Team
Academic Staff
Christian Niesler, M.Sc.
- Room:
- S-GW 306
- Phone:
- +49 201 18-37336
- Email:
- christian.niesler (at) uni-due.de
Bio:
Christian Niesler is a research assistant in the working group for System Security at the University of Duisburg-Essen.
Curriculum Vitae:
Year | Position/Study Program |
---|---|
since 10/2020 | Research Assistant at the System Security (Syssec) group at the University of Duisburg-Essen |
10/2017 – 09/2020 | Master of Science: Software and Network Engineering at University Duisburg-Essen Threat and Vulnerability Management at DXC Technology in Ratingen |
10/2014 – 09/2017 | Bachelor of Science: Applied Computer Science at Cooperative State University in Stuttgart Dual Study at Hewlett-Packard (Enterprise) |
Publications:
- Staudigl, Felix; Thoma, Jan Philipp; Niesler, Christian; Sturm, Karl; Pelke, Rebecca; Germek, Dominik; Joseph, Jan Moritz; Güneysu, Tim; Davi, Lucas; Leupers, Rainer: NVM-Flip: Non-Volatile-Memory BitFlips on the System Level. In: Proceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems. Association for Computing Machinery, Porto, Portugal 2024, p. 11-20. doi:10.1145/3643650.3658606CitationAbstractDetails
Emerging non-volatile memories (NVMs) are promising candidates to substitute conventional memories due to their low access latency, high integration density, and non-volatility. These superior properties stem from the memristor representing the centerpiece of each memory cell and is branded as the fourth fundamental circuit element. Memristors encode information in the form of its resistance by altering the physical characteristics of their filament. Hence, each memristor can store multiple bits increasing the memory density and positioning it as a potential candidate to replace DRAM and SRAM-based memories, such as caches. However, new security risks arise with the benefits of these emerging technologies, like the recent NeuroHammer attack, which allows adversaries to deliberately flip bits in ReRAMs. While NeuroHammer has been shown to flip single bits within memristive crossbar arrays, the system-level impact remains unclear. Considering the significance of the Rowhammer attack on conventional DRAMs, NeuroHammer can potentially cause crucial damage to applications taking advantage of emerging memory technologies. To answer this question, we introduce NVgem5, a versatile system-level simulator based on gem5. NVgem5 is capable of injecting bit-flips in eNVMs originating from NeuroHammer. Our experiments evaluate the impact of the NeuroHammer attack on main and cache memories. In particular, we demonstrate a single-bit fault attack on cache memories leaking the secret key used during the computation of RSA signatures. Our findings highlight the need for improved hardware security measures to mitigate the risk of hardware-level attacks in computing systems based on eNVMs.
- Thoma, Jan Philipp; Niesler, Christian; Funke, Dominic; Leander, Gregor; Mayr, Pierre; Pohl, Nils; Davi, Lucas; Güneysu, Tim: ClepsydraCache - Preventing Cache Attacks with Time-Based Evictions. In: Proc. of 32nd USENIX Security Symposium. Anaheim, CA 2023. CitationDetails
- Surminski, Sebastian; Niesler, Christian; Davi, Lucas; Sadeghi, Ahmad-Reza: DMA'n'Play: Practical Remote Attestation Based on Direct Memory Access. In: Proc. of 21st International Conference on Applied Cryptography and Network Security (ACNS). Kyoto, Japan 2023. CitationAbstractDetails
Remote attestation allows validating the trustworthiness of a remote device. Existing attestation schemes either require hardware changes, trusted computing components, or rely on strict timing constraints. In this paper, we present a novel remote attestation approach, called DMA’n’Play, that tackles these practical limitations by leveraging DMA (direct memory access). Since DMA does not require CPU time, DMA’n’Play even allows attestation of devices with real-time constraints. To prevent the exploitation of side-channels which potentially could determine if the attestation is running, we developed DMA’n’Play To-Go, a small, mobile attestation device that can be plugged into the attested device. We evaluated DMA’n’Play on two real-world devices, namely a syringe pump and a drone. Our evaluation shows that DMA’n’Play adds negligible performance overhead and prevents dataonly attacks, by validating critical data in memory.
- Surminski, Sebastian; Niesler, Christian; Linsner, Sebastian; Davi, Lucas; Reuter, Christian: SCAtt-man: Side-Channel-Based Remote Attestation for Embedded Devices that Users Understand. In: Proc. of the 13th ACM Conference on Data and Application Security and Privacy (CODASPY). ACM, Charlotte, NC, United States 2023. CitationAbstractDetails
From the perspective of end-users, IoT devices behave like a black box: As long as they work as intended, the user will not detect any compromise. The user has minimal control over the software. Hence, it is very likely that the user misses that illegal recordings and transmissions occur if a security camera or a smart speaker is hacked. In this paper, we present SCAtt-man, the first remote attestation scheme that is specifically designed with the user in mind. SCAtt-man deploys software-based attestation to check the integrity of remote devices, allowing users to verify the integrity of IoT devices with their smartphone. The key novelty of SCAtt-man resides in the utilization of user-observable side-channels such as light or sound in the attestation protocol.
Our proof-of-concept implementation targets a smart speaker and an attestation protocol that is based on a data-over-sound protocol. Our evaluation demonstrates the effectiveness of SCAtt-man against a variety of attacks and its usability based on a comprehensive user study with 20 participants. - Surminski, Sebastian; Niesler, Christian; Brasser, Ferdinand; Davi, Lucas; Sadeghi, Ahmad-Reza: RealSWATT: Remote Software-based Attestation for Embedded Devices under Realtime Constraints. In: Proc. of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, New York, USA 2021. doi:10.1145/3460120.3484788CitationDetails
- Niesler, Christian; Surminski, Sebastian; Davi, Lucas: HERA: Hotpatching of Embedded Real-time Applications. In: Proc. of 28th Network and Distributed System Security Symposium (NDSS). 2021. doi:10.14722/ndss.2021.24159Full textCitationAbstractDetails
Memory corruption attacks are a pre-dominant attack vector against IoT devices. Simply updating vulnerable IoT software is not always possible due to unacceptable downtime and a required reboot. These side-effects must be avoided for highly-available embedded systems such as medical devices and, generally speaking, for any embedded system with real-time constraints.
To avoid downtime and reboot of a system, previous research has introduced the concept of hotpatching. However, the existing approaches cannot be applied to resource-constrained IoT devices. Furthermore, possible hardware-related issues have not been addressed, i.e., the inability to directly modify the firmware image due to read-only memory.In this paper, we present the design and implementation of HERA (Hotpatching of Embedded Real-time Applications) which utilizes hardware-based built-in features of commodity Cortex-M microcontrollers to perform hotpatching of embedded systems. HERA preserves hard real-time constraints while keeping the additional resource usage to a minimum. In a case study, we apply HERA to two vulnerable medical devices. Furthermore, we leverage HERA to patch an existing vulnerability in the FreeRTOS operating system. These applications demonstrate the high practicality and efficiency of our approach.