[Back]


Doctor's Theses (authored and supervised):

J. Ullrich:
"Geheime Kommunikation im Internet";
Supervisor, Reviewer: E. Weippl, T. Zseby, D. Balzarotti, G. Pernul; Institute of Software Technology and Interactive Systems, 2016; oral examination: 2016-10-28.



English abstract:
Secret communication characterizes clandestine approaches of communication: Covert channels conceal a communicationīs mere existence, side channels are unintended by the sender,
and obfuscation conceals sender and/or receiver or hinders their correlation.
The ability to establish such secret communication provides a powerful instrument to adversaries; attacks involving secret communication encompass in general three steps:
(1) the development of the secret communication channel,
(2) the extraction of information using this channel
and finally (3) exploitation of the gained information to cause further harm. Hitherto, research concentrates on the first aspect - channel development - and assesses channel capacities to evaluate a channelīs impact on security. The more capacity, the more dangerous a channel is considered. In some scenarios, a single bit of transmitted
data however suffices, whereas in other situations a high-capacity channel is useless due to an overall lack of sensitive data. Hence, it is more promising to include the latter two aspects, and ask for the information gained by an adversary as well as the advantages she
takes from this information. This line of action also implies that secret communication must not be considered separately from its context.
In this thesis, we strive to advance research through the development of attack paths including all steps from channel development to exploitation in order to improve the understanding of secret communication and its impact on security. For the context,
we choose two contemporary scenarios in computer science, cloud computing and the Internet Protocol version 6 (IPv6). While the first is a recently introduced operating model that provides new functionality by reusing existing technology, the latter is a novel
technology replacing its predecessor with (almost) the same functionality and is going to affect all Internet users - consciously or unconsciously - in the long run. We develop two
full attacks per context; our results emphasize that secret communication serves both, benign and malicious, goals.

Created from the Publication Database of the Vienna University of Technology.