Newsletter

CASED is funded by

Distinguished Lectures

Prof. Úlfar Erlingsson, PhD

Google Research, USA
"Cloud Computing and Software Security"
February 2, 2012, 4:15-5:45 p.m., TU Darmstadt | Piloty- Building S2/02 Room C110

Abstract: Software-as-a-service can provide great benefits, such as ubiquitous, reliable access to data, but cloud computing also raises new challenges and opportunities for computer security. Large-scale Web services must address both traditional security concerns, such as user authentication and key management, as well as newer issues like those raised by the need to maintain users' privacy.

At the same time, cloud computing has innate security advantages, such as its use of easily updated and malleable software, which enables instrumentation ranging from individual specialization to large-scale execution summarization. This talk will briefly outline some of these issues and potential research topics in cloud security, with examples from Google's past and current technology efforts used to give context.

Bio:

Úlfar Erlingsson leads efforts in security research at Google. Previously, he has been a researcher at Microsoft Research, an Associate Professor at Reykjavik University, Iceland, and led security technology at two startups: GreenBorder and deCODE Genetics. He holds a PhD in CS from Cornell University.
Prof. Dr. Ueli Maurer

ETH Zurich, Switzerland
"Constructive Cryptography -- A New Paradigm for Security"
January 12, 2012, 4:15-5:45 p.m., TU Darmstadt | Piloty- Building S2/02 Room C110

Abstract: Constructive cryptography is a new paradigm for defining the security of cryptographic schemes such as symmetric and public-key encryption, key-agreement protocols, and digital signature schemes, and for designing and proving the security of protocols making use of such schemes.

Such a cryptographic scheme can be seen (and defined) as constructing a certain resource (e.g. a channel or key) with certain security properties from another (weaker) such resource. For example, a secure encryption scheme constructs a secure channel from an authenticated channel and a secret key.

In this talk we give an introduction to constructive cryptography suitable for non-specialist audience and compare it with traditional approaches to cryptography.
Prof. John Daugman, PhD

University of Cambridge, UK
"Recognising persons by their iris patterns"
December 8, 2011, 4:15-5:45 p.m., TU Darmstadt | Piloty- Building S2/02 Room C110

Abstract: Iris recognition is a biometric technology for identifying persons reliably by wavelet-encoding and analysis of the random patterns that are visible within the iris of an eye from some distance. Because the iris is a protected internal organ whose random texture is epigenetic and stable over life, it serves as a unique (but exposed) living key, whose entropy in different databases is always close to 250 bits. Recognition decisions are made with confidence levels high enough to support extremely rapid exhaustive searches through national-sized databases.

Today there are many public deployments of this technology around the world, mainly at border-crossings in lieu of passports, or in watch-lists, or entry control. Independent government tests (e.g. by NIST) confirm extreme resistance to False Matches, and search speeds in the millions per second per CPU. Weaknesses include difficult image capture and the possibility of spoofing. The principle that underlies the recognition algorithms is the failure of an efficient test of statistical independence having many degrees of freedom, based on phase sequencing each iris pattern with quadrature 2D Gabor wavelets.

Different eyes (including those of twins, or the right and left of one person) always pass this test of statistical independence, while images from the same iris almost always fail this test of independence, thereby signifying identity. A typical "IrisCode" template contains 1024 bytes, but even raw iris images are highly compressible for this purpose, to as little as 2000 to 4000 bytes without degrading recognition accuracy. This near convergence between data length (compressed image size) and description length (the biometric template) is reminiscent of Kolmogorov's concept of minimal description length, and has enabled the international Standardisation of image-based iris data formats that are non-proprietary, very portable and lightweight. Data used in this talk comes mainly from 200 billion iris cross-comparisons between different eyes, from a database consisting of 632,500 iris images acquired in the United Arab Emirates in a networked national border-crossing security programme that every day performs about 12 billion iris comparisons using these algorithms.

Several other countries have now launched national biometric ID programmes, such as the Indian UIDAI which plans to enroll the irises of all 1.3 billion citizens of India to secure wefare benefits cards. Current research efforts with this technology in many laboratories seek (1) to make it more tolerant of difficult conditions of image capture, such as "iris on the move" and at a distance; and (2) anti-spoofing countermeasures.
Cédric Fournet, PhD

Microsoft Research, UK
"Modular Code-Based Cryptographic Verification"
November 24, 2011, 4:15-5:45 p.m., TU Darmstadt | Piloty- Building S2/02 Room C110

Joint work with Markulf Kohlweiss and Pierre-Yves Strub Type systems are effective tools for verifying the security of cryptographic programs. They provide automation, modularity and scalability, and have been applied to large security protocols. However, they traditionally rely on abstract assumptions on the underlying cryptographic primitives, expressed in symbolic models.

Cryptographers usually reason on security assumptions using lower level, computational models that precisely account for the complexity and success probability of attacks. These models are more realistic, but they are harder to formalize and automate. We present the first modular automated program verification method based on standard cryptographic assumptions.

We show how to verify ideal functionalities and protocols written in ML by typing them against new cryptographic interfaces using F7, a refinement type checker coupled with an SMT-solver. We develop a probabilistic core calculus for F7 and formalize its type safety in Coq. We build typed module and interfaces for MACs, signatures, and encryptions, and establish their authenticity and secrecy properties.

We relate their ideal functionalities and concrete implementations, using game-based program transformations behind typed interfaces. We illustrate our method on a series of protocol implementations.
Prof. Michael Reiter, Ph.D.

Department of Computer Science, University of North Carolina at Chapel Hill, USA
"Defending against Client Compromises in Client-Server Applications"
June 30, 2011, 4:15-5:45 p.m., TU Darmstadt | Piloty- Building S2/02 Room C110

We present new methods for defending against client compromises in two client-server application scenarios. First, we consider online games, in which a client "compromise" reflects the unauthorized manipulation of the game client by the user himself, in order to cheat in the game.

To address this threat, we develop a new cheat-detection method with which the server can validate that the messages received from the game client are consistent with the sanctioned client software.

Second, we consider a user entering private information to a trusted web server, via a client computer that might be compromised by malware. To address this threat, we leverage trusted computing technology in a novel way to ferry the user's private inputs to the remote server while ensuring that malware cannot capture it.

Further Informationen
Prof. Elisa Bertino, Ph.D.

CERIAS and Department of Computer Science Purdue University, West Lafayette, Indiana, USA
"Protecting Information Systems from Insider Threats - Concepts and Issues"
June 16, 2011, 4:15-5:45 p.m., TU Darmstadt | Piloty- Building S2/02 Room C110

Past research on information security has focused on protecting valuable resources from attacks by outsiders. However, statistics show that a large amount of security and privacy breaches are due to insider attacks. Protection from insider threats is challenging because insiders may have access to many sensitive resources and high-privileged system accounts.

Suitable approaches need to combine several security techniques, like fine-grained access control, stronger authentication protocols, integrated digital identity management, intrusion detection, with techniques from areas like information integration, machine learning, and risk assessment. In this talk, after an introduction to the problem of insider threats, we will present recent work addressing the problem of anomaly detection and response policies for database management systems and then discuss open research issues.
Further Informationen
Prof. Dr. Rainer Blatt

Innsbruck University, Innsbruck, Austria
"The Quantum Way of Doing Computations"
May 19, 2011, 4:15-5:45 p.m., TU Darmstadt | Piloty- Building S2/02 Room C110
Further Informationen
Prof. David Naccache, Ph.D.

École normale superiéure, Department of Computer Science, Paris, France
"On Secret Leakage and Polymorphic Code Design"
January 27, 2011

In addition to its usual complexity assumptions, cryptography silently assumes that information can be physically protected in a single location.

As one can easily imagine, real-life devices are not ideal and information may leak through different physical channels. The topic has attracted considerable attention during the last decade.

In this work we explore the use of polymorphic code as a way of resisting side channel attacks.

The talk will report implementation results.
Prof. Vitaly Shmatikov, Ph.D. (Stanford)

The University of Texas at Austin, Austin, Texas, U.S.A.
"The End of Anonymity, The Beginning of Privacy"
January 13, 2011, TU Darmstadt | Piloty- Building S2/02, Room C110

Abstract:

The Internet economy relies on the collection and aggregation of personal data on an ever-increasing scale. Information about our tastes, purchases, searches, browsing history, social relationships, health history, genetics, and so forth is shared with advertisers, marketers, and researchers, who use it to predict individual behavior and provide personalized product offerings, recommendations, and even clinical treatments.

I will survey privacy issues caused by massive aggregation of personal information. After demonstrating that the existing methods for "anonymizing" the data fail to provide meaningful privacy protection, I will describe new approaches to privacy-preserving computation.

This includes Airavat, a new system for large-scale data analysis which integrates mandatory access control and differential privacy.

Bio:

Vitaly Shmatikov is an associate professor at the University of Texas at Austin. His research focuses on security, privacy, and formal verification methods for secure systems and protocols. Vitaly was the recipient of the 2008 PET Award for Outstanding Research in Privacy Enhancing Technologies.
Further Informationen
Prof. Dr. Audun Jøsang

UNIK University Graduate Center, University of Oslo, Oslo, Norway
"User-Centric Identity Management"
November 4, 2010, 4:15-5:45 p.m., TU Darmstadt | Piloty- Building S2/02 Room C110

Abstract:

The term “user-Centric identity management” is commonly used for any identity management solution that can improve the user experience compared to e.g. the traditional silo identity model.

Identity federation can be described as user-centric in this sense because it can support SSO (single-sign-on), but identity federation can also be described as cloud identity management because the technology that supports identity federation is actually located on the network side.

Another interpretation of user-centric identity management is when the technology for user-side identity management is local on the user side. Interestingly such models provide new possibilities for improved usability, strengthened security and privacy protection.

This talk gives an overview of identity management models and provides an analysis of their strengths and vulnerabilities. Of particular interest are local user-centric models which have received relatively little attention from the industry and research community.
Further Informationen
Prof. Dr. Jean-Pierre Hubaux

Computer Communications and Applications Laboratory 1, Ecole Polytechnique Federale de Lausanne, Lausanne, Switzerland
"Location Privacy and Neighbor Discovery - Attacks, Countermeasures and Game-Theoretic Modeling"
July 1, 2010, TU Darmstadt | Piloty- Building S2/02-C110

After a brief overview of the security and privacy challenges raised by wireless networks, we will introduce a few fundamental notions of game theory. We will provide an overview of the way these notions have been used by several research groups to model rational behavior in security-related settings.

We will then present in detail two examples we recently addressed, one related to revocation in ephemeral (e.g., vehicular) networks and the other to pseudonym change in mix zones. Finally, we will present some of our recent results on secure neighbor discovery and distance bounding.

Note: some background information can be found in a recent book by L. Buttyan and JP Hubaux: "Security and Cooperation in Wireless Networks", Cambridge University Press, 2008. The pdf of the book is available at http://secowinet.epfl.ch

Kurzbiografie

Jean-Pierre Hubaux joined the faculty of EPFL in 1990. His research activity is focused on wireless networks, with a special interest in security and cooperation issues. In 1991, he designed the first curriculum in Communication Systems at EPFL. He was promoted to full professor in 1996. In 1999, he defined some of the main ideas of the National Competence Center in Research named "Mobile Information and Communication Systems" (NCCR/MICS); this center (still very active) was initially nicknamed "the Terminodes Project".

In this framework, he has notably defined, in close collaboration with his students, novel schemes for the security and cooperation in wireless networks; in particular, he has devised new techniques for key management, secure positioning, and incentives for cooperation in such networks. In 2003, he identified the security of vehicular networks as one of the main research challenges for real-world mobile ad hoc networks. Some of his current research activities revolve around privacy issues in mobile networks and are partially funded by Nokia.

He is co-founder and chairman of the steering committee of WiSec (the ACM Conference for Wireless Network Security). He has served on the program committees of numerous conferences and workshops, including SIGCOMM, INFOCOM, MobiCom, MobiHoc, SenSys, WiSe, and VANET. He is one of the seven commissioners of the Federal Communications Commission (ComCom), the "Swiss FCC". He held visiting positions at the IBM T.J. Watson Research Center and at UC Berkeley. He has been on the advisory board of Deutsche Telekom Laboratories (T-Labs) since their creation in 2004. He is an IEEE Fellow.
Further Informationen
Prof. Joshua Guttman, Ph.D.

