Re: [Ace] Security of the Communication Between C and RS

Ludwig Seitz <ludwig.seitz@ri.se> Wed, 19 December 2018 12:21 UTC

Return-Path: <ludwig.seitz@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0A70130DFC for <ace@ietfa.amsl.com>; Wed, 19 Dec 2018 04:21:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.701
X-Spam-Level:
X-Spam-Status: No, score=-1.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p7uE3Af0VY-P for <ace@ietfa.amsl.com>; Wed, 19 Dec 2018 04:21:53 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20052.outbound.protection.outlook.com [40.107.2.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B025130E05 for <ace@ietf.org>; Wed, 19 Dec 2018 04:21:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector1-ri-se; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OUdYaDUpexC2hQu1SRUmBs17IRExNyEvsaVD+SSlXNs=; b=Gz3TZWhoJzsIkPqg0liOLNhuv14W2/omnTVi4ylTZrE6AIZCiYtSI4sW2GoBXMM0SZycN+SKZ5IpQtJsBK6OXL45DhYdpQ8v0UDiWwwweaTi51FwGY/pwf0CM1S8fwTv7UY5rmdWsbLSoTKUxKa1nLESMItgyHCpYy4mrLjMpbQ=
Received: from VI1P18901CA0004.EURP189.PROD.OUTLOOK.COM (2603:10a6:801::14) by AM5P189MB0468.EURP189.PROD.OUTLOOK.COM (2603:10a6:206:21::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1425.22; Wed, 19 Dec 2018 12:21:50 +0000
Received: from VE1EUR02FT017.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e06::203) by VI1P18901CA0004.outlook.office365.com (2603:10a6:801::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1446.19 via Frontend Transport; Wed, 19 Dec 2018 12:21:50 +0000
Authentication-Results: spf=pass (sender IP is 194.218.146.197) smtp.mailfrom=ri.se; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=ri.se;
Received-SPF: Pass (protection.outlook.com: domain of ri.se designates 194.218.146.197 as permitted sender) receiver=protection.outlook.com; client-ip=194.218.146.197; helo=mail.ri.se;
Received: from mail.ri.se (194.218.146.197) by VE1EUR02FT017.mail.protection.outlook.com (10.152.12.98) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.1446.11 via Frontend Transport; Wed, 19 Dec 2018 12:21:49 +0000
Received: from [192.168.0.166] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1531.3; Wed, 19 Dec 2018 13:21:49 +0100
To: Stefanie Gerdes <gerdes@tzi.de>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Jim Schaad <ietf@augustcellars.com>, "ace@ietf.org" <ace@ietf.org>
