Veranstaltung: Master-Seminar Netz- und Datensicherheit

Nummer:
143240
Lehrform:
Seminar
Medienform:
rechnerbasierte Präsentation
Verantwortlicher:
Prof. Dr. Jörg Schwenk
Dozenten:
Prof. Dr. Jörg Schwenk (ETIT), M. Sc. Sebastian Lauer (ETIT), B. Sc. Paul Rösler (ETIT)
Sprache:
Deutsch
SWS:
3
LP:
3
Angeboten im:
Wintersemester und Sommersemester

Termine im Wintersemester

  • Vorbesprechung: Dienstag den 09.10.2018 ab 14:15 im ID 04/413
  • Seminar Dienstags: ab 14:15 bis 16.45 Uhr im ID 04/413

Termine im Sommersemester

  • Vorbesprechung: Dienstag den 10.04.2018 ab 15:00 im ID 03/471
  • Seminar Dienstags: ab 15:00 bis 16.45 Uhr im ID 03/471

Prüfung

Prüfungsform:Seminarbeitrag
Prüfungsanmeldung:None
Datum:None
studienbegleitend

Ziele

Die Teilnehmer können mit technischer und wissenschaftlicher Literatur für Forschung und Entwicklung umgehen und die Ergebnisse wissenschaftlich präsentieren.

Inhalt

Ausgewählte Themen der IT-Sicherheit mit Bezug zur Netz- und Datensicherheit werden von den Studierenden eigenständig erarbeitet. Soweit möglich werden Themen in Anlehnung an eine gerade laufende Wahlpflichtveranstaltung gewählt, um didaktische Synergieeffekte zu nutzen.

Voraussetzungen

keine

Empfohlene Vorkenntnisse

Grundlegende Kenntnisse der Kryptographie und / oder Netzwerktechnik

Materialien

Folien:

Musterlösungen:

Sonstiges

Diese Veranstaltung wird im Block angeboten.

Vorläufige Termine/Meilensteine

  • Vorbesprechung und Themenvergabe 10.04.18 15:00 Uhr
  • Bewerbung mit einem Exposee 24.04.18
  • Acceptence notification 30.04.18
  • Abgabetermin einer Preversion der schriftlichen Ausarbeitung 25.06.18
  • Präsentationen wird per Doodle Umfrage festgelet
  • Abgabetermin der finalen Version der schriftlichen Ausarbeitung 20.07.18
  • Bekanntmachung des AwardGewinners/Meldung der Ergebnisse an das Prüfungsamt: ab Anfang des folgenden Semesters

Hinweis: Es werden keine Teilnahme-/Leistungsscheine ausgestellt. Die Ergebnisse werden direkt an das Prüfungsamt gemeldet.

Fragen (Kontakt): Sebastian Lauer (vorname.nachname[at]rub.de)

Ausarbeitungen: Beispiele: http://nds.rub.de/teaching/BestStudentPaperAward/ Vorlage: http://nds.rub.de/teaching/theses/seminar/

Anmerkungen:

Ziel des Seminars ist die Vorstellung einer wissenschaftlichen Veröffentlichung. Hierzu werden bereits veröffentliche Artikel zur Auswahl angeboten.

Die Seminarteilnehmer sollen die Veröffentlichung im Rahmen des Seminars verständlich erarbeiten und evtl. benötigte Grundlagen kurz und präzise einführen.

Vor der Zuteilung des vorausgewählten Seminarthemas ist von allen Kandidaten für das Seminarthema ein zweiseitiges Exposee beim jeweiligen Betreuer einzureichen. Dieser wählt anhand der Exposees den Kandidaten aus der das Seminarthema bearbeitet.

Die Ausarbeitung sollte einen Umfang von ca. 15 Seiten haben, Ausnahmen oder Abweichungen sind mit dem jeweiligen Betreuer abzustimmen. Vor dem Präsentationstermin muss dem Betreuer eine Preversion der schriftlichen Ausarbeitung vorliegen. Diese wird durch den jeweiligen Betreuer einmalig korrigiert. Die Korrekturen sind in die finale Version der Ausarbeitung einzuarbeiten.

Ein Seminarvortrag umfasst üblicherweise 20-30 Minuten, einschließlich einer anschließenden Fragerunde. Das Foliendesign sowie die Vortragssprache (deutsch, englisch) sind freigestellt. Bitte reichen Sie Ihre Ausarbeitung und Präsentation im PDF Format ein. Fragen und Korrekturen durch die Betreuer sind während des Vortrags möglich, sofern Nachbesserungs- oder Klärungsbedarf besteht.

