Winter
2019/20

Electronic Identity
Anmeldung in AGNES !
[3313018] SE  (2 SWS)
Di 09:15-10:45 RUD 25, 3.113
Instructor: Dr. Wolf Müller
 


Computer Science Department
Systems Architecture Group

 

 
Abstract: The Internet was built without a way to know who and what you are connecting to. This limits what we can do with it and exposes us to growing dangers. If we do nothing, we will face rapidly proliferating episodes of theft and deception that
will cumulatively erode public trust in the Internet. [Kim Cameron, identityblog]


©xkcd
Synopsis:
  • Seminar, Praktische Informatik
  • 2h each week, 2 SWS
  • Students will present a selection of papers that will help you understand which threats exist, judge their significance and learn methods to defend your system against hackers. In addition you will explore the mathematical underpinnings of today's most common security tools and protocols.

Credits:

  In order to obtain credits for this seminar, participants are expected to:

  • Is possible for Bachelor.
  • This seminar can be combined with "VL IT-Sicherheit Grundlagen" "Modul mit Seminar (BSEM)" zur Studienordnung Bachelor Informatik (Mono-Bachelor) [link]
  • Attend regularly (at least 90%).
  • Read each paper before the seminar, to be adequately prepared for discussion.
  • Research an assigned subject; present major findings (30 min presentation; 15 min discussion).
  • Presentations will be evaluated by two members of the audience at the end of each class (Bewertungskriterien-Seminarvortrag.pdf).
  • Presenters summarize their in a term paper (German or English).
  • Presentations may be given in German or English. All documents are in English (exceptions may be granted).

Prerequisites:

  • This seminar is suitable for students of all technical science disciplines who have previously completed courses "GdP" and "algorithms and data structures" or equivalent.

Topics:

  • ---Private or Anonymous Communication: Tools, Building blocks & Limits---
  • Password Hashing [html][pdf] Georg
  • HASH-basierte Signaturen [https]
  • TOR the onion router [pdf][Attack: pdf][Datagram: pdf] Alexander
  • openPGP [RFC][Handbook GNUpg pdf]
  • OTR Off-the-Record Messaging Protocol (version 3) [https] Karol
  • OMEMO (Multi-End Message and Object Encryption) [https][https][https] Jan
  • TLS 1.3 [blog][RFC] Lukas G.
  • Kryptografie mit elliptischen Kurven, ECDSA [pdf] Laura
  • Dragonfly Key Exchange [RFC] Lukas S.
  • Post Quantum Key Exchange [pdf] Jacob
  • gnu:net [https] Aaron
  • VeraCrypt [https][Probleme]
    ---Authentication: Techniques and Tokens---
  • Mozilla Sync 1.5 API (Theory and Praxis) [https][https] Mateusz
  • WebAuthn / FIDO2 / U2F / [W3C][Video][https][WireShark-dissector] Christoph B.
  • oAuth2 [oauth.net/2 ]
  • Direct Anonymous Attestation (DAA) [pdf]
  • One TPM to Bind Them All: Fixing TPM 2.0 for Provably Secure Anonymous Attestation [pdf] (mathematisch anspruchsvoll)
    ---German electronic IDs---
  • DE-Mail [https]
    • [TR-01201] Tobias
  • ePASS [ICAO] Fabian
  • nPA: PACE, EAC [TR-03110]
    • Pascal
  • One-TIME-Passwords [RFC6238][RFC4226][https]
    ---Payment---
  • Bitcoin [whitepaper] Irina
  • Vergleich: Sofortüberweisung, Giropay, Paydirekt [https][https][https]
  • PSD2 Fintech versus klassische Bank [http] Yannick
    ---Network---
  • WLAN WPA-2 KRACK [https][pdf] Felix
  • Bluetooth Pairing / KNOB-Attack [Specification / 4.2 Security, 4.2.2 Pairing] [https] Philipp
  • Bluetooth LE Privacy Concerns [pdf] [pdf] [pdf] Tom
  • SSL/TLS Revocation Mechanismen (CRL, OCSP, OCSP-stapling) in Theorie & Praxis [https] Jakob
  • ... (further topics are possible, also own interesting suggestions are welcome)

Syllabus:
 

DatePresentersTopicSlides
15.10.19 bootstrap / assignment of topics 
22.10.19 consultation (fine tuning of topics)[pdf]
29.10.19allelevator speach 
05.11.19Lukas S.
Jakob		Dragonfly
TLS Revocation		[pdf]
12.11.19Yannick
Tobias		PSD2
DE-Mail		[pdf]
[pdf]
19.11.19Fabian
Pascal		ePass
nPA		[pdf]
26.11.19Laura
Christoph B.		Kryptografie mit elliptischen Kurven
WebAuthn / FIDO2		[pdf]
[pdf]
03.12.19Lukas G.
Jacob		TLS 1.3
Post Quantum Key Exchange		 
10.12.19Aarongnu:net
 		 
17.12.19KarolOTR
 		[pdf]
07.01.20
 		Georg
Mateusz		Password Hashing
Mozilla Sync 1.5 API		 
14.01.20Philipp
Tom		Bluetooth KNOB-Attack
Bluetooth LE Privacy Concerns		 
21.01.20 OMNISECURE 
28.01.20Felix
Alexander		WPA-2 KRACK
TOR		 
04.02.20Mike
 		Vergleich Klarna, Giropay, PayDirekt
 		[pdf]
11.02.20Georg
 		Password Hashing 
 Wolf MüllerLiteraturverwaltung (getting started)[pdf]


Recent / Incoming:

Further Readings (Research@SAR & Books):cover

 Links
Cambridge
Ross Anderson's home page
Bruce Schneier
home page
Safe Personal Computing
NIST
Computer Security Resource Center
NIST
Federal Information Standards (FIPS)
CERT
cert.org
4
Legal disclaimer. .  © 2024 Humboldt-Universität zu Berlin, Computer Science Department, Systems Architecture Group.Contact: sar@informatik.hu-berlin.de .