Tobias Mueller

The attack surface of USB is quite large and while disabling USB altogether solves the problem, it creates many other. As do existing protection mechanisms. They suffer from poor usability and missing integration into the operating system. We present our approach to defending against rogue USB devices for a GNOME-based operating system.

USB is arguably to most exposed interface of a user's machine. It allows an attacker to interact with pretty much any driver, many of which are of questionable quality. We try to be smart about when to allow new USB devices. First, we try to detect when the user is present, arguing that if the user is not then new USB devices should not work. But it is not that simple, because you might very well want to attach a new keyboard in case yours breaks. Keyboards, however, pose another risk as several attacks have shown. But not all keyboards are equally bad and we propose to promote a harmless keyboard to become dangerous after getting the user's consent. It is not entirely clear yet how to that best, so your feedback and a discussion is certainly welcome!

Other people: Ludovico de Nittis

TLS 1.3, QUIC, and TCP belong to the most important and most often used protocols on the Internet. We will point out how these protocols can be used to track user beyond what is commonly known to be possible. We also present modifications to the protocols for preserving the user's privacy. To further reduce the page load times on the Web, we point out how the layering between DNS, TCP, and TLS is affecting the speed of connection establishment between client-server pairs. Finally, we present modifications to some of those protocols to get us a faster and more privacy-friendly Internet.

The download of an average Web site causes around one hundred small transactions from several hosts. Nowadays, the available bandwidth does not present an effective limitation of the page load time anymore. Thus, the design of a faster connection establishment is a promising direction to further improve the convenience of web browsing. To this end, TLS 1.3, QUIC and TCP Fast Open reduce the delay of the connection establishment by requiring the client to store data across several connections.

These mechanisms, however, can be abused to stealthily track user's independent of traditional tracking approaches like HTTP Cookies, IP addresses, and browser fingerprinting. In particular, like TLS Session Resumption, QUIC's source-address Token, QUIC's server config, and TCP Fast Open cookies expose tokens which may be used to invade the users' privacy. To investigate the real-world feasibility of these tracking mechanisms, we analysed the configuration of popular Web browsers. Our worrying results indicate that especially via QUIC and TCP Fast Open tracking periods of multiple days are practical.

While these protocols lead to faster connection setups, an initial connection establishment requires still at least three round-trip times (1 DNS, 1 TCP, 1 TLS 1.3). The idea of strict layering between those protocols prevents us from achieving further performance gains. In our talk, we will present cross-layer solutions which allow to substantially reduce the number of required round-trip times to establish initial connections on the Web without affecting the core components of each protocol, respectively. To substantiate the feasibility of our presented solutions, we implemented our approach and investigated its performance properties.

Please note, that this talk assumes the audience to be familiar with the basic concepts of DNS, TCP, and TLS.

PrivacyScore.org (in public beta since June 2017) is an automated website scanning platform that allows anyone to investigate websites for privacy and security issues. Users can use PrivacyScore to compare related websites (e.g., of all political parties in a country). We will present insights from running the platform, interesting results, and discuss future plans for the platform with the audience.

We present our approach for making the Web a safer place: by making privacy invasions and security mishaps more transparent to users, web site operators, and data protection authorities. This lead us to the creation of PrivacyScore. PrivacyScore is a website scanning platform that simplifies the process of comparing security and privacy aspects of websites. PrivacyScore focuses on lists of websites, while existing scanners such as Webbkoll, Mozilla Observatory, Track the Trackers by Fraunhofer SIT, securityheaders.io, etc. focus on single sites. Furthermore, PrivacyScore is non-commercial and available as open source software. All recorded data is made available publicly for research purposes.

We believe that public benchmarks are a useful tool to improve security and privacy in the long run. On the one hand, such benchmarks can help with raising awareness of users, on the other hand a benchmarking platform like PrivacyScore can be of use for data protection agencies that want to or have to audit content providers in their jurisdiction, which will become more widespread in 2018 with the European general data protection regulation. The generated datasets are also of value for researchers: For instance, we are interested in analyzing whether public "blaming and shaming" poor performance within a peer group of sites creates an incentive for site operators to implement additional security and privacy measures.

In our talk we will present insights on the effectiveness of the public shaming approach that we have gained from running PrivacyScore in public since June 2017. We (and other users) have already created several lists to analyze security and privacy aspects of more than 18,000 sites. In some cases we were able to observe how web site operators react when they learn how their site ranks in comparison to their competitors.