Anwesenheitspflicht: Am Ende des Semesters werden die Vorträge innerhalb eine Blocktermins abgehalten (KEINE WÖCHENTLICHEN TERMINE!). An diesem Termin besteht Anwesenheitspflicht

free TBA

On Tightly Secure Non-Interactive Key Exchange

Abstract: We consider the reduction loss of security reductions for non-

interactive key exchange (NIKE) schemes. Currently, no tightly secure NIKE schemes exist, and in fact Bader et al. (EUROCRYPT 2016) provide a lower bound (of O(n^2), where n is the number of parties an adversary interacts with) on the reduction loss for a large class of NIKE schemes.

We offer two results: the first ``somewhat tight'' NIKE scheme (with a reduction loss of n/2) that circumvents the lower bound of Bader et al., but is of course still far from tightly secure. Second, we provide a generalization of Bader et al.'s lower bound to a larger class of NIKE schemes (that also covers our NIKE scheme), with an adapted lower bound of n/2 on the reduction loss. Hence, in that sense, the reduction for our NIKE scheme is optimal.

https://eprint.iacr.org/2018/237

Betreuer: Sebastian Lauer <sebastian.lauer@rub.de>

Lauer
free TBA

Cure53 Browser Security White Paper Chapter 5. Security Features of Browser Extensions & Plugins - Seite 168 bis 215

Chapter 5. Security Features of Browser Extensions & Plugins This chapter takes a closer look at security topics linked to browser extensions and plugins. As with other aspects of our daily lives, we have very much gotten used to the idea of customization when it comes to our browsing experience. This approach is conveyed in browser development, as all vendors allow users to modify and personalize their navigation tools through the possibility of installing Add-Ons. There is a plethora of reasons that can inspire a given browser addition. [...] The extensibility of Add-Ons is a double-edged sword. On the one hand, a browser certainly wants the users to be satisfied with its offer of an enriched browsing experience. Security-wise, on the other hand, we cannot just pretend that extensions come scot-free. Therefore, a browser - when it comes to Add-ons, must find a balance between user-experience and keeping a close eye on the security impact of extensions. At all cost, browsers must have contingency plans regarding trust and potential for the extensions to be either vulnerable or just simply rogue.

https://github.com/cure53/browser-sec-whitepaper/

Betreuer: Dominik Noß <dominik.noss@rub.de>

Noß
free TBA

Cure53 Browser Security White Paper

Chapter 3. CSP, XFO, SRI & Other Security Features This chapter’s aim is to list and discuss relevant security features installed in the tested browsers. What we focus on here are the particular features which seek to reduce the extent of attack surface, especially in connection with web-based attacks. In other words, the research presented here concerns classic Cross-Site Scripting (XSS), XSS via maliciously influenced MIME Sniffing, Clickjacking and UI Redressing, as well as the unintentional inclusion of malicious files from a website that makes use of a compromised Content Delivery Network (CDN).

Betreuer: Dominik Noß <dominik.noss@rub.de>

Noß
free TBA

Cure53 Browser Security White Paper

Chapter 4. DOM Security Features To support dynamic web pages, browsers expose the Document Object Model (DOM) API. The essence of why we need the DOM is that it allows web pages to access the document interactively. If you are not too familiar with the DOM concept, you can imagine it as a glue between the HTML and the scripting features that a website can utilize. The DOM comprise a large group of objects, properties and methods that allow scripts to interact with the HTML of the website. It is thanks to the DOM that they can talk to other features like storage facilities, hardware and parts of the operating system through objects like window, document and navigator. As many web applications are utilizing the DOM for various tasks, securing the DOM becomes one of the most pressing topics in contemporary web security.

Betreuer: Dominik Noß <dominik.noss@rub.de>

Noß
free TBA

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs

Cross-Site Request Forgery (CSRF) vulnerabilities are a severe class of web vulnerabilities that have received only marginal attention from the research and security testing communities. While much effort has been spent on countermeasures and detection of XSS and SQLi, to date, the detection of CSRF vulnerabilities is still performed predominantly manually. In this paper, we present Deemon, to the best of our knowledge the first automated security testing framework to discover CSRF vulnerabilities. Our approach is based on a new modeling paradigm which captures multiple aspects of web applications, including execution traces, data flows, and architecture tiers in a unified, comprehensive property graph. We present the paradigm and show how a concrete model can be built automatically using dynamic traces. Then, using graph traversals, we mine for potentially vulnerable operations. Using the information captured in the model, our approach then automatically creates and conducts security tests, to practically validate the found CSRF issues. We evaluate the effectiveness of Deemon with 10 popular open source web applications. Our experiments uncovered 14 previously unknown CSRF vulnerabilities that can be exploited, for instance, to take over user accounts or entire websites.

