CROSSING Collaboration Award

The CROSSING Collaboration Award is presented for excellent internal collaborative work and outstanding progress in research collaborations within CROSSING, for which all members of the CRC are eligible. It is awarded annually by the CROSSING directorate.

Eligible for the Award is any collaboration between projects, for example joint publications, contributions to CogniCrypt, joint software tools or demonstrators or joint bachelor or master thesis.

Winners of the Collaboration Award get a trophy and certificate, and each collaborator receives funds for conference or workshop participation (travel, accommodation, conference fee), freely selectable by the price winners.

Prof. Christian Reuter, Kilian Demuth, Gowri Chandran, Dr. Kasra EdalatNejad, and Prof. Thomas Schneider (left to right) accepting the CROSSING Collaboration Award 2024. Misssing from the photo is Dr. Sebastian Linsner.
Prof. Christian Reuter, Kilian Demuth, Gowri Chandran, Dr. Kasra EdalatNejad, and Prof. Thomas Schneider (left to right) accepting the CROSSING Collaboration Award 2024. Misssing from the photo is Dr. Sebastian Linsner.

The CROSSING Collaboration Award 2024 was given to the collaborators on the paper “Encrypted MultiChannel Communication (EMC2): Johnny should use secret sharing" by the projects E4 (Gowri R Chandran and Kasra EdalatNejad from the ECRYPTO group at TU Darmstadt), and E7 (Sebastian Linsner and Kilian Demuth from the PEASEC group at TU Darmstadt).

Abstract

Nowadays, the problem of point-to-point encryption is solved by the wide adaptation of protocols like TLS. However, challenges persist for End-to-End Encryption (E2EE). Current E2EE solutions, such as PGP and secure messengers like Signal, suffer from issues like 1) low usability, 2) small user base, 3) dependence on central service providers, and 4) susceptibility to backdoors. Concerns over legally mandated backdoors are rising as the US and EU are proposing new surveillance regulations requiring chat monitoring. We present a new E2EE solution called Encrypted MultiChannel Communication, based on n-out-of-n secret sharing. EMC2 splits messages into multiple secret shares and sends them through independent channels. We show that multiple independent channels exist between users and EMC2 provides E2EE with no single point of trust, no setup, and is understandable by the general public. Our solution complements existing tools and aims to strengthen the argument against legally enforced backdoors by demonstrating their ineffectiveness.

Link to the paper
Encrypted MultiChannel Communication (EMC2): Johnny should use secret sharing.
The paper has been presented at the 23. Workshop on Privacy in the Electronic Society (WPES'24) in October 2024.

Press rrelease on the topic
Secure texting through distributed messages (30 Oct. 2024)

Contact
Project E4, Project E7

Sebastian Linsner, Killian Demuth, and Oussama Draissi (on behalf of Sebastian Surminski and Christian Niesler) accepted the 2023 CROSSING Collaboration Award from CROSSING spokesperson Professor Marc Fischlin.
Sebastian Linsner, Killian Demuth, and Oussama Draissi (on behalf of Sebastian Surminski and Christian Niesler) accepted the 2023 CROSSING Collaboration Award from CROSSING spokesperson Professor Marc Fischlin.

The CROSSING Collaboration Award 2023 was given to the collaboration on the papers “SCAtt-man: Side-Channel Based Remote Attestation for Embedded Devices that Users Understand“ and ”Building Trust in Remote Attestation through Transparency – A Qualitative User Study on Observable Attestation" by the projects S2 (Christian Niesler and Sebastian Surminski from University Duisburg-Essen), and E7 (Sebastian Linsner and Kilian Demuth from TU Darmstadt).

Abstract

From the perspective of end-users, IoT devices behave like a black box: As long as they work as intended, the user will not detect any compromise. The user has minimal control over the software. Hence, it is very likely that the user misses when for instance illegal recordings and transmissions occur if a security camera or a smart speaker gets hacked. Therefore, we developed SCAtt-man, the first remote attestation scheme that is specifically designed with the user in mind. SCAtt-man deploys software-based attestation to check the integrity of remote devices allowing users to verify the integrity of IoT devices with their smartphone.

