MITSicherheit.NRW was a project funded funded by EFRE.NRW, Northrine Westfalia. It was partnered between MedEcon Ruhr GmbH, G DATA Advanced Analytics GmbH, VISUS Health IT GmbH, radprax Gesellschaft für Medizinische Versorgungszentren mbH, FH Münster, Krankenhausgesellschaft Nordrhein-Westfalen e.V. and Ruhr University Bochum. The project dealt strengthening the security in the health sector. It funded my following 3 papers:
Cross-Site Leaks (XS-Leaks) describe a client-side bug that allows an attacker to collect side-channel information from a cross-origin HTTP resource. They are a significant threat to Internet privacy since simply visiting a web page may reveal if the victim is a drug addict or leak a sexual orientation. Numerous different attack vectors, as well as mitigation strategies, have been proposed, but a clear and systematic understanding of XS-Leak’ root causes is still missing. Recently, Sudhodanan et al. gave a first overview of XS-Leak at NDSS 2020. We build on their work by presenting the first formal model for XS-Leaks. Our comprehensive analysis of known XSLeaks reveals that all of them fit into this new model. With the help of this formal approach, we (1) systematically searched for new XS-Leak attack classes, (2) implemented XSinator.com, a tool to automatically evaluate if a given web browser is vulnerable to XSLeaks, and (3) systematically evaluated mitigations for XS-Leaks. We found 14 new attack classes, evaluated the resilience of 56 different browser/OS combinations against a total of 34 XS-Leaks, and propose a completely novel methodology to mitigate XS-Leaks.
@inproceedings{CCS:KMNNS21,title={{{XSinator}}.Com: {{From}} a {{Formal Model}} to the {{Automatic Evaluation}} of {{Cross-Site Leaks}} in {{Web Browsers}}},booktitle={{{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}},author={Knittel, Lukas and Mainka, Christian and Niemietz, Marcus and Noß, Dominik and Schwenk, Jörg},date={2021-11-15},publisher={ACM Press},location={Seoul, South Korea (Virtual Conference)},doi={10.1145/3460120.3484739},url={https://dl.acm.org/doi/10.1145/3460120.3484739},urldate={2020-12-08},addendum={ACM CCS Best Paper Award,},eventtitle={{{CCS}}},langid={english},month=nov,}
PDF is the de-facto standard for document exchange. It is common to open PDF files from potentially untrusted sources such as email attachments or downloaded from the Internet. In this work, we perform an in-depth analysis of the capabilities of malicious PDF documents. Instead of focusing on implementation bugs, we abuse legitimate features of the PDF standard itself by systematically identifying dangerous paths in the PDF file structure. These dangerous paths lead to attacks that we categorize into four generic classes: (1) Denial-ofService attacks affecting the host that processes the document. (2) Information disclosure attacks leaking personal data out of the victim’s computer. (3) Data manipulation on the victim’s system. (4) Code execution on the victim’s machine. An evaluation of 28 popular PDF processing applications shows that 26 of them are vulnerable at least one attack. Finally, we propose a methodology to protect against attacks based on PDF features systematically.
@inproceedings{NDSS:MNMMS21,title={Processing {{Dangerous Paths}} - {{On Security}} and {{Privacy}} of the {{Portable Document Format}}},booktitle={Network and {{Distributed System Security Symposium}}},author={Müller, Jens and Noß, Dominik and Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg},date={2021-02-21},publisher={Internet Society},location={Virtual Conference},doi={10.14722/ndss.2021.23109},url={https://www.ndss-symposium.org/ndss-paper/processing-dangerous-paths-on-security-and-privacy-of-the-portable-document-format/},eventtitle={{{NDSS}}},month=feb,}
The Portable Document Format, better known as PDF, is one of the most widely used document formats worldwide, and in order to ensure information confidentiality, this file format supports document encryption. In this paper, we analyze PDF encryption and show two novel techniques for breaking the confidentiality of encrypted documents. First, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within attacker-controlled content and therefore, exfiltrate the plaintext once the document is opened by a legitimate user. Second, we abuse a flaw in the PDF encryption specification to arbitrarily manipulate encrypted content. The only requirement is that a single block of known plaintext is needed, and we show that this is fulfilled by design. Our attacks allow the recovery of the entire plaintext of encrypted documents by using exfiltration channels which are based on standard compliant PDF properties. We evaluated our attacks on 27 widely used PDF viewers and found all of them to be vulnerable. We responsibly disclosed the vulnerabilities and supported the vendors in fixing the issues.
@inproceedings{CCS:MIMMSS19,title={Practical {{Decryption exFiltration}}: {{Breaking PDF Encryption}}},booktitle={{{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}},author={Müller, Jens and Ising, Fabian and Mladenov, Vladislav and Mainka, Christian and Schinzel, Sebastian and Schwenk, Jörg},date={2019-11-06},pages={15--29},publisher={ACM Press},location={London, United Kingdom},doi={10.1145/3319535.3354214},url={https://dl.acm.org/doi/10.1145/3319535.3354214},urldate={2020-12-08},eventtitle={{{CCS}}},langid={english},month=nov,}
