Dr. Levente Buttyán

Associate Professor, Head of the Lab

buttyan (at) crysys.hu

web: www.hit.bme.hu/~buttyan/
office: I.E. 431
tel: +36 1 463 1803
fax: +36 1 463 3263

Current courses | Student projects | Publications

Short Bio

Levente Buttyán was born in 1970 in Salgótarján, Hungary. He received the M.Sc. degree in Computer Science from the Budapest University of Technology and Economics (BME) in 1995, and earned the Ph.D. degree from the Swiss Federal Institute of Technology - Lausanne (EPFL) in 2002.
In 2003, he joined the Department of Networked Systems and Services at BME, where he currently holds a position as an Associate Professor and leads the Laboratory of Cryptography and Systems Security (CrySyS Lab). He has done research on the design and analysis of secure protocols and privacy enhancing mechanisms for wireless networked embedded systems (including wireless sensor networks, mesh networks, vehicular communications, and RFID systems). Recently, he has been involved in the analysis of some high profile targeted malware, such as Duqu, Flame (aka sKyWIper), MiniDuke, and TeamSpy. Currently, his research interests are in embedded systems security (a.k.a. security for Internet of Things) and embedded systems forensics.

Current Courses

IT Security (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

IT Security (in English) (VIHIAC01)

IT Security Bootcamp (VIHIAL00)

This BSc course introduces problems related to general IT security.

Cryptographic Protocols (VIHIMA05)

This course introduces problems related to communication security in wired and wireless networks, describes the principles and practical implementations of modern security protocols that address those problems, and sheds light on protocol design issues through the detailed analysis of existing security protocols.

Computer Security (VIHIMA06)

The course introduces security problems in computing systems, as well as the principles, practical mechanisms, and tools used to solve them. The term computer is interpreted in a broad sense, and it includes personal computers, servers, mobile devices, and embedded computers. The course covers physical security and OS level security of computers, software security issues at the application level, secure programming, and the problem of malicious software (malware).

Secure Software Development (VIHIAV33)

This course fills an important gap in the education of software engineers, - namely developing secure software applications. During this course, students will learn the most common mistakes in software development and how attackers exploit those mistakes (offensive security). Then, students get to know how to mitigate attacks and write secure software applications.

Privacy-Preserving Technologies (VIHIAV35)

The sharing and explotation of the ever-growing data about individuals raise serious privacy concerns these days. Is it possible to derive (socially or individually) useful information about people from this Big Data without revealing personal information?
This course provides a detailed overview of data privacy. It focuses on different privacy problems of web tracking, data sharing, and machine learning, as well as their mitigation techniques. The aim is to give the essential (technical) background knowledge needed to identify and protect personal data. These skills are becoming a must of every data/software engineer and data protection officer dealing with personal and sensitive data, and are also required by the upcoming European General Data Protection Regulation (GDPR).

Privacy-Preserving Technologies (VIHIAV35)

Applied Cryptography (in English) (VIHIA030)

This course gives an introduction to the basics of cryptography, explains how basic building blocks work, and demonstrates how secure systems can be engineered by properly using them. Besides the theoretical background, we use lot of illustrative examples and show practical applications. In addition, besides the technical details, we give an outlook to the legal and business aspects of using cryptography. This course is offered only to students of the Aquincum Institute of Technology, Budapest.

Student Project Proposals

IoT biztonság

Az Internet ma már nem csak nagy teljesítményű szerverekből, személyi számítógépekből és mobil eszközökből áll, hanem számtalan intelligens beágyazott eszközt is magában foglal. Az előrejelzések szerint 2020-ra 25 milliárd ilyen eszköz lesz hálózatba kötve, és ez számos új és érdekes alkalmazás előtt nyitja meg az utat (pl. okos gyárak és Ipar 4.0, egymással és az útmenti infrastruktúrával kommunikáló járművek, okos városok, épületek, ...). Az intelligens beágyazott eszközökkel kibővült Internet, azaz az Internet of Things (dolgok Internete) vagy röviden IoT, azonban számos informatikai biztonsági kockázatot is magában rejt. Az IoT előre törését a beágyazott számítógépek és a vezeték nélküli kommunikáció fejlődése, illetve ezen technológiák árának folyamatos csökkenése teszi lehetővé. Az alacsony ár, a költségek minimalizálása azonban általában az informatikai biztonság hiányát eredményezi. Ugyanakkor, egyes IoT alkalmazásokban a biztonság hiánya fizikai és anyagi károkhoz vezethet, adott esetben emberéleteket követelhet. Ezekben az alkalmazásokban tehát meg kell találni a megfelelő egyensúlyt a költségek és a rendszer által nyújtott biztonság szintje között.

A CrySyS Lab a vezetője a Nemzeti Kiválósági Programban támogatást nyert SETIT (Security Enhancing Techniques for the Internet of Things) projektnek, ami azt a célt tűzte maga elé, hogy drasztikusan csökkenti az IoT biztonsági kockázatait, és ezzel lehetővé teszi az IoT alkalmazások szélesebb körű elterjedését. A projekten belül, a labor az IoT alkalmazások futtatására szolgáló beágyazott számítási platform biztonságával foglalkozik. Ez a terület azért fontos, mert a platform sikeres támadása a beágyazott eszköz feletti teljes uralom átvételét teszi lehetővé, és ez egyben hatással van minden azon futó alkalmazásra is. A platform biztonságának egyik fontos eleme a biztonságos boot folyamat kialakítása, mely során az eszköz úgy tölti be és indítja el az operációs rendszert és az alkalmazásokat, hogy előtte ellenőrzi azok sértetlenségét. A biztonságos boot folyamat garantálja, hogy újraindítás után helyes állapotba kerül az eszköz, ám továbbra is fennáll annak lehetősége, hogy futási időben kompromittálódik egy platform szintű sebezhetőségnek köszönhetően. Ezért fontos további feladat az operációs rendszer megerősítése (hardening), mint preventív lépés, és a futási időben történő folyamatos integritás-ellenőrzés, mint detekciós módszer. Szükséges lehet továbbá az integritás bizonyítása egy távoli fél (pl. a rendszer üzemeltetője) számára, melyre különböző ún. távoli igazolás (remote attestation) protokollok adnak lehetőséget. Végül alapvető fontosságú a biztonságos távoli szoftverfrissítés, hiszen a felfedezett sérülékenységek javítása csak így oldható meg hatékonyan folyamatosan működő rendszerekben. A platform biztonságon túl, foglalkozunk még IoT eszközök és rendszerek biztonsági tesztelésével (azaz egy speciális, IoT fókuszú, etikus hacker eszköztár kialakításával).

A témakör iránt érdeklődő hallgatók a fenti projekt keretében a fenti problémákon doglozhatnak, és munkájuk során megismerkedhetnek a beágyazott rendszerek programozásával, a beágyazott operációs rendszerek világával, Trusted Execution Environment (TEE) technológiákkal, kriptográfiai módszerek alkalmazásával, és foglalkozhatnak IoT hacking feladatokkal. Egy-egy feladaton több hallgató is dolgozhat egy team-et alkotva.

Biztonságos programozási feladatok készítése az Avatao rendszerben

A legtöbb szoftverfejlesztő tanulmányai során nem vagy felületesen találkozik a szoftverbiztonság témájával. Többek közt ez a fundamentális oka annak, hogy az informatikai támadások 80-90%-a emberi hibára, szoftverhibára vezethető vissza. Az Avatao, a CrySyS labor spinoff vállalkozása, egy olyan platformot épít, ahol a szoftverfejlesztők és más informatikusok gyakorlati példákon keresztül tanulhatják meg a biztonságos rendszerek építését. A feladatok létrehozására tartalomfejlesztői csapatokat hoztunk létre vezető szakértők mentorálásával. A diák feladata, hogy csatlakozzon egy ilyen csapathoz és profi egyetemi valamint céges mentorokkal együttműködve gyakorló biztonsági feladatokat hozzon létre az alábbi témakörökben:

Java webes alkalmazások (Java-SE/Java-EE) tervezése (design), programozása (coding), tesztelése (testing) és működtetése (DevOps).
Webes és desktop alkalmazások fejlesztése C# nyelven.
OWASP top 10-re épülő feladatsor kiegészítése defenzív, kódolási és tesztelési feladatokkal.
webes alkalmazások készítése (coding) és üzemeltetése (DevOps) Python nyelven illetve Python framework-ök (pl. django) biztonsági funkcióinak használata.
C/C++ nyelv biztonsági kihívásainak szemléltetése, kiemelt fókuszban a beágyazott rendszerek biztonságával.
data discovery/data science biztonsági kihívásai, elsősorban python és más scriptnyelvek segítségével, a GDPR követelményeire való felkészülés segítése.
DevOps biztonsági kihívásainak szemléltetése (aka. DevSecOps), modern alkalmazások biztonságos üzemeltetése módszereinek bemutatása, elsősorban scriptnyelvek és üzemeltetési technológiák segítségével (Docker, AWS, lambdák, stb.).

