Titel:	Ausgewählte Themen in Verteilten Systemen
Englischer Titel:	Selected Topics in Distributed Systems
Typ:	Seminar, Modul
Kürzel / Nr. / Modulnr.:	ATVS / CS5900.113 / 72041
SWS / LP:	2S / 4LP
Dozent:	Prof. Dr. Frank Kargl, Prof. Dr.-Ing. Franz J. Hauck
Betreuer:	Ala'a Al-Momani, Leonard Bradatsch, Felix Engelmann, Eugen Frasch, Gerhard Habiger, Matthias Matousek, Muntazir Mehdi, Echo Meißner, David Mödinger, Michael Wolf, Externe
Termine:	Einführungsveranstaltung (verpflichtend) Wissenschaftliches Arbeiten (verpflichtend) LaTeX-Einführung (freiwillig) Präsentationstechniken (verpflichtend) Vortragsblocktermin (ganztägig) Räume und Daten siehe Moodlekurs.
Lernplattform:	Kursmaterialien finden Sie im Moodle-Kurs. Sie werden dem Kurs automatisch hinzugefügt, sobald Sie eines unserer Seminare besuchen.
Themenvergabe:	Bitte Beachten: Die zentrale Themenvergabe erfolgt immer bereits gegen Ende des vorherigen Semesters über die zentrale Seminarthemen-Vergabe-Plattform im Moodle.
Sprache:	Alle Themen können in deutscher oder englischer Sprache bearbeitet werden, sofern nicht anders angegeben.