Worcester Polytechnic Institute, Worcester, Massachusetts, USA
"Designing Correct Cryptoprotocols"
June 17, 2010, 4:45-5:15 p.m., TU Darmstadt | Piloty- Building S2/02-C110

Cryptographic protocols are a central technique for coordinating
different principals in distributed systems that may contain malicious participants. In addition to basic uses such as key agreement, they may also be used to implement application specific secure transactions.

We will present a sequence of example protocols, showing how more complex protocols may be built out of simpler units. An analysis method, called the strand space theory, offers proofs that protocols meet their security goals. Strand spaces have now been implemented in a software tool called a Cryptographic Protocol Shapes Analyzer (CPSA). CPSA also provides counterexamples when a protocol does not meet its security goals.

The strand space proofs are highly informative. In particular, they suggest protocol transformations -- in which more complex protocols are constructed from simpler ones -- that are guaranteed to preserve the security goals of the parts.
Further Informationen
Prof. Anja Feldmann, Ph.D. (CMU)

Deutsche Telekom Laboratories, Technische Universität Berlin, Berlin, Germany, An-Institut Deutsche
"Characteristics of Residential Broadband Internet Traffic"
December 17, 2009, 4:45-5:15 p.m.

Abstract: While residential broadband Internet access is popular in many parts of the world, only a few studies have examined the characteristics of such traffic. In this paper we describe observations from monitoring the network activity of residential DSL customers. Note, that understanding Internet usage is the first step towards separating abuse from benign usage. Our analysis reveals a number of surprises in terms of the mental models we developed from the measurement literature. For example, we find that HTTP---not peer-to-peer---traffic dominates by a significant margin; that more often than not the home user's immediate ISP connectivity contributes more to the round-trip times the user experiences than the WAN portion of the path; and that the DSL lines are frequently not the bottleneck in bulk-transfer performance. Moreover, we examine usage of Online Social Networks. While Online Social Networks (OSNs) have already attracted more than half a billion users our understanding of which OSN features attract and keep the attention of users is poor. we study how users actually interact with OSNs by extracting clickstreams from passively monitored network traffic. Our characterization of user interactions within the OSN for four different OSNs (Facebook, LinkedIn, Hi5, and StudiVZ) focuses on feature popularity, session characteristics, and the dynamics within OSN sessions. Bio: Anja Feldmann is a full professor at Deutsche Telekom Laboratories a unit of Deutsche Telekom and an An-Institut of the Technische Universitaet Berlin, Germany. From 2000 to 2006 she headed the network architectures group first at Saarland University and then at TU Muenchen. Before that (1995 to 1999) she was a member of the Networking and Distributed Systems Center at AT&TLabs -- Research in Florham Park, New Jersey. She has published more than 50 papers and has served on more than 40 program committees, including as Co-Chair of Sigcomm 2003 and as Co-PC-Chair of IMC'09 and Sigcomm 2006. She is a member of the scientific boards of Inria and the Swiss center on mobile information and communication systems and a member of the technical advisory board of Endace. She received a M.S. degree in Computer Science from the University of Paderborn, Paderborn, Germany, in 1990 and M.S. and Ph.D. degrees in Computer Science from Carnegie Mellon University in Pittsburgh, USA, in 1991 and 1995, respectively.
Prof. Dr. Ronald Cramer

Professor, Mathematical Institute, Leiden University, Leiden, Netherlands, Head of the Cryptology and Information Security Research Group, CWI, Amsterdam, Netherlands
"On a Class of Special Codes Arising in Secure Multi-Party Computation and its Relation to Towers of Algebraic Function Fields"
December 10, 2009, 4:45-5:15 p.m.

Abstract:

Since the early 1980s towers of algebraic functions fields have played a major role in the theory of error correcting codes. Recently, it has been discovered that towers also have an important bearing on secure multi-party computation. In this talk I will elaborate on this connection.
Prof. Andrew C. Myers, Ph.D. (MIT)

"A higher-level abstraction for building decentralized distributed systems"
October 29, 2009
Prof. Somesh Jha, Ph. D.

"Retrofitting Legacy Code for Security"
July 2, 2009
Prof. Dr. Renato Renner

"Security against Quantum Mechanical Adversaries"
June 4, 2009
Prof. Dr. Bart Preneel

"Cryptographic Hash Functions Revisited: The NIST SHA-3 Competition"
May 14, 2009

Talks

Alban Hessler

AGT Group (R&D)
" EC SPRIDE Industry Colloquium: Introducing AGT R&D Center"
AGT International is one of the fastest-growing security and public safety solutions organizations in the world. Just a year ago, AGT established its first R&D center in the city of Darmstadt with the goal of delivering innovative solutions in Urban Management.
January 26, 2012, from 3:00 p.m., CASED Building S4/14, Room 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Abstract

With about 100 employees, it is already one of the major research centers on information technology in the Rhine-Main area. AGT is a premium partner of CASED, and we believe it is important that researchers on both sides know each other well in order to foster successful collaboration.

The on-going advances in mobile connectivity and micro-mechanics allow new ubiquitous computing solutions for smarter cities. In this context, AGT is developing novel Urban Management solutions such as participatory sensing applications which aim to shape tomorrow’s cities. Beside those applications, we present in this non-technical talk the AGT R&D center, strategy, and research areas

Short CV

Alban Hessler is senior researcher at AGT Group (R&D) in IT-Security in the recently established R&D center of Darmstadt. Prior to AGT, he held a researcher position at NEC Laboratories Europe in Heidelberg, where his work focused on security solutions for distributed wireless systems. He participated in several European projects such as UbiSec&Sens, SENSEI, and WSAN4CIP. He holds a MSc in Communications Systems from the Swiss Federal Institute of Technology of Lausanne (EPFL).
Prof. Dr. Marc Langheinrich

University of Lugano(USI) , Schweiz
"Privacy & Trust Challenges in Pervasive Public Display Networks"
December 16, 2011, from 10:00 a.m., CASED Building S4/14, Room 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Abstract

As part of the 30-month FET-Open Project "Towards Future Pervasive Display Networks" (PD-NET), we are exploring the scientific challenges of building large scale networks of pervasive public displays and associated sensors. This display network will be designed and implemented to be open to applications and content from many sources and thus provide the foundation for work on a new global communications medium for information access and interaction.

Ultimately, we aim to lay the scientific foundations for a new form of communications medium with the same potential impact on society as radio, television and the Internet. In this talk, I will briefly summarize the project goals and activities and present our initial stakeholder investigations. I will also outline the main privacy and trust issues and describe early architectural sketches.

Short CV

Marc Langheinrich is assistant professor for Computer Science at the University of Lugano (USI) in Switzerland, where he heads the Research Group for Ubiquitous Computing since September 2008. Marc received his PhD (Dr. sc.) on the topic "Privacy in Ubiquitous Computing" from the ETH Zurich, Switzerland, in 2005.

Marc is one of the authors of P3P, a W3C-standard for privacy on the Web, and has published extensively on privacy aspects of ubiquitous and pervasive computing systems (3000+ citations in Google Scholar).

Marc is a member of the EU-funded SAPIENT project ("Supporting fundamentAl rights, PrIvacy and Ethics in surveillaNce Technologies"), which aims to specify how and when smart surveillance should be used (or not), and of the FET-Open project PD-Net ("Towards Future Pervasive Display Networks"), which attempts to lay the scientific foundations for a new form of communications medium based on open networked displays.
Yvonne Thomas

Hasso-Plattner-Institute, Potsdam, Germany
"A logic-based Framework to enable Attribute Assurance for Digital Identities in Service-oriented Architectures and the Web"
December 15, 2011, from 1:30 p.m., CASED Building S4/14, Room 5.3.01, Mornewegstrasse 32, 64293 Darmstadt
Prof. Keiichi Sato

Institute of Design at IIT, Chicago, Illinois, USA
"Human-Centered System Architecture"
December 14, 2011, from 1:00 p.m., CASED Building S4/14, Room 3.2.01, Mornewegstrasse 32, 64293 Darmstadt
Dr. Marcel Karnstedt

National University of Ireland, Galway, Ireland
"The Intelligence of Social Connections "
…and why this is relevant for P2P
December 14, 2011, 10:00-11:30 a.m., TU Darmstadt | Piloty- Building S2/02 Room C110

Abstract:

The overall functionality of P2P systems is based on and driven by the individual participants, their behaviour and their interactions -- in a similar manner as user behaviour and user-generated content underpin core commercial services and public goods in online communities. Such online communities generate major economic and public value. They can exceed millions of users and infrastructures must support hundreds of millions discussion threads that link together billions of posts.

Existing solutions to analyse the intelligence of the underlying social connections fail to meet current challenges of scale as well as to understand and manage complex user behaviours and ecosystems in online business and public communities.

In this talk, we review our work on creating models and methods for describing, understanding and managing the users, groups, behaviours and needs of online communities. We describe how structural network analysis, behaviour modelling, and content mining have to be applied and combined to achieve these objectives. Further, we highlight the generality of these analytical tasks and their relevance for understanding and engineering network infrastructures and applications.

Short-Bio:

Dr. Karnstedt received his PhD, which dealt with query processing in a DHT-Based universal storage, at TU Ilmenau in 2009. He subsequently has been affiliated with the Digital Enterprise Research Institute (DERI), National University of Ireland, Galway (NUIG). He is member of the Unit for Information Mining and Retrieval (UIMR) and started as a Postdoctoral Researcher in the CLIQUE project on analyzing and visualizing large graphs and networks, specifically social networks and biological networks.

Since December 2009 he also holds an adjunct lectureship at NUIG. Starting with November 2010, he has been employed as a Senior Postdoc and is currently responsible for DERI's part of the ROBUST project, an EU-funded international project focusing on risks and opportunities in huge-scale business communities. Further, he contributes to the tasks of query processing and sensor mining in the SPITFIRE project, which aims at combining the "Internet of Things" with the "Web of Things".
Stefan Georg Weber

TU Darmstadt/CASED
"Multilaterally Secure Pervasive Cooperation"
December 1, 2011, from 4:45 p.m., CASED Building S4/14, Room 5.3.01, Mornewegstrasse 32, 64293 Darmstadt
Michael Schneider

TU Darmstadt
"Computing Shortest Lattice Vectors on Special Hardware"
November 11, 2011, 1:30-4:00 p.m., TU Darmstadt | Piloty- Building S2/02 Room C110
Kevin Falzon

University of Malta
"EC SPRIDE-Colloquium: Combining Runtime Verification and Testing Techniques"
November 11, 2011, from 10:00 a.m., CASED Building S4/14, Room 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Testing is a vital tool typically forming part of a system's verification strategy, yet creating and verifying individual test cases takes time, and ad- hoc testing is seldom comprehensive.

Model-based testing may be used to automatically generate or verify large volumes of test cases from a compact description of the system's expected behaviour. For example, QuickCheck Finite State Automata can be used to automatically generate sequences of function calls, and by observing their induced behaviour, it can determine their correctness.

Automation may allow for more tests to be carried out, yet exhaustive testing often presents an intractable problem.Runtime verification may make up for some of the shortcomings of testing by delaying verification until deployment. Contrary to testing, runtime monitors observe a system while it executes and detect violations at runtime, foregoing the need to generate input traces.

Each technique has its own advantages, and using both methods would be ideal, as runtime verification could uncover faults which escaped detection during the testing phase. Unfortunately, developing suitable models and properties for each technique takes time and requires significant expertise. In addition, manually creating distinct inputs for both techniques separately may result in inconsistent verification.

This talk will investigate the automatic translation of QuickCheck Finite State Automata into Dynamic Automata with Timers and Events (an automaton logic designed for runtime monitoring), enabling properties developed for the former technique to be automatically reused as inputs for the latter.

