Zur Person:

Sebastian Surminski war wissenschaftlicher Mitarbeiter am Lehrstuhl für Systemsicherheit an der Universität Duisburg-Essen. Er promovierte zum Thema Securing Embedded Devices with Remote Attestation. Heute arbeitet er für die genua GmbH.

Lebenslauf:

2018 - 2023

Wissenschaftlicher Mitarbeiter am Lehrstuhl für Systemsicherheit (Syssec) an der Universität Duisburg-Essen

4/2017 - 02/2018

Wissenschaftlicher Mitarbeiter am Lehrstuhl für Modellierung Adaptiver Systeme (MAS) an der Universität Duisburg-Essen

4/2014 - 04/2017

Masterstudium Angewandte Informatik - Systems Engineering an der Universität Duisburg-Essen (Abschluss mit M. Sc.)

10/2007 - 4/2014

Bachelorstudium Angewandte Informatik an der Universität Paderborn (Abschluss mit B. Sc.)

Ehrungen und Auszeichnungen:

• Distinguished Technical Poster Award at NDSS 2019
• Best Paper Award at MMBnet 2017

Projekte:

Sebastian Surminski arbeitete im Rahmen des Sonderforschungsbereichs (SFB) 1119 CROSSING in Projekt S2 an Lösungen für Remote Attestation.

Publikationen:

• Surminski, Sebastian; Niesler, Christian; Davi, Lucas; Sadeghi, Ahmad-Reza: DMA'n'Play: Practical Remote Attestation Based on Direct Memory Access. In: Proc. of 21st International Conference on Applied Cryptography and Network Security (ACNS). Springer, Cham, Kyoto, Japan, 2023. doi:10.1007/978-3-031-33491-7_2Kurzfassung Details BIB Download

  Remote attestation allows validating the trustworthiness of a remote device. Existing attestation schemes either require hardware changes, trusted computing components, or rely on strict timing constraints. In this paper, we present a novel remote attestation approach, called DMA’n’Play, that tackles these practical limitations by leveraging DMA (direct memory access). Since DMA does not require CPU time, DMA’n’Play even allows attestation of devices with real-time constraints. To prevent the exploitation of side-channels which potentially could determine if the attestation is running, we developed DMA’n’Play To-Go, a small, mobile attestation device that can be plugged into the attested device. We evaluated DMA’n’Play on two real-world devices, namely a syringe pump and a drone. Our evaluation shows that DMA’n’Play adds negligible performance overhead and prevents dataonly attacks, by validating critical data in memory.

• Surminski, Sebastian; Niesler, Christian; Linsner, Sebastian; Davi, Lucas; Reuter, Christian: SCAtt-man: Side-Channel-Based Remote Attestation for Embedded Devices that Users Understand. In: Proc. of 13th ACM Conference on Data and Application Security and Privacy (CODASPY). Association for Computing Machinery (ACM), Charlotte, NC, USA, 2023. doi:10.1145/3577923.3583652Kurzfassung Details BIB Download

  From the perspective of end-users, IoT devices behave like a black box: As long as they work as intended, the user will not detect any compromise. The user has minimal control over the software. Hence, it is very likely that the user misses that illegal recordings and transmissions occur if a security camera or a smart speaker is hacked. In this paper, we present SCAtt-man, the first remote attestation scheme that is specifically designed with the user in mind. SCAtt-man deploys software-based attestation to check the integrity of remote devices, allowing users to verify the integrity of IoT devices with their smartphone. The key novelty of SCAtt-man resides in the utilization of user-observable side-channels such as light or sound in the attestation protocol.
  Our proof-of-concept implementation targets a smart speaker and an attestation protocol that is based on a data-over-sound protocol. Our evaluation demonstrates the effectiveness of SCAtt-man against a variety of attacks and its usability based on a comprehensive user study with 20 participants.

• Cloosters, Tobias; Surminski, Sebastian; Sangel, Gerrit; Davi, Lucas: SALSA: SGX Attestation for Live Streaming Applications. In: Proc. of 7th IEEE Secure Development Conference (SecDev). Institute of Electrical and Electronics Engineers (IEEE), Atlanta, GA, USA , 2022. doi:10.1109/SecDev53368.2022.00019Kurzfassung Details VolltextBIB Download

  Intel SGX is a security feature of processors that allows running software in enclaves, isolated from the operating system. Even an attacker with full control of the computer system cannot inspect these enclaves. This makes SGX enclaves an
  adequate solution to store and process highly sensitive data like encryption keys. However, these enclaves are still vulnerable to standard software attacks. While SGX allows static attestation, i.e., validating the integrity of the program code and data in the enclave, static attestation cannot detect run-time attacks.
  We present SALSA , the first solution to allow run-time attestation of SGX enclaves. To show its applicability, we use SALSA to implement a video streaming service that uses an SGX enclave to decode the video stream. When a compromise of the SGX enclave is detected, the streaming of the video instantaneously stops. This shows a practical use-case for runtime attestation of SGX enclaves. In the evaluation, we show that the performance of this setup is sufficient to attest a live video streaming service.

