The preliminary program below is constantly updated.

 

Tuesday
4. September
Wednesday
5. September
9:00 – 10:30 Dr. Mario Lamberger, NXP

Alice and Bob in Wonderland or A first glimpse into the world of cryptography and security.

Speaker tba.

Topic tba.


Benjamin Böck, XSEC infosec

Break and enter: Lessons (not) learned from professional penetration testing

10:30 – 11:00 Coffee Coffee
11:00 – 12:30 Michael Schwarz, TU Graz
Red Team vs Blue Team: Memory Safety, Exploitation, and Countermeasures
Dr. Stefan Kraxberger, secinto

Certification Landscape


Dr. Elisabeth Hödl, ubifacts

GDPR (DSGVO)

12:30 – 14:00 Lunch Lunch
14:00 – 15:15 Thomas Zefferer, TU Graz

Threat Modeling


Meet the project

Peter Vrabec

Security in Enterprise Open-source Operating System


Meet the project

15:15 – 16:00 Coffee + Project tables Coffee + Project tables
16:00 – 17:30 Prof. Bart Preneel, COSIC KU Leuven and imec

Keynote: Challenges for Security and Privacy

Dr. Thomas Pöppelmann, Infineon

Post-quantum cryptography on embedded microcontrollers


Christoph Striecks, AIT

Trust in Chained Blocks: What is the Blockchain Technology?

17:30 – 19:00 Dinner

“Alte Technik”

 


 

Mario Lamberger – Alice and Bob in Wonderland or A first glimpse into the world of cryptography and security.

In a connected Internet of Things, the number of opportunities becomes virtually limitless, but equally, so does the number of
potential vulnerabilities.
This talk tries to give an introduction to crucial concepts of cryptography and security which become more and more relevant every day.
We will cover basic building blocks that play a role in almost every secure solution nowadays and will highlight how easy things can go wrong
on many real-life examples from the recent past.

Michael Schwarz – Red Team vs Blue Team: Memory Safety, Exploitation, and Countermeasures

Memory corruption is a central topic in IT security. From stack-based buffer overflows to sophisticated code-reuse attacks, exploits are a constant threat for nearly three decades. In this talk, we give a brief introduction to the security wargame of the red and blue teams and their goals. We try to define what an exploit actually is, and how the process of exploitation works. Based on different real-world exploitation techniques, we show how complicated it is to come up with countermeasures which lead to non-exploitable programs. We demonstrate both exploits and real-world countermeasures on simple programs, as well as on real-world applications.

Bart Preneel – Challenges for Security and Privacy

This talks looks at the major trends in information technology and their impact on security and privacy: this include the Internet of Things, Big Data, and the shift towards cloud architectures. While society is becoming more and more critically dependent on these technologies, governments are exploiting them for mass surveillance and are escalating a cyber war with a major risk for proliferation of powerful tools. At the same time, the crypto wars of the 1990s are returning to center stage. This talk will reflect on how these new threat models affect future research in cryptology and information security.

Peter Vrabec – Security in Enterprise Open-source Operating System

What security technologies are provided in an Enterprise Operating System that is being developed the open-source way? How do we satisfy customer’s needs and cultivate open-source communities at the same time? The talk provides an overview of technologies we develop or contribute to. We explain use cases and future directions. We share the lessons learned from working with open-source communities.

Thomas Pöppelmann – Post-quantum cryptography on embedded microcontrollers

Due to their computing power, quantum computers may have the disruptive potential to break various currently used encryption and authentication algorithms within the next 15 to 20 years. Once available, quantum computers could perform certain calculations much faster than today’s computers and would especially threaten currently used asymmetric algorithms such as RSA and elliptic curve cryptography (ECC). This is an issue as almost all internet security standards like transport layer security (TLS), S/MIME or PGP/GPG use these two essential algorithms to protect data communication with smart cards, computers, and servers or embedded IoT systems. An approach that aims to replace RSA and ECC in next generation security protocols is post-quantum cryptography (PQC). However, to withstand quantum calculation power new schemes and mathematical problem have to be found, evaluated, and implemented. Such implementation can be particularly challenging on constrained devices with limited processing power or small internal memories. In this talk we will provide an overview on latest results regarding the implementation of PQC on microcontrollers and smart cards. Moreover, we briefly discuss the current state of PQC standardization.

Christoph Striecks – Trust in Chained Blocks: What is the Blockchain Technology?

This talk will give an introduction to the Blockchain technology. Thereby, the basic concepts will be explained as well as challenges and opportunities tailored for industries presented. In particular, the focus will be on (a) what the Blockchain is, (b) what the Blockchain is not, and (c) what application areas might benefit from the technology.

Benjamin Boeck – Break and enter: Lessons (not) learned from professional penetration testing

Penetration tests are authorized simulated attacks on computer systems in order to evaluate their security. In this talk, we present interesting and sometimes outrageous results from recent assignments as “professional attackers”. Our targets include technical solutions such as networks, clients and applications – but in social engineering attacks, the human element as the weakest link in information security can be “hacked” as well.