Themen

• free (3) ✘ assigned
• Your own topic – English only You have the possibility until the beginning of the semester to come up with your own topic and find a supervisor who is willing to mentor more students.
✘ Location Privacy – English only Location-based services (LBSs) have become an essential part of our daily lives. In such services, users offer their (precise) locations to service providers in return of benefiting from the service. However, offering location data to service providers put users' privacy at huge risk. Often these locations are associated with points of interest (POIs) of the users. Therefore, service providers are able to infer users' private behavior by knowing these POIs with a relatively high degree of certainty. For this reason, the adoption and deployment of location privacy protection mechanisms (LPPMs) are essential to protect users' privacy. In this seminar, you will investigate and discuss the existing LPPMs as well as the privacy metrics that reflect how much privacy a user gains when applying a protection mechanism. Ala'a Al-Momani
✘ Privacy in Ride Hailing Services – English only Online taxi services, which are also known as ride-hailing services (RHSs), are becoming more and more popular. People rely on such services on daily basis. Potentially, some of the origins or destinations of such trips may be sensitive and reveal additional information about the user of a RHS including their behavior. Thus, RHSs in their current setting pose some serious privacy risks to the users. Recently, there has been many proposals for privacy-enhanced ride hailing systems. In this seminar, you will investigate and discuss such privacy-enhanced systems while addressing the way they achieve the privacy enhanced features and the utility loss of each. Ala'a Al-Momani
✘ Privacy Patterns Landscape – English only Privacy engineering has gained a lot of attention recently. Many methodologies and tools have been proposed to assist practitioners coming up with privacy-enhanced systems. Privacy patterns are considered one of the backbones to introduce such privacy-enhanced systems. In this seminar, you will investigate current privacy patterns and analyse them from architectural, design, and system perspective in a similar way security patterns were analyzed. According to the analysis you carry on, you are expected to classify the privacy patterns into, among others, application architecture patterns, application design patterns, and system-wide architecture patterns, providing a holistic landscape of the current status of privacy patterns. Ala'a Al-Momani
✘ Programming Models for the Internet of Things – English only IoT, the infamous Internet of Things, provides and interesting example of a heterogenous distributed network: Many different nodes with very different capabilities and properties, act together as one application. From powerful cloud instances over edge gateways to sensors, developers desire a well integrated programming environment. There are some noteable attempts to provide a programming model for this case. The goal of this seminar is to probide an overview over common approaches or concrete programming models used in practice or proposed by academia. David Mödinger
✘ State of the Art of Web Application Security – English only The field of web applications is constantly and rapidly evolving, but so are attacks targeting them. For this reason the World Wide Web Consortium (W3C) assembled a working group to develop technical and policy mechanisms to improve the security for applications on the Web. In recent years, this Web Application Security Group proposed various drafts for mechanisms of which some have been refined into W3C recommendations and are now implemented in all major browsers (such as CSP and SRI). This seminar should give an overview of and discuss these recommendations and their practical implications for current web applications. Echo Meißner
✘ Trusted Execution Environments – English only Trust management is a central aspect of computer security. For instance, an operating system uses sandboxes to protect itself and other applications from viruses and malicious software, and cryptography is used to protect data in transit and at rest. With the advent of cloud computing, even the hardware that executes a particular software is not always considered trustworthy. Trusted Execution Environments (TEEs) try to relieve of the need to fully trust the hardware, by adding a secure area to the CPU that can guarantee code/data confidentiality and integrity through cryptographic means. Hence, protecting an application from untrusted hardware, software, and even privileged attackers (i.e., the operating system). Several TEE implementations can already be used today, such as Intel SGX and ARM TrustZone. While the former proprietary implementations often expect trust in the vector, open-source alternatives that address this weak point are already in development. In this seminar, you will investigate TEEs, highlight use-cases for this technology, and compare prominent representatives for their features and shortcomings. Echo Meißner
✘ Resource Scheduling in Cloud Computing – English only With increased popularity of Cloud Computing the approach of treating multiple nodes as one big resource unit came up. This allows to run multiple different applications on one cluster at the same time. The biggest challenge is to schedule the processes of the applications without overstress the cluster or slowing down one of the applications. The goal of this seminar is to look at the different scheduling approaches and their use cases in cloud computing. Eugen Frasch
✘ Securing Smartphones – English only In this day and age, almost everyone owns a smartphone and takes it with them wherever they go. These devices contain a lot of personal data; thus, securing these devices is very important. The goal of this seminar is to give an overview of the security architectures and mechanisms implemented in modern smartphones (for example based on iOS and/or Android) and to research solutions and proposals from academic literature. Felix Engelmann
✘ Range Proofs – English only Confidential transactions in crypto currencies require range proofs to detect integer overflows. Any output amount of a transaction has to be a positive integer. As storage is valuable on block-chains, the goal is to reduce the size as much as possible. Recent advances in bulletproofs reduce the size significantly. The paper should compare the different existing methods and point out how the improvements are achieved. Felix Engelmann
✘ An Introduction to Reinforcement Learning – English only Reinforcement Learning (RL) encompasses a broad field of machine learning techniques aimed at enabling machines to tackle complex problems like video games, robotics or financial systems. There are several sub-fields of RL like Deep RL or Apprenticeship Learning which use different paradigms to produce intelligent agents capable of solving difficult problems. This seminar should give an overview over RL in general, describe its main ideas and features, and either provide a comprehensive set of examples where RL succeeded (or didn't succeed), and/or attempt to solve a a small problem to demonstrate how RL works. Gerhard Habiger
✘ Analysis of Modern Network Testing Approaches – English only Every (new) network protocol (e.g., TCP or NetFlow) and device (e.g., switches or routers) needs to be tested. The main task of this seminar is to outline different modern testing approaches. In what way do researches test network protocols and devices. In what network environment is the protocol/device tested? What traffic is used? How often are test runs repeated? The seminar paper should outline modern approaches and state the pros and cons of the presented methodologies. Leonard Bradatsch
✘ Network Security Breaches – English only The goal of this seminar is the outlining of popular network security breaches (2-3 examples). Subsequently, state-of-the-art protection or detection approaches against these presented breaches should be explained. Leonard Bradatsch
✘ Recent Advances in Game AI – English only The goal of this seminar is to survey recent advances in game AI research. A lot of interesting progress and discoveries have been made in the last years of machine learning and artificial intelligence research in the context of games. Matthias Matousek
✘ Cryptographic Accumulators – English only Cryptographic Accumulators are comparable to cryptographic hashes; but instead of creating a digest of a single element, multiple values can be accumulated into a single digest. Afterwards it is possible to prove if individual elements are contained in the digest or not. This basic construct can be used to build very interesting applications, from secure signatures to electronic cash systems. The goal of this seminar is to present the idea behind cryptographic accumulators and how they can be applied to such applications. Matthias Matousek
✘ Messenger Security – English only Messenger apps are among the most common communication forms. Almost every person with a smartphone uses one or more messengers. As messages often contain very private information, the security and privacy of such messenger services is crucial for users. In this seminar, popular messaging apps and their protocols are examined and evaluated for their security properties, such as end-to-encryption, etc. Matthias Matousek
• Time constraints of Security in CACC – English only One application of Corporate Adaptive Cruise Control (CACC) is platooning where vehicles drive very close after each other to reduce the air resistance and therefore reduce fuel consumption. This, however, comes with safety risks due to the reduced distance gap to the following vehicle and therefore reduced reaction time. If the vehicles drive 100 km/h (~30m/s), a safety distance of 50m is required by German law. When this distance is now reduced to 10m or less in CACC, only a third of a second reaction time is available. During this time, a message send from the leading vehicle, needs to be processed by both vehicles, the leading and the ego vehicle. E.g. by encrypting, signing, verifying, ... Your task is to look at the time each task will take (theoretically and if possible practically) and evaluate if it is enough time to execute these steps with proper security in mind. Michael Wolf
✘ Internet of Things: A Security Perspective – English only IoT devices have been in the new for both, the huge incease in numbers and spread in different areas, but also for having weak security and being abused by botnets. During the development phase of IoT articles, the security perspective specifically for this domain is missing in many cases. For example, these items have lower hardware requirements than regular computers, which limits the use of hard encrpytion algorithms. The student has to give a broad overview of IoT devices with an introduction to their basic architecture. Then, the student has to find security threats specifically for this domain, with examples. Last, the student has to propose some protection mechanisms, which should be implemented to mitigate said threats. Michael Wolf
✘ Mobile Sensing and Smartphone Apps for Hearing Healthcare – English only Mobile Sensing often focuses on the aspects of sensor data collection and analysis applied particularly for the purposes of education, diagnosis, treatment, or monitoring. The aim of this seminar is to study current developments in mobile sensing and smartphone apps, specifically applied in the domain of hearing healthcare. Muntazir Mehdi
• Surveying Peripheral Sensors in Context of Mobile Crowdsensing – English only In this seminar report, the students are required to survey the current state of peripheral sensors that can be coupled with smartphones to further accurate the mobile crowdsensing applications. These peripheral sensors can be coupled with smartphones using Bluetooth technology or wifi. The students would be further required to study the current state of coupling technologies. In addition to the general perspective, the students will survey the peripheral sensors, their technology, and limitations within the context of mHealth (mobile health). Muntazir Mehdi

