[HGI-news-int] HGI Newsletter #04e

[English Newsletter of the Horst Goertz Institute of IT Security in Bochum]

HGI-Newsletter
http://www.hgi.rub.de/hgi/newsletter/n04e/

No 04e - Friday, 28 May 2010
Horst Görtz Institute for IT Security
­­Ruhr-University Bochum
http://www.hgi.rub.de


Content
=======
- Successful manipulation of credit accounts
- Assistant professor "Embedded Malware"
- Graduation ceremony for 40 IT-security specialists
- New members on the board of Trustees at the Horst Görtz Institute
- HGI represented in IACR
- Trust 2010
- Start of new project work "Unique"
- Workshop on "Generic Ring Algorithms"
- Guests
- Programme Committees
- Workshops
- Invited talks
- Talks
- HGI Colloquium
- Publications

Successful manipulation of credit accounts
==========================================
As a consequence of attacks on RFID-Chips in 2007 Timo Kasper has been 
able to manipulate the credit value stored on contactless cards used in
a widespread payment application. Exchanging these false credits for 
real goods without any problems is proof enough that converting bits
into real cash works. By setting up a specific reader device, Timo 
Kasper was able to modify the credit value stored on a card, which then
could be used for cashless payment transactions. Altering the credit 
value on a card in practice takes 40ms from a distance of up to 30cm and
hence shows a signifacant real-world risk.

Assistant professor "Embedded Malware"
======================================
We are happy to announce that Dr. Thorsten Holz joined the Horst Görtz 
Institute as new Assistant Professor for "Embedded Malware". Dr. Holz
studied at RWTH Aachen. He obtained his PhD degree at the Laboratory for 
Dependable Distributed Systems (University of Mannheim) in "Tracking and
Mitigation of Malicious Remote Control Networks". In the last year he 
worked as a postdoctoral research fellow at Vienna University of
Technology, specifically at the International Secure Systems Lab. Dr. 
Thorsten Holz is one of the founders of the German Honeynet Project.
Working closely with the Chair in Network and Data Security he will 
contribute to the research in Embedded Malware, Honeypots, analysis of
binary code and anti spam techniques at the HGI. URL: http://honeyblog.org/

Graduation ceremony for 40 IT-security specialists
==================================================
40 Students of the study program IT-Security received their diplomas at 
the "Nestfest", the annual graduation ceremony of the Faculty of
Electrical Engineering and Information Sciences. On January, 22nd, 2010, 
they were awarded with Bachelors', Diploma or Masters' degrees. Given
the ongoing strong demand for IT-security specialists, the job 
perspectives for our graduates are excellent. Usually, students are
offered a contract even before receiving their degree.

New members on the board of Trustees at the Horst Görtz Institute
=================================================================
The HGI welcomes four new members to the Board of Trustees: Dr. Rainer 
Baumgart (Secunet), Tom Köhler (Microsoft), Dr. Dirk Hochstrate (G
DATA), Dr. Thomas Wille (NXP) and Klaus Wolfenstetter (T-Labs). They 
supersede Prof. Johannes Buchmann (TU Darmstadt), Dr. Stephan Lechner
(European Commission), Dr. Udo Helmbrecht (former Präsident of the BSI, 
now president of EU-Netzwerksicherheitsagentur ENISA) and Dr.
Franz-Peter Heider (T-Systems GEI GmbH, Managing Director business unit 
ITC-Security). The Horst Görtz Institute thanks its former Trustees for
their support and is looking forward to a fruitful cooperation with the 
newly elected Board members.

HGI represented in IACR
=======================
The former scientific coordinator of the HGI, Dr. Christopher Wolf, is 
board member of the IACR, the International Association of Cryptologic 
Resarch. Dr. Wolf is the only German board member and is responsible for 
the IACR Newsletter and its web presentation. The IACR is the worldwide
professional association of cryptologists and has more than 1500 members 
all over the world.

