From hgi-news-deutschland at lists.ruhr-uni-bochum.de Mon Jun 3 13:12:54 2013 From: hgi-news-deutschland at lists.ruhr-uni-bochum.de (=?iso-8859-1?q?Newsletter_des_Horst_G=F6rtz_Instituts?=) Date: 3 Jun 2013 13:12:54 +0200 Subject: [HGI-News-de] Newsletter 51 Message-ID: <007b01ce604b$507e47f0$f17ad7d0$@rub.de> **HGI-Newsletter** Nr. 51 - Montag, den 03.06.2013 Horst Görtz Institut für IT-Sicherheit Ruhr-Universität Bochum http://www.hgi.rub.de/hgi/newsletter/n51 Inhalt ===== -DHL Innovation Award geht an HGI-Forscher - Distinguished Paper Award geht ans HGI - Terminvorschau - EAA Best Paper and Presentation Award geht an UbiCrypt - Mehr Sicherheit im Internet der Dinge - HGI-Wissenschaftler verankern Datenschutz und Datensicherheit im Gesundheitswesen - UbiCrypt Summer School 2013 - HackPra Allstars auf der OWASP Research Conference 2013 - Programmkomitees - Vorträge - HGI-Kolloquien - Angenommene Artikel/Publikationen DHL Innovation Award geht an HGI-Forscher ================================== Das Verschlüsselungsverfahren PRESENT ist die kleinste standardisierte Chiffre und bietet sehr hohe Sicherheit. Gut durchdacht und äußerst effizient ist sie besonders auf moderne RFID-Etiketten zugeschnitten und kann die Logistik-Branche in Teilbereichen revolutionieren. Diese Auffassung vertritt auch der Ausschuss des DHL Innovation Awards 2013 und zeichnete die Erfinder Prof. Gregor Leander, Prof. Christof Paar (beide HGI) und Prof. Axel Poschmann als „Most Innovative Scientist/Entrepreneur“ aus. Der Preis ist mit 10.000 Euro dotiert. http://www.hgi.rub.de/hgi/news/articles/dhlinnovationaward2013/ Distinguished Paper Award geht ans HGI =============================== Auf dem diesjährigen 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013) wurden Forscher des Horst Görtz Instituts für IT-Sicherheit an der Ruhr-Universität Bochum gemeinsam mit Forschern der TU Darmstadt für ihr Paper „Bring Your Own Privacy & Security to iOS Devices“ mit dem Distinguished Paper Award ausgezeichnet. In ihrer wissenschaftlichen Arbeit präsentieren die Forscher das Design und die Implementierung von PSiOS, einem Tool zur Durchsetzung eigener Sicherheitsbeschränkungen für Applikationen aus dem Apple App-Store. http://www.hgi.rub.de/hgi/news/articles/distinguishedPaperAward2013/ Terminvorschau ============ - 19.06.2013 HackPra, Matthias Kaiser, Horst Görtz Institut für IT-Sicherheit - 28.06.2013 ITS.Connect , Veranstaltungszentrum der Ruhr-Universität Bochum - 22.-26.07.2013 Summer School UbiCrypt , Horst Görtz Institut für IT-Sicherheit - 22.08.2013 HackPra Allstars, OWASP Research Conference 2013, Hamburg - 24.-25.09.2013 Internet Security Days, Phantasialand, Brühl - 08.-10.10.2013 it-sa 2013, Nürnberg EAA Best Paper and Presentation Award geht an UbiCrypt ============================================ Im März wurde Hendrik Meutzner für seinen Beitrag "SVM-Based Preprocessing for Automatic Speech Recognition" mit dem "EAA Best Paper and Presentation Award 2013" auf der AIA-DAGA 2013 Conference on Acoustics in Merano, Italien ausgezeichnet. Er ist Doktorand im DFG Graduiertenkolleg "Neue Herausforderungen für die Kryptographie in ubiquitären Rechnerwelten" (UbiCrypt / GRK 1817/1) und Mitarbeiter der Arbeitsgruppe "Digitale Signalverarbeitung" an der Ruhr-Universität Bochum. Das GRK möchte das Internet der Dinge interdisziplinär erforschen und geht dabei auf aktuelle Probleme alltäglicher IT-Anwendungen ein. Obwohl es erst im Oktober 2012 am Horst Görtz Institut für IT-Sicherheit gestartet ist, zeigen die Arbeiten der Jungforscher bereits erste Erfolge. http://www.hgi.rub.de/hgi/news/articles/eaabestpaper2013/ Mehr Sicherheit im Internet der Dinge ============================== Im Zeitalter des „Internet der Dinge“ und von „Industrie 4.0“ spielt die Sicherheit von Netzwerken und Funk eine immer größere Rolle. Am Horst Görtz Institut für IT-Sicherheit (HGI) der Ruhr-Universität Bochum starten daher die beiden Teilprojekte „Universell konfigurierbare Sicherheitslösung für Cyber-Physikalische Systeme (UNIKOPS)“ und „Effizientes Schlüsselmanagement für mehr Sicherheit im ‚Internet der Dinge‘ (PROPHYLAXE)“. Die Bochumer Forscher sind damit an zwei von drei Forschungsvorhaben beteiligt, die das Bundesministerium für Bildung und Forschung (BMBF) und das Bundesministerium des Innern (BMI) im Programm „IT-Sicherheitsforschung“ fördern. Die Projekte laufen bis August 2015 und haben insgesamt ein Volumen von fast fünf Millionen Euro. http://www.hgi.rub.de/hgi/news/articles/bmbfprojektstarts032013/ HGI-Wissenschaftler verankern Datenschutz und Datensicherheit im Gesundheitswesen ===================================================================== Die Forschungsgruppe für Systemsicherheit am Horst Görtz Institut für IT-Sicherheit stellte vom 9.