✘ The Signal Messaging Protocol – English only WhatsApp, Wire, Facebook Messenger and Signal (among others) implement end-to-end encryption using the Signal Messaging Protocol. This protocol implements several uncommon and desirable security properties, such as "future secrecy", "post-compromise security", or "message repudiation". These features are enabled by the underlying key exchange and message exchange algorithms Extended Triple Diffie-Hellman (X3DH) and the Double Ratchet Algorithm. Various security research groups (Cohn-Gordon et al. in 2019, Frosch et al. in 2016, Kobeissi et al. in 2017) have analyzed the Signal Messaging Protocol and have given the protocol design positive reviews. Which interesting security guarantees does the Signal Protocol provide? How are those properties achieved? What weaknesses have been identified in the protocol? Clemens Lang (BMW Car IT)
✘ The state of post-quantum RSA – English only The publication of Shor’s quantum computer integer factorization algorithm in 1994 is often understood as the beginning of the end of RSA. More than 25 years later, quantum computers are still far away from executing Shor’s algorithm on real world problems. Nevertheless, the recent advances in quantum computer technology indicate that there is a real threat the probably still most-widely used public-key cryptography algorithm out there. But not only quantum computers advanced but also the research on cryptography. More recent research on RSA shows that its parameters can be tuned in a way that quantum attacks are infeasible while the regular RSA operations on are still feasible on classical computers (albeit costly). Your work should give an overview of RSA’s problems with quantum computers and what can be done about it at which cost. A basic understanding of the mathematical background of RSA is needed to write this paper but can be acquired while working on the topic. Martin Lang (BMW Car IT)
✘ Timing Attacks - An Overview – English only Classical cryptographic research deals with adversaries having polynomially bounded computational power. However, this attack model is not always realistic. In particular, an attacker may be able to measure the time it takes to run cryptographic algorithms. As often the running time of an algorithm depends on its input, this can be used to gather various information about the inputs to the algorithm or its internal workings. In a security context, sensitive data such as encryption keys and passwords may be recoverable by measuring the run time of programs. Examples the multiplications in the RSA algorithm, the POODLE and Lucky Thirteen Attack on TLS, as well as various forms of Cache timing attacks (PRIME+PROBE, EVICT+TIME). In this seminar, the student should give an overview of timing attacks, thereby explaining at least one example in depth. Further, some mitigations against timing attacks should be discussed. Henning Kopp (Schutzwerk GmbH)
✘ Security Assessment of the Open Charge Point Protocol – English only The Open Charge Point Protocol (OCPP) specifies the communication between charge points for electric vehicles and the energy provider. It authenticates the user to authorize the payment of the consumed energy for charging the vehicle. The protocol specification contains a number of security relevant design decisions, that are disputable. Thus, this seminar paper should highlight possible security issues in the design and discuss them. Moreover, a survey of existing works that address OCPP security should accompany the discussion. Finally, possible improvements should be proposed. Stephan Kleber (Daimler TSS)