Contact: Karina Köhres, phone 75420, karina.koehresec-spride.de
Prof. Wenyuan Xu

Department of Computer Science and Engineering, University of South Carolina
"Can You Trust Your Cars?"
November 8, 2011, from 11:00 a.m., CASED, Mornewegstraße 32, 64293 Darmstadt, room 5.3.01

Wireless systems are being integrated into modern automobile. However, the security and privacy implication of those systems are not well understood as many of their communication protocols are proprietary. In this talk, we present a case study analyzing the first mandated in-car sensor networks, the tire pressure monitoring system (TPMS), using GNU Radio in conjunction with the Universal Software Radio Peripheral (USRP), a low-cost out-of-shelf software radio platform. We evaluated the security and privacy risks associated with TPMS using both laboratory experiments with isolated tire pressure sensor modules and experiments with a complete vehicle system. We show that eavesdropping is easily possible at a distance of roughly 40m from a passing vehicle using cheap antennas. Further, reverse-engineering of the underlying protocols revealed static 32 bit identifiers and that messages can be easily triggered remotely, which raises privacy concerns as vehicles can be tracked through these identifiers. Current protocols do not employ authentication and vehicle implementations do not perform basic input validation, thereby allowing for remote spoofing of sensor messages. We validated this experimentally by triggering tire pressure warning messages in a moving vehicle from our software radio attack platform located in a nearby vehicle. Finally, the talk concludes with a set of recommendations for improving the privacy and security of tire pressure monitoring systems and other forthcoming consumer wireless networks.
Further Informationen
Dipl.-Inf. Mathias Fischer

TU Ilmenau
"Construction of Attack-Resilient and Efficient Overlay-Topologies for Large-Scale IPTV Infrastructures"
October 31, 2011, 2:30-3:30 p.m., TU Darmstadt | Piloty- Building S2/02 Room A 213

As a consequence of network convergence and the aim to realize all services based on one unified IP-based technology, IPTV becomes more and more popular. In order to overcome the problems of an efficient distribution of IPTV content, Application Layer Multicast (ALM) emerged as a promising solution.

However, the dependency on potentially malicious or at least easily-attackable end-systems, renders ALM vulnerable against attacks. Moreover, attacks on underlay components can induce severe damage in the ALM overlay, since failures in the underlay may disrupt several overlay paths at once.

Such attacks include resource destruction attacks on routers and links, selective forwarding by compromised routers or due to ISP-assisted censorship from governmental authorities. In this talk, an approach will be presented that establishes IPTV overlays that are likewise resilient against attacks on end-hosts and on underlay components. Therefore, the existing concept of maximum resilient ALM single-stream topologies is transferred to an IPTV scenario. Furthermore, a construction mechanism is given that balances between the optimization goals of resilience against attacks on end-hosts and attacks on the underlay.

Simulations results indicate that topologies established in this manner represent an approximation close to the optimum regarding attacks on end-hosts. Besides, the interdependencies between the overlay and single underlay components are decreased considerably, so that the resulting overlay damage caused by attacks on the underlay is reduced.

Dieter Sommer, Project Manager

IBM Research Laboratory, Zurich
"Privacy-enhanced Identity Management – From Cryptography to Practice"
Research Seminar IT-Security
September 29, 2011, from 1:00 p.m., CASED, Mornewegstraße 32, 64293 Darmstadt, room 5.3.01

Anonymous credential schemes are a key ingredient for realizing modern privacy-enhanced identity management. Such schemes allow a user to make identity statements to other parties based on previously-obtained credentials through the execution of protocol transactions. Such transactions have the following privacy-preserving properties: Only partial information about a credential's attributes can be released and multiple transactions remain unlinkable. Thus, credentials are a powerful mechanism for minimizing the amount of released data and are an ideal technology for building user-centric privacy-enhanced identity management systems.

To realize a credential-based identity management system, cryptographic protocols are only one important building block – multiple additional ones are required to deploy such a system in practice. In this talk we present architectural aspects and the following essential building blocks: (1) An identity specification language used to describe the identity semantics of the credential protocols to be executed, (2) an access control system capable of authorizing users based on authentications performed with credential protocols, and (3) a method for run-time generation of the cryptographic credential protocols.

The system we present supports advanced features of credential systems such as making statements about multiple credentials in a single transaction, statements comprising disjunctions, and, of particular importance, accountability of an anonymous user.
Contact: Andrea Püchner, phone 75530, puechnerinformatik.tu-darmstadt.de
Further Informationen
Dr. Prasad G. Naldurg

Microsoft Research India, Bangalore
"EC-SPRIDE-Colloquium:Foundations of Dynamic Access Control"
September 15, 2011, from 10:00 a.m., CASED, Mornewegstraße 32, 64293 Darmstad, Room 3.1.01

In this talk, I will describe our work on understanding the foundations of dynamic access control. In contrast to traditional operating systems, new commercial operating systems e.g., Windows 7, and research operating systems such as Asbestos and Flume, include labels for integrity protection. Unlike the strict Bell-LaPadula mandatory access controls, these labels are allowed to change in controlled ways by users and applications. The implications of these dynamic changes need to be examined carefully, and existing formalisms cannot express or help us understand their impact on access control safety. We present a logic-programming framework to specify, analyze and automatically verify such dynamic access control models. We study the problem of reachability (equivalently safety) in these models and show that they are undecidable in the general case. We also identify a reasonably expressive fragment of this formalism that has a sound and complete decision procedure. We build a theory (and tool) based on bounded model-checking for reasoning about information flow in the general context, and show its application on real-world use-cases. We are able to highlight several important vulnerabilities in these models, as well as suggest design changes that can be provably validated. I will conclude a small discussion on open problems in this framework and future work. This talk summarizes some of our work from FMSE 2006, CCS 2008, PLAS 2009 (best paper) and SACMAT 2011.
Further Informationen
Dr. Debdeep Mukhopadhyay

"EC-SPRIDE-Colloquium: Cache Attacks on Symmetric Key Crypto-systems and their Formal Analysis"
September 9, 2011, from 9:00 a.m., CASED, Mornewegstraße 32, 64293 Darmstad, Room 3.1.01

In In the last decade it has been shown that almost every secure system in use today is vulnerable to a class of cryptographic attacks known as side-channel attacks. These attacks glean secret information through leakages from power, timing, and electro-magnetic radiation of the device. Preventing these attacks is difficult because the leakage not only depends on the cipher algorithm but also on the implementation and the execution platform. The counter-measures proposed in literature so far are ad-hoc and are either too difficult to implement or have large overheads. Moreover, most proposals only increase the complexity of the attack but do not prevent it. Theoretical analysis of side-channel attacks is critical in order to provide a fair evaluation of leaking crypto-systems. However developing such an analysis is challenging due to the device and implementation specific nature of side-channel attacks. The first step in formally analyzing side-channel attacks is to quantify the amount of information leaked from the implementation. Contemporary approaches abstract leakage from the physical devices by polynomial time functions. However this is known to correspond to more powerful leakages than what is actually observed in practice. An alternate approach is to approximate leakages by Hamming weight and distance models. Leakage, however, is a function of several parameters and the magnitude of leakage of each parameter may differ. For example, in software implementations of ciphers, leakage is influenced by numerous system specific parameters such as the cache architecture. Hamming weight or distance models does not always apply in these cases. Depending on the cipher algorithm, its implementation, and form of side-channel attack, the leakage contribution of each parameter would vary. Therefore, in order to have an accurate measure of information leakage, it is important to pin-point the causes of leakage and quantify the amount of information leaked from each source. In our research, we consider symmetric key ciphers implemented with look-up tables. In such implementations, the cache memory is the major source of leakage. We discovered that micro-architectural features in cache memories, such as non-blocking reads, out-of-order execution, parallelization, pipelining, and prefetching in memory accesses have a significant contribution in the leakage. We first demonstrate this threat, by presenting a cache timing attack on CLEFIA, which is a 128 bit block cipher designed by Sony Corporations. The attack was important, as it was widely believed in literature that ciphers with small tables are safe against cache attacks. In the second part of the talk, we formally analyze the cache based attacks by mathematically quantifying the leakage in commonly used prefetching algorithms. The analytical results, which were supported by experimentation, brought out interesting facts like the impact of the size, number of look-up tables and their relative placement on the information leakage. In the future, we plan to utilize the leakage models developed to construct a cipher provably resilient against side-channel attacks. The final objective is to implement the proposed cipher and then compare its side-channel resistance against state-of-the-art ciphers like AES and CLEFIA. The hope is the emergence of a new class of ciphers, more resistant against these lethal forms of attacks.
Further Informationen
Dr. Heiko Rossnagel & Jan Zibuschka

Fraunhofer-Institut für Arbeits¬wirtschaft und Organisation IAO Competence Team , Stuttgart
"Towards Viable Security Solutions - A Pragmatic Approach"
Research Seminar IT-Security
September 8, 2011, from 2:00 p.m., CASED, Mornewegstraße 32, 64293 Darmstadt, room 5.3.01

Technological solutions that address issues like security, privacy and reliability have been developed by companies and in research projects.

However, they often appear disconnected from markets, user needs and economic contexts. As a result several security and privacy technologies have become market failures in recent years. Economic issues are often neglected by technology developers. Instead security solutions continue to be designed with technological factors in mind, valuing increases in security guarantees and even technical complexity over practical relevance.

We argue that the widely lamented failure of many security solutions in the market is due to an overly technology- and complexity-driven design approach. Building on a literature review, we derive a set of factors influencing the viability of security solutions in the market, and thus the overall security level. Our approach requires designer to consider aspects of market compliance during the early stages of the design process.

Therefore, we present several methods that can be applied to achieve this goal. We build on earlier approaches and findings from IT security and related disciplines, but integrate them in a larger paradigmatic framework targeting specifically the security domain.
Further Informationen
Dr. Sameer Patil

School of Informatics and Computing, Indiana University
"EC-SPRIDE-Colloquium: "It depends": Reconciling Privacy and Awareness in Collaborative Work"
September 5, 2011, from 4:00 p.m., CASED, Mornewegstraße 32, 64293 Darmstad, Room 3.1.01
Further Informationen
Prof. Dr. Willem Jonker

Twente University and EIT ICT Labs
"EIT ICT Labs: driving ICT Innovation in Europe"
August 11, 2011, from 11:00 a.m., CASED Building S4/14, Room 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Prof. Willem Jonker (1962) has a broad background in ICT, both in industry as well as in academia. He studied mathematics and computer science at Groningen University, worked at Delft University of Technology, received his PhD from the University of Utrecht, and is a part-time full professor in computer science at Twente University.

Willem Jonker's industrial experience covers telecommunications (KPN), IT (European Computer industry Research Centre, Munich) and consumer electronics (Philips). He held several positions as researcher, international project leader, department head, sector head, and account manager. In 2006 he was appointed Vice President Philips Research. Prof. Dr. Jonker has served European ICT research in various ways amongst others as project leader, reviewer, and advisor.

Dr. Federica Paci

DISI, University of Trento, Italy
"EC SPRIDE Colloquium: ACConv- An access control model for conversational Web services"
August 10, 2011, from 4:00 p.m., CASED Building S4/14, Room 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

With organizations increasingly depending on Web services to build complex applications, security and privacy concerns including access control policy enforcement are becoming a serious issue. Ideally, service providers would like to make sure that clients have knowledge of only portions of the access control policy relevant to their interactions to the extent to which they are entrusted by the Web service and without restricting the client's choices in terms of which operations to execute.

This talk presents ACConv, a novel model for access control in Web services which is suitable when interactions between the client and the Web service are conversational and long-running. ACConv balance the trade-off between limiting the disclosure of access control policies by service providers and preventing interrupted conversations for clients.

Dr. Sebastian Gajek

Tel Aviv University, Israel
"EC SPRIDE-Colloquium: Secure Protocols for the Cloud by Design - Where composition comes to rescue"
August 10, 2011, from 2:00 p.m., CASED Building S4/14, Room 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

Designing and analyzing systems in a modular way has contributed to fundamental achievements in many realms of computer science and related fields (e.g. modularity, lower complexity, cost efficiency).

In contrast, building provably secure systems, that is systems within a mathematical model with well-defined security properties, in a composable way is subject to recent research.

Clouds are highly complex systems. Designing protocols for the cloud is delicate. Numerous cryptographic modules run in concurrent processes and interact with other, non-cryptographic operating system and network parts (e.g., caches, co-processors, access policies, process schedulers) of the system.

When analyzing such larger systems a major problem is scalability. The analytical complexity grows with the size of the cloud resulting likely in tedious or error-prone proofs. Composition naturally comes to rescue here. Simply decompose the larger system in smaller blocks, analyze each component stand-alone, and deduce security guarantees via a composition operator.

We motivate and present a framework for the modular design and analysis of protocols for Cloud applications. We then show how to construct cloud authentication protocols with the aid of a credential provider. Our construction can be seen as generic, composable compiler for practical and efficient federated identity management protocols (e.g., Facebook connect, Google sign in). Specifically, the compiler asserts strong security guarantees in the light of naive users and adversaries controlling relevant non-cryptographic protocol functionalities. Previous federated identity management protocols falled prey to attack by design under these realistic assumptions.

