Research and teaching activities in the CrySyS Lab
Levente Buttyán
Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology and Economics
Department of Telecommunications www.crysys.hu
January 2012
Current members
faculty:
– Boldizsár Bencsáth, PhD, Assistant Professor
– Levente Buttyán, PhD, Associate Professor (head of the lab) – Márk Félegyházi, PhD, Assistant Professor
– István Vajda, DSc, Professor post doc researcher:
– Amit Dvir, PhD
PhD candidates and PhD students:
– Tamás Holczer (privacy in RFID systems, vehicular networks, sensor networks)
– Gergely Kótyuk(privacy in social networks, applications of machine learning)
– Áron Lászka(robustness of network toplogies, optimization problems)
– Gábor Pék (security of virtualized systems, code attestation, malware analysis)
– Ta Vinh Thong(formal verification of security protocols)
+ students working on diploma and semester projects
Laboratory of Cryptography and System Security 3
CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu
Mission
internationally recognized, high quality research on security and privacy in computer networks and systems
– problem driven, project oriented research we are committed to establish and participate in R&D projects, in which we collaborate with industrial and other academic partners
teaching network and system security, privacy, and cryptography in the context of university courses, laboratory exercises, and student semester projects provision of consulting services without compromising
the general academic objectives
Research areas
embedded wireless networks
(sensors and alike)
operating systems
“Future Internet”
security protocols privacy enhancing techniques
security issues in virtualization security of mobile platforms (eg. android) code
attestation
cyber insurance and risk management
privacy in mobile social networks
DNS economics
SPAM economics trust and reputation in security defense
malware analysis
proactive blacklisting
Laboratory of Cryptography and System Security 5
CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu
Overview of projects
2006 2007 2008 2009 2010 2011 2012 2013
national EU FP7
EU FP6 UbiSecSens
SeVeCom
BIONETS DESEREC
EU-MESH WSAN4CIP
Privacy for Smart Spaces Privacy for Urban sensing internal projects CHIRON
EU ARTEMIS EIT ICT Labs
Project highlights
SeVeCom– Secure Vehicle Communications (www.sevecom.org)
(EU STREP , supervised by L. Buttyan)
UbiSec&Sens– Ubiquitous Sensing and Security (www.ist-ubisecsens.org)
(EU STREP , supervised by L. Buttyan)
WSAN4CIP– Wireless Sensor Networks for Critical Infrastructure Protection
(EU STREP, supervised by L. Buttyan)
EU-MESH –Enhanced, Ubiquitous, and Dependable Broadband Access using MESH Networks (www.eu-mesh.eu)
(EU STREP, supervised by L. Buttyan)
CHIRON– Cyclic and Person Centric Health Management
(ARTEMIS IP, supervised by L. Buttyan and R. Schulz)
Laboratory of Cryptography and System Security 7
CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu
SeVeCom Project
context
– funded by the EC within FP6 (project no. 027795 ) – started in Jan 2006, duration 3 years
objectives
– development of a security architecture for vehicular safety communication systems
• key and identity management for cars, secured communication protocols, location privacy enhancing techniques
– extensive liaison with other related EU and non-EU funded projects
• C2C-CC, CVIS, SAFESPOT, COMeSafety, … partners
– industry: Trialog, Daimler, CR Fiat, Bosch
– academia: EPFL, U Ulm, KU Leuven, BME/HIT/CrySyS more information: www.sevecom.org
UbiSec&Sens Project
context
– funded by the EC within FP6 (project no. 026820 ) – started in Jan 2006, duration 3 years
objectives
– development of a security toolbox for wireless sensor networks
• secure routing and clustering, concealed data aggregation, persistent distributed data storage (TinyPEDS), key management, crypto support (ECC, TinyRNG) – implementation and demonstration
• vineyard monitoring, road condition monitoring, homeland security (in cooperation with the Portuguese police)
partners
– industry: NEC Europe
– academia: RWTH, RU Bohum, Lulea TU, IHP, INRIA, INOV, BME/HIT/CrySyS more information: www.ist-ubisecsens.org
Laboratory of Cryptography and System Security 9
CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu
WSAN4CIP Project
context
– funded by the EC within FP7 – started in Jan 2009, duration 3 years objectives
– investigate the applicability of wireless sensor technology for monitoring critical infrastructures (cost efficiency and large scale surveillance)
– dependable networking and services, secured OS – implementation and demonstration
• monitoring a drinking water distribution system in Frankfurt/Oder,
• monitoring power lines and substations in the Lisbon area of Portugal partners
– industry: NEC Europe, Sirrix AG, Tecnatom SA, FWA, EDP – academia: U Malaga, Lulea TU, IHP, INRIA, INOV, BME/HIT/CrySyS more information: www.wsan4cip.eu
EU-MESH Project
context
– funded by the EC within FP7
– started in Jan 2008, duration 2.5 years objectives
– design and experiment with QoS-aware wireless mesh networks for broadband access to the Internet
– work package on security deals with
• fast mesh client authentication to support seamless hand-over
• secure routing and misbehaving router detection
• secured multipath communications based on IPsec partners
– industry: Proximetry, Ozone, FORTHNET, Thales
– academia: FORTH, CNR Italy, TU Berlin, SUPSI, BME/HIT/CrySyS more information: www.eu-mesh.eu
Laboratory of Cryptography and System Security 11
CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu
CHIRON Project
context
– funded by the ARTEMIS JU (subprogram: person-centric healthcare) – started in Mar 2010, duration 3 years
objectives
– combine state-of-the art technologies and innovative solutions into an integrated framework designed for an effective and person-centric health management along the complete care cycle
– we are working on
• in-door positioning techniques (BME/HIT/MCL)