Sorted by Topics Automotive - Time constraints of Security in CACC (Michael Wolf) - Security Assessment of the Open Charge Point Protocol (Stephan Kleber DaimlerTSS) Cryptography - Range Proofs (Felix Engelmann) - Cryptographic Accumulators (Matthias Matousek) - The state of post-quantum RSA (Martin Lang BMW) - The Signal Messaging Protocol (Clemens Lang BMW) - Timing Attacks - An Overview (Henning Kopp Schutzwerk) - Trusted Execution Environments (Echo Meißner) Distributed Systems/ IoT/ Web - Resource Scheduling in Cloud Computing (Eugen Frasch) - Programming Models for the Internet of Things (David Mödinger) - State of the Art of Web Application Security (Echo Meißner) - Internet of Things: A Security Perspective (Michael Wolf) Mobile Health and Security - Mobile Sensing and Smartphone Apps for Hearing Healthcare (Muntazir Mehdi) - Surveying Peripheral Sensors in Context of Mobile Crowdsensing (Muntazir Mehdi) - Securing Smartphones (Felix Engelmann) Network Security - Analysis of Modern Network Testing Approaches (Leonard Bradatsch) - Network Security Breaches (Leonard Bradatsch) AI / ML - Recent Advances in Game AI (Matthias Matousek) - An Introduction to Reinforcement Learning (Gerhard Habiger) Privacy - Location Privacy (Ala'a Al-Momani) - Privacy in Ride Hailing Services (Ala'a Al-Momani)

• free (3) ✘ assigned

• Your own topic – English only

You have the possibility until the beginning of the semester to come up with your own topic and find a supervisor who is willing to mentor more students.

✘ Location Privacy – English only

Location-based services (LBSs) have become an essential part of our daily lives. In such services, users offer their (precise) locations to service providers in return of benefiting from the service. However, offering location data to service providers put users' privacy at huge risk. Often these locations are associated with points of interest (POIs) of the users. Therefore, service providers are able to infer users' private behavior by knowing these POIs with a relatively high degree of certainty. For this reason, the adoption and deployment of location privacy protection mechanisms (LPPMs) are essential to protect users' privacy. In this seminar, you will investigate and discuss the existing LPPMs as well as the privacy metrics that reflect how much privacy a user gains when applying a protection mechanism.

