22. June 2023

ATHENE Distinguished Lecture: Cloud Auto-scaling Mechanisms Under DDoS Attacks: Yo-Yo Attack and Tandem Attack, Darmstadt

Cloud Auto-scaling Mechanisms Under DDoS Attacks: Yo-Yo Attack and Tandem Attack mit Anat Bremler-Barr, Tel Aviv University: It is a common belief that Auto-scaling mechanisms serve as a mitigation for Distributed Denial of Service (DDoS) attacks on cloud computing infrastructures by dynamically adding machines to cope with the additional load. Intuitively, such attacks are mostly associated with Economic Denial of Sustainability (EDoS) derived from paying for the extra resources required to process the malicious incoming traffic.

Contrary to this belief, we present and analyze the Yo-Yo attack, a new attack against the auto-scaling mechanism that can cause significant performance degradation in addition to economic damage. We demonstrate the attack on Amazon EC2, Kubernetes, and serverless architecture. We then present and analyze Tandem Attack, a new attack on Microservices architecture. In this attack, the attacker exploits the tandem behavior of services with different auto-scaling mechanisms, causing both economic and performance damage.

04. July 2023

ATHENE Distinguished Lecture: A Holistic Approach to Human Factors in Cybersecurity, Darmstadt

A Holistic Approach to Human Factors in Cybersecurity; 14:00 - 15:00 Uhr: Sascha Fahl, CISPA
The field of information security and privacy has taught us that developing functional and practical security mechanisms requires more than just technological innovation. Human factors play a crucial role in the success or failure of security and privacy systems. The persistent gap between the theoretical security of cryptographic algorithms and real-world vulnerabilities, data breaches, and possible attacks has highlighted the need for a holistic approach to security and privacy research.

As a researcher in this field, I have focused on identifying crucial weak points and empowering all actors involved in creating and using security and privacy-preserving technology. This includes end-users, developers, and system operators. My research has involved working with secure messaging, security indicators, and authentication mechanisms to empower end-users, improving APIs, documentation, and developer tools to support developers, and improving configuration languages and tools to benefit system operators.

In this talk, I will demonstrate how this holistic approach to human factors in cybersecurity research helps close the gap between theoretical security, privacy, and real-world deployments. I will present my past and current work on supporting expert users and protecting end-users and outlining my goals and strategies for future research. Through a combination of technical innovation and consideration of human factors, I believe we can successfully prevent involuntary loss of control over data and empower users to retain power over their security and privacy.

10.-14. July 2023

ACM ASIACCS 2023, Melbourne

The 18th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2023) will be held in Melbourne Australia from July 10th to July 14th, 2023.

Building on the success of ACM Conference on Computer and Communications Security (CCS), the ACM Special Interest Group on Security, Audit, and Control (SIGSAC) formally established the annual ACM Asia Conference on Computer and Communications Security (ASIACCS).

18. July 2023

ATHENE Distinguished Lecture: Impactful Measurement Research: Lessons from Analyzing IP Prefix Hijacks, DDoS, and Emerging Transport Protocols, Darmstadt

18.07.2023 | 14:00 - 15:00 Uhr: Impactful Measurement Research: Lessons from Analyzing IP Prefix Hijacks, DDoS, and Emerging Transport Protocols; Matthias Wählisch, Technische Universität Dresden

In this presentation, we start from two observations. First, the Internet is the most popular (and important) communication infrastructure, and communication is key. Second, we need to consider all pieces of the Internet puzzle to create a scalable, secure, and reliable ecosystem. Then, we will take a ride and visit some of the pieces that currently need attention, including secure inter-domain routing, denial of service attacks, and QUIC. A key argument of this talk is that Internet measurements, if conducted carefully, are a relevant tool to improve the situation.

12. September 2023

ATHENE Distinguished Lecture: When Papers Choose their Reviewers: Adversarial Machine Learning in Conference Management Systems, Darmstadt

12.09.2023 | 14:00 - 15:00 Uhr: When Papers Choose their Reviewers: Adversarial Machine Learning in Conference Management Systems; Konrad Rieck, TU Berlin

The number of papers submitted to scientific conferences is steadily rising in many disciplines. To handle this growth, systems for automatic paper-reviewer assignments are increasingly used during the reviewing process. These systems employ statistical topic models to characterize the papers' content and automate their assignment to reviewers. In this talk, we invesitgate the security of this automation and introduce a new attack that modifies a given paper so that it selects its own reviewers. Our attack is based on a novel optimization strategy that fools the topic model with unobtrusive changes to the paper's content. In an empirical evaluation with a (simulated) conference, our attack successfully selects and removes reviewers, while the tampered papers remain plausible and often indistinguishable from innocuous submissions.

10.-12. October 2023

it-sa 2023, Nuremberg

Europe's leading trade fair for IT security

28. November 2023

ATHENE Distinguished Lecture: Usable Verifiable Internet Voting Systems;, Darmstadt

28.11.2023 | Usable Verifiable Internet Voting Systems
14:00 - 15:00 Uhr: Melanie Volkamer, KIT - Karlsruher Institut für Technologie

Free, secret, universal and equal elections are the core element of democracies. In many cases the default voting channel is the paper one (i.e. votes are cast on paper either in the polling station or at home and then send via postal service to some central place). However, due to the pandemic, more and more election management boards considered using remote electronic voting systems and several decided to actually offer an electronic voting channel. In particular, in Germany, often, so called black box voting systems are used while researchers have been proposing end-to-end verifiable voting schemes. In this talk, Melanie Volkamer will discuss risks of black box voting systems as well as challenges of end-to-end verifiable voting schemes. The focus will be voter behaviour related challenges and how these challenges can be addressed when taking a human centred approach.