Im Wintersemester 2003/04 wird im Rahmen des Horst-Görtz Instituts ein Seminar zu IT-Sicherheit angeboten. Das Seminar wird von den Lehrstühlen IT-Sicherheit & Cryptography (ITSC, Prof. Dobbertin) und Kommunikationssicherheit (COSY, Prof. Paar) organisiert. Das Seminar findet in der Regel jede Woche montags um 13:00 c.t. statt. Die Vorträge werden zwischen dem NA-5/64 (Mathematik) und dem IC-4/39 (E-Technik) an der RUB alternieren. Die Vorträge werden zwischen 30-45 min. dauern.

10. November 2003 Yvo Desmedt, Florida State University, USA Cryptanalysis of Several of the UCLA Watermarking Schemes for Intellectual Property Protection of Digital Circuits/Designs
1. Dezember 2003 Christof Paar, COSY (RUB) Eingebettete IT-Sicherheit im Automobil
8. Dezember 2003 Ammar Alkassar, Universität Saarland Secure Object Identification - Or: How To Solve The Chess-Grandmaster-Problem
15. Dezember 2003 Philippe Rivard, COSY (RUB) Low-weight Embedded SSL
12. Januar 2004 Sandeep Kumar, COSY (RUB) Embedded End-to-End Wireless Security with ECDH Key Exchange
19. Januar 2004 Stefan Lucks, Universität Mannheim Practice and Theory of Related-Key Attacks
26. Januar 2004 Johannes Ueberberg, SRC GmbH Sichere Zahlungsverkehrsmodelle im Internet
2. Februar 2004 Thomas Groß, IBM Research Lab Zürich Emerging protocols in Federated Identity Management
9. Februar 2004 Roger Oyono, Universität Essen Fast Arithmetic on Jacobians of Picard Curves
16. Februar 2004 Bernhard Loehlein, T-Systems IP Multicast Security


Yvo Desmedt, Florida State University, USA:
Cryptanalysis of Several of the UCLA Watermarking Schemes for Intellectual Property Protection of Digital Circuits/Designs

The talk is about arithmetic on hyperelliptic curves of genus 1 and 2 over finite fields of even characteristic. It discusses the group operations for these curves and presents new doubling formulas for some cases. Furthermore it presents the comparison we've made between different implementations of calculating scalar multiples on Koblitz curves and with different bases for the field.


Christof Paar, COSY (RUB):
Eingebettete IT-Sicherheit im Automobil

Extremely low-power devices, such as those involved in sensor networks, are becoming more prevalent as ubiquitous computing scenarios descend from the theoretical into realistic applications. Building security into such applications from the beginning is important and requires inventive new techniques since traditional protocols are designed for much more powerful environments.

Ammar Alkassar, Universität Saarland:
Secure Object Identification - Or: How To Solve The Chess-Grandmaster-Problem

Many applications of cryptographic identification protocols are vulnerable against physical adversaries who perform real time attacks. For instance, when identifying a physical object like an automated teller machine, common identification schemes can be bypassed by faithfully relaying all messages between the communicating participants. This attack is known as mafia fraud. In my talk I will give an overview over different approaches to cope with that fraud. One approach, the Probabilistic Channel Hopping system, solves this problem by hiding the conversation channel between the participants. The security of this approach is based on the assumption that an adversary cannot efficiently relay all possible communication channels of the PCH system in parallel.


Philippe Rivard, COSY (RUB):
Lightweight Embedded SSL

SSL has been widely adopted in industry as a means of establishing end-to-end secure communications. However, it has not seen widespread use in embedded devices, as the protocol and its cryptographic computations are quite intensive. Embedded devices wishing to use SSL would thus require more hardware, and be more expensive. This talk will describe my efforts to implement a specific version of SSL (TLS 1.1 with some extensions) on a highly constrained platform (Atmel 8-bit microcontroller). A brief overview of the basic SSL handshake will first be presented, followed by an explanation of how the heaviest portions of the protocol were handled. Finally, future possibilities for improvement will be identified. In short, this talk will show what can be done to enable end-to-end secure communications between embedded devices without drastically increasing their cost.


