Security and Privacy - A Beginner's Guide

Proseminar, Winter 2015/16

Instructor Prof. Dr. Matteo Maffei
Teaching Assistants Manuel Reinert, Ilya Grishchenko, Giulio Malavolta, Niklas Grimm
Organizational Meeting Monday, October 26th, 12am-1pm
Registration deadline October 24th, 23:59pm
Place E1.7 (MMCI), room 0.01
Form/Credits Proseminar, 5 ECTS (for Bachelor students)
1. Presentation Session Monday, February 29th, 2016, 9-12am
2. Presentation Session Monday, February 29th, 2016, 1-4pm
3. Presentation Session Tuesday, March 1st, 2016, 9-12am
4. Presentation Session Tuesday, March 1st, 2016, 1-4am
Language English
Contact <manuel's surname> at cs dot uni-saarland dot de, <giulio's surname> at cs dot uni-saarland dot de, <giulio's surname> at cs dot uni-saarland dot de, <niklas's surname> at cs dot uni-saarland dot de

Description

The permanently released news about spying on private data and personal information by the US government has received increasing attention among governments, mass media, and the scientific community. This stresses the importance of developing and deploying secure and privacy-preserving systems in our digital lives.

  • How do we securely transfer messages from one party to another?
  • How can we browse the Internet anonymously?
  • Which attacks on prominent protocols do exist?
  • And how can we prove a given protocol or system secure?

In this proseminar, we will conduct research to provide answers to these and other basic questions concerning security and privacy.

Topic I. Cryptography

Topic II. Web Security

Topic III. Mobile Security

Topic IV. Privacy-Enhancing Technologies

Modus operandi

You will be supervised by the TA who is responsible for the respective chosen topic. Then, you have to complete five milestones in order to pass the course. The milestones guide you towards a final talk, which you give in English, lasting for 30 minutes plus 15 minutes of questions and discussions.

  • Discussion session: you meet with your advisor and discuss the paper so as to understand it in depth. You have to make sure to clarify any kind of problems in understanding the paper.
  • Story discussion: you present and discuss the outline of your talk with your advisor. The outline is the slides of the presentation with titles only, i.e., no content. At this point in the preparation for the final talk, we are only interested in the story skeleton that you want to tell (see it as a summary of the talk).
  • Practice talk: you meet with your advisor together with another student of that advisor no later than the end of the lecture period (February 12th, 2016) and give a practice talk each. The presenter will get feedback both from the advisor and the fellow student in order to improve the talk towards the final presentation. We focus not only on the content of the talk, meaning how the skeleton is filled and the paper is conveyed, but most importantly on the quality of the slides and the performance of the talk itself. These sessions usually take between two and three hours.
  • Final talk: you present your improved talk to all of your fellow students and all advisors. In these sessions, every student is encouraged to actively participate in the question and answer session.
  • Written summary: you summarize your talks in a four page survey which includes a short overview of the paper as well as your own thoughts on strengths and weaknesses thereof. Moreover, you should discuss the applications and influences that the paper had (or could have) on other works. The summary must be written in LaTeX (you can use our template with example bibliography file).

Any form of plagiarism is forbidden. In case of questions, do not hesitate to contact us.

Participation in the organizational meeting and all the presentation sessions is mandatory.

Milestone Date
Registration before 25.10.2015
Kick-off meeting 26.10.2015
Paper discussion with your advisor before 28.11.2015
Story discussion (empty slides with titles only) before 19.12.2015
Practice talk before 12.02.2016
Final talk sessions 29.02.2016 and 01.03.2016
Written summary 13.03.2016, 23:59

Topic Assignment

Talk Session Topic Student Advisor
TS 1
RSA
Hash-function design
Zero-knowledge proofs
Florian Pham
Jannic Warken
Megan Humble
Giulio
TS 2
CSRF
XSS
SQL injection
Cookie security
Vera Resch
Nadisha-Marie Aliman
Christopher Meyer
Hendrik Leidinger
Niklas
TS 3
Android permissions
iOS privacy leakage
ORAM
Browser finger-printing
Alex Grethen
Kevin Pontes
Kevin Morio
Timo Gühring
Ilya
a
Manuel

Grading

To pass the proseminar you are required to meet all milestone deadlines (see the table above).
Your final grade is based on your preparation for the story of your talk (15%), your preparation for your practice talk (15%), the quality of your final talk (50%), and the quality of your written summary (20%). All grades must be 4.0 or higher.

Why English?

We decided to hold this proseminar in English for several reasons.

  • The research papers and book chapters that you will read are written in English.
  • Many notions that occur in the security and privacy literature do not have a German translation, for instance, there is no distinguished word in German that captures the intended meaning of "privacy-preserving systems" or "differential privacy". So for a German talk you would necessarily have to invent new translations (unknown to everyone but you) or mostly speak in "Denglisch".
  • The proseminar provides you with a safe space to practice your English. Speaking and writing in English will be required of you in most of your follow-up courses and seminars (if not all) and in your future career.
  • English is fun!

Don't worry, the TAs speak both German and English and will help you in case of problems. Moreover, your grade will not be influenced by your language skills!

Requirements

You should enjoy math and theoretical computer science!

We expect you to have passed at least the basic lectures "Programmierung 1" and "Mathematik für Informatiker 1 & 2" (or equivalent).

The proseminar is meant to be an introduction to cryptography, security, and privacy-oriented research and thus intended for Bachelor students who have not taken lectures related to security and privacy yet, in particular, Security, Cryptography, Grundlagen der Cybersicherheit, PETs, etc.

How to register

The registration deadline is Monday, October 19th, 2015 at 23:59.
For registering, please send an e-mail as early as possible to <manuel's surname> at cs dot uni-saarland dot de, indicating your name, matriculation number, your study program, and courses related to security, privacy, and cryptography which you have already taken.

When distributing the spots in the proseminar, we use two policies: firstly, Bachelor students come before others; secondly, first-come-first-serve.

Please note that the number of participants is limited to 16!

As usual, you have to register in the LSF/HISPOS system.