Is Hardware the missing link for comprehensive Software Security?
Details
This first Meetup of an upcoming event series will be about hardware security and how it represents an important element for enhanced software security.
We invited experts from across Germany to join us in Berlin to share more about their work and research about cutting-edge technology in the field of hardware security.
Since this Meetup is an interactive format, we emphasize on theory and practice, including live demos and discussions 🎉
Agenda:
18.00 Open Doors
18.15 Welcome to Tungsten Labs
18.30 Nico Weichbrodt: Introduction to Intel Software Guard Extensions
19.00 Arne Brüsch: Exploring Directions for Secure Device-to-Device Communication
19.30 Dominik Schürmann: Using 2FA Security Keys for Encryption (Live Demo)
20:00 Sergej Dechand: How to effectively spot Bugs in Internet-of-Things Devices
20:30 Frinks (Free Drinks) and Mingling
--
- Introduction to Intel Software Guard Extensions
In this talk, Nico Weichbrodt will give an overview about Intel Software Guard Extensions (SGX). Starting with the technical details, we will take a look at how SGX works internally, going over its capabilities and how to use it. Lastly, we take a look at current attacks and mitigations.
Bio: Nico Weichbrodt is a PhD student at TU Braunschweig since 2016. He has been working with Intel SGX for the last four years while having authored two and co-authored five papers related to SGX. He is mainly interested in the technical details of SGX, attacks against it and building tools that work with SGX.
- Exploring Directions for Secure Device-to-Device Communication
The proliferation of the IoT and the emerging vision of self-driving vehicles demand for highly scalable security schemes in inter-device
communication. Any pre-deployment at the factory inherently carries the threat of long lists of keys being compromised at once - which would mean an incision in the reputation scores of the manufacturer in charge. Yet, without pre-shared keys, there are no trivial means of telling an honest communication partner and a malicious intruder apart. The talk reports about current research results concerning the security of existing methods and presents promising directions in zero-interaction authentication between arbitrary devices that share some measurable context.
Bio: Arne Brüsch received his MSc. in Computer Science from TU Braunschweig in 2017. During his studies, he has worked as a research intern at Aalto University, Finland. Since 2018, he works as a research assistant with the Institute of Systems Security at TU Braunschweig, where he also pursues a PhD.
- Live Demo: Using 2FA Security Keys for Encryption
Dr.-Ing. Dominik Schürmann from Cotech presents a live demo of their technology to use 2FA Security Keys to encrypt data on smartphones.
- How to effectively spot Bugs in Internet-of-Things Devices
While IoT devices are widely adopted in industrial environments, they are also the reason for various headlines related to security breaches. Coverage-based fuzzing is an effective and efficient method to find security-related software bugs. However, there is no feasible coverage-based fuzzing solution for IoT environments. Our goal is to make the fuzzing tooling architecture-agnostic. In this talk, we will have a look on the challenges in fuzzing IoT software and how we solve this problem.
– by Sergej Dechand, Co-founder of Code Intelligence GmbH
Get your seat and RSVP now 👀
We are proud to support the Berlin Code of Conduct (berlincodeofconduct.org)