The central topic of this seminar are large scale scanning and attacks exploiting interesting Web/crypto misconceptions.
The seminar is expected to take place as a block seminar at the end of the lecture period.
Note that there will also be a related project group on TLS-Attacker and the evaluation of the TLS ecosystem.
1. Biased Nonce Sense: Lattice Attacks againstWeak ECDSA Signatures in Cryptocurrencies. https://eprint.iacr.org/2019/023.pdf
2. Mining Your Ps and Qs: Detection ofWidespread Weak Keys in Network Devices. https://factorable.net/weakkeys12.extended.pdf
3. ZMap: Fast Internet-wide Scanning and Its Security Applications. https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/durumeric + Zippier ZMap: Internet-Wide Scanning at 10 Gbps. https://www.usenix.org/system/files/conference/woot14/woot14-adrian.pdf
4. Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation. https://www.ndss-symposium.org/ndss-paper/tranco-a-research-oriented-top-sites-ranking-hardened-against-manipulation/
5. The Matter of Heartbleed. https://dl.acm.org/doi/pdf/10.1145/2663716.2663755
6. Censys: A Search Engine Backed by Internet-wide Scanning. https://censys.io/static/censys.pdf
7. An Internet-Wide View of Internet-Wide Scanning. https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-durumeric.pdf
8. The Security Impact of HTTPS Interception. http://mdbailey.ece.illinois.edu/publications/ndss17_interception.pdf
9. Tracking Certificate Misissuance in the Wild. https://zakird.com/papers/zlint.pdf
10. Coming of Age: A Longitudinal Study of TLS Deployment. http://software.imdea.org/~juanca/papers/tls_imc18.pdf
11. Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities. https://www.usenix.org/conference/usenixsecurity19/presentation/merget
12. Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections. https://www.usenix.org/conference/usenixsecurity20/presentation/van-goethem
13. Neither Snow Nor Rain Nor MITM ...An Empirical Analysis of Email Delivery Security. https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43962.pdf
14. Analysis of SSL Certificate Reissues and Revocationsin the Wake of Heartbleed. https://dl.acm.org/doi/pdf/10.1145/2663716.2663758
15. No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large. https://arxiv.org/abs/1510.08646
16. Come as You Are: Helping Unmodified Clients Bypass Censorship with Server-side Evasion. https://geneva.cs.umd.edu/papers/come-as-you-are.pdf
17. Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem. https://www.cs.umd.edu/~frank/pubs/pki-ccs16.pdf
18. Measuring the Security Harm of TLS Crypto Shortcuts. https://www.cs.umd.edu/class/spring2017/cmsc818O/papers/crypto-shortcuts.pdf
19. On the Origin of Scanning: The Impact of Location on Internet-Wide Scans. https://zakird.com/papers/multiperspective.pdf
20. Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. https://www.dais.unive.it/~rabitti/aboutme/oakland19.pdf
21. All Things Considered: An Analysis of IoT Devices on Home Networks. https://www.usenix.org/system/files/sec19-kumar-deepak_0.pdf
Dates & Deadlines
- First week: distribution of topics.
- End of November: Topic consultation
- December 11th: Preliminary seminar thesis version (at least 5 pages) describing the main paper problem.
- January 22nd: Submission deadline for the prefinal seminar thesis.
- February 5th: Submission deadline for the reviews.
- February 11th & 12th: Block Seminar, Presentation of your work
- February 19th: Submission deadline for the final version of the seminar thesis.
Depending on the situation in February, the presentations will possibly be held remotely.
The seminar will be organized over Panda.
We will have four meetings over BBB, with different topics which will (hopefully) be helpful for you to pass the seminar:
- 13.11. 9:15. Introduction and Research Skills
- 20.11. 9:15. Writing Skills
- 15.1. 9:15. Review Skills
- 29.1. 9:15. Presentation Skills
Registration of Topics
The topics are given in the first week. You will be asked about your preferences in the first week over Panda.
Grading and Demands
The final grade cosists of your presentation (30%), your paper (60%), and your reviews (10%).
20 minutes presentation. 5 minutes discussion and questions.
The best presentation will be awarded! More information will be given in the first meeting.
Essay of length 12 to 20 pages written according to the standards of a scientific paper.
We will follow a peer review procedure similar to scientific publications:
- You submit your thesis (paper) at easychair.org
- Some (2) peers (other students) review your submission:
- Read and understand the submitted paper
- Criticize your paper
- Make recommendations on how to improve
- Be honest, polite, and helpful when writing your reviews
- The reviews you write will influence your final grade
- The reviews you receive will not influence (but your final version)
- Each student has to write 2 reviews (each 1-2 pages)