-11. April 2013 ihr sicheres System für einrichtungsübergreifende elektronische Patientenakten (eEPA) auf der conhIT in Berlin vor. Das System basiert auf den aktuellsten e-Health Standards (XDS) und bietet eine Ende-zu-Ende Vertraulichkeit durch client-seitige Verschlüsselung der medizinischen Dokumente der Patienten. Der alltagstaugliche Prototyp der HGI-Forscher überzeugte die Besucher und weckte großes Interesse. http://www.hgi.rub.de/hgi/news/articles/datensicherheitimgesundheitswesen201 30419/ UbiCrypt Summer School 2013 ======================= Die UbiCrypt Summer School "Reverse Engineering" bietet Absolvent(inn)en und jungen Wissenschaftler(inne)n die Möglichkeit, mehr über die Analyse von Binärdateien und Schadsoftware zu erfahren. In Kooperation mit dem SysSec Network of Excellence bieten das Horst Görtz Institut für IT-Sicherheit ein facettenreiches Programm mit vielen angewandten Übungen. Die Anmeldung zur Veranstaltung ist über die Veranstaltungsseite bis zum 28. Juni möglich. http://www.hgi.rub.de/hgi/news/articles/callforsummerschool20131/ HackPra Allstars auf der OWASP Research Conference 2013 ============================================= HackPra Allstars ist ein Track speziell eingeladener Speaker auf der OWASP Research 2013 conference am 22. August 2013 in Hamburg. HackPra Allstars bringt alle Vortragenden des HackerPraktikums des Horst Görtz Instituts für IT-Sicherheit an der Ruhr-Universität Bochum zusammen und ermöglicht damit allen Zuhörern an nur einem Tag die wichtigstens Einflussgrößen der heutigen Web-Application-Security und IT-Sicherheit kennenzulernen. Der Track ist offen für alle regulären Teilnehmer der Konferenz. http://www.hgi.rub.de/hgi/news/articles/hackpraallstars20131de/ Programmkomitees ================ Tim Güneysu: - CHES - Cryptographic Hardware and Embedded Systems, UC Santa Barbara, USA, http://www.chesworkshop.org , 20-23.08.2013. - SAC - Selected Areas of Cryptography, Simon Fraser University, Canada, http://sac2013.irmacs.sfu.ca/, 14.-16.08.2013. - Euromicro DSD, Santander, Spain, http://www.teisa.unican.es/dsd-seaa-2013/dsd2013/index.html%3Fq=node%252F15. html , 04.-06.09.2013. Thorsten Holz: - 34th IEEE Symposium on Security and Privacy, San Francisco, USA, http://www.ieee-security.org/TC/SP2012/ , 19.-22.05.2013. - 10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Berlin, http://dimva.sec.t-labs.tu-berlin.de/ , 17.-19.07.2013. - 22nd USENIX Security Symposium, Washington DC, https://www.usenix.org/conference/usenixsecurity13 , 14.-16.08.2013. - 16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), St. Lucia, http://www.wikicfp.com/cfp/servlet/event.showcfp?eventid=28194 , 23.-25. Oktober, 2013. - 21st Annual Network and Distributed System Security Symposium (NDSS), San Diego, http://www.internetsociety.org/events/ndss-symposium-2013 , 23.-26.02.2014. Timo Kasper: - RFIDsec 2013, Graz, Austria, http://rfidsec2013.iaik.tugraz.at/ , 09.-11.07.2013. Eike Kiltz: - The 16th International Conference on Practice and Theory in Public-Key Cryptography (PKC), Nara, Japan, http://ohta-lab.jp/pkc2013/, 26.02.-01.03.2013. - 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt 2013), Athens, Greece, http://www.iacr.org/conferences/eurocrypt2013/index.html, 26.-30.05.2013. Amir Moradi: - The 4th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE' 2013), Paris, France, http://cosade.org/cosadecfp.pdf, 07.-08.03.2013. Christof Paar: - escar USA 2013, Michigan, USA, https://www.escar.info/index.php?id=524, 29.-30.05.2013. Hans Simon: - Annual Conference in Learning Theory (COLT 2013), Princeton, NJ, http://www.ttic.edu/colt2012/ , 13.-15.06.2013. Marcel Winandy: - 1st Workshop on Web Applications and Secure Hardware (WASH 2013), London, http://wash2013.wordpress.com , 20.06.2013. Christopher Wolf: - WEWoRC - Western European Workshop on Research in Cryptology, Karlsruhe, http://2013.weworc.eu/index.php , 24.-26.07.2013. Vorträge ======= - Timo Kasper: Secrets of contactless Tokens, IDC IT Security - Roadshow 2013, 14.03.2013. - Timo Kasper: Secrets of Contactless Tokens, escar USA 2013, Michigan, USA, 30.05.2013. - Marcus Niemietz: Aktuelle Angriffe gegen Android-Smartphones, a-i3/BSI Symposium 2013, Bochum, 17.04.2013. - Marcus Niemietz: UI Redressing Attacks on Android Devices, Troopers13, Heidelberg, 17.-21.03.2013. - Christof Paar: Constructive and Destructive Aspects of Security for the Internet of Things, Distinguished Lectures - TU Darmstadt, 18.04.2013. HGI-Kolloquien ============ - Masking the AES Sbox - Implementation Aspects and Side-Channel Analysis, Oliver Mischke, Horst Görtz Institut für IT-Sicherheit, Ruhr-Universität Bochum, 25.04.2013. - Challenges in Lattice-Based Cryptography, Michael Schneider, TU Darmstadt, 02.05.2013. - Double-authentication-preventing signatures, Douglas Stebila, Queensland University of Technology, 16.05.2013. - TLS Security - Where Do We Stand?, Kenny Paterson, Royal Holloway College, University of London, 20.06.2013. HackerPraktikum ============= - Svetlana Gaivoronski, Lomonosov Moscow State University, Shellcode detection techniques, 08.05.2013. - Felix Lindner, Head of Recurity Labs, Security is Privacy - Future Research, 15.05.2013. - Jürgen Pabel, Information Security Officer at Deutsche Post AG, 05.06.2013. - Matthias Kaiser, Serviceleiter Bosch, 19.06.2013. - Jeremiah Grossman, WhiteHat Security, 03.07.2013. - Giorgio Maone, InformAction, 10.07.2013. Peise/ Auszeichnungen =================== - Gregor Leander, Christof Paar, Axel Poschmann: DHL Innovation Award, PRESENT, April 2013. - Hendrik Meutzner, Dorothea Kolossa, Sarmad Malik: EAA Best Paper and Presentation Award, SVM-Based Preprocessing for Automatic Speech Recognition, AIA-DAGA 2013 Conference on Acoustics in Merano, Italien. - Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi and Thorsten Holz: Distinguished Paper Award, Bring Your Own Privacy & Security to iOS Devices, 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013). Gäste ===== - Ben Dowling, Queensland University of Technology (QUT), 14.