19/01/17 | Speaker Abstracts
Keynote Speaker – Day 1
Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures and security usability. He helped write the popular PGP encryption package, has authored a number of papers and RFC’s on security and encryption, and is the author of the open source cryptlib security toolkit, “Cryptographic Security Architecture: Design and Verification” (Springer, 2003), and an upcoming book on security engineering.
Rodrigo Branco (Brazil)
Blinded Random Block Corruption Attacks
Rodrigo works as Principal Security Researcher at Intel Corporation in the Security Center of Excellence where he leads the Core Client, BIOS and IoT SoC Teams. He is a member of the RISE Security Group and is the organiser of the Hackers to Hackers Conference (H2HC). He is also an active contributor to open-source projects (like ebizzy, linux kernel, others) and is regularly invited to speak at events, including H2HC, Black Hat, Hack in The Box, XCon, OLS, Defcon, Hackito, Zero Nights, Troopers and many others.
Protecting users’ privacy in virtualized cloud environments is an increasing concern for both users and providers. A hypervisor provides a hosting facility administrator with the capabilities to read the memory space of any guest VM. Therefore, nothing really prevents such an administrator from abusing these capabilities to access users’ data. This threat is not prevented even if the whole memory is encrypted with a single (secret) key. Guest VM’s can be isolated from the administrator if each guest VM has its memory space encrypted with a unique per-VM key. Here, while the hypervisor’s memory access capabilities remain unchanged, reading a VM memory decrypts the VM’s encrypted data with the wrong key and therefore gives no advantage to the attacker. This is indeed the motivation behind some newly proposed technologies that are planned in future processors.
However, this presentation argues that the privacy claim of any technology that uses different encryption keys to isolate hypervisor administrators from guest VM’s cannot be guaranteed. To show this, we explain and demonstrate a new instantiation of a “Blinded Random Corruption Attack”. Under the same scenario assumptions that the per-VM keying method addresses, our attack allows the cloud provider administrator to use the capabilities of a (trusted) hypervisor in order to login to a guest VM. This completely compromises the user’s data privacy. This shows, once again, that memory encryption by itself, is not necessarily a defense-in-depth mechanism against attackers with memory read/write capabilities. A better guarantee is achieved if the memory encryption includes some authentication mechanism.
Bryan K. Fite (USA)
Planes, Trains and Automobiles: The Internet of Deadly Things
A committed security practitioner and entrepreneur, Bryan has spent 25 years in mission-critical environments and is currently an account CISO at BT.
“When world’s collide!” is not just another random Seinfeld reference, it is the wake-up call for all security practitioners and cyber savvy citizens. Transportation systems that utilize machine to machine communication often focus on the engineering challenges of resilience, reliability and mechanical specifications. They now must be conscious of software bugs, security vulnerabilities and sophisticated threat actors. Cyber was once the exclusive domain of digital denizens but now digital digits can reach out and “touch” someone. As more and more discretion is taken away from human operators and assigned to autonomous systems, our safety becomes dependent on ubiquitous sensor networks that are “Connected”. New threat catalogs are required to design systems that are safe and secure. We will articulate the attack surface, move beyond the hype and propose reasonable response strategies for surviving in a world where cyber and physical intersect.
This presentation is inspired by cyber-physical research described in this white paper.
Craig Smith (USA)
You Don’t Own It If You Can’t Hack It
Craig Smith is Research Director of Transportation Security at Rapid7 and founder of Open Garages, a distributed collective of performance tuners, mechanics, security researchers, and artists. Craig is also the author of the Car Hacker’s Handbook.
This talk discusses the role security has played in the auto industry. How vehicle hacking has pushed a traditionally closed industry into being more open and able to take feedback and vulnerability reports without sending cease and desist letters. We will discuss how important hacking is to the right to repair and right to tinker efforts. The talk will conclude with giving you the information on how you can deploy a secure system that still lets you hack it.
