Winter
2009/10

Security / Identity Management
Seminar, 2 SWS

Instructor: Dr. Wolf Müller
Tuesday, 09:30-11:00, RUD 26, 1'307

Computer Science Department
Systems Architecture Group

• Seminar, Praktische Informatik, Hauptstudium.
• 2h each week, over one semester (2 SWS).
• Students will present a selection of papers that will help you understand which threats exist, judge their significance and learn methods to defend your system against hackers. In addition you will explore the mathematical underpinnings of today's most common security tools and protocols. But most of all you will learn that there is no absolute security - i.e. your will have to learn ways to detect security breaches and recover from them.

Credits:

  In order to obtain credits for this seminar, participants are expected to:

• Attend regularly (at least 90%).
• Read each paper before the seminar, to be adequately prepared for discussion.
• Research an assigned subject; present major findings (45 min presentation; 30 min discussion).
• Presentations will be evaluated by two members of the audience at the end of each class (Bewertungskriterien-Seminarvortrag.pdf).
• Presenters summarize their presentation and relevant discussion on the Seminar's WIKI page within 2 weeks.
• Presentations may be given in English or German. All documents are in English (exceptions may be granted).

Prerequisites:

• This seminar is suitable for students of all technical science disciplines who have previously completed courses PI 1,2,3 or equivalent.

Wiki:

• In addition to the seminar home page (this page), there is a WIKI for dynamically added content, e.g. contributions by students: http://sarwiki.informatik.hu-berlin.de/W2009-SE .

Syllabus:

• Introduction [Wiki]
• Microsoft Cardspace [Chapter 2] (Papier)
• Liberty Alliance, SAML [Whitepaper pdf] (Martin Minor)
  - Overview
  - SAML http://docs.oasis-open.org/security/saml/v2.0/:

   * saml-core-2.0-os.pdf
   * saml-bindings-2.0-os.pdf
   * saml-profiles-2.0-os.pdf
   * sstc-saml-approved-errata-2.0-cd-02.pdf (Errata-Liste)

• Single Sign On: Shibboleth http://shibboleth.internet2.edu/ (Elke Weber)
• OpenID (name is given in handout)
  http://openid.net/developers/specs/
• ePass [BSI-TR-03104] (Michael Fiedler)
• ePA [pdf] (Robert Göttsch)
• Protokolls:
• IEEE Draft P1363.3 "Identity-based public key cryptography based on pairings" [pdf] (Daniel Schliebner)
• SPEKE "Strong Password-Only Authenticated Key Exchange" [pdf]
• J-PAKE "Password Authenticated Key Exchange by Juggling" [pdf]
• PACE BSI-TR-03110 [pdf] (Ingo Kampe)

Further Readings (Books):

• Claudia Eckert. IT-Sicherheit
• Ross Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems.
• Bruce Schneier. Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition.
• Security and Cooperation in Wireless Networks, Thwarting Malicious and Selfish Behavior in the Age of Ubiquitous Computing, by Levente Buttyan (BME) and Jean-Pierre Hubaux (EPFL) (SeCoWiNetV1.5.pdf) [local]