Synopsis:
- Seminar, Praktische Informatik
- 2h each week, 2 SWS
- Students will present a selection of papers that
will help you understand which threats exist, judge their
significance and learn methods to defend your system against
hackers. In addition you will explore the mathematical underpinnings
of today's most common security tools and protocols.
Credits:
In order to obtain credits for this seminar,
participants are expected to:
- Is possible for Bachelor, Diplom (degree
of difficulty)
- This seminar can be combined
with "VL
IT-Sicherheit Grundlagen" "Modul mit Seminar (BSEM)" zur Studienordnung
Bachelor Informatik (Mono-Bachelor) [link]
- Dipl. 3 SP / Ba. 3 SP
- Attend regularly (at least 90%).
- Read each paper before the seminar, to be
adequately prepared for discussion.
- Research an assigned subject; present major findings (45
min presentation; 30 min discussion).
- Presentations will be evaluated by two members of the
audience at the end of each class (Bewertungskriterien-Seminarvortrag.pdf).
- Presenters summarize their in a term paper (German
or English).
- Presentations may be given in German or English. All
documents are in English (exceptions may be granted).
Prerequisites:
- This seminar is suitable for students of all
technical science disciplines who have previously completed courses
PI 1,2 or equivalent.
Topics :
- ---Private or Anonymous Communication: Tools,
Building blocks &
Limits---
- Survay "Was ist noch sicher" [html][BSI
pdf, TLS
pdf]
- ECC elliptic curve cryptograpy [pdf][pdf][pdf]
- HASH-basierte Signaturen [https](Oleg)
- TOR the onion router [pdf][Attack:
pdf][Datagram:
pdf]
(Max K.)
- JAP "Revocable Anonymity" [http][pdf]
- openPGP [RFC][Handbook
GNUpg pdf]
- TrueCrypt [http]
(Hendryk)
- *-crypt (Fadi)
- Sicherheitsanalyse der UEFI-Integration und
„Secure Boot“- Implementierung von Windows 8 [pdf]
(Daniel)
- ---Authentication: Techniques and Tokens---
- Password Manager
- "Password Managers: Attacks and Defenses" [pdf,
page 449]
- "The Emperor’s New Password Manager: Security Analysis of
Web-based Password Managers" [pdf,
page 465] (Jerome)
- Alternatives for passwords (Jakob)
- Mozilla Persona [http][persona.org]
- Mozilla Sync 1.5 API (Theory and Praxis) [https][https]
- oAuth2 [oauth.net/2
]
- W3C Web Cryptography API [http]
- On Breaking SAML: Be Whoever You Want to Be [https]
(Max D.)
- OpenID 2.0 [http]
and OpenID Connect [http]
(Fabio)
- U-Prove (Technology Overview) [https]
- IDEMIX, Identity Mixer [http]
(Jonathan S.)
- U2F / FIDO [Slides][https][pdf]
(Robin)
- ---German electronic IDs---
- DE-Mail [https]
(Dennis)- ePASS [ICAO]
(Tobi)
- nPA: PACE, EAC [TR-03110]
(Katja)- Elektronische Identitäten und
Vertrauensdienste im E-Government [TR-03107-1][TR-03107-2]
(Johanna)
-
Domain-Specific Pseudonymous
Signatures for nPA [pdf]
-
Browserfingerprinting (Jonathan B.)
-
DNSSEC, DANE (Dimitar)
-
... (further topics are possible, also own
interesting suggestions are welcome)
Syllabus:
(Draft)
|
Date |
Presenters |
Topic |
Slides |
|
20.10.14 |
Dr. Wolf Müller |
bootstrap / assignment of topics |
|
|
27.10.14 |
partial |
Consultation (fine tuning of topics) |
|
|
03.11.14 |
all |
Elevator Speach |
|
|
10.11.14 |
partial |
preparation / consultation |
|
|
17.11.14 |
Dimitar |
DNSSEC, DANE |
[pdf] |
|
24.11.14 |
Max K.
Jonathan B. |
TOR the onion router
Browserfingerprinting |
[pdf]
[pdf] |
|
01.12.14 |
Hendryk |
Disk Encryption |
|
|
08.12.14 |
Daniel
Oleg |
UEFI-Integration und „Secure Boot“
HASH-basierte Signaturen |
[pdf] |
|
15.12.14 |
Jakob
Jerome |
Alternatives for passwords
Password Manager |
|
|
05.01.15 |
|
new year |
|
|
12.01.15 |
Max D.
Fabio |
On Breaking SAML
OpenID 2.0 |
|
|
19.01.15 |
Jonathan S.
Robin |
IDEMIX
U2F / FIDO |
|
|
26.01.15 |
Johanna
Dennis |
Elektronische Identitäten und
Vertrauensdienste
DE-Mail |
|
|
02.02.15 |
Tobi
Katja |
ePASS
nPA: PACE, EAC |
[pdf] |
|
09.02.15 |
Fadi |
OpenPGP |
|
Recent / Incoming:
Further Readings (Research@SAR & Books):
|
|
