|Titel: Ausgewählte Themen in Verteilten Systemen|
|Englischer Titel: Selected Topics in Distributed Systems|
|Typ: Seminar, Modul|
|Kürzel / Nr. / Modulnr.: ATVS / CS5900.113 / 72041|
|SWS / LP: 2S / 4LP|
|Dozent: Prof. Dr. Frank Kargl, Prof. Dr.-Ing. Franz J. Hauck|
• free ✘ assigned
No free topic left! (Except your own)
• Your own topic – English only
You have the possibility until the beginning of the semester to come up with your own topic and find a supervisor who is willing to mentor more students.
|✘ Analysis of Modern Network Testing Approaches – English only |
Every (new) network protocol (e.g., TCP or NetFlow) and device (e.g., switches or routers) needs to be tested. The main task of this seminar is to outline different modern testing approaches. In what way do researches test network protocols and devices. In what network environment is the protocol/device tested? What traffic is used? How often are test runs repeated?
✘ Attacks on Machine Learning – English only
In recent years we have seen an enormous increase in the use of Machine Learning -- especially Deep Learning. While the achievements with machine learning are certainly phenomenal, there are also issues that come with it. One issue is the susceptibility of machine learning against malicious attacks.
✘ Attacks on Platoons – English only
Platooning is an application of Cooperative Intelligent Transport Systems (C-ITS). These consist of vehicles exchanging messages over VANETs in order to coordinate their actions. This dependability on the messages broadcasted wirelessly makes the vehicles susceptible to certain attacks.
✘ Attribute-Based Credentials – English only
Attribute-Based Credentials (ABCs), or Anonymous Credentials, are a way to prove the possession of attributes to another party without disclosing one's identity. This seemingly simple achievement can be utilized for a huge number of privacy-preserving applications, such as privacy-preserving age checks or anonymous payments.
✘ Browser Privacy – English only
The Browser is the entry for many people to the internet. Therefore it should protect the user not only against attacks, but also the privacy of the users. Though there are some standards, and many browser are using the Blink Enginge, each browser handles the privacy of their users differently.
✘ Buffer overflows are dead - long live the buffer overflow – English only
With the widespread introduction of the non-executable bit feature at the beginning of this century, classical buffer overflow exploits that override the stack directly with executable code were eliminated. For a while, it seemed as if this huge class common to programs written in system programming languages such as C or C++ are eliminated. However, it did not take long until Return-to-libc or more generally Return-Oriented-Programming appeared and buffer overflow exploits were back in business as the exutable code is not located on the stack anymore. In recent years, there were multiple ideas how these kinds of attacks can be mitigated as well with an acceptable performance overhead. Most prominently, there is the idea of Control Flow Integrity (CFI) and shadow stacks.
✘ Contemporary Design of a CSPRNG Using the Example of Fortuna – English only
Cryptographically secure pseudo-random number generators (CSPRNGs) are used for generating random keys in cryptosystems such as encryption or signature algorithms. Consequently, they are a vital part of every cryptosystem, as the overall security greatly depends on the entropy of the keys. A modern CSPRNG such as Fortuna has various interesting properties beyond its output being uniformly random distributed. As an example, it is possible to recover from an attack where the full internal state of the CSPRNG is leaked.
Henning Kopp (Schutzwerk GmbH)
✘ Data Entanglement – English only
In Coding and Data Reliability, e.g., censorship resistance, research applies a concept called data entanglement. For this technique parts of a file are combined with parts of another file to reconstruct a lost file or to make fully removing a file from a system expensive.
✘ Differential Privacy – English only
Statistics about user data are used heavily for improving services, performing marketing studies, and many other purposes. The acquisition and processing of potentially sensitive information poses serious privacy threats to individuals participating in, e.g., surveys. Such information might include birthdate, gender, religion, and nationality, from which identifying an individual becomes a trivial task. Moreover, inferring more sensitive information about a specific individual becomes also possible. To solve issue, many service providers, e.g., Apple and Google, started using the so-called “Differential Privacy” to preserve their users’ privacy.
✘ Mobile Sensing and Smartphone Apps for Hearing Healthcare – English only
Mobile Sensing often focuses on the aspects of sensor data collection and analysis applied particularly for the purposes of education, diagnosis, treatment, or monitoring.
✘ Network Security Breaches – English only
The goal of this seminar is the outlining of popular network security breaches (2-3 examples). Subsequently, state-of-the-art protection or detection approaches against these presented breaches should be explained.Leonard Bradatsch
✘ OAuth and OpenID (Connect) – English only
Along with the modern web and it's services come a lot of passwords and accounts. OAuth, OpenID and OpenID Connect are some of the single sign-on frameworks and protocols that strive to make authentication and authorization manageable in a secure way.