Sandeep Kumar, COSY (RUB)
Embedded End-to-End Wireless Security with ECDH Key Exchange

Sensor networks offer tremendous benefits for the future as they have the potential to make life more convenient and safer. For instance sensor networks can be used for climate control to reduce power consumption, for structures such as bridges to monitor the maintenance status, or for company badges to locate employees in order to increase productivity. However the introduction of such ubiquitous computing to everyday life also raises privacy concerns. In this presentation I will present a public-key cryptography implementation for secure key exchane on low-end wireless devices using elliptic curves. Our implementation is based on optimal extension fields(OEF) that are a special type of finite fields GF(p^m).


Stefan Lucks, Universität Mannheim
Practice and Theory of Related-Key Attacks

The "classical" attack scenarios for block ciphers allow the adversary to choose plaintexts and ask for ciphertexts, or additionally to choose ciphertexts and request plaintexts. "Related-key" attacks give the adversary the additional power to manipulate the secret key. Two practical reasons to study related-key attacks are: 1. Related key attacks have been found useful to evaluate the security of block ciphers (e.g. in the context of the AES-process). 2. Some cryptographic protocols actually allow the adversary to mount a related-key attack against an underlying block cipher. Thus, the security of the protocol can depend on the block cipher's related-key security. The talk gives examples for related-key attacks against block ciphers and protocols. Also, it presents new theoretical constructions for ciphers provably secure against related-key attacks.


Johannes Ueberberg, SRC GmbH
Sichere Zahlungsverkehrsmodelle im Internet

Kartengestützte elektronische Bezahlverfahren gibt es derzeit fast ausschließlich an einem Terminal (Kartenleser), das sich physisch beim Händler befindet. Diese Systeme (insbesondere Kreditkarte, Debitkarte und GeldKarte) werden derzeit weiterentwickelt, um sie auch für Internet-Zahlungen nutzbar zu machen. In dem Vortrag wird ein Überblick über den Stand der Entwicklungen gegeben.


Thomas Groß, IBM Research Lab Zürich
Emerging protocols in Federated Identity Management

Many influential industrial players are currently pursuing the development of new protocols for federated identity management. The Security Assertion Markup Language (SAML), Liberty, and WS Federation are the most important examples of this new protocol class and will be widely used in business-to-business scenarios to reduce user-management costs. All of them utilize constraint-based specifications and techniques of modular design, but do not include general security analyses. We analyze the security of the SAML Single Sign-on Browser/Artifact profile, which is the most important protocol of this class and already included in all major access control products. We demonstrate flaws of SAML Single Sign-on by mounting exemplary attacks on the protocol. Given this result, we also deduce the need for a methodology of Research to model, analyze and prove the security of this new protocol class.


Roger Oyono, Universität Essen
Fast Arithmetic on Jacobians of Picard Curves

In this paper we present a fast addition algorithm in the Jacobian of a Picard curve over a finite field $\mathbb F_q$ of characteristic different from $3$. This algorithm has a nice geometric interpretation, comparable to the classic "chord and tangent" law for the elliptic curves. Computational cost for addition is $144M + 12SQ + 2I$ and $158M + 16SQ + 2I$ for doubling.


Bernhard Loehlein, T-Systems
IP Multicast Security

T-Systems is currently developing a Multicast Security Gateway, called MuSeGa, which enables secure content distribution over multicast networks. The concept is compatible to the IETF MSEC architecture which is a general framework for multicast security at the IP layer. IPSec is the well defined and accepted standard for security in unicast IP. In the step from unicast to multicast there arise several problems concerning security: group key agreement, key management, source authentication, ... Our main focus in this talk is on the status of standardization in the IETF and an overview of efficient group key management algorithms for IP multicast.