Events & News

ZISC organizes a number events. The annual ZISC Workshop brings together leading experts to present and discuss their latest research results on a chosen information security and privacy topics. The weekly ZISC Lunch Seminar presentations illustrate the research done at the affiliated research groups and invite exciting speakers from other research institutes and companies.

Latest News

A decade of dedication to “Secure Internet” has come to fruition

The growing cyber threats are shaking the foundations of Internet-based services that have become essential in today’s society, culture, economy, and politics. In particular, in the field of financial services, which is witnessing a rapid migration from offline to online, secure and reliable communication is a key consideration.

The  Network Security Group (Prof. Adrian Perrig), the Information Security Group (Prof. David Basin), and the Program Methodology Group (Prof. Peter Müller) have been developing SCION, a secure next-generation Internet architecture. SCION offers secure, flexible, and scalable networking by introducing next-generation principles, such as multi-path communication, path-aware networking, and an embedded public-key infrastructure (PKI). Since its first prototype in 2011, SCION has continuously grown, with now eight Internet service providers (ISPs) supporting native SCION connectivity across Europe and Asia.

Recently, SNB and SIX announced in a press release that they are building a secure Swiss financial network based on SCION to provide strong cyber threat deterrence, high availability, and improved user experience for the Swiss financial sector. SSFN is expected to start service in November 2021. Further information can be found here.

Cryptographic vulnerabilities and security arguments for Telegram

Researchers from the Applied Cryptography Group at ETH Zürich are part of a team who recently published a research paper investigating the security of Telegram, a popular “messaging app with a focus on security and speed”, claiming to offer “heavily encrypted” messaging (citing, visited on 02.08.2021).

Contrary to other messaging apps such as Signal or WhatsApp, Telegram does not use “end-to-end” encryption between users by default, but rather trusts its servers to handle messages in plaintext. The encryption guarantees provided to users in this default scenario are then only between the user’s client and the Telegram servers. Here, instead of relying on publicly scrutinized standard protocols such as TLS, Telegram developers deploy their in-house protocol, MTProto 2.0.

In their recent publication to appear at IEEE S&P 2022, Albrecht, Mareková, Paterson and Stepanovs investigate the security provided by MTProto in the same security model used when evaluating TLS. The authors find a variety of vulnerabilities, but also manage to provide a proof of security of a slight variant of MTProto (once the vulnerabilities are patched), albeit under some unusual assumptions about the building blocks of the protocol.

A press release from ETH Zürich on the content of this work can be found here, while an approachable yet detailed description of their work and the extent of its implications, and the paper itself, can be found here.

Sustainable Internet Routing with SCION

With today’s widespread Internet usage, the total electricity consumption of its infrastructure (networks and data centres, but not consumer devices) is significant, namely around 500 TWh per year or 2.5% of worldwide electricity consumption. Moreover, as Internet traffic volume is steadily growing, this energy consumption could experience an eight-fold increase by 2030. Since electricity production still emits considerable amounts of greenhouse gases (475g CO2 equivalents per kWh on a global average), the growth of Internet traffic presents a serious concern regarding climate change: If the projections are true, the Internet would be responsible for an additional 1.7 billion tons of GHG emissions per year by 2030, corresponding to Russia’s 2019 CO2 emissions.



How can the ecological footprint of the Internet be reduced?

To tackle this challenge, researchers working on the SCION Internet architecture have recently proposed “green routing” in an article for the World Economic Forum

The fundamental idea behind green routing is to exploit differences between paths regarding the carbon emissions from transmitting data traffic over these paths. On the one hand, these differences can be due to geography: The carbon intensity of electricity differs between countries depending on the used technologies in the national electricity sectors. Interestingly, these differences are not static; many countries have recently ramped up their capacity of variable renewable energy (VRE) sources such as solar and wind, resulting in a much greener electricity mix under favorable conditions for VRE. On the other hand, the carbon differences between paths can be due to active efforts undertaken by the network operators on the path, such as optimizations of equipment energy efficiency or premium purchases of green electricity. If forwarding paths can be augmented with carbon-intensity information and can be selected based on ecological considerations (as would be straightforward to implement in a SCION Internet), this huge potential for emission savings in the Internet’s core network could be unlocked.

Many exciting research questions revolve around the idea of green routing, namely:

  • How high are the expected emission savings from green routing?
  • How much more traffic would green paths attract, especially if these paths might be slower or more expensive?
  • What exactly is the most meaningful form of ecological information that should be integrated into path information?
  • How can ISPs obtain this information and how should it be verified and certified?
  • How strong is the economic incentive for path providers to become greener if a green-routing architecture is in place?

The Network Security Group is currently exploring all these research questions. Finding an answer to them will be instrumental in fulfilling the promise that carbon-oriented path selection offers.

New Network Zoning Architecture

Network zoning has long been recognized as the cornerstone of secure network operation and management, which logically partitions network and information assets into disjoint segments depending on their security requirements and policies. Today, most enterprise networks have built a multi-layered hierarchy realized with thousands of network zones to minimize the attack surface and protect assets from unauthorized access. The sophisticated zone structure and its dynamicity make network administration tedious, time-consuming, and labor-intensive. Furthermore, transferring security-sensitive data between zones in different physical locations over the public Internet remains a great challenge; security information is lost in transit, requiring additional authentication.

Simplified zone structure with a new concept, Transit Zone.

Prof. Adrian Perrig and his research group have introduced a novel network zoning architecture, Mondrian, that secures inter-zone communication while enabling scalable cryptographic-key management and flexible network zone migration. With a new concept called Inter-domain Transit Zone, a large patch panel that allows parallel connection of multiple zones, Mondrian flattens the hierarchically-complex zone structure into a simple horizontal structure, significantly improving manageability. In conjunction with SCION, Mondrian also enables cryptographically protected packet forwarding for inter-domain zone transition thanks to Internet-scale key management empowered by DRKey.

If you are interested, the full paper and the conference video are available online.

Linking Protocol and Code Verification

The formal verification of entire software systems is one of the grand challenges of computer science. Recently, researchers from Prof. David Basin’s and Prof. Peter Müller’s groups have made significant progress on this challenge.

In a paper at this year’s Object-Oriented Programming, Systems, Languages & Applications conference (OOPSLA’20), they propose a new approach, dubbed Igloo, which soundly links protocol verification with software verification. The Igloo methodology provides strong end-to-end guarantees, meaning that pro
perties proven for abstract models also hold for the implemented systems.

The leading researcher, Dr. Christoph Sprenger, says:

“The main novelty of our approach is that it establishes a sound link between protocol verification based on labeled transition systems and code verification based on separation logics. This enables the combination of state-of-the-art tools from each area: interactive theorem proving in higher-order logic for protocol verification and code verification using modern separation logics, which support advanced programming language features needed for efficient and maintainable code such as heap data structures and concurrency. So far, we support Nagini (for Python) and VeriFast (for Java), but code verifiers for other languages can be integrated with only minimal requirements. Our case studies include distributed algorithms, fault-tolerant systems, and security protocols, where the different components are written in different languages and some employ local concurrency to improve efficiency. Our work contributes towards the formal verification of realistic distributed systems.”

Igloo is expressive, versatile and supports modeling of a wide range of distributed systems using state-of-the-art verification tools. The researchers show the feasibility of the Igloo methodology in several case studies. All results are formalized in a theorem prover. This foundational approach yields strong soundness guarantees.

The full paper as well as the artifact are available online. The presentation introducing Igloo will be available on Youtube following the OOPSLA conference on Nov 21st, 2020.