CASED wird gefördert durch

Distinguished Lectures

Prof. Úlfar Erlingsson, PhD

Google Research, USA
"Cloud Computing and Software Security"
2. Februar 2012, 16:15-17:45 Uhr, TU Darmstadt | Gebäude S2/02 Raum C110

Abstract: Software-as-a-service can provide great benefits, such as ubiquitous, reliable access to data, but cloud computing also raises new challenges and opportunities for computer security. Large-scale Web services must address both traditional security concerns, such as user authentication and key management, as well as newer issues like those raised by the need to maintain users' privacy.

At the same time, cloud computing has innate security advantages, such as its use of easily updated and malleable software, which enables instrumentation ranging from individual specialization to large-scale execution summarization. This talk will briefly outline some of these issues and potential research topics in cloud security, with examples from Google's past and current technology efforts used to give context.

Bio:

Úlfar Erlingsson leads efforts in security research at Google. Previously, he has been a researcher at Microsoft Research, an Associate Professor at Reykjavik University, Iceland, and led security technology at two startups: GreenBorder and deCODE Genetics. He holds a PhD in CS from Cornell University. Weitere Informationen
Prof. Dr. Ueli Maurer

ETH Zürich, Schweiz
"Constructive Cryptography -- A New Paradigm for Security"
12. Januar 2012, 16:15-17:45 Uhr, TU Darmstadt | Piloty- Gebäude S2/02, Raum C110

Abstract: Constructive cryptography is a new paradigm for defining the security of cryptographic schemes such as symmetric and public-key encryption, key-agreement protocols, and digital signature schemes, and for designing and proving the security of protocols making use of such schemes.

Such a cryptographic scheme can be seen (and defined) as constructing a certain resource (e.g. a channel or key) with certain security properties from another (weaker) such resource. For example, a secure encryption scheme constructs a secure channel from an authenticated channel and a secret key.

In this talk we give an introduction to constructive cryptography suitable for non-specialist audience and compare it with traditional approaches to cryptography. Weitere Informationen
Prof. John Daugman, PhD

Universität Cambridge, UK
"Recognising persons by their iris patterns"
8. Dezember 2011, 16:15-17:45 Uhr, TU Darmstadt | Piloty- Gebäude S2/02, Raum C110

Abstract: Iris recognition is a biometric technology for identifying persons reliably by wavelet-encoding and analysis of the random patterns that are visible within the iris of an eye from some distance. Because the iris is a protected internal organ whose random texture is epigenetic and stable over life, it serves as a unique (but exposed) living key, whose entropy in different databases is always close to 250 bits. Recognition decisions are made with confidence levels high enough to support extremely rapid exhaustive searches through national-sized databases.

Today there are many public deployments of this technology around the world, mainly at border-crossings in lieu of passports, or in watch-lists, or entry control. Independent government tests (e.g. by NIST) confirm extreme resistance to False Matches, and search speeds in the millions per second per CPU. Weaknesses include difficult image capture and the possibility of spoofing. The principle that underlies the recognition algorithms is the failure of an efficient test of statistical independence having many degrees of freedom, based on phase sequencing each iris pattern with quadrature 2D Gabor wavelets.

Different eyes (including those of twins, or the right and left of one person) always pass this test of statistical independence, while images from the same iris almost always fail this test of independence, thereby signifying identity. A typical "IrisCode" template contains 1024 bytes, but even raw iris images are highly compressible for this purpose, to as little as 2000 to 4000 bytes without degrading recognition accuracy. This near convergence between data length (compressed image size) and description length (the biometric template) is reminiscent of Kolmogorov's concept of minimal description length, and has enabled the international Standardisation of image-based iris data formats that are non-proprietary, very portable and lightweight. Data used in this talk comes mainly from 200 billion iris cross-comparisons between different eyes, from a database consisting of 632,500 iris images acquired in the United Arab Emirates in a networked national border-crossing security programme that every day performs about 12 billion iris comparisons using these algorithms.

