Description

Summer
2008

Security in Mobile Networks
[32 238] (Seminar, PI, 2SWS)

Wednesday, 09:30-11:00, RUD 26, 1.307; Lecturer: Dr. Wolf Müller

Computer Science Department
Systems Architecture Group

IMPORTANT: This is a draft. The final document may differ significantly from the current version.

Abstract: As a user of the Internet, you are fortunate to be tied into the world's greatest communication and information exchange - but not without a price. As a result of this connection, your computer, your organization's network, and everywhere the network reaches are all vulnerable to potentially disastrous infiltration by hackers. [W. Cheswick. Firewalls and Internet Security]

Synopsis:

Seminar, Praktische Informatik, Hauptstudium.
2h each week, over one semester (2 SWS).
Students will present a selection of papers that will help you understand which threats exist, judge their significance and learn methods to defend your system against hackers. In addition you will explore the mathematical underpinnings of today's most common security tools and protocols. But most of all you will learn that there is no absolute security - i.e. your will have to learn ways to detect security breaches and recover from them.

Credits:

In order to obtain credits for this seminar, participants are expected to:

Attend regularly (at least 90%).
Read each paper before the seminar, to be adequately prepared for discussion.
Research an assigned subject; present major findings (45 min presentation; 30 min discussion).
Presentations will be evaluated by two members of the audience at the end of each class (Bewertungskriterien-Seminarvortrag.pdf).
Presenters summarize their presentation and relevant discussion on the Seminar's WIKI page within 2 weeks.
Presentations may be given in English or German. All documents are in English (exceptions may be granted).

Prerequisites:

This seminar is suitable for students of all technical science disciplines who have previously completed courses PI 1,2,3 or equivalent.

Wiki:

In addition to the seminar home page (this page), there is a WIKI for dynamically added content, e.g. contributions by students: http://sarwiki.informatik.hu-berlin.de/S2008-SE .

Syllabus:

	Securing Data on Mobile Devices
	Bitlocker (Concepts, TPM, Comparison with EFS) Niels Fergusson (August 2006). "AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista".Microsoft Security Analysis. Data Encryption Toolkit for Mobile PCs. Microsoft. TrueCrypt (Concepts, Security Precautions, Comparison with LoopAES, http://www.truecrypt.org/docs/ Attacks, Cold Boot J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten (February 21, 2008). "Lest We Remember: Cold Boot Attacks on Encryption Keys". Princeton University.
	Cryptography
	ECC Signatures (non anonymous) [pdf] PKCS #1 v2.1: RSA Cryptography Standard (2002) ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf [pdf] Digital Signature Standard (DSS) http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf Blinding Signatures [pdf] Blind signatures for untraceable payments D. Chaum http://dsns.csie.nctu.edu.tw/research/crypto/HTML/PDF/C82/199.PDF [pdf] Untraceable Blind Signature Schemes Based on Discrete Logarithm Problem (2003) Cheng-Chi Lee, Wei-Pang Yang http://portal.acm.org/ft_gateway.cfm?id=1220919&type=pdf&coll=GUIDE&dl=&CFID=15151515&CFTOKEN=6184618 Receiver Anonymity [pdf] Receiver Anonymity via Incomparable Public Keys Brent R. Waters, Edward W. Felten, Amit Sahai, http://citeseer.ist.psu.edu/waters03receiver.html Paillier cryptosystem Pascal Paillier, Public-Key Cryptosystems Based on Composite Degree Residuosity Classes, EUROCRYPT 1999, pp223-238
	Anonymity / Privacy / Identity Management
	Anonymous Key Agreement I [pdf] Pairing-Based Onion Routing with Improved Forward Secrecy (2008), Aniket Kate Greg M. Zaverucha and Ian Goldberg Anonymous Key Agreement II [pdf] Pairing-Based Onion Routing with Improved Forward Secrecy (2008), Aniket Kate Greg M. Zaverucha and Ian Goldberg U-Prove (Concept, Integration into Windows CardSpace) [pdf] White paper: U-Prove SDK [pdf] White paper: Government Online Identity Tokens [pdf] Secure AAA by Means of Identity Tokens in Next Generation Mobile Environments (2007), David J. Lutz

Presentation assignments:

Usually 60 minutes talk + 30 minutes discussion except if 2 talks are scheduled then 2 x (40 minutes talk + 5 min discussion)

Please use the PowerPoint [pot] or the OpenOffice [otp] template for your presentation!

Date Presenters Topic Slides
16.04.07 Dr. Wolf Müller bootstrap / assignment of topics
23.04.07 preparation of elevator speech
30.04.07 All of you elevator speeches
07.05.07
14.05.07
21.05.07 Johannes Marotzke Bitlocker [pdf] [odp]
28.05.07 Martin Boesler TrueCrypt [pdf] [odp]
04.06.07
11.06.07 Dominik Oepen Anonymous Key Agreement [pdf] [odp]
18.06.07
25.06.07 All of you Lessons & Concepts learned
02.07.07
09.07.07
16.07.07

Further Readings (Books):

Claudia Eckert. IT-Sicherheit
Ross Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems.
Bruce Schneier. Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition.
Security and Cooperation in Wireless Networks, Thwarting Malicious and Selfish Behavior in the Age of Ubiquitous Computing, by Levente Buttyan (BME) and Jean-Pierre Hubaux (EPFL) (SeCoWiNetV1.5.pdf) [local]


Legal disclaimer. . © 2024 Humboldt-Universität zu Berlin, Computer Science Department, Systems Architecture Group.	Contact: sar@informatik.hu-berlin.de .

Security in Mobile Networks[32 238] (Seminar, PI, 2SWS)

Security in Mobile Networks
[32 238] (Seminar, PI, 2SWS)