Publications

Studies, Specifications, Articles

Fraunhofer AISEC scientists regularly write studies on current topics in the area of IT security. Here you can find the publications of past years. The »Fraunhofer Publica« database documents publications and patents grown out of research activities of all Fraunhofer institutes.

Fraunhofer Publica

This database contains bibliographic data of articles, conference papers and proceedings, research reports, studies, theses, patents, etc. that are written by researchers of the Fraunhofer-Gesellschaft.

Publications

  • R. Baumann, M. Protsenko and T. Müller. “Anti-ProGuard: Towards Automated Deobfuscation of Android Apps”. In: 4th Workshop on Security in highly connected IT systems. Ed. by ACM ICPS and co-located with DISCOTEC. Neuchâtel, Switzerland, 2017.
  • M. Busch, M. Protsenko and T. Müller. “A Cloud-Based Compilation and Hardening Platform for Android Apps”. In: 12th International Conference on Availability, Reliability and Security. Ed. by SBA Research. Reggio Calabria, Italy, 2017.
  • C. Eckert. “Cybersicherheit Beyond 2020!” In: 50 Jahre Universitäts-Informatik in München. Ed. by A. Bode, M. Broy, H-J. Bungartz and F. Matthes. Berlin, Heidelberg: Springer Berlin Heidelberg, 2017, pp. 1–10.
  • M. Green, L. Rodrigues-Lima, A. Zankl, G. Irazoqui, J. Heyszl and T. Eisenbarth. “AutoLock: Why Cache Attacks on ARM Are Harder Than You Think”. In: 26th USENIX Security Symposium (USENIX Security 17). Vancouver, BC: USENIX Association, 2017.
  • B. Gulmezoglu, A. Zankl, T. Eisenbarth and B. Sunar. “PerfWeb: How to Violate Web Privacy with Hardware Performance Events”. In: Computer Security – ESORICS 2017: 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 1115, 2017. to appear. Cham: Springer International Publishing, 2017.
  • M. Hiller and A. G. Önalan. “Hiding Secrecy Leakage in Leaky Helper Data”. In: Conference on Cryptographic Hardware and Embedded Systems. Ed. by W. Fischer and N. Homma. LNCS. Springer Berlin / Heidelberg, 2017.
  • V. Immler, R. Specht and F. Unterstein. “Your Rails Cannot Hide From Localized EM: How Dual-Rail Logic Fails on FPGAs”. In: Conference on Cryptographic Hardware and Embedded Systems, CHES 2017. 2017.
  • V. Immler, R. Specht and F. Unterstein. “Your Rails Cannot Hide from Localized EM: How Dual-Rail Logic Fails on FPGAs”. In: Conference on Cryptographic Hardware and Embedded Systems. Ed. by W. Fischer and N. Homma. LNCS. Springer Berlin / Heidelberg, 2017.
  • N. Jacob, J. Heyszl, A. Zankl, C. Rolfes and G. Sigl. “How to Break Secure Boot on FPGA SoCs through Malicious Hardware”. In: Conference on Cryptographic Hardware and Embedded Systems, CHES 2017. 2017.
  • N. Jacob, J. Wittmann, J. Heyszl, R. Hesselbarth, F. Wilde, M. Pehl, G. Sigl and K. Fisher. “Securing FPGA SoC Configurations Independent of Their Manufacturers”. In: 30th IEEE International SystemonChip Conference. 2017.
  • P. Koppermann, F. De Santis, J. Heyszl and G. Sigl. “Low-latency X25519 hardware implementation: breaking the 100 microseconds barrier”. In: Microprocessors and Microsystems (2017). ISSN: 01419331. DOI: http://dx.doi.org/10.1016/j.micpro. 2017.07.001. URL:http://www.sciencedirect.com/science/article/pii/S0141933117300273.
  • J. Obermaier and S. Tatschner. “Shedding too much Light on a Microcontroller’s Firmware Protection”. In: 11th USENIX Workshop on Offensive Technologies (WOOT 17). To appear, conditionally accepted. Vancouver, BC: USENIX Association, 2017. URL: https://www.usenix. org/conference/woot17/workshop-program/presentation/obermaier.