However, software-based remote attestation inherently suffers from the root-of-trust problem: the verifier cannot identify the device that is being attested, allowing an attacker to replace the attested device with another device or a simulation, so-called offloading attacks. To tackle this problem, SCAtt-man utilizes user-observable side-channels like light or sound in the attestation protocol, so that the user can observe the attestation process and identify the attested device to detect offloading attacks.

Besides the technical challenges to implement a secure attestation scheme, the involvement of the user also demands for a good usability and user experience to make SCAtt-man usable in practice.

Our proof-of-concept implementation targets a smart speaker and an attestation protocol that is based on a data-over-sound protocol. Our evaluation demonstrates the effectiveness of SCAtt-man against a variety of attacks and its usability based on a comprehensive user study with 20 participants. Our user study not only showed that SCAtt-man has good usability, but participants also stated that they actually believe that attestation can detect a device’s compromise and that they would use such functionality if their own devices featured such an attestation functionality.

This user study leads us to a more fundamental question addressing remote attestation: Do users understand and trust remote attestation? Can transparency assist users in understanding remote attestation? And do users trust formerly compromised devices that have been restored and verified with remote attestation? These questions are neglected in research on remote attestation, but very relevant for a practical usage. To answer these questions, we performed an extensive user study with 35 participants. The participants were provided with a smart home setup and state-of-the-art smart speakers, which they could attest using a smartphone app. We simulated compromised smart speakers and asked the participants to conduct a process to resolve the compromise.

We discovered that trust increases when additional explanations of the technical process are provided and thus the understanding of the attestation process is improved. The enhanced understanding of the process also decreases the false trust many users have in devices or processes which they do not understand. Observable attestation via the audio channel also strengthens trust in the attestation process. We also found that the process of the observable attestation increases the trust in the device and the sense of security positively. Thus, increased transparency in security mechanisms increases not only the understanding but also the trust of users and reduces false assumptions about the own security.

Link to the paper
SCAtt-man: Side-Channel Based Remote Attestation for Embedded Devices that Users Understand

The paper has been published the Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy (CODASPY'23).

Contact

Project S2 Project E7

Daniel Günther accepts the 2022 CROSSING Collaboration Award on behalf of the winning group.
Daniel Günther accepts the 2022 CROSSING Collaboration Award on behalf of the winning group.

The CROSSING Collaboration Award 2022 was given to the collaboration “ExTRUST: Reducing Exploit Stockpiles with Privacy-Preserving Depletion Systems for Inter-State Relationship” by the projects E4 (Daniel Günther), and E7 (Philipp Kühn, Thomas Reinhold).

Abstract

Cyberspace is a fragile construct threatened by malicious cyber operations of different actors, with vulnerabilities in IT hardware and software forming the basis for such activities, thus also posing a threat to global IT security. Advancements in the field of artificial intelligence accelerate this development, either with artificial intelligence enabled cyber weapons, automated cyber defense measures, or artificial intelligence-based threat and vulnerability detection. Especially state actors, with their long-term strategic security interests, often stockpile such knowledge of vulnerabilities and exploits to enable their military or intelligence service cyberspace operations. While treaties and regulations to limit these developments and to enhance global IT security by disclosing vulnerabilities are currently being discussed on the international level, these efforts are hindered by state concerns about the disclosure of unique knowledge and about giving up tactical advantages. This leads to a situation where multiple states are likely to stockpile at least some identical exploits, with technical measures to enable a depletion process for these stockpiles that preserve state secrecy interests and consider the special constraints of interacting states as well as the requirements within such environments being non-existent. This paper proposes such a privacy-preserving approach that allows multiple state parties to privately compare their stock of vulnerabilities and exploits to check for items that occur in multiple stockpiles without revealing them so that their disclosure can be considered. We call our system ExTRUST and show that it is scalable and can withstand several attack scenarios. Beyond the intergovernmental setting, ExTRUST can also be used for other zero-trust use cases, such as bug-bounty programs.