-26.07.2013. - Kenny Paterson, Royal Holloway, University of London, UK, 20.-21.06.2013. - Michael Schneider, TU Darmstadt, 02.05.-03.05.2013. - Douglas Stebila, Queensland University of Technology (QUT), 05.-18.07.2013. Angenommene Artikel/Publikationen ============================== Alex Escala, Gottfried Herold, Eike Kiltz, Carla Rafols, Jorge Villar: An Algebraic Framework for Diffie-Hellman Assumptions To appear in Crypto 2013, Santa Barbara California, USA, 18.– 22.08.2013. Andreas Falkenberg, Christian Mainka, Juraj Somorovsky, Jörg Schwenk: A new Approach towards DoS Penetration Testing on Web Services In Proceedings of the 9th IEEE World Congress on Services, Santa Clara, USA, 2013. Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz, Kenneth G. Paterson: Non-Interactive Key Exchange Public Key Cryptography 2013: 254-271. Tilman Frosch, Marc Kührer, Thorsten Holz: Predentifier: Detecting Botnet C&C Domains From Passive DNS Data in Advanced in IT Early Warning, Fraunhofer Verlag, 2013. Tim Güneysu, Tobias Oder, Thomas Pöppelmann, Peter Schwabe: Software Speed Records For Lattice-Based Signatures Post-Quantum Cryptography, PQCrypto 2013, Springer-Verlag, Limoges, France, June 4-7, 2013. Stefan Heyse, Ingo von Maurich, Tim Güneysu: Smaller Keys for Code-Based Cryptography: QC-MDPC Mceliece Implementation on Embedded Devices Workshop on Cryptographic Hardware and Embedded Systems, CHES 2013, Santa Barbara, USA, 20.-23.08.2013. Johannes Hoffmann, Martin Ussath, Michael Spreitzenbarth, Thorsten Holz: Slicing Droids: Program Slicing for Smali Code 28th International ACM Symposium on Applied Computing (SAC 2013), März 2013. Johannes Hoffmann, Stephan Neumann, Thorsten Holz: Mobile Malware Detection based on Energy Fingerprints - A Dead End? Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Berlin, Juli 2013. Dennis Hofheinz, Eike Kiltz, Victor Shoup: Practical Chosen Ciphertext Secure Encryption from Factoring J. Cryptology 26(1): 102-118 (2013). Ralf Hund, Carsten Willems, Thorsten Holz: Practical Timing Side Channel Attacks Against Kernel Space ASLR IEEE Symposium on Security & Privacy ("Oakland"), San Francisco, 19.-22. Mai 2013. Lennart Köster, Fatih Korkmaz, Marcel Winandy: Standardorientierte Speicherung von verschlüsselten Dokumenten in einem XDS-Repository Proceedings of the eHealth2013, Vienna, Austria, 23.-24.05.2013. David Mandell Freeman, Oded Goldreich, Eike Kiltz, Alon Rosen, Gil Segev: More Constructions of Lossy and Correlation-Secure Trapdoor Functions J. Cryptology 26(1): 39-74 (2013). Amir Moradi, Oliver Mischke: On the Simplicity of Converting Leakages from Multivariate to Univariate - Case Study of a Glitch-Resistant Masking Scheme Workshop on Cryptographic Hardware and Embedded Systems, CHES 2013, Santa Barbara, U.S., August 20 - 23, 2013, to appear. Tobias Schneider, Ingo von Maurich, Tim Güneysu: Efficient Implementation of Cryptographic Primitives on the GA144 Multi-Core Architecture The 24th IEEE International Conference on Application-specific Systems, Architectures and Processors, ASAP 2013, Washington D.C., USA, June 5-7, 2013. Felix Schuster, Stefan Rüster, Thorsten Holz: Preventing Backdoors in Server Applications with a Separated Software Architecture Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Berlin, Juli 2013. Michael Spreitzenbarth, Florian Echtler, Thomas Schreck, Felix Freiling, Johannes Hoffmann: Mobile-Sandbox: Looking Deeper into Android 28th International ACM Symposium on Applied Computing (SAC 2013), März 2013. Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz: PSiOS: Bring Your Own Privacy & Security to iOS Devices 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Hangzhou, China, Mai 2013. Alexander Wild, Tim Güneysu, Amir Moradi: Attacking Atmels Cryptomemory Eerom with Special Purpose Hardware 11th International Conference on Applied Cryptography and Network Security, ACNS 2013, Canada, Alberta, Banff, June 25-28, 2013. Redaktion: Britta Scherer Email: britta.scherer(at)rub.de Geschäftsführender Direktor: Prof. Dr. Alexander May -------------- nächster Teil -------------- Ein Dateianhang mit HTML-Daten wurde abgetrennt... URL: From hgi-news-deutschland at lists.ruhr-uni-bochum.de Thu Jun 6 11:32:56 2013 From: hgi-news-deutschland at lists.ruhr-uni-bochum.de (=?iso-8859-1?q?Newsletter_des_Horst_G=F6rtz_Instituts?