Security and Privacy - A Beginner's Guide
Proseminar, Winter 2014/15
|Instructor||Prof. Dr. Matteo Maffei|
|Teaching Assistants||Manuel Reinert, Ilya Grishchenko, Giulio Malavolta, Niklas Grimm|
|Organizational Meeting||Wednesday, October 22, 2014 at 4:00 pm|
|Registration||Registration deadline: Passed! Please do not register anymore.|
|Place||E1.7 (MMCI), room 3.23|
|Form/Credits||Proseminar, 5 ECTS (for Bachelor students)|
|1. Presentation Session||Wednesday, January 21, 2015, 4-7 pm|
|2. Presentation Session||Wednesday, January 28, 2015, 4-7 pm|
|3. Presentation Session||Wednesday, February 4, 2015, 4-7 pm|
|4. Presentation Session||Wednesday, February 11, 2015, 4-7 pm|
|Contact||<manuel's surname> at cs dot uni-saarland dot de, <giulio's surname> at cs dot uni-saarland dot de, <giulio's surname> at cs dot uni-saarland dot de, <niklas's surname> at cs dot uni-saarland dot de|
- 2014-08-12: we have uploaded a short guide on how to present a paper
- 2013-08-12: the website is online
The latest news about spying on private data and personal information by the US government has received increasing attention among governments, mass media, and the scientific community. This stresses the importance of developing and deploying secure and privacy-preserving systems in our digital lives.
- How do we securely transfer messages from one party to another?
- How can we browse the Internet anonymously?
- Which attacks on prominent protocols do exist?
- And how can we prove a given protocol or system secure?
In this proseminar, we will conduct research to provide answers to these and other basic questions concerning security and privacy.
Topic I. Cryptographic Primitives and other Basics
(I.1) An historical overview of cryptography can be found in Nigel P. Smarts book "Cryptography: An Introduction" (McGraw-Hill, 2002):
- (I.1.a) Ancient ciphers in § 3 and the Enigma machine in § 4
- (I.1.b) One-Time-Pad (OTP) and perfect secrecy in § 5.
(I.2) The famous Rivest-Shamir-Adleman (RSA) cryptosystem
- A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Ronald Rivest, Adi Shamir, and Leonard Adleman, in Communications of the ACM, 1978.
(I.3) Secret Sharing
- How to Share a Secret. Adi Shamir, in Communications of the ACM, 1979
- Generalized Secret Sharing and Monotone Functions. Josh Cohen Benaloh and Jerry Leichter, in CRYTPO, 1988
(I.4) Collision resistance of the Merkle-Damgård construction
- A Design Principle for Hash Functions. Ivan B. Damgård, in CRYPTO, 1989
- A Certified Digital Signature. Ralph C. Merkle, in CRYPTO, 1989
(I.5) Public-Key Infrastructure (PKI)
- Enhanced Certificate Transparency and End-to-end Encrypted Mail. Marc D. Ryan, in Network and Distributed System Security (NDSS), 2014.
Topic II. Attacks and Vulnerabilities
(II.1) The Needham-Schroeder protocol
- Using Encryption for Authentication in Large Networks of Computers. Roger M. Needham and Michael D. Schroeder, in Communications of the ACM, 1978
- An Attack on the Needham-Schroeder Public-Key Authentication Protocol. Gavin Lowe, in Journal Information Processing Letters, 1995
(II.2) Security APIs
Introduction to Security API Analysis. Riccardo Focardi,
Flaminia L. Luccio, and Graham Steel, in
- (II.2.a) Attacks on crypto-tokens
- (II.2.b) How to break your PIN playing Mastermind?
