introducing the crysys lab félegyházi márk laboratory of cryptography and system security (crysys...
TRANSCRIPT
Introducing the CrySyS Lab
Félegyházi Márk
Laboratory of Cryptography and System Security (CrySyS Lab)Budapest University of Technology and EconomicsDepartment of Networked Systems and Services
www.crysys.hu
2013.11.20
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
22
Current members
faculty:– Boldizsár Bencsáth, PhD, Assistant Professor– Levente Buttyán, PhD, Associate Professor (head of the lab)– Márk Félegyházi, PhD, Assistant Professor– Tamás Holczer, PhD, Research Fellow– István Vajda, DSc, Professor (affiliate)
PhD candidates and PhD students:– Gábor Gulyás (privacy in social networks, identity separation techniques)
– Áron Lászka (robustness of network toplogies, optimization problems, game theory)
– Gábor Pék (security of virtualized systems, malware analysis)
– Ta Vinh Thong (formal verification of security protocols)
CrySyS Student Core– 10-12 talented students working with us permanently
+ students working on diploma and semester projects
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
3
Working with talented students
CrySyS Student Core
CrySyS Security Challenges: – 2011, 2012, 2013– more: http://www.crysys.hu/security-
challenges.html
Capture the Flag (CTF) hacking contests– iCTF 2011: 36/87– iCTF 2012: 23/98– CSAW 2013: 12/1378 (2/490)
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
44
Mission
internationally recognized, high quality research on security and privacy in computer networks and systems– problem driven, project oriented research we are committed to
establish and participate in R&D projects, in which we collaborate with industrial and other academic partners
teaching network and system security, privacy, and cryptography in the context of university courses, laboratory exercises, and student semester projects
provision of consulting services without compromising the general academic objectives
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
5
Research areas in the past
security and privacy in wireless embedded networks– sensor networks, body mounted sensor
networks, mesh networks, car-to-car communications, RFID systems
– secure communications, secure routing, secure distributed data storage, location privacy, private authentication, privacy preserving cluster head election
economics of security– game theoretic models of strategic
behavior, incentive compatible security architectures, quantitative risk management, cyber insurance
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
66
International collaborations
EPFL, Switzerland (Prof. Jean-Pierre Hubaux) University of Twente, The Netherlands (Prof. Frank Kargl) KTH, Sweden (Prof. Panagiotis Papadimitratos, Prof. György Dán) NEC Laboratories, Germany (Dr. Dirk Westhoff) IHP, Germany (Prof. Dr. Peter Langendoerfer) INRIA Rhone-Alpes (Dr. Claude Castelluccia) University of Münster, Germany (Prof. Rainer Böhme) Eurecom, France (Dr. Davide Balzarotti) University of Rome 3 (Dr. Roberto Di Pietro) … University of Washington, Seattle (Prof. Radha Poovendran) University of California, Berkeley (Prof. Jean Walrand) ICSI, Berkeley (Prof. Vern Paxson) …
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
Current research
detection and analysis of unknown targeted malware– static and dynamic program analysis, reverse
engineering, rootkit detection – Windows, Android
7
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
8
Stuxnet (June 2010)
“the Most Menacing Malware in History” (Kim Zetter, Wired)
targeted the Natanz nuclear enrichment plant in Iran modified PLCs (Programmable Logic Controllers) destroyed hundreds of uranium centrifuges
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
9
Highly visible results
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
Press
10
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
11
Lessons learned
current approaches to defend systems against targeted attacks are ineffective – code signing is not bullet proof– virus scanners cannot identify previously unseen malware
global threat mitigation and forensic analysis are challenging problems– How to share information in a privacy preserving manner?
• crucial for identification of droppers (and potentially 0-day exploits)– How to capture C&C servers quickly and track down the C&C proxy
chain?
attackers started to use advanced techniques– MD5 collision attack in Flame– encrypted payload in Gauss
better monitoring of system state could have been resulted in earlier detection
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
1212
Consulting and industry relations
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
On-going projects: Cloud-based targeted attack detection
13
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
On-going projects: Repository of Signed Code
funded by the US Office of Naval Research Global (ONRG)
motivation– signed kernel driver in Stuxnet and Duqu (compromised key)– signature on Flame (fake certificate seemingly issued by MS)
idea– collect everything that is signed in a database
• certificates, CRLs, OCSP responses, PE files, JAR files, PDFs, ...• hadoop based, no-sql database platform
– allow queries such as• has this signature been seen by others? and when?• what else have been signed by this key?
– provide alerts for registered users if objects signed with their keys are uploaded in our database
14
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
15
CrySyS Lab spin-offs
Incident responseMalware threat intelligence
Industry oriented research, development, and training
Encrypted data storage in the cloud
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
16
Contact information
www.crysys.hu
Levente Buttyán, PhDHead of the CrySyS Lab
+36 1 463 1803