Vehicular Can Traffic Based Microtracking for Accident Reconstruction

A. Gazdag, T. Holczer, L. Buttyán, Zs. Szalay

Vehicle and Automotive Engineering 2, Lecture Notes in Mechanical Engineering, University of Miskolc, Miskolc, Hungary, 2018.

Bibtex | Abstract | PDF

@inproceedings {
   author = {András Gazdag, Tamas Holczer, Levente BUTTYÁN, Zsolt Szalay},
   title = {Vehicular Can Traffic Based Microtracking for Accident Reconstruction},
   booktitle = {Vehicle and Automotive Engineering 2, Lecture Notes in Mechanical Engineering},
   publisher = {University of Miskolc, Miskolc, Hungary},
   year = {2018}
}

Keywords

Digital forensics, CAN network

Abstract

Accident reconstruction is the process of reliably discovering what has happened before a serious event. We show how the most widely used intra vehicular network (namely the Controller Area Network, CAN) can be used in this process. We show how the actual velocity and steering wheel position transmitted on the CAN network can be used to reconstruct the trajectory of a vehicle. This trajectory is an essential input in the reconstruction process. In this paper, we show how the CAN traffic of an actual vehicle can be used to recon- struct the trajectory of the vehicle, and we evaluate our approach in several real life experiments including normal and pre-accident situations.

2017

Efficient Lossless Compression of CAN Traffic Logs

A. Gazdag, L. Buttyán, Zs. Szalay

IEEE Conference on Software, Telecommunications and Computer Networks (SoftCom), IEEE, 2017.

Bibtex | Abstract | PDF

@inproceedings {
   author = {András Gazdag, Levente BUTTYÁN, Zsolt Szalay},
   title = {Efficient Lossless Compression of CAN Traffic Logs},
   booktitle = {IEEE Conference on Software, Telecommunications and Computer Networks (SoftCom)},
   publisher = {IEEE},
   year = {2017}
}

Abstract

In this paper, we propose a compression method that allows for the efficient storage of large amounts of CAN traffic data, which is needed for the forensic investigations of accidents caused by cyber attacks on vehicles. Compression of recorded CAN traffic also reduces the time (or bandwidth) needed to off-load that data from the vehicle. In addition, our compression method allows analysts to perform log analysis on the compressed data, therefore, it contributes to reduced analysis time and effort. We achieve this by performing semantic compression on the CAN traffic logs, rather than simple syntactic compression. Our compression method is lossless, thus preserving all information for later analysis. Besides all the above advantages, the compression ratio that we achieve is better than the compression ratio of state-of-the-art syntactic compression methods, such as gzip.

Forensics aware lossless compression of CAN traffic logs

A. Gazdag, L. Buttyán, Zs. Szalay

@techreport {
   author = {Gábor Ács-Kurucz, Gábor Molnár, Gábor Vaspöri, Roland Kamarás, Levente BUTTYÁN, Boldizsár Bencsáth},
   title = {Duqu 2.0:A comparison to Duqu},
   institution = {BME CrySyS Lab},
   year = {2015}
}

Abstract

Embedded System Security: Threats, Vulnerabilities, and Attack Taxonomy

D. Papp, Z. Ma, L. Buttyán

IEEE International Confenrence on Privacy, Security, and Trust, 2015.

Bibtex | Abstract

@conference {
   author = {Dorottya Papp, Zhendong Ma, Levente BUTTYÁN},
   title = {Embedded System Security: Threats, Vulnerabilities, and Attack Taxonomy},
   booktitle = {IEEE International Confenrence on Privacy, Security, and Trust},
   year = {2015}
}

Abstract

Embedded systems are the driving force for technological development in many domains such as automotive, healthcare, and industrial control in the emerging post-PC era. As more and more computational and networked devices are integrated into all aspects of our lives in a pervasive and ``invisible' way, security becomes critical for the dependability of all smart or intelligent systems built upon these embedded systems. In this paper, we conduct a systematic review of the existing threats and vulnerabilities in embedded systems based on public available data. Moreover, based on the information, we derive an attack taxonomy for embedded systems. We envision that the findings in this paper provide a valuable insight of the threat landscape facing embedded systems. The knowledge can be used for a better understanding and the identification of security risks in system analysis and design.

ROSCO: Repository of signed code

D. Papp, B. Kócsó, T. Holczer, L. Buttyán, B. Bencsáth

Virus Bulletin, 2015.

Bibtex | PDF

@conference {
   author = {Dorottya Papp, Balázs Kócsó, Tamas Holczer, Levente BUTTYÁN, Boldizsár Bencsáth},
   title = {ROSCO: Repository of signed code},
   booktitle = {Virus Bulletin},
   year = {2015}
}

Abstract

The design and implementation of a PLC honeypot for detecting cyber attacks against industrial control systems

T. Holczer, M. Felegyhazi, L. Buttyán

Proceedings of International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, IAEA, 2015.

A Survey of Interdependent Security Games

A. Laszka, M. Felegyhazi, L. Buttyán

no. CRYSYS-TR-2012-11-15, CrySyS Lab, BME, Nov, 2012.

Bibtex | Abstract | PDF

@techreport {
   author = {Aron Laszka, Mark Felegyhazi, Levente BUTTYÁN},
   title = {A Survey of Interdependent Security Games},
   number = {CRYSYS-TR-2012-11-15},
   institution = {CrySyS Lab, BME},
   month = {Nov},
   year = {2012}
}

Keywords

interdependent security, security economics, security games

Abstract

Interdependence of information systems is a fundamental property that shapes the problems in information security. The risks faced by system operators and users is not only determined by their own security posture, but is heavily affected by the security-related decisions of other connected systems. Therefore, defending networked systems relies on the correlated action of the system operators or users. In this survey, we summarize game-theoretic interdependence models, characterize the emerging security inefficiencies and present solution methods. Our goal is to distill the main insights from the state-of-the-art and to identify the areas that need more attention from the research community.

A Wireless Sensor and Actuator Network for Improving the Electrical Power Grid Dependability

A. Grilo, A. Casaca, P. Pereira, L. Buttyán, J. Goncalves, C. Fortunato

Euro-NF Conference on Next Generation Internet (NGI), IEEE, 2012.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Antonio M. Grilo, Augusto Casaca, Paulo Pereira, Levente BUTTYÁN, José Goncalves, Carlos Fortunato},
   title = {A Wireless Sensor and Actuator Network for Improving the Electrical Power Grid Dependability},
   booktitle = {Euro-NF Conference on Next Generation Internet (NGI)},
   publisher = {IEEE},
   year = {2012}
}

Abstract

This paper presents an overview of a Wireless Sensor and Actuator Network (WSAN) used to monitor an electrical power grid distribution infrastructure. The WSAN employs appropriate sensors to monitor key grid components, integrating both safety and security services, which improve the grid distribution dependability. The supported applications include, among others, video surveillance of remote secondary substations, which imposes special requirements from the point of view of quality of service and reliability. The paper presents the hardware and software architecture of the system together with performance results.

