05 Fakultät Informatik, Elektrotechnik und Informationstechnik

Permanent URI for this collectionhttps://elib.uni-stuttgart.de/handle/11682/6

Browse

Filters

2020 - 202418

Settings

Start date: 2020Publication Type: search.filters.UBSTyp.Abschlussarbeit (Master)Institute: search.filters.UBSInstitut.Institut für Informationssicherheit

Search Results

Now showing 1 - 10 of 18
  • Thumbnail Image
    ItemOpen Access
    Verifiable tally-hiding E-voting with fully homomorphic encryption
    (2020) Hasler, Sebastian
    An E-voting system is end-to-end verifiable if arbitrary external parties can check whether the result of the election is correct or not. It is tally-hiding if it does not disclose the full election result but rather only the relevant information, such as e.g. the winner of the election. In this thesis we pursue the goal of constructing an end-to-end verifiable tally-hiding E-voting system using fully homomorphic encryption. First we construct an alteration of the GSW levelled fully homomorphic encryption scheme based on the learning with errors over rings assumption. We utilize a key homomorphic property of this scheme in order to augment the scheme by a distributed key generation and distributed decryption. This leads to a passively secure 4-round multi-party computation protocol in the common random string model that can evaluate arithmetic circuits of arbitrary size. The complexity of this protocol is quasi-linear in the number of parties, polynomial in the security parameter and polynomial in the size of the circuit. By using Fiat-Shamir-transformed discrete-log-based zero-knowledge proofs we achieve security against active adversaries in the random oracle model while preserving the number of 4 rounds. Based on this actively secure protocol we construct an end-to-end verifiable tally-hiding E-voting system that has quasi-linear time complexity in the number of voters.
  • Thumbnail Image
    ItemOpen Access
    Critical infrastructure security in the age of cyberwarfare
    (2023) Sliwa, Robin
    Our modern critical infrastructure of the 21st century is not only digited; it is also more interconnected than ever before. While this progress has provided many improvements in efficiency, functionality and maintainability, it also introduced new attack vectors. It subsequently has become a target for coordinated attacks by cybercriminal and government-affiliated hacking groups. Especially current circumstances such as the Russian invasion of Ukraine have made the protection of critical infrastructure a central topic of (inter-)national security. This thesis provides an overview over critical infrastructure security in the context of cybersecurity. To that end, modern critical infrastructure is introduced and put in the context of legislative frameworks through the lens of European Union regulations. The central part of this thesis explores landmark attacks and incidents in form of Stuxnet and NotPetya. Followed by this, the adversaries behind such attacks and the resources available by them are analyzed; correspondingly, potential countermeasures and paths to enhanced cybersecurity are introduced. Overall, this thesis finds that critical infrastructure cybersecurity requires a much higher priority by public and private organizations. More than that, it suggests the pursuit of more holistic approaches over isolated measures - and a consideration of cybersecurity implications during all stages of business design and operation.
  • Thumbnail Image
    ItemOpen Access
    Analysis of selected cryptographic protocols with DY*
    (2023) Holderbach, Samuel
    DY* is a framework implemented in the proof-oriented programming language F*, aiming at symbolic analysis of cryptographic protocols on the structural and on the implementation level. In this master's thesis, we analyse three selected authentication and key exchange protocols with DY*: the Otway-Rees protocol, the Yahalom protocol and the Denning-Sacco protocol with public keys. Each of these protocols is designed to establish a secure channel between two users while involving a trusted third party in the authentication process. The Otway-Rees and Yahalom protocols rely on pre-shared symmetric keys with this trusted third party, while the Denning-Sacco protocol relies on digital signatures and public key encryption. In addition, the Denning-Sacco protocol proposes the use of timestamps in messages to provide users with guarantees about the timeliness of the conversation, a protocol feature that has not yet been attempted to be modeled and analyzed in DY*. We developed accurate models for each of the three protocols in DY*, documented possible attacks and proposed improvements to prevent them, and finally proved the security of the protocol or its improved version. We found several attacks on the Otway-Rees protocol that allow an adversary to impersonate one or possibly both of the users involved in the protocol, and based on these attacks, presented improvements to prevent them. For the Yahalom protocol, we show that it satisfies security goals derived from its formal specification, and draw parallels to other approaches with similar results. We also comment on the differences between our results and those of other analyses that describe the Yahalom protocol as flawed. Moreover, we developed an extension to DY* for modeling time-based properties of protocols with timestamps and demonstrated it on the Denning-Sacco protocol. As a result, we provide the first symbolic security proof, including timestamp-dependent security properties, of the Denning-Sacco protocol in DY*.
  • Thumbnail Image
    ItemOpen Access
    OpenID for Verifiable Credentials : formal security analysis using the Web Infrastructure Model
    (2023) Hauck, Fabian