References: <154322421294.8323.8505315870685563404.idtracker@ietfa.amsl.com> <a0cdd836-7fe3-339e-0c48-961503857447@tzi.de> <03b601d49191$7d1bb400$77531c00$@augustcellars.com> <945fbebe-659f-ac72-3ab6-8e05447e7c92@ri.se> <1c5b81f3-50ce-be68-bec3-68ce2ff15b43@tzi.de> <4ae4eccd-68bf-18ef-f909-142f8172eca1@ri.se> <81ba3ab4-a9ce-a6fd-fbe6-c36a6fbbd9a5@tzi.de> <VI1PR0801MB2112E04F9FD7412350995417FAA20@VI1PR0801MB2112.eurprd08.prod.outlook.com> <b994af16-9bb8-4386-e7d2-321e453417fc@ri.se> <VI1PR0801MB21124D7C11F3A1F49DCA9A2CFABD0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <VI1PR0801MB21126DDCCA251EEB8DB21DAAFABD0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <dff54c41-9598-8f77-83ec-f4494703d923@tzi.de> <VI1PR0801MB21125D384A3DE6BD90AEDB74FABD0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <b79ea204-0d7d-3968-6ea5-cd33d5502380@tzi.de> <VI1PR0801MB2112F215E8DF2E8AC34F217FFABE0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <e42032d6-ad15-26d2-cdbb-aaa34900d1ad@tzi.de>
From: Ludwig Seitz <ludwig.seitz@ri.se>
Message-ID: <9f35177f-30d4-817e-dfc3-9a54903ab023@ri.se>
Date: Wed, 19 Dec 2018 13:21:48 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <e42032d6-ad15-26d2-cdbb-aaa34900d1ad@tzi.de>
Content-Type: text/plain; charset="windows-1252"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [10.116.0.226]
X-ClientProxiedBy: sp-mail-1.sp.se (10.100.0.161) To sp-mail-2.sp.se (10.100.0.162)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:194.218.146.197; IPV:NLI; CTRY:SE; EFV:NLI; SFV:NSPM; SFS:(10009020)(39860400002)(396003)(346002)(136003)(376002)(2980300002)(189003)(199004)(106466001)(31686004)(68736007)(186003)(16526019)(36756003)(77096007)(336012)(50466002)(76176011)(16576012)(22746007)(316002)(26005)(64126003)(8936002)(104016004)(22756006)(74482002)(8676002)(6246003)(2870700001)(386003)(53546011)(33896004)(81156014)(81166006)(69596002)(58126008)(110136005)(65826007)(305945005)(47776003)(5660300001)(7736002)(67846002)(2501003)(93886005)(65806001)(15650500001)(65956001)(117156002)(2906002)(53936002)(106002)(3846002)(229853002)(486006)(2616005)(86362001)(6116002)(44832011)(476003)(31696002)(126002)(11346002)(23746002)(40036005)(97736004)(356004)(508600001)(14444005)(446003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM5P189MB0468; H:mail.ri.se; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; MX:1; A:1;
X-Microsoft-Exchange-Diagnostics: 1; VE1EUR02FT017; 1:g3SFT0wyE1D/7/PmesLNWPOQXyS9yqJPA6hfNryFLlSZ3U6RHmgVGchK6NGkUF8zrg2yJcpPcVWDSsouSGMKUoZKDrLZFRUiluSlkR1n9ge3hx42plDm469fdzINpg1/
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: d132d343-2800-4d55-6b91-08d665ac8d76
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600074)(711020)(4608076)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:AM5P189MB0468;
