VERTRAG | Christian Mainka

VERTRAG (German: Vertrauenswürdiger Austausch Geistigen Eigentums in der Industrie”) was a project running from 2015-2017 and was funded by Germany’s Federal Ministry of Education and Research (BMBF). It was partnered between Sirrix AG, ecsec GmbH, ENX Association, University Stuttgart and Ruhr University Bochum. The project dealt with the protection of documents in enterprise environments. The project’s funded my following 9 papers:

2017

AsiaCCS
SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor

Dennis Felsch, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk

In ACM Asia Conference on Computer and Communications Security (ASIACCS), Abu Dhabi, UAE, accepted papers: 71/359 = 20%, Apr 2017

Abs Bib Code

Real-time editing tools like Google Docs, Microsoft Office Online, or Etherpad have changed the way of collaboration. Many of these tools are based on Operational Transforms (OT), which guarantee that the views of different clients onto a document remain consistent over time. Usually, documents and operations are exposed to the server in plaintext – and thus to administrators, governments, and potentially cyber criminals. Therefore, it is highly desirable to work collaboratively on encrypted documents. Previous implementations do not unleash the full potential of this idea: They either require large storage, network, and computation overhead, are not real-time collaborative, or do not take the structure of the document into account. The latter simplifies the approach since only OT algorithms for byte sequences are required, but the resulting ciphertexts are almost four times the size of the corresponding plaintexts. We present SECRET, the first secure, efficient, and collaborative real-time editor. In contrast to all previous works, SECRET is the first tool that (1.) allows the encryption of whole documents or arbitrary sub-parts thereof, (2.) uses a novel combination of tree-based OT with a structure preserving encryption, and (3.) requires only a modern browser without any extra software installation or browser extension. We evaluate our implementation and show that its encryption overhead is three times smaller in comparison to all previous approaches. SECRET can even be used by multiple users in a low-bandwidth scenario. The source code of SECRET is published on GitHub as an open-source project: https://github.com/RUB-NDS/SECRET/
@inproceedings{felschSECRETFeasibilitySecure2017, title = {{{SECRET}}: {{On}} the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor}, booktitle = {{{ACM Asia Conference}} on {{Computer}} and {{Communications Security}} ({{ASIACCS}})}, author = {Felsch, Dennis and Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, date = {2017-04}, publisher = {ACM Press}, location = {Abu Dhabi, UAE}, doi = {10.1145/3052973.3052982}, url = {https://dl.acm.org/doi/10.1145/3052973.3052982}, eventtitle = {{{AsiaCCS}}}, howpublished = {In Submission: AsiaCCS 2017}, month = apr }

2016

EuroS&P
How Secure Is TextSecure?

Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, and Thorsten Holz

In European Symposium on Security and Privacy (Euro S&P), Saarbrücken, Germany, accepted papers: 29/169 = 17%, Mar 2016

Abs Bib

Instant Messaging has gained popularity by users for both private and business communication as low-cost short message replacement on mobile devices. However, until recently, most mobile messaging apps did not protect confidentiality or integrity of the messages. Press releases about mass surveillance performed by intelligence services such as NSA and GCHQ motivated many people to use alternative messaging solutions to preserve the security and privacy of their communication on the Internet. Initially fueled by Facebook’s acquisition of the hugely popular mobile messaging app WHATSAPP, alternatives claiming to provide secure communication experienced a significant increase of new users. A messaging app that claims to provide secure instant messaging and has attracted a lot of attention is TEXTSECURE. Besides numerous direct installations, its protocol is part of Android’s most popular aftermarket firmware CYANOGENMOD. TEXTSECURE’s successor Signal continues to use the underlying protocol for text messaging. In this paper, we present the first complete description of TEXTSECURE’s complex cryptographic protocol, provide a security analysis of its three main components (key exchange, key derivation and authenticated encryption), and discuss the main security claims of TEXTSECURE. Furthermore, we formally prove that—if key registration is assumed to be secure—TEXTSECURE’s push messaging can indeed achieve most of the claimed security goals.
@inproceedings{froschHowSecureTextSecure2016, title = {How Secure Is {{TextSecure}}?}, booktitle = {European {{Symposium}} on {{Security}} and {{Privacy}} ({{Euro S}}\&{{P}})}, author = {Frosch, Tilman and Mainka, Christian and Bader, Christoph and Bergsma, Florian and Schwenk, Jörg and Holz, Thorsten}, date = {2016-03}, publisher = {IEEE}, location = {Saarbrücken, Germany}, doi = {10.1109/EuroSP.2016.41}, url = {https://doi.ieeecomputersociety.org/10.1109/EuroSP.2016.41}, eventtitle = {{{EuroS}}\&{{P}}}, month = mar }
WOOT
How to Break Microsoft Rights Management Services