Célzott informatikai támadások napjainkban

B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi

Budapest New Tech Meetup, Budapest, Hungary., December, 2012.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Gábor PÉK, Levente BUTTYÁN, Mark Felegyhazi},
   title = {Célzott informatikai támadások napjainkban},
   howpublished = {Budapest New Tech Meetup, Budapest, Hungary.},
   month = {December},
   year = {2012}
}

Abstract

Critical Infrastructure Security: Assessment, Prevention, Detection, Response

P. Langendoerfer, L. Buttyán, A. Casaca, E. Osipov, A. Hessler, C. Castelluccia, A. Alkassar

F. Flammini (ed), Wireless Sensor Networks for Critical Infrastructure Protection, pp. 155-167, WIT Press, 2012.

Bibtex

@inbook {
   author = {Peter Langendoerfer, Levente BUTTYÁN, Augusto Casaca, Evgeny Osipov, Alban Hessler, Claude Castelluccia, Ammar Alkassar},
   editor = {F. Flammini (ed)},
   title = {Critical Infrastructure Security: Assessment, Prevention, Detection, Response},
   chapter = {Wireless Sensor Networks for Critical Infrastructure Protection},
   pages = {155-167},
   publisher = {WIT Press},
   year = {2012}
}

Abstract

Cryptography: The strongest link in the chain

L. Buttyán, B. Bencsáth

Hackin9 Extra, vol. 8, no. 1, January, 2012, pp. 8-11.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, Boldizsár Bencsáth},
   title = {Cryptography: The strongest link in the chain},
   journal = {Hackin9 Extra},
   volume = {8},
   number = {1},
   month = {January},
   year = {2012},
   pages = {8-11}
}

Abstract

IT security architectures that use cryptographic elements sometimes fail, but it is rarely cryptography to blame. The reason is more often the use of cryptography in an inappropriate way, or the use of algorithms that do not really qualify as cryptographic. High quality cryptography is in fact the strongest link in the chain, and there are good reasons for that.

Duqu, Flame, Gauss - new challenges for a new era

B. Bencsáth, L. Buttyán, M. Felegyhazi, G. Pék

EuroNOG 2012 conference, Budapest, 10-11 Sept 2012, September, 2012.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Mark Felegyhazi, Gábor PÉK},
   title = {Duqu, Flame, Gauss - new challenges for a new era },
   howpublished = {EuroNOG 2012 conference, Budapest, 10-11 Sept 2012},
   month = {September},
   year = {2012}
}

Query Auditing, Statistical databases, Full disclosure, Partial disclosure, MIN, MAX aggregation queries

Abstract

In this paper, we dene a novel setting for query auditing, where instead of detecting or preventing the disclosure of individual sensitive values, we want to detect or prevent the disclosure of aggregate values in the database. More specically, we study the problem of detecting or preventing the disclosure of the maximum (minimum) value in the database, when the querier is allowed to issue average queries to the database. We propose efficient offline and online query auditors for this problem in the full disclosure model, and an ecient simulatable online query auditor in the partial disclosure model.

Secure and Reliable Clustering in Wireless Sensor Networks: A Critical Survey

P. Schaffer, K. Farkas, Á. Horváth, T. Holczer, L. Buttyán

accepted for publication in Elsevier Computer Networks, 2012.

Bibtex | Abstract

@article {
   author = {Peter Schaffer, Károly Farkas, Ádám Horváth, Tamas Holczer, Levente BUTTYÁN},
   title = {Secure and Reliable Clustering in Wireless Sensor Networks: A Critical Survey},
   journal = {accepted for publication in Elsevier Computer Networks},
   year = {2012}
}

Abstract

Abstract

Stuxnet was the first targeted malware that received worldwide attention forcausing physical damage in an industrial infrastructure seemingly isolated from the onlineworld. Stuxnet was a powerful targeted cyber-attack, and soon other malware samples were discovered that belong to this family. In this paper, we will first present our analysis of Duqu, an information-collecting malware sharing striking similarities with Stuxnet. Wedescribe our contributions in the investigation ranging from the original detection of Duquvia finding the dropper file to the design of a Duqu detector toolkit. We then continue with the analysis of the Flame advanced information-gathering malware. Flame is unique in thesense that it used advanced cryptographic techniques to masquerade as a legitimate proxyfor the Windows Update service. We also present the newest member of the family, called Gauss, whose unique feature is that one of its modules is encrypted such that it can onlybe decrypted on its target system; hence, the research community has not yet been able to analyze this module. For this particular malware, we designed a Gauss detector serviceand we are currently collecting intelligence information to be able to break its very specialencryption mechanism. Besides explaining the operation of these pieces of malware, wealso examine if and how they could have been detected by vigilant system administrators manually or in a semi-automated manner using available tools. Finally, we discuss lessonsthat the community can learn from these incidents. We focus on technical issues, and avoidspeculations on the origin of these threats and other geopolitical questions.

Traffic Analysis Attacks and Countermeasures in Wireless Body Area Sensor Networks

L. Buttyán, T. Holczer

IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN), IEEE, June, 2012.

Bibtex | Abstract | PDF

Proceedings of the First SysSec Workshop SysSec 2011, SysSec, Amsterdam, The Netherlands, July 6, 2011, pp. 73-76.

Bibtex | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Mark Felegyhazi, Boldizsár Bencsáth},
   title = {CLEARER: CrySyS Laboratory Security and Privacy Research Roadmap},
   booktitle = {Proceedings of the First SysSec Workshop SysSec 2011},
   publisher = {SysSec},
   address = { Amsterdam, The Netherlands},
   month = {July 6},
   year = {2011},
   pages = {73-76}
}

Abstract

Cryptography - the strongest chain element in the practice of cyber security

B. Bencsáth, L. Buttyán

Kiberbiztonsági Konferencia, ZMNE, November 25, 2011.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN},
   title = {Cryptography - the strongest chain element in the practice of cyber security},
   howpublished = {Kiberbiztonsági Konferencia, ZMNE},
   month = {November 25},
   year = {2011}
}

Abstract

Detection and Recovery From Pollution Attacks in Coding Based Distributed Storage Schemes

L. Buttyán, L. Czap, I. Vajda

IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 6, November/December, 2011.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, László CZAP, István VAJDA},
   title = {Detection and Recovery From Pollution Attacks in Coding Based Distributed Storage Schemes},
   journal = {IEEE Transactions on Dependable and Secure Computing},
   volume = {8},
   number = {6},
   month = {November/December},
   year = {2011}
}

Abstract

We address the problem of pollution attacks in coding based distributed storage systems. In a pollution attack, the adversary maliciously alters some of the stored encoded packets, which results in the incorrect decoding of a large part of the original data upon retrieval. We propose algorithms to detect and recover from such attacks. In contrast to existing approaches to solve this problem, our approach is not based on adding cryptographic checksums or signatures to the encoded packets, and it does not introduce any additional redundancy to the system. The results of our analysis show that our proposed algorithms are suitable for practical systems, especially in wireless sensor networks.

Formal verification of secure ad-hoc network routing protocols using deductive model-checking

L. Buttyán, T. V. Thong

Periodica Polytechnica Journal, accepted for publication, 2011.

Bibtex | Abstract

@article {
   author = {Levente BUTTYÁN, Ta Vinh Thong},
   title = {Formal verification of secure ad-hoc network routing protocols using deductive model-checking},
   journal = {Periodica Polytechnica Journal},
   month = {accepted for publication},
   year = {2011}
}

Keywords

Automated verification, secure routing protocols, model-cheking, process calculus

Abstract

Ad-hoc networks do not rely on a pre-installed infrastructure, but they are formed by end-user devices in a self-organized manner. A consequence of this principle is that end-user devices must also perform routing functions. However, end-user devices can easily be compromised, and they may not follow the routing protocol faithfully. Such compromised and misbehaving nodes can disrupt routing, and hence, disable the operation of the network. In order to cope with this problem, several secured routing protocols have been proposed for adhoc networks. However, many of them have design flaws that still make them vulnerable to attacks mounted by compromised nodes. In this paper, we propose a formal verification method for secure ad-hoc network routing protocols that helps increasing the confidence in a protocol by providing an analysis framework that is more systematic, and hence, less error-prone than the informal analysis. Our approach is based on a new process calculus that we specifically developed for secure ad-hoc network routing protocols and a deductive proof technique. The novelty of this approach is that contrary to prior attempts to formal verification of secure ad-hoc network routing protocols, our verification method can be made fully automated.

nEther: In-guest Detection of Out-of-the-guest Malware Analyzers

G. Pék, B. Bencsáth, L. Buttyán

ACM European Workshop on System Security (EuroSec), ACM, Salzburg, Austria, April 10, 2011, pp. 1-6.

Bibtex | PDF

@inproceedings {
   author = {Gábor PÉK, Boldizsár Bencsáth, Levente BUTTYÁN},
   title = {nEther: In-guest Detection of Out-of-the-guest Malware Analyzers},
   booktitle = {ACM European Workshop on System Security (EuroSec)},
   publisher = {ACM},
   address = {Salzburg, Austria},
   month = {April 10},
   year = {2011},
   pages = {1-6}
}

Abstract

On automating the verification of secure ad-hoc network routing protocols

T. V. Thong, L. Buttyán

Springer Telecommunication Systems, accepted for publication, 2011, pp. 1-30, Article ID: 10.1007/s11235-011-9592-3.