=) Date: 6 Jun 2013 11:32:56 +0200 Subject: [HGI-News-de] UbiCrypt Summer School 2013 - Call for Participation (2) Message-ID: <007501ce6298$d3cc84b0$7b658e10$@rub.de> ============================================================= * UbiCrypt Summer School 2013 * * Reverse Engineering * ============================================================= Summer School in Systems Security, Ruhr-University Bochum (RUB), Germany, July 22-26 2013 ************************************************************ * APPLICATION OPEN * * Deadline: June 28, 2013 * * * http://www.ubicrypt.hgi.rub.de/veranstaltungen/summerschool2013/ ************************************************************ The UbiCrypt Summer School on "Reverse Engineering" offers graduate students and young researchers the opportunity to learn more about binary analysis and malware reverse engineering. In cooperation with the SysSec Network of Excellence, we offer fascinating topics and hands-on experiences in this emerging field. The UbiCrypt Summer School 2013 will take place between July 22-26 2013 at Ruhr-University Bochum (RUB). The event is organized by the Horst Goertz Institute for IT-Security (HGI), more specifically the Chair for Systems Security. It will be a mix of lectures and hands-on exercises, allowing the students to learn how binary programs can be analyzed. ** TOPICS ** - Reconstructing data structures in a given binary executable - Unpacking malware samples - Analysis of recent and modern malware samples - Binary instrumentation - Analysis of Android malware ** WORKSHOP ** A special event is planned for Wednesday (July 24): the SysSec Network of Excellence organizes a workshop focused on system security research, to consolidate the Systems Security research community in Europe. The specific format of this workshop has been developed to: - showcase and spread the excellence in systems security research in Europe by presenting a selection of papers published by European researchers and Europe-funded research projects in top conferences in the area - involve students and young researchers by allowing them to showcase their own best results and expose them to top researchers in the field - create a generational exchange between experienced and starting researchers, focusing around a tutorial on how to get your research published in top venues The registration fee for the event is 200 Euro. This amount includes daily refreshments, lunch, workshop on Wednesday, and social events (BBQ and excursion). ** MORE INFORMATION ** http://www.ubicrypt.hgi.rub.de/veranstaltungen/summerschool2013/ ** CONTACT ** Research Training Group GRK 1817/1 "New Challenges for Cryptography in Ubiquitous Computing" Horst Goertz Institute for IT-Security (HGI) Ruhr-University Bochum Universitaetsstraße 150 44801 Bochum Email: ubicrypt-summerschool at hgi.rub.de ** ORGANIZERS ** Research Training Group GRK 1817/1 New Challenges for Cryptography in Ubiquitous Computing http://www.ubicrypt.org Horst Görtz Institute for IT-Security http://www.hgi.rub.de/ SysSec Network of Excellence http://www.syssec-project.eu/ From hgi-news-deutschland at lists.ruhr-uni-bochum.de Mon Jun 10 17:18:43 2013 From: hgi-news-deutschland at lists.ruhr-uni-bochum.de (=?iso-8859-1?q?Newsletter_des_Horst_G=F6rtz_Instituts?=) Date: 10 Jun 2013 17:18:43 +0200 Subject: [HGI-News-de] [crypt@b-it] Call for participation: crypt@b-it 2013, REGISTRATION EXTENDED Message-ID: <51B5EE53.5020209@ruhr-uni-bochum.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== crypt at b-it 2013 Summer School on Cryptography REGISTRATION EXTENDED 29 July - 02 August 2013 B-IT, Bonn, Germany This summer school on cryptography offers undergraduate and graduate students and researchers the opportunity to crypt a bit. It provides acquaintance and interaction in an intellectually stimulating and informal atmosphere in pleasant surroundings. Special focus: * Sponge functions and Keccak * Lattice-based cryptography * The Enigma crypto machine Speakers: * Joan Daemen, STMicroelectronics * Chris Peikert, Georgia Institute of Technology * Max Gebhardt, Bundesamt für Sicherheit in der Informationstechnik (BSI) * Joachim von zur Gathen, B-IT Bonn For further information and registration see . Please register online before Monday 24 June 2013 (EXTENDED DEADLINE!). Note that the number of participants is restricted. Hoping to see you (or your students) in Bonn this summer! On behalf of the organizing staff, Daniel Loebenberger, Michael Nüsken Daniel Loebenberger, b-it computer security, . Michael Nüsken, b-it computer security, . The summer school is jointly organized by HGI Bochum and b-it Bonn. ==================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBAgAGBQJRte5TAAoJEH3aD/+s49TwFwUH/jzQrHT2c4K7u8gH+wn6npjX H06YlLeCAdYkwlQgdu8HFCyx7wWsdlDk0PXa9+p6VUkpE+C5qH3cDQPfmr579Qa8 CQNy8Xb89fAMcOkezactavdzkC+SJBlE8Xc/E6cSVoGXnlewTid346v698KBsj+Q TIECiKaOI0SsuvPTSj72hFwDoi/ZWES1xJfbBJN3JWpIUYa0FFpXovR+lJCKG57r LfwSwyt6pau8Rzh1ZniGtOaUOAwQsZXNkTXO8ealzekQKtWsxxFDARGQ4PSweBq4 gcfp0ZmWrR2P6SXVrPubjkUIUvxFqAygZVuOSIUWWu07jxMvEKiO+JscruRLWDc= =qc4R -----END PGP SIGNATURE----- From hgi-news-deutschland at lists.ruhr-uni-bochum.de Mon Jun 17 12:04:22 2013 From: hgi-news-deutschland at lists.ruhr-uni-bochum.de (=?iso-8859-1?q?Newsletter_des_Horst_G=F6rtz_Instituts?