Dr. Eyad Alkassar

"EC SPRIDE-Colloquium: Cyberwars, Secure Systems and Formal Proofs"
August 10, 2011, from 11:00 a.m., CASED Building S4/14, Room 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

Dr. Christophe Tartary

Tsinghua University, Beijing, China, Institute for Theoretical Computer Science
"EC SPRIDE Colloquium: Graph Coloring and Secure Multiparty Computation in Non-Abelian Groups"
August 9, 2011, from 3:00 p.m., CASED Building S4/14, Room 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

Due to the expansion of communication networks, achieving secure distributed computation has become a major focus point for the research community. Even if some generic solutions are known since 1988, those protocols are computationally inefficient.

In this talk, we present a new way of designing unconditionally secure and efficient multiparty computation algorithms for non-Abelian groups in the passive (also known as semi-honest) case. By a result (due to Barrington) on performing secure computation in the symmetric group S5, our protocols can be used to securely compute arbitrary functions. Our approach is based on a security reduction to the existence of a particular class of colorings for planar graphs.

The computational complexity of our black-box construction is a small polynomial in the number of participants and it is independent on the size of the circuit used to compute the distributed function representing a major improvement on the generic 1988 solutions.

Dr. Rohid Chadha

LSV, ENS de Cachan, France
"EC SPRIDE-Colloquium: Automated verification of cryptographic protocols"
August 9, 2011, from 1:00 p.m., CASED Building S4/14, Room 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

The widespread use of internet has raised serious concerns of privacy and trust. In order to address these concerns, cryptographic protocols are widely used. A cryptographic protocol is a distributed program that uses cryptographic primitives to ensure security over an untrusted network. However, the design of cryptographic protocols has proven to be error-prone and several errors have been found. Thus, there is a need for building scalable tools for automatically verifying security of cryptographic protocols. The complexity of cryptographic protocols as well as the desired security guarantees presents unique challenges to verification of cryptographic protocols.

We illustrate these challenges within the context of

a) verifying cryptographic protocols with randomization and
b) verifying equivalence-based properties of cryptographic properties.

Prof. Dr. Frederik Armknecht

Universität Mannheim
"EC SPRIDE Colloquium: Adapted homomorphic encryption"
August 8, 2011, from 3:00 p.m., CASED Building S4/14, Room 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

Homomorphic encryption schemes are very useful cryptographic tools that enable computation on encrypted data without the need to know the plaintext. A little bit more formal, an encryption scheme is homomorphic with respect to a set of functions F if for any function f out of F one can derive an encryption of f(x_1,…,x_n) if only encryptions of x_1,…,x_n are given.

Such schemes have been discussed in the context of various applications like cloud security or multi-party computation. Unfortunately, all existing schemes are either too inefficient for practical purposes or support only a very limited set of functions (often only one specific algebraic operation). One reason is certainly that in cryptography, one usually aims for schemes that are ‘’good for everything’’, that is being as flexible as possible and meet the highest possible security standards.

In this talk, we discuss a relaxed approach. For many practical applications, adapted homomorphic encryption schemes would be sufficient. That is schemes which provide only restricted functionalities and/or that are secure with respect to a weaker attacker model. We show that by relaxing the conditions, new schemes are possible that can be much faster and compact than existing schemes, nonetheless being perfectly suited for the considered applications.

Dr. Eric Bodden

TU Darmstadt/CASED
"EC SPRIDE Colloquium: Clara - Proving safety and security properties by evaluating runtime monitors ahead of time"
August 8, 2011, from 1:00 p.m., CASED Building S4/14, Room 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

A runtime monitor observes events during a program's execution and validates these events against the specification of a safety or security property. When detecting a property violation, the monitor can log the violation or even prevent the violating event from actually occurring. As we show, the latter allows the enforcement of access-control policies.

In this talk we focus on the Clara system for evaluating runtime monitors ahead of time. Clara statically evaluates runtime monitors expressed as "aspects" in the aspect-oriented programming language AspectJ. Monitors expressed as aspects are easy to write, read, maintain and analyze. This allows Clara to use syntactic, pointer-based and control-flow-based analysis techniques to partially evaluate runtime monitors already at compile-time.

Partial ahead-of-time evaluation is a powerful concept: For many programs, Clara can prove the absence of property violations on all possible executions. For other programs, Clara typically restricts the program instrumentation for runtime monitoring to a necessary minimum, speeding up the runtime monitoring process by orders of magnitude. In this talk we cover previous work on applying Clara to validate safety properties of large-scale Java programs, but we also introduce our current and planned lines of work on using Clara to enforce access-control and information-flow policies.

Dr. Thomas Schneider

TU Darmstadt/CASED
"EC SPRIDE Colloquium: Engineering Cryptographic Protocols (ENCRYPTO)"
August 8, 2011, from 10:00 a.m., CASED Building S4/14, Room 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

As today’s world gets more and more connected, actors with different and potentially conflicting interests want to interact in many application scenarios. Examples are citizens and governments (electronic passport and id), patients and health insurances (electronic health card, e-health services), or companies (cloud computing). In this context, it is of foremost importance that the underlying IT systems and algorithms can fulfill the diverse security and privacy requirements of the involved parties. In particular, if sensitive (e.g., medical) data is processed by not fully trusted service providers (e.g., "in the cloud"), conformity with data privacy protection laws must be guaranteed.

Privacy-preserving cryptographic protocols allow to process such sensitive data in a provably secure way. Until today, the design and implementation of privacy-preserving protocols, efficient enough to be used in practical applications, is a challenging and error-prone task even for experts in the field. To make such protocols widely accessible to non-expert users, tools are needed that automatically generate efficient and secure privacy-preserving cryptographic protocols from high-level specifications.

In this talk we give an overview on our past, present, and future research performed in the area of Engineering Cryptographic Protocols (ENCRYPTO).

The long-term goal of ENCRYPTO is to provide models, languages, and tools for security and privacy by design during the entire lifecycle of privacy-preserving protocols in various application scenarios.

Dr. Cheng Feng

Hasso Plattner Institute (HPI) at University of Potsdam, Potsdam, Germany
"An Easy-to-Use Network Security Lab Manufacturing Platform"
July 25, 2011, from 2:00 p.m., Fraunhofer SIT, Rheinstr. 75, 64295 Darmstadt,TK-Lab

Dr. Feng Cheng is now a research associate at Hasso Plattner Institute (HPI) at University of Potsdam (Uni Potsdam), Germany. His research is mainly focused on network security, firewall, IDS/IPS, protocol analysis, attack modeling and penetration testing, SOA and Cloud Security, etc.

This talk addresses the challenge for designing, creating, maintaining and delivering the security lab by proposing a Cloud based Network Security Lab Manufacturing Platform. Each experimental scenario is specified by three ways: a machine-readable text specification, a visible diagram, and an attack graph.

Using a well-structured data model, the real world IT entities involved in the target scenario, such as hosts, switches, and firewalls, etc., as well as their connectivity are represented in a formal way which can be directly understood by computers. Using a graphic user interface, users can create a new scenario or edit an old one on the diagram.

An attack graph is affiliated with the scenario to show all the possible attack paths which might happen in this scenario. The text based specification can further be used to automatically build the virtual network corresponding to the scenario with the support from a highly efficient Virtual Machine (VM) management framework. Flags are assigned in the output virtual network based on the attack graph of the target scenario, which are supposed to be captured by students. During the live experiment, students' behaviors and other real time lab information are gathered through the scanners or IDS sensors deployed in the scenario and then visualized on both the diagram and attack graph so that the instructors can monitor students' activities and evaluate their performance accordingly.

The overall infrastructure of the proposed platform is expected to be implemented based on the concept of “Experiment as a Cloud” which makes it possible to be efficiently executed, flexibly adapted and remotely accessed even by other universities or institutions which do not have efficient hardware and software resources.

Andrea Püchner, phone 75530, puechnerinformatik.tu-darmstadt.de
Henner Jakob

INRIA Institut Nationale de Recherche en Informatique et en Automatique, Bordeaux, France
"Towards Securing Pervasive Computing Systems by Design – A Language Approach"
July 20, 2011, 10:00-11:00 a.m., CASED Building S4/14, Room 5.3.01, Mornewegstrasse 32, 64293 Darmstadt
Dan Wallach

Rice University , Houston, Texas, USA
"Lightweight Provenance for Smart Phone Operating Systems"
July 19, 2011, from 2:00 p.m., CASED Building S4/14, Room 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Short CV

Dan Wallach is an associate professor in the Department of Computer Science at Rice University in Houston, Texas and is the acting director of NSF's ACCURATE (A Center for Correct, Usable, Reliable, Auditable and Transparent Elections). His research considers a variety of different computer security topics, ranging from web browsers and servers through electronic voting technologies and smart phones.

Abstract

Smartphone apps are often granted to privilege to run with access to the network and sensitive local resources. This makes it difficult for remote endpoints to place any trust in the provenance of network connections originating from a user's device. Even on the phone, different apps with distinct privilege sets can communicate with one another.

This can allow one app to trick another into improperly exercising its privileges (resulting in a confused deputy attack). In Quire, we engineered two new security mechanisms into Android to address these issues. First, Quire tracks the call chain of on device IPCs, allowing an app the choice of operating with the reduced privileges of its callers or exercising its full privilege set by acting explicitly on its own behalf.

Second, a lightweight signature scheme allows any app to create a signed statement that can be verified by any app on the same phone. Both of these mechanisms are reflected in network RPCs. This allows remote systems visibility into the state of the phone when the RPC was made. We demonstrate the usefulness of Quire with two example applications: an advertising service that runs advertisements separately from their hosting applications, and a remote payment system. We show that Quire's performance overhead is minimal.

Joint work with Michael Dietz, Shashi Shekhar and Anhei Shu.
Further Informationen
Sören Bleikertz

IBM Research Laboratory, Zurich, Switzerland
"Automated Verification of Virtualized Infrastructures"
July 19, 2011, from 11:00 a.m., CASED Building S4/14, Room 3.1..01, Mornewegstrasse 32, 64293 Darmstadt

Short-CV

Sören Bleikertz is a predoctoral researcher at the IBM Research Zurich laboratory focusing on security in virtualized systems and cloud computing. He holds two Master of Science degrees in Security and Mobile Computing from Norwegian University of Science and Technology and Technical University of Denmark respectively.

Abstract

Virtualized infrastructures and clouds present new challenges for security analysis and formal verification: they are complex environments that continuously change their shape, and that give rise to non-trivial security goals such as isolation and failure resilience requirements. We present a platform that connects declarative and expressive description languages with state-of-the art verification methods. The languages integrate homogeneously descriptions of virtualized infrastructures, their transformations, their desired goals, and evaluation strategies. The different verification tools range from model checking to theorem proving; this allows us to exploit the complementary strengths of methods, and also to understand how to best represent the analysis problems in different contexts. We consider first the static case where the topology of the virtual infrastructure is fixed and demonstrate that our platform allows for the declarative specification of a large class of properties. Even though tools hat are specialized to checking particular properties perform better than our generic approach, we show with a real-world case study that our approach is practically feasible. We finally consider also the dynamic case where the intruder can actively change the topology (by migrating machines). The combination of a complex topology and changes to it by an intruder is a problem that lies beyond the scope of previous analysis tools and to which we can give first positive verification results.
Further Informationen
Prof. Marina Blanton, Ph.D.