Bibtex | Abstract

@article {
   author = {Ta Vinh Thong, Levente BUTTYÁN},
   title = {On automating the verification of secure ad-hoc network routing protocols},
   journal = {Springer Telecommunication Systems},
   month = {accepted for publication},
   year = {2011},
   pages = {1-30},
   note = {Article ID: 10.1007/s11235-011-9592-3}
}

Keywords

Secure routing protocols, Automated security veriﬁcation, Security, Cryptography, Mobile ad-hoc networks, Wireless communication, Formal analysis, Process calculus

Abstract

Ad-hoc networks do not rely on a pre-installed infrastructure, but they are formed by end-user devices in a self-organized manner. A consequence of this principle is that end-user devices must also perform routing functions. However, end-user devices can easily be compromised, and they may not follow the routing protocol faithfully. Such compromised and misbehaving nodes can disrupt routing, and hence, disable the operation of the network. In order to cope with this problem, several secured routing protocols have been proposed for ad-hoc networks. However, many of them have design ﬂaws that still make them vulnerable to attacks mounted by compromised nodes. In this paper, we propose a fully automatic veriﬁcation method for secure adhoc network routing protocols that helps increasing the con- ﬁdence in a protocol by providing an analysis framework that is more systematic, and hence, less error-prone than the informal analysis. Our method is based on a deductive proof technique and a backward reachability approach. The main novelty of this approach compared to the prior works is that beside providing expressive semantics and syntax for modelling and specifying secure routing protocols, it assumes an arbitrary topology, and a strong attacker model.

Optimal Selection of Sink Nodes in Wireless Sensor Networks in Adversarial Environments

A. Laszka, L. Buttyán, D. Szeszlér

IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN), 2011, pp. 1-6, Lucca, Italy, June 20.

Bibtex | Abstract | PDF

@conference {
   author = {Aron Laszka, Levente BUTTYÁN, Dávid Szeszlér},
   title = {Optimal Selection of Sink Nodes in Wireless Sensor Networks in Adversarial Environments},
   booktitle = {IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN)},
   year = {2011},
   pages = {1-6},
   address = {Lucca, Italy},
   month = {June 20}
}

Abstract

In this paper, we address the problem of assigning the sink role to a subset of nodes in a wireless sensor network with a given topology such that the resulting network configuration is robust against denial-of-service type attacks such as node destruction, battery exhaustion and jamming. In order to measure robustness, we introduce new metrics based on a notion defined in [1]. We argue that our metrics are more appropriate to measure the robustness of network configurations than the widely known connectivity based metrics. We formalize the problem of selecting the sink nodes as an optimization problem aiming at minimizing the deployment budget while achieving a certain level of robustness. We propose an efficient greedy heuristic algorithm that approximates the optimal solution reasonably well. [1] W. H. Cunningham, “Optimal attack and reinforcement of a network,” J. ACM, vol. 32, no. 3, pp. 549–561, 1985.

Recent advances in targeted malware attacks

B. Bencsáth, L. Buttyán, G. Pék, M. Felegyhazi

Schönherz - Simonyi Szakkollégium ., December 13, 2011.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Gábor PÉK, Mark Felegyhazi},
   title = {Recent advances in targeted malware attacks },
   howpublished = {Schönherz - Simonyi Szakkollégium .},
   month = {December 13},
   year = {2011}
}

Abstract

Recent advances in targeted malware attacks

B. Bencsáth, L. Buttyán, G. Pék, M. Felegyhazi

Fókuszban a CrySyS Lab. , December 14, 2011.

Bibtex

@misc {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, Gábor PÉK, Mark Felegyhazi},
   title = {Recent advances in targeted malware attacks },
   howpublished = {Fókuszban a CrySyS Lab. },
   month = {December 14},
   year = {2011}
}

Decision and Game Theory for Security

T. Alpcan, L. Buttyán, J. Baras

vol. LNCS 6442, Springer, 2010.

Bibtex

@book {
   author = {Tansu Alpcan, Levente BUTTYÁN, John Baras},
   title = {Decision and Game Theory for Security},
   volume = {LNCS 6442},
   publisher = {Springer},
   year = {2010}
}

Abstract

Fast Certificate-based Authentication Scheme in Multi-operator maintained Wireless Mesh Networks

L. Buttyán, L. Dóra, F. Martinelli, M. Petrocchi

Elsevier Computer Communications, vol. 33, April, 2010, pp. 907-922.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, László DÓRA, Fabio MARTINELLI, Marinella PETROCCHI},
   title = {Fast Certificate-based Authentication Scheme in Multi-operator maintained Wireless Mesh Networks},
   journal = {Elsevier Computer Communications},
   volume = {33},
   month = {April},
   year = {2010},
   pages = {907-922}
}

Abstract

In this paper, we consider QoS aware mesh networks that are maintained by multiple operators and they cooperate in the provision of networking services to the mesh clients. In order to support mobile users and seamless handover between the access points, the authentication delay has to be reduced. Many proposed fast authentication schemes rely on trust models that are not appropriate in a multi-operator environment. In this paper, we propose two certificate-based authentication schemes such that the authentication is performed locally between the access point and the mesh client. We assume that the access point is always a constrained device, and we propose different mechanisms for mesh clients with different computational performance. For constrained devices, we propose a mechanism where weak keys are used for digital signatures to decrease the latency of the authentication. The authenticity of the weak keys are provided by short-term certificates issued by the owner of the key. The short-term certificate has the digital signature generated by the owner's long-term key. We prove formally that the use of our weak key mechanism on the mesh client side is as secure as the use of some stronger keys. We perform a detailed performance evaluation on our proof-of-concept implementation, and we also compare our solution to the current standard methods.

Formal verification of secure ad-hoc network routing protocols using deductive model-checking

L. Buttyán, T. V. Thong

Proceedings of the IFIP Wireless and Mobile Networking Conference (WMNC), IFIP, Budapest, Hungary, October 18-20, 2010, pp. 1-6.

Bibtex | Abstract

@inproceedings {
   author = {Levente BUTTYÁN, Ta Vinh Thong},
   title = {Formal verification of secure ad-hoc network routing protocols using deductive model-checking},
   booktitle = {Proceedings of the IFIP Wireless and Mobile Networking Conference (WMNC)},
   publisher = {IFIP},
   address = {Budapest, Hungary},
   month = {October 18-20},
   year = {2010},
   pages = {1-6}
}

Infocommunications Journal, vol. LXIV, no. 2009/2-3, March, 2009, pp. 1-8.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, Gábor PÉK, Ta Vinh Thong},
   title = {Consistency verification of stateful firewalls is not harder than the stateless case},
   journal = {Infocommunications Journal},
   volume = {LXIV},
   number = {2009/2-3},
   month = {March},
   year = {2009},
   pages = {1-8}
}

Keywords

Stateful firewall, FIREMAN, verification, security, inconsistency

Abstract

Firewalls play an important role in the enforcement of access control policies in contemporary networks. However, firewalls are effective only if they are configured correctly such that their access control rules are consistent and the firewall indeed implements the intended access control policy. Unfortunately, due to the potentially large number of rules and their complex relationships with each other, the task of firewall configuration is notoriously error-prone, and in practice, firewalls are often misconfigured leaving security holes in the protection system. In this paper, we address the problem of consistency verification of stateful firewalls that keep track of already existing connections. For the first sight, the consistency verification of stateful firewalls appears to be harder than that of stateless firewalls. We show that, in fact, this is not the case: consistency verification of stateful firewalls can be reduced to the stateless case, and hence, they have the same complexity. We also report on our prototype implemetation of an automated consistency verification tool that can handle stateful firewalls.

CORA: Correlation-based Resilient Aggregation in Sensor Networks

L. Buttyán, P. Schaffer, I. Vajda

Elsevier Ad Hoc Networks, vol. 7, no. 6, 2009, pp. 1035-1050.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, Peter Schaffer, István VAJDA},
   title = {CORA: Correlation-based Resilient Aggregation in Sensor Networks},
   journal = {Elsevier Ad Hoc Networks},
   volume = {7},
   number = {6},
   year = {2009},
   pages = {1035-1050}
}

Abstract

In this paper, we consider the problem of resilient data aggregation in sensor networks, namely, how to aggregate sensor readings collected by the base station when some of those sensor readings may be compromised. Note that an attacker can easily compromise the reading of a sensor by altering the environmental parameters measured by that sensor. We present a statistical framework that is designed to mitigate the effects of the attacker on the output of the aggregation function. The main novelty of our approach compared to most prior work on resilient data aggregation is that we take advantage of the naturally existing correlation between the readings produced by different sensors. In particular, we show how spatial correlation can be represented in the sensor network data model, and how it can be exploited to increase the resilience of data aggregation. The algorithms presented in this paper are flexible enough to be applied without any special assumption on the distribution of the sensor readings or on the strategy of the attacker. The effectiveness of the algorithms is evaluated analytically considering a typical attacker model with various parameters, and by means of simulation considering a sophisticated attacker.