Martin Grothe, Christian Mainka, Paul Rösler, and Jörg Schwenk

In USENIX Workshop on Offensive Technologies (WOOT), Austin, TX, USA, accepted papers: 21/44 = 47%, Aug 2016

Abs Bib Code

Rights Management Services (RMS) are used to enforce access control in a distributed environment, and to cryptographically protect companies’ assets by restricting access rights, for example, to view-only, edit, print, etc., on a per-document basis. One of the most prominent RMS implementations is Microsoft RMS. It can be found in Active Directory (AD) and Azure. Previous research concentrated on generic weaknesses of RMS, but did not present attacks on real world systems. We provide a security analysis of Microsoft RMS and present two working attacks: (1.) We completely remove the RMS protection of a Word document on which we only have a view-only permission, without having the right to edit it. This shows that in contrast to claims made by Microsoft, Microsoft RMS can only be used to enforce all-or-nothing access. (2.) We extend this attack to be stealthy in the following sense: We show how to modify the content of an RMS write-protected Word document issued by our victim. The resulting document still claims to be write protected, and that the modified content was generated by the victim. We show that these attacks are not limited to local instances of Microsoft AD, and can be extended to Azure RMS and Office 365. We responsibly disclosed our findings to Microsoft. They acknowledged our findings (MSRC Case 33210).
@inproceedings{grotheHowBreakMicrosoft2016, title = {How to Break {{Microsoft Rights Management Services}}}, booktitle = {{{USENIX}} Workshop on Offensive Technologies ({{WOOT}})}, author = {Grothe, Martin and Mainka, Christian and Rösler, Paul and Schwenk, Jörg}, date = {2016-08}, publisher = {USENIX Association}, location = {Austin, TX, USA}, doi = {10.5555/3027019.3027022}, url = {https://dl.acm.org/doi/10.5555/3027019.3027022}, eventtitle = {{{WOOT}}}, month = aug }
ARES
Your Cloud in My Company: Modern Rights Management Services Revisited

Martin Grothe, Paul Rösler, Johanna Jupke, Jan Kaiser, Christian Mainka, and Jörg Schwenk

In International Conference on Availability, Reliability and Security (ARES), Salzburg, Austria, accepted papers: 21/85 = 25%, Aug 2016

Abs Bib

We provide a security analysis of modern Enterprise Rights Management (ERM) solutions and reveal security threats. We first take a look on Microsoft Azure, and discuss severe attack surfaces that companies enabling Azure in their own trusted infrastructure have to take care of. In addition, we analyze Tresorit, one of the most frequently used End-to-End encrypted cloud storage systems. Tresorit can use Azure and its Rights Management Services (RMS) module as an additional security layer: a user should be able to either trust Tresorit or Azure. Our systematic evaluation reveals a serious breach to their security architecture: we show that the whole security of Tresorit RMS relies on Tresorit being trusted, independent of trusting Azure.
@inproceedings{grotheYourCloudMy2016, title = {Your Cloud in My Company: {{Modern}} Rights Management Services Revisited}, booktitle = {International Conference on Availability, Reliability and Security ({{ARES}})}, author = {Grothe, Martin and Rösler, Paul and Jupke, Johanna and Kaiser, Jan and Mainka, Christian and Schwenk, Jörg}, date = {2016-08}, location = {Salzburg, Austria}, doi = {10.1109/ARES.2016.69}, url = {https://doi.ieeecomputersociety.org/10.1109/ARES.2016.69}, eventtitle = {{{ARES}}}, month = aug }
EuroS&P
Do Not Trust Me: Using Malicious IdPs for Analyzing and Attacking Single Sign-On

Christian Mainka, Vladislav Mladenov, and Jörg Schwenk

In European Symposium on Security and Privacy (Euro S&P), Saarbrücken, Germany, accepted papers: 29/169 = 17%, Aug 2016