X-Microsoft-Exchange-Diagnostics: 1; AM5P189MB0468; 3:WlC/VLZaliOWIImOmH96mFfc0ZEvAccN5iU4kinq9rsmW8wvL7oBJ9FAIoSLLDP33S2AJR+uQQewyu9brtBRBGZMN+0+v62r1UPKhmXVwIxk2ntS48za6k+MCjHWIJ5A9lXBKiIMPs8oJPv+LXuquh0a7h54Mkr6BsQStQMiI2MN4JvXFoo47aydOhjDyEn7aROdSVxqRdJzYLbfTSrIE9oWM5/hfiwtjrjKTH8aEIiKl82DfLSX3Z09f+28PtRiXih1v930infmUOYUktc4t6yJis353cO3pOrofIjR9N3BUMdegja5N3Jm6HOsXDPxX3yFI5zKxtzoRu1WIJ0DM6dzTnRFnFNQyaK6tJo8WNw=; 25:zvDfyMlFUavtwC1rUbrKWbdQLioo0PD+nFibTXDDsAQpswikOSIKEcpMhg60WxRCXoakHcLakQIvnB/WxErWnQzLUG51GVZXiH7KPNbRkm5qGqGb6tSvTdWt9H4APviCv3LZx3a4ILSHE79wfdrTZ5+gf65C0TU3s8BwV+pnzNvnvWOokhI+vec78GNbdeRYrLMUKkIgUKjeHVvgeI+3fJCvhjH7/7xxQ7uiXhAglq/72sG/10o9IpDmZFW35AXu078rXsJjllleXimWndRYqpcVL99P32cVGf9VYZOnPL7F1zIAD/rRCvRACB5dSvyB5H9U9rCsSFq+xbUF1J+FsQ==
X-MS-TrafficTypeDiagnostic: AM5P189MB0468:
X-Microsoft-Exchange-Diagnostics: 1; AM5P189MB0468; 31:DUjUh84edjiro94G/IWhRxXVhiTDENDdJTQGgWN6ut3UpaZxY54jx6gGYpsDz/XsRrUZvSUKk7U6cF7Ypl4tejXfJ6kTgsqeZuMFnKim9ddKVOPwuUH84ChGv7dmdKamWwzanm3QRXIkyt72n/zjKfvoBBsyDlR61xKbJyLH9RzqTjDEX/Yfuk5reOEtKte2syWdlk3/E8jYzd4FjJKD67j/Yop7qdGFQhfN4yFh3CY=; 20:VYSTzGcgj8fc0/vkf03CzL6hb3tSEaTNudVaxORi5Y4fjgK8BbwwsrJUyFem+WRSkTVe4Ws0EgiA4bFFCMLCjMw33ifEhDJ+YcnV9r7P1lEBDVeBXMVmjWIaImj9ZUtcmeBi9ZnXwZSfjtqhcRyJShSciDIGbKRz3H6XBNFTzGdWqwY/JqevGGSIgaD8/taojvi2qUnl5wohR6iJZd03pik5cOk0WpzFn5W8V5qCeJG7tDuC3SWen+N/Je3l88qz; 4:9OVJb4E9W6VtwTyWz8bG0Ozv+rTMNLGDqHAg9hhp8ucmMAy9f9n6O5HLvcdIl1jha7e5Sa6W0fFPN4ADif1uo4ezT0A+Xi3VCMgr7FqYTZe+9p7evHBlJVmuw0aw4spQDWuyJZJS5jfyDUIPlZ88j3m9rgJAN/4bepD9zkce6nj3TVLJ9q3t0eIaXA/rBIqGO4Nh7CYKbmVQzThzvqqMvJxEtxx0BdZ2jCaKYCkWNn0tlgnwsFjB6FX0pikY9w7zOGHF1AmvmTXAnMEifi5O6g==
X-Microsoft-Antispam-PRVS: <AM5P189MB0468A6975BA94CD83D3C688482BE0@AM5P189MB0468.EURP189.PROD.OUTLOOK.COM>
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(3230021)(999002)(6040522)(2401047)(5005006)(8121501046)(3231475)(944501520)(52105112)(93006095)(93004095)(3002001)(10201501046)(148016)(149066)(150057)(6041310)(20161123562045)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(20161123560045)(201708071742011)(7699051)(76991095); SRVR:AM5P189MB0468; BCL:0; PCL:0; RULEID:; SRVR:AM5P189MB0468;
X-Forefront-PRVS: 0891BC3F3D
X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1; AM5P189MB0468; 23:FBXgTXMB+r/hovq6jfCi42Bjb1vZYd/VEyf9T?= =?Windows-1252?Q?TDbCLbl0/92wonqoYN7Z1t10Q2V2pmwhlggCa6pw55Dv/4duBA+Eo6YX?= =?Windows-1252?Q?dUb4Z3cxCouuU66L67SZfDzZv1asNa4oog9toQbtDcFnMG60nvH7yLVc?= =?Windows-1252?Q?sfLZji3iTck39anWxVQ4NMD73DjkqNWXIrtYygWHo344TVSjngxphi/n?= =?Windows-1252?Q?Bz68EAT0Qqi4S4PNH7Stkdw2uNOkUh5KJ2lCDOzZijYTOarjplYDMLbN?= =?Windows-1252?Q?