Trust 2010
==========
On 21 - 23 June the third international conference on "Trust and 
Trustworthy Computing" will take place in Berlin. This time it will be
organized by Professor Ahmad-Reza Sadeghi. The conference deals with the 
technical and socio-economic aspects of trustworthy infrastructures. It
provides an excellent interdisciplinary forum for researchers, 
practitioners, and decision makers to explore new ideas and discuss
experiences in building, designing, using, and understanding trustworthy 
computing systems. For further information go to  http://www.trust2010.org

Start of new project work "Unique"
==================================
Professor Ahmad-Reza Sadeghi and his team are participating in a new 
project co-financed by the European Commission under EU Framework
Programme 7. The project is running for 2.5 years. The consortium of the 
UNIQUE project consists of eight European organizations. UNIQUE brings
together five academic and research institutions (including three 
leading universities and two research SMEs) and three large
microelectronics companies from six European countries (Austria, 
Belgium, France, Germany, Ireland and the Netherlands). These
organisations link basic research and security design to applied 
research and end-user producers for consumers and industry. The UNIQUE
project aims to increase the protection of hardware systems against 
counterfeiting, cloning, tampering, reverse engineering and insertion of
malicious components. For more information see 
http://www.trust.rub.de/projects/unique

Workshop on "Generic Ring Algorithms"
=====================================
On 13 - 15 January, the workshop "Generic Ring Algorithms" took place at 
the Ruhr University Bochum. It was organized by the HGI member Tibor
Jager. Invited speakers included Alex Dent (Royal Holloway University 
London), Divesh Aggarwal (ETH Zürich), Andy Rupp (University of
Massachusetts) and Vishal Saraswat (University of Massachusetts). Talks 
were given on analysis of cryptographic assumptions in idealized models
of calculation such as the "Generic ring model". Additionally, the 
extent to which these models reflect reality was discussed. The
financial support of the RUB Research School is gratefully acknowledged.


Guests
======
1 - 4 February 2010 **Kimmo Järvinen** (Helsinki University of 
Technology, Finland), Lehrstuhl für Systemsicherheit; Topic: Research 
Cooperation within the EU CACE (Computer Aided Cryptography Engineering)

26 - 29 May 2010 **Orr Dunkelmann** (Weizmann Institute of Science, 
Israel), Lehrstuhl für Eingebettete Sicherheit; Topic: Practical-Time
Attacks on the KASUMI Cryptosystem Used in GSM and 3G Telephony

Programme Committees
====================
Christof Paar: **COSADE 2010**, Workshop on Constructive Side-Channel 
and Secure Design, Darmstadt, 4 - 5 February 2010

Workshops
=========
Ahmad-Reza Sadeghi: **TRUST 2010** 21-23 June 2010, Berlin

Er­nes­to Da­mia­ni, Nils Grusch­ka, Flo­ri­an Kersch­baum, Jörg 
Schwenk: **First IEEE In­ter­na­tio­nal Work­shop on Web Ser­vice and 
Busi­ness
Pro­cess Se­cu­ri­ty, WSBPS** co­lo­ca­ted with IEEE SER­VICES 2010, 
Miami, FL, USA, 5 - 10 July 2010, Miami, Florida, USA

Meiko Jensen, Christoph Meinel, Michael Menzel, Jörg Schwenk, Ivonne 
Thomas: **Workshop on Services Security (WS2'10)** to be held at 
ISSE/SICHERHEIT
2010, 5 - 7 October 2010, Berlin

Invited talks
=============
Ahmad-Reza Sedeghi: **Trusted Computing - State of the Art and New 
Chalenges**, Wuhan University, China; November 2009

Frederik Armknecht: **Constructing Full-Homomorphic Encryption Schemes 
from Coding Theory**, InfoMaTech - Seminar, FHDW Hannover; December 2009

Alexander May: **Lösen von RSA Problemen mittels Gitterreduktion**, 
Mathematisches Kolloquium Oldenburg; 6 January 2010 
http://www.mathematik.uni oldenburg.de/sveraninhalt.phtml?veranid=228

