Secure Information Technology Center – Austria

Merging Skytrust Tools

Kategorie: IT-Security

The Cryptographic Service Interoperability Layer (CrySIL), formerly known as Skytrust, complements applied cryptography to be again able to perform in modern use cases. This project merges many of the contributions made to CrySIL in recent times. The result of this project is an information website which, alongside to A-SIT projects, scientific contributions and student projects on the topic of CrySIL, also presents a variety of demonstrators.

Weiter lesen…

Android Browser – Security and Privacy

Kategorie: IT-Security

Online advertising is growing rapidly. In 2007 online advertising revenues in Germany totalled €976 million, a 103% increase compared to the revenues in 2006. This year a revenue of €6.9 billion is expected in Germany. For users there are various reasons why one would like to block ads. Blocking ads can increase the user experience, decrease data usage, decrease processor load and therefore increase battery life and protect against Malvertising.
Weiter lesen…

Multilateral Integration of XACML Policies

Kategorie: Cloud Computing, IT-Security

XACML is a framework that establishes an XML-based language, architecture and process models for the externalized authorization management. XACML has been by its design focused on the protection of information assets present in the realm of a single organization.  Because of this narrow scope, a range of tools and methodologies emerged that support the application of XACML policies to a single environment only. In this project we extend an administrative model that supports the multilateral management of XACML security policies. This is achieved through the development of an adapter that allows the translation and mapping of abstract, semantic security policies designed for a broader scope and Web API-based environments, to XACML policies specific for a particular organization and its environment.

Weiter lesen…

Secure Real-Time Textcollaboration

Kategorie: IT-Security

Google Docs and Office 365 are fixed points when it comes to cloud-based data processing. The rush towards different people editing a single document at the same time, however, seems merely restrained by concerns about data confidentiality. This project gives an overview of current approaches to secure real-time textcollaboration available in science and industry and distills a list of remaining Weiter lesen…

Fingerprinting Code of Mobile Applications

Kategorie: IT-Security

The analysis of applications for mobile platforms (Android, iOS) has shown that security-relevant problems are often not to be found in the application code itself, but are introduced by components of third-party software. Often, these problematic code parts are made freely available and are thus found in many applications. If the program code is obfuscated by the manufacturer, it becomes very difficult to find precarious code parts.
Weiter lesen…

Device Enrolment Using Flexible Authentication

Kategorie: IT-Security

Managed devices are already established in corporate environments. Small businesses and end users, however, rarely benefit from such complex systems and dedicated infrastructures.
This project compiled concepts for authenticating devices, with a focus on the initial authentication as part of enrolment processes as well as easy and convenient revocation of permissions. This initial authentication needs to be flexible in order to take the different characteristics and features of current devices into account and possible create device policies on-demand.
The actual communication between enrolled devices and a service, on the other hand, should be kept as simple as possible. This is feasible due to virtually all (client) devices supporting technologies like TLS. A demonstrator illustrates that an OS-independent implementation of the proposed concepts is possible.
Weiter lesen…

Utilizing Policy Enforcement System to Control Mobile Distributed Applications

Kategorie: Cloud Computing, IT-Security

XACML is the de-facto standard in the area of data security policy languages. It enables to centralize the evaluation and administration of access control rules. This project extends XACML to enable centralized controlling of distributed mobile application. Without applying optimizations, applications render unusable due to heavy losses in performance.
Furthermore, this concept does not require a static Internet connectivity of the mobile devices and also works with occassional connectivity to the policy evaluation infrastructure.

Weiter lesen…

Traces on the Internet

Kategorie: IT-Security, Web Technologies

Almost all activities on the Internet leave traces, which, when combined accordingly, can help identify an induvial with sufficient certainty. One of the main reasons for this is that the technical foundation of the Internet dates back to a time when privacy and data protection were not relevant. However, most components involved are considered as critical infrastructure. Thus, they cannot simply be replaced. As a result, additional measures need to be taken, in order to keep one’s identity secret and to leave as little traces as possible. Especially on application level, a lot of traces are left.

Weiter lesen…

25

July

2017

Blockchain & Smart Contracts

Kategorie: IT-Security

The Blockchain was developed as part of the cryptocurrency Bitcoin by a person or a group of persons using the synonym Satoshi Nakamoto. The Blockchain is a distributed ledger that consists of a chain of blocks. The attached report explains different types of Blockchains as well as different consensus algorithms. The report focuses on the Ethereum platform, as it seems to be a promising platform for the execution of so called smart contracts. Smart contracts are autonomous applications which are executed in the Blockchain network. This provides applications with no downtime and high censorship resistance. Based on the Blockchain technology and on smart contracts a messenger was developed.
Weiter lesen…

Traffic Analysis of Mobile Applications

Kategorie: IT-Security

As a supporting measure for the inspection of mobile applications, the data sent and received to/from the Internet has always been of interest. If data was transfered in plain text, intuitive conclusions could be drawn about their use in the context of a mobile application. Due to the fact that more and more network traffic is encrypted (HTTPS / TLS), the meaningfulness of captured data packets becomes limited and, consequently, allows only little conclusions to be drawn about the actually transmited content.
Weiter lesen…