/YgKJPRFMb4mzkplVA8OjHIR8ZJrU8dRqOjo4/hecFNtAf4XiMxQbwWs?= =?Windows-1252?Q?HyDyayZhledBmyyFbVGbFqhMYM5LMRkYGavtBOJwddsC471eUmGNTY/n?= =?Windows-1252?Q?3ZWVfdUKJ6B8nFRLH8RX2zyykFTyQxrhZUrFm/OHVDKq3ZViVs3Wqowi?= =?Windows-1252?Q?2At7SFuNGJUS1goTv1qWymBg/Bw+Vxh2TzAPRTfm1QaiB59N5zjfETgA?= =?Windows-1252?Q?+UUI9yZuYODyhzowzJd/5sJeac5UdoLLzatrM8o5Z7iSNK1JF5CIpCtD?= =?Windows-1252?Q?PGt4Z6XxwLPQmP0W21YZldzEvEwRJaanvaIJVG+kD2Z6JVWzY5Wi4UfD?= =?Windows-1252?Q?Jt7N/BgV5eMH79qyieFpuZBSwQxrru5huVzFX2FYLxusI2otTscZqj2W?= =?Windows-1252?Q?DkcYQrTDbm7Q70/9+NBhlcfDlk3Xt8IZiqoGvdSobNoxfBguqfCFSwNp?= =?Windows-1252?Q?0IC6C8auFHld/bhty0GZzDcYEIEv3ORjrrVV0UCgJ+aaRkSqrD9Sk70Z?= =?Windows-1252?Q?3IbizK5SgziKgNz+vdhJhLDnyabvBwvFgcjd/tL+virLWDZy8AdwcadB?= =?Windows-1252?Q?WW24Fc2L9nFyBU9HWJ/PrDupbZF3x86O8sTK/nO42WIX7bmhu5/Auumk?= =?Windows-1252?Q?uvJkDDnzdYcnbSIGX3MpEO94uLZ3quH4NKR0gi31e2AyUBJyNvUZJtZz?= =?Windows-1252?Q?sw1bgoh/l6fyCpMS8P+SwG2sDXkMrTDpODNXSQnj8vpThxX9lywYtJCr?= =?Windows-1252?Q?R5f7SE5RRtGksRbK9m9hA8C5Vxp00b7qykxy/zCgftniERxBS94ehsNC?= =?Windows-1252?Q?PMmATIe+k11W3QdBe//qPyj6rY3lZbHKbwHw9qT9asg0V02Ebqkviorf?= =?Windows-1252?Q?Z79gu6dHJzCiyMG61UQTdflRCj/ttreUs43lNYy+3zBVKaOLVIs6kjma?= =?Windows-1252?Q?75dQUpDZB37LjDW7mRgsMXlFNuArwQJpmiPrzl5b4mA2bkLyYcDmqlmX?= =?Windows-1252?Q?dfiasHOz52BHrNxR26gE356LeNWrQ9QvD5y55gJE1PPaoPaTp7eGF2cZ?= =?Windows-1252?Q?9yO1afvPvayNKEqD3vcpq6gGmmDtlCr7RhDtxKAGTCDENAupNPpB5gFB?= =?Windows-1252?Q?KkEf6m46yWqq8pdBtbMFAggk+4/jYjsZ2gmjHHKQGtrRtY5itEHrR8rW?= =?Windows-1252?Q?EXbcXLBcWxl7deJ8EccRDK3ST/NoToRl7QlOyO+dCZ2jZqwpgS+znNNS?= =?Windows-1252?Q?xwxpYMoOwRpPt+ZanGw5VRdXDCAv7yjy3LJU38sU9hHMd7qfKU9HZiOF?= =?Windows-1252?Q?LeZ8ce+mVSzGlhWY0ROmAEyJ5G+Cz1Gx1QsFiPxy7ZqrbkmdsdM68r9e?= =?Windows-1252?Q?UpANhr8QREQpK2uv37emWSnnnmr8V0=3D?=
X-Microsoft-Antispam-Message-Info: ASlkPez61ntIG606m0X6SMQNK16r/8XADfmwW4gBA+RwCv0Ja5cN3KDPl6r7bV/mOFEpjCVCfVAsK93eZitA/eViz/xrL068uxlp0H8kyr9N2VpnOa1GGS9kuEsYuEZ8zc2E81G3BmKMULk/UjZ8xGLa45yMj6Xts7gHeFe+YIcv/qIgskHIM/6bw0t7/w2Zjr+wcqVBUONQBhIgBFcalPFoI8NHls/N3YdkpriVq7S9ftILP95sZyE2i1Mld0OueRx/xqiqzOpGHELrzSoaFnUyUkPivLTjXtOF3+uPAi0Yyf5VEIpwTIiZ+H8d7692
X-Microsoft-Exchange-Diagnostics: 1; AM5P189MB0468; 6:5VKYvhPGb0IDxc5jpxiIS2tnbyMKWX6OBZusPOa8ZwoGdmdwGi8PLqO4gzTw+J0kf7JL8KOhuf8dEW8fvd5WL3cMnYP1ZZyMB0BS8poN1hiL8R6d3nuXiVdEA8b6HB65QOAVm5FLHeEA5nRg+v+L+mzelz23qoQLIkP8TH8dgiXPUJpWJirIn5qivA+hPvItTpLFm+VkN4pxBsi7gyUPuHlXIYz/Xqi04mb0gu/uRgYhs7RJFn5/LhDI6gzR3c0wHK6YZ1P3grNKQ/RxenKTOnA4MVChCGJdMMGbOuWd9OT9JDuPIAX97KTG5HGoto6GMxHs7Y4GQblZZkYWTPRwTy4zJmSqYoZi+YoUG+Ks7ejJ/b2qWQsD3re1ivU9Vk8qXcVI93TGpK4serPzEt1q+zaWiXXVJuYZzTRPWUFGrbyGvrCWcdfbR6eR7YOyyYj+5zUFB5CeKOHRo7+34dZAgQ==; 