Wenn nicht anders angegeben, findet das Seminar immer Montags um 13:15 im Raum IC 4 / 39-41 statt. Im Wintersemester 2006 / 07 wurde es von Michael Psarros organisiert.

16. Oktober 2006 Dr. Michael Steiner /PISA/ --- Portlet Isolation via Static Analysis
26. Oktober 2006 Andy Rupp On the Equivalence of RSA and Factoring regarding Generic Ring Algorithms
30. Oktober 2006 Jörn Schweisgut Elektronische Wahlen mit Observer
6. November 2006 Jörg Helbach Internetwahlsysteme in der Praxis
13. November 2006 Prof. Dr. Heiko Mantel Formal Modeling and Analysis of Information Flow Security
20. November 2006 Tim Kornau, Manuel Binna C.I.P.H.E.R. 2 Contest - Review of a Game
15. Januar 2007 Dr. Johann Bizer Vertraulichkeit und Beweissicherheit im elektronischen Rechtsverkehr - zur Schlüsselstellung der Kryptographie -
5. Februar 2007 Thorsten Holz Botnet Monitoring - Learning More About Botnets
6. Februar 2007 Saar Drimer A diamond for a pint: relay attack and distance bounding defence
12. März 2007 Prof. Dr Christian Scheideler Towards a paradigm for robust distributed systems
14. März 2007 N. Asokan Security Associations for Personal Devices


Dr. Michael Steiner, IBM NY, USA:
/PISA/ --- Portlet Isolation via Static Analysis

Internet Portals provide value by aggregating information services from multiple providers, and display them as 'portlets' on a one-stop web-page. Corporate portals have been around for a while, and even public portals are regaining their popularity thanks to better adversiting models (AdSense) and programming models (AJAX). However, none of the portals yet have a sound security model to aggregate information from multiple (and potentially mutually distrusting) providers. In this talk, we'll see why this is a real and serious problem and how it can be tackled, thereby releasing the untapped potential that portals have for widespread use in applications ranging from banking, finance to email and social networking.

We will show various attacks which can be applied, e.g., to the IBM WebSphere Portal Server and provide the first taxonmy of security issues with Portal-based aggregation. We shall formulate the security (confidentiality and integrity) requirements in a portal framework, focusing on enforcing isolation between various portlets. The talk also outlines the design and proof-of-concept implementation of a tool that enforces our security policy. The tool uses grammar checkers to enforce various structural invariants, static program analysis based on IBM Research's Domo framework to verify security properties of embedded JavaScript and, finally rewriting techniques to resolve statically unanalyzeable yet necessary JavaScript constructs and to provide mappings for the programmers convenience.

Most importantly, the tool is designed such that existing browsers can be used unmodified, without compromising security. Furthermore, the changes to the portlet programming models are minimal and should not restrict its expressitivity.

Andy Rupp, COSY, RUB:
On the Equivalence of RSA and Factoring regarding Generic Ring Algorithms

To prove or disprove the computational equivalence of solving the RSA problem and factoring integers is a longstanding open problem in cryptography. We provide some evidence towards the validity of this equivalence by showing that any efficient generic ring algorithm which solves the (flexible) low-exponent RSA problem can be converted into an efficient factoring algorithm. Thus, the low-exponent RSA problem is intractable w.r.t. generic ring algorithms provided that factoring is hard.

In Cooperation with Gregor Leander.

Jörn Schweisgut, Universität Gießen:
Elektronische Wahlen mit Observer

Im Herbst 2005 konnten die Bürgerinnen und Bürger Estlands ihre Stimme über Internet abgeben. Die Entscheidung des estnischen Parlamentes verdeutlicht den immer breiter werdenden Trend zu elektronischen Wahlen.

Ein großes Problem elektronischer Wahlen war bis November 2005 die Quittungsfreiheit (Unüberprüfbarkeit, receipt-freeness). Das System, das bis zu diesem Zeitpunkt die Unüberprüfbarkeit am besten realisiert hat, ist das von Hirt und Sako. Es setzt allerdings voraus, dass ein physikalisch sicherer Kanal von jeder Autorität zu jedem Wähler existiert. Juels, Catalano und Jakobsson haben 2005 den Begriff Unüberprüfbarkeit erweitert und das Sicherheitsziel der Erpressungsresistenz eingeführt.

Im Rahmen des Vortrags wird untersucht, ob sich ein Observer, eine manipulationssichere Hardware im Besitz des Wählers eignet, elektronische Wahlsysteme zu erstellen. Insbesondere werden dabei die Unüberprüfbarkeit und die Erpressungsresistenz betrachtet. Es wird ein effizientes elektronisches Wahlschema mit Unüberprüfbarkeit aufgestellt, das auf die o.g. physikalisch sicheren Kanäle verzichtet. Anschließend wird ein observer-basiertes erpressungsresistentes elektronisches Wahlsystem vorgestellt.