On the security of communication network: now and tomorrow

B. Bencsáth, L. Buttyán, I. Vajda

Infocommunications Journal, vol. LXIV., no. no. 4., 2009, pp. pp. 3-7..

Bibtex

@article {
   author = {Boldizsár Bencsáth, Levente BUTTYÁN, István VAJDA},
   title = {On the security of communication network: now and tomorrow},
   journal = {Infocommunications Journal},
   volume = {LXIV.},
   number = {no. 4.},
   year = {2009},
   pages = {pp. 3-7.}
}

Security API analysis with the spi-calculus

L. Buttyán, T. V. Thong

Hiradástechnika, vol. LXIII, January, 2008, pp. 16-21.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, Ta Vinh Thong},
   title = {Security API analysis with the spi-calculus},
   journal = {Hiradástechnika},
   volume = {LXIII},
   month = {January},
   year = {2008},
   pages = {16-21}
}

Keywords

Security API, Spi-calculus, Verification

Abstract

API level vulnerabilities of hardware security modules represent a serious threat, thus, discovering and patching security holes in APIs are important. In this paper, we argue and illustrate that the application of formal verification methods is a promising approach for API analysis. In particular, we propose an API verification method based on process algebra. The proposed method seems to be extremely wellsuited for API analysis as it allows for the straightforward modelling of the API, the precise definition of the security requirements, and the rigorous verification of the security properties offered by the API.

2007

An User Authentication Scheme for Fast Handover Between WiFi Access Points

A. Bohák, L. Buttyán, L. Dóra

In Proceedings of the Third Annual International Wireless Internet Conference, ACM, Austin, Texas, USA, October 22-23, 2007, pp. 1-6, (invited paper).

Bibtex | Abstract | PDF

@inproceedings {
   author = {András BOHÁK, Levente BUTTYÁN, László DÓRA},
   title = {An User Authentication Scheme for Fast Handover Between WiFi Access Points},
   booktitle = {In Proceedings of the Third Annual International Wireless Internet Conference},
   publisher = {ACM},
   address = {Austin, Texas, USA},
   month = {October 22-23},
   year = {2007},
   pages = {1-6},
   note = {(invited paper)}
}

Abstract

In this paper, we propose an authentication scheme that is designed to reduce the authentication delay during a WiFi handover process. We observe that the largest part of the delay is due to the remote communications between the access point and the AAA server that authorizes the access to the network. In order to eliminate remote communications, our scheme uses pre-authorization, and it pre-distributes authentication information to the access points that are the potential targets of a future handover. This ensures that only local communications (between the mobile station and the access point) take place during the handover itself. We describe the design of our scheme, as well as report on a proof-of-concept implementation. Our validation results show that our scheme breaks the dependency of the authentication delay on the round-trip time between the access point and the AAA server. This makes our scheme applicable in real time applications such as telephony and video streaming for WiFi users.

Architecture for Secure and Private Vehicular Communications

P. Papadimitratos, L. Buttyán, J. P. Hubaux, F. Kargl, A. Kung, M. Raya

Proceedings of the International Conference on ITS Telecommunications (ITST), -, Sophia Antipolis, France, June 6-8, , 2007, pp. 1-6.

Bibtex | Abstract

@inproceedings {
   author = {Panagiotis Papadimitratos, Levente BUTTYÁN, Jean-Pierre Hubaux, Frank Kargl, Antonio Kung, Maxim Raya},
   title = {Architecture for Secure and Private Vehicular Communications},
   booktitle = {Proceedings of the International Conference on ITS Telecommunications (ITST)},
   publisher = {-},
   address = {Sophia Antipolis, France},
   month = {June 6-8, },
   year = {2007},
   pages = {1-6}
}

Abstract

The deployment of vehicular communication (VC) systems is strongly dependent on their security and privacy features. In this paper, we propose a security architecture for VC. The primary objectives of the architecture include the management of identities and cryptographic keys, the security of communications, and the integration of privacy enhancing technologies. Our design approach aims at a system that relies on well-understood components which can be upgraded to provide enhanced security and privacy protection in the future. This effort is undertaken by SeVeCom (http://www.sevecom.org), a transversal project providing security and privacy enhancing mechanisms compatible with the VC technologies currently under development by all EU funded projects.

Barter-based cooperation in delay-tolerant personal wireless networks

L. Buttyán, L. Dóra, M. Felegyhazi, I. Vajda

In Proceedings of the First IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications, IEEE Computer Society Press, Helsinki, Finland, June 18 , 2007, pp. 1-6.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, László DÓRA, Mark Felegyhazi, István VAJDA},
   title = {Barter-based cooperation in delay-tolerant personal wireless networks},
   booktitle = {In Proceedings of the First IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications},
   publisher = {IEEE Computer Society Press},
   address = {Helsinki, Finland},
   month = {June 18 },
   year = {2007},
   pages = {1-6}
}

Abstract

In this paper, we consider the application of delay-tolerant networks to personal wireless communications. In these networks, selfish nodes can exploit the services provided by other nodes by downloading messages that interest them, but refusing to store and distribute messages for the benefit of other nodes. We propose a mechanism to discourage selfish behavior based on the principles of barter. We develop a game-theoretic model in which we show that the proposed approach indeed stimulates cooperation of the nodes. In addition, the results show that the individually most beneficial behavior leads to the social optimum of the system.

Biztonsági API analízis a spi-kalkulussal

L. Buttyán, T. V. Thong

Hiradástechnika, vol. LXII/8, August, 2007, pp. 43-49.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, Ta Vinh Thong},
   title = {Biztonsági API analízis a spi-kalkulussal},
   journal = {Hiradástechnika},
   volume = {LXII/8},
   month = {August},
   year = {2007},
   pages = {43-49}
}

Keywords

@book {
   author = {Levente BUTTYÁN, Virgil Gligor, Dirk Westhoff},
   title = {Security and Privacy in Ad Hoc and Sensor Networks},
   volume = {LNCS 4357},
   publisher = {Springer},
   year = {2007}
}

Abstract

The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks

G. Ács, L. Buttyán, I. Vajda

October 8-11, In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007), IEEE Press, Pisa, Italy, 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks},
   editor = {October 8-11},
   booktitle = {In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007)},
   organization = {IEEE Press},
   address = {Pisa, Italy},
   year = {2007}
}

Abstract

In this paper, we present a flexible and mathematically rigorous modeling framework for analyzing the security of sensor network routing protocols. Then, we demonstrate the usage of this framework by formally proving that INSENS (Intrusion-Tolerant Routing in Wireless Sensor Networks), which is a secure sensor network routing protocol proposed in the literature independently of our work, can be proven to be secure in our model.

2006

A taxonomy of routing protocols for wireless sensor networks

G. Ács, L. Buttyán

Híradástechnika, December, 2006.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente BUTTYÁN},
   title = {A taxonomy of routing protocols for wireless sensor networks},
   journal = {Híradástechnika},
   month = {December},
   year = {2006}
}

Abstract

Wireless sensor networks are large scale networks consisting of a large number of tiny sensor nodes and a few base stations, which communicate using multi-hop wireless communications. The design of energy efficient routing protocols for such networks is a challenging task, which has been in the focus of the sensor network research community in the recent past. This effort resulted in a huge number of sensor network routing protocols. The proposed protocols show a high variety, which stems from the diverse requirements of the various envisioned application scenarios. In this work, we propose a taxonomy of sensor network routing protocols, and classify the mainstream protocols proposed in the literature using this taxonomy. We distinguish five families of protocols based on the way the next hop is selected on the route of a message, and briefly describe the operation of a representative member from each group.

Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks

G. Ács, L. Buttyán, I. Vajda

In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06), October, 2006.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks},
   booktitle = {In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06)},
   month = {October},
   year = {2006}
}

Abstract

The literature is very broad considering routing protocols in wireless sensor networks (WSNs). However, security of these routing protocols has fallen beyond the scope so far. Routing is a fundamental functionality in wireless networks, thus hostile interventions aiming to disrupt and degrade the routing service have a serious impact on the overall operation of the entire network. In order to analyze the security of routing protocols in a precise and rigorous way, we propose a formal framework encompassing the definition of an adversary model as well as the "general" definition of secure routingin sensor networks. Both definitions take into account the feasible goals and capabilities of an adversary in sensor environments and the variety of sensor routing protocols. In spirit, our formal model is based on the simulation paradigm that is a successfully used technique to prove the security of various cryptographic protocols. However, we also highlight some differences between our model and other models that have been proposed for wired or wireless networks. Finally, we illustrate the practical usage of our model by presenting the formal description of a simple attack against an authenticated routing protocol, which is based on the well-known TinyOS routing.

Optimal Key-Trees for Tree-Based Private Authentication

L. Buttyán, T. Holczer, I. Vajda

In Proceedings of the International Workshop on Privacy Enhancing Technologies (PET), June, 2006, Springer.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer, István VAJDA},
   title = {Optimal Key-Trees for Tree-Based Private Authentication},
   booktitle = {In Proceedings of the International Workshop on Privacy Enhancing Technologies (PET)},
   month = {June},
   year = {2006},
   note = {Springer}
}

Abstract

Key-tree based private authentication has been proposed by Molnar and Wagner as a neat way to efficiently solve the problem of privacy preserving authentication based on symmetric key cryptography. However, in the key-tree based approach, the level of privacy provided by the system to its members may decrease considerably if some members are compromised. In this paper, we analyze this problem, and show that careful design of the tree can help to minimize this loss of privacy. First, we introduce a benchmark metric for measuring the resistance of the system to a single compromised member. This metric is based on the well-known concept of anonymity sets. Then, we show how the parameters of the key-tree should be chosen in order to maximize the system's resistance to single member compromise under some constraints on the authentication delay. In the general case, when any member can be compromised, we give a lower bound on the level of privacy provided by the system. We also present some simulation results that show that this lower bound is quite sharp. The results of this paper can be directly used by system designers to construct optimal key-trees in practice; indeed, we consider this as the main contribution of our work.

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

G. Ács, L. Buttyán, I. Vajda

IEEE Transactions on Mobile Computing, vol. 5, no. 11, 2006.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   volume = {5},
   number = {11},
   year = {2006}
}

Keywords

Mobile ad hoc networks, secure routing, provable security

Abstract

Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols has mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined and routing protocols for mobile ad hoc networks can be proved to be secure in a rigorous manner. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but, to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the use of our framework by proving that it is secure in our model.

Providing Location Privacy in Automated Fare Collection Systems

L. Buttyán, T. Holczer, I. Vajda

In Proceedings of the 15th IST Mobile and Wireless Communication Summit, Mykonos, Greece, June, 2006.

Bibtex | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer, István VAJDA},
   title = {Providing Location Privacy in Automated Fare Collection Systems},
   booktitle = {In Proceedings of the 15th IST Mobile and Wireless Communication Summit, Mykonos, Greece},
   month = {June},
   year = {2006}
}

Jelen cikkben ismeretterjesztõ jellegû áttekintést adunk a WiFi biztonsághoz kapcsolódó szabványokról, a WEP-rõl és a 802.11i-rõl.

2005

A framework for the revocation of unintended digital signatures initiated by malicious terminals

I. Zs. Berta, L. Buttyán, I. Vajda

IEEE Transactions on Secure and Dependable Computing, vol. (Vol. 2, No. 3), July-September, 2005, pp. 268-272, http://csdl2.computer.org/....

Bibtex | Abstract

@article {
   author = {István Zsolt BERTA, Levente BUTTYÁN, István VAJDA},
   title = {A framework for the revocation of unintended digital signatures initiated by malicious terminals},
   journal = {IEEE Transactions on Secure and Dependable Computing},
   volume = {(Vol. 2, No. 3)},
   month = {July-September},
   year = {2005},
   pages = {268-272},
   note = {http://csdl2.computer.org/...}
}

Abstract

Human users need trusted computers when they want to generate digital signatures. In many applications, in particular, if the users are mobile, they need to carry their trusted computers with themselves. Smart cards are easy to use, easy to carry, and relatively difficult to tamper with, but they do not have a user interface; therefore, the user still needs a terminal for authorizing the card to produce digital signatures. If the terminal is malicious, it can mislead the user and obtain a digital signature on an arbitrary document. In order to mitigate this problem, we propose a solution based on conditional signatures. More specifically, we propose a framework for the controlled revocation of unintended digital signatures. We also propose a solution with a special emphasis on privacy issues.

Ad hoc útvonalválasztó protokollok bizonyított biztonsága

G. Ács, L. Buttyán, I. Vajda

Híradástechnika, March, 2005.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Ad hoc útvonalválasztó protokollok bizonyított biztonsága},
   journal = {Híradástechnika},
   month = {March},
   year = {2005}
}

Keywords

ad hoc hálózatok, forrás alapú ad hoc útvonalválasztás, biztonságos útvonalválasztás, bizonyított biztonság, szimulációs paradigma

Abstract

Bibtex

@inbook {
   author = {István Zsolt BERTA, Levente BUTTYÁN, István VAJDA},
   title = {Standards for Product Security Assessment},
   chapter = {Chapter 53},
   publisher = {in IT Security Handbook, edited by Hossein Bidgoli, John Wiley and Sons},
   year = {2005},
   note = {(to appear)}
}

Abstract

Statistical Wormhole Detection in Sensor Networks

I. Vajda, L. Buttyán, L. Dóra

Refik Molva, Gene Tsudik, Dirk Westhoff, Lecture Notes in Computer Science, Springer-Verlag GmbH, 2005, pp. Volume 3813/ 2005, pp. 128 - 141, Security and Privacy in Ad-hoc and Sensor Networks: Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {István VAJDA, Levente BUTTYÁN, László DÓRA},
   title = {Statistical Wormhole Detection in Sensor Networks},
   editor = {Refik Molva, Gene Tsudik, Dirk Westhoff},
   booktitle = {Lecture Notes in Computer Science},
   publisher = {Springer-Verlag GmbH},
   year = {2005},
   pages = {Volume 3813/ 2005, pp. 128 - 141},
   note = {Security and Privacy in Ad-hoc and Sensor Networks: Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005}
}

Keywords

Sensor network, wormhole detection, chi-square

Abstract

n this paper, we propose two mechanisms for wormhole detection in wireless sensor networks. The proposed mechanisms are based on hypothesis testing and they provide probabilistic results. The first mechanism, called the Neighbor Number Test (NNT), detects the increase in the number of the neighbors of the sensors, which is due to the new links created by the wormhole in the network. The second mechanism, called the All Distances Test (ADT), detects the decrease of the lengths of the shortest paths between all pairs of sensors, which is due to the shortcut links created by the wormhole in the network. Both mechanisms assume that the sensors send their neighbor list to the base station, and it is the base station that runs the algorithms on the network graph that is reconstructed from the received neighborhood information. We describe these mechanisms and investigate their performance by means of simulation.

2004

A Formal Model of Rational Exchange and Its Application to the Analysis of Syverson's Protocol

L. Buttyán, J. P. Hubaux, S. Capkun

Journal on Computer Security, vol. 12, no. 3-4, 2004, pp. 551-587.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, , },
   title = {A Formal Model of Rational Exchange and Its Application to the Analysis of Syverson's Protocol},
   journal = {Journal on Computer Security},
   volume = {12},
   number = {3-4},
   year = {2004},
   pages = {551-587}
}

Abstract

We propose a formal model of rational exchange and exchange protocols in general, which is based on game theory. In this model, an exchange protocol is represented as a set of strategies in a game that is played by the protocol parties and the network that they use to communicate with each other. Within this model, we give a formal definition for rational exchange and various other properties of exchange protocols, including fairness. In particular, rational exchange is defined in terms of a Nash equilibrium in the protocol game. We also study the relationship between rational and fair exchange, and prove that fairness implies rationality, but not vice versa. Finally, we illustrate the usage of our formal model for the analysis of existing rational exchange protocols by analyzing a protocol proposed by Syverson. We show that the protocol is rational only under the assumption that the network is reliable.

Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Dynamic Case

M. Felegyhazi, J. P. Hubaux, L. Buttyán

Proceedings of the 2nd Workshop on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks (WiOpt 2004), March, 2004.

