#rC3 my Day One

In this German talk at 13:00, Lars Roemheld illustrates which challenges the German Corona-Warning app had to tackle. In the first week of publication, they had 13 mio. downloads (ie. breaking the record of Pokémon Go). Now in Dec 2020, 25 mio. downloads took place. It was interesting to see how important which process

Notes:

At 2pm, all streams had technical issues, but on one computer I was able to attend “Tracking Ransomware End-to-end”. This is an academic 15-minutes talk where the presenter introduced the methodology to assess/estimate the amount of ransom payments per ransomware. The use of academic wording, quick switching between graphs and monotonous intonation made it more difficult to follow than the first talk.

Paper: “Tracking ransomware end-to-end” by Danny Yuxing Huang, Maxwell Matthaios Aliapoulios, Vector Guo Li, Luca Invernizzi, Elie Bursztein, Kylie McRoberts, Jonathan Levin, Kirill Levchenko, Alex C Snoeren, Damon McCoy (published on 2018-05-20 after peer review in IEEE SP 2018)

This talk was in German, took 40 minutes and consisted of two parts.

Mike Sperber shows in this tutorial talk how to build a BASIC-like programming language in Racket, a LISP dialect based on Scheme. He put the tutorial source code’s online. Somehow, talks in ChaosZone TV are not shown in the pretalx schedule. Thus, there is no link, but the talk was announced in the schedule shown on the streaming platform (streaming.media.ccc.de).

It was interesting to see his train of thought. It was also interesting to see a LISP in action. His talk was the first one, where I experienced the advantage of pre-recorded talks: During the talk, I asked questions I had and gave feedback. And I got a reply immediately. Overall, it would be interesting to get more details about the concepts involved (e.g. phases), but as pointed out the talk was constrained by the allotted time. Overall, it was very neat to see some programming in action and the tutorial was well-designed and self-contained. Well done!

daherb gives a broad overview over type theory and its relation to linguistics in this talk. First he started with distinguishing syntax, semantics, and pragmatics. Whereas syntax is “about drawing trees” and people are great on this, semantics is a field not approached at all in the past. Pragmatics is illustrated in a tweet by Gary:

He reiterates on the question of meaning with example sentences. “John is searching for a unicorn” might have some meaning in some context, but the non-existence of unicorn makes it a pointless sentence. He concludes that meaning is a philosophical problem. He proceeds with giving examples how knowledge is derived from an existing knowledge base (i.e. implications) (one example is from the FraCaS test suite).

Computational linguistic is splitting deriving meaning into “formal approaches” (Truth-conditional, Proof-theoretic, …) and “statistical approaches” (Vector space, Language models, …) and others. daherb points out that he likes formal approaches more. He puts the title of the talk in focus again and revisits history:

Alonzo Church and Richard Montague are presented as representatives for simply typed languages. Montague voiced in 1970, “There is in my opinion no important theoretical difference between natural languages and the artifical languages of logicians; indeed I consider it possible to comprehend the syntax and semantics of both kinds of languages with a single natural and mathematically precise theory”, daherb gives an example for a simply-typed language:

Applying this concept to intransitive verbs gives <e, t> as semantic type whereas transitive verbs should be represented as <e, <e, t>>. One example of a property is sleep whereas love is a relation. Montague’s theory was then extended with compositionality attributed to Young Frege. Compositionality essentially allows to destruct a sentence into its components.

Then lambda calculus is revisited. Lambda expressions are introduced to convert a formula like x^2 + 2x into a function mapping ℕ → ℕ written as λx. x^2 + 2x. This somewhat reminds me of the difference between polynomials and polynomial functions in mathematics. An improvement over this concept is Modern Type Theory (MTT, previously Martin-Löf Type Theory) developed by Per Martin-Löf and Aarne Ranta. Then the problem of subtyping emerges requiring some ontology. At this point, he closed his talk.

In general, it was a quite good talk summing up academic developments in type theory. It seemed a little bit abrupt; I would have loved to see some results of research in this field. In the Q&A, daherb admits that there is no sufficiently large type system to reason about English text and current research in this field is focusing on statistical models to learn knowledge from large corpora. And furthermore, he admits that even though people are good at drawing trees, the layout depends on how much effort you want to put into the details.

Proof assistants:

Interestingly, this talk from Room One does not have a pretalx link either. Jiska is an expert on wireless communication and discusses the notification technology to support Corona virus tracing.

