In recent weeks multiple proposals for schemes allowing contact tracing for combating the spread of COVID-19 have been published (e.g., DP-3T, Google and Apple, and PACT). Many of those proposals try to implement this functionality in a decentralized and privacy-preserving manner using Bluetooth Low Energy (BLE). In this talk, we will describe Bluetooth based contact tracing and the difference between centralized and decentralized approaches. We will then present ``Hashomer'', our proposal for a contact tracing scheme tailored for the Israeli Ministry of Health's ``Hamagen'' application, and describe its security and privacy properties. A prototype implementation of this design can be found at https://github.com/eyalr0/HashomerCryptoRef.

Joint work with Eyal Ronen (TAU)

We address the problem of reverse engineering of stripped executables which contain no debug information. This is a challenging problem because of the low amount of syntactic information available in stripped executables, and due to the diverse assembly code patterns arising from compiler optimizations.

We present a novel approach for predicting procedure names in stripped executables. Our approach combines static analysis with sequence-to-sequence (seq2seq) models. The main idea is to use static analysis to obtain augmented representations of API call sites; encode a set of sequences of these call sites by traversing the Control-Flow Graph; and finally, attend to the encoded sequences while decoding the target name.

We use our representation to drive both LSTM-based and Transformer-based architectures. Our evaluation shows that our model produces predictions that are difficult and time consuming for humans, while improving on the state-of-the art by 20% and improving by 84% over state-of-the-art neural models that do not use any static analysis.

The International Standardization Organization (ISO) is responsible for promoting different types of standards --- from the ISO 9000 series (for quality assurance) to the ISO 27000 series (for computer security). In this talk we will cover a recent adventure in ISO/IEC JTC1 SC27/WG2, the working group discussing cryptographic standards. This adventure starts with a Russian cipher called Kuznyechic (grasshopper), involves the entire world: a young French-man, a Chinese delegation, a very smart elderly Japanese master of rules, which possibly ended with a vote that did not take place in St. Petersburg due to the Corona.

The WPA3 certification aims to secure home networks, while EAP-pwd is used by certain enterprise WiFi networks to authenticate users. Both use the Dragonfly handshake to provide forward secrecy and resistance to dictionary attacks. In this paper, we systematically evaluate Dragonfly's security. First, we audit implementations, and present timing leaks and authentication bypasses in EAP-pwd and WPA3 daemons. We then study Dragonfly's design and discuss downgrade and denial-of-service attacks. Our next and main results are side-channel attacks against Dragonfly's password encoding method (e.g.~hash-to-curve).

We believe that these side-channel leaks are inherent to Dragonfly. For example, after our initial disclosure, patched software was still affected by a novel side-channel leak. We also analyze the complexity of using the leaked information to brute-force the password. For instance, brute-forcing a dictionary of size 10^10 requires less than $1 in Amazon EC2 instances. These results are also of general interest due to ongoing standardization efforts on Dragonfly as a TLS handshake, Password-Authenticated Key Exchanges (PAKEs), and hash-to-curve. Finally, we discuss backwards-compatible defenses, and propose protocol fixes that prevent attacks. Our work resulted in a new draft of the protocols incorporating our proposed design changes.

Joint work with Mathy Vanhoef (New York University Abu Dhabi)

PLCs act as the bridge between the physical world and the cyber domain, the logic embedded in them controls the process and the active field devices. Although a cyber-attack on PLCs can result in a massive collateral damage there is not enough awareness to this threat vector. Recent reports indicate that actors take advantage of ICS equipment accessible over the Internet in order to manipulate or interrupt the physical process. The INCD is aware of this threat vector, and works to mitigate it. The presentation will cover ICS fundamentals and the actions taken by INCD to address this issue.

Itay is the Cyber Technology Manager of the Israeli CERT (CERT-IL). He has over 10 years in the cyber security field with an extensive background of ICS security.

The Siemens industrial control systems architecture consists of Simatic S7 PLCs which communicate with a TIA engineering station and SCADA HMI on one side, and control industrial systems on the other side. The newer versions of the architecture are claimed to be secure against sophisticated attackers, since they use advanced cryptographic primitives and protocols. In this paper we show that even the latest versions of the devices and protocols are still vulnerable. After reverse- engineering the cryptographic protocol, we are able to create a rogue engineering station which can masquerade as the TIA to the PLC and inject any messages favourable to the attacker. As a first example we extend attacks that can remotely start or stop the PLC to the latest S7-1500 PLCs. Our main attack can download control logic of the attacker's choice to a remote PLC. Our strongest attack - the stealth program injection attack - can separately modify the running code and the source code, which are both downloaded to the PLC. This allows us to modify the control logic of the PLC while retaining the source code the PLC presents to the engineering station. Thus, we can create a situation where the PLC's functionality is different from the control logic visible to the engineer.

Joint work with Eli Biham, Aviad Carmel, Alon Dankner, Uriel Malin (TAU) and Avishai Wool (TAU)

With a great ecosystem, comes great responsibility, and application security is not one to wave off. Let’s review some black clouds of security horror stories in the Node.js ecosystem, and learn how malicious npm packages work, how to avoid them and apply npm and Node.js security best practices every developer should know with hands-on live hacking.

Liran Tal is a Developer Advocate at Snyk and a member of the Node.js Security working group. Among his security activities Liran also published Essential Node.js Security and O’Reilly’s Serverless Security books, and is a core contributor to OWASP NodeGoat project. He is passionate about the open source movement, web technologies and testing and software philosophy.

Today modern cloud native infrastructure is composed of various CNCF projects to build, manage, and deploy containerised applications in an automated manner. These tools provide great flexibility, ease of use, and speed up development, but the ecosystem is developing at a blazing fast pace, which in turn causes various little mistakes in the products that could leave the supply chain up for grabs for a motivated adversary. In this talk we will follow the path of the software supply chain and explore its components and their common problems, and finally dive into a couple of container escape examples.

Daniel is a Sr Staff Researcher at PANW, currently involved in security research of CNCF projects with a focus on OS implementations. For the past 11 years Daniel has found and fixed critical security problems for various enterprises, government agencies, healthcare and open-source projects in the US, Europe & Israel. He is passionate about breaking and rebuilding stuff, and his work provides him the joy to do it on a daily basis in a productive manner.