Synopsis:- Seminar, Praktische Informatik
- 2h each week, 2 SWS
- Students will present a selection of papers that will help you understand which threats exist, judge their significance and learn methods to defend your system against hackers. In addition you will explore the mathematical underpinnings of today's most common security tools and protocols.
Credits: In order to obtain credits for this seminar, participants are expected to: - Is possible for Bachelor.
- This seminar can be combined with "VL IT-Sicherheit Grundlagen" "Modul mit Seminar (BSEM)" zur Studienordnung Bachelor Informatik (Mono-Bachelor) [link]
- Attend regularly (at least 90%).
- Read each paper before the seminar, to be adequately prepared for discussion.
- Research an assigned subject; present major findings (30 min presentation; 15 min discussion).
- Presentations will be evaluated by two members of the audience at the end of each class (Bewertungskriterien-Seminarvortrag.pdf).
- Presenters summarize their in a term paper (German or English).
- Presentations may be given in German or English. All documents are in English (exceptions may be granted).
Prerequisites: - This seminar is suitable for students of all technical science disciplines who have previously completed courses "GdP" and "algorithms and data structures" or equivalent.
Topics : - ---Private or Anonymous Communication: Tools, Building blocks & Limits---
- Password Hashing [html][pdf] (Duy)
- HASH-basierte Signaturen [https]
- TOR the onion router [pdf][Attack: pdf][Datagram: pdf] (Noel)
- openPGP [RFC][Handbook GNUpg pdf] (Eddie)
- OTR Off-the-Record Messaging Protocol (version 3) [https] (Robert)
- OMEMO (Multi-End Message and Object Encryption) [https][https][https] (Dennis)
- TLS 1.3 [blog][RFC][Zero Roud Trip] (Tom)
- Post Quantum Key Exchange [pdf] (Arne)
- VeraCrypt [https][Probleme]
---Authentication: Techniques and Tokens--- - Password Manager (Tim)
- "Password Managers: Attacks and Defenses" [pdf, page 449] - "The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers" [pdf, page 465] - Mozilla Sync 1.5 API (Theory and Praxis) [https][https] (Jonas)
- oAuth2 [oauth.net/2 ] (Alpay)
- W3C Web Cryptography API [http] (Patrick)
- On Breaking SAML: Be Whoever You Want to Be [https]
- OpenID 2.0 [http] and OpenID Connect [http]
- WebAuthn / FIDO / U2F / [W3C][Slides][https][pdf]
---German electronic IDs--- - DE-Mail [https]
[TR-01201] (Matthias)- ePASS [ICAO] (Volha)
- nPA: PACE, EAC [TR-03110]
(Ritu)- Elektronische Identitäten und Vertrauensdienste im E-Government [TR-03107-1][TR-03107-2](Kacper)
- One-TIME-Passwords [RFC6238][RFC4226][https] (Hashem)
---Payment--- - Bitcoin [whitepaper] (Evelyn)
- Vergleich: Sofortüberweisung, Giropay, Paydirekt [https][https][https] (Anna)
- PSD2 Fintech versus klassische Bank [http]
---Network--- - WLAN WPA-2 KRACK [https][pdf] (Wilhelm)
- SSL/TLS Revocation Mechanismen (CRL, OCSP, OCSP-stapling) in Theorie & Praxis [https]
- Browser Fingerprinting [Golem][Diplomarbeit] (Philipp S.)
- ... (further topics are possible, also own interesting suggestions are welcome)
Syllabus: Date | Presenters | Topic | Slides | 17.10.17 | Dr. Wolf Müller | bootstrap / assignment of topics | | 24.10.17 | partial | consultation (fine tuning of topics) | | 31.10.17 | - | Reformationstag (auch in Berlin) | | 07.11.17 | all | Elevator Speach | | 14.11.17 | Ritu Matthias | nPA DE-Mail | - | 21.11.17 | Volha Duy | ePass Password-Hashing | [pdf] | 28.11.17 | Eddie Tom Patrick | PGP TLS 1.3 W3C Web Cryptography API | [pdf] | 05.12.17 | Tim Arne | Password Manager Post Quantum Key Exchange | | 12.12.17 | Robert Dennis | OTR OMEMO | | 19.12.17 15:00- 17:00 | Noel Jonas Ritu | TOR Mozilla Sync 1.5 nPA | | 09.01.18 | Hashem Alpay | OTP oAuth2 | | 16.01.18 | Kacper Evelyn | Vertrauensdienste Bitcoin | | 23.01.18 | | OMNISECURE | | 30.01.18 | Anna Patrick | Sofortüberweisung, Giropay, Paydirect W3C Web Cryptography API | | 06.02.18 | Philipp S. Wilhelm | Browser Fingerprinting KRACK | [pdf] | 13.02.18 | optional | Literaturverwaltung für Interessierte ... | [pdf] |
Recent / Incoming:
Further Readings (Research@SAR & Books): | |