QSP Labs

Workshop Secure Internet Communication

Gregor Koenig, Martin Ortner, Barracuda Networks
Ayoub Faouzi, Avira Operations
22.01.2016, 14:00-18:00; 23.01.2016, 9:00-17:00
3HSB 5 Seminar Room, Technikerstraße 13b (ground floor), Innsbruck

Lab Description

Part 1: The main purpose of Transport Layer Security (TLS) is to transmit data in a secure and confidential way over an unsecured network. It is the de-facto standard for secured communication in the internet. This workshop explains the technical background of the cryptographic algorithms used in TLS as well as the existing attacks in a profound but understandable and practical way. TLS supports asymmetric cryptographic algorithms for the authentication of the communicating parties and the secure key-exchange between them. If the algorithms are poorly chosen already this first phase of establishing a secured communication channel can be attacked. The concepts of Perfect Forward Secrecy and Elliptic Curve Cryptography are presented and explained in this context. The exchanged keys are used for the symmetric encryption of the secure data exchange, which follows in a second phase. Even with securely exchanged keys a number of realistic attacks on the encrypted data exchange exist. Recent examples are BEAST, CRIME, BREACH and the Padding Oracle Attack Lucky 13. The workshop explains the mentioned attacks and presents strategies to prevent them. The active participation of students is appreciated. A virtual work-environment will be provided for each student containing all necessary files and tools to participate in the live hands-on exercises. This workshop will to provide a profound knowledge and understanding of the algorithms used in TLS in order to circumvent the known pitfalls and weaknesses.
Part 2: Malware authors are constantly updating their creations to avoid file detection and C&C blacklisting. So it's important to have high-quality sources of fresh malware samples to determine whether any manual tweaks to the automatic malware analysis and information extraction systems are required. We'll show how we are using an anti-virus cloud to feed a mostly self-sustaining botnet-tracking system, resulting in brand new malicious URLs and samples for blacklisting and detection. In a practical part, participants will have the possibility to analyze the communication protocol of a bot and write their own script to connect to a bot and extract information from the C&C server.

Language: English
Structure: Exercises with latptops
Maximal number of participants: 50
Required Skills: Basic knowledge of network technologies and cryptography, No programming skills necessary, Linux User Basics, Basic knowledge of a programming language (for exercise)

About the Expert

Dr. Gregor Koenig professional focus lies on the research and development of secure communication and safety-critical systems and their application in different fields. Since 2013 Dr. Koenig is with Barracuda Networks AG and develops products for secure internet communication. This involves the design and development of Linux kernel modules for the Barracuda NG Firewall and the management of international projects in the same technical field. Before joining Barracuda Networks Dr. Koenig was a scientist at the Austrian Institute of Technology in the field of bio-signal processing for medical devices and also worked on other safety-critical aspects of medical products. During these four years Dr. Koenig wrote his PhD thesis at the Medical University of Vienna and was a lecturer at the Technical University of Vienna. Previously he worked for Frequentis AG in the research and development of safety-critical communication systems for air-traffic security. During these years he was able to acquire valuable experience with professional software design and development. Further Dr. Koenig did projects for Skidata AG in Salzburg and worked as a project assistant at the University of Salzburg, where he graduated in applied computer science with a master’s degree.

Martin Ortner is a full-time security enthusiast that joined Barracuda Networks AG in 2011 as a Software Developer Quality Assurance. In his role he’s allowed to do what he likes best: appreciating the hard work spent creating network security products by taking apart hard- and software in order to make sure the quality goals are met. Prior to joining Barracuda Networks AG, Martin graduated with a master’s degree from the department of Secure Information Systems at the University of Applied Sciences Upper Austria. During these years Martin worked with worldwide leading companies in the industrial sector focusing on computer emergency response coordination, penetration testing and holding security awareness workshops in order to open eyes for the beauty and constraints of software development. Being an independent security researcher for more than ten years with a passion for reverse engineering and the art of exploitation Martin actively searches for security relevant defects in order to disclose them.

Ayoub Faouzi was born in Morocco in 1990. He is a software developer and researcher at Avira. His current focus is reverse engineering botnet protocols and banking threats. In his free time he likes to spend time with his family and travel around the world.