=) Date: 17 Jun 2013 12:04:22 +0200 Subject: [HGI-News-de] =?iso-8859-1?q?HGI-Kolloquium_am_20=2E06=2E2013=3A_?= =?iso-8859-1?q?TLS_Se=ADcu=ADri=ADty_-_Where_Do_We_Stand=3F?= Message-ID: <51BEDF26.1060307@rub.de> Sehr geehrte Damen und Herren, im Rahmen des HGI-Kolloquiums, organisiert vom Lehrstuhl für Systemsicherheit und dem Horst-Görtz-Institut der Ruhr-Universität Bochum, wird Kenny Paterson von dem Royal Hol­lo­way Col­le­ge, Uni­ver­si­ty of Lon­don, am nächsten Donnerstag, den 20. Juni 2013 um 11.00 Uhr s.t. in Raum ID 04/413 über folgendes Thema referieren: TLS Se­cu­ri­ty - Where Do We Stand?: TLS is the de facto se­cu­re pro­to­col of choice on the In­ter­net. In this talk, I'll give an over­view of the sta­te-of-the-art of TLS se­cu­ri­ty, fo­cu­sing most­ly on the TLS Re­cord Pro­to­col which is re­s­pon­si­ble for pro­vi­ding the basic se­cu­re chan­nel func­tio­na­li­ty in TLS. I'll focus on re­cent­ly-dis­co­ver­ed vul­nerabi­li­ties in the TLS spe­ci­fi­ca­ti­on and its cryp­to­gra­phic al­go­rith­ms. These lead to plain­text re­co­very at­tacks against TLS-pro­tec­ted traf­fic. I will re­flect on why the de­ploy­ment of se­cu­re cryp­to­gra­phy is see­mingly so hard, and what the bar­riers are to ad­opting bet­ter ap­proa­ches than the cur­rent tech­ni­ques used in TLS. Zu diesem und sämtlichen weiteren Vorträgen des HGI-Kolloquiums sind alle Studenten und Interessierten herzlich eingeladen! Eine Voranmeldung ist nicht erforderlich! Weitere Informationen gibt es auf folgender Webseite: http://hgi.rub.de/hgi/hgi-seminar/ Mit freundlichen Grüßen Thomas Hupperich & Johannes Hoffmann From hgi-news-deutschland at lists.ruhr-uni-bochum.de Wed Jun 26 11:50:22 2013 From: hgi-news-deutschland at lists.ruhr-uni-bochum.de (=?iso-8859-1?q?Newsletter_des_Horst_G=F6rtz_Instituts?=) Date: 26 Jun 2013 11:50:22 +0200 Subject: [HGI-News-de] UbiCrypt Summer School 2013 - Call for Participation III Message-ID: ============================================================= * UbiCrypt Summer School 2013 * * Reverse Engineering * ============================================================= Summer School in Systems Security, Ruhr-University Bochum (RUB), Germany, July 22-26 2013 ************************************************************ * APPLICATION OPEN * * Deadline: June 28, 2013 * * * http://www.ubicrypt.hgi.rub.de/veranstaltungen/summerschool2013/ ************************************************************ The UbiCrypt Summer School on "Reverse Engineering" offers graduate students and young researchers the opportunity to learn more about binary analysis and malware reverse engineering. In cooperation with the SysSec Network of Excellence, we offer fascinating topics and hands-on experiences in this emerging field. The UbiCrypt Summer School 2013 will take place between July 22-26 2013 at Ruhr-University Bochum (RUB). The event is organized by the Horst Goertz Institute for IT-Security (HGI), more specifically the Chair for Systems Security. It will be a mix of lectures and hands-on exercises, allowing the students to learn how binary programs can be analyzed. ** TOPICS ** - Reconstructing data structures in a given binary executable - Unpacking malware samples - Analysis of recent and modern malware samples - Binary instrumentation - Analysis of Android malware **PROGRAM** http://www.ubicrypt.hgi.rub.de/mam/content/program_summerschool2013_pdf.pdf ** WORKSHOP ** A special event is planned for Wednesday (July 24): the SysSec Network of Excellence organizes a workshop focused on system security research, to consolidate the Systems Security research community in Europe. The specific format of this workshop has been developed to: - showcase and spread the excellence in systems security research in Europe by presenting a selection of papers published by European researchers and Europe-funded research projects in top conferences in the area - involve students and young researchers by allowing them to showcase their own best results and expose them to top researchers in the field - create a generational exchange between experienced and starting researchers, focusing around a tutorial on how to get your research published in top venues The registration fee for the event is 200 Euro. This amount includes daily refreshments, lunch, workshop on Wednesday, and social events (BBQ and excursion). **SCHOLARSHIP** We offer a scholarship for those who are seeking financial support. The selection committee places a strong focus on financial hardship. ** MORE INFORMATION ** http://www.ubicrypt.hgi.rub.de/veranstaltungen/summerschool2013/ ** CONTACT ** Research Training Group GRK 1817/1 "New Challenges for Cryptography in Ubiquitous Computing" Horst Goertz Institute for IT-Security (HGI) Ruhr-University Bochum Universitaetsstraße 150 44801 Bochum Email: ubicrypt-summerschool at hgi.rub.de ** ORGANIZERS ** Research Training Group GRK 1817/1 New Challenges for Cryptography in Ubiquitous Computing http://www.ubicrypt.org Horst Görtz Institute for IT-Security http://www.hgi.rub.de/ SysSec Network of Excellence http://www.syssec-project.eu/ From hgi-news-deutschland at lists.ruhr-uni-bochum.de Mon Jun 24 15:27:20 2013 From: hgi-news-deutschland at lists.ruhr-uni-bochum.de (=?iso-8859-1?q?Newsletter_des_Horst_G=F6rtz_Instituts?