Ala'a Al-Momani

✘ Privacy in Ride Hailing Services – English only

Online taxi services, which are also known as ride-hailing services (RHSs), are becoming more and more popular. People rely on such services on daily basis. Potentially, some of the origins or destinations of such trips may be sensitive and reveal additional information about the user of a RHS including their behavior. Thus, RHSs in their current setting pose some serious privacy risks to the users. Recently, there has been many proposals for privacy-enhanced ride hailing systems. In this seminar, you will investigate and discuss such privacy-enhanced systems while addressing the way they achieve the privacy enhanced features and the utility loss of each.

Ala'a Al-Momani

✘ Privacy Patterns Landscape – English only

Privacy engineering has gained a lot of attention recently. Many methodologies and tools have been proposed to assist practitioners coming up with privacy-enhanced systems. Privacy patterns are considered one of the backbones to introduce such privacy-enhanced systems. In this seminar, you will investigate current privacy patterns and analyse them from architectural, design, and system perspective in a similar way security patterns were analyzed.
According to the analysis you carry on, you are expected to classify the privacy patterns into, among others, application architecture patterns, application design patterns, and system-wide architecture patterns, providing a holistic landscape of the current status of privacy patterns.

Ala'a Al-Momani

✘ Programming Models for the Internet of Things – English only

IoT, the infamous Internet of Things, provides and interesting example of a heterogenous distributed network: Many different nodes with very different capabilities and properties, act together as one application. From powerful cloud instances over edge gateways to sensors, developers desire a well integrated programming environment. There are some noteable attempts to provide a programming model for this case. The goal of this seminar is to probide an overview over common approaches or concrete programming models used in practice or proposed by academia.

David Mödinger

✘ State of the Art of Web Application Security – English only

The field of web applications is constantly and rapidly evolving, but so are attacks targeting them. For this reason the World Wide Web Consortium (W3C) assembled a working group to develop technical and policy mechanisms to improve the security for applications on the Web. In recent years, this Web Application Security Group proposed various drafts for mechanisms of which some have been refined into W3C recommendations and are now implemented in all major browsers (such as CSP and SRI). This seminar should give an overview of and discuss these recommendations and their practical implications for current web applications.

Echo Meißner

✘ Trusted Execution Environments – English only

Trust management is a central aspect of computer security. For instance, an operating system uses sandboxes to protect itself and other applications from viruses and malicious software, and cryptography is used to protect data in transit and at rest. With the advent of cloud computing, even the hardware that executes a particular software is not always considered trustworthy. Trusted Execution Environments (TEEs) try to relieve of the need to fully trust the hardware, by adding a secure area to the CPU that can guarantee code/data confidentiality and integrity through cryptographic means. Hence, protecting an application from untrusted hardware, software, and even privileged attackers (i.e., the operating system). Several TEE implementations can already be used today, such as Intel SGX and ARM TrustZone. While the former proprietary implementations often expect trust in the vector, open-source alternatives that address this weak point are already in development.
In this seminar, you will investigate TEEs, highlight use-cases for this technology, and compare prominent representatives for their features and shortcomings.

Echo Meißner

✘ Resource Scheduling in Cloud Computing – English only

With increased popularity of Cloud Computing the approach of treating multiple nodes as one big resource unit came up. This allows to run multiple different applications on one cluster at the same time. The biggest challenge is to schedule the processes of the applications without overstress the cluster or slowing down one of the applications.
The goal of this seminar is to look at the different scheduling approaches and their use cases in cloud computing.

Eugen Frasch

✘ Securing Smartphones – English only

In this day and age, almost everyone owns a smartphone and takes it with them wherever they go. These devices contain a lot of personal data; thus, securing these devices is very important.

The goal of this seminar is to give an overview of the security architectures and mechanisms implemented in modern smartphones (for example based on iOS and/or Android) and to research solutions and proposals from academic literature.

Felix Engelmann

✘ Range Proofs – English only

Confidential transactions in crypto currencies require range proofs to detect integer overflows. Any output amount of a transaction has to be a positive integer. As storage is valuable on block-chains, the goal is to reduce the size as much as possible. Recent advances in bulletproofs reduce the size significantly.
The paper should compare the different existing methods and point out how the improvements are achieved.