Abs Bib Code

Single Sign-On (SSO) systems simplify login procedures by using an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is reasonable for centralized SSO systems like Kerberos, where each SP explicitly specifies which single IdP it trusts. However, a typical use case for SPs like Salesforce is that each customer is allowed to configure his own IdP. A malicious IdP should however only be able to compromise the security of those accounts on the SP for which it was configured. If different accounts can be compromised, this must be considered as a serious attack. Additionally, in open systems like OpenID and OpenID Connect, the IdP for each customer account is dynamically detected in a discovery phase. Our research goal was to test if this phase can be used to trick a SP into using a malicious IdP for legitimate user accounts. Thus, by introducing a malicious IdP we evaluate in detail the popular and widely deployed SSO protocol OpenID. We found two novel classes of attacks, ID Spoofing (IDS) and Key Confusion (KC), on OpenID, which were not covered by previous research. Both attack classes allow compromising the security of all accounts on a vulnerable SP, even if those accounts were not allowed to use the malicious IdP. As a result, we were able to compromise 12 out the most popular 17 existing OpenID implementations, including Sourceforge, Drupal, ownCloud and JIRA. We developed an open source tool OpenID Attacker, which enables the fully automated and fine granular testing of OpenID implementations. Our research helps to better understand the message flow in the OpenID protocol, trust assumptions in the different components of the system, and implementation issues in OpenID components. All OpenID implementations have been informed about their vulnerabilities and we supported them in fixing the issues. One year after our reports, we have evaluated 70 online websites. Some of them have upgraded their libraries and were safe from our attacks, but 26% were still vulnerable.
@inproceedings{mainkaNotTrustMe2016, title = {Do Not Trust Me: {{Using}} Malicious {{IdPs}} for Analyzing and Attacking Single Sign-On}, booktitle = {European {{Symposium}} on {{Security}} and {{Privacy}} ({{Euro S}}\&{{P}})}, author = {Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, date = {2016}, pages = {321--336}, publisher = {IEEE}, location = {Saarbrücken, Germany}, doi = {10.1109/eurosp.2016.33}, url = {https://doi.ieeecomputersociety.org/10.1109/EuroSP.2016.33}, eventtitle = {{{EuroS}}\&{{P}}}, organization = {IEEE}, }
WOOT
SoK: XML Parser Vulnerabilities

Christopher Späth, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk

In USENIX Workshop on Offensive Technologies (WOOT), Austin, TX, USA, accepted papers: 21/44 = 47%, Aug 2016

Abs Bib

The Extensible Markup Language (XML) has become a widely used data structure for web services, SingleSign On, and various desktop applications. The core of the entire XML processing is the XML parser. Attacks on XML parsers, such as the Billion Laughs and the XML External Entity (XXE) Attack are known since 2002. Nevertheless even experienced companies such as Google, and Facebook were recently affected by such vulnerabilities. In this paper we systematically analyze known attacks on XML parsers and deal with challenges and solutions of them. Moreover, as a result of our in-depth analysis we found three novel attacks. We conducted a large-scale analysis of 30 different XML parsers of six different programming languages. We created an evaluation framework that applies different variants of 17 XML parser attacks and executed a total of 1459 attack vectors to provide a valuable insight into a parser’s configuration. We found vulnerabilities in 66 % of the default configuration of all tested parses. In addition, we comprehensively inspected parser features to prevent the attacks, show their unexpected side effects, and propose secure configurations.
@inproceedings{spathSoKXMLParser2016, title = {{{SoK}}: {{XML}} Parser Vulnerabilities}, booktitle = {{{USENIX}} Workshop on Offensive Technologies ({{WOOT}})}, author = {Späth, Christopher and Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, date = {2016-08}, location = {Austin, TX, USA}, doi = {10.5555/3027019.3027032}, url = {https://dl.acm.org/doi/10.5555/3027019.3027032}, eventtitle = {{{WOOT}}}, month = aug }

2015

QASA
AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services

Christian Altmeier, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk

In International Workshop on Quantitative Aspects of Security Assurance (QASA), Vienna, Austria, Sep 2015