=) Date: 24 Jun 2013 15:27:20 +0200 Subject: [HGI-News-de] UbiCrypt Summer School 2013 - Call for Participation II Message-ID: ============================================================= * UbiCrypt Summer School 2013 * * Reverse Engineering * ============================================================= Summer School in Systems Security, Ruhr-University Bochum (RUB), Germany, July 22-26 2013 ************************************************************ * APPLICATION OPEN * * Deadline: June 28, 2013 * * * http://www.ubicrypt.hgi.rub.de/veranstaltungen/summerschool2013/ ************************************************************ The UbiCrypt Summer School on "Reverse Engineering" offers graduate students and young researchers the opportunity to learn more about binary analysis and malware reverse engineering. In cooperation with the SysSec Network of Excellence, we offer fascinating topics and hands-on experiences in this emerging field. The UbiCrypt Summer School 2013 will take place between July 22-26 2013 at Ruhr-University Bochum (RUB). The event is organized by the Horst Goertz Institute for IT-Security (HGI), more specifically the Chair for Systems Security. It will be a mix of lectures and hands-on exercises, allowing the students to learn how binary programs can be analyzed. ** TOPICS ** - Reconstructing data structures in a given binary executable - Unpacking malware samples - Analysis of recent and modern malware samples - Binary instrumentation - Analysis of Android malware **PROGRAM** http://www.ubicrypt.hgi.rub.de/mam/content/program_summerschool2013_pdf.pdf ** WORKSHOP ** A special event is planned for Wednesday (July 24): the SysSec Network of Excellence organizes a workshop focused on system security research, to consolidate the Systems Security research community in Europe. The specific format of this workshop has been developed to: - showcase and spread the excellence in systems security research in Europe by presenting a selection of papers published by European researchers and Europe-funded research projects in top conferences in the area - involve students and young researchers by allowing them to showcase their own best results and expose them to top researchers in the field - create a generational exchange between experienced and starting researchers, focusing around a tutorial on how to get your research published in top venues The registration fee for the event is 200 Euro. This amount includes daily refreshments, lunch, workshop on Wednesday, and social events (BBQ and excursion). **SCHOLARSHIP** We offer a scholarship for those who are seeking financial support. The selection committee places a strong focus on financial hardship. ** MORE INFORMATION ** http://www.ubicrypt.hgi.rub.de/veranstaltungen/summerschool2013/ ** CONTACT ** Research Training Group GRK 1817/1 "New Challenges for Cryptography in Ubiquitous Computing" Horst Goertz Institute for IT-Security (HGI) Ruhr-University Bochum Universitaetsstraße 150 44801 Bochum Email: ubicrypt-summerschool at hgi.rub.de ** ORGANIZERS ** Research Training Group GRK 1817/1 New Challenges for Cryptography in Ubiquitous Computing http://www.ubicrypt.org Horst Görtz Institute for IT-Security http://www.hgi.rub.de/ SysSec Network of Excellence http://www.syssec-project.eu/ From hgi-news-deutschland at lists.ruhr-uni-bochum.de Wed Jun 26 12:15:49 2013 From: hgi-news-deutschland at lists.ruhr-uni-bochum.de (=?iso-8859-1?q?Newsletter_des_Horst_G=F6rtz_Instituts?=) Date: 26 Jun 2013 12:15:49 +0200 Subject: [HGI-News-de] HackPra Talk: Jeremiah Grossman Message-ID: HACKPRA TALK: JEREMIAH GROSSMAN *Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Building ID, Room 04/459* *July 3, 2013 at 4pm* Jeremiah Grossman, founder and chief technology officer of WhiteHat Security, is a world-renowned expert in web application security and a founding member of the Web Application Security Consortium (WASC). He is a frequent speaker at industry events including the BlackHat Briefings, ISACA's Networks Security Conference, NASA, ISSA and Defcon. The Horst Görtz Institute for IT-Security proudly presents his talk during HackPra on July 3, 2013 at 4pm. *Abstract:* What’s needed is more secure software, NOT more security software. Understanding this subtle distinction is key. Organizations must demand that software be designed in a way that makes it resilient against attack and does not require additional security products to protect it. The question that organizations should