Christian Schanes


Image
Projektass. Dipl.-Ing. Dr.techn.

Christian Schanes

  • About:
  • Orcid:
  • Keywords:
  • Roles: PostDoc Researcher

Publications

Global VoIP security threats - large scale validation based on independent honeynets
Markus GruberDirk HoffstadtAdnan AzizFlorian FankhauserChristian SchanesErwin RathgebThomas Grechenig

View .bib

Handle: 20.500.12708/56363; Year: 2015; Issued On: 2015-01-01; Type: Publication; Subtype: Inproceedings; Peer Reviewed:

Keywords:
Astract: Voice over IP (VoIP) gains more and more attractiveness by large companies as well as private users. Therefore, the risk increases that VoIP systems get attacked by hackers. In order to effectively protect VoIP users from misuse, researchers use, e.g., honeynets to capture and analyze VoIP attacks occurring in the Internet. Global VoIP security threats are analyzed by studying several millions of real-world attacks collected in independent VoIP honeynet solutions with different capture mechanisms over a long period of time. Due to the validation of results from several honeynet designs we have achieved a unique, much broader view on large scale attacks. The results show similar attacker behavior, confirm previous assumptions about attacks and present new insights in large scale VoIP attacks, e.g., for toll fraud.

Gruber, M., Hoffstadt, D., Aziz, A., Fankhauser, F., Schanes, C., Rathgeb, E., & Grechenig, T. (2015). Global VoIP security threats - large scale validation based on independent honeynets. In 2015 IFIP Networking Conference (IFIP Networking). IFIP Networking Conference (IFIP Networking 2015), Toulouse, Frankreich, EU. IEEE Conference Publications. https://doi.org/10.1109/ifipnetworking.2015.7145329
Prying open Pandora's box: KCI attacks against TLS
Clemens HlauschekMarkus GruberFlorian FankhauserChristian Schanes

View .bib

Handle: 20.500.12708/86209; Year: 2015; Issued On: 2015-01-01; Type: Presentation; Subtype: Presentation;

Keywords:
Astract: Protection of Internet communication is becoming more common in many products, as the demand for privacy in an age of state-level adversaries and crime syndicates is steadily increasing. The industry standard for doing this is TLS. The TLS protocol supports a multitude of key agreement and authentication options which provide various different security guarantees. Recent attacks showed that this plethora of cryptographic options in TLS (including long forgotten government backdoors, which have been cunningly inserted via export restric- tion laws) is a Pandora's box, waiting to be pried open by heinous computer whizzes. Novel attacks lay hidden in plain sight. Parts of TLS are so old that their foul smell of rot cannot be easily distinguished from the flowery smell of 'strong' cryptography and water-tight security mechanisms. With an arcane (but well-known among some theoretical cryptographers) tool, we put new cracks into Pandora's box, achieving a full break of TLS security. This time, the tool of choice is KCI, or Key Compromise Impersonation. The TLS protocol includes a class of key agreement and authentication methods that are vulnerable to KCI attacks: non-ephemeral Diffie-Hellman key exchange with fixed Diffie-Hellman client authentication - both on elliptic curve groups, as well as on classical integer groups modulo a prime. We show that TLS clients that support these weak handshakes pose serious security concerns in modern systems, opening the supposedly securely encrypted communication to full-blown Man-in-the-Middle (MitM) attacks. This paper discusses and analyzes KCI attacks in regard to the TLS protocol. We present an evaluation of the TLS software landscape regarding this threat, including a successful MitM attack against the Safari Web Browser on Mac OS X. We conclude that the insecure TLS options that enable KCI attacks should be immediately dis- abled in TLS clients and removed from future versions and implementations of the protocol: their utility is extremely limited, their raison d'etre is practically nil, and the existence of these insecure key agreement options only adds to the arsenal of attack vectors against cryptographically secured communication on the Internet.