Dominik Lang (ditis)
✘ Overview of IoT Frameworks and Platforms – English only
The Internet of Things (IoT) hype is in full force, cheap sensors are abundantly available, and big companies as well as private consumers can build up their smart device networks with ease.
✘ QuisQuis – English only
QuisQuis is a new design for anonymous cryptocurrencies, based on updateable public keys. The problem of current anonymous blockchain systems, is the inability to prune old outputs, as they are all needed to verify future transactions. QuisQuis achieves the anonymity by re-randomising public keys, so that all inputs can be considered spent. The protocol employs multiple new techniques.
✘ Range Proofs – English only
Confidential transactions in crypto currencies require range proofs to detect integer overflows. Any output amount of a transaction has to be a positive integer. As storage is valuable on block-chains, the goal is to reduce the size as much as possible. Recent advances in bulletproofs reduce the size significantly.
✘ Resource Scheduling in Cloud Computing – English only
With increased popularity of Cloud Computing the approach of treating multiple nodes as one big resource unit came up. This allows to run multiple different applications on one cluster at the same time. The biggest challenge is to schedule the processes of the applications without overstress the cluster or slowing down one of the applications.
✘ Secure Multiparty Computation – English only
Secure multiparty computation (MPC) enables several parties, each with a private input, to compute a joint function without exposing their input to each other. This attracts many application scenarios, e.g. training a machine learning model on private input from several companies/hospitals, where privacy is crucial. Within the last decade, the development of MPC has been on the practical side and many efficient implementations have been proposed.
✘ Smart Home Security – English only
Home automation has been a common theme of science fiction for a long time but has recently become reality. Newly constructed homes often come with pre-installed smart home features based on proprietary hardware/software and the same can be retrofitted to older buildings. Additionally, a huge community of DIY enthusiasts develops open source and open hardware alternatives. However, security is often not the main priority of these products or can be difficult to implement correctly, due to hardware and power constraints. Numerous examples, such as smart door and garage locks, show that this is becoming a serious issue.
✘ Surveying Peripheral Sensors in Context of Mobile Crowdsensing – English only
In this seminar report, the students are required to survey the current state of peripheral sensors that can be coupled with smartphones to further accurate the mobile crowdsensing applications. These peripheral sensors can be coupled with smartphones using Bluetooth technology or wifi. The students would be further required to study the current state of coupling technologies. In addition to the general perspective, the students will survey the peripheral sensors, their technology, and limitations within the context of mHealth (mobile health).
✘ Time constraints of Security in CACC – English only
One application of Corporate Adaptive Cruise Control (CACC) is platooning where vehicles drive very close after each other to reduce the air resistance and therefore reduce fuel consumption. This, however, comes with safety risks due to the reduced distance gap to the following vehicle and therefore reduced reaction time. If the vehicles drive 100 km/h (~30m/s), a safety distance of 50m is required by German law. When this distance is now reduced to 10m or less in CACC, only a third of a second reaction time is available. During this time, a message send from the leading vehicle, needs to be processed by both vehicles, the leading and the ego vehicle. E.g. by encrypting, signing, verifying, ...
✘ Trusted Execution Environments – English only
Trust management is a central aspect of computer security. For instance, an operating system uses sandboxes to protect itself and other applications from viruses and malicious software, and cryptography is used to protect data in transit and at rest. With the advent of cloud computing, even the hardware that executes a particular software is not always considered trustworthy. Trusted Execution Environments (TEEs) try to relieve of the need to fully trust the hardware, by adding a secure area to the CPU that can guarantee code/data confidentiality and integrity through cryptographic means. Hence, protecting an application from untrusted hardware, software, and even privileged attackers (i.e., the operating system). Several TEE implementations can already be used today, such as Intel SGX and ARM TrustZone. While the former proprietary implementations often expect trust in the vector, open-source alternatives that address this weak point are already in development.
✘ What did we learn in almost 20 years of TLS? – English only
In 2018, the latest version of TLS - TLS 1.3 - was finally finished and published. The discussions and decisions that were made during the development phase are interesting to follow. In an attempt to design the most secure version of TLS that is nowadays possible, the IETF working group decided to deprecate and remove quite some parts of older TLS releases that have a rather troubling history. As part of this work, we want to follow the development of TLS 1.3 and try to learn from it for the design of cryptographic (network) protocols in general.
Clemens Lang (BMW Car IT)
Sorted by Topics
Beschreibung und allgemeine Angaben, Modulbeschreibung
|Lehr- und Lernformen: Ausgewählte Themen in Verteilten Systemen, 2S, 4LP|
|Modulkoordinator: Prof. Dr. Frank Kargl|
|Turnus / Dauer: jedes Semester / ein volles Semester|
|Voraussetzungen (inhaltlich): Grundlagen der Rechnernetze, Proseminar|
|Voraussetzungen (formal): -|
|Grundlage für (inhaltlich): -|