https://acmccs.github.io/papers/p1757-pellegrinoA.pdf

Betreuer: Vlasdislav Mladenov <vladislav.mladenov@rub.de>

Mladenov
free TBA

Untagging Tor: A Formal Treatment of Onion Encryption

Abstract: Tor is a primary tool for maintaining anonymity online. It provides a low-latency, circuit-based, bidirectional secure channel between two parties through a network of onion routers, with the aim of obscuring exactly who is talking to whom, even to adversaries controlling part of the network. Tor relies heavily on cryptographic techniques, yet its onion encryption scheme is susceptible to tagging attacks (Fu and Ling, 2009), which allow an active adversary controlling the first and last node of a circuit to deanonymize with near-certainty. This contrasts with less active traffic correlation attacks, where the same adversary can at best deanonymize with high probability. The Tor project has been actively looking to defend against tagging attacks and its most concrete alternative is proposal 261, which specifies a new onion encryption scheme based on a variable-input-length tweakable cipher.

We provide a formal treatment of low-latency, circuit-based onion encryption, relaxed to the unidirectional setting, by expanding existing secure channel notions to the new setting and introducing circuit hiding to capture the anonymity aspect of Tor. We demonstrate that circuit hiding prevents tagging attacks and show proposal 261's relay protocol is circuit hiding and thus resistant against tagging attacks.

URL: https://eprint.iacr.org/2018/162.pdf

Betreuer: Paul Rösler <paul.roesler@rub.de>

Rösler
free TBA

A Formal Treatment of Multi-key Channels

Abstract: Secure channel protocols protect data transmission over a network from being overheard or tampered with. In the common abstraction, cryptographic models for channels involve a single key for ensuring the central security notions of confidentiality and integrity. The currently developed next version of the Transport Layer Security protocol, TLS 1.3, however introduces a key updating mechanism in order to deploy a sequence of multiple, possibly independent encryption keys in its channel sub-protocol. This design aims at achieving forward security, protecting prior communication after long-term key corruption, as well as security of individual channel phases even if the key in other phases is leaked (a property we denote as phase-key insulation). Neither of these security aspects has been treated formally in the context of cryptographic channels so far, leading to a current lack of techniques to evaluate such channel designs cryptographically.

We approach this gap by introducing the first formal model of multi-key channels, where sender and receiver can update their shared secret key during the lifetime of the channel without interrupting the communication. We present modular, game-based notions for confidentiality and integrity, integrating forward security and phase-key insulation as two advanced security aspects. As we show, our framework of notions on the lower end of its hierarchy naturally connects to the existing notions of stateful encryption established for single-key channels. Like for classical channels, it further allows for generically composing chosen-ciphertext confidentiality from chosen-plaintext confidentiality and ciphertext integrity. We instantiate the strongest security notions in our model with a construction based on authenticated encryption with associated data and a pseudorandom function. Being comparatively close, our construction additionally enables us to discuss the TLS 1.3 record protocol design.

Betreuer: Paul Rösler <paul.roesler@rub.de>

Rösler
free TBA

Can We Overcome the n log n Barrier for Oblivious Sorting?

Abstract: It is well-known that non-comparison-based techniques can allow us to sort n elements in o(nlogn) time on a Random-Access Machine (RAM). On the other hand, it is a long-standing open question whether (non-comparison-based) circuits can sort n elements from the domain [1..2k] with o(knlogn) boolean gates. We consider weakened forms of this question: first, we consider a restricted class of sorting where the number of distinct keys is much smaller than the input length; and second, we explore Oblivious RAMs and probabilistic circuit families, i.e., computational models that are somewhat more powerful than circuits but much weaker than RAM. We show that Oblivious RAMs and probabilistic circuit families can sort o(logn)-bit keys in o(nlogn) time or o(knlogn) circuit complexity where n is the input length. We also show that in the balls-and-bins model of sorting where each key may carry an opaque ball that can only be moved around atomically but cannot be computed upon, our result achieves optimality, in that any oblivious algorithm or probabilistic circuit family that sorts n balls each with a Ω(logn)-bit key must incur at least Ω(nlogn)

atomic movement operations on balls. We extend our result to support the case when the keys are chosen from a large space but the number of distinct keys is small.

Finally, we optimize the IO efficiency of our oblivious algorithms for RAMs --- we show that even the 1 -bit special case of our algorithm can solve open questions regarding whether there exist oblivious algorithms for tight compaction and selection in linear IO.

URL: https://eprint.iacr.org/2018/227.pdf

Betreuer: Paul Rösler <paul.roesler@rub.de>

Rösler