Security and Privacy - A Beginner's Guide

Proseminar, Winter 2013/14

Instructor Prof. Dr. Matteo Maffei
Teaching Assistants Fabienne Eigner, Kim Pecina, Manuel Reinert
Organizational Meeting Monday, October 21, 2013 at 4:00 pm
Registration Registration deadline: over
Place E1.7 (MMCI), room 3.23
Form/Credits Proseminar, 5 ECTS (for Bachelor students)
1. Presentation Session Monday, January 20, 2014, 4-7 pm
2. Presentation Session Monday, January 27, 2014, 4-7 pm
3. Presentation Session Monday, February 3, 2014, 4-7 pm
4. Presentation Session Monday, February 10, 2014, 4-7 pm
Language English
Contact <fabienne's surname> at cs dot uni-saarland dot de, <kim's surname> at cs dot uni-saarland dot de, <manuel's surname> at cs dot uni-saarland dot de

Latest News

  • 2014-01-06: the deadline for the written summary submission is on March 7th, 2014. See here for more details about the summary and some LaTeX templates.
  • 2013-10-25: we have added topic assignments as well as dates for the fourth practice/final talk session
  • 2013-09-12: we have uploaded a short guide on how to present a paper
  • 2013-09-11: the website is online

Description

The latest news about spying on private data and personal information by the US government has received increasing attention among governments, mass media, and the scientific community. This stresses the importance of developing and deploying secure and privacy-preserving systems in our digital lives.

  • How do we securely transfer messages from one party to another?
  • How can we browse the Internet anonymously?
  • Which attacks on prominent protocols do exist?
  • And how can we prove a given protocol or system secure?

In this proseminar, we will conduct research to provide answers to these and other basic questions concerning security and privacy.

Topic I. Cryptographic Primitives and other Basics

(I.1) An historical overview of cryptography can be found in Nigel P. Smarts book "Cryptography: An Introduction" (McGraw-Hill, 2002):

(I.2) The famous Rivest-Shamir-Adleman (RSA) cryptosystem

(I.3) Secret Sharing

(I.4) Collision resistance of the Merkle-Damgård construction

Topic II. Attacks and Vulnerabilities

(II.1) The Needham-Schroeder protocol

(II.2) Security APIs

(II.3) How to break into cars

(II.4) Zero-day attacks

(II.5) Attacks on RSA

(II.6) Cross-Site-Scripting (XSS) and Cross-Site-Request-Forgery (CSRF)

Topic III. Privacy-preserving Technologies and Anonymity

(III.1) Onion routing

(III.2) Untraceability

(III.3) Electronic voting

(III.4) De-anonymization of large datasets

(III.5) Differential privacy

Topic IV. Language-Based Security

(IV.1) ProVerif and the Needham-Schroeder protocol

(IV.2) Language-based information flow control

(IV.3) The applied pi-calculus

Modus operandi

Each participant gives a presentation in English (30 minutes and 15 minutes discussion) and provides a written summary in English (3-4 pages). The summary must be written in LaTeX (you can use our template with example bibliography file). The summary should include a short overview of the paper as well as your own thoughts on strengths and weaknesses thereof. Moreover, you should discuss the applications and influences that the paper had (or could have) on other works.
Participation in the organizational meeting and all the presentation sessions is mandatory.

Each student will be supervised by the TA responsible for the assigned research paper. There will be a discussion session where each student meets with their advisor and discusses the paper. Before giving the final presentation, each student will have to prepare the structure of their talk and discuss it with their advisor; here, the "structure" means the presentation with empty slides and titles only. Additionally, no later than one week before the final talk, each student will have to give a practice talk in a session with another student and their advisor.

Milestone Date
Registration before 18.10.2013
Kick-off meeting 21.10.2013
Paper discussion with your advisor before 29.11.2013
Story discussion (empty slides with titles only) before 18.12.2013
Practice talk session 1 before 10.01.2014
Practice talk session 2 before 17.01.2014
Practice talk session 3 before 24.01.2014
Practice talk session 4 before 31.01.2014
Final talk session 1 20.01.2014
Final talk session 2 27.01.2014
Final talk session 3 03.02.2014
Final talk session 4 10.02.2014
Written summary 07.03.2014

Topic Assignment

Talk Session Topic Student Advisor
TS 1
I.1.a
I.1.b
I.2
I.4
Steffen Altmeier
Boris Harizanov
Tobias Bauer
Ralph Gerbracht
Fabienne
Fabienne
Kim
Kim
TS 2
I.3
II.1
III.4
II.2.b
Asli Biçakci
Nikodemus Schmidt
Robin Burghartz
Christopher Schommer
Manuel
Manuel
Fabienne
Fabienne
TS 3
II.3
II.4
II.5
II.6
Frank Baustert
Edgar Grab
Patrick Schmelzeisen
Moein Alinaghian
Kim
Kim
Kim
Kim
TS 4
III.1
III.2
III.3
Nicolas Wolff
Katya Gonzalez Ortiz
Samuel Leisering
Manuel
Manuel
Manuel

Grading

To pass the proseminar you are required to meet all milestone deadlines (see the table above).
Your final grade is based on both the quality of your final talk (80%) and the quality of your written summary (20%). Both grades must be 4.0 or higher.

Why English?

We decided to hold this proseminar in English for several reasons.

  • The research papers and book chapters that you will read are written in English.
  • Many notions that occur in the security and privacy literature do not have a German translation, for instance, there is no distinguished word in German that captures the intended meaning of "privacy-preserving systems" or "differential privacy". So for a German talk you would necessarily have to invent new translations (unknown to everyone but you) or mostly speak in "Denglisch".
  • The proseminar provides you with a safe space to practice your English. Speaking and writing in English will be required of you in most of your follow-up courses and seminars (if not all) and in your future career.
  • English is fun!

Don't worry, the TAs speak both German and English and will help you in case of problems. Moreover, your grade will not be influenced by your language skills!

Requirements

You should enjoy math and theoretical computer science!

We expect you to have passed at least the basic lectures "Programmierung 1" and "Mathematik für Informatiker 1 & 2" (or equivalent).

The proseminar is meant to be an introduction to cryptography, security, and privacy-oriented research and thus intended for Bachelor students who have not taken the core lectures Security or Cryptography.

How to register

The registration deadline is Friday, October 18, 2013 at 1:00 pm.
For registering, please send an e-mail as early as possible to <manuel's surname> at cs dot uni-saarland dot de, indicating your name and matriculation number.

Please note that the number of participants is limited to 12!

As usual, you have to register in the LSF/HISPOS system.