Visible to the public Biblio

Filters: Author is Heinrich, Markus  [Clear All Filters]
2022-02-04
Anagnostopoulos, Nikolaos Athanasios, Fan, Yufan, Heinrich, Markus, Matyunin, Nikolay, Püllen, Dominik, Muth, Philipp, Hatzfeld, Christian, Rosenstihl, Markus, Arul, Tolga, Katzenbeisser, Stefan.  2021.  Low-Temperature Attacks Against Digital Electronics: A Challenge for the Security of Superconducting Modules in High-Speed Magnetic Levitation (MagLev) Trains. 2021 IEEE 14th Workshop on Low Temperature Electronics (WOLTE). :1–4.
This work examines volatile memory modules as ephemeral key storage for security applications in the context of low temperatures. In particular, we note that such memories exhibit a rising level of data remanence as the temperature decreases, especially for temperatures below 280 Kelvin. Therefore, these memories cannot be used to protect the superconducting modules found in high-speed Magnetic Levitation (MagLev) trains, as such modules most often require extremely low temperatures in order to provide superconducting applications. Thus, a novel secure storage solution is required in this case, especially within the oncoming framework concept of the internet of railway things, which is partially based on the increasing utilisation of commercial off-the-shelf components and potential economies of scale, in order to achieve cost efficiency and, thus, widespread adoption. Nevertheless, we do note that volatile memory modules can be utilised as intrinsic temperature sensors, especially at low temperatures, as the data remanence they exhibit at low temperatures is highly dependent on the ambient temperature, and can, therefore, be used to distinguish between different temperature levels.
2019-04-05
Matyunin, Nikolay, Anagnostopoulos, Nikolaos A., Boukoros, Spyros, Heinrich, Markus, Schaller, André, Kolinichenko, Maksim, Katzenbeisser, Stefan.  2018.  Tracking Private Browsing Sessions Using CPU-Based Covert Channels. Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks. :63-74.

In this paper we examine the use of covert channels based on CPU load in order to achieve persistent user identification through browser sessions. In particular, we demonstrate that an HTML5 video, a GIF image, or CSS animations on a webpage can be used to force the CPU to produce a sequence of distinct load levels, even without JavaScript or any client-side code. These load levels can be then captured either by another browsing session, running on the same or a different browser in parallel to the browsing session we want to identify, or by a malicious app installed on the device. To get a good estimation of the CPU load caused by the target session, the receiver can observe system statistics about CPU activity (app), or constantly measure time it takes to execute a known code segment (app and browser). Furthermore, for mobile devices we propose a sensor-based approach to estimate the CPU load, based on exploiting disturbances of the magnetometer sensor data caused by the high CPU activity. Captured loads can be decoded and translated into an identifying bit string, which is transmitted back to the attacker. Due to the way loads are produced, these methods are applicable even in highly restrictive browsers, such as the Tor Browser, and run unnoticeably to the end user. Therefore, unlike existing ways of web tracking, our methods circumvent most of the existing countermeasures, as they store the identifying information outside the browsing session being targeted. Finally, we also thoroughly evaluate and assess each presented method of generating and receiving the signal, and provide an overview of potential countermeasures.