Felix Engelmann

✘ An Introduction to Reinforcement Learning – English only

Reinforcement Learning (RL) encompasses a broad field of machine learning techniques aimed at enabling machines to tackle complex problems like video games, robotics or financial systems.
There are several sub-fields of RL like Deep RL or Apprenticeship Learning which use different paradigms to produce intelligent agents capable of solving difficult problems.
This seminar should give an overview over RL in general, describe its main ideas and features, and either provide a comprehensive set of examples where RL succeeded (or didn't succeed), and/or attempt to solve a a small problem to demonstrate how RL works.

Gerhard Habiger

✘ Analysis of Modern Network Testing Approaches – English only

Every (new) network protocol (e.g., TCP or NetFlow) and device (e.g., switches or routers) needs to be tested. The main task of this seminar is to outline different modern testing approaches. In what way do researches test network protocols and devices. In what network environment is the protocol/device tested? What traffic is used? How often are test runs repeated?
The seminar paper should outline modern approaches and state the pros and cons of the presented methodologies.

Leonard Bradatsch

✘ Network Security Breaches – English only

The goal of this seminar is the outlining of popular network security breaches (2-3 examples). Subsequently, state-of-the-art protection or detection approaches against these presented breaches should be explained.

Leonard Bradatsch

✘ Recent Advances in Game AI – English only

The goal of this seminar is to survey recent advances in game AI research. A lot of interesting progress and discoveries have been made in the last years of machine learning and artificial intelligence research in the context of games.

Matthias Matousek

✘ Cryptographic Accumulators – English only

Cryptographic Accumulators are comparable to cryptographic hashes; but instead of creating a digest of a single element, multiple values can be accumulated into a single digest. Afterwards it is possible to prove if individual elements are contained in the digest or not. This basic construct can be used to build very interesting applications, from secure signatures to electronic cash systems. The goal of this seminar is to present the idea behind cryptographic accumulators and how they can be applied to such applications.

Matthias Matousek

✘ Messenger Security – English only

Messenger apps are among the most common communication forms. Almost every person with a smartphone uses one or more messengers. As messages often contain very private information, the security and privacy of such messenger services is crucial for users.
In this seminar, popular messaging apps and their protocols are examined and evaluated for their security properties, such as end-to-encryption, etc.

Matthias Matousek

• Time constraints of Security in CACC – English only

One application of Corporate Adaptive Cruise Control (CACC) is platooning where vehicles drive very close after each other to reduce the air resistance and therefore reduce fuel consumption. This, however, comes with safety risks due to the reduced distance gap to the following vehicle and therefore reduced reaction time. If the vehicles drive 100 km/h (~30m/s), a safety distance of 50m is required by German law. When this distance is now reduced to 10m or less in CACC, only a third of a second reaction time is available. During this time, a message send from the leading vehicle, needs to be processed by both vehicles, the leading and the ego vehicle. E.g. by encrypting, signing, verifying, ...
Your task is to look at the time each task will take (theoretically and if possible practically) and evaluate if it is enough time to execute these steps with proper security in mind.

Michael Wolf

✘ Internet of Things: A Security Perspective – English only

IoT devices have been in the new for both, the huge incease in numbers and spread in different areas, but also for having weak security and being abused by botnets. During the development phase of IoT articles, the security perspective specifically for this domain is missing in many cases. For example, these items have lower hardware requirements than regular computers, which limits the use of hard encrpytion algorithms.
The student has to give a broad overview of IoT devices with an introduction to their basic architecture. Then, the student has to find security threats specifically for this domain, with examples. Last, the student has to propose some protection mechanisms, which should be implemented to mitigate said threats.

Michael Wolf

✘ Mobile Sensing and Smartphone Apps for Hearing Healthcare – English only

Mobile Sensing often focuses on the aspects of sensor data collection and analysis applied particularly for the purposes of education, diagnosis, treatment, or monitoring.
The aim of this seminar is to study current developments in mobile sensing and smartphone apps, specifically applied in the domain of hearing healthcare.

