Mittwoch, 2. Dezember 2015

Analysis of encrypted databases with CryptDB


As part of a bachelor cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365sis we have taken a look at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest version of CryptDB and compared its performance with a normal MySQL installation and adoption on different applications. In this blog post we would like to share our insights with you.
For furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r results and technical specifications please refer directly to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365sis 'Analysis of Encrypted Databases with CryptDB' that can be found at http://www.nds.rub.de/media/ei/arbeiten/2015/10/26/cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365sis.pdf.

Montag, 16. November 2015

EsPReSSO - A good morning starts with coffee!

In this posts I describe cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tool, I wrote for my Bachelor cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365sis at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chair for Network and Data Security, with support of Context Information Security Ltd.. EsPReSSO is a apronym for "Extension for Recognition and Processing of Single Sing on Protocols". The basic idea behind EsPReSSO is to automate standard tasks to detect and classify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Single Sign-On (SSO) Protocols OpenID, BrowserID, SAML, OAuth, OpenID-Connect, Facebook Connect and Microsoft Account. The tool is integrate with PortSwigger's HTTP Proxy, Burp Suite. Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rmore EsPReSSO integrates cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 WS-Attacker, to attack SAML services semi-automated or manually.

Freitag, 6. November 2015

Playing with Certificates (from a Researcher's Perspective)

I often face a problem that I need to test several TLS servers. In order to make cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tests consistent, I want to deploy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same keys and certificates on each server. However, this is not that easy, since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are several key formats and generation mechanisms. Deploying cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same key to an OpenSSL and JSSE servers is thus a huge pain...
In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following, I will give a brief overview on basic certificate types and on few conversion possibilities.

Montag, 5. Oktober 2015

Attacking OpenID Connect 1.0 - Malicious Endpoints Attack

In this post we show a novel attack on OpenID Connect 1.0, which compromises cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 entire protocol - cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Malicious Endpoints attack. The idea behind cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attack is to influence cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information flow in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Discovery and Dynamic Registration Phase in such a way that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attacker gains access to sensitive information.

Montag, 14. September 2015

Practical Invalid Curve Attacks

Next week at ESORICS, I am going to present our newest research paper on attacking elliptic curve implementations (it is a joint work with Tibor Jager and Jörg Schwenk). It might be of interest especially for people who like practical crypto attacks...or for anybody who hates Java, since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attacks were applicable to two out of eight analyzed libraries: Bouncy Castle and Java Crypto Extension (JCE). The result is quite interesting since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attacks allow an attacker to recover private EC keys from different applications, for example, TLS servers.

Montag, 31. August 2015

Not so Smart: On Smart TV Apps


One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main characteristics of Smart TVs are apps. Apps extend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Smart TV behavior with various functionalities, ranging from usage of social networks or payed streaming services, to buying articles on Ebay. These actions demand usage of critical data like aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication tokens and passwords, and thus raise a question on new attack scenarios and general security of Smart TV apps.

These reasons make it interesting enough to do some research on smart TVs. We wrote a paper with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 title "Not so Smart: On Smart TV Apps", which will be presented in a few days at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "International Workshop on Secure Internet of Things" (SIoT 2015). In this paper, we investigate attack models for Smart TVs and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir apps, and systematically analyze security of Smart TV devices. We point out that some popular apps, including Facebook, Ebay or Watchever, send login data over unencrypted channels. Even worse, we show that an arbitrary app installed on devices of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 market share leader Samsung can gain access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 credentials of a Samsung Single Sign-On account. Therefore, such an app can hijack a complete user account including all his devices like smartphones and tablets connected with it. Based on our findings, we provide recommendations that are of general importance and applicable to areas beyond Smart TVs.


Mittwoch, 3. Juni 2015

OWASP AppSec EU 2015: my Three Favourite Talks

Two weeks ago, we visited cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OWASP AppSec Europe 2015 conference. This conference is intended for security developers and penetration testers who want to get some new high-quality knowledge. Since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference contains also research talks, according to me it is also well suited for security researchers working in academia.Thus, I am excited to present you my favourite three talks from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference. *

I have to explicitly mention that I really enjoyed all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 talks that I visited, not only cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 talks summarized here.

Beliebte Posts