University of Notre Dame,, Indiana, USA
"Secure Biometric Computation and Outsourcing"
July 15, 2011, from 2:00 p.m., CASED Building S4/14, Room 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Short CV

Marina Blanton is an Assistant Professor in the Department of Computer Science and Engineering at the University of Notre Dame. She received her Ph.D. in CS from Purdue University in 2007, MS in CS from Purdue University in 2004, and MS in EECS from Ohio University in 2002. Dr. Blanton's research interests lie in information security, privacy, and applied cryptography. She has over 40 research publications, is a co-editor of a recently published two-volume "Algorithms and Theory of Computation Handbook," and is actively involved in professional service

Abstract

Recent advances in biometric recognition and the increasing use of biometric data prompt significant privacy challenges associated with the possible misuse, loss, or theft of biometric data. There are legitimate reasons for biometric matching to be performed by two mutually distrustful parties, where due to privacy and liability considerations, neither party is willing to share its data. Alternatively, biometric experiments run by a single entity are often so large in scale that they are inevitably placed on an untrusted computational cloud or grid, where sensitive biometric data must also be protected. This gives rise to the need to develop secure computation and outsourcing techniques over biometric data where no information is revealed to the participants except the desired outcome of the computation and the outcome of the computation can be trusted. In this talk, I will describe our recent results for securely comparing biometric images and outsourcing computation over biometric data in a robust manner. Techniques for matching the two biometrics are presented on the example of iris codes.
Prof. Johannes Buchmann

CASED|TU Darmstadt
"Impulse: Threats and Approaches, Perspectives in Security Research"
July 6, 2011, from 10:45 a.m., Conference
Further Informationen
Prof. Dr. Michael Waidner

CASED | Fraunhofer SIT, Darmstadt
"Keynote: Internet als öffentlicher Raum (Internet as public space)"
July 5, 2011, from 1:00 p.m., Conference

Keynote: Johannes Buchmann

CASED| TU Darmstadt
"11th Central European Conference on Cryptology"
Keynote: Johannes Buchmann
June 30 - July 2, 2011, Debrecen, Hungary

Confirmed invited speakers

- Johannes Buchmann, CASED/Technische Universität Darmstadt

- Bart Preneel, Katholieke Universiteit Leuven

- Gábor Tardos, Alfréd Rényi Institute of Mathematics of the Hungarian Academy of Sciences
Further Informationen
Jan Wulfes

Technische Universität Dresden
"Dining Cryptographers in the real world - the next big thing in anonymity services?"
Research Seminar IT-Security
June 28, 2011, from 2:00 p.m., CASED, Mornewegstraße 32, 64293 Darmstadt, room 4.3.01

Currently available anonymity services are normally based on mix network technologies. Despite their well-proven techniques, they have recently become prone to legal attacks such as the data retention law.

An alternative approach based on the Dining Cryptographers Network (DC) is presented in this talk. It provides a theoretically well defined anonymity. For confidentiality a trustworthy server, unlike mix technologies, is not required. This countervails the new threat of legal attacks.

Based on our recent work, we present an implementation and provide real-world results. Furthermore, we will discuss future research goals in the field of DC networks.
Further Informationen
Keynote: Johannes Buchmann

CASED| TU Darmstadt
"MEGA 2011: Effective Methods in Algebraic Geometry"
May 30 - June 3, 2011, Stockholm University, Sweden

MEGA is the acronym for Effective Methods in Algebraic Geometry, a series of roughly biennial conferences on computational and application aspects of Algebraic Geometry and related topics with very high standards.
Further Informationen
Dr. Salil Kanhere

University of New South Wales, School of Computer Science and Engineering, Sydney, Australia
"Improving QoS in Mobile Networks using Geo-Intelligence"
May 30, 2011, from 2:00 p.m., S3/06 - 249 (City campus)

Abstract: The proliferation of smart mobile devices has given birth to a new Internet access scenario. More users are now accessing the Internet while travelling in cars, buses and trains. These users cover significant distances within an active Internet session opening up new opportunities as well as challenges for the Internet access.

For example, a fast moving user visits many different locations within a short time, creating the opportunity to optimize session uploads and downloads by exploiting the networking diversity available in those locations. In contrast, due to the location-sensitiveness of wireless performance, a fast moving user faces escalating bandwidth uncertainly, making real-time multimedia a challenging problem.

How to optimize the Internet access for fast moving users has become a topic of intense research in the recent years. In this talk, we introduce the concept of geo-intelligence, which entails the creation of a high- resolution geographic network performance map that continuously collects and summarizes user experiences for each 500 meter of the road.

The presentation will show how to create, store, and interface such maps to existing communication protocols. Maps created for the largest 3G providers in Australia along a 23Km route in the city of Sydney will be analyzed. Results from a recent prototype test drive, which demonstrates the utility of such maps for improving the quality of multimedia streaming in the vehicular environment will be presented.

Bio: Salil Kanhere received his MS and PhD, both in Electrical Engineering from Drexel University, Philadelphia, USA in 2001 and 2003, respectively. He is currently a Senior Lecturer in the School of Computer Science and Engineering at the University of New South Wales in Sydney, Australia. His current research interests include participatory sensing, mobile networks and wireless sensor/mesh networks.

Salil has served on the organising committees and program committees of numerous conferences. He serves as the Associate Editor for the European Transactions on Telecommunications and the ICST Transactions on Ubiquitious Environments. Salil is a Senior Member of the IEEE.
Dan Yamamoto

Hitachi, Ltd., Yokohama Research Laboratory, Japan
"Web security and identity management"
May 25, 2011, 11:00-11:30 a.m., CASED Building S4/14, Room 5.3.01, Mornewegstrasse 32, 64293 Darmstadt
Dr. Mario Lischka

NEC Laboratories Europe, Heidelberg
"Specifying Privacy with XACML"
Research Seminar IT-Security
May 12, 2011, from 1:00 p.m., Room 4.3.01

The presentation will give an introduction into the current standard of the OASIS XACML and show its potentials to model privacy policies. Based on the experiences in the FP7 SWIFT project an extension for deductive and distributed policy specification and evaluation will be presented. This extension not only provides mechanism to control the release of private information but also enables new solutions for SaaS scenarios.
Further Informationen
Benjamin Kellermann, TU Dresden

"Dudle: Mehrseitig Sichere Web 2.0-Terminabstimmung"
Research Seminar IT-Security
April 14, 2011, from 3:00 p.m., CASED, Mornewegstraße 32, 64293 Darmstadt, room 4.3.01

Es existiert eine Vielzahl an Web 2.0-Applikationen, welche es einer Gruppe von Personen ermöglichen, einen gemeinsamen Termin zu finden (z. B. doodle.com, moreganize.ch, whenisgood.net, agreeadate.com, meetomatic.com, etc.)

Der Ablauf ist simpel: Ein Initiator legt eine Terminumfrage an und schickt den Link zu der Umfrage zu den potentiellen Teilnehmern. Nachdem jeder Teilnehmer der Anwendung seine Verfügbarkeiten mitgeteilt hat, kann anhand dieser Informationen ein Termin gefunden werden, der am besten passt.

Die sogenannten „Verfügbarkeitspattern“ beinhalten oft sensitive Informationen, die auf mindestens zwei Arten die Privatsphäre beeinträchtigen. Zum einen können Dritte direkt Daten über das private Leben der Personen einsehen („Wird mein Mann für das Datum an unserem Hochzeitstag stimmen?“).

Zum anderen können Dritte diese Informationen mit anderen Informationsquellen
verketten und dadurch möglicherweise Individuen identifizieren, die

sonst anonym geblieben wären („Das Verfügbarkeitsmuster des Benutzers „flotter_hase23“ sieht dem meines Arbeitskollegen aber verdächtig ähnlich!“).

Neben den Privacy-Problemen existieren bei allen bisherigen Lösungen
Sicherheitsprobleme. So erlauben die meisten Applikationen das Ändern der Daten anderer, es ist möglich, dass man eine falsche Identität vorgibt oder mehrfach abstimmt.

In diesem Vortrag werden existierende Ansätze für das Terminabstimmungsproblem sowie eine mehrseitig sichere Lösung vorgestellt.
Contact: Andrea Püchner, phone 75530, puechnerinformatik.tu-darmstadt.de
Jim Whitmore, IBM Security Solutions, Mechanicsburg, PA

"Developing Software with Security in Mind"
Research Seminar IT-Security
April 5, 2011, from 2:00 p.m., CASED, Mornewegstraße 32, 64293 Darmstadt, room 5.3.01

As use of computing grows, so does the concern over vulnerable information,
computing systems and computing services.
For hardware and software components, this means that the distinction between
"Commercial-Off-The-Shelf" or "High Assurance" is blurring, and will
eventually vanish altogether. For developers of computing products and services,
this means a increasing awareness of the attention that is paid to security
throughout the solution lifecycle. For academia and professional organizations,
this means that the treatment of security in development needs to be
front and center in Engineering and Computer Science curricula and certifications.
The IBM Security Solutions organization has been examining these issues and
working on a strategy of continuous security improvement in its development
organizations. This talk will describe the IBM Secure Engineering Initiative and
discuss the considerations for secure software found within and beyond the
development process.
Contact: Andrea Püchner, phone 75530, puechnerinformatik.tu-darmstadt.de
Dr. Sebastian Gajek, Tel Aviv University

"Playing Games in UC"
Research Seminar IT-Security
March 31, 2011, from 3:30 p.m., CASED, Mornewegstraße 32, 64293 Darmstadt, room 4.3.01

Universally Composable (UC) security provides a very strong guarantee:

A UC-secure protocol maintains its security properties when used in any execution environment. In many cases, however, full universal composability is not required; milder and more specific composability guarantees suffice.

We formulate a refinement of UC security, called UC with Specialized Environments (SPUC), that allows asserting and proving security properties that withstand only partial and restricted composition operations. The refined operation provides a versatile and powerful tool for asserting security properties for realistic protocols. For instance, it can be used to capture several (global) trusted set-up assumptions, network and input restrictions, and game-based
notions of security. In fact, we show that game-based definitions can be casted as a special case of our framework.

We then demonstrate the power of SPUC security by using it to capture for the first time the security properties of CPA-secure symmetric encryption and message authentication codes, as single instance protocols in a composable security framework. This allows us to analyze the security of hybrid encryption, and several common secure communication session protocols in a way that is modular, abstract, and amenable to efficient automation. Joint work with Ran Canetti.

Contact: Andrea Püchner, phone 75530, puechnerinformatik.tu-darmstadt.de
Prof. Benny Pinkas

Bar Ilan University, Israel
" Issues in the Security of Cloud Storage: Oblivious RAM, and Deduplication vs. Privacy"
February 10, 2011, from 2:00 p.m., CASED, Mornewegstraße 32, 64293 Darmstadt, room 5.3.01

The talk will discuss two issues in the security of cloud storage services.

The first issue is a reinvestigation of oblivious RAM, a concept introduced by Goldreich and Ostrovsky. Oblivious RAM enables a client with limited local storage to store remotely $n$ data items, and access them while hiding the identities of the items which are being accessed. Oblivious RAM is often cited as a powerful tool, but it is also commonly considered to be impractical due to its overhead, which is asymptotically efficient but is quite high. We redesign the oblivious RAM protocol using modern tools, namely Cuckoo hashing and a recent oblivious sorting algorithm. The resulting protocol uses only $O(n)$ external memory, and replaces each data request by only $O(log2 n)$ requests.

The second part of the talk will discuss deduplication, a form of compression in which duplicate copies of files are replaced by links to a single copy. Deduplication is known to reduce the space and bandwidth requirements of cloud storage services by more than 90%, and is most effective when applied across multiple users. We study the privacy implications of cross-user deduplication. We demonstrate how deduplication can be used as a side channel which reveals information about the contents of files of other users, or as a covert channel by which malicious software can communicate with its control center. Due to the high savings offered by cross-user deduplication, cloud storage providers are unlikely to stop using this technology. We therefore propose mechanisms that enable cross-user deduplication while ensuring meaningful privacy guarantees.

Joint work with Tzachy Reinman, and with Danny Harnik and Alexandra Shulman-Peleg.
Dr. Thomas Groß

IBM Research, Zurich Laboratory, Zurich, Switzerland
"Research Seminar IT-Security Date: Credential Authenticated Identification and Key Exchange (CAID/CAKE) "
February 3, 2011, from 11:00 a.m., CASED Building S4/14, Room 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

We study two-party identification and key-exchange protocols in which users authenticate themselves by proving possession of credentials satisfying arbitrary policies, instead of using the more traditional mechanism of a public-key infrastructure.

For instance, Alice can prove that she is a citizen of Belgium and PhD student and KU Leuven, whereas Bob proves that he is a citizen of Germany and PostDoc at Fraunhofer SIT based on their respective credentials. If both participants fulfill the policy, they can establish a fresh joint key for a secure channel, otherwise they will not learn information about their respective credentials.

We give definitions for CAID and CAKE in the Universal Composability (UC) framework and propose practical protocols satisfying these definitions for policies of practical interest. All protocols are analyzed in the common reference string model, assuming adaptive corruptions with erasures, and no random oracles.

The new security notion includes password-authenticated key exchange (PAKE) as a special case, and new, practical protocols for this problem are proposed as well, including the first such protocol that provides resilience against server compromise (without random oracles).

