This is a project report from the Power Systems Engineering Research Center (PSERC). PSERC is a multi-university Center conducting research on challenges facing a restructuring electric power industry and educating the next generation of power engineers. More information about PSERC can be found at the Center's website: Notice Concerning Copyright Material PSERC members are given permission to ...

In this article, we provide the first third-party security analysis of the PRINCE lightweight block cipher, and the underlying PRINCEcore. First, while no claim was made by the authors regarding related-key attacks, we show that one can attack the full cipher with only a single pair of related keys, and then reuse the same idea to derive an attack in the single-key model for the full PRINCEcore...

Not all of the protocol security flaws described at the SSR2014 conference were discovered using these new automated techniques. Several significant findings were the result of more traditional methods. These findings included flaws in standardized and deployed protocols, as well as important innovations to improve and extend the capabilities of long-used cryptographic techniques. Based on thes...

Dieser Beitrag stellt das ” Security Workflow Analysis Toolkit“ (SWAT) vor, eine Plattform für die formal fundierte Analyse von Geschäftsprozessen. Ausgehend von als Muster formalisierten Sicherheitsanforderungen dient SWAT als Basis für die Analyse von Prozessmodellen und Prozesslogs. Der vorliegende Beitrag zeigt anhand von Beispielen, welche Arten von Analysen mit SWAT möglich sind und wie S...

Over the last few years, the use of virtualization technologies has increased dramatically. This makes the demand for efficient and secure virtualization solutions become more obvious. Container-based virtualization and hypervisor-based virtualization are two main types of virtualization technologies that have emerged to the market. Of these two classes, container-based virtualization is able t...

The release of Apple’s iPhone was one of the most intensively publicized product releases in the history of mobile devices. While the iPhone wowed users with its exciting design and features, it also angered many for not allowing installation of third party applications and for working exclusively with AT & T wireless services (in the US). Besides the US, iPhone was only sold only in a few othe...

DECT is a standard for cordless phones. The intent of this thesis is to evaluate DECT security in a comprehensive way. To secure conversations over the air, DECT uses two proprietary algorithms, namely the DECT Standard Authentication Algorithm (DSAA) for authentication and key derivation, and the DECT Standard Cipher (DSC) for encryption. Both algorithms have been kept secret and were only ava...

The goal of the project was to develop new methods to discover security vulnerabilities and security exploits. The research involved static analysis, dynamic analysis, and symbolic execution of software at both the source-code and machine-code levels. An aspect that distinguished the approach taken in the project from previous work was the attempt to uncover security problems due to differences...

It is further believed that any practical attacks against HyRal are not possible with respect to the state-of-the-art. That is, we conclude that HyRal might be resistant to some well-known analysis such as differential attack, higher order differential attack, linear attack(including Truncated Linear Attack), interpolation attacks, algebraic attack (including XL attack and XSL attack), related ...

An operational formal specification of the Tramel system is presented. Tramel is used by NASA’s Jet Propulsion Laboratory to support asynchronous inter-task communication of distributed software across varying architectures and operating systems. Security analysis of communications between non-Tramel programs and Tramel is explored using an operational trace-based specification model.