As reported before, we are now at day three of the International Summer School on Smart & Mobile Device Security and Privacy, after lots of lectures, a tiny bit of sightseeing, not much sleep and — unfortunately — some bad weather.
Dr. Ivan Martinovic from the University of Oxford gave us an overview about his research about secure key exchange on wireless networks, avoiding the widely used Diffie-Hellman method and exploiting inherent characteristics of the wireless channel between the two parties trying to exchange key (specifically: how the signal between the parties is influenced by the physical room between them as a unique signature). Moreover, he gave us an outline of his work on face and daze detection.
Getting back to the Android platform, prof. Sadeghi continued his outline of the large attack surface that a mobile device (and its OS) represent. Attacks to Android can be performed at various levels, starting from the applications installed, the Android middleware and getting as low as the underlying Linux kernel. Applications can perform many malicious actions even without particular effort, by exploiting the access permissions that users often unknowingly grant during installation. Otherwise, they can try to “collude” with other malicious or unsafe applications in order to perform actions without the user’s consent. Some apps can exploit bugs in system apps or in the middleware to get higher privileges (or even gain root access to the phone). It was interesting to see many of such attacks live during a short lab session.
Lucas Davi, from University Darmstadt, gave a basic overview of how return-oriented attacks are performed and how ASLR, DEP and similar techniques help preventing such attacks (and how they can be circumvented).
Matthias Schunter, from the Intel Collaborative Research Institute for Secure Computing (ICRI-SC), talked about the evolution of pervasive computing and the so-called Internet of Things, which presents a scenario with a huge number of devices performing privacy-sensitive operations and thus requiring a well thought approach to security. Intel cooperates closely with academic researchers in order to ensure that even smallest devices (as Intel Galileo, for instance) get sufficient security features and can be trusted. Long running devices also face the issue of staying secure through an operating period measured in decades.
Having reached the half of the summer school, we’re now signing off for a (rainy) visit of Padua, including the world-famous Cappella degli Scrovegni painted by Giotto himself and Palazzo Bo, the original seat of the university at the time of its founding in the XIII century, when security could still be ensured by a mechanical lock…
Silvia Malatini & Lorenz Cuno Klopfenstein