The talk will cover concepts and UC-specification of CAID and CAKE, an introduction to tools and sub-protocols we used to realize the protocols, and how to put it all together. It is joint work of Jan Camenisch, Nathalie Casati, Thomas Groß and Victor Shoup published at CRYPTO 2010 and IACR ePrint 2010/055.
Further Informationen
Dr. Douglas Stebila

Queensland University of Technology, Brisbane, Australia
"Research Seminar IT-Security Date: DoS-resistant key exchange: models and mechanisms"
January 25, 2011, from 10:00 a.m., CASED Building, Room 4.3.01, Mornewegstrasse 32, 64293 Darmstadt

Abstract
Security models for key exchange have been around for many years, but only recently have started to include consideration of denial-of-service attacks.
This talk will consider security models for client puzzles and in particular introduce a new model to be presented at CT-RSA 2011. The new model incorporates the possibility that an adversary may attack multiple puzzles simultaneously.
In addition we will consider the notion of gradual authentication as applied to key exchange and introduce a new mechanism combining client puzzles and digital signatures with fast verification, to be presented at ASIACCS 2011.
This is joint work with Colin Boyd, Juan Gonzalez, Lakshmi Kuppusamy, and Jothi Rangasamy.
Short Bio
Dr. Douglas Stebila is a lecturer in the Information Security Institute at the Queensland University of Technology in Brisbane, Australia. Originally from Canada, he earned a PhD from the University of Waterloo in 2009.
His research addresses a variety of areas in cryptography, including key exchange, denial of service resistance, password authentication, security models, and quantum cryptography. He will be visiting TU Darmstadt until February 2.
Further Informationen
Dipl.-Math., M.A.St. Andreas Peter

Technical University of Darmstadt
"A Clearner View on IND-CCA1 Secure Homomorphic Encryption using SOAP"
Research Seminar IT-Security

January 18, 2011, from 10:00 a.m., Room 4.3.01

Informally, a public-key encryption scheme is called homomorphic, if it allows one to evaluate certain functions over encrypted data without being able to decrypt. These schemes are being extensively studied as they provide the basis for various important applications, such as Outsourcing of Computation, Electronic Voting, Private Information Retrieval, etc.
In this talk, I will give a complete characterization both in terms of security and design of a large class of such schemes that particularly comprises the prominent examples ElGamal and Paillier. This is done by considering the security and structure of a certain abstract scheme that represents the whole class.
For instance, one can show that its IND-CCA1 security is equivalent to the hardness of a new abstract problem called Splitting Oracle-Assisted Subgroup Membership Problem (SOAP).
To highlight the significance of this result, I will then explain its use for determining the security of existing schemes, deriving impossibility results, and constructing new schemes. This is joint work with Frederik Armknecht and Stefan Katzenbeisser.
Further Informationen
André König

"Security in Infrastructure‐less and Decentralized Communication Networks Location‐based Intrusion Response and User‐based Cooperative Decisions"
December 14, 2010, from 10:00 a.m., CASED Building S4/14, Room 4.3.01, Mornewegstrasse 32, 64293 Darmstadt

Infrastructure‐less and decentralized communication substrates such as mobile ad hoc networks and peer‐to‐peer systems enable setting up communication services beyond the borders of contemporary wired or cellular client/server systems.

Yet, due to their specific characteristics like wireless multi‐hop data transmission and lack of central trusted instances, infrastructure‐less and decentralized networks are also beyond the protection of contemporary security mechanisms.

This especially requires consideration in possible first responder or military application scenarios. Various new threats targeting each layer of the ISO/OSI model have been identified. Central questions regarding security include how to deal with misbehavior and how to protect information in networks without well‐defined borderlines, consisting of devices, services and users from multiple administrative domains.

This talk summarizes the PhD thesis of André König, which is advised by Prof. Steinmetz, Prof. Klara Nahrstedt, and Prof. Matthias Hollick. We present possible solutions for excluding misbehaving nodes from infrastructure‐less networks to recover the availability of the network in presence of attacks.

We further present mathematical tools for governing cooperative decision processes without central trusted instances as basis for security objectives such as authentication and access control in decentralized systems. We show evaluation results based on analytical models as well as simulation and testbed studies.
Óscar García-Morchón

Distributed Sensor Systems, Philips Research Europe
"Security for Pervasive Healthcare"
November 29, 2010, from 2:00 p.m., CASED Building S4/14, Room 4.3.01, Mornewegstrasse 32, 64293 Darmstadt

Ubiquitous 24/7 health monitoring systems based on wireless medical sensors are going to play a key role for pervasive e-health applications. These systems allow care givers to early detect and act on signs of patients' clinical deterioration improving quality of care in a reliable unobtrusive and cost effective way.

Ensuring the privacy and security of the exchanged information is challenging in pervasive e-health environments due to the resource constraints of tiny wireless medical sensors and operational requirements such as user mobility, strict latency needs, or the multitude of parties involved in the system.

We describe a comprehensive and practical security framework for these pervasive health monitoring systems. We distinguish three layers addressing the specific security needs at the patient area network, medical sensor network, and back-end levels.

Thereby our architecture accommodates the healthcare institution-centric approach predominant today while making provisions for the more patient-centric vision of pervasive e-health environments. The tailored security mechanisms for each individual layer as well as their interworking are presented and evaluated.

The analysis shows that our proposed security framework allows the deployment of wireless medical sensor networks in a very efficient way.
Prof. Dr. Hannes Frey

University of Paderborn, Paderborn, Germany
"Scalable Routing Algorithms for Large Scale Wireless Networks"
November 26, 2010, 10:15-11:00 a.m., CASED Building, Room 4.3.01, Mornewegstrasse 32, 64293 Darmstadt

Large scale wireless networks like ad hoc, sensor sensor actuator or robot networks consist of devices which are communicating wireless without using a fixed network infrastructure. Due to limited transmission range, communication between two nodes often requires collaborating intermediate nodes in order to route messages along a path connecting source and destination node.

Data communication by message routing gets a challenging task in large scale ad-hoc networks like sensor networks consisting of thousands of nodes. Networks with battery operated nodes have only a limited amount of total energy available.

It is thus of great importance that such routing protocols are operating in an energy efficient manner. Moreover, opposed to traditional networks, changes in the network topology - resulting form device mobility or form wireless channel fluctuations - are the rule and not an exceptional case.

This talk will discuss the class of localized routing algorithms which are a significant paradigm shift form traditional routing mechanisms, those based on global message exchange. In such algorithms the decision about the next hop forwarding node is based on information about the current and the nodes in its vicinity only.

Maintenance of the routing infrastructure is just limited on local exchange of information with the immediate neighborhood. The local exchange of control messages is thus not depending on the total network size.

Moreover, changes in the network topology just require control message exchange with neighbor nodes in the immediate surrounding of that change. From that perspective, such network protocols are arbitrary scalable with respect to the network size.
Dr. Utz Roedig

University of Lancaster, Lancaster, UK
"Time-Critical Data Delivery in Wireless Sensor Networks"
November 26, 2010, 9:30-10:15 a.m., CASED Building, Room 4.3.01, Mornewegstrasse 32, 64293 Darmstadt
Prof. Dr. Johannes Buchmann

CASED/Technical University of Darmstadt
"Data Privacy Protection in the Future Internet"
November 25, 2010, from 4:00 p.m., Building S2/02, Room C 205, Robert-Piloty-Gebäude, Hochschulstraße 1, 64289 Darmstadt

In the lecture series on the occasion of "40 Years of Hessian Data Privacy Act" Prof. Dr. Johannes Buchmann will talk about "Data Privacy Protection in the Future Internet".
Further Informationen
André Miede, M.Sc.

E-Finance Lab and Multimedia Communications Lab partnership at Technische Universitaet Darmstadt
"Research Seminar IT-Security: Cross-organizational Service Security -- Attack Modeling and Evaluation of Selected Countermeasures ("
November 18, 2010, from 2:00 p.m., CASED Building, Room 4.3.01, Mornewegstrasse 32, 64293 Darmstadt

Challenging market dynamics and the rise of complex value networks require organizations to adjust their processes rapidly in order to stay competitive. Because many organizational processes are directly supported or even enabled by Information Technology (IT), a process is only as flexible as its underlying technological representation.

The Service-oriented Architecture paradigm (SOA) offers means on both a technological and organizational level for the flexible integration of internal and external IT systems. Thus, services are used to assemble processes through service compositions, as well as across enter-prise boundaries.

Such cross-organizational service-based workflows lead to a global SOA which is often referred to as the “Internet of Services''. The main tenor of current SOA security research is that conventional security measures are not effective enough in the SOA context.

Furthermore, just equa-lizing SOA security with Web service security reduces SOA security require-ments to Web service security standards and their configuration, which is an incomplete view. This talk shows a selection of my thesis' contributions regarding the security of service-based systems. An attack scenario of traffic analysis that threatens relationship anonymity in the Internet of Services is investigated, due to its system-inherent implications.

With a particular focus on service compositions, a simulation-based evaluation of different attack models and scenarios offers insights regarding the anonymity of cross-organizational collaboration. Fur-thermore, the impact of using standard anonymity mechanisms on selected Quality of Service parameters is evaluated for Web services in real networks.

The obtained results aim at identifying the limits of anonymity in the Internet of Services and at quantifying side-effects of using state-of-the-art counter-measures. This talk summarizes my PhD thesis, which is adviced by Prof. Steinmetz (TU Darmstadt) and Prof. Schill (TU Dresden).

Short CV

André Miede is a researcher with the E-Finance Lab and Multimedia Communi-cations Lab partnership at Technische Universitaet Darmstadt. His research focuses on security for Service-Oriented Architectures (SOA) and the Internet of Services, especially on attack and countermeasure aspects. In addition to his research activities, he is a senior consultant in the financial services sector for BearingPoint in Germany.
Working Conference on Policies & Research in Identity Management (IDMAN’10)
"Melanie Volkamer gives keynote speech: Security in electronic voting systems"
November 18, 2010, from 1:00 p.m., Oslo, Norway

Electronic voting has a young and attractive history, both in the design of basic cryptographic methods and protocols and in the application by communities who are in the vanguard of technologies. The crucial aspect of security for electronic voting systems is subject to research by computer scientists as well as by legal, social and political scientists. The essential question is how to provide a trustworthy base for secure electronic voting, and hence how to prevent accidental or malicious abuse of electronic voting in elections. The handling of electronic and real identities, both in identifiable and anonymized ways, is one of the key challenges in electronic voting.
Further Informationen
Claude Crepeau

McGill University
"Oblivious Transfer from weakly homomorphic encryption schemes"
November 11, 2010, 11:40-12:40 a.m., TU Darmstadt | Piloty- Building S2/02 Room E115

Recently, a number of new cryptographic assumptions were invented as a response to Shor's algorithm. Many of these new assumptions have some homomorphic properties, giving rise to the very first "fully homomorphic" encryption scheme by Gentry. On the other hand, most of these new assumptions do not have the general structures used in the past to securely implement Oblivious Transfer. We show in this work, that a new construction allows us to demonstrate that several of these assumptions are nevertheless sufficient for Oblivious Transfer. Joint work with Raza Ali Kazmi.
Further Informationen
Boris Skoric

Eindhoven University of Technology
"Recent advances on Tardos codes"
September 14, 2010, from 1:30 p.m., TU Darmstadt | Piloty-Building S2/02, Room E202

Fingerprinting provides a means for tracing the origin and distribution of digital data. Before distribution of digital content, the content is modified by applying an imperceptible fingerprint, which plays the role of a personalized serial number. The fingerprint is usually embedded through a watermarking algorithm. Once an unauthorized copy of the content is found, the identity can be determined of those users who participated in the creation of the unauthorized copy. This can be done using a tracing algorithm, which outputs a list of allegedly guilty users. This process is also known as `forensic watermarking'.

Reliable tracing of content requires security against attacks that aim to remove the embedded information from a copy. Collusion attacks, where a coalition of pirates collude to compare their copies, are a particular threat. As any differences between the copies have to arise from the watermarks and not the content, such a comparison gives information which can be used to remove the watermark.

The by now famous Tardos code has asymptotically optimal (for large coalitions) resilience against collusion attacks. However, there are several unresolved issues regarding the performance of the code for small coalitions, and several seemingly arbitrary parameter choices in the q-ary generalization of the Tardos code.

This talk presents recent work that resolves some of these issues.
Thorsten Holz

Ruhr Universität Bochum
"Botnet detection and mitigation: taking down Waledac"
July 5, 2010, from 3:00 p.m.

At the end of February 2010, the Waledac botnet was taken down in a joint effort of several experts from both academia and industry. Waledac is a peer-to-peer botnet and thus simply taking down only Command & Control servers or domains related to the botnet would not have been an effective countermeasure.

