Seminar System Security

The central topic of this seminar are large scale scanning and attacks exploiting interesting Web/crypto misconceptions.

The seminar is expected to take place as a block seminar at the end of the lecture period.

Note that there will also be a related project group on TLS-Attacker and the evaluation of the TLS ecosystem.


1. Biased Nonce Sense: Lattice Attacks againstWeak ECDSA Signatures in Cryptocurrencies.

2. Mining Your Ps and Qs: Detection ofWidespread Weak Keys in Network Devices.

3. ZMap: Fast Internet-wide Scanning and Its Security Applications. + Zippier ZMap: Internet-Wide Scanning at 10 Gbps.

4. Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation.

5. The Matter of Heartbleed.

6. Censys: A Search Engine Backed by Internet-wide Scanning.

7. An Internet-Wide View of Internet-Wide Scanning.

8. The Security Impact of HTTPS Interception.

9. Tracking Certificate Misissuance in the Wild.

10. Coming of Age: A Longitudinal Study of TLS Deployment.

11. Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities.

12. Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections.

13. Neither Snow Nor Rain Nor MITM ...An Empirical Analysis of Email Delivery Security.

14. Analysis of SSL Certificate Reissues and Revocationsin the Wake of Heartbleed.

15. No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large.

16. Come as You Are: Helping Unmodified Clients Bypass Censorship with Server-side Evasion.

17. Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem.

18. Measuring the Security Harm of TLS Crypto Shortcuts.

19. On the Origin of Scanning: The Impact of Location on Internet-Wide Scans.

20. Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem.

21. All Things Considered: An Analysis of IoT Devices on Home Networks.

Dates & Deadlines

  • First week: distribution of topics.
  • End of November: Topic consultation
  • December 11th: Preliminary seminar thesis version (at least 5 pages) describing the main paper problem.
  • January 22nd: Submission deadline for the prefinal seminar thesis.
  • February 5th: Submission deadline for the reviews.
  • February 11th & 12th: Block Seminar, Presentation of your work
  • February 19th: Submission deadline for the final version of the seminar thesis.

Depending on the situation in February, the presentations will possibly be held remotely.

The seminar will be organized over Panda.


We will have four meetings over BBB, with different topics which will (hopefully) be helpful for you to pass the seminar:

  • 13.11. 9:15. Introduction and Research Skills
  • 20.11. 9:15. Writing Skills
  • 15.1. 9:15. Review Skills
  • 29.1. 9:15. Presentation Skills

Registration of Topics

The topics are given in the first week. You will be asked about your preferences in the first week over Panda.

Grading and Demands

The final grade cosists of your presentation (30%), your paper (60%), and your reviews (10%).


20 minutes presentation. 5 minutes discussion and questions.

The best presentation will be awarded! More information will be given in the first meeting.

Seminar thesis

Essay of length 12 to 20 pages written according to the standards of a scientific paper.


We will follow a peer review procedure similar to scientific publications:

  • You submit your thesis (paper) at
  • Some (2) peers (other students) review your submission:
    • Read and understand the submitted paper
    • Criticize your paper
    • Make recommendations on how to improve
    • Be honest, polite, and helpful when writing your reviews
  • The reviews you write will influence your final grade
  • The reviews you receive will not influence (but your final version)
  • Each student has to write 2 reviews (each 1-2 pages)