Zwei Paper, an denen CASA/HGI-Wissenschaftler*innen und weitere RUB-Mitglieder beteiligt waren, haben auf dem "USENIX Security Symposium 2023" Awards gewonnen. Die renommierte Konferenz findet vom 9. - 11. August in Anaheim in Kalifornien (USA) statt. Das Paper „Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge“ des Forscherteams bestehend aus den HGI-Mitgliedern Prof. Thorsten Holz und Nils Bars, Moritz Schloegel, Tobias Scharnowski und Nico Schiller wurde mit einem Distinguished Paper Award prämiert. Die Arbeit gewann zudem den zweiten Platz des 2023 Internet Defense Prize, der auf der Konferenz ausgezeichnet wird.
Das Paper „We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets”, an dem CASA PI Jörg Schwenk, sowie Marcel Maehren, Nurullah Erinola, Robert Merget von der Ruhr-Universität Bochum und weitere Kolleg*innen beteiligt waren, gewann einen Distinguished Artifact Award.
Die USENIX Konferenz gehört zu den Top-Konferenzen (A*-Ranking) in dem Forschungsbereich. In diesem Jahr fand sie zum 32. Mal statt.
Auf dem "Symposium on Usable Privacy and Security (SOUPS)" gewann ein Team, an dem CASA PI Karola Marky beteiligt ist, außerdem einen Poster Award für ihre Präsentation von "'...It's very unacceptable for someone to peek into your privacy.' Chronicles of Shoulder Surfing: Exploring Deep into a Longitudinal Diary Study."
Über die Paper
„We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets“
Sven Hebrok, Paderborn University; Simon Nachtigall, Paderborn University and achelos GmbH; Marcel Maehren and Nurullah Erinola, Ruhr University Bochum; Robert Merget, Technology Innovation Institute and Ruhr University Bochum; Juraj Somorovsky, Paderborn University; Jörg Schwenk, Ruhr University Bochum
Abstract:
Session tickets improve the performance of the TLS protocol. They allow abbreviating the handshake by using secrets from a previous session. To this end, the server encrypts the secrets using a Session Ticket Encryption Key (STEK) only know to the server, which the client stores as a ticket and sends back upon resumption. The standard leaves details such as data formats, encryption algorithms, and key management to the server implementation.
TLS session tickets have been criticized by security experts, for undermining the security guarantees of TLS. An adversary, who can guess or compromise the STEK, can passively record and decrypt TLS sessions and may impersonate the server. Thus, weak implementations of this mechanism may completely undermine TLS security guarantees.
We performed the first systematic large-scale analysis of the cryptographic pitfalls of session ticket implementations. (1) We determined the data formats and cryptographic algorithms used by 12 open-source implementations and designed online and offline tests to identify vulnerable implementations. (2) We performed several large-scale scans and collected session tickets for extended offline analyses.
We found significant differences in session ticket implementations and critical security issues in the analyzed servers. Vulnerable servers used weak keys or repeating keystreams in the used tickets, allowing for session ticket decryption. Among others, our analysis revealed a widespread implemen tation flaw within the Amazon AWS ecosystem that allowed for passive traffic decryption for at least 1.9% of the Tranco Top 100k servers.
„Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge“
Nils Bars, Moritz Schloegel, Tobias Scharnowski, and Nico Schiller, Ruhr-Universität Bochum; Thorsten Holz, CISPA Helmholtz Center for Information Security
Abstract: Today's digital communication relies on complex protocols and specifications for exchanging structured messages and data. Communication naturally involves two endpoints: One generating data and one consuming it. Traditional fuzz testing approaches replace one endpoint, the generator, with a fuzzer and rapidly test many mutated inputs on the target program under test. While this fully automated approach works well for loosely structured formats, this does not hold for highly structured formats, especially those that go through complex transformations such as compression or encryption.
In this work, we propose a novel perspective on generating inputs in highly complex formats without relying on heavyweight program analysis techniques, coarse-grained grammar approximation, or a human domain expert. Instead of mutating the inputs for a target program, we inject faults into the data generation program so that this data is almost of the expected format. Such data bypasses the initial parsing stages in the consumer program and exercises deeper program states, where it triggers more interesting program behavior. To realize this concept, we propose a set of compile-time and run-time analyses to mutate the generator in a targeted manner, so that it remains intact and produces semi-valid outputs that satisfy the constraints of the complex format. We have implemented this approach in a prototype called Fuzztruction and show that it outperforms the state-of-the-art fuzzers AFL++, SYMCC, and WEIZZ. Fuzztruction finds significantly more coverage than existing methods, especially on targets that use cryptographic primitives. During our evaluation, Fuzztruction uncovered 151 unique crashes (after automated deduplication). So far, we manually triaged and reported 27 bugs and 4 CVEs were assigned.
Allgemeiner Hinweis: Mit einer möglichen Nennung von geschlechtszuweisenden Attributen implizieren wir alle, die sich diesem Geschlecht zugehörig fühlen, unabhängig vom biologischen Geschlecht.