First she justified how Bluetooth Low Energy (BLE) is the best technology available for this job. Followingly, she illustrates that old bluetooth stacks and outdated devices are at much higher risk than devices exposed to Bluetooth worms. This is intuitive that spreading can only happen in close proximity to a compromised device. Essentially, she points out that there is no increase in attack risk with using the exposure framework compared to enabled bluetooth. Any app not using the exposure framework is using active connections which is putting the user on more risk. She also defined the centralized approach as “contact tracing” whereas the decentralized approach is called “exposure notification”. She summed up attacks on Exposure Notifications including the time machine attack (idea: spoof time; difficult to implement because you would screw up TLS as well), the wormhole attack (idea: replay exposure notifications at another place; does not scale and does not compromise system because no uninfected person is declared as infected) and identity tracking attack (idea: deploy devices everywhere and then you can track the movement of users; does not scale at all and very expensive).

This talk by Mohammed Sadat Abdulai and Lèa Lacroix introduces listeners to WikiData (at WikiPaka, no pretalx link). It shows the relation of WikiData to other Wiki projects and illustrates how data is structured. For example, translations of entities are added with special keys per language key. Furthermore bots contribute to the project by automating work.

Michael Schwarz and Jo Van Bulck explain Load Value Injection, which is the logical next step after Meltdown and Spectre. You poison the microarchitectural processor buffer. Then a faulting load is induced in the victim program which injected into code gadgets following the faulting load in the victim program. Then side channels may leave secret-dependent traces before a rollback by the processor happens. As countermeasure the introduction of LFENCE after every faulting load is presented. In the Q&A, Jo answered that AMD/ARM might be interesting future targets for such attacks, but by experience Intel architectures are more susceptible to such attacks.

The talk was done in the style, we are used by Daniel Gruss. Dramatic music was played during the talk, many scenes in the settings of a movie were played and many questions were asked by the other speaker to introduce the next talk element.

Tobias Buchberger talks about his master thesis on Tox. Tox is a P2P messenger protocol and tox-core is the FOSS library implementation.

Tox uses the NaCl library by Daniel Bernstein. When negotiating a key for communication between parties, the elliptic-curve variant of the Diffie-Hellman exchange (ECDH) is used. Tobias described an attack which can be extended to a Man-In-The-Middle attack. He concludes an “overall a complete redesign of the toxcore library is necessary”. Trevor Perrin created a Noise protocol and Tobias looked at the Noise KK patterns first, but had to switch to Noise IK later on. The first implementation used the ChaCha20-Poly1305 cipher during the handshake and also for encryption duringthe transport phase. But this approach cannot handle UDP packets and thus they switched to ChaCha20-Poly1305 during the handshake and XSalsa20-Poly1305 for transport phase encryption which also works with packet loss.

The speaker focused on implementation attacks (e.g. the UDP issues), but IMHO the speaker should have elaborated on the handshake and attack details, because I think few listeners are familiar with Tox internals. chaosUser made the funny joke in IRC whether there is a Covid19-friendly alternative to Tox handshakes.

I came to this talk by 30 minutes late. They illustrated how an open port was used to upload a DLL to enable arbitrary remote code execution. Even though the company communicated professionally, the proposed fix to only apply the software in secure networks is insufficient.

Update 2021-04-03: Johannes Obermaier and Tobias Madl are security researchers. They cover the 2020 municipal elections in Bavaria. The voting system seems quite complex and therefore the election body gets supported by some closed-source software called OK.Vote (claimed to have a market share of 75%). In 2009, the use of voting computers in 2005 Bundestag election was ruled unconstitutional. However, this does not apply to municipal elections. Johanns explains that security requirements were certainly not met because he spotted a Windows XP computer spotted in the election room. As it turns out, they were taken from the local elementary school without reevaluating its security.

They revise the software architecture which consists of an Apache Tomcat, MariaDB, and Firefox portable. The first problem, they spotted is that reopening elections is possible without administrator access. This means that anyone can wipe the election data. They continued to look at XSS attacks. They showed a PoC which modified the username and submitted manipulated votes. They continued with other security aspects such as DB security where they retrieved the “trivially encrypted” password from the .class files. Then they described the DLL attack to achieve Remote Code Execution. Their conclusion is:

In the end, I think their research is thorough and well done, but it was also a bit lurid. Also their English has quite some German accent, which made it more difficult to follow for me.