Introducing the CrySyS Lab Félegyházi Márk Laboratory of Cryptography and System Security (CrySyS Lab) Budapest University of Technology and Economics.

Slides:

Advertisements

Similar presentations

Célzott informatikai támadások napjainkban Boldizsár Bencsáth PhD Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology.

Advertisements

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

Targeted attacks of recent days Boldizsár Bencsáth PhD Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology and Economics.

Stuxnet, Duqu és társai – kifinomult internetes kártevők kifejlesztése, átalakítása, továbbfejlesztése Stuxnet, Duqu and others – development and operation.

Research and teaching activities in the CrySyS Lab Levente Buttyán Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology.

CLEARER: Security and Privacy Research Roadmap for the CrySyS Lab Levente Buttyán, Márk Félegyházi, Boldizsár Bencsáth Laboratory of Cryptography and System.

Cyber Insurance for Data Breaches Márk Félegyházi Laboratory of Cryptography and System Security (CrySyS Lab) Department of Telecommunications Budapest.

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Gefördert durch das Kompetenzzentrenprogramm DI Alfred Wertner 19. September 2014 Ubiquitous Personal Computing © Know-Center Security.

Abusing Duqu, Flame, MiniFlame Boldizsár Bencsáth PhD Budapest University of Technology and Economics Department of Telecommunications Laboratory of Cryptography.

COMPLEXITY AND CYBER DEFENSE TTI/VANGUARD TAMING COMPLEXITY October 5, 2011 Michael A. Wertheimer, DoD.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

Capabilities Briefing

Project supported by YESS 2009 Young Engineering Scientist Symposium « Identity Management » Cryptography for the Security of Embedded Systems Ambient.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

A sophisticated Malware Arpit Singh CPSC 420

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Automating Forensics. 2 Speaker Passion is honeypots. President, Honeynet Project Author Honeypots: Tracking and Co-Author Know Your Enemy. 8 Years in.

Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.

Computer Science and Engineering 1 Cyber Security University of South Carolina Columbia Center for Information Assurance Engineering (CIAE)

Presentation of projects’ ideas. 1. Madrid Network “A public-private network which aim is to contibute actively to position Madrid Region in the top.

KFUPM-COE Industrial Advisory Council Meeting 31/5/ Department of Computer Engineering (COE) College of Computer Sciences and Engineering (CCSE)

Version Number Authentication and Local Key Agreement Levente Buttyán Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology.

Technical analysis and information sharing in the handling of high-profile targeted attacks Boldizsár Bencsáth Laboratory of Cryptography and System Security.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

REU 2004 Computer Science and Engineering Department The University of Texas at Arlington Research Experiences for Undergraduates in Distributed Rational.

1 Structure of Aalborg University Welcome to Aalborg University.

AUB Department of Electrical and Computer Engineering Imad H. Elhajj American University of Beirut Electrical and Computer Engineering

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

Presented by Prof. Danilo Gligoroski MSc in Telematics Specialization in Information Security.

Cryptography and Network Security Sixth Edition by William Stallings.

E NGINEERING STUDIES IN T ELECOMMUNICATIONS S ECURITY School of Communication Engineering.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.

June All Hands Meeting Security in Sensor Networks Tanya Roosta Chris Karlof Professor S. Sastry.

Chapter 5 Initial Development of Leads Spring Incident Response & Computer Forensics.

Draft-dvir-roll-security-authentication-01 and draft-dvir-roll-security-key-agreement Amit Dvir Laboratory of Cryptography and System Security (CrySyS)

Big Data Analytics Are we at risk? Dr. Csilla Farkas Director Center for Information Assurance Engineering (CIAE) Department of Computer Science and Engineering.

BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

1 Item 3 - Research and Development of High Security Remote Authentication Technology Item 3 - Research and Development of High Security Remote Authentication.

Big Data Security Issues in Cloud Management. BDWG Big Data Working Group Researchers 1: Data analytics for security 2: Privacy preserving 3: Big data-scale.

Financial Sector Cybersecurity R&D Priorities The Members of the FSSCC R&D Committee November 2014.

Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.

Introducing Dell SonicWALL Capture Advanced Threat Protection Service

Mobile Security Solution Solution Overview Check Point Mobile Threat Prevention is an innovative approach to mobile security that detects and stops advanced.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai Supervised.

Computer Science and Engineering 1 Cyber Security University of South Carolina Columbia Center for Information Assurance Engineering (CIAE)

A Virtual Tour of SophosLabs Building next-generation protection

University of Maryland College Park

Center of Excellence in Cyber Security

Active Cyber Security, OnDemand

Wenjing Lou Complex Networks and Security Research (CNSR) Lab

5G Security Training

Securing Cloud-Native Applications Jason Schmitt CEO

Cyber Education & Research

Cyber Security R&D: A Personal Perspective

Firmware security integrity checking Andrea Battaglia, Aspisec IT

Presentation transcript:

Introducing the CrySyS Lab Félegyházi Márk Laboratory of Cryptography and System Security (CrySyS Lab) Budapest University of Technology and Economics Department of Networked Systems and Services