(II.3) How to break into cars
- Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars. Aurélien Francillon, Boris Danev, and Srdjan Capkun, in NDSS, 2011
(II.4) Zero-day attacks
- Before We Knew It: An Empirical Study of Zero-Day Attacks In The Real World. Leyla Bilge and Tudor Dumitras, in CCS, 2012
(II.5) Attacks on RSA
- Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman, in USENIX, 2012
(II.6) Cross-Site-Scripting (XSS) and Cross-Site-Request-Forgery (CSRF)
- Cross Site Scripting - Latest Developments and Solutions: A Survey.Jayamsakthi Shanmugam and M. Ponnavaikko, in Journal of Open Problems in Computer Science and Mathematics, 2008
- CSRF Vulnerabilities and Defensive Techniques. Rupali D. Kombade and B. B. Meshram, in Journal of Computer Network and Information Security, 2012
(II.7) Buffer overflows
- Smashing The Stack For Fun And Profit. Aleph One
Topic III. Privacy-preserving Technologies and Anonymity
(III.1) Onion routing
- Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, and Paul Syverson, in USENIX, 2004
- Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. David L. Chaum, in Communications of the ACM, 1981
- Untraceable Electronic Cash. David L. Chaum, Amos Fiat, and Moni Naor, in CRYPTO, 1988
(III.3) Electronic voting
- A Practical Secret Voting Scheme for Large Scale Elections. Atsushi Fujioka, Tatsuaki Okamoto, and Kazuo Ohta, in AUSCRYPT, 1992
(III.4) De-anonymization of large datasets
- Robust De-anonymization of Large Sparse Datasets. Arvind Narayanan and Vitaly Shmatikov, in S&P, 2008
- (III.5.1) Differential privacy
- (III.5.2) Language-based information flow control
- Language-Based Information-Flow Security. Andrei Sabelfeld and Andrew C. Myers, in Journal on Selected Areas in Communication, 2006
Each participant gives a presentation in English (30 minutes and 15 minutes discussion) and provides a written summary in English (4 pages). The summary must be written in LaTeX (you can use our template with example bibliography file). The summary should include a short overview of the paper as well as your own thoughts on strengths and weaknesses thereof. Moreover, you should discuss the applications and influences that the paper had (or could have) on other works.
Any form of plagiarism is forbidden. In case of questions, do not hesitate to contact us.
Participation in the organizational meeting and all the presentation sessions is mandatory.
Each student will be supervised by the TA responsible for the assigned research paper. There will be a discussion session where each student meets with their advisor and discusses the paper. Before giving the final presentation, each student will have to prepare the structure of their talk and discuss it with their advisor; here, the "structure" means the presentation with empty slides and titles only. Additionally, no later than one week before the final talk, each student will have to give a practice talk in a session with another student and their advisor.
|Paper discussion with your advisor||before 28.11.2014|
|Story discussion (empty slides with titles only)||before 19.12.2014|
|Practice talk session 1||before 14.01.2015|
|Practice talk session 2||before 21.01.2015|
|Practice talk session 3||before 28.01.2015|
|Practice talk session 4||before 04.02.2015|
|Final talk session 1||21.01.2015|
|Final talk session 2||28.01.2015|
|Final talk session 3||04.02.2015|
|Final talk session 4||11.02.2015|
|Written summary||08.03.2015, 23:59|
To pass the proseminar you are required to meet all
milestone deadlines (see the table above).
Your final grade is based on both the quality of your final talk (80%) and the quality of your written summary (20%). Both grades must be 4.0 or higher.
We decided to hold this proseminar in English for several reasons.
- The research papers and book chapters that you will read are written in English.
- Many notions that occur in the security and privacy literature do not have a German translation, for instance, there is no distinguished word in German that captures the intended meaning of "privacy-preserving systems" or "differential privacy". So for a German talk you would necessarily have to invent new translations (unknown to everyone but you) or mostly speak in "Denglisch".
- The proseminar provides you with a safe space to practice your English. Speaking and writing in English will be required of you in most of your follow-up courses and seminars (if not all) and in your future career.
- English is fun!
Don't worry, the TAs speak both German and English and will help you in case of problems. Moreover, your grade will not be influenced by your language skills!
You should enjoy math and theoretical computer science!
We expect you to have passed at least the basic lectures "Programmierung 1" and "Mathematik für Informatiker 1 & 2" (or equivalent).
The proseminar is meant to be an introduction to cryptography, security, and privacy-oriented research and thus intended for Bachelor students who have not taken the core lectures Security or Cryptography.
How to register
The registration deadline is Tuesday, October 21, 2014 at
For registering, please send an e-mail as early as possible to <manuel's surname> at cs dot uni-saarland dot de, indicating your name, matriculation number, your study program, and courses related to security, privacy, and cryptography which you have already taken.
When distributing the spots in the proseminar, we use two policies: firstly, Bachelor students come before others; secondly, first-come-first-serve.
Please note that the number of participants is limited to 12!
As usual, you have to register in the LSF/HISPOS system.