|Titel:||Ausgewählte Themen in Verteilten Systemen|
|Englischer Titel:||Selected Topics in Distributed Systems|
|Kürzel / Nr. / Modulnr.:||ATVS / CS5900.113 / 72041|
|SWS / LP:||2S / 4LP|
|Dozent:||Prof. Dr. Frank Kargl, Prof. Dr.-Ing. Franz J. Hauck|
|Betreuer:||Ala'a Al-Momani, Leonard Bradatsch, Felix Engelmann, Eugen Frasch, Gerhard Habiger, Matthias Matousek, Muntazir Mehdi, Dominik Meißner, David Mödinger, Michael Wolf, Externe|
|Termine:||Einführungsveranstaltung (verpflichtend) |
Wissenschaftliches Arbeiten (verpflichtend)
Räume und Daten siehe Moodlekurs.
|Lernplattform:||Kursmaterialien finden Sie im Moodle-Kurs. Sie werden dem Kurs automatisch hinzugefügt, sobald Sie eines unserer Seminare besuchen.|
|Themenvergabe:||Bitte Beachten: Die zentrale Themenvergabe erfolgt immer bereits gegen Ende des vorherigen Semesters über die zentrale Seminarthemen-Vergabe-Plattform im Moodle.|
|Sprache:||Alle Themen können in deutscher oder englischer Sprache bearbeitet werden, sofern nicht anders angegeben.|
• free (3) ✘ assigned
• Your own topic – English only
You have the possibility until the beginning of the semester to come up with your own topic and find a supervisor who is willing to mentor more students.
✘ Location Privacy – English only
Location-based services (LBSs) have become an essential part of our daily lives. In such services, users offer their (precise) locations to service providers in return of benefiting from the service. However, offering location data to service providers put users' privacy at huge risk. Often these locations are associated with points of interest (POIs) of the users. Therefore, service providers are able to infer users' private behavior by knowing these POIs with a relatively high degree of certainty. For this reason, the adoption and deployment of location privacy protection mechanisms (LPPMs) are essential to protect users' privacy. In this seminar, you will investigate and discuss the existing LPPMs as well as the privacy metrics that reflect how much privacy a user gains when applying a protection mechanism.Ala'a Al-Momani
✘ Privacy in Ride Hailing Services – English only
Online taxi services, which are also known as ride-hailing services (RHSs), are becoming more and more popular. People rely on such services on daily basis. Potentially, some of the origins or destinations of such trips may be sensitive and reveal additional information about the user of a RHS including their behavior. Thus, RHSs in their current setting pose some serious privacy risks to the users. Recently, there has been many proposals for privacy-enhanced ride hailing systems. In this seminar, you will investigate and discuss such privacy-enhanced systems while addressing the way they achieve the privacy enhanced features and the utility loss of each.Ala'a Al-Momani
✘ Privacy Patterns Landscape – English only
Privacy engineering has gained a lot of attention recently. Many methodologies and tools have been proposed to assist practitioners coming up with privacy-enhanced systems. Privacy patterns are considered one of the backbones to introduce such privacy-enhanced systems. In this seminar, you will investigate current privacy patterns and analyse them from architectural, design, and system perspective in a similar way security patterns were analyzed.
✘ Programming Models for the Internet of Things – English only
IoT, the infamous Internet of Things, provides and interesting example of a heterogenous distributed network: Many different nodes with very different capabilities and properties, act together as one application. From powerful cloud instances over edge gateways to sensors, developers desire a well integrated programming environment. There are some noteable attempts to provide a programming model for this case. The goal of this seminar is to probide an overview over common approaches or concrete programming models used in practice or proposed by academia.