• Surminski, Sebastian; Niesler, Christian; Brasser, Ferdinand; Davi, Lucas; Sadeghi, Ahmad-Reza: RealSWATT: Remote Software-based Attestation for Embedded Devices under Realtime Constraints. In: Proc. of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS). Association for Computing Machinery (ACM), New York, USA, 2021. doi:10.1145/3460120.3484788Kurzfassung Details BIB Download

  Smart factories, critical infrastructures, and medical devices largely rely on embedded systems that need to satisfy realtime constraints to complete crucial tasks. Recent studies and reports have revealed that many of these devices suffer from crucial vulnerabilities that can be exploited with fatal consequences. Despite the security and safety-critical role of these devices, they often do not feature state-of-the-art security mechanisms. Moreover, since realtime systems have strict timing requirements, integrating new security mechanisms is not a viable option as they often influence the device's runtime behavior. One solution is to offload security enhancements to a remote instance, the so-called remote attestation.

  We present RealSWATT, the first software-based remote attestation system for realtime embedded devices. Remote attestation is a powerful security service that allows a party to verify the correct functionality of an untrusted remote device. In contrast to previous remote attestation approaches for realtime systems, RealSWATT does neither require custom hardware extensions nor trusted computing components. It is designed to work within real-world IoT networks, connected through Wi-Fi. RealSWATT leverages a dedicated processor core for remote attestation and provides the required timing guarantees without hardware extensions. We implement RealSWATT on the popular ESP32 microcontroller, and we evaluate it on a real-world medical device with realtime constraints. To demonstrate its applicability, we furthermore integrate RealSWATT into a framework for off-the-shelf IoT devices and apply it to a smart plug, a smoke detector, and a smart light bulb.

• Paaßen, David; Surminski, Sebastian; Rodler, Michael; Davi, Lucas: My Fuzzer Beats Them All! Developing a Framework for Fair Evaluation and Comparison of Fuzzers. In: Proc. of 26th European Symposium on Research in Computer Security. Springer Cham, Darmstadt, Germany, 2021. doi:10.1007/978-3-030-88418-5_9Kurzfassung Details BIB Download

  Fuzzing has become one of the most popular techniques to identify bugs in software. To improve the fuzzing process, a plethora of techniques have recently appeared in academic literature. However, evaluating and comparing these techniques is challenging as fuzzers depend on randomness when generating test inputs. Commonly, existing evaluations only partially follow best practices for fuzzing evaluations. We argue that the reason for this are twofold. First, it is unclear if the proposed guidelines are necessary due to the lack of comprehensive empirical data in the case of fuzz testing. Second, there does not yet exist a framework that integrates statistical evaluation techniques to enable fair comparison of fuzzers.

  To address these limitations, we introduce a novel fuzzing evaluation framework called SENF (Statistical EvaluatioN of Fuzzers). We demonstrate the practical applicability of our framework by utilizing the most wide-spread fuzzer AFL as our baseline fuzzer and exploring the impact of different evaluation parameters (e.g., the number of repetitions or run-time), compilers, seeds, and fuzzing strategies. Using our evaluation framework, we show that supposedly small changes of the parameters can have a major influence on the measured performance of a fuzzer.

• Niesler, Christian; Surminski, Sebastian; Davi, Lucas: HERA: Hotpatching of Embedded Real-time Applications. In: Proc. of 28th Network and Distributed System Security Symposium (NDSS). Network and Distributed System Security (NDSS) Symposium, 2021. doi:10.14722/ndss.2021.24159Kurzfassung Details VolltextBIB Download

  Memory corruption attacks are a pre-dominant attack vector against IoT devices. Simply updating vulnerable IoT software is not always possible due to unacceptable downtime and a required reboot. These side-effects must be avoided for highly-available embedded systems such as medical devices and, generally speaking, for any embedded system with real-time constraints.
  To avoid downtime and reboot of a system, previous research has introduced the concept of hotpatching. However, the existing approaches cannot be applied to resource-constrained IoT devices. Furthermore, possible hardware-related issues have not been addressed, i.e., the inability to directly modify the firmware image due to read-only memory.

  In this paper, we present the design and implementation of HERA (Hotpatching of Embedded Real-time Applications) which utilizes hardware-based built-in features of commodity Cortex-M microcontrollers to perform hotpatching of embedded systems. HERA preserves hard real-time constraints while keeping the additional resource usage to a minimum. In a case study, we apply HERA to two vulnerable medical devices. Furthermore, we leverage HERA to patch an existing vulnerability in the FreeRTOS operating system. These applications demonstrate the high practicality and efficiency of our approach.

• Surminski, Sebastian; Rodler, Michael; Davi, Lucas: Poster: Automated Evaluation of Fuzzers - Distinguished Technical Poster Award. In: Proc. of 26th Network and Distributed System Security Symposium (NDSS). Network and Distributed System Security (NDSS) Symposium , San Diego, CA, 2019. Kurzfassung Details VolltextBIB Download

  Fuzzing is a well-known technique for automatically testing the robustness of software and its susceptibility to security-critical errors. Recently, many new and improved fuzzers have been presented. One critical aspect of any new fuzzer is its overall performance. However, given that there exist no standardized fuzzing evaluation methodology, we observe significant discrepancy in evaluation results making it highly challenging to  compare fuzzing techniques.

  To tackle this deficiency, we developed a new framework, called FETA, which automatically evaluates fuzzers based on a fixed and comprehensive test set enabling objective and general comparison of performance results. We apply FETA to various recently released academic and non-academic fuzzers, eventually resulting in a large scale evaluation of the current state-of-the-art fuzzing approaches.