1 / 16

Introducing the CrySyS Lab

CrySyS Lab is an internationally recognized research laboratory at Budapest University of Technology and Economics, specializing in security and privacy in computer networks and systems. Our mission is to conduct high-quality research, collaborate on R&D projects, and teach network and system security. We also provide consulting services.

calebj
Download Presentation

Introducing the CrySyS Lab

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introducing the CrySyS Lab Félegyházi Márk Laboratory of Cryptography and System Security (CrySyS Lab) Budapest University of Technology and Economics Department of Networked Systems and Services www.crysys.hu 2013.11.20

  2. Current members faculty: Boldizsár Bencsáth, PhD, AssistantProfessor Levente Buttyán, PhD, Associate Professor (head of the lab) Márk Félegyházi, PhD, Assistant Professor Tamás Holczer, PhD, Research Fellow István Vajda, DSc, Professor (affiliate) PhD candidates and PhD students: Gábor Gulyás (privacy in social networks, identity separation techniques) Áron Lászka (robustness of network toplogies, optimization problems, game theory) Gábor Pék (security of virtualized systems, malware analysis) Ta Vinh Thong (formal verification of security protocols) CrySyS Student Core 10-12 talented students working with us permanently + students working on diploma and semester projects 2

  3. Working with talented students • CrySyS Student Core • CrySyS Security Challenges: • 2011, 2012, 2013 • more: http://www.crysys.hu/security-challenges.html • Capture the Flag (CTF) hacking contests • iCTF 2011: 36/87 • iCTF 2012: 23/98 • CSAW 2013: 12/1378 (2/490)

  4. Mission internationally recognized, high quality research on security and privacy in computer networks and systems problem driven, project oriented research  we are committed to establish and participate in R&D projects, in which we collaborate with industrial and other academic partners teaching network and system security, privacy, and cryptography in the context of university courses, laboratory exercises, and student semester projects provision of consulting services without compromising the general academic objectives 4

  5. Research areas in the past • security and privacy in wireless embedded networks • sensor networks, body mounted sensor networks, mesh networks, car-to-car communications, RFID systems • secure communications, secure routing, secure distributed data storage, location privacy, private authentication, privacy preserving cluster head election • economics of security • game theoretic models of strategic behavior, incentive compatible security architectures, quantitative risk management, cyber insurance

  6. International collaborations EPFL, Switzerland (Prof. Jean-Pierre Hubaux) University of Twente, The Netherlands (Prof. Frank Kargl) KTH, Sweden (Prof. Panagiotis Papadimitratos, Prof. György Dán) NEC Laboratories, Germany (Dr. Dirk Westhoff) IHP, Germany (Prof. Dr. Peter Langendoerfer) INRIA Rhone-Alpes (Dr. Claude Castelluccia) University of Münster, Germany (Prof. Rainer Böhme) Eurecom, France (Dr. Davide Balzarotti) University of Rome 3 (Dr. Roberto Di Pietro) … University of Washington, Seattle (Prof. Radha Poovendran) University of California, Berkeley (Prof. Jean Walrand) ICSI, Berkeley (Prof. Vern Paxson) … 6

  7. Current research • detection and analysis of unknown targeted malware • static and dynamic program analysis, reverse engineering, rootkit detection • Windows, Android

  8. “the Most Menacing Malware in History”(Kim Zetter, Wired) targeted the Natanz nuclear enrichment plant in Iran modified PLCs (Programmable Logic Controllers) destroyed hundreds of uranium centrifuges Stuxnet (June 2010)

  9. Highly visible results • Duqu(October 2011) • discovery, naming, and first analysis of Duqu striking similarities to Stuxnet, but different mission (info-stealer) • identification of the dropper component 0-day Windows kernel exploit (in embedded font parsing) • development of the Duqu Detector Toolkit open source, heuristic anomaly detector (detects Duqu and Stuxnet) • Flame(May 2012) • first detailed technical analysis of Flame (aka sKyWIper) another info-stealer, but more complex than Duqu (unusually large size) • MiniDuke(Feb 2013) • detailed technical analysis with Kaspersky • TeamSpy(Mar 2013) • first detailed technical analysis • more info >>> http://www.crysys.hu/targeted-attacks.html

  10. Press

  11. Lessons learned • current approaches to defend systems against targeted attacks are ineffective • code signing is not bullet proof • virus scanners cannot identify previously unseen malware • global threat mitigation and forensic analysis are challenging problems • How to share information in a privacy preserving manner? • crucial for identification of droppers (and potentially 0-day exploits) • How to capture C&C servers quickly and track down the C&C proxy chain? • attackers started to use advanced techniques • MD5 collision attack in Flame • encrypted payload in Gauss • better monitoring of system state could have been resulted in earlier detection

  12. Consulting and industry relations 12

  13. On-going projects: Cloud-based targeted attack detection • funded by the Hungarian National Development Agency (NFÜ) • determined and resourceful attackers will always be able to succeed in compromising systems • we focus on rapid detection • ingredients • cloud based analysis environment • automated detection of behavioral anomalies • human expertise to eliminate false positives

  14. On-going projects: Repository of Signed Code • funded by the US Office of Naval Research Global (ONRG) • motivation • signed kernel driver in Stuxnet and Duqu (compromised key) • signature on Flame (fake certificate seemingly issued by MS) • idea • collect everything that is signed in a database • certificates, CRLs, OCSP responses, PE files, JAR files, PDFs, ... • hadoop based, no-sql database platform • allow queries such as • has this signature been seen by others? and when? • what else have been signed by this key? • provide alerts for registered users if objects signed with their keys are uploaded in our database

  15. CrySyS Lab spin-offs Incident response Malware threat intelligence Industry oriented research, development, and training Encrypted data storage in the cloud

  16. Contact information Levente Buttyán, PhD Head of the CrySyS Lab buttyan@crysys.hu +36 1 463 1803 www.crysys.hu

More Related