Here’s the first round of TROOPERS16 talks. For more information check out our website: TROOPERS
Happy Holidays and all the best for 2016 to everybody!
Your TROOPERS Team
===
Mike Ossmann: Rapid Radio Reversing
Wireless security researchers have an unprecedented array of tools at their disposal today. Although Software Defined Radio (SDR) is the single most valuable tool for reverse engineering wireless signals, it is sometimes faster and easier to use other tools for portions of the reverse engineering process. I’ll discuss how beneficial a hybrid SDR/non-SDR approach has been to security researchers, and I’ll walk through an example of the process.
Bio: Michael Ossmann is a wireless security researcher who makes hardware for hackers. Best known for the open source HackRF, Ubertooth, and Daisho projects, he founded Great Scott Gadgets in an effort to put exciting, new tools into the hands of innovative people.
Twitter: @michaelossmann
===
Philippe Teuwen: Hiding your White-Box Designs is Not Enough
Although all current scientific white-box publications are academically broken, there is still a large number of companies which sell “secure” white-box products based on unknown designs and relying on additional code obfuscation countermeasures. A new approach to assess the security of white-box implementations is presented which requires neither knowledge about the inner white-box design nor any reverse engineering effort. The differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community.
Bio: Philippe Teuwen is Principal Researcher in the Innovation Center Crypto & Security of NXP Semiconductors. He’s one of the libnfc maintainers and gave about 15 workshops on RFID & NFC security and privacy issues at Hack.lu, Brucon, RFIDsec, Hackito Ergo Sum, RMLL, etc. along with talks on other security topics such as Wi-Fi Protected Setup, EMV-CAP for eBanking, eVoting reverse-engineering, Smartcard fault injection simulation, White-Box cryptanalysis etc. He regularly contributes to the International Journal of PoC||GTFO and loves playing CTFs.
More Info at: http://wiki.yobi.be @doegox
===
Georgi Geshev & Alex Plaskett: QNX: 99 Problems but a Microkernel ain’t one!
Cars, Turbines, Safety Critical Systems and consumer devices (phones) all run QNX, however, very little security research has been performed in this area. This talk will provide an overview of QNX security architecture with Blackberry 10 used as the primary target. We will discuss research on a locked down highly secured OS, the OS attack surface and our method for identifying weaknesses within the QNX OS. We will cover our methods of identifying vulnerabilities from both a reverse engineering perspective and automated fuzzing. This talk will provide a good overview of how the subsystems on QNX communication and how an attacker would attempt to elevate their privileges. We will also talk about some of the weaknesses identified with this on-going research and the challenges faced with exploit development on the platform.
Bio: Georgi is a security researcher for MWR InfoSecurity in the UK. Born in the Eastern Bloc, a true wannabe Aussie now, he appreciates roo steaks and golden ales. His main areas of interest include bug hunting, reverse engineering and network protocols. It is a well-known fact that Georgi only knows about MQ technology.
Bio: Alex is currently Head of Technical Research at MWR InfoSecurity in the UK. Alex is best known for Windows Phone security and identifying a large number of OEM introduced weaknesses on the platform. Alex has previously presented at Deepsec, BlueHat, T2.Fi, 44con, and SyScan.
===
Andy Davis: Broadcasting your attack: Security testing DAB radio in cars
Digital Audio Broadcasting (DAB) radio receivers can be found in many new cars and are in most cases integrated into an IVI (In-Vehicle Infotainment) system, which is connected to other vehicle modules via the CAN bus. Therefore, any vulnerabilities discovered in the DAB radio stack code could potentially result in an attacker exploiting the IVI system and pivoting their attacks toward more cyber-physical modules such as those concerned with steering or braking. This talk will discuss the complex protocol capabilities of DAB and DAB+ and describe the potential areas where security vulnerabilities in different implementations may exist. I will discuss the use of Software Defined Radio in conjunction with open source DAB transmission software to develop our security testing tool (DABble). Finally I will talk about some of our findings, the implications of exploiting DAB-based vulnerabilities via a broadcast radio medium and what this could mean for the automotive world.
Bio: Andy is currently Research Director at NCC Group. He has worked in the Information Security industry for over 20 years, performing a range of security functions throughout his career. Prior to joining NCC Group, Andy held the positions of Head of Security Research at KPMG, UK and Chief Research Officer at IRM Plc. Before working in the private sector he worked for ten years performing various roles in Government. Recently, Andy has been leading security research projects into technologies such as embedded systems and hardware interface technologies and developing new techniques for software vulnerability discovery.
===
Dr. Evangelos Ouzounis: The road to secure Smart Cars: ENISA approach
The presentation will deal with cyber security of IoT and smart cars. It will present the current threats (with a taxonomy), existing vulnerabilities, risk on health and safety. The final objective of the study will be to enable manufacturers to reach “5 stars” on the framework proposed by IamtheCavalry.
Focus will be on cars and discuss on the current EU policy. The scope would focus on securing: – The inside of the car: critical and non-critical assets, such as ECU, entertainment systems…) – The outside of the car:V2V/V2I, keyless systems, connectivity with 3rd party partners (GPS…)Will present security measures (technical or non-technical) to secure connected cars from cyber attacks. The security measures would target manufacturers and third-party providers. They should apply to the whole lifecycle of cars from their conception, testing, integration, deployment and end of life.
Finally, ENISA provides recommendations to various audience in order to improve the current status of security (including policy makers, researchers, manufacturers…)
Bio: Dr. Evangelos Ouzounis is the head of ENISA’s Secure Infrastructure and Services Unit. His unit implements EU Commission’s CIIP action plan, facilitates Member States efforts towards a harmonised implementation of incident reporting scheme (article 13 a and article 4 of the Telecom Package, as well as, article 19 of the eIDAS Directive), contributes to the development of the NIS Platform and develops good practices for National Cyber Security Strategies. ENISA’s Secure Infrastructure and Services Unit also runs numerous others studies on the cyber security aspects of Cloud Computing, Industrial Control Systems-SCADA, Smart Grids and Smart Cities, Finance, eHealth, Intelligent Transport Systems and Internet Interconnections. From 2010-2012 Dr. Ouzounis’ unit has managed the first pan European Cyber Exercises (e.g. Cyber Europe 2012/10, and Cyber Atlantic 2011). Prior to his position at ENISA, Dr. Ouzounis worked several years at the European Commission, DG Information Society and Media (DG INFSO). He contributed significantly to EU Commission’s R&D strategy and policies on securing Europe’s infrastructures and services. Dr. Ouzounis was co-founder and deputy director of Electronic Commerce Centre of Competence (ECCO) at Fraunhofer Institute for Open Communication Systems (FhG-FOKUS, Berlin, Germany). He led and managed more than 20 pan European and International R&D projects. Dr. Ouzounis holds a Ph.D from the Technical University of Berlin and a master in computer engineering and informatics from the Technical University of Patras, Greece. He wrote 2 books and more than 20 peer reviewed academic papers and chaired several international conferences.