Advanced Internet Security

(1)

Int. Secure Systems Lab

Vienna University of Technology

Advanced Internet Security

(aka InetSec 2)

183.222 Adrian Dabrowski

Markus Kammerstetter

Georg Merzdoznik

Stefan Riegler

Lecturers

Challenge Gurus

(2)

Administrative Issues

•Mode

• Weekly lectures

• Regular programming assignments • Written final exam (end of January)

•When and Where

• Thursday 12:00 am. – 13:30/45 pm. (s.t.) • FH HS 6

• Lectures until January

•Slides and News (please visit

regularly

)

•https://secenv.seclab.tuwien.ac.at/

•Email: [email protected]

(3)

InetSec 1 and InetSec 2

•Unix Security •Windows Security •Web Security •Buffer Overflows

•Internet Application Security •Cryptography

•Reverse Engineering •Viruses and Worms •Testing

•Hardware Security, Wireless

InetSec 1 InetSec 2

(4)

Who should do InetSec 2

• People who would like become “security gurus”

● we usually take part in a Capture The Flag hacking contest against other

universities. Hopefully again this year…

● lots of fun: many top positions over the past years, we won the competition in

2006 & 2011, and then moved to the DEFCON CTF finals!

• People who are technically oriented

• you should be (somewhat) familiar with C and Linux, ASM helps • Java-purists will have some catching up to do ;-)

• You should be interested in solving technical problems

- even if it might cost you some time

• People who have time! You get the chance to solve challenges such as

- writing a worm or trojan

(5)

(6)

(7)

Your Roadmap to Enlightenment

InetSec1

InetSec2

Challenges Solved Script Kiddie Nobody+ Nobody++ Nobody Junior Nobody Senior Nobody Professional Apprentice Stackmaster Apprentice++ Apprentice Junior Apprentice Senior Apprentice Professional Stackmaster Expl0it Warlock

Guru / Master Guru (CtF required)

Rating 0 1 2 3 4 5 6 7 8 9 10 11 12 13

(8)

Lab

•Assignments

● 6 challenges, mostly following the lecture content

● lab starts with the lectures on the October 15th (i.e., challenge 1) ● registration open until October 15th

– you cannot turn in challenge solutions later – enroll via TISS!

•Environment

● assignments should be mostly solved at home

● small test network, which is remotely accessible via ssh (Linux) ● accounts are created automatically with the registration

(9)

Lab

•Challenge topics

(tentative)

● Unix vulnerabilities ● Remote buffer overflow ● Windows Security

● Program analysis and Patching (“Cracking”) ● Advanced stack buffer overflow

● Malware (Worm, Virus, something simple) ● Android

(10)

Grading

•How you get your grade

● over the whole semester, you can solve 6 lab assignments ● final exam at the end

● 50% needed for each to pass the course

● 5 challenges “count” full, 20% assigned to each (plus one extra for 10% bonus) ● see website for more info

● Final exam needs registration via TISS!!

–your are required to correctly solve 3 assignments to take the exam!

–do the math:

– 5 (challenges) * 20% + 10% bonus (exam points) = 110% max – one challenge is optional

•Turning in challenge solutions

– through the lab environment

– hard deadlines (with sufficient time)

(11)

Capture the Flag (CTF) Exercise

– security exercise involving universities around the world

– teams have to hack into other machines while simultaneously defending their own systems

– probably rather time consuming

– but very rewarding and interesting (and there will be pizza ;-) )

– more information under http://ictf.cs.ucsb.edu/ and lecture homepage – Most likely date: Fri Dec 4th

What’s more

(12)

More Stuff

Praktika, Diploma theses

–We always need students who are motivated to work on security projects, a very

incomplete list is on

● http://www.seclab.tuwien.ac.at/praktikaandtheses.html ● https://www.sba-research.org/research/teaching/

(13)

(14)

Praktika (HW Seclab)

●

Binary and Firmware Analysis

●

RFID Security

●

Wireless Radio Security (we use the BladeRF SDR platform

and GNURadio for this)

●

Integrated Circuit Reverse Engineering and Security Analysis

●

High Speed Cryptography on FPGA Clusters (we run our own

FPGA cluster with 36x Spartan 6 LX150 FPGAs)

●

Fault Injection and Side Channel Attacks (we have custom

build hardware and software in addition to a modified

ChipWhisperer)

●

Payment System Security

(15)

Praktika (SBA)

●

evaluation of ROP attack generators: potential

and limitations

●

evaluation of CFI systems: performance and

precision

●

Optimized ROP attack generation

●

Software Diversity:

●

Compile-time supported static binary rewriting

●

CFI for interpreters

(16)

Topics: Mobile Phone Networks

●

Sniffing GSM/UMTS/LTE

●

Fake Base Stations

●

Tracking fake base stations

●

Fingerprinting over the radio access

network

(17)

Internet Security 2 (aka Advanced InetSec

)

Thesis's, Internships

•Secure Systems Lab has become international

–possibility for very good students to do internship projects abroad –take from three months to half a year

–participate in our research projects

–if you are good (technically AND academically) then we like you

• Locations & cooperations besides Vienna

● Tokyo

● Santa Barbara ● Boston

● Bohum ● ….

(18)

Hope you are interested!

➔