  • J. Sepúlveda, M. Gross, A. Zankl and G. Sigl. “Exploiting Bus Communication to Improve Cache Attacks on Systems-on-Chips”. In: 2017 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). to appear. 2017.
  • J. Sepúlveda, A. Zankl and O. Mischke. “Cache Attacks and Countermeasures for NTRUEncrypt on MPSoCs: Post-quantum Resistance for the IoT”. In: 2017 30th IEEE International System-on-Chip Conference (SOCC). to appear. 2017.
  • D. Titze, M. Lux and J. Schütte. “Ordol: Obfuscation-Resilient Detection of Libraries in Android Applications”. In: Proceedings of the International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Aug. 2017.
  • A. Ahadipour and M. Schanzenbach. “A Brief History of Authorization in Distributed Systems: Information Storage, Data Retrieval and Trust Evaluation”. In: Proceedings of the International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 2017.
  • C. Banse and J. Schuette. “A Taxonomy-based Approach for Security in Software-Defined Networking”. In: IEEE International Conference on Communications, ICC 2017, Paris, France, May 21-25, 2017.
  • K. Böttinger. “Guiding a Colony of Black-box Fuzzers with Chemotaxis”. In: 38th IEEE Symposium on Security and Privacy (S&P 2016) Workshops. 2017.
  • C. Eckert. “Cyber-Sicherheit in Industrie 4.0”. In: Handbuch Industrie 4.0: Geschäftsmodelle, Prozesse, Technik. Ed. by G. Reinhart. München: Carl Hanser Verlag, 2017, pp. 111–135.
  • C. Eckert. “Cybersicherheit beyond 2020! Herausforderungen für die IT-Sicherheitsforschung”. In: Informatik Spektrum 40.2 (2017), pp. 141–146. DOI: 10.1007/s00287-017-1025-6. URL: https://doi.org/10.1007/s00287-017-1025-6.
  • F. Fischer, K. Böttinger, H. Xiao, C. Stransky, Y. Acar, M. Backes and S. Fahl. “Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security”. In: 2017 IEEE Symposium on Security and Privacy (Oakland’17). IEEE. 2017.
  • M. Huber, J. Horsch, J. Ali and S. Wessel. “Freeze & Crypt: Linux Kernel Support for Main Memory Encryption”. In: 14th International Conference on Security and Cryptography (SECRYPT 2017). INSTICC. ScitePress, 2017.
  • M. Huber, J. Horsch and S. Wessel. “Protecting Suspended Devices from Memory Attacks”. In: Proceedings of the 10th European Workshop on Systems Security. EuroSec’17. Belgrade, Serbia: ACM, 2017, 10:1–10:6. ISBN: 9781450349352. DOI: 10.1145/3065913. 3065914. URL: http://doi.acm.org/10.1145/3065913.3065914.
  • V. Immler, M. Hiller, J. Obermaier and G. Sigl. “Take a Moment and have some t: Hypothesis testing on Raw PUF Data”. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST). 2017, pp. 92–97.
  • J. Kirsch, C. Jonischkeit, T. Kittel, A. Zarras and C. Eckert. “Combating Control Flow Linearization”. In: 32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC). 2017. URL: https://www.sec.in.tum.de/assets/Uploads/CFL.pdf.
  • B. Kolosnjaji, G. Eraisha, G. Webster, A. Zarras and C. Eckert. “Empowering Convolutional Networks for Malware Classification and Analysis”. In: 30th International Joint Conference on Neural Networks (IJCNN). May 2017. URL: https://www.sec.in.tum.de/assets/Uploads/ConvolutionalNetworks.pdf.
  • P. Koppermann, F. De Santis, J. Heyszl and G. Sigl. “Automatic Generation of High-Performance Modular Multipliers for Arbitrary Mersenne Primes on FPGAs”. In: HOST 2017, Proceedings of the 2017 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST). 2017.
