This blog post, written by István Telek, is the last post in a series of blog posts on transforming the Raspberry Pi into a security enhanced IoT platform. This last post describes how we implemented a very basic integrity monitoring function as a trusted application running in OP-TEE. Continue reading Linux integrity monitoring on the Raspberry Pi
Enabling WiFi and converting the Raspberry Pi into a WiFi AP
This blog post, written by Márton Juhász, is the fifth in a series of blog posts on transforming the Raspberry Pi into a security enhanced IoT platform. This post specifically will explain how to convert the Raspberry Pi into a WiFi access point such that it can perform some gateway-like functionality. First, we describe how to enable WiFi and then how to enable other software components to make the Pi an access point. Continue reading Enabling WiFi and converting the Raspberry Pi into a WiFi AP
OS hardening on the Raspberry Pi
This blog post, written by Márton Juhász, is the fourth in a series of blog posts on transforming the Raspberry Pi into a security enhanced IoT platform. Previous posts discussed building a custom Linux system with Buildroot, installing OP-TEE, and verified boot on the Raspberry Pi. This post will describe some OS hardening options you can use to reduce the attacks surface. Continue reading OS hardening on the Raspberry Pi
Verified boot on the Raspberry Pi
This blog post, written by István Telek, is the third post in a series of blog posts on transforming the Raspberry Pi into a security enhanced IoT platform. It describes how you can implement a verified boot process on the Raspberry pi. Continue reading Verified boot on the Raspberry Pi
Using Buildroot to create custom Linux system images
This blog post, written by Szilárd Dömötör, is the second post in a series of blog posts on transforming the Raspberry Pi into a security enhanced IoT platform. The first post explained how to build and install the default OP-TEE implementation for the Raspberry Pi 3. This one describes how you can build your own custom Linux system (with OP-TEE) using the Buildroot environment. Continue reading Using Buildroot to create custom Linux system images
OP-TEE default build and installation on the Raspberry Pi
This blog post, written by Márton Juhász, is the first in a series of blog posts on transforming the Raspberry Pi into a security enhanced IoT platform.
This blog post explains how to build and install the default OP-TEE implementation for the Raspberry Pi 3. The easiest way is to follow the steps described in the corresponding git repo of OP-TEE. However, for the sake of completeness (and because some steps may actually be a bit confusing in the original description), we provide a comprehensive description here. Continue reading OP-TEE default build and installation on the Raspberry Pi
Enhancing the Security of the Internet of Things
The Internet has grown beyond a network of laptops, PCs, and large servers: it also connects millions of small embedded devices. This new trend is called the Internet of Things, or IoT in short, and it enables many new and exciting applications. At the same time, IoT also comes with a number of risks related to information security. The lack of security, however, cannot be tolerated in certain applications of IoT, including connected vehicles and smart factories. In those applications, security failures may lead to substantial physical damage or monetary loss. Therefore, one of the biggest challenges today, which hinders the application of IoT technologies in certain application areas, is the lack of security guarantees. Continue reading Enhancing the Security of the Internet of Things
Interdependent privacy in effect: the collateral damage of third-party apps on Facebook
by Iraklis Symeonidis, COSIC, KU Leuven
and Gergely Biczók, CrySyS Lab, BME
Recent technological advancements have enabled the collection of large amounts of personal data at an ever-increasing rate. Data analytics companies such as Cambridge Analytica (CA) and Palantir can collect rich information about individuals’ everyday lives and habits from big data-silos, enabling profiling and micro-targeting of individuals such as in the case of political elections or predictive policing. As it has been reported at several major news outlets already in 2015, approximately 50 million Facebook (FB) profiles have been harvested by Aleksandr Kogan’s app, “thisisyourdigitallife”, through his company Global Science Research (GSR) in collaboration with CA. This data has been used to draw a detailed psychological profile for every person affected, which in turn enabled CA to target them with personalized political ads potentially affecting the outcome of the 2016 US presidential elections. Whether CA used similar techniques at the time of the Brexit vote, elections in Kenya and an undisclosed Eastern European country (and several other countries) is under investigation. Both Kogan and CA deny allegations and say they have complied regulations and acted in good faith.
This blog post does not take sides in this debate, rather, it provides technical insight into the data collection mechanism, namely collateral information collection, that has enabled harvesting the FB profiles of the friends of app users. In this context, the term collateral damage refers to the privacy loss these friends suffer. In a larger nexus, this issue is part of interdependent privacy when your privacy depends unavoidably on the actions of others (in this case, your friends). Continue reading Interdependent privacy in effect: the collateral damage of third-party apps on Facebook
Territorial Dispute – NSA’s perspective on APT landscape
Boldizsár Bencsáth (Boldi) will have a presentation at Kaspersky Security Analyst Summit on 09/03/2018 Friday. The presentation is based on a technical paper which describes findings about modules and information in April 2017 Shadow Brokers leak. The particular information categorizes external APT attackers and calls them SIG1 to SIG45. For more, please check the paper. Please do not forget The corresponding external sample hash list text file.
Együttműködési megállapodás a Microsec Zrt-vel
Örömmel jelentjük be, hogy a CrySyS labor együttműködési megállapodást kötött a PKI alkalmazásában és fejlesztésében úttörő szerepet betöltő Microsec Zrt-vel.
A két szervezet az elmúlt években is aktív kapcsolatot ápolt, mely keretében a Microsec anyagi és tárgyi eszközökkel támogatta laborunk kutatómunkáját, valamint a laborból indult etikus hackercsapat, a !SpamAndHex külföldi versenyeken való részvételét. Jelen megállapodással a Microsec célja a PKI-val kapcsolatos kutatás-fejlesztési és innovációs tevékenységek kiemelt támogatása, az egyetemi kapcsolatok erősítése, a kutatásokhoz első kézből információk szolgáltatása a gyakorlati problémákkal kapcsolatban. A labor számára az előnyt a tehetséggondozási programunk anyagi támogatása, valamint érdekes, az ipari gyakorlathoz kapcsolódó kutatási feladatok megfogalmazása, és a stabil ipari kapcsolat jelentik.
A PKI kutatások területén a jövőben a labor a Microsec kihelyezett kutató laboratóriumaként működik, és közös publikációk megjelentetésére törekszik.