be asking themselves is: how do we integrate security throughout the software development life-cycle (SDLC)? As simple as these questions sound, the answers have proven elusive. Most responses by the so- called experts are based purely on personal anecdote and devoid of any statistically compelling evidence. Many of these experts will cite various “best- practices,” such as software security training for developers, security testing during QA, static code analysis, centralized controls, Web Application Firewalls, penetration-testing, and more; The reality, though, is that just because a certain practice works well for one organization does not mean it will work at another. Unfortunately, this hasn’t prevented many from boisterously and carelessly advocating a litany of best-practices with little regard for true efficacy and important operational considerations. The net result: websites no less hackable today than they were yesterday. To move in this direction we asked WhiteHat Security customers to assist us by answering roughly a dozen very specific survey questions about their SDLC and application security program. Questions such as: how often do you perform security tests on your code during QA? What is your typical rate of production code change? Do you perform static code analysis? Have you deployed a Web Application Firewall? Who in your organization is accountable in the event of a breach? We even asked: has your website been breached? We received responses to this survey from 76 organizations, and then correlated those responses with WhiteHat Sentinel website vulnerability data. The results were both stunning and deeply head scratching. The connections from various software security controls and SDLC behaviors to vulnerability outcomes and breaches is far more complicated than we ever imagined. The G Data Software AG offers an evening program, accompanying the "HackPra" at the Horst Görtz Institute for IT-Security. Every participant is welcome to meet the speakers and the "HackPra's" organizing crew in the G Data Academy. Further information on G Data and the HackPra can be found here: http://www.nds.ruhr-uni-bochum.de/teaching/hackpra/ https://www.gdata.de/offensive-security-course *Participation is free of charge* -------------- nächster Teil -------------- Ein Dateianhang mit HTML-Daten wurde abgetrennt... URL: From hgi-news-deutschland at lists.ruhr-uni-bochum.de Tue Jun 25 10:03:10 2013 From: hgi-news-deutschland at lists.ruhr-uni-bochum.de (=?iso-8859-1?q?Newsletter_des_Horst_G=F6rtz_Instituts?=) Date: 25 Jun 2013 10:03:10 +0200 Subject: [HGI-News-de] UbiCrypt Summer School 2013 - Call for Participation II Message-ID: ============================================================= * UbiCrypt Summer School 2013 * * Reverse Engineering * ============================================================= Summer School in Systems Security, Ruhr-University Bochum (RUB), Germany, July 22-26 2013 ************************************************************ * APPLICATION OPEN * * Deadline: June 28, 2013 * * * http://www.ubicrypt.hgi.rub.de/veranstaltungen/summerschool2013/ ************************************************************ The UbiCrypt Summer School on "Reverse Engineering" offers graduate students and young researchers the opportunity to learn more about binary analysis and malware reverse engineering. In cooperation with the SysSec Network of Excellence, we offer fascinating topics and hands-on experiences in this emerging field. The UbiCrypt Summer School 2013 will take place between July 22-26 2013 at Ruhr-University Bochum (RUB). The event is organized by the Horst Goertz Institute for IT-Security (HGI), more specifically the Chair for Systems Security. It will be a mix of lectures and hands-on exercises, allowing the students to learn how binary programs can be analyzed. ** TOPICS ** - Reconstructing data structures in a given binary executable - Unpacking malware samples - Analysis of recent and modern malware samples - Binary instrumentation - Analysis of Android malware **PROGRAM** http://www.ubicrypt.hgi.rub.de/mam/content/program_summerschool2013_pdf.pdf ** WORKSHOP ** A special event is planned for Wednesday (July 24): the SysSec Network of Excellence organizes a workshop focused on system security research, to consolidate the Systems Security research community in Europe. The specific format of this workshop has been developed to: - showcase and spread the excellence in systems security research in Europe by presenting a selection of papers published by European researchers and Europe-funded research projects in top conferences in the area - involve students and young researchers by allowing them to showcase their own best results and expose them to top researchers in the field - create a generational exchange between experienced and starting researchers, focusing around a tutorial on how to get your research published in top venues The registration fee for the event is 200 Euro. This amount includes daily refreshments, lunch, workshop on