    In our increasingly connected world, digital identities play a fundamental role in delivering secure online services around the globe. To enable the seamless exchange of identification data among various entities, the adoption of standardized protocols is essential. The protocol family OpenID for Verifiable Credentials (OID4VC) is ideally suited for exchanging identities. The two most important protocols in this family are OpenID for Verifiable Credential Issuance (OID4VCI) and OpenID for Verifiable Presentations (OID4VP) with a wide range of applications in e-government as well as in the private sector. A prominent example is the European Digital Identity Framework, which includes these two protocols, among others. This means that any future wallet in the European Union will implement OID4VCI and OID4VP. Therefore, it is extremely important to guarantee their security. This thesis performs a rigorous formal security analysis of both the OpenID for Verifiable Credential Issuance and the OpenID for Verifiable Presentations protocols. In particular, we focus on analyzing the security of both protocols when they interact in an ecosystem. It is not sufficient to consider the two protocols separately, because the interaction between them may introduce new vulnerabilities. Therefore, the formal model created in this thesis models both protocols simultaneously. The model is based on the Web Infrastructure Model (WIM), which closely follows existing web technologies. To describe what security means in this context, we define an authentication security property and a session integrity security property for OID4VCI and OID4VP. We prove that the model is secure with respect to the security properties under the assumption of a vigilant user. If this assumption is violated, we have discovered a number of attacks. This work makes several contributions to the protocol specifications: First, the discovered vulnera- bilities were brought to the attention of the working group. Second, several issues were filed to improve the quality and security of the specifications. Lastly, we engaged in ongoing discussions on related issues.
  • Thumbnail Image
    ItemOpen Access
    Sicherheit in Gitter-basierten Kryptosystemen
    (2021) Schwab, Jonas
    In dieser Arbeit wird das Commitment-Verfahren von Baum et al.[1] betrachtet und ein ausführlicher Reduktionsbeweis der Binding-Eigenschaft angegeben. Dafür wird das SIS-Problem, ähnlich wie von Langlois et al.[4] auf die Sicherheit von Gitterproblemen zurückgeführt. Zudem werden mögliche Angriffe auf das Commitment-Verfahren angegeben und die resultierenden Sicherheitsgarantien beschrieben.
  • Thumbnail Image
    ItemOpen Access
    Host firewall on AUTOSAR Adaptive based vehicle computers & domain ECUs
    (2022) Schneider, Eric
    Setting up firewalls without additional tooling can be inefficient and complicated. In this paper a prototype will be presented that allows the configuration of an ECU host firewall based on a well defined configuration file. This firewall is designed to run on vehicle computers and smart components inside cars that run the AUTOSAR Adaptive platform. The goal is to simplify firewall setup to secure these components against malicious traffic in the network and to prevent attack vectors that try to exploit physical access to the system. The presented prototype will be using nftables and the netfilter subsystem to set up both stateless and stateful filtering rules for both incoming and forwarded traffic. Packet inspection will also be evaluated in this context and approaches to filtering of the high level SOME/IP protocol will be presented. Example rulesets for both regular ECUs that are running the AUTOSAR Adaptive platform as well as an example for network separation will be provided. A short introduction to the AUTOSAR IAM concept will be given along with a comparison between it and the presented Firewall concept will be drawn. Keywords: AUTOSAR Adaptive Platform, Firewall, IAM, WSL2
  • Thumbnail Image
    ItemOpen Access
    Efficient federated learning for gaze estimation
    (2023) Kittelberger, Jonas
    Gaze estimation is the task of deciding for given face images, in which direction people are looking. It is particularly useful for various applications including psychological analysis, authentication, and eye tracking in the context of virtual or augmented reality. To reduce the error of the predictions of gaze estimators, the training data should be collected from a large number of users to ensure the ability of the model to generalize correctly during the inference phase. However, the large data collection requirements conflict with privacy concerns. Building on existing federated learning approaches, this project aims to increase the efficiency of the training process. Hence, (i) we split the model into a part owned by the client and another part owned by a server. This results in strong data protection properties as well as model privacy. In addition, only a part of the model has to be stored and run by each client leading to decreasing computational effort for the typically substantially resource-constrained clients. (ii) We further train the gaze estimation model in an unsupervised fashion and (iii) prune the model weights to enhance the training efficiency. Furthermore, we extend our approach with several privacy-preserving techniques, e.g. Multi-Party Computation (MPC) and Differential Privacy (DP) mechanisms. We empirically demonstrate the effectiveness of these mechanisms with an implemented attack on our system. Our experiments show that our implemented system manages to predict gaze angles with an average deviation of less than 6.5 degrees from the actual angle in about 10 minutes and thus outperforms other privacy-preserving gaze estimators.
  • Thumbnail Image
    ItemOpen Access
    Pairing Based Cryptography
    (2022) Koch, Daniel