Abs Bib Code

Denial-of-Service (DoS) attacks aim to affect availability of applications. They can be executed using several techniques. Most of them are based upon a huge computing power that is used to send a large amount of messages to attacked applications, e.g. web services. Web services apply parsing technologies to process incoming XML messages. This enlarges the amount of attack vectors since attackers get new possibilities to abuse specific parser features and complex parsing techniques. Therefore, web service applications apply various countermeasures, including message length or XML element restrictions. These countermeasures make validations of web service robustness against DoS attacks complex and error prone. In this paper, we present a novel adaptive and intelligent approach for testing web services. Our algorithm systematically increases the attack strength and evaluates its impact on a given web serice, using a blackbox approach based on server response times. This allows one to automatically detect message size limits or element count restrictions. We prove the practicability of our approach by implementing a new WS-Attacker plugin and detecting new DoS vulnerabilities in widely used web service implementations.
@inproceedings{altmeierAdIDoSAdaptiveIntelligent2015, title = {{{AdIDoS}} – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services}, booktitle = {International Workshop on Quantitative Aspects of Security Assurance ({{QASA}})}, author = {Altmeier, Christian and Mainka, Christian and Somorovsky, Juraj and Schwenk, Jörg}, date = {2015-09}, publisher = {ESORICS}, location = {Vienna, Austria}, doi = {10.1007/978-3-319-29883-2_5}, url = {https://dl.acm.org/doi/10.1007/978-3-319-29883-2_5}, eventtitle = {{{QASA}}}, month = sep }
WOOT
How to Break XML Encryption – Automatically

Dennis Kupser, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk

In USENIX Workshop on Offensive Technologies (WOOT), Washington, D.C., USA, accepted papers: 20/57 = 35%, Aug 2015

Abs Bib Code

In the recent years, XML Encryption became a target of several new attacks. These attacks belong to the family of adaptive chosen-ciphertext attacks, and allow an adversary to decrypt symmetric and asymmetric XML ciphertexts, without knowing the secret keys. In order to protect XML Encryption implementations, the World Wide Web Consortium (W3C) published an updated version of the standard. Unfortunately, most of the current XML Encryption implementations do not support the newest XML Encryption specification and offer different XML Security configurations to protect confidentiality of the exchanged messages. Resulting from the attack complexity, evaluation of the security configuration correctness becomes tedious and error prone. Validation of the applied countermeasures can typically be made with numerous XML messages provoking incorrect behavior by decrypting XML content. Up to now, this validation was only manually possible. In this paper, we systematically analyze the chosenciphertext attacks on XML Encryption and design an algorithm to perform a vulnerability scan on arbitrary encrypted XML messages. The algorithm can automatically detect a vulnerability and exploit it to retrieve the plaintext of a message protected by XML Encryption. To assess practicability of our approach, we implemented an open source attack plugin for Web Service attacking tool called WS-Attacker. With the plugin, we discovered new security problems in four out of five analyzed Web Service implementations, including IBM Datapower or Apache CXF.
@inproceedings{kupserHowBreakXML2015, title = {How to Break {{XML Encryption}} – {{Automatically}}}, booktitle = {{{USENIX}} Workshop on Offensive Technologies ({{WOOT}})}, author = {Kupser, Dennis and Mainka, Christian and Somorovsky, Juraj and Schwenk, Jörg}, date = {2015-08}, publisher = {USENIX Association}, location = {Washington, D.C., USA}, url = {https://www.usenix.org/conference/woot15/workshop-program/presentation/kupser}, eventtitle = {{{WOOT}}}, month = aug }
SIOT
Not so Smart: On Smart TV Apps

Marcus Niemietz, Juraj Somorovsky, Christian Mainka, and Jörg Schwenk

In International Workshop on Secure Internet of Things (SIoT), Vienna, Austria, Aug 2015

Abs Bib

One of the main characteristics of Smart TVs are apps. Apps extend the Smart TV behavior with various functionalities, ranging from usage of social networks or payed streaming services, to buying articles on Ebay. These actions demand usage of critical data like authentication tokens and passwords, and thus raise a question on new attack scenarios and general security of Smart TV apps. In this paper, we investigate attack models for Smart TVs and their apps, and systematically analyze security of Smart TV devices. We point out that some popular apps, including Facebook, Ebay or Watchever, send login data over unencrypted channels. Even worse, we show that an arbitrary app installed on devices of the market share leader Samsung can gain access to the credentials of a Samsung Single Sign-On account. Therefore, such an app can hijack a complete user account including all his devices like smartphones and tablets connected with it. Based on our findings, we provide recommendations that are of general importance and applicable to areas beyond Smart TVs.
@inproceedings{niemietzNotSmartSmart2015, title = {Not so Smart: {{On}} Smart {{TV}} Apps}, booktitle = {International Workshop on Secure Internet of Things ({{SIoT}})}, author = {Niemietz, Marcus and Somorovsky, Juraj and Mainka, Christian and Schwenk, Jörg}, date = {2015}, pages = {72--81}, publisher = {IEEE Computer Society}, location = {Vienna, Austria}, doi = {10.1109/siot.2015.13}, url = {https://dl.acm.org/doi/10.1109/SIOT.2015.13}, eventtitle = {{{SIOT}}}, organization = {IEEE}, }