Wednesday, and social events (BBQ and excursion). **SCHOLARSHIP** We offer a scholarship for those who are seeking financial support. The selection committee places a strong focus on financial hardship. ** MORE INFORMATION ** http://www.ubicrypt.hgi.rub.de/veranstaltungen/summerschool2013/ ** CONTACT ** Research Training Group GRK 1817/1 "New Challenges for Cryptography in Ubiquitous Computing" Horst Goertz Institute for IT-Security (HGI) Ruhr-University Bochum Universitaetsstraße 150 44801 Bochum Email: ubicrypt-summerschool at hgi.rub.de ** ORGANIZERS ** Research Training Group GRK 1817/1 New Challenges for Cryptography in Ubiquitous Computing http://www.ubicrypt.org Horst Görtz Institute for IT-Security http://www.hgi.rub.de/ SysSec Network of Excellence http://www.syssec-project.eu/ From hgi-news-deutschland at lists.ruhr-uni-bochum.de Mon Jun 24 11:42:53 2013 From: hgi-news-deutschland at lists.ruhr-uni-bochum.de (=?iso-8859-1?q?Newsletter_des_Horst_G=F6rtz_Instituts?=) Date: 24 Jun 2013 11:42:53 +0200 Subject: [HGI-News-de] HGI-Kolloquium am 27.06.2013: Impact of Localized Electromagnetic Field Measurements on Implementations of Asymmetric Cryptography Message-ID: Sehr geehrte Damen und Herren, im Rahmen des HGI-Kolloquiums, organisiert vom Lehrstuhl für Systemsicherheit und dem Horst-Görtz-Institut der Ruhr-Universität Bochum, wird Johann Heyszl von der Fraunhofer Research Institution AISEC, am nächsten Donnerstag, den 27. Juni 2013 um 11.00 Uhr s.t. in Raum ID 04/413 über folgendes Thema referieren: Impact of Localized Electromagnetic Field Measurements on Implementations of Asymmetric Cryptography: Implementations of cryptographic algorithms are threatened by side-channel analysis, which denotes the recovery of secret keys through observations of e.g., the current consumption of a device during cryptographic operations. In this thesis, I investigate the use of high-resolution electromagnetic field measurements for side-channel analysis. Contrary to previous contributions about precise electromagnetic field measurements in side-channel analysis, I specifically concentrate on localized aspects of such measurements, which means that the measurements are restricted to a certain spatial extent. Previous publications either conclude that localized measurements of electromagnetic fields are impossible, or show unconvincing, coarse localizations without dedicated exploitation of such localized measurements. In this thesis, I improve the current state of research by investigating the feasibility, quality and dedicated use of localized electromagnetic field measurements. Zu diesem und sämtlichen weiteren Vorträgen des HGI-Kolloquiums sind alle Studenten und Interessierten herzlich eingeladen! Eine Voranmeldung ist nicht erforderlich! Weitere Informationen gibt es auf folgender Webseite: http://hgi.rub.de/hgi/hgi-seminar/ Mit freundlichen Grüßen Thomas Hupperich & Johannes Hoffmann From hgi-news-deutschland at lists.ruhr-uni-bochum.de Tue Jun 25 20:55:30 2013 From: hgi-news-deutschland at lists.ruhr-uni-bochum.de (=?iso-8859-1?q?Newsletter_des_Horst_G=F6rtz_Instituts?=) Date: 25 Jun 2013 20:55:30 +0200 Subject: [HGI-News-de] HGI-Kolloquium am 27.06.2013: Impact of Localized Electromagnetic Field Measurements on Implementations of Asymmetric Cryptography Message-ID: Sehr geehrte Damen und Herren, im Rahmen des HGI-Kolloquiums, organisiert vom Lehrstuhl für Systemsicherheit und dem Horst-Görtz-Institut der Ruhr-Universität Bochum, wird Johann Heyszl von der Fraunhofer Research Institution AISEC, am nächsten Donnerstag, den 27. Juni 2013 um 11.00 Uhr s.t. in Raum ID 04/413 über folgendes Thema referieren: Impact of Localized Electromagnetic Field Measurements on Implementations of Asymmetric Cryptography: Implementations of cryptographic algorithms are threatened by side-channel analysis, which denotes the recovery of secret keys through observations of e.g., the current consumption of a device during cryptographic operations. In this thesis, I investigate the use of high-resolution electromagnetic field measurements for side-channel analysis. Contrary to previous contributions about precise electromagnetic field measurements in side-channel analysis, I specifically concentrate on localized aspects of such measurements, which means that the measurements are restricted to a certain spatial extent. Previous publications either conclude that localized measurements of electromagnetic fields are impossible, or show unconvincing, coarse localizations without dedicated exploitation of such localized measurements. In this thesis, I improve the current state of research by investigating the feasibility, quality and dedicated use of localized electromagnetic field measurements. Zu diesem und sämtlichen weiteren Vorträgen des HGI-Kolloquiums sind alle Studenten und Interessierten herzlich eingeladen! Eine Voranmeldung ist nicht erforderlich! Weitere Informationen gibt es auf folgender Webseite: http://hgi.rub.de/hgi/hgi-seminar/ Mit freundlichen Grüßen Thomas Hupperich & Johannes Hoffmann