Achtung:

Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

Info-Icon This content is not available in English
Studierende in den Seminarräumen des O-Gebäudes, Foto: Universität Paderborn, Fotografin: Judith Kraft Show image information

Studierende in den Seminarräumen des O-Gebäudes, Foto: Universität Paderborn, Fotografin: Judith Kraft

Seminar System Security

The central topic of this seminar are large scale scanning and attacks exploiting interesting Web/crypto misconceptions.

The seminar is expected to take place as a block seminar at the end of the lecture period.

Note that there will also be a related project group on TLS-Attacker and the evaluation of the TLS ecosystem.

Topics

1. Biased Nonce Sense: Lattice Attacks againstWeak ECDSA Signatures in Cryptocurrencies. https://eprint.iacr.org/2019/023.pdf

2. Mining Your Ps and Qs: Detection ofWidespread Weak Keys in Network Devices. https://factorable.net/weakkeys12.extended.pdf

3. ZMap: Fast Internet-wide Scanning and Its Security Applications. https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/durumeric + Zippier ZMap: Internet-Wide Scanning at 10 Gbps. https://www.usenix.org/system/files/conference/woot14/woot14-adrian.pdf

4. Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation. https://www.ndss-symposium.org/ndss-paper/tranco-a-research-oriented-top-sites-ranking-hardened-against-manipulation/

5. The Matter of Heartbleed. https://dl.acm.org/doi/pdf/10.1145/2663716.2663755

6. Censys: A Search Engine Backed by Internet-wide Scanning. https://censys.io/static/censys.pdf

7. An Internet-Wide View of Internet-Wide Scanning. https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-durumeric.pdf

8. The Security Impact of HTTPS Interception. http://mdbailey.ece.illinois.edu/publications/ndss17_interception.pdf

9. Tracking Certificate Misissuance in the Wild. https://zakird.com/papers/zlint.pdf

10. Coming of Age: A Longitudinal Study of TLS Deployment. http://software.imdea.org/~juanca/papers/tls_imc18.pdf

11. Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities. https://www.usenix.org/conference/usenixsecurity19/presentation/merget

12. Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections. https://www.usenix.org/conference/usenixsecurity20/presentation/van-goethem

13. Neither Snow Nor Rain Nor MITM ...An Empirical Analysis of Email Delivery Security.  https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43962.pdf

14. Analysis of SSL Certificate Reissues and Revocationsin the Wake of Heartbleed.  https://dl.acm.org/doi/pdf/10.1145/2663716.2663758

15. No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large. https://arxiv.org/abs/1510.08646

16. Come as You Are: Helping Unmodified Clients Bypass Censorship with Server-side Evasion. https://geneva.cs.umd.edu/papers/come-as-you-are.pdf

17. Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem. https://www.cs.umd.edu/~frank/pubs/pki-ccs16.pdf

18. Measuring the Security Harm of TLS Crypto Shortcuts. https://www.cs.umd.edu/class/spring2017/cmsc818O/papers/crypto-shortcuts.pdf

19. On the Origin of Scanning: The Impact of Location on Internet-Wide Scans. https://zakird.com/papers/multiperspective.pdf

20. Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. https://www.dais.unive.it/~rabitti/aboutme/oakland19.pdf

21. All Things Considered: An Analysis of IoT Devices on Home Networks. https://www.usenix.org/system/files/sec19-kumar-deepak_0.pdf

Dates & Deadlines

  • First week: distribution of topics.
  • End of November: Topic consultation
  • December 11th: Preliminary seminar thesis version (at least 5 pages) describing the main paper problem.
  • January 22nd: Submission deadline for the prefinal seminar thesis.
  • February 5th: Submission deadline for the reviews.
  • February 11th & 12th: Block Seminar, Presentation of your work
  • February 19th: Submission deadline for the final version of the seminar thesis.

Depending on the situation in February, the presentations will possibly be held remotely.

The seminar will be organized over Panda.

Meetings

We will have four meetings over BBB, with different topics which will (hopefully) be helpful for you to pass the seminar:

  • 13.11. 9:15. Introduction and Research Skills
  • 20.11. 9:15. Writing Skills
  • 15.1. 9:15. Review Skills
  • 29.1. 9:15. Presentation Skills

Registration of Topics

The topics are given in the first week. You will be asked about your preferences in the first week over Panda.

Grading and Demands

The final grade cosists of your presentation (30%), your paper (60%), and your reviews (10%).

Presentation

20 minutes presentation. 5 minutes discussion and questions.

The best presentation will be awarded! More information will be given in the first meeting.

Seminar thesis

Essay of length 12 to 20 pages written according to the standards of a scientific paper.

Reviews

We will follow a peer review procedure similar to scientific publications:

  • You submit your thesis (paper) at easychair.org
  • Some (2) peers (other students) review your submission:
    • Read and understand the submitted paper
    • Criticize your paper
    • Make recommendations on how to improve
    • Be honest, polite, and helpful when writing your reviews
  • The reviews you write will influence your final grade
  • The reviews you receive will not influence (but your final version)
  • Each student has to write 2 reviews (each 1-2 pages)
Further information:

The University for the Information Society