Bibtex

@inproceedings {
   author = {Mark Felegyhazi, , Levente BUTTYÁN},
   title = {Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks -- the Dynamic Case},
   booktitle = {Proceedings of the 2nd Workshop on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks (WiOpt 2004)},
   month = {March},
   year = {2004}
}

Consider an application where a human user has to digitally sign a message. It is usually assumed that she has a trusted computer at her disposal, however, this assumption does not hold in several practical cases, especially if the user is mobile. Smart cards have been proposed to solve this problem, but they do not have a user interface, therefore the user still needs a (potentially untrusted) terminal to authorize the card to produce digital signatures. In order to mitigate this problem, we proposed a solution based on conditional signatures to provide a framework for the repudiation of unintended signatures. Our previous solution relies on a trusted third party who is able to link the issuer of the signature with the intended recipient, which may lead to severe privacy problems. In this paper we extend our framework and propose protocols that allow the user to retain her privacy with respect to this trusted third party.

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

G. Ács, L. Buttyán, I. Vajda

http://eprint.iacr.org/ under report number 2004/159., March, 2004.

Bibtex | Abstract

@techreport {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
   institution = {http://eprint.iacr.org/ under report number 2004/159.},
   month = {March},
   year = {2004}
}

Keywords

@article {
   author = {Felix Gaertner, Levente BUTTYÁN, Klaus Kursawe},
   title = {From Fault-Tolerance to Security and Back},
   journal = { IEEE Distributed Systems Online},
   volume = {4},
   number = {9},
   year = {2003}
}

ad hoc networks, security, authentication, routing, intrusion detection, cooperation

Abstract

SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks

S. Capkun, L. Buttyán, J. P. Hubaux

Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003), ACM, October, 2003.

Bibtex | Abstract

@inproceedings {
   author = {, Levente BUTTYÁN, },
   title = {SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks},
   booktitle = {Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003)},
   publisher = {ACM},
   month = {October},
   year = {2003}
}

Keywords

ad hoc networks, security, hash chains, hash trees, secure routing, wormhole detection, topology control

Abstract

In this paper we present SECTOR, a set of mechanisms for the secure veriﬁcation of the time of encounters between nodes in multi-hop wireless networks. This information can be used notably to prevent wormhole attacks (without requiring any clock synchronization), to secure routing protocols based on last encounters (with only loose clock synchronization), and to control the topology of the network. SECTOR is based primarily on distance-bounding techniques, on one-way hash chains and on Merkle hash trees. We analyze the communication, computation and storage complexity of the proposed mechanisms and we show that, due to their ef- ﬁciency and simplicity, they are compliant with the limited resources of most mobile devices.

Self-Organized Public-Key Management for Mobile Ad Hoc Networks

S. Capkun, L. Buttyán, J. P. Hubaux

IEEE Transactions on Mobile Computing, vol. 2, no. 1, January-March, 2003.

Bibtex | Abstract

@article {
   author = {, Levente BUTTYÁN, },
   title = {Self-Organized Public-Key Management for Mobile Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   volume = {2},
   number = {1},
   month = {January-March},
   year = {2003}
}

Keywords

ad hoc networks, security, key management, PGP

Abstract

In contrast with conventional networks, mobile ad hoc networks usually do not provide online access to trusted authorities or to centralized servers, and they exhibit frequent partitioning due to link and node failures and to node mobility. For these reasons, traditional security solutions that require online trusted authorities or certificate repositories are not well-suited for securing ad hoc networks. In this paper, we propose a fully self-organized public-key management system that allows users to generate their publicprivate key pairs, to issue certificates, and to perform authentication regardless of the network partitions and without any centralized services. Furthermore, our approach does not require any trusted authority, not even in the system initialization phase.

Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks

L. Buttyán, J. P. Hubaux

ACM/Kluwer Mobile Networks and Applications, vol. 8, no. 5, October, 2003.

Bibtex | PDF

@article {
   author = {Levente BUTTYÁN, },
   title = {Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks},
   journal = {ACM/Kluwer Mobile Networks and Applications},
   volume = {8},
   number = {5},
   month = {October},
   year = {2003}
}

Abstract

2002

A Formal Analysis of Syverson`s Rational Exchange Protocol

L. Buttyán, S. Capkun, J. P. Hubaux

Proceedings of IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, June, 2002.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, , },
   title = {A Formal Analysis of Syverson`s Rational Exchange Protocol},
   booktitle = {Proceedings of IEEE Computer Security Foundations Workshop},
   address = {Cape Breton, Nova Scotia, Canada},
   month = {June},
   year = {2002}
}

Keywords

rational exchange, game theory, Nash equilibrium

Abstract

In this paper, we provide a formal analysis of a rational exchange protocol proposed by Syverson. A rational exchange protocol guarantees that misbehavior cannot generate benefits, and is therefore discouraged. The analysis is performed using our formal model, which is based on game theory. In this model, rational exchange is defined in terms of a Nash equilibrium.

Eliminating Man-in-the-Middle attacks of Malicious Terminals

L. Buttyán, I. Zs. Berta, I. Vajda

Workshop organised by the IST Coordination Point of the Ministry of Education, Budapest, 2002.

Bibtex | Abstract

@misc {
   author = {Levente BUTTYÁN, István Zsolt BERTA, István VAJDA},
   title = {Eliminating Man-in-the-Middle attacks of Malicious Terminals},
   howpublished = {Workshop organised by the IST Coordination Point of the Ministry of Education, Budapest},
   year = {2002}
}

Abstract

Communication with a remote partner is considered over an insecure network, where the user can gain access only to a terminal, which cannot be trusted: an attacker is assumed to be able to fully control the terminal, so the user must consider the terminal as a potential attacker. Surprisingly many terminals belong to this class.

Assuming such an environment the problem of sending authentic messages is considered. Various cryptographic algorithms exist for algorithmic protection, however to run such highly complex algorithms, the user must rely on the computational power of an insecure terminal. Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. Although they are secure tamper-resistant microcomputers with strong cryptographic power, their lack of user interface (i.e. lack of direct access to its input/output channels) enables man-in-the middle attack from the terminal. Therefore involving a smart card cannot eliminate the basic problem, because any protocol between the user and the smart card would rely - once again - on the insecure terminal. It might seem obvious that the user should give all security goals up as hopeless.

We have come to the conclusion that the user is unable to send authentic messages to the card, so in case of untrusted terminals the signature of the card does not prove that the message originates from the user. This is why the authenticity of plaintext messages from insecure terminals cannot be guaranteed.

However the user as a human being has additional resources that can be exploited to increase the security level of the system. The user is an excellent 'biometric device'. Biometric data (e.g. speech, video, handwriting) carry the information content (plaintext) together with the identity of the sender, which is far more difficult to counterfeit than plaintext content. Moreover the human user has limited but trusted algorithmic capabilities too, having some secure memory and computational power.

Apart from encapsulating the identity of the user and the content of the message, biometric messages (or multimedia messages) also have structure. If the structure is violated, the message has obviously been tampered with.

The manipulation of biometric messages requires considerably more time and resources than that of plaintext ones. If the chosen biometric method is properly calibrated, the attacker may not only need massive computational power, but human interaction or biometric laboratories could be required to successfully counterfeit a biometric message. Thus, not only a large percentage of attackers have been excluded, but even the most advanced ones may require significantly more time to create a counterfeited biometric message than a plaintext one.

A protocol has been developed in our laboratory that combines the biometric powers of the user and cryptographic powers of the smart card to dramatically limit the time the attacker has to manipulate a message. In this case, the smart card acts as a secure time gate. The protocol verifies that only a small amount of time has passed between the recording of the biometric message and card signing it. Naturally, after the message passes through the smart card, attackers have no chance to manipulate.

The protocol also uses the smart card to securely introduce the user to the remote partner, so the latter would already be familiar with the biometric features of the user. Thus, the smart card not only ensures authenticity, but also enables communication without having to exchange biometric identities in advance.

Having investigated the problem of secure communication via insecure terminals, we propose a solution that enables the everyday user to send authentic messages. Combined usage of biometry and smart cards can increase security to a level suitable for several practical applications.

Small Worlds in Security Systems: an Analysis of the PGP Certificate Graph

L. Buttyán, S. Capkun, J. P. Hubaux

Proceedings of The ACM New Security Paradigms Workshop 2002, Norfolk, Virginia Beach, USA, September, 2002, pp. 8.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, , },
   title = {Small Worlds in Security Systems: an Analysis of the PGP Certificate Graph},
   booktitle = {Proceedings of The ACM New Security Paradigms Workshop 2002},
   address = {Norfolk, Virginia Beach, USA},
   month = {September},
   year = {2002},
   pages = {8}
}

Keywords

PGP, small worlds, public-key management, self-organization

Abstract

We propose a new approach to securing self-organized mobile ad hoc networks. In this approach, security is achieved in a fully self-organized manner

2000

A Pessimistic Approach to Trust in Mobile Agent Platforms

U. Wilhelm, S. Staamann, L. Buttyán

IEEE Internet Computing, vol. 4, no. 5, September, 2000, pp. 40-48.

