Passwörter im Zeitalter von Cloud, Smartphones und Tablets

Am 05.05. findet eine Einheit einer meiner Vorlesungen im öffentlichen Bereich statt (Gemeinderatsaal, Rathaus Graz, von ca. 10:15 bis 12:00). Dies geschieht im Rahmen der Veranstaltung "Freie Bildung" (www.freie-bildung.at). Ich möchte dort der Öffentlichkeit (die hoffentlich neben den Studenten zahlreich erscheint) einerseits vermitteln was wir so auf der Universität (in diesem Fall in IT-Sicherheit) machen, welche gesellschaftliche Relevanz dies hat und warum Grundlagenforschung und angewandte Forschung eine große Relevanz haben.

Bitte teilen und euren Bekannten/Freunden/Verwandten weiterleiten, falls sie sehen wollen was wir so auf einer Universität machen.

Thematisch wird es dabei um das Thema Passwörter gehen, deren Verwendung für Anmeldung und Datenverschlüsselung, und die unzähligen Sicherheitsprobleme die damit verbunden sind. Im Rahmen unserer Consulting Tätigkeiten, der Lehre und der Forschung konnten wir in den letzten Jahren im mobilen Bereich bei kritischen Applikationen großer Hersteller gravierende Mängel erkennen. Dies ist vor allem problematisch da diese Applikationen sowohl im öffentlichen Bereich als auch gewerblichen Umfeld für die Absicherung von wichtigen Daten verwendet werden. Es wird dabei natürlich darauf geachtet, dass die Thematik auch für ein breiteres Publikum aufbereitet wird und nicht nur für die Studenten der VO verständlich ist.

Hier noch die Zusammenfassung der Details zum Weiterleiten:

Vortrag:
Passwörter im Zeitalter von Cloud, Smartphones und Tablets

Ort:
Gemeinderatsaal, Rathaus Graz, ca. 10:15 bis 12:00

Vortragender:
Dr. Peter Teufl, peter.teufl@iaik.tugraz.at

Institut:
Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie
http://www.iaik.tugraz.at
Technische Universität Graz

First steps into astrophotography

I have always been fascinated by astronomy. Since I got a decent DSRL (Canon 5d MKIII) the idea came up to deepen this fascination by going in the astrophotography direction. As soon as I got the 5d and a decent wide angle lens (Canon 16-35mm, 2.8F) I walked into the night and tried to shoot the milky way. The first shots were taken on the Pretul, Styria, Austria - near Mürzzuschlag the town I grew up. Unfortunately, the moon was very bright and it was quite difficult to find the right exposure time. By using the wide angle lens, a relative high ISO setting (about 2000), and an exposure time of at maximum 25 to 30 seconds one can get enough light of the milky way to highlight some details without getting star trails due to the rotation of the earth.

One of the first results can be seen here before post-processing with Lightroom.

• Camera: Canon 5d MKIII
• Lens: Canon 16-35mm 2.8F (pics taken at 16 mm and 2.8F) 
• Exposure time: 25s
• ISO: 2000

Without post-processing:

With Lightroom post-processing:

After a two month break (mainly due to my vacation in Iceland) I tried to shoot the milky way again. This time near to Graz on the Schöckl. Although some light pollution was present due to the vicinity of Graz, the sky was still much darker than the first time.

The following shot was taken with similar settings:

• Same lens at 16 mm, 2.8F
• Exposure time: 20 sec
• ISO: 2500

Without post-processing:

 With Lightroom post-processing:

Getting longer exposure times with the Astrotrac guider

Without guiding one is limited to wide angle shots at max. 30 seconds exposure time without getting any star trails. By using a guiding device like the Astrotrac TT320X-AG which compensates the earth rotation, the exposure times can be significantly increased.
My Astrotrac guider arrived in November and luckily there were clear skies over Graz. I took my first shots of Orion the hunter, which features gorgeous nebulas, such as the Orion Nebula.

The first shot covers the sword and the belt of Orion. Again, both versions of the picture are shown:

• Lens: Canon 70-200mm 2.8F (at 165 mm 2.8F)
• Exposure time: 34s
• ISO: 800

Without post-processing:

With Lightroom post-processing:

The second shot is taken at 400mm and captures the sword of Orion. Again, both versions are shown.

• Lens: Canon 70-200mm 2.8F and 2.0 extender (photo taken at 400 mm at 5.6F)
• Exposure time: 41s
• ISO: 800

Without post-processing:

With Lightroom post-processing: The sparkling effect for the sword stars was added with the Topaz star effects plugin.

I am pretty happy with these first results and looking forward to clear skies over Graz. Next time, I will definitely take multiple exposures, which can then be combined by DeepSkyStacker to extract more information and reduce noise.

Project SkyTrust Workshop

Our first workshop on project SkyTrust took place on December 18th. Prof. Reinhard Posch (CIO Federal Austria, Head of IAIK) gave the keynote on the challenges in using cloud infrastructure in gov applications. The current status of project SkyTrust was then demonstrated by students and employees. The whole workshop was a great success and we are sure that the current pace in project achievements will be continued next year.

I would also like to use the opportunity and thank all the participants for their important work on project SkyTrust.

KeyNote - Towards Cloud Gov - Reinhard Posch
Project SkyTrust Overview - Florian Reimair, Bojan Suzic, Peter Teufl
Demo 1 - Android Encryption Application - Ralph Ankele, Christian Maierhofer
Demo 2 - Web Application, SkyTrust Server - Felix Hörandner, Hubert Gasparitz
Demo 3 -  Windows CNG - Johannes Feichtner, Dominik Ziegler, Christof Stromberger

If you are a student at Graz University of Technology and like to work with us at the IAIK please contact me. Many interesting challenges await.

Project SkyTrust - Information

I have added more information (see above) about project SkyTrust, which gives an overview, describes the most important use cases and highlights the most important aspects of the SkyTrust JSON protocol. Furthermore, videos presenting the Windows CNG implementation have been added. These videos show how to install SkyTrust, how to create signed PDF documents with Acrobat Professional, how to sign S/MIME messages with Outlook and how to establish an OpenVPN tunnel.

Can we trust the Sky?

We asked this question last year during an interesting discussion on how to securely store and use cryptographic keys on arbitrary devices and platforms, such as mobile devices, desktop PCs, laptops or web browsers. Current solutions are based on smartcards, NFC tokens, dedicated hardware security modules, secure micro SD cards or special SIM cards. Although these solutions are considered as secure, each of them is just available on a limited number of platforms: Smartcards can be used on desktop devices with the appropriate smart card readers, SIM cards on mobile devices, or secure SD cards on a limited number of mobile devices. Apart from securely storing and using the keys, there remains the problem of key distribution - how to transfer a key from device to another? Finding the answer to that question typically involves a compromise between security and usability, which is in most cases is not acceptable.

Thus, the last year we have concentrated on storing the keys in the cloud, and providing cryptographic functions using those keys over a simple JSON based protocol that can be used from arbitrary devices and platforms (even the web browser). The term cloud could refer to public and private clouds, whereas the latter is the most likely scenario and involves the deployment of central hardware security elements for securely storing the keys.

The project was carried out as research project by students and IAIK employees and involved bachelor/master theses, internships, practical parts of the Advanced Computer Networks lecture and IAIK projects.

The current state of the project will be presented on December 18th at the IAIK. Apart from the live demos that will highlight the technical details of the projects, we will discuss how applied research is carried out at the IAIK by a very promising collaboration of students and employees.