introducing the crysys lab félegyházi márk laboratory of cryptography and system security (crysys...

Introducing the CrySyS Lab

Félegyházi Márk

Laboratory of Cryptography and System Security (CrySyS Lab)Budapest University of Technology and EconomicsDepartment of Networked Systems and Services

www.crysys.hu

2013.11.20

Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu

22

Current members

faculty:– Boldizsár Bencsáth, PhD, Assistant Professor– Levente Buttyán, PhD, Associate Professor (head of the lab)– Márk Félegyházi, PhD, Assistant Professor– Tamás Holczer, PhD, Research Fellow– István Vajda, DSc, Professor (affiliate)

PhD candidates and PhD students:– Gábor Gulyás (privacy in social networks, identity separation techniques)

– Áron Lászka (robustness of network toplogies, optimization problems, game theory)

– Gábor Pék (security of virtualized systems, malware analysis)

– Ta Vinh Thong (formal verification of security protocols)

CrySyS Student Core– 10-12 talented students working with us permanently

+ students working on diploma and semester projects


3

Working with talented students

CrySyS Student Core

CrySyS Security Challenges: – 2011, 2012, 2013– more: http://www.crysys.hu/security-

challenges.html

Capture the Flag (CTF) hacking contests– iCTF 2011: 36/87– iCTF 2012: 23/98– CSAW 2013: 12/1378 (2/490)


44

Mission

internationally recognized, high quality research on security and privacy in computer networks and systems– problem driven, project oriented research we are committed to

establish and participate in R&D projects, in which we collaborate with industrial and other academic partners

teaching network and system security, privacy, and cryptography in the context of university courses, laboratory exercises, and student semester projects

provision of consulting services without compromising the general academic objectives


5

Research areas in the past

security and privacy in wireless embedded networks– sensor networks, body mounted sensor

networks, mesh networks, car-to-car communications, RFID systems

– secure communications, secure routing, secure distributed data storage, location privacy, private authentication, privacy preserving cluster head election

economics of security– game theoretic models of strategic

behavior, incentive compatible security architectures, quantitative risk management, cyber insurance


66

International collaborations

EPFL, Switzerland (Prof. Jean-Pierre Hubaux) University of Twente, The Netherlands (Prof. Frank Kargl) KTH, Sweden (Prof. Panagiotis Papadimitratos, Prof. György Dán) NEC Laboratories, Germany (Dr. Dirk Westhoff) IHP, Germany (Prof. Dr. Peter Langendoerfer) INRIA Rhone-Alpes (Dr. Claude Castelluccia) University of Münster, Germany (Prof. Rainer Böhme) Eurecom, France (Dr. Davide Balzarotti) University of Rome 3 (Dr. Roberto Di Pietro) … University of Washington, Seattle (Prof. Radha Poovendran) University of California, Berkeley (Prof. Jean Walrand) ICSI, Berkeley (Prof. Vern Paxson) …


Current research

detection and analysis of unknown targeted malware– static and dynamic program analysis, reverse

engineering, rootkit detection – Windows, Android

7


8

Stuxnet (June 2010)

“the Most Menacing Malware in History” (Kim Zetter, Wired)

targeted the Natanz nuclear enrichment plant in Iran modified PLCs (Programmable Logic Controllers) destroyed hundreds of uranium centrifuges


9

Highly visible results


Press

10


11

Lessons learned

current approaches to defend systems against targeted attacks are ineffective – code signing is not bullet proof– virus scanners cannot identify previously unseen malware

global threat mitigation and forensic analysis are challenging problems– How to share information in a privacy preserving manner?

• crucial for identification of droppers (and potentially 0-day exploits)– How to capture C&C servers quickly and track down the C&C proxy

chain?

attackers started to use advanced techniques– MD5 collision attack in Flame– encrypted payload in Gauss

better monitoring of system state could have been resulted in earlier detection


1212

Consulting and industry relations


On-going projects: Cloud-based targeted attack detection

13


On-going projects: Repository of Signed Code

funded by the US Office of Naval Research Global (ONRG)

motivation– signed kernel driver in Stuxnet and Duqu (compromised key)– signature on Flame (fake certificate seemingly issued by MS)

idea– collect everything that is signed in a database

• certificates, CRLs, OCSP responses, PE files, JAR files, PDFs, ...• hadoop based, no-sql database platform

– allow queries such as• has this signature been seen by others? and when?• what else have been signed by this key?

– provide alerts for registered users if objects signed with their keys are uploaded in our database

14


15

CrySyS Lab spin-offs

Incident responseMalware threat intelligence

Industry oriented research, development, and training

Encrypted data storage in the cloud


16

Contact information

www.crysys.hu

Levente Buttyán, PhDHead of the CrySyS Lab

[email protected]

+36 1 463 1803

introducing the crysys lab félegyházi márk laboratory of cryptography and system security (crysys...

Documents

phd students

location privacy

social networks

mesh networks

computer networks

gbor gulys privacy

laboratory exercises

research areas