Research and teaching activities in the CrySyS Lab

(1)

Research and teaching activities in the CrySyS Lab

Levente Buttyán

Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology and Economics

Department of Telecommunications www.crysys.hu

January 2012

Current members

faculty:

– Boldizsár Bencsáth, PhD, Assistant Professor

– Levente Buttyán, PhD, Associate Professor (head of the lab) – Márk Félegyházi, PhD, Assistant Professor

– István Vajda, DSc, Professor post doc researcher:

– Amit Dvir, PhD

PhD candidates and PhD students:

– Tamás Holczer (privacy in RFID systems, vehicular networks, sensor networks)

– Gergely Kótyuk(privacy in social networks, applications of machine learning)

– Áron Lászka(robustness of network toplogies, optimization problems)

– Gábor Pék (security of virtualized systems, code attestation, malware analysis)

– Ta Vinh Thong(formal verification of security protocols)

+ students working on diploma and semester projects

(2)

Laboratory of Cryptography and System Security 3

CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu

Mission

internationally recognized, high quality research on security and privacy in computer networks and systems

– problem driven, project oriented research we are committed to establish and participate in R&D projects, in which we collaborate with industrial and other academic partners

teaching network and system security, privacy, and cryptography in the context of university courses, laboratory exercises, and student semester projects provision of consulting services without compromising

the general academic objectives

Research areas

embedded wireless networks

(sensors and alike)

operating systems

“Future Internet”

security protocols privacy enhancing techniques

security issues in virtualization security of mobile platforms (eg. android) code

attestation

cyber insurance and risk management

privacy in mobile social networks

DNS economics

SPAM economics trust and reputation in security defense

malware analysis

proactive blacklisting

(3)

Overview of projects

2006 2007 2008 2009 2010 2011 2012 2013

national EU FP7

EU FP6 UbiSecSens

SeVeCom

BIONETS DESEREC

EU-MESH WSAN4CIP

Privacy for Smart Spaces Privacy for Urban sensing internal projects CHIRON

EU ARTEMIS EIT ICT Labs

Project highlights

SeVeCom– Secure Vehicle Communications (www.sevecom.org)

(EU STREP , supervised by L. Buttyan)

UbiSec&Sens– Ubiquitous Sensing and Security (www.ist-ubisecsens.org)

(EU STREP , supervised by L. Buttyan)

WSAN4CIP– Wireless Sensor Networks for Critical Infrastructure Protection

(EU STREP, supervised by L. Buttyan)

EU-MESH –Enhanced, Ubiquitous, and Dependable Broadband Access using MESH Networks (www.eu-mesh.eu)

(EU STREP, supervised by L. Buttyan)

CHIRON– Cyclic and Person Centric Health Management

(ARTEMIS IP, supervised by L. Buttyan and R. Schulz)

(4)

SeVeCom Project

context

– funded by the EC within FP6 (project no. 027795 ) – started in Jan 2006, duration 3 years

objectives

– development of a security architecture for vehicular safety communication systems

• key and identity management for cars, secured communication protocols, location privacy enhancing techniques

– extensive liaison with other related EU and non-EU funded projects

• C2C-CC, CVIS, SAFESPOT, COMeSafety, … partners

– industry: Trialog, Daimler, CR Fiat, Bosch

– academia: EPFL, U Ulm, KU Leuven, BME/HIT/CrySyS more information: www.sevecom.org

UbiSec&Sens Project

context

– funded by the EC within FP6 (project no. 026820 ) – started in Jan 2006, duration 3 years

objectives

– development of a security toolbox for wireless sensor networks

• secure routing and clustering, concealed data aggregation, persistent distributed data storage (TinyPEDS), key management, crypto support (ECC, TinyRNG) – implementation and demonstration

• vineyard monitoring, road condition monitoring, homeland security (in cooperation with the Portuguese police)

partners

– industry: NEC Europe

– academia: RWTH, RU Bohum, Lulea TU, IHP, INRIA, INOV, BME/HIT/CrySyS more information: www.ist-ubisecsens.org

(5)

WSAN4CIP Project

context

– funded by the EC within FP7 – started in Jan 2009, duration 3 years objectives

– investigate the applicability of wireless sensor technology for monitoring critical infrastructures (cost efficiency and large scale surveillance)

– dependable networking and services, secured OS – implementation and demonstration

• monitoring a drinking water distribution system in Frankfurt/Oder,

• monitoring power lines and substations in the Lisbon area of Portugal partners

– industry: NEC Europe, Sirrix AG, Tecnatom SA, FWA, EDP – academia: U Malaga, Lulea TU, IHP, INRIA, INOV, BME/HIT/CrySyS more information: www.wsan4cip.eu

EU-MESH Project

context

– funded by the EC within FP7

– started in Jan 2008, duration 2.5 years objectives

– design and experiment with QoS-aware wireless mesh networks for broadband access to the Internet

– work package on security deals with

• fast mesh client authentication to support seamless hand-over

• secure routing and misbehaving router detection

• secured multipath communications based on IPsec partners

– industry: Proximetry, Ozone, FORTHNET, Thales

– academia: FORTH, CNR Italy, TU Berlin, SUPSI, BME/HIT/CrySyS more information: www.eu-mesh.eu

(6)

CHIRON Project

context

– funded by the ARTEMIS JU (subprogram: person-centric healthcare) – started in Mar 2010, duration 3 years

objectives

– combine state-of-the art technologies and innovative solutions into an integrated framework designed for an effective and person-centric health management along the complete care cycle