Muntazir Mehdi

• Surveying Peripheral Sensors in Context of Mobile Crowdsensing – English only

In this seminar report, the students are required to survey the current state of peripheral sensors that can be coupled with smartphones to further accurate the mobile crowdsensing applications. These peripheral sensors can be coupled with smartphones using Bluetooth technology or wifi. The students would be further required to study the current state of coupling technologies. In addition to the general perspective, the students will survey the peripheral sensors, their technology, and limitations within the context of mHealth (mobile health).

Muntazir Mehdi

✘ The Signal Messaging Protocol – English only

WhatsApp, Wire, Facebook Messenger and Signal (among others) implement end-to-end encryption using the Signal Messaging Protocol. This protocol implements several uncommon and desirable security properties, such as "future secrecy", "post-compromise security", or "message repudiation". These features are enabled by the underlying key exchange and message exchange algorithms Extended Triple Diffie-Hellman (X3DH) and the Double Ratchet Algorithm. Various security research groups (Cohn-Gordon et al. in 2019, Frosch et al. in 2016, Kobeissi et al. in 2017) have analyzed the Signal Messaging Protocol and have given the protocol design positive reviews.
Which interesting security guarantees does the Signal Protocol provide? How are those properties achieved? What weaknesses have been identified in the protocol?

Clemens Lang (BMW Car IT)

✘ The state of post-quantum RSA – English only

The publication of Shor’s quantum computer integer factorization algorithm in 1994 is often understood as the beginning of the end of RSA. More than 25 years later, quantum computers are still far away from executing Shor’s algorithm on real world problems. Nevertheless, the recent advances in quantum computer technology indicate that there is a real threat the probably still most-widely used public-key cryptography algorithm out there. But not only quantum computers advanced but also the research on cryptography. More recent research on RSA shows that its parameters can be tuned in a way that quantum attacks are infeasible while the regular RSA operations on are still feasible on classical computers (albeit costly).
Your work should give an overview of RSA’s problems with quantum computers and what can be done about it at which cost. A basic understanding of the mathematical background of RSA is needed to write this paper but can be acquired while working on the topic.

Martin Lang (BMW Car IT)

✘ Timing Attacks - An Overview – English only

Classical cryptographic research deals with adversaries having polynomially bounded computational power. However, this attack model is not always realistic. In particular, an attacker may be able to measure the time it takes to run cryptographic algorithms. As often the running time of an algorithm depends on its input, this can be used to gather various information about the inputs to the algorithm or its internal workings. In a security context, sensitive data such as encryption keys and passwords may be recoverable by measuring the run time of programs. Examples the multiplications in the RSA algorithm, the POODLE and Lucky Thirteen Attack on TLS, as well as various forms of Cache timing attacks (PRIME+PROBE, EVICT+TIME).

In this seminar, the student should give an overview of timing attacks, thereby explaining at least one example in depth. Further, some mitigations against timing attacks should be discussed.

Henning Kopp (Schutzwerk GmbH)

✘ Security Assessment of the Open Charge Point Protocol – English only

The Open Charge Point Protocol (OCPP) specifies the communication between charge points for electric vehicles and the energy provider. It authenticates the user to authorize the payment of the consumed energy for charging the vehicle.

The protocol specification contains a number of security relevant design decisions, that are disputable. Thus, this seminar paper should highlight possible security issues in the design and discuss them. Moreover, a survey of existing works that address OCPP security should accompany the discussion. Finally, possible improvements should be proposed.

Stephan Kleber (Daimler TSS)

Sorted by Topics

Automotive
- Time constraints of Security in CACC (Michael Wolf)
- Security Assessment of the Open Charge Point Protocol (Stephan Kleber DaimlerTSS)

Cryptography
- Range Proofs (Felix Engelmann)
- Cryptographic Accumulators (Matthias Matousek)
- The state of post-quantum RSA (Martin Lang BMW)
- The Signal Messaging Protocol (Clemens Lang BMW)
- Timing Attacks - An Overview (Henning Kopp Schutzwerk)
- Trusted Execution Environments (Echo Meißner)

Distributed Systems/ IoT/ Web
- Resource Scheduling in Cloud Computing (Eugen Frasch)
- Programming Models for the Internet of Things (David Mödinger)
- State of the Art of Web Application Security (Echo Meißner)
- Internet of Things: A Security Perspective (Michael Wolf)