Several other countries have now launched national biometric ID programmes, such as the Indian UIDAI which plans to enroll the irises of all 1.3 billion citizens of India to secure wefare benefits cards. Current research efforts with this technology in many laboratories seek (1) to make it more tolerant of difficult conditions of image capture, such as "iris on the move" and at a distance; and (2) anti-spoofing countermeasures. Weitere Informationen
Cédric Fournet, PhD

Microsoft Research, UK
"Modular Code-Based Cryptographic Verification"
24. November 2011, 16:15-17:45 Uhr, TU Darmstadt | Piloty- Gebäude S2/02, Raum C110

Joint work with Markulf Kohlweiss and Pierre-Yves Strub Type systems are effective tools for verifying the security of cryptographic programs. They provide automation, modularity and scalability, and have been applied to large security protocols. However, they traditionally rely on abstract assumptions on the underlying cryptographic primitives, expressed in symbolic models.

Cryptographers usually reason on security assumptions using lower level, computational models that precisely account for the complexity and success probability of attacks. These models are more realistic, but they are harder to formalize and automate. We present the first modular automated program verification method based on standard cryptographic assumptions.

We show how to verify ideal functionalities and protocols written in ML by typing them against new cryptographic interfaces using F7, a refinement type checker coupled with an SMT-solver. We develop a probabilistic core calculus for F7 and formalize its type safety in Coq. We build typed module and interfaces for MACs, signatures, and encryptions, and establish their authenticity and secrecy properties.

We relate their ideal functionalities and concrete implementations, using game-based program transformations behind typed interfaces. We illustrate our method on a series of protocol implementations. Weitere Informationen
Prof. Michael Reiter, Ph.D.

Department of Computer Science, University of North Carolina at Chapel Hill, USA
"Defending against Client Compromises in Client-Server Applications"
30. Juni 2011, 16:15-17:45 Uhr, TU Darmstadt | Piloty- Gebäude S2/02, Raum C110

We present new methods for defending against client compromises in two client-server application scenarios. First, we consider online games, in which a client "compromise" reflects the unauthorized manipulation of the game client by the user himself, in order to cheat in the game.

To address this threat, we develop a new cheat-detection method with which the server can validate that the messages received from the game client are consistent with the sanctioned client software.

Second, we consider a user entering private information to a trusted web server, via a client computer that might be compromised by malware. To address this threat, we leverage trusted computing technology in a novel way to ferry the user's private inputs to the remote server while ensuring that malware cannot capture it.

Weitere Informationen
Prof. Elisa Bertino, Ph.D.

CERIAS and Department of Computer Science Purdue University, West Lafayette, Indiana, USA
"Protecting Information Systems from Insider Threats - Concepts and Issues"
16. Juni 2011, 16:15-17:45 Uhr, TU Darmstadt | Gebäude S2/02 Raum C110

Past research on information security has focused on protecting valuable resources from attacks by outsiders. However, statistics show that a large amount of security and privacy breaches are due to insider attacks. Protection from insider threats is challenging because insiders may have access to many sensitive resources and high-privileged system accounts.

Suitable approaches need to combine several security techniques, like fine-grained access control, stronger authentication protocols, integrated digital identity management, intrusion detection, with techniques from areas like information integration, machine learning, and risk assessment. In this talk, after an introduction to the problem of insider threats, we will present recent work addressing the problem of anomaly detection and response policies for database management systems and then discuss open research issues. Weitere Informationen
Prof. Dr. Rainer Blatt

Institut für Experimentalphysik, Universität Innsbruck, Innsbruck, Österreich
"The Quantum Way of Doing Computations"
19. Mai 2011, 16:15-17:45 Uhr, TU Darmstadt | Piloty- Gebäude S2/02, Raum C110
Weitere Informationen
Prof. David Naccache, Ph.D.

École normale superiéure, Department of Computer Science, Paris, Frankreich
"On Secret Leakage and Polymorphic Code Design"
27. Januar 2011

In addition to its usual complexity assumptions, cryptography silently assumes that information can be physically protected in a single location.

