Synopsis:
- Seminar, Praktische Informatik
- 2h each week, 2 SWS
- Students will present a selection of papers that
will help you understand which threats exist, judge their
significance and learn methods to defend your system against
hackers. In addition you will explore the mathematical underpinnings
of today's most common security tools and protocols.
Credits:
In order to obtain credits for this seminar,
participants are expected to:
- Is possible for Bachelor.
- This seminar can be combined
with "VL
IT-Sicherheit Grundlagen" "Modul mit Seminar (BSEM)" zur Studienordnung
Bachelor Informatik (Mono-Bachelor) [link]
- Attend regularly (at least 90%).
- Read each paper before the seminar, to be
adequately prepared for discussion.
- Research an assigned subject; present major findings (30
min presentation; 15 min discussion).
- Presentations will be evaluated by two members of the
audience at the end of each class (Bewertungskriterien-Seminarvortrag.pdf).
- Presenters summarize their in a term paper (German
or English).
- Presentations may be given in German or English. All
documents are in English (exceptions may be granted).
Prerequisites:
- This seminar is suitable for students of all
technical science disciplines who have previously completed courses
"GdP" and "algorithms and data structures" or equivalent.
Topics: - ---Private or Anonymous Communication: Tools, Building blocks & Limits---
- Password Hashing [html][pdf] Georg
- HASH-basierte Signaturen [https]
- TOR the onion router [pdf][Attack: pdf][Datagram: pdf] Alexander
- openPGP [RFC][Handbook GNUpg pdf]
- OTR Off-the-Record Messaging Protocol (version 3) [https] Karol
- OMEMO (Multi-End Message and Object Encryption) [https][https][https] Jan
- TLS 1.3 [blog][RFC] Lukas G.
- Kryptografie mit elliptischen Kurven, ECDSA [pdf] Laura
- Dragonfly Key Exchange [RFC] Lukas S.
- Post Quantum Key Exchange [pdf] Jacob
- gnu:net [https] Aaron
- VeraCrypt [https][Probleme]
---Authentication: Techniques and Tokens--- - Mozilla Sync 1.5 API (Theory and Praxis) [https][https] Mateusz
- WebAuthn / FIDO2 / U2F / [W3C][Video][https][WireShark-dissector] Christoph B.
- oAuth2 [oauth.net/2 ]
- Direct Anonymous Attestation (DAA) [pdf]
- One TPM to Bind Them All: Fixing TPM 2.0 for Provably Secure Anonymous Attestation [pdf] (mathematisch anspruchsvoll)
---German electronic IDs--- - DE-Mail [https]
[TR-01201] Tobias- ePASS [ICAO] Fabian
- nPA: PACE, EAC [TR-03110]
Pascal- One-TIME-Passwords [RFC6238][RFC4226][https]
---Payment--- - Bitcoin [whitepaper] Irina
- Vergleich: Sofortüberweisung, Giropay, Paydirekt [https][https][https]
- PSD2 Fintech versus klassische Bank [http] Yannick
---Network--- - WLAN WPA-2 KRACK [https][pdf] Felix
- Bluetooth Pairing / KNOB-Attack [Specification / 4.2 Security, 4.2.2 Pairing] [https] Philipp
- Bluetooth LE Privacy Concerns [pdf] [pdf] [pdf] Tom
- SSL/TLS Revocation Mechanismen (CRL, OCSP, OCSP-stapling) in Theorie & Praxis [https] Jakob
- ... (further topics are possible, also own interesting suggestions are welcome)
Syllabus:
| Date |
Presenters | Topic | Slides |
| 15.10.19 |
| bootstrap / assignment of topics | |
| 22.10.19 |
| consultation (fine tuning of topics) | [pdf] |
| 29.10.19 |
all | elevator speach | |
| 05.11.19 |
Lukas S.
Jakob | Dragonfly
TLS Revocation | [pdf] |
| 12.11.19 |
Yannick
Tobias | PSD2
DE-Mail | [pdf]
[pdf] |
| 19.11.19 |
Fabian
Pascal | ePass
nPA |
[pdf] |
| 26.11.19 |
Laura
Christoph B. | Kryptografie mit elliptischen Kurven
WebAuthn / FIDO2 |
[pdf]
[pdf] |
| 03.12.19 |
Lukas G.
Jacob | TLS 1.3
Post Quantum Key Exchange | |
| 10.12.19 |
Aaron |
gnu:net
| |
|
17.12.19 |
Karol |
OTR
|
[pdf] |
07.01.20
|
Georg
Mateusz |
Password Hashing
Mozilla Sync 1.5 API |
|
| 14.01.20 |
Philipp
Tom | Bluetooth KNOB-Attack
Bluetooth LE Privacy Concerns | |
| 21.01.20 |
| OMNISECURE | |
| 28.01.20 |
Felix
Alexander |
WPA-2 KRACK
TOR |
|
| 04.02.20 |
Mike
| Vergleich Klarna, Giropay, PayDirekt
|
[pdf] |
| 11.02.20 |
Georg
|
Password Hashing |
|
| |
Wolf Müller |
Literaturverwaltung (getting started) |
[pdf] |
Recent / Incoming:
Further Readings (Research@SAR & Books):
|
|