✘ State of the Art of Web Application Security – English only
The field of web applications is constantly and rapidly evolving, but so are attacks targeting them. For this reason the World Wide Web Consortium (W3C) assembled a working group to develop technical and policy mechanisms to improve the security for applications on the Web. In recent years, this Web Application Security Group proposed various drafts for mechanisms of which some have been refined into W3C recommendations and are now implemented in all major browsers (such as CSP and SRI). This seminar should give an overview of and discuss these recommendations and their practical implications for current web applications.Dominik Meißner
✘ Trusted Execution Environments – English only
Trust management is a central aspect of computer security. For instance, an operating system uses sandboxes to protect itself and other applications from viruses and malicious software, and cryptography is used to protect data in transit and at rest. With the advent of cloud computing, even the hardware that executes a particular software is not always considered trustworthy. Trusted Execution Environments (TEEs) try to relieve of the need to fully trust the hardware, by adding a secure area to the CPU that can guarantee code/data confidentiality and integrity through cryptographic means. Hence, protecting an application from untrusted hardware, software, and even privileged attackers (i.e., the operating system). Several TEE implementations can already be used today, such as Intel SGX and ARM TrustZone. While the former proprietary implementations often expect trust in the vector, open-source alternatives that address this weak point are already in development.
✘ Resource Scheduling in Cloud Computing – English only
With increased popularity of Cloud Computing the approach of treating multiple nodes as one big resource unit came up. This allows to run multiple different applications on one cluster at the same time. The biggest challenge is to schedule the processes of the applications without overstress the cluster or slowing down one of the applications.
✘ Securing Smartphones – English only
In this day and age, almost everyone owns a smartphone and takes it with them wherever they go. These devices contain a lot of personal data; thus, securing these devices is very important.
The goal of this seminar is to give an overview of the security architectures and mechanisms implemented in modern smartphones (for example based on iOS and/or Android) and to research solutions and proposals from academic literature.Felix Engelmann
✘ Range Proofs – English only
Confidential transactions in crypto currencies require range proofs to detect integer overflows. Any output amount of a transaction has to be a positive integer. As storage is valuable on block-chains, the goal is to reduce the size as much as possible. Recent advances in bulletproofs reduce the size significantly.
✘ An Introduction to Reinforcement Learning – English only
Reinforcement Learning (RL) encompasses a broad field of machine learning techniques aimed at enabling machines to tackle complex problems like video games, robotics or financial systems.
|✘ Analysis of Modern Network Testing Approaches – English only |
Every (new) network protocol (e.g., TCP or NetFlow) and device (e.g., switches or routers) needs to be tested. The main task of this seminar is to outline different modern testing approaches. In what way do researches test network protocols and devices. In what network environment is the protocol/device tested? What traffic is used? How often are test runs repeated?
✘ Network Security Breaches – English only
The goal of this seminar is the outlining of popular network security breaches (2-3 examples). Subsequently, state-of-the-art protection or detection approaches against these presented breaches should be explained.Leonard Bradatsch
✘ Recent Advances in Game AI – English only
The goal of this seminar is to survey recent advances in game AI research. A lot of interesting progress and discoveries have been made in the last years of machine learning and artificial intelligence research in the context of games.Matthias Matousek
✘ Cryptographic Accumulators – English only
Cryptographic Accumulators are comparable to cryptographic hashes; but instead of creating a digest of a single element, multiple values can be accumulated into a single digest. Afterwards it is possible to prove if individual elements are contained in the digest or not. This basic construct can be used to build very interesting applications, from secure signatures to electronic cash systems. The goal of this seminar is to present the idea behind cryptographic accumulators and how they can be applied to such applications.Matthias Matousek
✘ Messenger Security – English only
Messenger apps are among the most common communication forms. Almost every person with a smartphone uses one or more messengers. As messages often contain very private information, the security and privacy of such messenger services is crucial for users.
• Time constraints of Security in CACC – English only
One application of Corporate Adaptive Cruise Control (CACC) is platooning where vehicles drive very close after each other to reduce the air resistance and therefore reduce fuel consumption. This, however, comes with safety risks due to the reduced distance gap to the following vehicle and therefore reduced reaction time. If the vehicles drive 100 km/h (~30m/s), a safety distance of 50m is required by German law. When this distance is now reduced to 10m or less in CACC, only a third of a second reaction time is available. During this time, a message send from the leading vehicle, needs to be processed by both vehicles, the leading and the ego vehicle. E.g. by encrypting, signing, verifying, ...