As one can easily imagine, real-life devices are not ideal and information may leak through different physical channels. The topic has attracted considerable attention during the last decade.

In this work we explore the use of polymorphic code as a way of resisting side channel attacks.

The talk will report implementation results. Weitere Informationen
Prof. Vitaly Shmatikov, Ph.D. (Stanford)

The University of Texas at Austin, Austin, Texas, U.S.A.
"The End of Anonymity, The Beginning of Privacy"
13. Januar 2011, TU Darmstadt | Gebäude S2/02 Raum C110

Abstract:

The Internet economy relies on the collection and aggregation of personal data on an ever-increasing scale. Information about our tastes, purchases, searches, browsing history, social relationships, health history, genetics, and so forth is shared with advertisers, marketers, and researchers, who use it to predict individual behavior and provide personalized product offerings, recommendations, and even clinical treatments.

I will survey privacy issues caused by massive aggregation of personal information. After demonstrating that the existing methods for "anonymizing" the data fail to provide meaningful privacy protection, I will describe new approaches to privacy-preserving computation.

This includes Airavat, a new system for large-scale data analysis which integrates mandatory access control and differential privacy.

Bio:

Vitaly Shmatikov is an associate professor at the University of Texas at Austin. His research focuses on security, privacy, and formal verification methods for secure systems and protocols. Vitaly was the recipient of the 2008 PET Award for Outstanding Research in Privacy Enhancing Technologies. Weitere Informationen
Prof. Dr. Audun Jøsang

UNIK University Graduate Center, University of Oslo, Oslo, Norwegen
"User-Centric Identity Management"
4. November 2010, 16:15-17:45 Uhr, TU Darmstadt | Piloty- Gebäude S2/02, Raum C110

Abstract:

The term “user-Centric identity management” is commonly used for any identity management solution that can improve the user experience compared to e.g. the traditional silo identity model.

Identity federation can be described as user-centric in this sense because it can support SSO (single-sign-on), but identity federation can also be described as cloud identity management because the technology that supports identity federation is actually located on the network side.

Another interpretation of user-centric identity management is when the technology for user-side identity management is local on the user side. Interestingly such models provide new possibilities for improved usability, strengthened security and privacy protection.

This talk gives an overview of identity management models and provides an analysis of their strengths and vulnerabilities. Of particular interest are local user-centric models which have received relatively little attention from the industry and research community. Weitere Informationen
Prof. Dr. Jean-Pierre Hubaux

Computer Communications and Applications Laboratory 1, Ecole Polytechnique Federale de Lausanne, Lausanne, Schweiz
"Location Privacy and Neighbor Discovery - Attacks, Countermeasures and Game-Theoretic Modeling"
1. Juli 2010, TU Darmstadt | Piloty- Gebäude S2/02, Raum C110

After a brief overview of the security and privacy challenges raised by wireless networks, we will introduce a few fundamental notions of game theory. We will provide an overview of the way these notions have been used by several research groups to model rational behavior in security-related settings.

We will then present in detail two examples we recently addressed, one related to revocation in ephemeral (e.g., vehicular) networks and the other to pseudonym change in mix zones. Finally, we will present some of our recent results on secure neighbor discovery and distance bounding.

Note: some background information can be found in a recent book by L. Buttyan and JP Hubaux: "Security and Cooperation in Wireless Networks", Cambridge University Press, 2008. The pdf of the book is available at http://secowinet.epfl.ch

Kurzbiografie

Jean-Pierre Hubaux joined the faculty of EPFL in 1990. His research activity is focused on wireless networks, with a special interest in security and cooperation issues. In 1991, he designed the first curriculum in Communication Systems at EPFL. He was promoted to full professor in 1996. In 1999, he defined some of the main ideas of the National Competence Center in Research named "Mobile Information and Communication Systems" (NCCR/MICS); this center (still very active) was initially nicknamed "the Terminodes Project".