  • I. Kunz and P. Stephanow. “A process model to support continuous certification of cloud services”. In: 31th International Conference on Advanced Information Networking and Applications (AINA). IEEE, 2017.
  • N. Jacob, C. Rolfes, A. Zankl, J. Heyszl and G. Sigl. “Compromising FPGA SoCs using Malicious Hardware Blocks”. In: Design Automation and Test in Europe, DATE 2017. Lausanne, Switzerland, 2017.
  • J. Obermaier, R. Specht and G. Sigl. “Fuzzy-Glitch: A Practical Ring Oscillator Based Clock Glitch Attack”. In: 22nd International Conference on Applied Electronics. To appear. IEEE, Sept. 2017.
  • M. Pehl, M. Hiller and G. Sigl. “Secret key generation for physical unclonable functions”. In: Information Theoretic Security and Privacy of Information Systems. Ed. by R. F. Schaefer, H. Boche, A. Khisti, and H. V. Poor. Cambridge University Press, 2017, pp. 362–389.
  • J. Schütte, A. Küchler and D. Titze. “Practical Application-Level Dynamic Taint Analysis of Android Apps”. In: Proceedings of the International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 2017.
  • J. Sepulveda, D. Florez, V. Immler, G. Gogniat and G. Sigl. “Efficient Security Zones Implementation through Hierarchical Group Key Management at NoC-Based MPSoCs”. In: Microprocessors and Microsystems 50 (2017), pp. 164–174.
  • J. Sepúlveda, A. Zankl, D. Flórez and G. Sigl. “Towards Protected {MPSoC} Communication for Information Protection against a Malicious NoC”. In: Procedia Computer Science 108 (2017). International Conference on Computational Science, {ICCS} 2017, 12-14 June 2017, Zurich, Switzerland, pp. 1103 –1112. ISSN: 18770509. DOI: https://doi.org/10.1016/j.procs.2017.05.139.
  • P. Stephanow and C. Banse. “Evaluating the performance of continuous test-based cloud service certification”. In: 17th International Symposium on Cluster, Cloud and Grid Computing (CCGrid). IEEE. 2017.
  • P. Stephanow and K. Khajehmoogahi. “Towards continuous security certification of Software-as-a-Service applications using web application testing”. In: 31th International Conference on Advanced Information Networking and Applications (AINA). IEEE. 2017.
  • F. Unterstein, J. Heyszl, F. De Santis and R. Specht. “Dissecting Leakage Resilient PRFs with Multivariate Localized EM Attacks – A Practical Security Evaluation on FPGA”. In: Proceedings of 8th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2017). Springer. 2017.
  • G. Webster, B. Kolosnjaji, C. von Pentz, J. Kirsch, Z. Hanif, A. Zarras and C. Eckert. “Finding the Needle: A Study of the PE32 Rich Header and Respective Malware Triage”. In: 14th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). 2017. URL: https://www.sec.in.tum.de/assets/Uploads/RichHeader.pdf.
  • A. Zankl, J. Heyszl and G. Sigl. “Automated Detection of Instruction Cache Leaks in Modular Exponentiation Software”. In: Smart Card Research and Advanced Applications: 15th International Conference, CARDIS 2016, Cannes, France, November 7–9, 2016, Revised Selected Papers. Ed. by K. Lemke-Rust and M. Tunstall. Cham: Springer International Publishing, 2017, pp. 228–244. ISBN: 9783319546698. DOI: 10.1007/978-3-319-54669-8_14. URL: http://dx.doi.org/10.1007/978-3-319-54669-8_14.

  • D. Angermeier and J. Eichler. “Risk-driven Security Engineering in the Automotive Domain”. 2016.
  • D. Angermeier, A. Nieding and J. Eichler. “Supporting Risk Assessment with the Systematic Identification, Merging and Validation of Security Goals”. In: Risk Assessment and RiskDriven Testing: 4. International Workshop, RISK 2016, Revised Selected Papers. 2016.
