Winter
2015/16

Electronic Identity
[3313095] SE  (2 SWS, Dipl. 3 SP / Ba. 3 SP),
Mi 15:00-16:30 RUD 26, 1.305
Instructor: Dr. Wolf Müller
 


Computer Science Department
Systems Architecture Group

 

 
Abstract: The Internet was built without a way to know who and what you are connecting to. This limits what we can do with it and exposes us to growing dangers. If we do nothing, we will face rapidly proliferating episodes of theft and deception that
will cumulatively erode public trust in the Internet. [Kim Cameron, identityblog]
©xkcd
Synopsis:
  • Seminar, Praktische Informatik
  • 2h each week, 2 SWS
  • Students will present a selection of papers that will help you understand which threats exist, judge their significance and learn methods to defend your system against hackers. In addition you will explore the mathematical underpinnings of today's most common security tools and protocols.

Credits:

  In order to obtain credits for this seminar, participants are expected to:

  • Is possible for Bachelor, Diplom (degree of difficulty)
  • This seminar can be combined with "VL IT-Sicherheit Grundlagen" "Modul mit Seminar (BSEM)" zur Studienordnung Bachelor Informatik (Mono-Bachelor) [link]
  • Dipl. 3 LP / Ba. 3 LP
  • Attend regularly (at least 90%).
  • Read each paper before the seminar, to be adequately prepared for discussion.
  • Research an assigned subject; present major findings (45 min presentation; 30 min discussion).
  • Presentations will be evaluated by two members of the audience at the end of each class (Bewertungskriterien-Seminarvortrag.pdf).
  • Presenters summarize their in a term paper (German or English).
  • Presentations may be given in German or English. All documents are in English (exceptions may be granted).

Prerequisites:

  • This seminar is suitable for students of all technical science disciplines who have previously completed courses PI 1,2 or equivalent.

Topics :

  • ---Private or Anonymous Communication: Tools, Building blocks & Limits---
  • Password Hashing [html][pdf] (Martin Bauer)
  • Survay "Was ist noch sicher" [html][BSI pdf, TLS pdf]
  • ECC elliptic curve cryptograpy [pdf][pdf][pdf] (Son)
  • HASH-basierte Signaturen [https] (Janina)
  • TOR the onion router [pdf][Attack: pdf][Datagram: pdf] (Lars Hafemann)
  • JAP "Revocable Anonymity" [http][pdf] (Daniel Hirschböck )
  • openPGP [RFC][Handbook GNUpg pdf] (Georg Gentzen)
  • TrueCrypt [http][Probleme][fork] (Friedemann)
  • Sicherheitsanalyse der UEFI-Integration und „Secure Boot“- Implementierung von Windows 8 [pdf] (Tobias Flaig)
  • ---Authentication: Techniques and Tokens---
  • Password Manager (Robert Gützkow)
    - "Password Managers: Attacks and Defenses" [pdf, page 449]
    - "The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers" [pdf, page 465]
  • Mozilla Persona [http][persona.org]
  • Mozilla Sync 1.5 API (Theory and Praxis) [https][https] (Felix Scholze)
  • oAuth2 [oauth.net/2 ] (Philipp Geimer)
  • W3C Web Cryptography API [http]
  • On Breaking SAML: Be Whoever You Want to Be [https] (Tobias Löffler)
  • OpenID 2.0 [http] and OpenID Connect [http] (Felix Fischer)
  • U-Prove (Technology Overview) [https]
  • IDEMIX, Identity Mixer [http] (Sebastian)
  • FIDO / U2F [Slides][https][pdf] (Ben Schumacher)
  • OMEMO [http] (Björn Stelter)
  • ---German electronic IDs---
  • DE-Mail [https]
    • (Nicole Vieregg)
  • ePASS [ICAO]
  • nPA: PACE, EAC [TR-03110]
    • (Lorenz Claus)
  • Elektronische Identitäten und Vertrauensdienste im E-Government [TR-03107-1][TR-03107-2] (Florian Waidick)
  • Domain-Specific Pseudonymous Signatures for nPA [pdf]
  • ... (further topics are possible, also own interesting suggestions are welcome)
  • Browserfingerprinting (Yigit)

Syllabus: (Draft)
 

Date Presenters Topic Slides
14.10.15 Dr. Wolf Müller bootstrap / assignment of topics  
21.10.15 partial Consultation (fine tuning of topics)  
28.10.15 all Elevator Speach  
04.11.15 partial preparation / consultation  
11.11.15 Martin Bauer
Janina		 Password Hashing
HASH-basierte Signaturen		 [pdf]
18.11.15 Son
Georg Gentzen		 ECC elliptic curve cryptograpy
openPGP
[pdf]
25.11.15 Friedemann
Tobias Flaig		 TrueCrypt
UEFI-Integration und „Secure Boot“
[pdf]
02.12.15 Felix Fischer OpenID 2.0
 		  
09.12.15 Philipp Geimer
 		 oAuth2
 		 [pdf]
16.12.15 Felix Scholze
Robert Gützkow		 Mozilla Sync 1.5 API
Password Manager		 [pdf]
[pdf]
06.01.16 Sebastian IDEMIX  
13.01.16 Tobias Löffler
Ben Schumacher		 On Breaking SAML
FIDO / U2F
[pdf]
20.01.16 -------- Omnisecure (kein Seminar) ---
27.01.16 Yigit
Lars Hafemann		 Browserfingerprinting
TOR the onion router		  
03.02.16 Daniel Hirschböck JAP "Revocable Anonymity"  
10.02.16 Nicole Vieregg
Lorenz Claus		 DE-Mail
nPA: PACE, EAC		  


Recent / Incoming:

Further Readings (Research@SAR & Books):cover
 Links
Cambridge
 Ross Anderson's home page
Bruce Schneier
home page
Safe Personal Computing (DE)
NIST
 Computer Security Resource Center
NIST
 Federal Information Processing Standards Publications (FIPS)
CERT
 cert.org
BSI
Bundesamt für Sicherheit in der Informationstechnik
Biometrics
The Biometric Consortium
Overview (german)
OS specific
Windows-Security
Linux-Security
e-Learning
 CrypTool (de)
Legal disclaimer. .  © 2025 Humboldt-Universität zu Berlin, Computer Science Department, Systems Architecture Group.Contact: sar@informatik.hu-berlin.de .