Alexander May: **Attacking Power Generators Using Unravelled 
Linearization: When Do We Output Too Much?**, Early Symmetric Crypto
(ESC) Seminar, Remich, Luxembourg; 11 - 15 January 2010 
https://cryptolux.org/ESC/Alexander_May

Meiko Jensen: **A Security Modeling Approach for Web-Service-based 
Business Processes**, FIM colloquium, Universität Passau; January 2010

Jörg Schwenk: **Cloud Computing Security**, Münchner Kreis, München; 4 
February 2010 http://www.muenchner-kreis.de/pdfs/TrustInIT/Schwenk.pdf

Christof Paar: **Application of Physical Attacks to Real World Systems" 
auf dem Workshop Provable Security against Physical Attacks**, Lorentz 
Center in Leiden/Niederlande; 15 - 19 February 2010


Talks
=====
Christian Wachsmann: **Anonymizer-Enabled Security and Privacy for 
RFID**, International Conference on Cryptology and Network Security, 
Kanazawa, Japan; December 2009

Frederik Armknecht: **Memory Leakage-Resilient Encryption based on 
Physically Unclonable Functions**, ASIACRYPT - 15th International 
Conference on the Theory and Application of Cryptology and Information 
Security; December 2009.

Sven Schäge, Jörg Schwenk:  **A CDH-Based Ring Signature Scheme with 
Short Signatures and Public Keys**, Financial Cryptography and Data 
Security '10, Tenerife, Canary Islands, Spain; 25 - 28 January 2010


HGI Colloquium
==============
3 December 2009 Ma­thi­as Herr­mann / Ruhr-University Bochum: 
**Attacking Power Generators Using Unravelled Linearization**

10 December 2009 Micha­el Sil­ber­mann / Ruhr-University Bochum: 
**Security Analysis of Contactless Payment Systems in Practice**

17 December 2009 Henrich C. Pöhls / ISL Passau: **Digital Signatures and 
Context-Loss - How Digital Signatures might
facilitate Data Protection Claims in SOA**

14 January 2010 Wilfried Karden / Innenministerium NRW: 
**Wirtschaftsspionage**

21 January 2010 Martin Novotný / FEE CTU Praque: **Implementing MQ 
crypto­systems - Problems and Challen­ges**

28 January 2010 Meiko Jensen / Ruhr-University Bochum: **On Technical 
Security Issues in Cloud Computing**

4 February 2010 Florian Kerschbaum  / SAP: **Security Challen­ges in 
Supply Chain Management**

15 April 2010 Alessandro Barenghi / Politecnico di Milano: **Attacking 
AES 256 Through Low Voltage Faults**

22 April 2010 Ralf Zimmermann / EMSEC: **Implementing the Elliptic Curve 
Method (ECM) on Special-Purpose Hardware**

28 April 2010 Juan Garay / AT&T Labs (Research): **A Framework for the 
Sound Specification of Cryptographic Tasks**

29 April 2010 Thorsten Holz / EMMA: **Honeypots, Botnets, Malware 
Analysis, and more - Introducing the
Embedded Malware Group**

6 May 2010 Albrecht Petzold / TU Darmstadt: **A Multivariate Signature 
Scheme with a Partially Cyclic Public Key**

20 May 2010 Mathias Herrmann / CITS: **Maximizing Small Root Bounds by 
Linearization and Applications to
Small Secret Exponent RSA**

27 May 2010 Orr Dunkelman / The Weizmann Institute of Science: **A 
Practical-Time Attack on the KASUMI Cryptosystem Used in GSM and 3G
Telephony**

10 June 2010 Thorsten Mehlich / RUB: **Strategien für effiziente 
Skalarmultiplikation**

17 June 2010 Roberto Avanzi / RUB: **Arithmetic of Supersingular Koblitz 
Curves in Characteristic Three**

24 June 2010 Christopher Wolf / AG LTS (Long Term Security): 
**Äquivalente Schlüssel in Multivariaten Quadratischen Systemen**