• security and privacy at the body area sensor network level (BME/HIT/CrySyS) – prevention of traffic analysis
– privacy preserving access control to collected data at the BAN level
partners
– 27 partners from 8 countries
– 7 large enterprises, 7 SMEs, 6 universities (including BME/HIT), 6 research centers, 1 medical institution
more information: www.chiron-project.eu
Current projects
Privacy Preserving Smart Spaces
– EIT ICT Labs activity
– start date: 2012 Jan, duration: 1 year
– privacy in collaborative sensing applications, wireless traffic analysis prevention
Privacy and Incentives in Collaborative Sensing Applications
– subcontractor of Evopro Ltd in a national project
internal projects funded by BME Infokom Innovátor
– gmail encryption with keyword search – collaborative spam filtering
– code attestation of embedded devices – traffic analysis in smart metering systems
Laboratory of Cryptography and System Security 13
CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu
Our sensor network test bed
prototypes developed:
– secure and resilient routing protocols
– implementation of the IETF ROLL routing protocol RPL (Linux, TinyOS) – resilient data aggregation algorithms
– secure and reliable cluster head election protocols – secure and reliable transport protocols
– secure distributed data storage schemes (also for forensics purposes) – crypto toolbox (symmetric key encryption and message integrity algs) ZigBee compatible / TinyOS:
– 4 Crossbow MicaZ motes + programming board – 20 MoteIV TmoteSky motes WiFi / Linux:
– 6 Silex SX-560 wireless embedded modules
Our mesh network test bed
~10 MikroTik Routerboard 153
175MHz, 32MB RAM, 2 GB CF, 3 radio interfaces (802.11a/b/g)
prototypes developed:
– security extensions to the OLSR routing protocol – fast user authentication protocols for seamless handover – IPsec based secure multi-path communication protocol
Laboratory of Cryptography and System Security 15
CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu
International collaborations
EPFL, Switzerland (Prof. Jean-Pierre Hubaux)
University of Twente, The Netherlands (Dr. Frank Kargl)
KTH, Sweden (Prof. Panagiotis Papadimitratos, Prof. György Dán) NEC Laboratories, Germany (Dr. Dirk Westhoff)
IHP, Germany (Prof. Dr. Peter Langendoerfer) INRIA Rhone-Alpes (Dr. Claude Castelluccia)
University of Washington, Seattle (Prof. Radha Poovendran) University of California, Berkeley (Prof. Jean Walrand) ICSI, Berkeley (Prof. Vern Paxson)
University of Münster, Germany (Prof. Rainer Böhme)
…
Teaching
Base course in Computer Networking
– Computer Networking (Info BSc German, Computernetzwerke) (M. Félegyházi)
Base courses in Information Security
– Information Security(Info MSc, Adatbiztonság) (I. Vajda, L. Buttyán, B. Bencsáth)
– Information Security(GaIn MSc, Adatbiztonság) (I. Vajda, L. Buttyán, B. Bencsáth)
Special on Security of Communication Systems
(Hírközlőrendszerek biztonsága MSc informatikus szakirány) – Cryptography and its applications
(Kriptográfia és alkalmazásai) (I. Vajda)
– Security protocols
(Biztonsági protokollok) (L. Buttyán)
– Foundations of secure e-commerce
(A biztonságos elektronikus kereskedelem alapjai) (L. Buttyán)
– Network security in practice
(Hálózatbiztonság a gyakorlatban) (B. Bencsáth)
– Economics of security and privacy
(A biztonság és a privátszféra védelmének közgazdaságtana) (M. Félegyházi)
+ laboratory exercises, semester and diploma projects
(all members)
Laboratory of Cryptography and System Security 17
CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu
Consulting
Hungarian Telecom (T-Com) – security for VoIP systems Budapest Transport Ltd
– security requirements for automated fare collection (electronic ticketing)
NETI
– secure smart card based authentication system evopro
– cryptography for embedded devices ethical hacking
– penetration testing and vulnerability analysis for numerous Hungarian companies
Our latest project: Duqu
Laboratory of Cryptography and System Security 19
CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu
Contributions
discovery, naming, and first analysis of Duqu
– in our 60-page report, we show that Duqu has striking similarities to the infamous Stuxnet worm
– we shared our analysis with major anti-virus vendors and with Microsoft – an anonymized and shortened version of this report was published as an
appendix of the first Symantec report on Duqu identification of the dropper
– MS word document with a 0-day Windows kernel exploit
– we made the dropper available to Symantec that sanitized and shared it with other anti-virus vendors and Microsoft
development and open-source distribution of a Duqu detector toolkit – based on heuristics, follows a different approach than signature based
malware detection
– detects live Duqu instances and remains of an earlier infection by Duqu – may detect Stuxnet too
– 27000+ downloads
Press coverage …
Laboratory of Cryptography and System Security 21
CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu
And professional reputation …
Security Challenge 2011
first hacker contest at BME organized CrySyS/Department of
Telecommunications
from September to November 2011 4 rounds
13 challenges 82 registered student 37 active participants objectives:
– for students:
• learn and have fun at the same time – for us:
• find and attract students talented in computer security
sponsored by
Kutatóegyetem
Laboratory of Cryptography and System Security 23
CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu
Participation at hacking contests
Hacktivity 2011 CTF
– in the first round, our team got in the top 10
– in the second round, we finished at the 3rd position (out of the top 10)
iCTF 2011
– international, distributed, wide-area security exercise for universities organized by UCSB every year (since 2003)
– 87 participants this year – we came in 36th
– our team of 22 consisted of talented BSc and MSc students and members of the CrySyS Lab
– it was fun! sponsored by