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium 22 Current members  faculty: –Boldizsár Bencsáth, PhD, Assistant Professor –Levente Buttyán, PhD, Associate Professor (head of the lab) –Márk Félegyházi, PhD, Assistant Professor –Tamás Holczer, PhD, Research Fellow –István Vajda, DSc, Professor (affiliate)  PhD candidates and PhD students: –Gábor Gulyás (privacy in social networks, identity separation techniques) –Áron Lászka (robustness of network toplogies, optimization problems, game theory) –Gábor Pék (security of virtualized systems, malware analysis) –Ta Vinh Thong (formal verification of security protocols)  CrySyS Student Core –10-12 talented students working with us permanently + students working on diploma and semester projects

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium 3 Working with talented students  CrySyS Student Core  CrySyS Security Challenges: –2011, 2012, 2013 –more:  Capture the Flag (CTF) hacking contests –iCTF 2011: 36/87 –iCTF 2012: 23/98 –CSAW 2013: 12/1378 (2/490)

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium 44 Mission  internationally recognized, high quality research on security and privacy in computer networks and systems –problem driven, project oriented research  we are committed to establish and participate in R&D projects, in which we collaborate with industrial and other academic partners  teaching network and system security, privacy, and cryptography in the context of university courses, laboratory exercises, and student semester projects  provision of consulting services without compromising the general academic objectives

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium 5 Research areas in the past  security and privacy in wireless embedded networks –sensor networks, body mounted sensor networks, mesh networks, car-to-car communications, RFID systems –secure communications, secure routing, secure distributed data storage, location privacy, private authentication, privacy preserving cluster head election  economics of security –game theoretic models of strategic behavior, incentive compatible security architectures, quantitative risk management, cyber insurance

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium 66 International collaborations  EPFL, Switzerland (Prof. Jean-Pierre Hubaux)  University of Twente, The Netherlands (Prof. Frank Kargl)  KTH, Sweden (Prof. Panagiotis Papadimitratos, Prof. György Dán)  NEC Laboratories, Germany (Dr. Dirk Westhoff)  IHP, Germany (Prof. Dr. Peter Langendoerfer)  INRIA Rhone-Alpes (Dr. Claude Castelluccia)  University of Münster, Germany (Prof. Rainer Böhme)  Eurecom, France (Dr. Davide Balzarotti)  University of Rome 3 (Dr. Roberto Di Pietro)  …  University of Washington, Seattle (Prof. Radha Poovendran)  University of California, Berkeley (Prof. Jean Walrand)  ICSI, Berkeley (Prof. Vern Paxson)  …

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium Current research  detection and analysis of unknown targeted malware –static and dynamic program analysis, reverse engineering, rootkit detection –Windows, Android 7

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium 8 Stuxnet (June 2010)  “the Most Menacing Malware in History” (Kim Zetter, Wired)  targeted the Natanz nuclear enrichment plant in Iran  modified PLCs (Programmable Logic Controllers)  destroyed hundreds of uranium centrifuges

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium 9 Highly visible results  Duqu (October 2011) –discovery, naming, and first analysis of Duqu striking similarities to Stuxnet, but different mission (info-stealer) –identification of the dropper component 0-day Windows kernel exploit (in embedded font parsing) –development of the Duqu Detector Toolkit open source, heuristic anomaly detector (detects Duqu and Stuxnet)  Flame (May 2012) –first detailed technical analysis of Flame (aka sKyWIper) another info-stealer, but more complex than Duqu (unusually large size)  MiniDuke (Feb 2013) –detailed technical analysis with Kaspersky  TeamSpy (Mar 2013) –first detailed technical analysis  more info >>>

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium Press 10

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium 11 Lessons learned  current approaches to defend systems against targeted attacks are ineffective –code signing is not bullet proof –virus scanners cannot identify previously unseen malware  global threat mitigation and forensic analysis are challenging problems –How to share information in a privacy preserving manner? crucial for identification of droppers (and potentially 0-day exploits) –How to capture C&C servers quickly and track down the C&C proxy chain?  attackers started to use advanced techniques –MD5 collision attack in Flame –encrypted payload in Gauss  better monitoring of system state could have been resulted in earlier detection

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium 12 Consulting and industry relations

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium On-going projects: Cloud-based targeted attack detection  funded by the Hungarian National Development Agency (NFÜ)  determined and resourceful attackers will always be able to succeed in compromising systems  we focus on rapid detection  ingredients –cloud based analysis environment –automated detection of behavioral anomalies –human expertise to eliminate false positives 13

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium On-going projects: Repository of Signed Code  funded by the US Office of Naval Research Global (ONRG)  motivation –signed kernel driver in Stuxnet and Duqu (compromised key) –signature on Flame (fake certificate seemingly issued by MS)  idea –collect everything that is signed in a database certificates, CRLs, OCSP responses, PE files, JAR files, PDFs,... hadoop based, no-sql database platform – allow queries such as has this signature been seen by others? and when? what else have been signed by this key? –provide alerts for registered users if objects signed with their keys are uploaded in our database 14

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium 15 CrySyS Lab spin-offs Incident response Malware threat intelligence Industry oriented research, development, and training Encrypted data storage in the cloud

Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium 16 Contact information Levente Buttyán, PhD Head of the CrySyS Lab