In this framework, he has notably defined, in close collaboration with his students, novel schemes for the security and cooperation in wireless networks; in particular, he has devised new techniques for key management, secure positioning, and incentives for cooperation in such networks. In 2003, he identified the security of vehicular networks as one of the main research challenges for real-world mobile ad hoc networks. Some of his current research activities revolve around privacy issues in mobile networks and are partially funded by Nokia.

He is co-founder and chairman of the steering committee of WiSec (the ACM Conference for Wireless Network Security). He has served on the program committees of numerous conferences and workshops, including SIGCOMM, INFOCOM, MobiCom, MobiHoc, SenSys, WiSe, and VANET. He is one of the seven commissioners of the Federal Communications Commission (ComCom), the "Swiss FCC". He held visiting positions at the IBM T.J. Watson Research Center and at UC Berkeley. He has been on the advisory board of Deutsche Telekom Laboratories (T-Labs) since their creation in 2004. He is an IEEE Fellow. Weitere Informationen
Prof. Joshua Guttman, Ph.D.

Worcester Polytechnic Institute, Worcester, Massachusetts, USA
"Designing Correct Cryptoprotocols"
17. Juni 2010, 16:45-17:15 Uhr, TU Darmstadt | Piloty- Gebäude S2/02, Raum C110

Cryptographic protocols are a central technique for coordinating
different principals in distributed systems that may contain malicious participants. In addition to basic uses such as key agreement, they may also be used to implement application specific secure transactions.

We will present a sequence of example protocols, showing how more complex protocols may be built out of simpler units. An analysis method, called the strand space theory, offers proofs that protocols meet their security goals. Strand spaces have now been implemented in a software tool called a Cryptographic Protocol Shapes Analyzer (CPSA). CPSA also provides counterexamples when a protocol does not meet its security goals.

The strand space proofs are highly informative. In particular, they suggest protocol transformations -- in which more complex protocols are constructed from simpler ones -- that are guaranteed to preserve the security goals of the parts. Weitere Informationen
Prof. Dr. Gerd Leuchs

Institut für Optik, Information und Photonik Universität Erlangen-Nürnberg, Erlangen, Deutschland
"Information is Physical"
20. Mai 2010
Weitere Informationen
Prof. Anja Feldmann, Ph.D. (CMU)

Deutsche Telekom Laboratories, Technische Universität Berlin, Berlin, Germany, An-Institut Deutsche
"Characteristics of Residential Broadband Internet Traffic"
17. Dezember 2009, 16:45-17:15 Uhr

Abstract: While residential broadband Internet access is popular in many parts of the world, only a few studies have examined the characteristics of such traffic. In this paper we describe observations from monitoring the network activity of residential DSL customers. Note, that understanding Internet usage is the first step towards separating abuse from benign usage. Our analysis reveals a number of surprises in terms of the mental models we developed from the measurement literature. For example, we find that HTTP---not peer-to-peer---traffic dominates by a significant margin; that more often than not the home user's immediate ISP connectivity contributes more to the round-trip times the user experiences than the WAN portion of the path; and that the DSL lines are frequently not the bottleneck in bulk-transfer performance. Moreover, we examine usage of Online Social Networks. While Online Social Networks (OSNs) have already attracted more than half a billion users our understanding of which OSN features attract and keep the attention of users is poor. we study how users actually interact with OSNs by extracting clickstreams from passively monitored network traffic. Our characterization of user interactions within the OSN for four different OSNs (Facebook, LinkedIn, Hi5, and StudiVZ) focuses on feature popularity, session characteristics, and the dynamics within OSN sessions. Bio: Anja Feldmann is a full professor at Deutsche Telekom Laboratories a unit of Deutsche Telekom and an An-Institut of the Technische Universitaet Berlin, Germany. From 2000 to 2006 she headed the network architectures group first at Saarland University and then at TU Muenchen. Before that (1995 to 1999) she was a member of the Networking and Distributed Systems Center at AT&TLabs -- Research in Florham Park, New Jersey. She has published more than 50 papers and has served on more than 40 program committees, including as Co-Chair of Sigcomm 2003 and as Co-PC-Chair of IMC'09 and Sigcomm 2006. She is a member of the scientific boards of Inria and the Swiss center on mobile information and communication systems and a member of the technical advisory board of Endace. She received a M.S. degree in Computer Science from the University of Paderborn, Paderborn, Germany, in 1990 and M.S. and Ph.D. degrees in Computer Science from Carnegie Mellon University in Pittsburgh, USA, in 1991 and 1995, respectively. Weitere Informationen
Prof. Dr. Ronald Cramer