– we are working on

• in-door positioning techniques (BME/HIT/MCL)

• security and privacy at the body area sensor network level (BME/HIT/CrySyS) – prevention of traffic analysis

– privacy preserving access control to collected data at the BAN level

partners

– 27 partners from 8 countries

– 7 large enterprises, 7 SMEs, 6 universities (including BME/HIT), 6 research centers, 1 medical institution

more information: www.chiron-project.eu

Current projects

Privacy Preserving Smart Spaces

– EIT ICT Labs activity

– start date: 2012 Jan, duration: 1 year

– privacy in collaborative sensing applications, wireless traffic analysis prevention

Privacy and Incentives in Collaborative Sensing Applications

– subcontractor of Evopro Ltd in a national project

internal projects funded by BME Infokom Innovátor

– gmail encryption with keyword search – collaborative spam filtering

– code attestation of embedded devices – traffic analysis in smart metering systems

(7)

Our sensor network test bed

prototypes developed:

– secure and resilient routing protocols

– implementation of the IETF ROLL routing protocol RPL (Linux, TinyOS) – resilient data aggregation algorithms

– secure and reliable cluster head election protocols – secure and reliable transport protocols

– secure distributed data storage schemes (also for forensics purposes) – crypto toolbox (symmetric key encryption and message integrity algs) ZigBee compatible / TinyOS:

– 4 Crossbow MicaZ motes + programming board – 20 MoteIV TmoteSky motes WiFi / Linux:

– 6 Silex SX-560 wireless embedded modules

Our mesh network test bed

~10 MikroTik Routerboard 153

175MHz, 32MB RAM, 2 GB CF, 3 radio interfaces (802.11a/b/g)

prototypes developed:

– security extensions to the OLSR routing protocol – fast user authentication protocols for seamless handover – IPsec based secure multi-path communication protocol

(8)

International collaborations

EPFL, Switzerland (Prof. Jean-Pierre Hubaux)

University of Twente, The Netherlands (Dr. Frank Kargl)

KTH, Sweden (Prof. Panagiotis Papadimitratos, Prof. György Dán) NEC Laboratories, Germany (Dr. Dirk Westhoff)

IHP, Germany (Prof. Dr. Peter Langendoerfer) INRIA Rhone-Alpes (Dr. Claude Castelluccia)

University of Washington, Seattle (Prof. Radha Poovendran) University of California, Berkeley (Prof. Jean Walrand) ICSI, Berkeley (Prof. Vern Paxson)

University of Münster, Germany (Prof. Rainer Böhme)

…

Teaching

Base course in Computer Networking

– Computer Networking (Info BSc German, Computernetzwerke) (M. Félegyházi)

Base courses in Information Security

– Information Security(Info MSc, Adatbiztonság) (I. Vajda, L. Buttyán, B. Bencsáth)

– Information Security(GaIn MSc, Adatbiztonság) (I. Vajda, L. Buttyán, B. Bencsáth)

Special on Security of Communication Systems

(Hírközlőrendszerek biztonsága MSc informatikus szakirány) – Cryptography and its applications

(Kriptográfia és alkalmazásai) (I. Vajda)

– Security protocols

(Biztonsági protokollok) (L. Buttyán)

– Foundations of secure e-commerce

(A biztonságos elektronikus kereskedelem alapjai) (L. Buttyán)

– Network security in practice

(Hálózatbiztonság a gyakorlatban) (B. Bencsáth)

– Economics of security and privacy

(A biztonság és a privátszféra védelmének közgazdaságtana) (M. Félegyházi)

+ laboratory exercises, semester and diploma projects

(all members)

(9)

Consulting

Hungarian Telecom (T-Com) – security for VoIP systems Budapest Transport Ltd

– security requirements for automated fare collection (electronic ticketing)

NETI

– secure smart card based authentication system evopro

– cryptography for embedded devices ethical hacking

– penetration testing and vulnerability analysis for numerous Hungarian companies

Our latest project: Duqu

(10)

Contributions

discovery, naming, and first analysis of Duqu

– in our 60-page report, we show that Duqu has striking similarities to the infamous Stuxnet worm

– we shared our analysis with major anti-virus vendors and with Microsoft – an anonymized and shortened version of this report was published as an

appendix of the first Symantec report on Duqu identification of the dropper

– MS word document with a 0-day Windows kernel exploit

– we made the dropper available to Symantec that sanitized and shared it with other anti-virus vendors and Microsoft

development and open-source distribution of a Duqu detector toolkit – based on heuristics, follows a different approach than signature based

malware detection

– detects live Duqu instances and remains of an earlier infection by Duqu – may detect Stuxnet too

– 27000+ downloads

Press coverage …

(11)

And professional reputation …

Security Challenge 2011

first hacker contest at BME organized CrySyS/Department of

Telecommunications

from September to November 2011 4 rounds

13 challenges 82 registered student 37 active participants objectives:

– for students:

• learn and have fun at the same time – for us:

• find and attract students talented in computer security

Participation at hacking contests

Hacktivity 2011 CTF

– in the first round, our team got in the top 10

– in the second round, we finished at the 3^rd position (out of the top 10)

iCTF 2011

– international, distributed, wide-area security exercise for universities organized by UCSB every year (since 2003)

– 87 participants this year – we came in 36^th

– our team of 22 consisted of talented BSc and MSc students and members of the CrySyS Lab

– it was fun! sponsored by

Research and teaching activities in the CrySyS Lab