✘ Internet of Things: A Security Perspective – English only
IoT devices have been in the new for both, the huge incease in numbers and spread in different areas, but also for having weak security and being abused by botnets. During the development phase of IoT articles, the security perspective specifically for this domain is missing in many cases. For example, these items have lower hardware requirements than regular computers, which limits the use of hard encrpytion algorithms.
✘ Mobile Sensing and Smartphone Apps for Hearing Healthcare – English only
Mobile Sensing often focuses on the aspects of sensor data collection and analysis applied particularly for the purposes of education, diagnosis, treatment, or monitoring.
• Surveying Peripheral Sensors in Context of Mobile Crowdsensing – English only
In this seminar report, the students are required to survey the current state of peripheral sensors that can be coupled with smartphones to further accurate the mobile crowdsensing applications. These peripheral sensors can be coupled with smartphones using Bluetooth technology or wifi. The students would be further required to study the current state of coupling technologies. In addition to the general perspective, the students will survey the peripheral sensors, their technology, and limitations within the context of mHealth (mobile health).
✘ The Signal Messaging Protocol – English only
WhatsApp, Wire, Facebook Messenger and Signal (among others) implement end-to-end encryption using the Signal Messaging Protocol. This protocol implements several uncommon and desirable security properties, such as "future secrecy", "post-compromise security", or "message repudiation". These features are enabled by the underlying key exchange and message exchange algorithms Extended Triple Diffie-Hellman (X3DH) and the Double Ratchet Algorithm. Various security research groups (Cohn-Gordon et al. in 2019, Frosch et al. in 2016, Kobeissi et al. in 2017) have analyzed the Signal Messaging Protocol and have given the protocol design positive reviews.
Clemens Lang (BMW Car IT)
✘ The state of post-quantum RSA – English only
The publication of Shor’s quantum computer integer factorization algorithm in 1994 is often understood as the beginning of the end of RSA. More than 25 years later, quantum computers are still far away from executing Shor’s algorithm on real world problems. Nevertheless, the recent advances in quantum computer technology indicate that there is a real threat the probably still most-widely used public-key cryptography algorithm out there. But not only quantum computers advanced but also the research on cryptography. More recent research on RSA shows that its parameters can be tuned in a way that quantum attacks are infeasible while the regular RSA operations on are still feasible on classical computers (albeit costly).
✘ Timing Attacks - An Overview – English only
Classical cryptographic research deals with adversaries having polynomially bounded computational power. However, this attack model is not always realistic. In particular, an attacker may be able to measure the time it takes to run cryptographic algorithms. As often the running time of an algorithm depends on its input, this can be used to gather various information about the inputs to the algorithm or its internal workings. In a security context, sensitive data such as encryption keys and passwords may be recoverable by measuring the run time of programs. Examples the multiplications in the RSA algorithm, the POODLE and Lucky Thirteen Attack on TLS, as well as various forms of Cache timing attacks (PRIME+PROBE, EVICT+TIME).
In this seminar, the student should give an overview of timing attacks, thereby explaining at least one example in depth. Further, some mitigations against timing attacks should be discussed.
Henning Kopp (Schutzwerk GmbH)
✘ Security Assessment of the Open Charge Point Protocol – English only
The Open Charge Point Protocol (OCPP) specifies the communication between charge points for electric vehicles and the energy provider. It authenticates the user to authorize the payment of the consumed energy for charging the vehicle.
The protocol specification contains a number of security relevant design decisions, that are disputable. Thus, this seminar paper should highlight possible security issues in the design and discuss them. Moreover, a survey of existing works that address OCPP security should accompany the discussion. Finally, possible improvements should be proposed.
Sorted by Topics
Distributed Systems/ IoT/ Web
Mobile Health and Security
AI / ML
Beschreibung und allgemeine Angaben, Modulbeschreibung
|Lehr- und Lernformen: Ausgewählte Themen in Verteilten Systemen, 2S, 4LP|
|Modulkoordinator: Prof. Dr. Frank Kargl|
|Turnus / Dauer: jedes Semester / ein volles Semester|
|Voraussetzungen (inhaltlich): Grundlagen der Rechnernetze, Proseminar|
|Voraussetzungen (formal): -|
|Grundlage für (inhaltlich): -|