1 July 2010 Juraj Somorovsky / NDS: **Streaming-based verification of 
XML Signatures in SOAP Messages**

5 July 2010 Susanne Wetzel / Stevens Institute of Technology, USA

8 July 2010 Peter Schwabe / Eindhoven University of Technology: **New 
Software Speed Records for Cryptographic Pairings**

15 July 2010 Alexander Meurer / CITS: **Correcting Errors in RSA Private 
Keys**

The abstracts are available at 
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/


Publications
============
F. Armknecht, R. Maes, A. Sadeghi. B. Sunar, P. Tuyls: **Memory 
Leakage-Resilient Encryption based on Physically Unclonable
Functions**, ASIACRYPT - 15th Annual International Conference on the 
Theory and Application of Cryptology and Information Security, 2009

Serdar Cabuk, Chris I. Dalton, Konrad Eriksson, Dirk Kuhlmann, 
HariGovind V. Ramasamy, Gianluca Ramunno, Ahmad-Reza Sadeghi, Matthias
Schunter, Christian Stüble: **Towards automated security policy 
enforcement in multi-tenant virtual data centers** Journal of Computer 
Security, IOS Press, Vlo. 18, Number 1, pp. 89-121, 2010

Mathias Herrmann, Alexander May: **Maximizing Small Root Bounds by 
Linearization and Applications to Small Secret Exponent RSA** 13th 
International Conference on Practice and Theory in Public Key 
Cryptography 2010, May 26-28, 2010, ENSParis, France 
http://pkc2010.di.ens.fr/accepted%20paper.htm

Kimmo Järvinen, Vladimir Kolesnikov, Ahmad-Reza Sadeghi, Thomas 
Schneider: **Embedded SFE: Offloading Server and Network using Hardware 
Tokens** 14th International Conference on Financial Cryptography and 
Data Security (FC 2010), January 25-28, Tenerife, Canary Islands, Spain, 
Talk given by Thomas Schneider

Meiko Jensen, Nils Gruschka, Ralph Herkenhöner: **A survey of attacks on 
web services** In Computer Science - Research and Development (CSRD): 
Volume 24, Issue 4 (2009), Page 185. Springer Berlin/Heidelberg.

Ahmad-Reza Sadeghi, Ivan Visconti, Christian Wachsmann: 
**Anonymizer-Enabled Security and Privacy for RFID** 8th International 
Conference on Cryptology And Network Security (CANS),Kanazawa, Japan, 
December 2009, Proceedings, volume 5888 of LNCS, pages 134-153. 
Springer-Verlag, 2009

Ahmad-Reza Sadeghi, Thomas Schneider, Immo Wehrenberg: **Efficient 
Privacy-Preserving Face Recognition** 12th International Conference on 
Information Security and Cryptology (ICISC 2009), December 2-4, Seoul, 
Korea, Talk was given by Immo Wehrenberg

Steffen Schulz, Ahmad-Reza Sadeghi: **Extending IPsec for Efficient 
Remote Attestation** 14th International Conference on Financial 
Cryptography and Data Security (FC 2010), January 25-28, Tenerife, 
Canary Islands, Spain, Talk given by Ahmad-Reza Sadeghi



Information
===========

Subscribe:
     If you wish to subscribe to the HGI News by email, you can do so at
     http://lists.ruhr-uni-bochum.de/mailman/listinfo/hgi-news-international

Unsubscribe:
     If you wish to unsubscribe from the HGI News, please visit
     http://lists.ruhr-uni-bochum.de/mailman/listinfo/hgi-news-international

Download:
     All HGI-Newsletters (both English and German) can be downloaded from:
     http://www.hgi.rub.de/hgi/newsletter

Editor:
     Anja Nuss, Email: an at hgi.rub.de

Executive Director of the Horst Görtz Institute:
     Prof. Dr. Jörg Schwenk, Email: Joerg.Schwenk at rub.de


-- 
Anja Nuß
Scientific Coordinator
Horst Görtz Institute
Room IC 4 / 147
Ruhr-University Bochum
DE-44780 Bochum, Germany
Phone: +49 (234) 32 - 27722
Fax: +49 (234) 32 - 14886
URL: www.hgi.rub.de