Security and Privacy - A Beginner's Guide

Proseminar, Winter 2014/15

Instructor Prof. Dr. Matteo Maffei
Teaching Assistants Manuel Reinert, Ilya Grishchenko, Giulio Malavolta, Niklas Grimm
Organizational Meeting Wednesday, October 22, 2014 at 4:00 pm
Registration Registration deadline: Passed! Please do not register anymore.
Place E1.7 (MMCI), room 3.23
Form/Credits Proseminar, 5 ECTS (for Bachelor students)
1. Presentation Session Wednesday, January 21, 2015, 4-7 pm
2. Presentation Session Wednesday, January 28, 2015, 4-7 pm
3. Presentation Session Wednesday, February 4, 2015, 4-7 pm
4. Presentation Session Wednesday, February 11, 2015, 4-7 pm
Language English
Contact <manuel's surname> at cs dot uni-saarland dot de, <giulio's surname> at cs dot uni-saarland dot de, <giulio's surname> at cs dot uni-saarland dot de, <niklas's surname> at cs dot uni-saarland dot de

Latest News

  • 2014-08-12: we have uploaded a short guide on how to present a paper
  • 2013-08-12: the website is online

Description

The latest news about spying on private data and personal information by the US government has received increasing attention among governments, mass media, and the scientific community. This stresses the importance of developing and deploying secure and privacy-preserving systems in our digital lives.

  • How do we securely transfer messages from one party to another?
  • How can we browse the Internet anonymously?
  • Which attacks on prominent protocols do exist?
  • And how can we prove a given protocol or system secure?

In this proseminar, we will conduct research to provide answers to these and other basic questions concerning security and privacy.

Topic I. Cryptographic Primitives and other Basics

(I.1) An historical overview of cryptography can be found in Nigel P. Smarts book "Cryptography: An Introduction" (McGraw-Hill, 2002):

(I.2) The famous Rivest-Shamir-Adleman (RSA) cryptosystem

(I.3) Secret Sharing

(I.4) Collision resistance of the Merkle-Damgård construction

(I.5) Public-Key Infrastructure (PKI)

Topic II. Attacks and Vulnerabilities

(II.1) The Needham-Schroeder protocol

(II.2) Security APIs

(II.3) How to break into cars

(II.4) Zero-day attacks

(II.5) Attacks on RSA

(II.6) Cross-Site-Scripting (XSS) and Cross-Site-Request-Forgery (CSRF)

(II.7) Buffer overflows

Topic III. Privacy-preserving Technologies and Anonymity

(III.1) Onion routing

(III.2) Untraceability

(III.3) Electronic voting

(III.4) De-anonymization of large datasets

(III.5) Privacy

Modus operandi

Each participant gives a presentation in English (30 minutes and 15 minutes discussion) and provides a written summary in English (4 pages). The summary must be written in LaTeX (you can use our template with example bibliography file). The summary should include a short overview of the paper as well as your own thoughts on strengths and weaknesses thereof. Moreover, you should discuss the applications and influences that the paper had (or could have) on other works.

Any form of plagiarism is forbidden. In case of questions, do not hesitate to contact us.

Participation in the organizational meeting and all the presentation sessions is mandatory.

Each student will be supervised by the TA responsible for the assigned research paper. There will be a discussion session where each student meets with their advisor and discusses the paper. Before giving the final presentation, each student will have to prepare the structure of their talk and discuss it with their advisor; here, the "structure" means the presentation with empty slides and titles only. Additionally, no later than one week before the final talk, each student will have to give a practice talk in a session with another student and their advisor.

Milestone Date
Registration before 21.10.2014
Kick-off meeting 22.10.2014
Paper discussion with your advisor before 28.11.2014
Story discussion (empty slides with titles only) before 19.12.2014
Practice talk session 1 before 14.01.2015
Practice talk session 2 before 21.01.2015
Practice talk session 3 before 28.01.2015
Practice talk session 4 before 04.02.2015
Final talk session 1 21.01.2015
Final talk session 2 28.01.2015
Final talk session 3 04.02.2015
Final talk session 4 11.02.2015
Written summary 08.03.2015, 23:59

Topic Assignment

Talk Session Topic Student Advisor
TS 1
I.1.a
I.2
I.3
I.1.b
Umar Chikobava
Tina Finkler
Dennis Groß
Jonas Teshome
Giulio
TS 2
II.7
II.6
II.5
II.3
Johannes Bund
Robin Woll
Kevin Müller
Julian Wolter
Ilya
TS 3
II.2
III.4
Ricardo Quintero Salazar
Jonas Bushart
Niklas
TS 4
I.5
III.2
III.1
III.3
Lukas Krämer
Sven Ziegler
Georg Haaß
Monica Montserrat Ruiz Dolores
Manuel

Grading

To pass the proseminar you are required to meet all milestone deadlines (see the table above).
Your final grade is based on both the quality of your final talk (80%) and the quality of your written summary (20%). Both grades must be 4.0 or higher.

Why English?

We decided to hold this proseminar in English for several reasons.

  • The research papers and book chapters that you will read are written in English.
  • Many notions that occur in the security and privacy literature do not have a German translation, for instance, there is no distinguished word in German that captures the intended meaning of "privacy-preserving systems" or "differential privacy". So for a German talk you would necessarily have to invent new translations (unknown to everyone but you) or mostly speak in "Denglisch".
  • The proseminar provides you with a safe space to practice your English. Speaking and writing in English will be required of you in most of your follow-up courses and seminars (if not all) and in your future career.
  • English is fun!

Don't worry, the TAs speak both German and English and will help you in case of problems. Moreover, your grade will not be influenced by your language skills!

Requirements

You should enjoy math and theoretical computer science!

We expect you to have passed at least the basic lectures "Programmierung 1" and "Mathematik für Informatiker 1 & 2" (or equivalent).

The proseminar is meant to be an introduction to cryptography, security, and privacy-oriented research and thus intended for Bachelor students who have not taken the core lectures Security or Cryptography.

How to register

The registration deadline is Tuesday, October 21, 2014 at 23:59.
For registering, please send an e-mail as early as possible to <manuel's surname> at cs dot uni-saarland dot de, indicating your name, matriculation number, your study program, and courses related to security, privacy, and cryptography which you have already taken.

When distributing the spots in the proseminar, we use two policies: firstly, Bachelor students come before others; secondly, first-come-first-serve.

Please note that the number of participants is limited to 12!

As usual, you have to register in the LSF/HISPOS system.