Jörg Helbach, GI, Bonn:
Internetwahlsysteme in der Praxis

In den vergangenen Jahren ist der Anteil der Briefwähler in Deutschland stetig gewachsen. Gründe hierfür sieht man insbesondere in der gestiegenen Mobilität der Wähler, sodass untersucht werden muss, wie dieser gesellschaftlichen Entwicklung Rechnung getragen werden kann. Eine Möglichkeit liegt dabei in der Einführung elektronischer Wahlsysteme.

In den letzten Jahren sind dazu weltweit Pilotprojekte durchgeführt worden. In Deutschland wurde vor allem in Vereinen, neben einigen kleineren Wahltests, in den Jahren 2004 und 2005 in größerem Umfang mithilfe eines Internetwahlsystems gewählt. Die größten, rechtlich verbindlichen Wahlen hat die Gesellschaft für Informatik e.V. (GI) durchgeführt.

In diesem Beitrag werden, nach der Einführung einiger Grundlagen und des aktuellen Stands der Forschung, die elektronischen GI-Wahlen mithilfe des Wahlsystems Polyas der Firma Micromata beschrieben. Der Vortrag schließt mit einem Ausblick auf die noch bestehenden Probleme und deren Lösungsansätze ab.

Prof. Dr. Heiko Mantel, RWTH Aachen:
Formal Modeling and Analysis of Information Flow Security

Information security has become a complex concern as distributed computing, mobility of devices, and dynamic extensibility provide malicious individuals with manifold possibilities for attacks. The trustworthiness of distributed systems critically depends on three aspects: the communication over open networks, the access to critical resources, and the use of sensitive data in computations. While reliable cryptographic protocols and access control mechanisms exist and are widely used to address the first two aspects, we do not yet have comparable techniques for securing the flow of information during a program run. Without adequate information flow control, however, there is a danger that programs might leak secrets while running and little hope for establishing reliable, system-wide security guarantees.

In the talk, I will present advances in information flow security, while considering multiple stages of software development. I will present a framework, the MAKS, that supports the formal specification of security requirements. Then, I will point out some fundamental difficulties that arise during the stepwise development of secure systems, and I will sketch a theory for assembling secure systems from secure components. Finally, I will motivate three directions for making type-based security analysis for concurrent programs more practical, presenting initial solutions to controlling deliberate information release, to automatically correcting insecure programs, and to integrating different language-based analysis techniques.

Tim Kornau, Manuel Binna, NDS, RUB:
C.I.P.H.E.R. 2 Contest - Review of a Game

Dieser Vortrag soll eine Übersicht darüber geben, wie durch studentische Initiative und deren Unterstützung durch die Universität eine sonst so nicht stattfindende Wissensvermittlung durchgeführt werden konnte. Es werden die einzelnen Schritte der Vorbereitung, sowohl technisch als auch organisatorisch, beleuchtet. Weiterhin wird eine ausführliche Analyse über den stattgefundenen Wettbewerb "C.I.P.H.E.R. 2" sowie die erreichten Ergebnisse durchgeführt. Im Anschluss an die Analyse werden die Vorteile einer Weiterführung dieser Projektreihe an der Ruhr-Universität Bochum in Zusammenarbeit mit anderen Universitäten aufgezeigt; weitergehende Vorschläge und eine Aufwandsabschätzung schließen den Vortrag ab.

Dr. Johann Bizer, Landeszentrum für Datenschutz, Schleswig-Holstein:
Vertraulichkeit und Beweissicherheit im elektronischen Rechtsverkehr - zur Schlüsselstellung der Kryptographie -

Mit der Bedeutung der elektronischen Kommunikation wachsen Notwendigkeit und Bedürfnis, die Vertraulichkeit und die Beweissicherheit der Kommunikationsbeziehungen abzusichern. Das Schutzbedürfnis erstreckt sich von der Absicherung der privaten Individualkommunikation, des elektronischen Rechtsverkehrs bis zur objektgesteuerten Kommunikation. Eine zentrale Funktion für leistungsfähige Sicherheitsstrategien aus der Sicht von Datenschutz und IT-Sicherheit kommt der Kryptographie zu, auch wenn die Entwicklung entsprechender Public Key Infrastrukturen den Verheißungen der Propheten bislang deutlich hinterher hinkt. Der Vortrag diskutiert Hintergründe, beleuchtet die Rolle und Auswirkungen staatlicher Interventionen aus Gründen der Inneren Sicherheit und bietet Leitlinien für eine differenzierte Sicherheitsstrategie zur Befriedigung individueller und institutioneller Kommunikationsbedürfnisse an.