There exists no such thing as a perfect anonymity network with low latency, low bandwith consumption which provides strong anonymity. Popular anonymisation networks rightfully focus on Web browsing, because that is the most popular application on todays Internet. The most popular anonymisation network is, rightfully so, Tor. You might, however, not have the requirements that mandate the use of the Tor network and thus are looking for alternatives. In this talk, we present alternatives to the popular Tor anonymisation network and examine what they achieve and how they differ.

With the popularity of the Web came the popularity of anonymisation communication networks (ACNs) catering for the Web context. That means in particular low latency. Generally, though, anonymisation networks can be classified by different properties such as anonymity goals, strength of adversary or application area. In this talk we present alternative ACNs to the popular Tor network and their goals. We explain their architectures, properties, and how they achieve anonymity. In particular, we will look at JonDonym, I2P, Freenet, and GNUnet as well as ongoing research projects such as Loopix, Vuvuzela, and Riffle. We will see that once you understand your requirements, you can optimise your choice of anonymisation networks according to your needs.

Other people: Erik Matthias

In the last couple of years, cloud and web services have become more and more popular. Since Snowden we know for sure that intelligence agencies have access to the data storage of an service provider, either by (forced) cooperation, or espionage. Thus, to protect our privacy we have to encrypted our data before hand it over to our service provider (data holder). But this approach contradicts the very idea of a web service where the data holder have to process our data in one way or an other. Therefore, we need new cryptographic techniques to enable the data holder to perform operation on encrypted data. One of the most important operations for cloud storage or database based web/cloud services is the search operation. In this talk we focus on the very familiar cloud storage scenario. Because in this scenario, It is obvious, that the user (data owner) do not want to perform the search by himself. This should be a service offered by the data holder. We will present different practical approaches to achieve searchable ciphertext, namely one with an index and one with cleverly encrypted words. Note that no PhD is required to attend this talk ;-)

We found that many people cannot believe that it is possible to execute operations on ciphertext. We want to rectify this by educating hackers of the magic of searchable encryption schemes.

Intro

"The Cloud" has undoubtedly become very popular over the last decade. Many people like the convenience of virtually unlimited storage and computing power at their fingertips. However, people tend to dislike to disclose their data to third parties. A simple solution would be encrypt the data before uploading it to a third party, but you may very well want to perform certain operations on the encrypted data such as a search.

Entering Searchable Encryption

This conflict of encryption and the ability to execute computations on data seems to be inherent. However, clever encryption schemes which allow certain search operations on ciphertext exist! We will present some searchable symmetric encryption schemes which enable others to search for keywords or substrings without learning they key nor the plaintext. You may very well ask what the security implications in those cases are, so we will present the associated security notions. Another concern is performance reg. speed or memory consumption. We present our measurements of prototypical implementations and infer that searchable symmetric encryption schemes can indeed be practical. Our vision is to store data remotely in an encrypted fashion without losing convenience of using third party applications. We want to enable developers to secure their databases and we want to make users aware of advances in cryptography so that they demand more secure services. Given the properties, other use cases of secure keyword search include email or document storage. In fact, it is possible to not only secure relational databases, but to create secure big data scenarios where massive amounts of data are being handled.

Other people: Christian Forler

This presentation shows a novel approach to signing keys which makes it easy to sign a person's key. It enables very small groups of people to casually hold very small key signing parties. The key idea is to automatically authenticate the key material before the transfer via a secure audible or visual channel. A Free Software implementation of the protocol will be shown and people are invited to sign their keys :-)

The Web of Trust is the decentralised PKI in the OpenPGP world. It depends on people participating by signing other people's keys. However, when following best practises, the act of signing a key involves secure transfer of the OpenPGP key which contemporary casual key signing protocols for small groups address by exchanging the fingerprint of the key to be signed. The key will then be downloaded over an untrusted channel and the key obtained needs to be manually verified.

The presented solution was designed with Ellison's Law in mind, which states that ``the userbase for strong cryptography declines by half with every additional keystroke or mouseclick required to make it work''. It tries to make it as easy as possible to sign another person's key while not compromising security. Contemporary key signing protocols were designed in the late 90s with big key signing party gatherings in mind. The setup cost of such an event are prohibitively high for a small group of people. Because we have arrived in the new millennium, mobile computing devices, link-local networks, cameras, and QR codes exist. It is time for us to leverage these technologies to strengthen the Web of Trust without having to mumble hexadecimal strings.

The GNOME Foundation and the KDE e.V. are the governing bodies for the GNOME and KDE project, respectively. Their roles are to find funds to enable creative hackers to do a great job at creating awesome Free Software for everyone.

We want to shed light into the inner workings of the GNOME Foundation Board of Directors and the KDE eV Board, not only to give you information about how we work, but also to demystify the ivory tower we're sitting in.

Other people: Lydia Pintscher