Link to the paper
ExTRUST: Reducing Exploit Stockpiles with Privacy-Preserving Depletion Systems for Inter-State Relationship.

The paper has been published in IEEE Transactions on Technology and Society ( Volume: 4, Issue: 2, June 2023).

Contact

Project E4 Project E7

Alexander Sauer, Maximilian Tippmann, Erik Fitzke, Marc Fischlin, Michael Schlichtig, and Anna-Katharina Wickert during the award ceremony at the CROSSING winter retreat.
Alexander Sauer, Maximilian Tippmann, Erik Fitzke, Marc Fischlin, Michael Schlichtig, and Anna-Katharina Wickert during the award ceremony at the CROSSING winter retreat.

The CROSSING Collaboration Award 2021 was given to the collaboration “QKD post-processing software” by the projects E1 (Michael Schlichtig, Anna-Katharina Wickert), E3 (Johannes Schickel, Alexandra Weber) and P4 (Erik Fitzke, Oleg Nikiforov, Alexander Sauer, Maximilian Tippmann).

Abstract

Quantum cryptography allows one to transmit secret information securely, based on the laws of quantum physics. It consists of (1) the transmission of physical particles like photons and (2) the software-based processing of measurements during the transmission. Quantum key distribution (QKD), e.g., transmits material for establishing a shared crypto key in this way. The key material is encoded into the particles in a way that leakage can be detected and mitigated via so-called privacy amplification. In this article, we investigate the role of the software implementation for the security of quantum cryptography. More concretely, we quantify the security of QKD software against cache side channels and show how to integrate cache-side-channel mitigation with the privacy amplification in QKD. We evaluate our approach at one variant of a QKD software that is in practical use. During our evaluation, we detect a cache-side-channel vulnerability, for which we develop a parametric mitigation that combines privacy amplification and program rewriting. We propose a cost model for the combined mitigation, which allows one to optimize the interaction between privacy amplification and program rewriting for the mitigation.

Link to the paper

Cache-Side-Channel Quantification and Mitigation for Quantum Cryptography (opens in new tab).

Contact

Project E1 Project E3 Project P4

Poulami Das (S7), Siavash Riahi (S7), Patrick Struck (P1) and Andreas Erwig (S7) (from left to right); not in the photo: Nabil Alkeilani Alkadri (P1)
Poulami Das (S7), Siavash Riahi (S7), Patrick Struck (P1) and Andreas Erwig (S7) (from left to right); not in the photo: Nabil Alkeilani Alkadri (P1)

Abstract
Most blockchain solutions are susceptible to quantum adversaries as they rely on cryptography that is known to be insecure in the presence of quantum adversaries. In this work, we advance the study of quantum-resistant blockchain solutions by giving a quantum-resistant construction of a deterministic wallet scheme.
In cryptocurrencies, money is transfered via transactions. A transaction is valid only when signed with the sender's secret key. This makes secret keys of users an attractive target to attackers. Deterministic wallets are frequently used in practice in order to securely store user's keys. A deterministic wallet has two components – usually the sensitive secret key is stored in a so-called cold wallet which is most of the time online, whereas the public key is stored in an online wallet called the hot wallet. Recently, Das et al. developed a formal model for the security analysis of deterministic wallets and proposed a generic construction from certain types of classical signature schemes that exhibit key rerandomization properties. For security in a quantum world, it is therefore mandatory to show that the generic construction proposed in this paper is secure against quantum adversaries and to design post-quantum secure signature schemes with key rerandomization to instantiate this generic construction.

