To cope with that challenge, we propose a method to model different architecture variants of cloud service certification systems and analyze threats these systems face. By applying our method to a specific cloud service certification system, we show how threats to such systems can be derived in a standardized way that allows us to evaluate different architecture configurations.

Sichere Bluetooth-Kommunikation in Ad-hoc-Situationen

ABSTRACT Bluetooth hat sich zur drahtlosen Datenübertragung auf kurzen Distanzen durchge setzt un... more ABSTRACT Bluetooth hat sich zur drahtlosen Datenübertragung auf kurzen Distanzen durchge setzt und dient dabei vor allem dem Datenaustausch zwischen mobilen Endgeräten. Durch die Verwendung von Handys und PDAs in Geschäftsanwendungen werden zunehm end sensible Daten über Bluetooth übertragen. Dabei werden Geräte nicht dauerha ft miteinander verbunden, sondern vernetzen sich nur kurzzeitig, um Daten ausz utauschen. In solchen Ad-hoc-Situationen ergeben sich einige Sicherheitsproblem e: Wie kann die Authentizität der Daten gesichert werden? Wie können Unbefugte daran gehindert werden, die Übertragung zu verfälschen oder mitzulesen? Wie kan n man die Übertragung sichern und gleichzeitig den Aufwand für die Benutzer mö glichst gering halten? Der Autor Julian Schütte gibt zunächst einen detailliert en Überblick über diese Probleme. Anhand dieser Anforderungen untersucht er die Schwächen bestehender Sicherheitsmechanismen und stellt Angriffe auf die Blue tooth-Sicherheit vor. Anschließend entwickelt er einen Ansatz zur sicheren Blue tooth-Kommunikation, der diese Schwächen ausgleicht. Das Buch richtet sich an a lle Personen aus dem IT-Sicherheitsumfeld: Administratoren, Berater, Forschende und Benutzer.

Apollon: Towards a Modular Semantic Policy Framework for Pervasive Systems

With increasing complexity of distributed systems, the ability to control access rights and secur... more With increasing complexity of distributed systems, the ability to control access rights and security settings becomes more and more critical. Especially pervasive systems, with ad-hoc-connectivity and semantic discovery of services, are a challenging environment when it comes to managing their security. Most policy frameworks come with a pre-defined policy model whose expressiveness can usually not be extended and is thus not adaptable to the high-level security model of an application. In order to overcome these limitations we designed Apollon, a policy framework featuring a modular policy model which can be extended or reduced as required by an application. While the policy model itself is formalized in Description Logics (DL), Apollon uses a hybrid decision engine which allows to combine DL-based reasoning with dedicated decision plugins. In this paper, we present the software architecture of Apollon, introduce a basic attribute-based policy model and show how further models, suc...

Apparecium: Revealing Data Flows in Android Applications

2015 IEEE 29th International Conference on Advanced Information Networking and Applications, 2015

With Android applications processing not only personal but also business-critical data, efficient... more With Android applications processing not only personal but also business-critical data, efficient and precise data flow analysis has become a major technique to detect apps handling critical data in unwanted ways. Although data flow analysis in general is a thoroughly researched topic, the event-driven lifecycle model of Android has its own challenges and practical application requires for reliable and efficient analysis techniques. In this paper we present Apparecium, a tool to reveal data flows in Android applications. Apparecium has conceptual differences to other techniques, and can be used to find arbitrary data flows inside Android applications. Details about the used techniques and the differences to existing data flow analysis tools are presented, as well as an evaluation against the data flow analysis framework FlowDroid.

NFC? Aber sicher

Datenschutz und Datensicherheit - DuD, 2014

ABSTRACT Mit Ausnahme von Apples iPhone zählt NFC mittlerweile zur Grundausstattung jedes High-En... more ABSTRACT Mit Ausnahme von Apples iPhone zählt NFC mittlerweile zur Grundausstattung jedes High-End-Smartphone und neue Anwendungen wie Mobile Payment halten derzeit Einzug. Doch das so praktische Bezahlen mit dem Smartphone hat auch Tücken. NFC bietet keinerlei Sicherheitsmechanismen und Apps sind leicht anzugreifen. Schon zeichnet sich eine ganze Reihe neuer Angriffsszenarien ab. Verschiedene Sicherheitsmechanismen können Abhilfe schaffen, doch ihr Einsatz hat sowohl technische, als auch organisatorische Hürden.

Towards Semantic Resolution of Security in