    In dieser Masterarbeit untersuchen wir Pairings auf elliptischen Kurven, deren Anwendung in der Kryptographie und deren Berechnung. Pairings sind bestimmte bilineare Funktionen zwischen Gruppen, wobei wir solche Abbildungen insbesondere für die Gruppe der Punkte elliptischer Kurven finden können. Beide diese Begriffe werden in dieser Arbeit eingeführt. Diese Funktionen können für kryptographische Anwendungen, insbesondere für den Schlüsselaustausch, die digitale Signatur und Identity based Cryptography genutzt werden. Um Pairings für diese Zwecke nutzbar machen zu können, stellen wir zwei Algorithmen zur Berechnung der Pairings vor.
  • Thumbnail Image
    ItemOpen Access
    Secure distributed paillier key generation with application to the Ordinos e-voting system
    (2020) Truger, Felix
    Ordinos is a novel verifiable tally-hiding e-voting system. At its heart, a homomorphic encryption scheme and secure multi-party computation (MPC) are used to tally votes and securely determine the voting result, without necessarily revealing the full tally (e.g., the number of votes per candidate)The proof of concept implementation of Ordinos is based on a threshold variant of the Paillier encryption scheme and two MPC protocols for the comparison of encrypted numbers (greater-than and equality). Due to the threshold construction, the decryption key is shared among a set of trustees. The MPC protocols for comparison require precomputed encrypted randomness of certain shape. Formerly, a trusted party was employed to generate the key shares and randomness and distribute them to the trustees. In this thesis, the trusted party was replaced by MPC protocols that allow to generate the key shares and randomness among the trustees. The protocols provide security against malicious parties in the honest-majority setting. The key generation follows a proposal by Nishide and Sakurai (2010) that is based on verifiable secret sharings and zero-knowledge proofs for committed values. We introduce a few adaptations to reduce its runtime using mostly standard techniques. The generation of randomness is based on the Paillier encryption scheme as an arithmetic black box and standard zero-knowledge proofs for Paillier encrypted values. The protocols were implemented and their performance was evaluated in a local network. Most notablythe implemented key generation protocol for threshold Paillier showed an expected average runtime around 95 minutes for generating 2048-bit keys among 3 trustees with a threshold of 2. Since existing implementations provide security only in the semi-honest setting, this is the first time that an approach with security against malicious parties was implemented and evaluated. Overall, the distributed generation of both key shares and randomness takes considerably more time compared to the use of a trusted party, but avoids security risks and trust problems that occur with trusted parties.
  • Thumbnail Image
    ItemOpen Access
    Design of an Android App2App redirect flow for the FAPI 2.0 standard
    (2020) Stötzner, Miles
    OAuth 2.0 Authorization Framework (OAuth 2.0) is an authorization framework used to grant third parties access to resources. OpenID Financial-grade API 2.0 (FAPI 2.0) is a profile for OAuth 2.0 with the goal to reach the security requirements of the financial sector. These requirements contain for example the assumption that an access token might leak to an attacker and that some endpoints are misconfigured due to social engineering attacks. We present a design proposal for a redirect flow for FAPI 2.0 between two Android applications, the client and the auth app. A typical case of usage would be a financial wallet application, the client, that redirects the user to a banking app, the auth app, in order to authorize a financial transaction. Our main goal is to securely redirect the user between the client and the auth app using today's technologies. We require integrity, confidentiality, source authentication and target authentication when redirecting the user. Roughly speaking, this means that the user is redirected from the correct source app to the correct target app and that no attacker is able to read or write the sent data. The secure redirect is achieved by mutually authenticating the intent receiver and sender as well as by using a result callback. Authentication is based on comparing package signing certificates. The motivation for a secured redirect is to mitigate attacks as soon as possible as a defense-in-depth. The secured redirect can not only be applied to OAuth 2.0 but can be used to secure other scenarios. Our proposal further defines the registration process for clients and auth apps. Considering this, we present the OAuth Integrity Attestation which ensures that only the correct applications running on an untampered device can register and that generated keys are hardware-backed. The OAuth Integrity Attestation contains e.g. a SafetyNet attestation and key attestations. Furthermore, we define the communication between the auth app and the corresponding backend, the authorization server, for interoperability, and security reasons. To show the feasibility of our proposal we implemented the advanced profile in the context of a digital wallet app and a banking app. A user is able to link his bank account and to authorize financial transactions. Additionally, we implemented a malicious app that attacks the user redirect. We discuss the security of our proposal with respect to our attacker model and list identified vulnerabilities. Our attacker model is based on the attacker model defined by FAPI 2.0 and extended by multiple assumptions and attacker capabilities. The additional attacker capabilities include e.g. that the client uses a misconfigured auth app and that the auth app might have some misconfigured endpoints. The motivation for these attacker capabilities are social engineering attacks. We also mitigate known problems with FAPI 1.0 that also apply to FAPI 2.0. One of the identified vulnerabilities is that a physical attacker with knowledge of the device credentials can access the same resources which a client has access to.