28C3 lecture video: Smart Hacking for Privacy

On the 28th Chaos Communication Congress  (annual conference of the Chaos Computer Club Germany) in Berlin a lecture on smart meter security and privacy issues was given. The video is available via Youtube below.

 

 

Posted in DaPriM, Datenschutz (deutsch) | Kommentare deaktiviert für 28C3 lecture video: Smart Hacking for Privacy

Smart Hacking for Privacy (Vortrag am 30.12.2011)

Smart Hacking for Privacy: Smart Meter and Privacy Concerns.

At the 28th Chaos Communication Congress  Stephan Brinkhaus BSc. gives a lecture on smart meter security issues at 16:00h 30.Dec.2011.

Advanced metering devices (aka smart meters) are nowadays being installed throughout electric networks in Germany, in other parts of Europe and in the United States. Due to a recent amendment especially in Germany they become more and more popular and are obligatory for new and refurbished buildings.

Unfortunately, smart meters are able to become surveillance devices that monitor the behavior of the customers leading to unprecedented invasions of consumer privacy. High-resolution energy consumption data is transmitted to the utility company in principle allowing intrusive identification and monitoring of equipment within consumers‘ homes (e. g., TV set, refrigerator, toaster, and oven) as was already shown in different reports.

This talk is about the Discovergy / EasyMeter smart meter used for electricity metering in private homes in Germany. During our analysis we found several security bugs that range from problems with the certificate management of the website to missing security features for the metering data in transit. For example (un)fortunately the metering data is unsigned and unencrypted, although otherwise stated explicitly on the manufacturer’s homepage. It has to be pointed out that all tests were performed on a sealed, fully functionally device.

In our presentation we will mainly focus on two aspects which we revealed during our analysis: first the privacy issues resulting in even allowing to identify the TV program out of the metering data and second the „problem“ that one can easily alter data transmitted even for a third party and thereby potentially fake the amount of consumed power being billed.

In the first part of the talk we show that the analysis of the household’s electricity usage profile can reveal what channel the TV set in the household is displaying. We will also give some test-based assessments whether it is possible to scan for copyright-protected material in the data collected by the smart meter.

In the second part we focus on the data being transmitted by the smart meter via the Internet. We show to what extent the consumption data can be altered and transmitted to the server and visualize this by transmitting some kind of picture data to Discovergy’s consumption data server in a way that the picture content will become visible in the electricity profile. Moreover, we show what happens if the faked power consumption data reflects unrealistic extreme high or negative power consumptions and how that might influence the database and service robustness

abstract

Posted in DaPriM | Kommentare deaktiviert für Smart Hacking for Privacy (Vortrag am 30.12.2011)

Direct Anonymous Attestation: Enhancing Cloud Service User Privacy (paper)

We introduce a privacy enhancing cloud service architecture based on the Direct Anonymous Attestation (DAA) scheme. In order to protect user data, the architecture provides cloud users with the abilities of controlling the extent of data sharing among their service accounts.

A user is then enabled to link Cloud Service applications in such a way, that his/her personal data are shared only among designated applications. The anonymity of the platform identity is preserved while the integrity of the hardware platform (represented by Trusted Computing configuration register values) is proven to the remote servers. Moreover, the cloud service provider can assess user account activities, which leads to efficient security enforcement measures.

Read full paper here (PDF).

Posted in cloud, DaPriM | Kommentare deaktiviert für Direct Anonymous Attestation: Enhancing Cloud Service User Privacy (paper)

A Privacy Preserving System for Cloud Computing (paper)

Cloud computing is changing the way that organizations manage their data, due to its robustness, low cost and ubiquitous nature. Privacy concerns arise whenever sensitive data is outsourced to the cloud. Our paper introduces a cloud database storage architecture that prevents the local administrator as well as the cloud administrator to learn about the outsourced database content.

Moreover, machine readable rights expressions are used in order to limit users of the database to a need-to-know basis. These limitations are not changeable by administrators after the database related application is launched, since a new role of rights editors is defined once an application is launced. Furthermore, trusted computing is applied to bind cryptographic key information to trusted states. By limiting the necessary trust in both corporate as well as external administrators and service providers, we counteract the often criticized privacy and confidentiality risks of corporate cloud computing.

Read full paper here (PDF).