5:x3GapvUzGmZISz3ifYMMR1qw//+B3+/AJlIUfAk4e0scJ7NVZA+jM2sTJrSypXG37BKnUCFtay0WjP1Dya8fYbLpE1fFQHrLq4WcP9Aacu8MCpVMfNZScgNzLPymKqyEo3S8q8GOk7YUC4UHehESk5VrQ4DcHkpg2WJCjkIhXMc=; 7:e4yjaFYjhteyhyNjMZhZs2OBmoVYLZZEVAtZoUKXPLSKD2wJAqIcwB0p70V3Bjw3DslVSZvtu3oFbGAnUnIncBaY68jkK2TA0APdVFRtzmHlTJLYflQzPdxmrwgUMZMVAAhYk8JvCgqMszHZWtYfWA==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Dec 2018 12:21:49.9913 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d132d343-2800-4d55-6b91-08d665ac8d76
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5a9809cf-0bcb-413a-838a-09ecc40cc9e8; Ip=[194.218.146.197]; Helo=[mail.ri.se]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P189MB0468
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/Rg2-bRLkAS_e8XMSGJ9Z0YytQsE>
Subject: Re: [Ace] Security of the Communication Between C and RS
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Dec 2018 12:21:57 -0000

On 19/12/2018 12:46, Stefanie Gerdes wrote:
> Hi Hannes,
> 
> On 12/19/2018 12:36 PM, Hannes Tschofenig wrote:
>> Hi Steffi,
>>
>> Are you focused on token expiry or the case where a token + symmetric key has been leaked?
> 
> I am talking about the expiry of the keying material for RS that AS
> provides to C.
> 
>>
>> Is the threat you are describing the case where the client uses DTLS/TLS with the RS (potentially long after a token has been presented), or the case where the client contacts the RS and presents a token?
> 
> I am worried about cases where the client communicates securely with RS,
> e.g., using DTLS/TLS or object security, not about presenting the token
> to RS.
> 
> Viele Grüße
> Steffi
> 


The scenario Steffi is thinking of is this (if I understood correctly):


1.) C obtains token and pop-key from AS
2.) C transmits token to RS and sets up secure communication (e.g. 
DTLS-PSK) using the pop-key
3.) C sends secure requests to the RS
4.) token expires, an attacker manages to get hold of the pop-key
5.) C continues to send requests containing sensitive information to the 
RS , attacker can now read the messages and spoof positive responses 
from the RS. C never notices that the token is invalid and that it is 
actually talking to the attacker.


A reasonable way to prevent this is to give the client a way to 
determine whether a token has been revoked or is expired.
This former can be done through some form of client introspection, the 
latter can be achieved with the expires_in parameter.

/Ludwig


-- 
Ludwig Seitz, PhD
Security Lab, RISE
Phone +46(0)70-349 92 51