Hlauschek, C., Gruber, M., Fankhauser, F., & Schanes, C. (2015). Prying open Pandora’s box: KCI attacks against TLS. 9th USENIX Workshop on Offensive Technologies (WOOT 15), Washington D.C., Non-EU. http://hdl.handle.net/20.500.12708/86209
KCI-based Man-in-the-Middle Attacks against TLS
Clemens HlauschekMarkus GruberFlorian FankhauserChristian Schanes

View .bib

Handle: 20.500.12708/86221; Year: 2015; Issued On: 2015-01-01; Type: Presentation; Subtype: Presentation;

Keywords:

Hlauschek, C., Gruber, M., Fankhauser, F., & Schanes, C. (2015). KCI-based Man-in-the-Middle Attacks against TLS. BSidesVienna 2015, Wien, Austria. http://hdl.handle.net/20.500.12708/86221
Handle: 20.500.12708/86225; Year: 2015; Issued On: 2015-01-01; Type: Presentation; Subtype: Presentation;

Keywords:

Schanes, C., Fankhauser, F., & Grechenig, T. (2015). Aktive Bewußtseinsbildung. Workshop Internationale Wirtschafts- und Industriespionage, Wien, Austria. http://hdl.handle.net/20.500.12708/86225
Architecture for Trapping Toll Fraud Attacks Using a VoIP Honeynet Approach
Markus GruberChristian SchanesFlorian FankhauserMartin MoutranThomas GrechenigJavier LopezXinyi HuangRavi Sandhu

View .bib

Handle: 20.500.12708/55054; Year: 2013; Issued On: 2013-01-01; Type: Publication; Subtype: Inproceedings; Peer Reviewed:

Keywords:
Astract: Voice over IP systems are more and more replacing Public Switched Telephone Network infrastructures. The number of voice telephony installations and the number of Session Initiation Protocol users is constantly increasing. Attacks against Voice over IP systems are becoming more imaginative and many attacks can cause financial damage, e.g., attackers gain money or create costs for the victim. Therefore, the dependency on available and secure Voice over IP systems to conduct secure business is given. We provide an environment to uncover real-world toll fraud attacks by collecting data using a Voice over IP honeynet solution.

Gruber, M., Schanes, C., Fankhauser, F., Moutran, M., & Grechenig, T. (2013). Architecture for Trapping Toll Fraud Attacks Using a VoIP Honeynet Approach. In J. Lopez, X. Huang, & R. Sandhu (Eds.), Network and System Security (pp. 628–634). Springer Lecture Notes in Computer Science. http://hdl.handle.net/20.500.12708/55054

Team

Business Informatics Group, TU Wien

Head


Team member

Henderik Proper

Univ.Prof. PhD

Professors


Team member

Christian Huemer

Ao.Univ.Prof. Mag.rer.soc.oec.
Dr.rer.soc.oec.

Team member

Dominik Bork

Associate Prof. Dipl.-Wirtsch.Inf.Univ.
Dr.rer.pol.

Team member

Gerti Kappel

O.Univ.Prof.in Dipl.-Ing.in
Mag.a Dr.in techn.

Team member

Henderik Proper

Univ.Prof. PhD

Visiting Scientists


Team member

Christiane Floyd

Hon.Prof.in Dr.in phil.

Team member

Johanna Barzen

Dr. phil.

Administration



Researchers


Team member

Aleksandar Gavric

Univ.Ass. MEng. B.Eng.

Team member

Galina Paskaleva

Projektass.in Dipl.-Ing.in
Dipl.-Ing.in BSc

Team member

Marianne Schnellmann

Univ.Ass.in BSc MSc

Team member

Marion Murzek

Senior Lecturer Mag.a rer.soc.oec.
Dr.in rer.soc.oec.

Team member

Marion Scholz

Senior Lecturer Dipl.-Ing.in
Mag.a rer.soc.oec.

Team member

Miki Zehetner

Univ.Ass. DI Bakk.rer.soc.oec. MSc

Team member

Syed Juned Ali

Univ.Ass. BSc MSc

External Researchers




Team member

Marco Huymajer

Univ.Ass. Dipl.-Ing.