Dr. Johann Bizer ist seit 2004 stellivertretender Landesbeauftragter für den Datenschutz in Schleswig-Holstein sowie in dieser Funktion auch stellvertretender Leiter des Unabhängigen Landeszentrums für Datenschutz. Seit 1997 ist Bizer Mitherausgeber der Zeitschrift "Datenschutz und Datensicherheit - DuD". Bis 2003 war Bizer wiss. Assistent am Institut für Öffentlichen Recht der Universität Frankfurt. Zahlreiche Veröffentlichungen u.a. zu Rechtsfragen der Kryptographie wie bspw. Elektronische Signaturen sowie die Kryptrokontroverse (Siehe http://www.johann-bizer.de).

Thorsten Holz, Universität Mannheim:
Botnet Monitoring - Learning More About Botnets

With the help of tools like nepenthes or different honeypot solutions, we are able to automatically collect autonomous spreading malware. With the help of an automated analysis process (http://www.cwsandbox.org), we can also learn more about each binary without any human interaction. Thus we are able to automatically collect information about botnets, e.g. where they are located, which nick names they use, and which passwords are involved. Based on this information we can start to observe the botnets and learn more about them.

In the first part of the talk, we will shortly introduce nepenthes and different ways to collect malware. In addition, we briefly talk about malware analysis with the help of CWSandbox. The main part of the talk focusses on "botspy", a tool for automated tracking of botnets. We introduce the tool in detail and talk about the lessons learned with it based on real-world examples. The talk concludes with an overview of several other ways to detect compromised machines and how to protect against the threat behind botnets.

Saar Drimer, Universität Cambridge:
A diamond for a pint: relay attack and distance bounding defence

Modern smartcards are capable of sophisticated cryptography and can provide a high assurance of tamper resistance. Although tampering with the smartcards themselves is difficult, the manner in which they are used in practice can be exploited for fraud. Card holders authorize transactions by presenting the card and entering a PIN into a terminal, but have no assurance as to the value being charged and by whom, and have no means to tell if the terminal is legitimate or not. Even the most sophisticated smartcards can not protect customers from being defrauded by the simple relaying of transaction details back-and-forth from another location. In this paper, we describe how we developed such an attack, and show results from real-world experiments on the "Chip & PIN" payment system, the implementation of EMV in the UK. We also discuss procedural improvements that could make it more difficult for criminals to deploy this type of attack. We detail a new defence against relay attacks, based on a distance bounding protocol. This requires no change to the form factor of smartcards and only modest alterations to the hardware and software implementations. We describe our prototype implementation, lessons learned and present experimental results of its use and resilience. We propose that our design would be a valuable addition to future generations of smartcards, providing cost effective resistance to the relay attack, a practical threat to deployed smartcard applications.

Prof. Dr Christian Scheideler, FB Informatik, Universität München:
Towards a paradigm for robust distributed systems

There is a wealth of literature on distributed systems. Much of the classical research in this field has focused on closed distributed systems that are usually of fixed size though processing units may fail and recover according to some stochastic or adversarial model. Major research issues for these systems - correctness (in an asynchronous environment), efficiency (in a quasi-synchronous environment) and robustness (under adversarial behavior) - have usually been considered in an isolated fashion by separate research communities.

With the rise of large, open and highly dynamic distributed systems such as peer-to-peer systems, however, designs are needed that can address all of the central issues above - correctness, efficiency and robustness - at the same time under threats that have not been considered before. One can get surprisingly far with the help of clever algorithmic techniques but there appear to be limits that cannot be surpassed without a fundamental change in the way the Internet works today. After giving an overview of state-of-the-art algorithmic techniques in this area, we will propose a new paradigm for distributed computing that, if adopted in the Internet, would allow the design of scalable and robust distributed systems that seem to be beyond reach in the current Internet. We will discuss the changes necessary to adapt the current Internet to this paradigm as well as implications for future operating systems.

N. Asokan, Nokia Research Center, Helsinki:
Security Associations for Personal Devices

Short-range wireless networking is enormously popular. Many handheld devices now support WiFi and Bluetooth. More such technologies are on their way. Increasingly, short-range networking is used by ordinary consumers who are not technically savy. This makes the the process of setting up communication and security contexts particularly challenging. Users find the setup procedures difficult, and often end up with insecure communication.

During the last year or so, several standardization bodies have started developing improved setup procedures for short-range wireless networking. The challenge is to strike a balance among security, usability, and cost overhead. Meeting this challenge required developing some novel authentication and key agreement protocols.

I will describe the problem and the different protocols in emerging standards specifications, discuss some preliminary results of usability tests, and point to some open issues.