Winter
2012/13

Electronic Identity
[32257] SE  (2 SWS, Dipl. 3 SP / M.Sc. 5 SP / Ba. 3 SP),
Do 15:15-16:45 RUD26, 1303
Instructor: Dr. Wolf Müller

 


Computer Science Department
Systems Architecture Group

 

 
Abstract: The Internet was built without a way to know who and what you are connecting to. This limits what we can do with it and exposes us to growing dangers. If we do nothing, we will face rapidly proliferating episodes of theft and deception that
will cumulatively erode public trust in the Internet. [Kim Cameron, identityblog]


©xkcd
Synopsis:
  • Seminar, Praktische Informatik
  • 2h each week, 2 SWS
  • Students will present a selection of papers that will help you understand which threats exist, judge their significance and learn methods to defend your system against hackers. In addition you will explore the mathematical underpinnings of today's most common security tools and protocols.

Credits:

  In order to obtain credits for this seminar, participants are expected to:

  • Is possible for bachelor, master, Diplom (degree of difficulty)
  • This seminar can be combined with "VL IT-Sicherheit Grundlagen" "Modul mit Seminar (BSEM)" zur Studienordnung Bachelor Informatik (Mono-Bachelor) [link]
  • Dipl. 3 SP / M.Sc. 5 SP / Ba. 3 SP
  • Attend regularly (at least 90%).
  • Read each paper before the seminar, to be adequately prepared for discussion.
  • Research an assigned subject; present major findings (45 min presentation; 30 min discussion).
  • Presentations will be evaluated by two members of the audience at the end of each class (Bewertungskriterien-Seminarvortrag.pdf).
  • Presenters summarize their presentation and relevant discussion on the Seminar's WIKI page within 2 weeks.
  • Presentations may be given in English or German. All documents are in English (exceptions may be granted).

Prerequisites:

  • This seminar is suitable for students of all technical science disciplines who have previously completed courses PI 1,2,3 or equivalent.

Wiki:

Topics

  • Mozilla Persona [http][persona.org] (D. Washington)
  • oAuth2 [oauth.net/2 ] (R. Döring)
  • W3C Web Cryptography API [http] (S. Günther)
  • On Breaking SAML: Be Whoever You Want to Be [https] (D. Foerster)
  • OpenID 2.0 [http] and OpenID Connect [http] (C. Döpmann)
  • U-Prove (Technology Overview) [https] (C. Mundhenk, K. Heidelberger)
  • IDEMIX, Identity Mixer [http]
  • DE-Mail [https]
  • SmartCards (basics, ATR, EF, DF, APDU) [Buch am Lehrstuhl: "Handbuch der Chipkarten", Wolfgang Effing, Wolfgang Rankl, ISBN-13: 978-3446404021] (F. Häber, C. Zyweck)
  • ePASS [ICAO] (L. Linkermann, T. Garus)
  • nPA-PACE,EAC [TR-03110]
  • nPA-Infrastruktur [TR-03130] (J.-F. Laß, R. Witte)
  • Survey electronic IDs [Buch am Lehrstuhl: "Elektronische Ausweisdokumente", Klaus Schmeh, ISBN-13: 978-3446419186] (M. Lemm, M. Schaeffer)
  • Elektronischer Aufenthaltstitel [pdf][TR]
  • NFC in public Transport (In particular DB's touch & travel) [pdf] (C. Steinfeldt, S. Brack)
  • ... (further topics are possible, also own interesting suggestions are welcome)

Syllabus:

 

DatePresentersTopicSlides
18.10.12Dr. Wolf Müllerbootstrap / assignment of topics-
25.10.12- optional -preparation / research / (re-)assignment of topics-
01.11.12 elevator speech 
08.11.12R. DöringoAuth2 [pdf]
15.11.12C. Döpmann
D. Washington
OpenID 2.0
Mozilla
Persona
[pdf]
[html]
22.11.12M. Schaeffer
M. Lemm
Survey electronic IDs[pdf]
[pdf]
29.11.12C. Steinfeldt
S. Brack
NFC[pdf]
06.12.12C. Mundhenk,
K. Heidelberger
U-Prove[pdf]
13.12.12L. Linkermann
T. Garus
ePass[pdf]
20.12.12J.-F. Laß
R. Witte
nPA-Infrastruktur 
10.01.13F. Häber
C. Zyweck
SmartCards[pdf][pptx]
17.01.13 Omnicard 2013 
24.01.13D. FoersterOn Breaking SAML[pdf][odp]
31.01.13   
06.02.13 23. SmartCard Workshop 
13.02.13 reserved 


Recent / Incoming:

Further Readings (Research@SAR & Books):cover

 Links
Cambridge
Ross Anderson's home page
Bruce Schneier
home page
Safe Personal Computing
(DE)
NIST
Computer Security Resource Center
NIST
Federal Information Processing Standards Publications (FIPS)
CERT
cert.org
BSI
Bundesamt für Sicherheit in der Informationstechnik
Biometrics
The Biometric Consortium
Overview (german)
OS specific
Windows-Security
Linux-Security
e-Learning
CrypTool (de)