Posted in cloud, DaPriM, prototype | Kommentare deaktiviert für A Privacy Preserving System for Cloud Computing (paper)

Smart Meter und Datenschutz

Bundesweit und auch im europäischen Rahmen ist die Einführung von intelligenten Strommessgeräten (Smart Meter) geplant, die vorhandene Stromzähler ersetzen sollen. Stromkunden können mithilfe dieser Geräte detaillierte Informationen über den Stromverbrauch erhalten und sind in der Lage, Stromverbraucher zu identifizieren, Ursachen für hohen Verbrauch zu bestimmen und damit Abhilfe zu schaffen, d. h. insbesondere Stromverbrauchskosten zu senken (Förderung des bewussten Ener-gieverbrauchs).

Die in der Literatur genannten Identifikationsmöglichkeiten von elektrischen Geräten konnten erfolgreich verifiziert werden. So war es möglich, anhand des Verbrauchsprofils die Aktivität von Kühlschrank, Herd und TV-Gerät aus der Datenmenge zu gewinnen.

Durch Auswertung des Stromverbrauchs eines für Privathaushalte typischen LCD-TV-Gerätes konnte nicht nur die Einschaltzeit des Fernsehers  identifiziert werden. Es war darüber hinaus möglich, das eingeschaltete Programm bzw. den abgespielten Film zu identifizieren!

Weitere Ergebnisse und technische Details im Arbeitspapier zum Download.

 

Posted in DaPriM, Datenschutz (deutsch) | 6 Comments

Spionage via Webcam (Vortrag am 21.09.2011)

Spionage via Webcam: Welchen Schutz bieten Personal Firewalls und Virenscanner?

Vortrag auf der Konferenz D•A•CH Security 2011 am 21.09.2011 in Oldenburg. Vortragender ist Matthias Wellmeyer, BSc.

Motiviert durch die spektakulären Fälle aus den Jahren 2010 und 2011, die tiefgreifende Verletzungen der Privatsphäre von Nutzern durch heimliche Beobachtung mit der Webcam zum Gegenstand hatten, beschreiben wir den Aufbau und die Analyse einer Webcam-Spionagesoftware.

Neben Industriespionage stellen Voyeurismus und heimliche Überwachung die Motivation für diese Rechtsverletzungen dar. Bei der untersuchten Software wird die Multimediafähigkeit moderner Computer ausgenutzt, um Benutzer, während diese am Rechner (z. B. Notebook) arbeiten, und die Umgebung über die Webcam unbemerkt zu beobachten.

Zu diesem Zweck wurde in einer Laborumgebung ein Demonstrator entwickelt, der in einem festgelegten Zeitintervall das Bild der Webcam zu einem Angreifer überträgt. Der Prototyp demonstriert, dass Firewall und Virenscanner zwar technische Hürden darstellen; diese sind aber – so zeigen es die technischen Laborergebnisse – überwindbar und täuschen dem Benutzer daher einen Schutz vor, der nicht existiert.

Eine Spionagesoftware gerichtet auf ein konkretes Zielsystem (beispielsweise für den einmaligen Einsatz), kann mit geringem technischen Aufwand erstellt werden; eine Erkennung durch Virenscanner und Personal Firewalls kann der Angreifer in Bezug auf die von uns getestete Systemlandschaft wirksam ausschließen. Es genügt, wenn das Opfer die Applikation, die es vorher mit der AV-Software gescannt hat, einmalig ausführt.

Posted in DaPriM, Datenschutz (deutsch) | Kommentare deaktiviert für Spionage via Webcam (Vortrag am 21.09.2011)

Cloud-Sicherheit (Vortrag am 21.9.2011)

Cloud-Sicherheit ohne vertrauenswürdige Administration

Vortrag auf der Konferenz D•A•CH Security 2011 am 21.09.2011 um 9:00 Uhr in Oldenburg.
Vortragender ist Dennis Löhr, MSc.

Durch datenschutzstechnische Albträume wie beispielsweise dem Sony Hack, bei dem über 100 Millionen Datensätze entwendet wurden, den Datenschutzskandalen bei der Deutschen Telekom oder den britischen Skandalen, bei denen mehrmals CDs mit sensiblen Informationen verloren gegangen sind, wurden wir motiviert, Lösungen für diese Probleme zu finden.