Professor, Mathematical Institute, Leiden University, Leiden, Netherlands, Head of the Cryptology and Information Security Research Group, CWI, Amsterdam, Netherlands
"On a Class of Special Codes Arising in Secure Multi-Party Computation and its Relation to Towers of Algebraic Function Fields""
10. Dezember 2009, 16:45-17:15 Uhr

Abstract:

Since the early 1980s towers of algebraic functions fields have played a major role in the theory of error correcting codes. Recently, it has been discovered that towers also have an important bearing on secure multi-party computation. In this talk I will elaborate on this connection.
Weitere Informationen
Prof. Andrew C. Myers, Ph.D. (MIT)

Cornell University, Ithaca, New York, USA, Department of Computer Science
"A higher-level abstraction for building decentralized distributed systems"
29. Oktober 2009
Weitere Informationen
Prof. Somesh Jha, Ph. D.

University of Wisconsin, Madison, Wisconsin,USA
"Retrofitting Legacy Code for Security"
2. Juli 2009
Weitere Informationen
Prof. Dr. Renato Renner

"Security against Quantum Mechanical Adversaries"
4. Juni 2009
Weitere Informationen
Prof. Dr. Bart Preneel

Katholieke Universiteit Leuven, Leuven, Belgium
"Cryptographic Hash Functions Revisited: The NIST SHA-3 Competition"
14. Mai 2009
Weitere Informationen

Vorträge

Alban Hessler

AGT Group (R&D)
"EC SPRIDE-Industriekolloquium: Introducing AGT R&D Center "
AGT International weltweit eine der am schnellsten wachsenden Organisationen für Sicherheit und Public safety. Anfang 2011 gründete AGT sein erstes Zentrum für Forschung und Entwicklung in Darmstadt. Ziel ist die Entwicklung, innovativer Lösungen im Bereich Urban Management.
26. Januar 2012, ab 15:00 Uhr, CASED-Gebäude S4|14, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Abstract

With about 100 employees, AGT R&D is already one of the major research centers on information technology in the Rhine-Main area. AGT is a premium partner of CASED, and we believe it is important that researchers on both sides know each other well in order to foster successful collaboration.

The on-going advances in mobile connectivity and micro-mechanics allow new ubiquitous computing solutions for smarter cities. In this context, AGT is developing novel Urban Management solutions such as participatory sensing applications which aim to shape tomorrow’s cities. Beside those applications, we present in this non-technical talk the AGT R&D center, strategy, and research areas

Short CV

Alban Hessler is senior researcher at AGT Group (R&D) in IT-Security in the recently established R&D center of Darmstadt. Prior to AGT, he held a researcher position at NEC Laboratories Europe in Heidelberg, where his work focused on security solutions for distributed wireless systems. He participated in several European projects such as UbiSec&Sens, SENSEI, and WSAN4CIP. He holds a MSc in Communications Systems from the Swiss Federal Institute of Technology of Lausanne (EPFL).
Prof. Dr. Marc Langheinrich

Universiät der italienischen Schweiz (USI) , Lugano, Switzerland
"Privacy & Trust Challenges in Pervasive Public Display Networks"
16. Dezember 2011, ab 10:00 Uhr, CASED-Gebäude S4|14, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Abstract

As part of the 30-month FET-Open Project "Towards Future Pervasive Display Networks" (PD-NET), we are exploring the scientific challenges of building large scale networks of pervasive public displays and associated sensors. This display network will be designed and implemented to be open to applications and content from many sources and thus provide the foundation for work on a new global communications medium for information access and interaction.