In addition, the peer-to-peer aspects also had to be taken into account to prevent the botmasters from regaining control of the bots. In this talk, we present an overview of the take-down of Waledac and shed some light into the activities that happened behind the stages.

Furthermore, we will also focus on future work in the area of botnet detection and mitigation.

Short Biography: Thorsten Holz is an assistant professor at Ruhr-University Bochum, Germany. He is a member of the International Secure Systems Lab and recently left the Technical University Vienna, where he worked for about one year as postdoctoral researcher.

His research interests include the practical aspects of secure systems, but he is also interested in more theoretical considerations of dependable systems. Currently, his work concentrates on bots/botnets, malware analysis, and security of social networks.
Further Informationen
Dr. Salil Kanhere

University of New South Wales, School of Computer Science and Engineering, Sydney, Australia
"Ear-Phone: A participatory sensing system for noise monitoring"
June 29, 2010, 2:45-3:45 p.m., CASED Building, Room 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Abstract:

A noise map facilitates monitoring of environmental noise pollution in urban areas. It can raise citizen awareness of noise pollution levels, and aid in the development of mitigation strategies to cope with the adverse effects.

However, state-of-the-art techniques for rendering noise maps in urban areas are expensive and rarely updated (months or even years), as they rely on population and traffic models rather than on real data. Participatory urban sensing can be leveraged to create an open and in- expensive platform for rendering up-to-date noise maps.

In this paper, we present the design, implementation and performance evaluation of an end-to-end partici- patory urban noise mapping system called Ear-Phone. Ear-Phone, for the first time, leverages Compressive Sensing to address the fundamental problem of recover- ing the noise map from incomplete and random samples obtained by crowdsourcing data collection.

Ear-Phone, implemented on Nokia N95 and HP iPAQ mobile de- vices, also addresses the challenge of collecting accurate noise pollution readings at a mobile device. Extensive simulations and outdoor experiments demonstrate that Ear-Phone is a feasible platform to assess noise pollu- tion, incurring reasonable system resource consumption at mobile devices and providing high reconstruction ac- curacy of the noise map.

Bio:

Salil obtained a B.E. in Electrical Engineering from VJTI, Bombay, India in 1998. Subsequently he joined the Department of Electrical and Computer Engineering at Drexel University in Philadelphia, USA as a post-graduate student. Salil received his M.S. and Ph.D., both in Electrical Engineering in 2001 and 2003 respectively.

Salil's Ph.D. dissertation was in the area of fair, efficient, and low-latency scheduling in high-speed networks with a particular focus on achieving low implementation complexity for practical use in switches and routers. Since April 2004, Salil is with the School of Computer Science and Engineering at the University of New South Wales in Sydney, Australia.

Salil is a member of the Network Research Laboratory (NRL), a leading research group, consisting of 4 academic staff, 4 research fellows and over 15 Ph.D students. Salil's current research interests are in the areas of sensor networks, mobile networking, vehicular communication, wireless mesh networks and network security.
Dr. David Galindo

University of Luxembourg, Laboratory of Algorithms Cryptology and Security, Faculty of Science, Technology and Communication, Luxemburg, Luxemburg
"Towards Revocable Privacy: The Case of the Canvas Cutters"
June 10, 2010
Benoit Libert, Ph.D.

Université catholique de Lovain, Lovain, Belgium
"Concise Mercurial Vector Commitments and Independent Zero-Knowledge Sets with Short Proofs"
June 9, 2010, 4:00-5:30 p.m., CASED Building, Room 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Introduced by Micali, Rabin and Kilian, zero-knowledge sets (ZKS) allow a prover to commit to a secret set S so as to be able to prove statements such as "x belongs to S" or "x does not belong to S". Chase et al. showed that ZKS protocols are underlain by a cryptographic primitive termed mercurial commitment. A (trapdoor) mercurial commitment has two commitment procedures.

At committing time, the committer can choose not to commit to any specific message and rather generate a dummy value which it will be able to softly open to any message without being able to completely open it. Hard commitments, on the other hand, can be hardly or softly opened to only one specific message. At Eurocrypt 2008, Catalano, Fiore and Messina (CFM) introduced an extension called trapdoor q-mercurial commitment (qTMC), which allows committing to a vector of q messages at once. These qTMC schemes are interesting since their openings w.r.t. specific vector positions can be short (ideally, the opening length should not depend on q), which provides zero-knowledge sets with much shorter proofs when such a commitment is combined with a Merkle tree of arity q. The CFM construction notably features short proofs of non-membership as it makes use of a qTMC scheme with short soft openings. A problem left open is that hard openings still have size O(q), which prevents proofs of membership from being as compact as those of non-membership.

In this work, we describe a new qTMC scheme where hard and soft position-wise openings, both, have constant size. We then show how our scheme can be extended to provide independent zero-knowledge sets (i.e., ZKS schemes that prevent adversaries from correlating their set to the sets of honest provers, as defined by Gennaro and Micali).
Dr. Martin Steinebach

Fraunhofer SIT, Darmstadt
"Congress Zuse 2.0: Hessen – Standort der Ideen "
Forum VI: Vom Urknall zum Digitalen Wasserzeichen - IT-Exzellenz in Hessen

Vortrag: "Digitale Wasserzeichen zwischen Forschung und Anwendung"
May 26, 2010, 4:45-5:10 p.m., Kurhaus Wiesbaden

Laurent Imbert

Laboratoire d'Informatique, de Robotique et de Microélectronique de Montpellier (LIRMM), UM2/CNRS
"The Double-Base Number System"
April 8, 2010, 9:40-10:40 a.m.

In this talk, I present an exotic number system and some applications in computer arithmetic and cryptography. In the so-called double-base number system, one represents integers as a sum of mixed powers of two prime numbers p and q.

I focus on the particular case (p,q)=(2,3) which possesses several properties of interest and lead to several unsolved problems. In terms of applications, I present some results, in particular in the area of elliptic curve cryptography.

Arnaud Tisserand

Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Centre national de la recherche scientifique (CNRS)
"Secured Arithmetic Operators for Cryptography"
April 8, 2010, 9:00-10:00 a.m.

A cryptosystem can be considered in theory hard to break, but in practice the physical implementation of the algorithm may provide weaknesses.

For example a hardware implementation of a cryptosystem on a smart card or a FPGA, when the algorithm is executed,
can provide "side channel" information (power consumption traces, electromagnetic emissions...) which can help an attacker.

Arithmetic operators are key elements of a crypto-processor. A lot of additions, multiplications, divisions, inversions and exponentiations on very large numbers have to be computed. For instance, elliptic curve cryptography (ECC) requires 160-600 bits numbers on finite fields GF(2^m) or GF(p).

The design of efficient arithmetic operators requires very fast algorithms, clever representations of numbers and very careful implementations (FPGA, ASIC, smart cards). Speed, circuit area and power consumption are not the only parameters for the design of secured arithmetic operators, robustness against side channel and/or fault injection attacks is now another important parameter.

In this talk, we will first introduce the cryptographic context, side channels and fault injection attacks. Then we will present standard methods for the design arithmetic operators. In the last part, we will present solutions for the design of secured arithmetic operators against side channel and/or fault injection attacks.

Sonja Buchegger

KTH, Stockholm, Sweden
"Research Agenda of Privacy in Online Social Networks"
March 30, 2010, from 10:00 a.m., S2 | 02, Raum C110 (Piloty-Building)

Abstract

The information we reveal about ourselves online has changed both quanitatively (more volume) and qualitatively (increasingly personal) recently, especially over the last decade. In parallel, web services based on an advertising business model have gained market share and thus rendered information about users more valuable, resulting in an incentive for service providers to gather even more personal information.

In an effort to preserve user privacy while keeping useful features offered by online services, such as social networks, we proposed to go from centralized provider-based models toward a community-driven decentralized approach, based on peer-to-peer networks.

This talk will highlight some of the challenges of this shift, such as availability, confidentiality and other security issues, heterogeneity, incentives for cooperation, and search - in some instances exemplified by our project on peer-to-peer social networks, www.peerson.net.

Short bio:

Sonja Buchegger is an associate professor of Computer Science at KTH, Stockholm, Sweden. From 2007 to 2009 she was a senior research scientist at Deutsche Telekom Laboratories, Berlin, Germany. In 2005 and 2006, she was a post-doctoral scholar at the University of California at Berkeley, School of Information.

She received her Ph.D. in Communication Systems from EPFL, Lausanne, Switzerland, in 2004, a graduate degree in Computer Science in 1999, and undergraduate degrees in Computer Science in 1996 and in Business Administration in 1995 from the University of Klagenfurt, Austria.

In 2003 and 2004 she was a research and teaching assistant at EPFL and from 1999 to 2003 she worked at the IBM Zurich Research Laboratory in the Network Technologies Group.

Her current research interests are mobile ad-hoc and peer-to-peer networks economics and security.

Further Informationen

Prof. Francois-Xavier Standaert

Université catholique de Louvain UCL, Crypto Group
"Recent results about side-channel attacks and countermeasures"
March 25, 2010, 10:40-11:40 a.m.

Traditionally, cryptographic algorithms provide security against an adversary who has only black box access to cryptographic devices. That is, the only thing the adversary can do is to query the cryptographic algorithm on inputs of its choice and analyze the responses, which are always computed according to the correct original secret information. However, such a model does not always correspond
to the realities of physical implementations. During the last decade, significant attention has been paid to the physical security evaluation of cryptographic devices. In particular, it has been demonstrated that actual attackers may be much more powerful than what is captured by the black box model. For example, they can actually get a side-channel information, based on the device's physical computational steps. As a consequence, some kind of obfuscation is required to protect integrated circuits from these physical attacks. This is especially important for small embedded devices (e.g. smart card, RFIDs, sensor networks, ...) that can typically be under and adversary's control for a short period of time. This implies new theoretical concerns (how to exactly model and evaluate these physical threats) and practical ones (how to prevent them). In this talk, I will discuss different results in the area of side-channel attacks, with a particular focus on formal tools that can be used to evaluate physical security on a fair basis. Starting from an introductive view of the field, I will describe some well known attacks and countermeasures, present a framework for the analysis of side-channel key-recovery from Eurocrypt 2009 and finally discuss the connection of this framework with recent works in leakage-resilient cryptography.

Dr. Iwen Coisel

Université catholique de Louvain UCL, Crypto Group
"Server-Aided Cryptography for Anonymity"
March 18, 2010, 10:40-11:40 a.m.

Portable devices (mobile phones, smart cards, ...) are very useful to access services from anywhere. However, when authentication protocols require complex cryptography, implying costly mathematical operations, these devices may become inadequate because of their limited capabilities. This is in particular the case when the device must remain anonymous and unlinkable w.r.t. the service provider since it implies the use of complex cryptographic tools. In this presentation, I introduce the concept of server-aided cryptography for anonymity by adding a powerful intermediary which helps the restricted device in its cryptographic computations. I first give a general server-aided model in this setting, which model can be applied to several cryptographic tools: group, blind and ring signatures. I present the server-aided protocol for the zero-knowledge proof of knowledge of a generic discrete logarithms relations set. Then, I expose the best secure and efficient server-aided variants of several well-known constructions.

Dr. Thorsten Kleinjung

Ecole Polytechnique Federale de Lausanne
"Factoring a 768 bit RSA number"
March 4, 2010, from 11:40 a.m., S2 02 | C110 (Robert-Piloty-Gebäude, Hochschulstr. 10)

Abstract:

One way to break the RSA crypto system is to factor a large integer. In this talk an overview of the number field sieve, an algorithm for factoring integers, will be given. The complexity of this algorithm for numbers of cryptologically interesting size will be discussed and some aspects of the recent factorisation of a 768 bit RSA number will be described.
Prof. Jintai Ding

Department of Mathematical Sciences, University of Cincinnati
"Solving multivariate polynomial equations over finite fields"
March 4, 2010, from 10:00 a.m., S2 02 | C110 (Robert-Piloty-Gebäude, Hochschulstr. 10)

Solving multivariate polynomials over finite fields becomes increasingly important in many areas including cryptography.In this talk, we will present some of the new progresses in the area of polynomial solving in the last few years and some of the critical challenges in terms of its applications in cryptography
Further Informationen
Prof. Dr. Johannes Buchmann

CASED | TU Darmstadt
"SAP Worldtour CeBIT 2010"
March 3, 2010, 10:00-10:45 a.m., CeBIT 2010, Hall 20

Johannes Buchmann participates in the panel of the SAP Worldtour 2010-Keynote "Timeless software & Innovation made in Germany". Keynote Speaker is Prof. Dr. Lutz Heuser, Executive Vice President & Leiter der SAP Forschung. Further Informationen
Dr. Steffen Reidt

"The Fable of the Bees: Incentivizing Robust Revocation Decision Making
in Ad Hoc Networks"
February 19, 2010, from 3:30 p.m., CASED Building, Room 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

ABSTRACT
In this paper we present a new key-revocation scheme for ad hoc network environments with the following characteristics:
• Distributed: Our scheme does not require a permanently available central authority.
• Active: Our scheme incentivizes rational (selfish but honest) nodes to revoke malicious nodes.
• Robust: Our scheme is resilient against large numbers of colluding malicious nodes (30% of the network for a detection error rate of 15%).
• Detection error tolerant: Revocation decisions fundamentally rely on intrusion detection systems (IDS). Our scheme is active for any meaningful IDS (IDS error rate < 0.5) and robust for an IDS error rate of up to 29%.