Ravishankar Borgaonkar (UK)
Privacy Issues in 4G
Ravishankar Borgaonkar is a research fellow from the University of Oxford. His research themes are related to mobile telecommunication and involved security threats and has previously been presented at the Black Hat, Hack In The Box, Ruxcon, Troopers, T2, and HES.
His talk will look at privacy issues in 4G cellular networks and their impact on end-users including myths about usage of IMSI catchers; and how privacy of mobile subscribers can be breached at different layers of 4G networking technologies. At last, protection measures will be discussed to avoid being tracked when using cellular networks.
Michael Ossmann (USA)
Keynote Speaker – Day 2
Michael Ossmann is a wireless security researcher who makes hardware for hackers. Best known for the open source HackRF, Ubertooth, and Daisho projects, he founded Great Scott Gadgets in an effort to put exciting, new tools into the hands of innovative people.
Ossmann focuses on SDR using the open-source GNURadio Companion GUI tool, which makes implementing a lot of cool SDR techniques as easy as dragging and dropping items into a flow diagram.
Jacob Torrey (USA)
Bootstrapping an Architectural Research Platform
Jacob Torrey is an Advising Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler.
His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. In addition to his research, Jacob volunteers his time organizing conferences in Denver (RMISC & BSidesDenver) and regular meetups across the front range.
Dr Oliver Matula & Chistoph Klaassen (Germany)
Doing the Same Thing Over and Over Again: A Critical View on Security Products
Oliver and Christoph are IT security researchers and practitioners at ERNW, a Germany-based security company. They both have extensive experience in both the offensive and defensive side of IT security.
Their presentation looks at particular shortcomings of security appliances, the very large gap between marketing promises and operational reality, and the very large attack surface security appliances actually introduce into your environment.
There is barely any company network without some type of security product, be it client AV, IDS, or an Advanced Threat Protection solution. Even more notably, many IT environments that suffered from large data breaches had various security products deployed. However, as media coverage and our own experience shows, those solutions do not always protect companies sufficiently and may even introduce additional vulnerabilities in the first place. Still, most environments do deploy new or updated security appliances over and over again. This presentation will discuss particular shortcomings of security appliances, the very large gap between marketing promises and operational reality, and the very large attack surface security appliances actually introduce into your environment. Using results from our research on various technologies, we will illustrate why we think security appliances do not automatically provide a good ratio between security benefit and operational effort/impact. To go beyond the 2014 security appliance bashing, we will also give some positive examples for the use of security appliances, provide relevant hints for the successful/beneficial operation, and also describe some alternatives to security appliances.
Philippe Langlois (France)
Philippe Langlois is a highly regarded entrepreneur, security researcher and expert in the domain of telecom and network security. He has founded several internationally-recognised security companies – including P1 Security – and has led technical, development and research teams at Solsoft and TSTF.
He is experienced in bringing technology firsts to market, including proposing Penetration Testing in France.
Edmond Rogers (USA)
Armadillo 2.0 Client for CyPSA (Cyber Physical Situational Awareness)
Edmond Rogers (CISSP) is a Security Engineer for the University of Illinois Information Trust Institute. Rogers has decades of defense experience and previously worked at a Fortune 500 Investor Owned Utility in the United States, where he was responsible for the cyber security of SCADA systems that operated the bulk electric system. He also founded and Internet Service Provider (bluegrass.net) in the early 90’s.
Armadillo 2.0 is a UI for Windows that provides data flow visualization similar to power flow software. The visualization helps users find unwanted connections and provides a click and block capability. Armadillo 2.0 also provides secured connection to the CyPSA (Cyber Physical Situational Awareness) framework to extract impact data regarding actions taken on a computer. This will allow users to evaluate the impact of commands before they are entered into a live system. This release also will include new functionality in the CyPSA framework in regards to more efficient categorization of cyber physical tie data and more concise XML formats in the CyPSA engine. The release is here
Matthew Daley (NZ)
Service Account Shenanigans
Matt is a senior consultant at Aura Information Security, where he conducts security assessments across a range of critical infrastructure environments.
Matthew’s presentation will focus on service accounts, how they can be the weakest point in your entire domain, and what can be done to protect your business from attack.