The central topic of this seminar are cryptographic pitfalls and attacks. It is co-organized by the groups Codes and Cryptography, Software Engineering and System Security.

The seminar is expected to take place as a block seminar at the end of the lecture period.

Dates & Deadlines

• First week: distribution of topics.
• End of April: Topic consultation
• May 15th: Preliminary seminar thesis version (at least 5 pages) describing the main paper problem.
• June 22nd: Submission deadline of the prefinal seminar thesis.
• July 5th: Submission deadline of the reviews.
• July 17th: Submission deadline of the final version of the seminar thesis.
• July 13th & 14th (13-18h): Block Seminar, Presentation of your work

Depending on the situation in July, the presentations will possibly be held remotely.

The seminar will be organized over Panda.

Registration of Topics

The topics are given in the first meeting.

Grading and Demands

Presentation

20 minutes presentation. 5 minutes discussion and questions.

The best presentation will be awarded! More information will be given in the first meeting.

Seminar thesis

Essay of length about 15 pages written according to the standards of a scientific paper. You can use our templates: cs.uni-paderborn.de/cuk/lehre/studentische-arbeiten/materialien-und-vorlagen/

Reviews

We will follow a peer review procedure similar to scientific publications:

• You submit your thesis (paper) at easychair.org
• Some (2) peers (other students) review your submission:
  • Read and understand the submitted paper
  • Criticize your paper
  • Make recommendations on how to improve
  • Be honest, polite, and helpful when writing your reviews
• The reviews you write will influence your final grade
• The reviews you receive will not influence (but your final version)
• Each student has to write 2 reviews (each 1-2 pages)

Depending on the situation in July, the presentations will possibly be held remotely.

Registration of Topics

The topics are given in the first meeting.

Note that there are several topics describing attacks based on complex side channels (e.g., 3, 8,...see below). If you are going to handle such a paper, we do not expect you to understand every subtle specific of these complex side channels. You can abstract them (describe on a high level on 1/2 page) and concentrate on the cryptographic content.

Topics

1. Stevens et al.: The first collision for full SHA-1. eprint.iacr.org/2017/190.pdf

2. Nemec et al.: The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli. crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf

3. Yarom et al.: CacheBleed: A Timing Attack on OpenSSL ConstantTime RSA. eprint.iacr.org/2016/224.pdf

4. Ronen et al.: Pseudo Constant Time Implementations of TLS Are Only Pseudo Secure. eprint.iacr.org/2018/747.pdf

5. Ronen et al.: The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations. eprint.iacr.org/2018/1173.pdf

6. Calzavara et al.: Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. secgroup.github.io/tlswebscan/

7. Ukrop and Matyas: Why Johnny the Developer Can't Work with Public Key Certificates: An Experimental Study of OpenSSL Usability. crocs.fi.muni.cz/_media/publications/pdf/2018-rsa-ukrop.pdf

8. Moghimi et al.: TPM-FAIL: TPM meets Timing and Lattice Attacks. tpm.fail/tpmfail.pdf

9. Van Bulck et al.: Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. foreshadowattack.eu

10. Breitner and Heninger: Biased Nonce Sense: Lattice Attacks againstWeak ECDSA Signatures in Cryptocurrencies. eprint.iacr.org/2019/023.pdf

11. Vanhoef and Ronen: Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd. eprint.iacr.org/2019/383.pdf

12. Cohney et al.: Pseudorandom Black Swans: Cache Attacks on CTR DRBG. eprint.iacr.org/2019/996.pdf

13. Cohney, Green, Heninger: Practical state recovery attacks against legacy RNG implementations. duhkattack.com/paper.pdf

14. Checkoway et al.: A Systematic Analysis of the Juniper Dual EC Incident. eprint.iacr.org/2016/376.pdf

15. Biham and Neumann: Breaking the Bluetooth Pairing - Fixed Coordinate Invalid Curve Attack. crypto.iacr.org/2019/affevents/wac/medias/Neumann-BreakingBluetoothPairing.pdf

16. Antonioli, Tippenhauer, Rasmussen: The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR. www.usenix.org/conference/usenixsecurity19/presentation/antonioli

17. Mladenov et al.: 1 Trillion Dollar Refund: How To Spoof PDF Signatures. www.nds.ruhr-uni-bochum.de/media/ei/veroeffentlichungen/2019/06/28/PDF_Signature.pdf

18. Müller et al.: Practical Decryption exFiltration: Breaking PDF Encryption. www.nds.ruhr-uni-bochum.de/media/ei/veroeffentlichungen/2019/09/30/paper-pdf_encryption-ccs2019.pdf

19. Gorski et al.: Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic {API} Misuse. www.usenix.org/conference/soups2018/presentation/gorski

20. Paletov et al.: Inferring crypto API rules from code changes. files.sri.inf.ethz.ch/website/papers/diffcode-pldi2018.pdf

21. Rahaman et al.: CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects. arxiv.org/pdf/1806.06881.pdf