Bibtex | PDF

@article {
   author = {, , Levente BUTTYÁN},
   title = {A Pessimistic Approach to Trust in Mobile Agent Platforms},
   journal = {IEEE Internet Computing},
   volume = {4},
   number = {5},
   month = {September},
   year = {2000},
   pages = {40-48}
}

Keywords

mobile agents, trust, tamper resistant hardware

Abstract

Enforcing Service Availability in Mobile Ad-Hoc WANs

L. Buttyán, J. P. Hubaux

Proceedings of IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC), Boston, MA, USA, August, 2000.

Bibtex | Abstract

@inproceedings {
   author = {Levente BUTTYÁN, },
   title = {Enforcing Service Availability in Mobile Ad-Hoc WANs},
   booktitle = {Proceedings of IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC)},
   address = {Boston, MA, USA},
   month = {August},
   year = {2000}
}

Keywords

wireless, mobile, ad-hoc network, wide area network, Terminodes, incentive to co-operate, terminode nuggets, beans

Abstract

In this paper, we address the problem of service availability in mobile ad-hoc WANs. We present a secure mechanism to stimulate end users to keep their devices turned on, to refrain from overloading the network, and to thwart tampering aimed at converting the device into a ``selfish`` one. Our solution is based on the application of a tamper resistant security module in each device and cryptographic protection of messages.

Enforcing Service Availability in Mobile Ad-Hoc WANs

L. Buttyán, J. P. Hubaux

no. DSC/2000/025, EPFL-DI-ICA, May, 2000.

Bibtex | Abstract | PDF

@techreport {
   author = {Levente BUTTYÁN, },
   title = {Enforcing Service Availability in Mobile Ad-Hoc WANs},
   number = {DSC/2000/025},
   institution = {EPFL-DI-ICA},
   month = {May},
   year = {2000}
}

Keywords

wireless, mobile, ad-hoc network, wide area network, Terminodes, incentive to co-operate, terminode beans

Abstract

Extensions to an Authentication Technique Proposed for the Global Mobility Network

L. Buttyán, C. Gbaguidi, S. Staamann, U. Wilhelm

IEEE Transactions on Communications, vol. 48, no. 3, March, 2000.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, , , },
   title = {Extensions to an Authentication Technique Proposed for the Global Mobility Network},
   journal = {IEEE Transactions on Communications},
   volume = {48},
   number = {3},
   month = {March},
   year = {2000}
}

Keywords

authentication protocol, global mobility network

Abstract

We present three attacks against the authentication protocol that has been proposed for the so called global mobility network in \cite{kn:Suz97}. We show that the attacks are feasible and propose corrections that make the protocol more robust and resistant against the presented attacks. Our aim is to highlight some basic design principles for cryptographic protocols, the adherence to which would have prevented these attacks.

Method for securing communications between a terminal and an additional user equipment

L. Buttyán, E. Wiedmer, E. Lauper

September, 2000, International Patent Application.

Bibtex

@misc {
   author = {Levente BUTTYÁN, , },
   title = {Method for securing communications between a terminal and an additional user equipment},
   month = {September},
   year = {2000},
   note = {International Patent Application}
}

Keywords

authenticated session key establishment, user authentication, smart card

Abstract

Removing the financial incentive to cheat in micropayment schemes

L. Buttyán

IEE Electronics Letters, vol. 36, no. 2, January, 2000, pp. 132-133.

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN},
   title = {Removing the financial incentive to cheat in micropayment schemes},
   journal = {IEE Electronics Letters},
   volume = {36},
   number = {2},
   month = {January},
   year = {2000},
   pages = {132-133}
}

Keywords

fairness, micropayment,

Abstract

Micropayment schemes usually do not provide fairness, which means that either the payer or the payee, or both, can cheat the other and gain a financial advantage by misbehaving in the protocols. We propose an extension to a family of micropayment schemes that removes the financial incentive to cheat. Our extension does not provide true fairness, but it makes misbehaving practically futile for both the payer and the payee. We achieve this without any substantial loss in efficiency, in most practical cases.

Toward Mobile Ad-Hoc WANs: Terminodes

J. P. Hubaux, J. Y. Le Boudec, S. Giordano, M. Hamdi, L. Blazevic, L. Buttyán, M. Vojnovic

no. DSC/2000/006, EPFL-DI-ICA, February, 2000.

Bibtex | Abstract | PDF

@techreport {
   author = {, , , , , Levente BUTTYÁN, },
   title = {Toward Mobile Ad-Hoc WANs: Terminodes},
   number = {DSC/2000/006},
   institution = {EPFL-DI-ICA},
   month = {February},
   year = {2000}
}

Keywords

wireless mobile ad-hoc network, wide area network, terminodes, mobility management, virtual home region, geodesic packet forwarding, beans, security

Abstract

Terminodes are personal devices that provide the functions of both the terminals and the nodes of the network. A network of terminodes is an autonomous, fully self-organized, wireless network, independent of any infrastructure. It must be able to scale up to millions of units, without any fixed backbone nor server. In this paper we present the main challenges and discuss the main technical directions.

A fair exchange protocol is a protocol, in which two (or more) mutually suspicious parties exchange their digital items in a way that neither party can gain an advantage over the other by misbehaving. Many fair exchange protocols have been proposed in the academic literature, but they provide rather different types of fairness. The formal comparison of these proposals remained difficult, mainly, because of the lack of a common formal framework, in which each can be modelled and formal fairness definitions can be given. In this paper, we propose to use game theory for this purpose. We show how to represent fair exchange protocols with game trees and give three definitions of fairness using standard game theoretic notions. We are not aware of any other work that uses the apparatus of game theory for modelling fair exchange protocols.

Security in the Telecommunication Information Networking Architecture - the CrySTINA Approach

S. Staamann, U. Wilhelm, L. Buttyán

no. SSC/98/4, EPFL-DI-ICA, January, 1998.

Bibtex | Abstract

@techreport {
   author = {, , Levente BUTTYÁN},
   title = {Security in the Telecommunication Information Networking Architecture - the CrySTINA Approach},
   number = {SSC/98/4},
   institution = {EPFL-DI-ICA},
   month = {January},
   year = {1998}
}

Keywords

security, TINA

Abstract

The article presents the first results of the CrySTINA project. We analyze and structure the security problem domain in the TINA-C architecture and present our approach to provide the necessary security functionality in the form of self-contained application-independent security services and security mechanisms as part of the DPE functionality. The DPE is assumed to be basically provided by CORBA products. Therefore, we introduce the CORBA security specification and investigate if and how the identified TINA security services can be implemented using the CORBA security functionality.

Security in TINA

S. Staamann, U. Wilhelm, L. Buttyán

Proceedings of IFIP-SEC`98, Wienna-Budapest, August, 1998.

Bibtex | Abstract

@inproceedings {
   author = {, , Levente BUTTYÁN},
   title = {Security in TINA},
   booktitle = {Proceedings of IFIP-SEC`98},
   address = {Wienna-Budapest},
   month = {August},
   year = {1998}
}

S. Staamann, U. Wilhelm, A. Schiper, L. Buttyán, J. P. Hubaux

Proceedings of TINA`97, November, 1997.

Bibtex | Abstract

@inproceedings {
   author = {, , , Levente BUTTYÁN, },
   title = {Security in the Telecommunication Information Networking Architecture - the CrySTINA Approach},
   booktitle = {Proceedings of TINA`97},
   month = {November},
   year = {1997}
}

Keywords

security, TINA

Abstract

1996

Data Security Issues of Computer Networks (in Hungarian)

L. Buttyán

Magyar Távközlés, vol. VII., no. 4., April, 1996, pp. 11-19..

IEE Electronics Letters, vol. 31, no. 11, May, 1995, pp. 873-874.

Bibtex

@article {
   author = {Levente BUTTYÁN, István VAJDA},
   title = {Searching for the best linear approximation of DES-like cryptosystems},
   journal = {IEE Electronics Letters},
   volume = {31},
   number = {11},
   month = {May},
   year = {1995},
   pages = {873-874}
}