Ultimately, we aim to lay the scientific foundations for a new form of communications medium with the same potential impact on society as radio, television and the Internet. In this talk, I will briefly summarize the project goals and activities and present our initial stakeholder investigations. I will also outline the main privacy and trust issues and describe early architectural sketches.

Kurzbiografie

Marc Langheinrich is assistant professor for Computer Science at the University of Lugano (USI) in Switzerland, where he heads the Research Group for Ubiquitous Computing since September 2008. Marc received his PhD (Dr. sc.) on the topic "Privacy in Ubiquitous Computing" from the ETH Zurich, Switzerland, in 2005.

Marc is one of the authors of P3P, a W3C-standard for privacy on the Web, and has published extensively on privacy aspects of ubiquitous and pervasive computing systems (3000+ citations in Google Scholar).

Marc is a member of the EU-funded SAPIENT project ("Supporting fundamentAl rights, PrIvacy and Ethics in surveillaNce Technologies"), which aims to specify how and when smart surveillance should be used (or not), and of the FET-Open project PD-Net ("Towards Future Pervasive Display Networks"), which attempts to lay the scientific foundations for a new form of communications medium based on open networked displays. Weitere Informationen
Yvonne Thomas

Hasso-Plattner-Institute, Potsdam
"A logic-based Framework to enable Attribute Assurance for Digital Identities in Service-oriented Architectures and the Web"
15. Dezember 2011, ab 13:30 Uhr, CASED-Gebäude S4|14, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Abstract

The open and decentralized nature of Service-oriented Architectures demands for new security concepts that take these characteristics into account. In the field of identity management, open identity management models have been designed to allow the controlled sharing of identity information across multiple security domains. Designated identity services, so called identity providers are at the heart of these new models and issue identity assertions on behalf of users.

A necessity to share identity information across security domains is the willingness of involved parties to trust on information that is received from a foreign domain. To raise this trust, relying parties require to know something about the origin and management of asserted identity statements.

Using existing identity assurance frameworks, identity providers are rated by a single level of trust that is derived from pre-defined assessment criteria.

The approach presented in this talk, exceeds the possibilities provided by state-of-the-art assurance frameworks by introducing a more fine-layered view on identity assurance. In the presented trust model, two main trust aspects are considered: (a) trust in an identity provider as the issuer of assertions and (b) trust in single attributes that an identity provider manages. The presented approach is implemented in a logic-based framework that allows a flexible configuration of trust criteria as well as an automated reasoning over collected trust knowledge. This way, trust requirements of service providers can be matched easily with existing organizational and technical trust conditions of identity providers.

Several use cases have been implemented in which the proposed approach and corresponding library are used, among them an online system which allows institute members to use their digital identity with various web and web-service based applications within and outside the Hasso-Plattner-Institute, the HPI Identity Provider.

Short CV

Ivonne Thomas is a PhD student in the Research School on "Service-oriented Systems Engineering” at the Hasso-Plattner-Institute. She started her PhD in 2007 directly after finishing her studies on software systems engineering. During her studies, Ivonne Thomas did internships with SAP Research in Brisbane, Australia as well as in the Security and Trust Group of SAP Research in Sophia Antipolis, France. In her work, she is addressing the area of identity and trust management with a particular focus on web services technologies.

Ivonne Thomas is one of the faces behind the latest SOA Security Kompendium published by the Bundesamt für IT Sicherheit (BSI) and since this year the head of the working group for Cloud Computing standardization in the scope of the Trusted Cloud technology program of the Bundesministerium für Wirtschaft und Technologie (BMWi). Weitere Informationen
Prof. Keiichi Sato

Institute of Design at IIT, Chicago, Illinois, USA
"Human-Centered System Architecture"
14. Dezember 2011, ab 13:00 Uhr, CASED-Gebäude S4|14, Raum 3.2.01, Mornewegstrasse 30, 64293 Darmstadt
Weitere Informationen
Dr. Marcel Karnstedt

National University of Ireland, Galway, Ireland
"The Intelligence of Social Connections "
…and why this is relevant for P2P
14. Dezember 2011, 10:00-11:30 Uhr, TU Darmstadt | Piloty- Gebäude S2/02, Raum C110

Abstract:

The overall functionality of P2P systems is based on and driven by the individual participants, their behaviour and their interactions -- in a similar manner as user behaviour and user-generated content underpin core commercial services and public goods in online communities. Such online communities generate major economic and public value. They can exceed millions of users and infrastructures must support hundreds of millions discussion threads that link together billions of posts.