In unserem Vorschlag wollen wir versuchen, das Problem zu lösen, dass große Mengen Daten in die Hände von dritten oder sogar Kriminellen geraten. Hierbei gehen wir aber weiter als es bei vielen anderen Vorschlägen gemacht wird: Wir „misstrauen“ nicht nur den externen Administratoren der Cloud sondern auch den eigenen Mitarbeitern und den eigenen Administratoren. Das Ziel unseres Systems ist es, die Daten niemanden unkontrolliert oder im Rohformat zugänglich zu machen.

In dem Vortrag wird ein möglicher Lösungsansatz vorgestellt, bei dem wir durch eine Kombination von etablierten Techniken ein sicheres System erstellen. Hierbei nutzen wir TPM-Hardware, eine Rechtebeschreibungssprache (XACML) und Verschlüsselungstechnologien (AES und SSL), um das System gegen Manipulation zu sichern.

Posted in DaPriM, Datenschutz (deutsch) | Kommentare deaktiviert für Cloud-Sicherheit (Vortrag am 21.9.2011)

Cloned Trusted Platforms for Privacy

Recent developments related to the legal and social aspects of privacy issues call for technical measures enforcing strict restrictions and requirements on the collection, use and disclosure of personal data. Trusted systems can be used for secure storage of sensitive data.

Once a system state is defined as a trusted state and the system is set up to this state, its security characteristics can be transferred to a system clone that is composed of identical software (boot chain components, operating system, and applications) and matching hardware.

Applications using cloned trusted platforms include

– Database synchronization: database management systems that over a restricted access to its databases. Further, the database can be synchronized and backed up without the need of low-level table access for administrators.

– Parallel computing: clustering synchronous trusted servers increase the output performance and reduce the response time compared to stand-alone servers.

– Enforcing restrictions expressed through rights expression language (RELs) across systems: a REL description might require the system to restrict access and maintain a state (i. e. a maximum of n queries are permitted on a database in order to avoid illegitimate database duplication). This state needs to be distributed across physical systems in a way that one logical system stays consistent (i. e. set up 2 physical systems that allow n=2 requests each until the next synchronization takes place).

The implementation of any of the above projects requires an efficient and reliable remote attestation scheme.

Posted in DaPriM | Kommentare deaktiviert für Cloned Trusted Platforms for Privacy

Enabling System Cloning for TPM based Platforms (paper)

We describe a concept of mutual remote attestation for two identically configured trusted (TPM based) systems. We provide a cryptographic protocol to achieve the goal of deriving a common session key for two systems that have verified each other to be a clone of themselves.

The mutual attestation can be applied to backup procedures without providing data access to administrators, i. e. one trusted systems exports its database to another identical trusted system via a secure channel after mutual attestation is completed.

Another application is dynamically parallelizing trusted systems in order to increase the performance of a trusted server platform. We present details of our proposed architecture and show results from extensive hardware tests. These tests show that there are some unresolved issues with TPM-BIOS settings currently distributed by PC hardware manufacturers since the specification regarding measurement of extended platform BIOS configuration is either not met or the usage of undocumented options is required.

Test Environment

Test Environment

Our results show that the specfied requirement (TCG EFI Platform Speci cation V1.20.) that „platform configuration information being unique or automatically updated must not be measured“ is apparently violated. The full activation of extended security reporting options results in different values on identical systems.

Read full paper here. Get slides from here.

Posted in DaPriM | Kommentare deaktiviert für Enabling System Cloning for TPM based Platforms (paper)

Proposed System Concept

We aim to build a secure system that can fend off both external and internal attackers. Many previous work deal with issues related to external attackers. Our system combines many existing techniques which we explain in the following sections.

Data availability has a very high priority in any company operations. In our system, all data are stored encrypted. The backup of the database is performed regularly by the cloud service, in addition we require a backup of the Encryption Proxies with the corresponding decryption keys for the system integrity.

We automate the backup procedure for Encryption Proxies by establishing system integrity first, then exchanging the decryption keys over a secure channel. All session keys are TPM sealed. By comparing specific PCR values, we are able to attest the integrity between identical hardware. And only if both Encryption Proxies have the same state (same hardware, software, XACML file and known database services), the exchange of their key material can take place.

Using XACML, our system not only can limit the number of queries by an employee, it is also possible to setup a fine grained access control structure. XACML editors should follow the what-need-to-know principle. With respect to confidentiality, employees must only access what they need in their jobs (so system administrators do not need to access the productive database. In particular, we want to avoid the possibilities of employees copying the entire database.

Posted in cloud, DaPriM | Kommentare deaktiviert für Proposed System Concept