Mobile Health and Security
- Mobile Sensing and Smartphone Apps for Hearing Healthcare (Muntazir Mehdi)
- Surveying Peripheral Sensors in Context of Mobile Crowdsensing (Muntazir Mehdi)
- Securing Smartphones (Felix Engelmann)

Network Security
- Analysis of Modern Network Testing Approaches (Leonard Bradatsch)
- Network Security Breaches (Leonard Bradatsch)

AI / ML
- Recent Advances in Game AI (Matthias Matousek)
- An Introduction to Reinforcement Learning (Gerhard Habiger)

Privacy
- Location Privacy (Ala'a Al-Momani)
- Privacy in Ride Hailing Services (Ala'a Al-Momani)

Beschreibung und allgemeine Angaben, Modulbeschreibung
Einordnung in die Studiengänge: Informatik, B.Sc.: Seminar Medieninformatik, B.Sc.: Seminar Software-Engineering, B.Sc.: Seminar (siehe auch unsere Hinweise zu Seminaren)
Lehr- und Lernformen: Ausgewählte Themen in Verteilten Systemen, 2S, 4LP
Modulkoordinator: Prof. Dr. Frank Kargl
Unterrichtssprache: Deutsch
Turnus / Dauer: jedes Semester / ein volles Semester
Voraussetzungen (inhaltlich): Grundlagen der Rechnernetze, Proseminar
Voraussetzungen (formal): -
Grundlage für (inhaltlich): -
Lernziel: Studierende vertiefen exemplarisch an einem Teilgebiet der Informatik ihre Kenntnisse im selbstständigen Arbeiten mit wissenschaftlicher Literatur sowie im mündlichen und schriftlichen Präsentieren von fachwissenschaftlichen Inhalten. In Diskussionen wird die Fähigkeit zur kritischen Reflektion geübt. Im fachlichen Teil des Seminars stehen aktuelle Themen der Verteilten Systeme im Fokus. Abhängig vom Thema lernen Studierende ein konkretes System oder ein Konzept Verteilter Systeme kennen. Sie können diese Systeme in einen größeren Kontext einordnen und deren Vor- und Nachteile selbständig ableiten.
Inhalt: Zu Beginn des Seminars werden Themen des wissenschaftlichen Arbeitens (z.B. Literaturrecherche, Schreiben einer Publikation, Präsentationstechniken) eingeführt, um den Studenten eine methodische Hilfestellung zu geben. Die Erstellung der eigentlichen Ausarbeitung und Präsentation erfolgt in individueller Betreuung. Die Ergebnisse werden in einer Abschlusspräsentation vorgestellt.
Literatur: Wird je nach Thema zu Beginn der Veranstaltung bekannt gegeben
Bewertungsmethode: FSPO < 2017: Leistungsnachweis über erfolgreiche Teilnahme. Diese umfasst Anwesenheit und enthält Ausarbeitung, Vortrag und Mitarbeit. FSPO ≥ 2017: Die Vergabe der Leistungspunkte für das Modul erfolgt aufgrund der regelmäßigen Teilnahme, der vollständigen Bearbeitung eines übernommenen Themas (Vortrag und schriftliche Ausarbeitung) sowie der Beteiligung an der Diskussion. Die genauen Modalitäten werden zu Beginn der Veranstaltung bekannt gegeben. Die Anmeldung zur Prüfung setzt keinen Leistungsnachweis voraus.
Notenbildung: FSPO < 2017: unbenotet FSPO ≥ 2017: Die Modulnote entspricht dem Ergebnis der Modulprüfung. Die Note der Modulprüfung ergibt sich aus den Noten der Ausarbeitung (40%), der Präsentation (40%) und der Arbeitsweise (20%). Im Transcript of Records wird die errechnete Note für die Modulprüfung als eine Prüfungsleistung eingetragen und ausgewiesen.
Arbeitsaufwand: Präsenzzeit: 30 h Vor- und Nachbereitung: 90 h Summe: 120 h

Sommersemester 2020

Themen

Sorted by Topics

Beschreibung und allgemeine Angaben, Modulbeschreibung