Synopsis:
- Seminar, Praktische Informatik
- 2h each week, 2 SWS
- Students will present a selection of papers that
will help you understand which threats exist, judge their
significance and learn methods to defend your system against
hackers. In addition you will explore the mathematical underpinnings
of today's most common security tools and protocols.
Credits:
In order to obtain credits for this seminar,
participants are expected to:
- Is possible for Bachelor.
- This seminar can be combined
with "VL
IT-Sicherheit Grundlagen" "Modul mit Seminar (BSEM)" zur Studienordnung
Bachelor Informatik (Mono-Bachelor) [link]
- Attend regularly (at least 80%).
- Read each paper before the seminar, to be
adequately prepared for discussion.
- Research an assigned subject; present major findings (30
min presentation; 15 min discussion).
- Presentations will be evaluated by two members of the
audience at the end of each class (Bewertungskriterien-Seminarvortrag.pdf).
- Presenters summarize their in a term paper (German
or English).
The paper should have 6 .. 10 pages (without counting the references), and
should contain, abstract, motivation, related work, presentation of topic,
conclusion and references.
- Presentations may be given in German or English.
Prerequisites:
- This seminar is suitable for students of all
technical science disciplines who have previously completed courses
"GdP" and "algorithms and data structures" or equivalent.
COVID-19:
- We start the
semester in presence (If the conditions change, a fallback to online
teaching is of course possible):
Please bring warm clothes as we will be airing out regularly.
I wish us good and healthy success.
Topics (16/20
assigned): - ---Post
Quantum Cryptography---
- Motivation und Survey (Grover, Shor, Timeline,
Recommendations, Challenge) [pdf][NIST]
(Emily)
- Quantum Cryptography [pdf:Kapitel
4][pdf](Lea)
- HASH-based Signatures [https][pdf] (Luca)
- SPHINCS+ [html][pdf][git]
(Robert)
- FALCON [html][pdf][code]
- CRYSTALS-KYBER [html][pdf][git]
- Attack on SIKE [sarwiki]
(Clemens)
---Private or Anonymous Communication: Tools, Building blocks & Limits--- - Password Hashing [html][git][pdf]
(Kamal)
- One-TIME-Passwords [RFC6238][RFC4226][https]
- TOR the onion router [pdf][Attack:
pdf][Datagram:
pdf]
(Johannes)
- openPGP [RFC][Handbook GNUpg
pdf]
- OTR Off-the-Record Messaging Protocol (version 3) [https]
- Signal [https][https][git]
(Tobias)
- Kryptografie mit elliptischen Kurven, ECDSA [pdf]
- Dragonfly Key Exchange [RFC]
- VeraCrypt [https][Probleme]
(Benedict)
---Authentication: Techniques and Tokens---
- Mozilla Sync 1.5 API (Theory and Praxis) [https][https]
- WebAuthn / FIDO2 / U2F / [W3C][Video][https][WireShark-dissector][Demo]
- Direct Anonymous Attestation (DAA) [pdf]
-
One TPM to Bind Them All: Fixing TPM 2.0 for Provably Secure Anonymous Attestation [pdf]
(mathematisch anspruchsvoll)
---German electronic IDs--- -
ePASS [ICAO]
(Jan)
- nPA: PACE, EAC [TR-03110]
- Digital Seal / JAB-Code [TR-03137][TR-03137-2]
---Payment---
- Bitcoin [whitepaper]
(Angelina)
- Ethereum [whitepaper][guide]
---Network---
- WLAN WPA-2 KRACK [https][pdf]
(Pascal)
- Bluetooth Pairing / KNOB-Attack [Specification / 4.2 Security, 4.2.2 Pairing] [https]
(Israa)
- TLS 1.3 [blog][RFC]
(Lukas)
- TLS Revocation Mechanismen (CRL, OCSP, OCSP-stapling) in Theorie & Praxis [https]
- OpenVPN [pdf][https][https][https]
(Leon)
- WireGuard VPN [pdf]
- E2E Encryption for Zoom Meetings [pdf]
- --- (further topics are possible, also own interesting suggestions are welcome)
---
- Advanced
Social Engineering Attacks [pdf]
(Alaa)
- Decentralized Identifiers [https]
- Verifying COVID-19-QR-Codes (QR
-->base45-->uncompress-->cose-->CBOR)
[https][git]
Syllabus:
Date |
Presenters |
Topic |
Slides |
18.10.22 |
|
bootstrap / assignment of topics |
|
25.10.22 |
(optional) |
consultation (fine tuning of topics) |
|
01.11.22 |
all |
elevator speeches |
|
08.11.22 |
|
|
|
15.11.22 |
Kamal
Emily |
Password Hashing
PQC: Motivation und Survey |
[pdf] |
22.11.22 |
Clemens
Lea |
Attack on SIKE
Quantum Cryptography |
[pdf]
[pdf] |
29.11.22
fällt aus |
Luca
Robert |
HASH-based Signatures
SPHINCS+ |
|
06.12.22 |
Johannes
Tobias |
TOR
Signal |
[pdf] |
13.12.22 |
Benedict
Jan |
VeraCrypt
ePass |
[pdf] |
03.01.23 |
Luca
Robert |
HASH-based Signatures
SPHINCS+ |
[pdf] |
10.01.23 |
Lukas
Leon |
TLS 1.3
OpenVPN |
|
17.01.23
fällt aus |
Israa |
Bluetooth Pairing / KNOB-Attack |
|
24.01.23 |
Alaa
Angelina |
Advanced Social
Engineering Attacks
Bitcoin |
[pdf] |
31.01.23
[online] |
Anar |
OpenVPN |
[pdf] |
07.02.23 |
Kamal |
Password Hashing |
|
14.02.23 |
Wolf Müller |
Konsultation bei Bedarf |
[pdf] |
Recent / Incoming:
Further Readings (Research@SAR & Books):
|
|