BerlinSec is the Application Security & Cryptography meetup
for professionals and enthusiasts.
BerlinSec is the Application Security & Cryptography meetup
for professionals and enthusiasts.
Abstract: In this talk I will describe practical threats and solutions related to malicious (hardware and software) switches in cloud networks. In particular, I will focus on cloud networks that i) consolidate control over the (hardware and software) switches to a logically centralized controller and ii) use virtualization techniques for multi-tenancy. I will present some of my most compelling research from the past 4.5 years which involves work on covert channels in the control plane, and isolation in the data plane. I will talk about the attacks and defenses from a conceptual perspective and then support that using real-world software and/or hardware. If there is time I can also share some demos.
I'll show how quickly you can remotely fill hard disks with log files and cause havoc on a server.
Proxy Re-Encryption is a new cryptographic primitive that allows a semi-trusted third party (a proxy) to forward end-to-end encrypted messages to a second receiver without gaining access to the underlying plaintext. This talk gives an overview of the different flavours of Proxy Re-Encryption. It further provides an example of how the “most useful” property, unidirectionality, is commonly achieved by looking at one of the schemes.
IKEv2 is the almost 15-year old key agreement protocol for IPsec, a popular protocol suite mainly used for providing Virtual Private Networks (VPNs) over IP networks. While IPsec only describes securing the connection itself, the key agreement is kept as a modular extra step. In this presentation we provide a basic overview and insight into the inner workings of IKEv2 and explain some of the rationals behind design decisions.
Currently the IT industry is preparing for the emerging threat of scalable quantum computers which could break or weaken commonly used cryptographic schemes, thus compromising secure infrastructure and applications. Discussions on how to secure the Internet Key Exchange v2 in the future are ongoing and not yet converging to a single agreed on solution. The reason are different limitations or requirements by the protocol, implementations, the manufacturers or the users, respectively (just like with many other protocols). In this talk we examine promising approaches and explain the reasons for the trouble we currently have with adapting protocols.
Quantum mechanics describes nature at the level of single particles. Its effects often defy our intuition and lead to "ridiculous" consequences. Recent advances have sparked novel technologies with implications for modern cryptography. In my talk, I will focus on the first quantum-cryptograpic protocol "BB84" which allows two parties to negotiate a provably secure private key by exchanging single photons known as quantum key distribution. I will introduce the physical basics, explain the working principle in detail and end with exciting developments and today's application via satelites.
deSEC is an open-source and privacy-friendly DNS hosting service based in Berlin, Germany. Originally funded by a start-up scholarship, deSEC now became a Verein and aims to provide permanently free DNS hosting funded by donations and collaborations, offering features rarely seen in other providers, such as a restful API, fully automatic DNSSEC, IPv6-enabled API and nameservers, and immediate update of published DNS information. In this talk we present the technical organization, security and privacy of deSEC. Furthermore, we discuss how deSEC can promote DNS features like TLSA records that today are available, but are also rarely used.
A brief introduction to how browsers and sites are planning to combat Spectre and where to find out more.
Slides
Messaging Layer Security (MLS) is an IETF working group building a modern, efficient, secure group messaging protocol. The protocol includes advanced security properties, such as Forward Secrecy and Post-compromise Security in addition to message confidentiality and authenticity. This talk will cover how MLS works on a high level and give some context about secure messaging.
hacspec is a proposal for a new specification language for crypto primitives that is succinct, that is easy to read and implement, and that lends itself to formal verification. hacspec aims to formalize the pseudocode used in crypto standards by proposing a formal syntax that can be checked for simple errors. hacspec specifications can then be tested against test vectors specified in a common syntax. The talk will give an overview of hacspec and formal verification for cryptographic primitves.
Securing file uploads is not easy. MIME sniffing behavior both by web servers and by browsers can easily lead to XSS in many common situations in web applications. (An earlier version of this talk is available on Youtube.)
Proper binary analysis necessitates the use of debuggers to monitor/alter the flow of execution. Mobile apps are no different. This talk will go over the techniques and methodology used to monitor, debug, and finally execute arbitrary code inside a packaged mobile app for analysis and debugging purposes.
Browsers are complicated enough to provide attack surface beyond memory safety issues. This talk will look into injection flaws in the user interface of Mozilla Firefox, which is implemented in JS, HTML and an XML-dialect called XUL. Having achieved an XSS in the user interface, attackers can execute arbitrary code in the context of the browser application process, with cross-platform exploits of high reliability. This talk discusses fixed browser vulnerabilities from 2017 and early 2018.
We meet at Mozilla Berlin
Schlesische Straße 27 (Building 3, 4th floor), 10997 Berlin
We are an inclusive and safe meetup. As a user of the Mozilla Space in Berlin, we follow Mozilla's Community Participation Guidelines
We're a bunch of security enthusiasts. Mozilla is nice enough to give us the space, but this meetup and its leaders do not speak on behalf of Mozilla.