Link to the Paper
Deterministic Wallets in a Quantum World

Contact
Project P1 , Project S7

Tommaso Frassetto, Ghada Dessouky and Shaza Zeitouni with Prof. Thomas Schneider (on behalf of Ágnes Kiss) and Prof. Stefan Katzenbeisser (on behalf of Giulia Traverso) and Spokesperson Prof. Johannes Buchmann (from left to right); Photo: Ann-Kathrin Braun
Tommaso Frassetto, Ghada Dessouky and Shaza Zeitouni with Prof. Thomas Schneider (on behalf of Ágnes Kiss) and Prof. Stefan Katzenbeisser (on behalf of Giulia Traverso) and Spokesperson Prof. Johannes Buchmann (from left to right); Photo: Ann-Kathrin Braun

Abstract

Due to advances in cryptanalysis and quantum computing, longterm secure storage of sensitive data cannot rely on current encryption, especially when the storage service is hosted by third-party cloud computing providers. One approach to achieve long-term secure storage is secret sharing-based distributed storage systems, where shares of data are generated and distributed to multiple storage servers. Data confidentiality and integrity are maintained by periodically renewing the shares and verifying the consistency of the shares using commitment schemes. However, protecting outsourced data in such scenarios remains prohibitively costly and impractical: Share renewal requires an information-theoretically secure channel between any two storage servers and long-term confidential commitment schemes are computationally impractical for large files.

In this paper, we present Safe, a secret sharing-based long-term secure distributed storage system that leverages a Trusted Execution Environment (TEE). Share generation and renewal are performed inside the TEE and the shares are securely distributed to the storage servers.We propose optimized protocols for Safe where significantly fewer information-theoretically secure channels are required than in state-of-the-art long-term secure storage systems, and computationally binding commitment schemes are replaced by more efficient computationally secure signatures. We prototype Safe protocols using a TEE instantiation, and show their efficiency, even for large files, compared to existing schemes. Safe is TEEagnostic, as it allows seamless migration from one TEE to another while maintaining the same security guarantees.


Link to the Paper

Safe: A Secure and Efficient Long-Term Distributed Storage System


Contact

Project P3 , Project E4 , Project S2 , Project S6

Oleg Nikiforov, Alexander Sauer, Matthias Geihs, Denis Butin and CROSSING Spokesperson Prof. Johannes Buchmann (from left to right)
Oleg Nikiforov, Alexander Sauer, Matthias Geihs, Denis Butin and CROSSING Spokesperson Prof. Johannes Buchmann (from left to right)

Abstract

Sensitive digital data, such as health information or governmental archives, are often stored for decades or centuries. The processing of such data calls for long-term security. Secure channels on the Internet require robust key establishment methods. Currently used key distribution protocols are either vulnerable to future attacks based on Shor's algorithm, or vulnerable in principle due to their reliance on computational problems. Quantum-based key distribution protocols are information-theoretically secure and offer long-term security. However, significant obstacles to their real-world use remain. This paper, which results from a multidisciplinary project involving computer scientists and physicists, systematizes knowledge about obstacles to and strategies for the realization of long-term secure Internet communication from quantum-based key distribution. We discuss performance and security particulars, consider the specific challenges arising from multi-user network settings, and identify key challenges for actual deployment.


Link to the Paper

The Status of Quantum-Based Long-Term Secure Communication over the Internet


Contact

Project P4 , Project S4 , Project S6

Prof. Marc Fischlin, Christian Weinert (S6), Stefan Krüger (E1), Daniel Demmler (E4) and Felix Günther (S4) (from left to right)
Prof. Marc Fischlin, Christian Weinert (S6), Stefan Krüger (E1), Daniel Demmler (E4) and Felix Günther (S4) (from left to right)