Existing solutions to analyse the intelligence of the underlying social connections fail to meet current challenges of scale as well as to understand and manage complex user behaviours and ecosystems in online business and public communities.

In this talk, we review our work on creating models and methods for describing, understanding and managing the users, groups, behaviours and needs of online communities. We describe how structural network analysis, behaviour modelling, and content mining have to be applied and combined to achieve these objectives. Further, we highlight the generality of these analytical tasks and their relevance for understanding and engineering network infrastructures and applications.

Short-Bio:

Dr. Karnstedt received his PhD, which dealt with query processing in a DHT-Based universal storage, at TU Ilmenau in 2009. He subsequently has been affiliated with the Digital Enterprise Research Institute (DERI), National University of Ireland, Galway (NUIG). He is member of the Unit for Information Mining and Retrieval (UIMR) and started as a Postdoctoral Researcher in the CLIQUE project on analyzing and visualizing large graphs and networks, specifically social networks and biological networks.

Since December 2009 he also holds an adjunct lectureship at NUIG. Starting with November 2010, he has been employed as a Senior Postdoc and is currently responsible for DERI's part of the ROBUST project, an EU-funded international project focusing on risks and opportunities in huge-scale business communities. Further, he contributes to the tasks of query processing and sensor mining in the SPITFIRE project, which aims at combining the "Internet of Things" with the "Web of Things". Weitere Informationen
Stefan Georg Weber

TU Darmstadt/CASED
"Multilaterally Secure Pervasive Cooperation"
1. Dezember 2011, ab 16:45 Uhr, CASED-Gebäude S4|14, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt
Michael Schneider

TU Darmstadt
"Computing Shortest Lattice Vectors on Special Hardware"
Mündliche Doktorprüfung
11. November 2011, 13:30-16:00 Uhr, TU Darmstadt | Piloty- Gebäude S2/02, Raum C110
Kevin Falzon

University of Malta
"EC SPRIDE-Colloquium: Combining Runtime Verification and Testing Techniques"
11. November 2011, ab 10:00 Uhr, CASED-Gebäude S4|14, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Testing is a vital tool typically forming part of a system's verification strategy, yet creating and verifying individual test cases takes time, and ad- hoc testing is seldom comprehensive.

Model-based testing may be used to automatically generate or verify large volumes of test cases from a compact description of the system's expected behaviour. For example, QuickCheck Finite State Automata can be used to automatically generate sequences of function calls, and by observing their induced behaviour, it can determine their correctness.

Automation may allow for more tests to be carried out, yet exhaustive testing often presents an intractable problem.Runtime verification may make up for some of the shortcomings of testing by delaying verification until deployment. Contrary to testing, runtime monitors observe a system while it executes and detect violations at runtime, foregoing the need to generate input traces.

Each technique has its own advantages, and using both methods would be ideal, as runtime verification could uncover faults which escaped detection during the testing phase. Unfortunately, developing suitable models and properties for each technique takes time and requires significant expertise. In addition, manually creating distinct inputs for both techniques separately may result in inconsistent verification.

This talk will investigate the automatic translation of QuickCheck Finite State Automata into Dynamic Automata with Timers and Events (an automaton logic designed for runtime monitoring), enabling properties developed for the former technique to be automatically reused as inputs for the latter.