Several schemes in the literature have two of the above four characteristics (characteristic four is typically not explored).
This work is the first to possess all four, making our revocation scheme well-suited for environments such as ad hoc networks, which are very dynamic, have significant bandwidth constraints, and where many nodes must operate under the continual threat of compromise.

Bio:
Steffen Reidt graduated in Mathematics with a major in Computer Science from the Technical University of Darmstadt in 2006. In his diploma thesis he started working in the field of security for ad hoc networks, which he continued during his Ph.D. studies at the Royal Holloway University of London.
During his time as a Ph.D. student he closely collaborated with the IBM Watson Research Center in NY. His most recent research focuses on incentive driven security protocols and provable security of distributed network protocols based on game theory. Recently in September 2009, he completed his Ph.D. studies.
Further Informationen
Dr. Christophe Chabot

Unité de Formation et de Recherche Mathématiques, Institute de Recherche Mathématiques de Rennes (IRMAR), Rennes, France
"Quasi-cyclic codes as codes over rings of matrices"
February 18, 2010
Dr. Matthieu Finiasz

ENSTA - École Nationale Supérieure de Techniques Avancées, Paris, France
"Bounds for the Design of Code-based Cryptosystems"
January 27, 2010
Dr. Aurélie Bauer

Département, Ècole normale supérieure, Paris
"Using Gröbner bases in Coppersmith's techniques for finding small roots on polynomial equations"
January 21, 2010, Darmstadt
Further Informationen
Dr. ir. Hugo Jonker
University of Luxembourg
"Measuring Voter-controlled Privacy"
December 17, 2009, 11:10-11:40 a.m.

Privacy is a necessary requirement for voting. Without privacy, voters
can be forced to vote in specific ways, and the forcing party can check
their compliance. But offering privacy does not suffice: if a voter can
reduce her privacy, an attacker can force her to do so.
We introduce the notion of choice groups as a measure of privacy. We
illustrate how this notion can be used to better understand privacy
concerns in proposed theoretical voting systems. In particular, we show
how this notion (and the underlying formalisation) enable a more
fine-grained approach to privacy than the binary "yes" or "no".
Dr. ir. Wolter Pieters

University of Twente, Enschede , Niederlande
"The Dutch e-voting controversy: a Frankenstein perspective"
December 17, 2009, 10:40-11:40 a.m.

The Dutch electronic voting controversy revealed several requirements of electronic voting that had not been laid down in the applicable legislation. In this presentation, we identify some of these requirements, including resistance against so-called TEMPEST attacks and verifiability of the results.

We show how these are related to requirements that WERE present in the law. Based on results in philosophy of technology, we argue that the missing requirements can be described as "monsters" within the categorisation of security properties.

We also show how these requirements could have been found by systematic reasoning starting from the existing requirements.
Prof. Simone Fischer-Hübner

Karlstad University, Sweden
"Usable Privacy-enhancing Identity Management"
December 14, 2009, from 11:15 a.m., CASED-Building, 5th Floor, Room 5.3.01, Mornewegstraße 32, 64293 Darmstadt

In our networked society, users have lost effective control over their personal spheres and privacy is increasingly at risk. Privacy-enhancing identity management systems, such as those developed within the PRIME and PrimeLife EU projects, allow users to act securely in the information society while keeping sovereignty over their personal spheres.

A critical success factor for Privacy-Enhancing Technologies (PETs), and for Privacy-Enhancing Identity Management in particular, will be user-friendly and intelligible user interfaces that are legally compliant and convey trust. Such user interfaces have to meet challenges such as the user-friendly representation of complex PET concepts (such as "pseudonyms", "unlinkabilty" or "anonymous credentials") that are unfamiliar to many users, the provision of security, the enforcement of legal privacy principles, such as informed consent or transparency, as well as the mediation of reliable trust to the end users.

This presentation will first discuss emerging privacy risks and will present basic concepts of the PRIME/PrimeLife architecture.

Finally, it will discuss challenges for usable privacy-enhancing identity management and will provide some HCI guidelines for addressing those challenges.

Simone Fischer-Hübner has been a Full Professor at Karlstad University since June 2000, where is the head of the Privacy & Security (PriSec) research group. She received a Diploma Degree in Computer Science with a minor in Law (1988), and a PhD (1992) and Habilitation (1999) Degrees in Computer Science from Hamburg University.
Her research interests include IT and network security and privacy-enhancing technologies. She was a research assistant and assistant professor at Hamburg University (1988-2000) and a Guest Professor at the Copenhagen Business School (1994-1995) and at Stockholm University/KTH (1998-1999).

She is the vice chair of IFIP WG 11.6 on "Identity Management", a member of the External Advisory Board of the IBM Privacy Institute, board member of the of IEEE-Sweden Section Computer/Software Engineering Chapter, member of the NordSec steering committee, coordinator of the Swedish IT Secure Network for PhD students.

She has been partner in many European research projects, including the ongoing EU Framework Programme 7 projects PrimeLife (Privacy and Identity Management for Life) and Newcom++.
Prof. Dr. Jan Jürjens

TU Dortmund | Fraunhofer ISST
"Model-based Development of Secure Software"
December 14, 2009, from 10:00 a.m.

The development of trustworthy security-critical software is a great challenge. There are still many examples in current industrial practice where security-critical software is developed and deployed that does not meet its security requirements.

To support the development of security-critical systems, we developed the extension UMLsec of the Unified Modeling Language (UML), which supports including security-relevant information into UML design models.

On the basis of this, we develop techniques and tools for the automated analysis of software artefacts for security requirements (such as confidentiality, integrity, authenticity). Artefacts include UMLsec models, annotated program source code, or run-time configuration data (such as user permissions). The verification techniques build on tools such as model checkers and automated theorem provers for first-order logic.

Our research has been validated in industrial application projects with partners such as Microsoft Research (Cambridge), BMW, O2 (Germany), HypoVereinsbank, T-Systems, Münchener Rückversicherung and others.
Prof. Patrick Lam, Ph. D.

Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Ontario
"Implementation and Use of Data Structures in Java Programs"
December 8, 2009, Darmstadt
Further Informationen
Dr. Torsten Schütze

Robert Bosch GmbH, Corp. Sector Research and Advanced Engineering Software (CR/AEA)
"Some thoughts about numerical stable and efficient computations occurring in Template Attacks and Principal Subspace-based Template Attacks"
December 2, 2009, 2:00-3:30 p.m., CASED Building, 4th Floor Room 4.3.01, Mornewegstrasse 32, Darmstadt

ABSTRACT: Side Channel Attacks are one of the most efficient threats against implementations of cryptographic algorithms on smart cards, security hardware, and embedded systems. Since their introduction at Crypto 1998 they have attracted lots of attention throughout engineers and cryptographers. Template Attacks (TA) were introduced by Chari, Rao, and Rohatgi [CRR02] at CHES 2002 as an optimal side channel attack in an information theoretic sense. Later, at CHES 2006 these attacks were further improved by Archambeau, Peeters, Standaert, and Quisquater [APSQ06] with the so-called Principal Subspace-based Template Attacks (PSTA). In PSTA, the data set -- power traces living in a multidimensional space -- is first transformed by linear transformations, in fact orthogonal transformations, so that the first axis (the principal axis) has the largest variance, the second axis has the second largest variance, etc. In [APSQ06], the authors report on possible practical problems with PSTA and propose a solution (trace principal subspaces) based on the eigendecomposition of the empirical covariance matrix. While performing experiments with Template Attacks and Principal Subspace-based Template Attacks we experienced the same kind of practical problems. In more detail, we experienced non-traceability of repeated experiments, numerical instability and large rounding errors leading to bad recognition rates. In trying to dig into these practical problems, we analyzed some of the numerical operations used in our experiments. This talk is the result of our investigation. From the standpoint of numerical analysis, more specifically from that from numerical linear algebra, we analyze the operations when implementing TA and PSTA. Special emphasis is given on the numerical effort required as well as the numerical stability and rounding error behavior in typical implementations. So we approach the problem of Template Attacks using Principal Components Analysis from the side of numerical linear algebra. Our main tools are orthogonal transformations (Householder transformations), LR- and LL^T-matrix decompositions, eigenvalue and singular value decompositions. In the end, we achieved a better understanding of the mathematical processes, a more stable side channel experiment, and another approach to PSTA using Singular Value Decomposition (SVD) of the trace matrix. In this talk, we look at the successful PSTA attacks by engineers from a mathematical point of view. In doing so, we try to achieve a better ,,Verbindung ingenieurmäßiger Ansätze bei Seitenkanalangriffen mit mathematischen Methoden und Einbettung in eine mathematische Theorie'' [Arbeitsprogramm IT-Sicherheitsforschung des BMBF und BMI, 2009, S. 13].
Technische Universität Darmstadt

"Q&A: New Master Courses in Summer 2010 "
December 2, 2009, 9:50-11:30 a.m., TU Darmstadt, Piloty-Building S2 02| Raum C120
Andrea Röck, Ph.D.

Helsinki University of Technology, Department of Information and Computer Science
"Cryptanalysis of the ESSENCE hash function"
November 26, 2009
Céline Blondeau

INRIA Paris Rocquencourt, Le Chesnay Cedex France
"On the Data Complexity of Statistical Attacks against Block Ciphers"
October 29, 2009
Dr. Katerina Mitrokotsa

Delft University of Technology, Delft, The Netherlands
"Intrusion Detection in Ubiquitous Computing Technologies"
October 16, 2009
Prof. Dr. Werner Schindler

CASED, Darmstadt | Federal Office for Information Security, Bonn
"Constructive Sidechannel Analysis and Secure Design"
October 14, 2009
Julia Lawall

University of Copenhagen
"A Foundation for Flow-Based Program Matching Using Temporal Logic and Model Checking"
September 17, 2009
Gilles Muller

INRIA Paris Rocquencourt
"Coccinelle: A Program Matching and Transformation Tool for Systems Code"
September 17, 2009
Jens Hermans

Katholieke Universiteit Leuven, Leuven, Belgium
"NTRU on graphics cards"
July 30, 2009
Prof. Olivier Pereira

Université catholique de Louvain, UCL Crypto Group,Louvain-la-Neuve, Belgien
"Electing a University President using Open-Audit Voting: Analysis of real-world use of Helios"
June 18, 2009
Prof. Klara Nahrstedt, Ph. D.

University of Illinois at Urbana-Champaign, Champaign and Urbana, Illinois, USA
"Integrity and Privacy Issues in Advanced Wireless Metering Infrastructure"
June 16, 2009
Vadim Lyubashevsky, Ph. D.

Tel Aviv University, Tel Aviv, Israel
"On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem"
June 10, 2009
Dana Lodrova

Brno University of Technology, Brno, Czech Republic
"Semantic Conformance Testing for Finger Minutiae Data"
May 27, 2009
Prof. Tobias Nipkow

Technische University Munich, Munich, Germany
"Verifying a Hotel Key Card System"
May 20, 2009
Jonathan Herbach

Adobe Systems - Product Manager (World)
"Enterprise Rights Management Technology"
May 18, 2009
Dr. Ulrich Flegel

SAP Research Center CEC Karlsruhe
"Compliance - Ein Widerspruch in sich?"
May 15, 2009
Stefano Tessaro

ETH Zurich, Zurich, Switzerland
"Computational Indistinguishability Amplification?"
April 23, 2009
Prof. Dr. Felix Freiling

University of Mannheim, Germany
"IT Forensic – an overview"
January 19, 2009

Kontakt

CASED is funded by

Distinguished Lectures

Talks