  • A. Bilzhause, M. Huber, H. C. Pöhls and K. Samelin. “Cryptographically Enforced Four-Eyes Principle”. In: Proc. of the Workshop on Security, Privacy, and Identity Management in the Cloud, 11th International Conference on Availability, Reliability and Security (ARES SECPID 2016). Conference Publishing Services (CPS). 2016. URL: https://web.sec.uni-passau.de/papers/2016_BilzhauseHuberPoehlsSamelin_4EyesPrinciple_ARES_SECPID.pdf.
  • K. Böttinger. “Fuzzing Binaries with Lévy Flight Swarms”. In: EURASIP Journal on Information Security. 2016.
  • K. Böttinger. “Hunting Bugs with Lévy Flight Foraging”. In: 37th IEEE Symposium on Security and Privacy (S&P 2016) Workshops. 2016.
  • K. Böttinger and C. Eckert. “DeepFuzz: Triggering Vulnerabilities Deeply Hidden in Binaries”. In: 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2016). 2016.
  • K. Böttinger, G. Hansch and B. Filipovic. “Detecting and Correlating Supranational Threats for Critical Infrastructures”. In: 15th European Conference on Cyber Warfare and Security ECCWS-2016. 2016.
  • K. Böttinger, M. Hutle, B. Filipovic and S. Rohr. Leitfaden Industrie 4.0 Security - Handlungsempfehlungen für den Mittelstand. VDMA Verlag. 2016.
  • M. Gall and G. Brost. “K-word Proximity Search on Encrypted Data”. In: Proceedings of the International Conference on Advanced Information Network and Applications (AINA). 2016.
  • R. Hesselbarth and G. Sigl. “Fast and Reliable PUF Response Evaluation from Unsettled Bistable Rings”. In: Euromicro Conference on Digital System Design (DSD 2016). 2016. URL: http://dsd-seaa2016.cs.ucy.ac.cy/index.php?p=DSD2016; 
  • M. Hiller, A. G. Önalan, G. Sigl and M. Bossert. “Online Reliability Testing for PUF Key Derivation”. In: International Workshop on Trustworthy Embedded Devices (TrustED). ACM. 2016. pp. 15–22.
  • M. Hiller, M. Pehl, G. Kramer and G. Sigl. “Algebraic Security Analysis of Key Generation with Physical Unclonable Functions”. In: Security Proofs for Embedded Systems Workshop (PROOFS). 2016.
  • J. Horsch, S. Wessel and C. Eckert. “CoKey: Fast Token-based Cooperative Cryptography”. In: Proceedings of the 32Nd Annual Conference on Computer Security Applications. ACSAC ’16. ACM. 2016, pp. 314–323. URL: http://doi.acm.org/10.1145/2991079. 2991117
  • M. Huber, B. Taubmann, S. Wessel, H. P. Reiser and G. Sigl. “A flexible framework for mobile device forensics based on cold boot attacks”. In: EURASIP Journal on Information Security. 2016. pp. 1–13. URL: http://dx.doi.org/10.1186/s13635-016-0041-4.
  • V. Immler, M. Hennig, L. Kürzinger and G. Sigl. “Practical Aspects of Quantization and Tamper-Sensitivity for Physically Obfuscated Keys”. In: Cryptography and Security in Computing Systems. 2016.
  • P. Koppermann, F. De Santis, J. Heyszl and G. Sigl. “X25519 Hardware Implementation for Low-Latency Applications”. In: Euromicro Conference on Digital System Design (DSD 2016). 2016. URL: http://dsd- seaa2016.cs.ucy.ac.cy/ index.php?p=DSD2016.
  • L. Langer, P. Smith, M. Hutle and A. E. Schaeffer Filho. “Analysing cyber-physical attacks to a Smart Grid: A voltage control use case”. In: Power Systems Computation Conference (PSCC 2016) 2016. pp. 1–7. URL: http://dx.doi.org/10.1109/PSCC.2016.7540819.
  • M. Margraf, S. Müller, S. Harth and J. Eichler. “Vernetzte IT-Sicherheit in Kritischen Infrastrukturen”. In: DIN Mitteilungen 6. 2016. pp. 24–28.
