Security and Privacy - A Beginner's Guide
Proseminar, Winter 2013/14
|Instructor||Prof. Dr. Matteo Maffei|
|Teaching Assistants||Fabienne Eigner, Kim Pecina, Manuel Reinert|
|Organizational Meeting||Monday, October 21, 2013 at 4:00 pm|
|Registration||Registration deadline: over|
|Place||E1.7 (MMCI), room 3.23|
|Form/Credits||Proseminar, 5 ECTS (for Bachelor students)|
|1. Presentation Session||Monday, January 20, 2014, 4-7 pm|
|2. Presentation Session||Monday, January 27, 2014, 4-7 pm|
|3. Presentation Session||Monday, February 3, 2014, 4-7 pm|
|4. Presentation Session||Monday, February 10, 2014, 4-7 pm|
|Contact||<fabienne's surname> at cs dot uni-saarland dot de, <kim's surname> at cs dot uni-saarland dot de, <manuel's surname> at cs dot uni-saarland dot de|
- 2014-01-06: the deadline for the written summary submission is on March 7th, 2014. See here for more details about the summary and some LaTeX templates.
- 2013-10-25: we have added topic assignments as well as dates for the fourth practice/final talk session
- 2013-09-12: we have uploaded a short guide on how to present a paper
- 2013-09-11: the website is online
The latest news about spying on private data and personal information by the US government has received increasing attention among governments, mass media, and the scientific community. This stresses the importance of developing and deploying secure and privacy-preserving systems in our digital lives.
- How do we securely transfer messages from one party to another?
- How can we browse the Internet anonymously?
- Which attacks on prominent protocols do exist?
- And how can we prove a given protocol or system secure?
In this proseminar, we will conduct research to provide answers to these and other basic questions concerning security and privacy.
Topic I. Cryptographic Primitives and other Basics
(I.1) An historical overview of cryptography can be found in Nigel P. Smarts book "Cryptography: An Introduction" (McGraw-Hill, 2002):
- (I.1.a) Ancient ciphers in § 3 and the Enigma machine in § 4
- (I.1.b) One-Time-Pad (OTP) and perfect secrecy in § 5.
(I.2) The famous Rivest-Shamir-Adleman (RSA) cryptosystem
- A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Ronald Rivest, Adi Shamir, and Leonard Adleman, in Communications of the ACM, 1978.
(I.3) Secret Sharing
- How to Share a Secret. Adi Shamir, in Communications of the ACM, 1979
- Generalized Secret Sharing and Monotone Functions. Josh Cohen Benaloh and Jerry Leichter, in CRYTPO, 1988
(I.4) Collision resistance of the Merkle-Damgård construction
- A Design Principle for Hash Functions. Ivan B. Damgård, in CRYPTO, 1989
- A Certified Digital Signature. Ralph C. Merkle, in CRYPTO, 1989
Topic II. Attacks and Vulnerabilities
(II.1) The Needham-Schroeder protocol
- Using Encryption for Authentication in Large Networks of Computers. Roger M. Needham and Michael D. Schroeder, in Communications of the ACM, 1978
- An Attack on the Needham-Schroeder Public-Key Authentication Protocol. Gavin Lowe, in Journal Information Processing Letters, 1995
(II.2) Security APIs
Introduction to Security API Analysis. Riccardo Focardi,
Flaminia L. Luccio, and Graham Steel, in
- (II.2.a) Attacks on crypto-tokens
- (II.2.b) How to break your PIN playing Mastermind?
