RuhrSec - our non-profit IT security conference

We are proud to announce our first security conference - RuhrSec. The conference takes place in Bochum at our university (28.-29.4.2016). It is a non-profit conference, i.e. all profit resulting from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sold tickets will go to Gänseblümchen NRW e.V. (thanks to our sponsors and to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 great university conditions, we hope it will be much :) ). As this is our first conference, we carefully invited some top-class speakers (mainly our friends) to present cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir recent work. Given cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 program that we have now, I think we do not have to shame and we can keep up with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best conferences.

Analysis of encrypted databases with CryptDB

As part of a bachelor cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365sis we have taken a look at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest version of CryptDB and compared its performance with a normal MySQL installation and adoption on different applications. In this blog post we would like to share our insights with you.
For furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r results and technical specifications please refer directly to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365sis 'Analysis of Encrypted Databases with CryptDB' that can be found at http://www.nds.rub.de/media/ei/arbeiten/2015/10/26/cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365sis.pdf.

EsPReSSO - A good morning starts with coffee!

In this posts I describe cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tool, I wrote for my Bachelor cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365sis at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chair for Network and Data Security, with support of Context Information Security Ltd.. EsPReSSO is a apronym for "Extension for Recognition and Processing of Single Sing on Protocols". The basic idea behind EsPReSSO is to automate standard tasks to detect and classify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Single Sign-On (SSO) Protocols OpenID, BrowserID, SAML, OAuth, OpenID-Connect, Facebook Connect and Microsoft Account. The tool is integrate with PortSwigger's HTTP Proxy, Burp Suite. Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rmore EsPReSSO integrates cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 WS-Attacker, to attack SAML services semi-automated or manually.

Playing with Certificates (from a Researcher's Perspective)

I often face a problem that I need to test several TLS servers. In order to make cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tests consistent, I want to deploy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same keys and certificates on each server. However, this is not that easy, since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are several key formats and generation mechanisms. Deploying cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same key to an OpenSSL and JSSE servers is thus a huge pain...
In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following, I will give a brief overview on basic certificate types and on few conversion possibilities.

Attacking OpenID Connect 1.0 - Malicious Endpoints Attack

In this post we show a novel attack on OpenID Connect 1.0, which compromises cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 entire protocol - cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Malicious Endpoints attack. The idea behind cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attack is to influence cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information flow in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Discovery and Dynamic Registration Phase in such a way that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attacker gains access to sensitive information.

Practical Invalid Curve Attacks

Next week at ESORICS, I am going to present our newest research paper on attacking elliptic curve implementations (it is a joint work with Tibor Jager and Jörg Schwenk). It might be of interest especially for people who like practical crypto attacks...or for anybody who hates Java, since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attacks were applicable to two out of eight analyzed libraries: Bouncy Castle and Java Crypto Extension (JCE). The result is quite interesting since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attacks allow an attacker to recover private EC keys from different applications, for example, TLS servers.

Not so Smart: On Smart TV Apps

One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main characteristics of Smart TVs are apps. Apps extend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Smart TV behavior with various functionalities, ranging from usage of social networks or payed streaming services, to buying articles on Ebay. These actions demand usage of critical data like aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication tokens and passwords, and thus raise a question on new attack scenarios and general security of Smart TV apps.

These reasons make it interesting enough to do some research on smart TVs. We wrote a paper with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 title "Not so Smart: On Smart TV Apps", which will be presented in a few days at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "International Workshop on Secure Internet of Things" (SIoT 2015). In this paper, we investigate attack models for Smart TVs and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir apps, and systematically analyze security of Smart TV devices. We point out that some popular apps, including Facebook, Ebay or Watchever, send login data over unencrypted channels. Even worse, we show that an arbitrary app installed on devices of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 market share leader Samsung can gain access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 credentials of a Samsung Single Sign-On account. Therefore, such an app can hijack a complete user account including all his devices like smartphones and tablets connected with it. Based on our findings, we provide recommendations that are of general importance and applicable to areas beyond Smart TVs.