  • R. Nyberg, J. Heyszl, D. Heinz and G. Sigl. “Enhancing Fault Emulation of Transient Faults by Separating Combinational and Sequential Fault Propagation.” In: ACM Great Lakes Symposium on VLSI. Ed. by A. K. Coskun, M. Margala, L. Behjat and J. Han.  2016. pp. 209–214. URL: http://dblp.uni-trier.de/db/ conf/glvlsi/glvlsi2016.html#NybergHHS16.
  • J. Obermaier and M. Hutle. “Analyzing the Security and Privacy of Cloud-based Video Surveillance Systems”. In: Proceedings of the 2nd ACM Workshop on IoT Privacy, Trust, and Security. IoTPTS ’16.  ACM. 2016. URL: http://dx.doi.org/10.1145/2899007.2899008.
  • J. Schütte P. Stephanow and G. Srivastava. “Test-based cloud service certification of opportunistic providers”. In: The 8th IEEE International Conference on Cloud Computing (CLOUD). 2016.
  • M. Schanzenbach and C. Banse. “Managing and Presenting User Attributes over a Decentralized Secure Name System”. In: Data Privacy Management and Security Assurance - 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016. 2016. pp. 213–220. URL: http://dx.doi.org/10.1007/978- 3- 319- 47072- 6_14.
  • J. Schütte and G. Brost. “A Data Usage Control System using Dynamic Taint Tracking”. In: Proceedings of the International Conference on Advanced Information Network and Applications (AINA). 2016.
  • B. Selmke, J. Heyszl and G. Sigl. “Attack on a DFA protected AES by simultaneous laser fault injections”. In: Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2016). 2016. URL: http://conferenze.dei.polimi.it/FDTC16/.
  • G. Settanni, F. Skopik, Y. Shovgenya, R. Fiedler, M. Carolan, D. Conroy, K. Böttinger, M. Gall, G. Brost, C. Ponchel, M. Haustein, H. Kaufmann, K. Theuerkauf and P. Olli. “A Collaborative Cyber Incident Management System for European Interconnected Critical Infrastructures”. In: Journal of Information Security and Applications Special Issue on ICS & SCADA Cyber Security. 2016.
  • H. Seuschek, J. Heyszl and F. De Santis. “A Cautionary Note: Side-Channel Leakage Implications of Deterministic Signature Schemes”. In: Proceedings of the Third Workshop on Cryptography and Security in Computing Systems. ACM. 2016. pp. 7–12.
  • P. Stephanow, C. Banse and J. Schütte. “Generating Threat Profiles for Cloud Service Certification Systems”. In: 17th IEEE High Assurance Systems Engineering Symposium (HASE). 2016.
  • M. Strobel, N. Wiedermann and C. Eckert. “Novel Weaknesses in IEC 62351 Protected Smart Grid Control Systems”. In: IEEE International Conference on Smart Grid Communications. 2016.
  • S. Plaga, S. Tatschner and T. Newe. “Logboat – A Simulation Framework Enabling CAN Security Assessments”. In: 21st International Conference on Applied Electronics. IEEE. 2016.
  • C. Teichmann, S. Renatus and J. Eichler. “Agile Threat Assessment and Mitigation: An Approach for Method Selection and Tailoring”. In: International Journal of Secure Software Engineering (IJSSE). Ed. by K. M. Khan. Vol. 7. IGI-Global. 2016.
  • C. Teichmann, S. Renatus and A. Nieding. “Modellgestützte Risikoanalyse der Sicherheit Kritischer Infrastrukturen für kleine und mittlere Unternehmen: Eine Übersicht”. In: Multikonferenz Wirtschaftsinformatik (MKWI) 2016. Ed. by V. Nissen, D. Stelzer, S. Straßburger and D. Fischer. Universitätsverlag Ilmenau. 2016.
  • S. Wagner and C. Eckert. “Policy-Based Implicit Attestation for Microkernel-Based Virtualized Systems”. In: Information Security: 19th International Conference, ISC 2016. 2016. Ed. by M. Bishop,  A. Anderson and C. Nascimento. Cham: Springer International Publishing. 2016. pp. 305–322. URL: http://dx.doi.org/10.1007/978-3- 319-45871-7_19.