Abstract

There exists an extensive body of research demonstrating that application developers often fail to correctly and securely use cryptographic APIs and, as a result, produce insecure code. They mainly struggle with the cryptographic domain knowledge required to decide which algorithms are appropriate to use to perform a certain task and how to properly configure them. In addition, due to the low-level design of most cryptographic APIs, developers often face problems identifying the correct order of method calls and parameter values. When surveyed, developers indicate that they desire API design to be more high-level, more examplerich documentation showcasing common use cases of the API, as well as assistance tools that support them in using such APIs. In our work that was accepted at the ASE 2017 Tool Demonstrations track, we presented CogniCrypt, a tool that assists developers with the use of cryptographic APIs. CogniCrypt is implemented as an Eclipse plugin to smoothly integrate into any application developer’s workflow and assists the developer in two ways. First, for a number of common programming tasks that involve cryptography, CogniCrypt facilitates the generation of code snippets that implement the respective task in a secure manner. Currently, CogniCrypt supports tasks such as data encryption, communication over secure channels, and long-term archiving. Second, CogniCrypt continuously performs a suite of static code analyses in the background to ensure a secure integration of the generated code into the developer’s project. Since the code analysis runs independently of code generation, CogniCrypt still supports developers to produce secure code if they prefer to write the code themselves or are not aware of CogniCrypt’s full functionality. This video demo showcases the main features of CogniCrypt: youtube.com.


Link to the Paper

CogniCrypt: Supporting Developers in using Cryptography


Contact

Project E1 , Project E4 , Project S4 , Project S6

Michael Zohner (E3), Shaza Zeitouni (S2), Daniel Demmler (E4), Ghada Dessouky (P3) and Prof. Johannes Buchmann (from left to right)
Michael Zohner (E3), Shaza Zeitouni (S2), Daniel Demmler (E4), Ghada Dessouky (P3) and Prof. Johannes Buchmann (from left to right)

Abstract

In the recent years, secure computation has been the subject of intensive research, emerging from theory to practice. In order to make secure computation usable by non-experts, Fairplay (USENIX Security 2004) initiated a line of research in compilers that allow to automatically generate circuits from high-level descriptions of the functionality that is to be computed securely. Most recently, TinyGarble (IEEE S&P 2015) demonstrated that it is natural to use existing hardware synthesis tools for this task.

In this work, we present how to use industrial-grade hardware synthesis tools to generate circuits that are not only optimized for size, but also for depth. These are required for secure computation protocols with non-constant round complexity. We compare a large variety of circuits generated by our toolchain with hand-optimized circuits and show reduction of depth by up to 14%. The main advantages of our approach are developing customized libraries of depth-optimized circuit constructions which we map to high-level functions and operators, and using existing libraries available in the industrial-grade logic synthesis tools which are heavily tested. In particular, we show how to easily obtain circuits for IEEE 754 compliant floating-point operations.

We extend the open-source ABY framework (NDSS 2015) to securely evaluate circuits generated with our toolchain and show between 0.5 to 21.4 times faster floating-point operations than previous protocols of Aliasgari et al. (NDSS 2013), even though our protocols work for two parties instead of three or more. As application we consider privacy-preserving proximity testing on Earth.


Link to the Paper

Automated Synthesis of Optimized Circuits for Secure Computation


Contact

Project P3 , Project S2 , Project E4

Juliane Krämer (P1), Niklas Büscher (S5), Prof. Johannes Buchmann, Florian Göpfert (P1) (from left to right)
Juliane Krämer (P1), Niklas Büscher (S5), Prof. Johannes Buchmann, Florian Göpfert (P1) (from left to right)

Abstract

The learning with errors problem (LWE) is one of the most important problems in lattice-based cryptography. The goal of the LWE challenge is to determine the practical hardness of LWE, to gain an overview of the best known LWE solvers, and to motivate additional research eff?ort in this direction. The team has set up a web page that presents the LWE challenge to the community. At this page, all instances can be downloaded. Furthermore, solutions can be submitted and correct solutions will be displayed in a hall of fame.

The LWE challenge is not only a collaboration between CROSSING projects P1 (Florian Göpfert, Juliane Krämer) and S5 (Niklas Büscher) but also with international partners – University of California, San Diego (UCSD), University of Tartu and TU Eindhoven – and an industry partner, Cybernetica.


Link to the Paper

Creating Cryptographic Challenges Using Multi-Party Computation: The LWE Challenge

Link to the LWE Challenge

Website of the LWE Challenge

Contact

Project P1 , Project S5