(II.3) How to break into cars
- Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars. Aurélien Francillon, Boris Danev, and Srdjan Capkun, in NDSS, 2011
(II.4) Zero-day attacks
- Before We Knew It: An Empirical Study of Zero-Day Attacks In The Real World. Leyla Bilge and Tudor Dumitras, in CCS, 2012
(II.5) Attacks on RSA
- Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman, in USENIX, 2012
(II.6) Cross-Site-Scripting (XSS) and Cross-Site-Request-Forgery (CSRF)
- Cross Site Scripting - Latest Developments and Solutions: A Survey.Jayamsakthi Shanmugam and M. Ponnavaikko, in Journal of Open Problems in Computer Science and Mathematics, 2008
- CSRF Vulnerabilities and Defensive Techniques. Rupali D. Kombade and B. B. Meshram, in Journal of Computer Network and Information Security, 2012
Topic III. Privacy-preserving Technologies and Anonymity
(III.1) Onion routing
- Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, and Paul Syverson, in USENIX, 2004
- Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. David L. Chaum, in Communications of the ACM, 1981
- Untraceable Electronic Cash. David L. Chaum, Amos Fiat, and Moni Naor, in CRYPTO, 1988
(III.3) Electronic voting
- A Practical Secret Voting Scheme for Large Scale Elections. Atsushi Fujioka, Tatsuaki Okamoto, and Kazuo Ohta, in AUSCRYPT, 1992
(III.4) De-anonymization of large datasets
- Robust De-anonymization of Large Sparse Datasets. Arvind Narayanan and Vitaly Shmatikov, in S&P, 2008
(III.5) Differential privacy
- Differential Privacy. Cynthia Dwork, in ICALP, 2006
- Differential Privacy: A Survey of Results. Cynthia Dwork, in TAMC, 2008
Topic IV. Language-Based Security
(IV.1) ProVerif and the Needham-Schroeder protocol
- ProVerif User Manual. Bruno Blanchet, Ben Smyth, and Vincent Cheval, 2013
(IV.2) Language-based information flow control
- Language-Based Information-Flow Security. Andrei Sabelfeld and Andrew C. Myers, in Journal on Selected Areas in Communication, 2006
(IV.3) The applied pi-calculus
- Applied pi calculus. Mark D. Ryan and Ben Smyth, in Formal Models and Techniques for Analyzing Security Protocols, 2011
Each participant gives a presentation in English (30
minutes and 15 minutes discussion) and provides a written
summary in English (3-4 pages). The summary must be written
in LaTeX (you can use our template with example bibliography
file). The summary should include a short overview of
the paper as well as your own thoughts on strengths and
weaknesses thereof. Moreover, you should discuss the
applications and influences that the paper had (or could
have) on other works.
Participation in the organizational meeting and all the presentation sessions is mandatory.
Each student will be supervised by the TA responsible for the assigned research paper. There will be a discussion session where each student meets with their advisor and discusses the paper. Before giving the final presentation, each student will have to prepare the structure of their talk and discuss it with their advisor; here, the "structure" means the presentation with empty slides and titles only. Additionally, no later than one week before the final talk, each student will have to give a practice talk in a session with another student and their advisor.
|Paper discussion with your advisor||before 29.11.2013|
|Story discussion (empty slides with titles only)||before 18.12.2013|
|Practice talk session 1||before 10.01.2014|
|Practice talk session 2||before 17.01.2014|
|Practice talk session 3||before 24.01.2014|
|Practice talk session 4||before 31.01.2014|
|Final talk session 1||20.01.2014|
|Final talk session 2||27.01.2014|
|Final talk session 3||03.02.2014|
|Final talk session 4||10.02.2014|
To pass the proseminar you are required to meet all
milestone deadlines (see the table above).
Your final grade is based on both the quality of your final talk (80%) and the quality of your written summary (20%). Both grades must be 4.0 or higher.
We decided to hold this proseminar in English for several reasons.
- The research papers and book chapters that you will read are written in English.
- Many notions that occur in the security and privacy literature do not have a German translation, for instance, there is no distinguished word in German that captures the intended meaning of "privacy-preserving systems" or "differential privacy". So for a German talk you would necessarily have to invent new translations (unknown to everyone but you) or mostly speak in "Denglisch".
- The proseminar provides you with a safe space to practice your English. Speaking and writing in English will be required of you in most of your follow-up courses and seminars (if not all) and in your future career.
- English is fun!
Don't worry, the TAs speak both German and English and will help you in case of problems. Moreover, your grade will not be influenced by your language skills!
You should enjoy math and theoretical computer science!
We expect you to have passed at least the basic lectures "Programmierung 1" and "Mathematik für Informatiker 1 & 2" (or equivalent).
The proseminar is meant to be an introduction to cryptography, security, and privacy-oriented research and thus intended for Bachelor students who have not taken the core lectures Security or Cryptography.
How to register
The registration deadline is Friday, October 18, 2013 at 1:00
For registering, please send an e-mail as early as possible to <manuel's surname> at cs dot uni-saarland dot de, indicating your name and matriculation number.
Please note that the number of participants is limited to 12!
As usual, you have to register in the LSF/HISPOS system.