  • N. Wiedermann and M. Findrik. Poster: Smart Grid Cyber-Security Simulation Environment. Poster at 5th D-A-CH+ Energy Informatics Conference 2016. 2016. URL: http://www.energieinformatik2016.org/wp-content/uploads/2016/10/EnInf2016_ Poster_Findrik.pdf.
  • N. Wiedermann and M. Findrik. “Smart Grid Cyber-Security Simulation Environment”. In: 5th D-A-CH+ Energy Informatics Conference in conjunction with 7th Symposium on Communications for Energy Systems (ComForEn). Ed. by F. Kupzog. 2016. p. 96. URL: http://www.energieinformatik2016.org/wp-content/uploads/2016/09/Proceedings_ DACH-Energy-Informatics_ComForEn-2016-Web.pdf.
  • J. Wolf, F. Wieczorek, F. Schiller, G. Hansch, N. Wiedermann and M. Hutle. “Adaptive Modelling for Security Analysis of Networked Control Systems”. In: 4th International Symposium for ICS & SCADA Cyber Security Research 2016, ICS-CSR. 2016. URL: http://ewic.bcs.org/content/ConWebDoc/ 56479.
  • A. Zankl, J. Heyszl and G. Sigl. “Automated Detection of Instruction Cache Leaks in RSA Software Implementations”. In: Smart Card Research and Advanced Applications - 15th International Conference, CARDIS 2016. 2016.
  • A. Zankl, K. Miller, J. Heyszl and G. Sigl. “Towards Efficient Evaluation of a TimeDriven Cache Attack on Modern Processors”. In: Computer Security - ESORICS 2016 - 21th European Symposium on Research in Computer Security. 2016.

  • R. Nyberg, J. Heyszl, D. Rabe and G. Sigl. “Closing the gap between speed and configurability of multibit fault emulation environments for security and safety–critical designs”. In: Microprocessors and Microsystems. 2015.
  • D. Adam, S. Tverdyshev, C. Rolfes and T. Sandmann. “Two Architecture Approaches for MILS Sstems in Mobility Domains (Automobile, Railway and Avionik)”. In: International Workshop on MILS: Architecture and Assurance for Secure Systems. 2015.
  • K. Böttinger, D. Schuster and C. Eckert. “Detecting Fingerprinted Data in TLS Traffic”. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. ASIA CCS ’15. ACM. 2015. pp. 633–638. URL: http://doi.acm.org/10.1145/2714576.2714595
  • G. Brost and M. Hoffmann. “Identifying Security Requirements and Privacy Concerns in Digital Health Applications”. In: Requirements Engineering for Digital Health. Ed. by S. A. Fricker, C. Thümmler and A. Gavras. Springer International Publishing. 2015. pp. 133–154. URL: http://dx.doi.org/10.1007/978-3-319-09798-5_7
  • J. Heyszl and F. Thiel. “Geldspielgeräte in Zukunft mit geprüfter Sicherheit. “ In: Datenschutz und Datensicherheit-DuD 39 (4). 2015.
  • M. Hiller, L. Kürzinger, G. Sigl, S. Müelich, S. Puchinger and M. Bossert. “LowArea Reed Decoding in a Generalized Concatenated Code Construction for PUF”. In: Proceedings of the IEEE Computer Society Annual Symposium on VLSI (ISVLSI). 2015.
  • J. Horsch and S. Wessel. “Transparent Pagebased Kernel and User Space Execution Tracing from a Custom Minimal ARM Hypervisor”. In: The 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 2015.
  • R. Specht, J. Heyszl, M. Kleinsteuber and G. Sigl. “Improving Non-Profiled Attacks on Exponentiations Based on Clustering and Extracting Leakage from Multi-Channel High-Resolution EM Measurements. Constructive Side-Channel Analysis and Secure Design (COSADE).” In: 6th International Workshop Berlin. 2015.