Contact: Karina Köhres, phone 75420, karina.koehresec-spride.de
Prof. Wenyuan Xu

Department of Computer Science and Engineering, University of South Carolina
"Can You Trust Your Cars?"
8. November 2011, ab 11:00 Uhr, CASED, Mornewegstraße 32, 64293 Darmstad, Raum 5.3.01

Wireless systems are being integrated into modern automobile. However, the security and privacy implication of those systems are not well understood as many of their communication protocols are proprietary. In this talk, we present a case study analyzing the first mandated in-car sensor networks, the tire pressure monitoring system (TPMS), using GNU Radio in conjunction with the Universal Software Radio Peripheral (USRP), a low-cost out-of-shelf software radio platform. We evaluated the security and privacy risks associated with TPMS using both laboratory experiments with isolated tire pressure sensor modules and experiments with a complete vehicle system. We show that eavesdropping is easily possible at a distance of roughly 40m from a passing vehicle using cheap antennas. Further, reverse-engineering of the underlying protocols revealed static 32 bit identifiers and that messages can be easily triggered remotely, which raises privacy concerns as vehicles can be tracked through these identifiers. Current protocols do not employ authentication and vehicle implementations do not perform basic input validation, thereby allowing for remote spoofing of sensor messages. We validated this experimentally by triggering tire pressure warning messages in a moving vehicle from our software radio attack platform located in a nearby vehicle. Finally, the talk concludes with a set of recommendations for improving the privacy and security of tire pressure monitoring systems and other forthcoming consumer wireless networks. Weitere Informationen
Dipl.-Inf. Mathias Fischer

TU Ilmenau
"Construction of Attack-Resilient and Efficient Overlay-Topologies for Large-Scale IPTV Infrastructures"
31. Oktober 2011, 14:30-15:30 Uhr, TU Darmstadt | Piloty- Gebäude S2/02, Raum A 213

As a consequence of network convergence and the aim to realize all services based on one unified IP-based technology, IPTV becomes more and more popular. In order to overcome the problems of an efficient distribution of IPTV content, Application Layer Multicast (ALM) emerged as a promising solution.

However, the dependency on potentially malicious or at least easily-attackable end-systems, renders ALM vulnerable against attacks. Moreover, attacks on underlay components can induce severe damage in the ALM overlay, since failures in the underlay may disrupt several overlay paths at once.

Such attacks include resource destruction attacks on routers and links, selective forwarding by compromised routers or due to ISP-assisted censorship from governmental authorities. In this talk, an approach will be presented that establishes IPTV overlays that are likewise resilient against attacks on end-hosts and on underlay components. Therefore, the existing concept of maximum resilient ALM single-stream topologies is transferred to an IPTV scenario. Furthermore, a construction mechanism is given that balances between the optimization goals of resilience against attacks on end-hosts and attacks on the underlay.

Simulations results indicate that topologies established in this manner represent an approximation close to the optimum regarding attacks on end-hosts. Besides, the interdependencies between the overlay and single underlay components are decreased considerably, so that the resulting overlay damage caused by attacks on the underlay is reduced.
Dr. Melanie Volkamer

TU Darmstadt
"Usable Security im Kontext von verifizierbaren elektronischen Wahlen"
27. Oktober 2011, ab 14:00 Uhr, CASED-Gebäude S4|14, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Bei der Entwicklung von Sicherheitstechnologien gilt das primäre Interesse der Sicherheit. Aspekte der Bedienbarkeit und Verständlichkeit werden nur zweitrangig oder gar nicht beachtet, obwohl beide Faktoren einen erheblichen Einfluss auf die Akzeptanz und die sichere Nutzung dieser Technologien haben.

Folglich werden viele theoretisch sehr gut untersuchte Sicherheitsmechanismen nicht oder nur von Experten verwendet. Dies gilt auch und besonders für elektronische Wahlsysteme. Während auf Konferenzen komplexe aber verifizierbare Wahlprotokolle diskutiert werden, kommen in der Praxis benutzerfreundliche ‚Blackboxsysteme‘ zum Einsatz.

Im Vortrag werden Lösungsansätze für die Erweiterung des Polyas (Blackbox-) Wahlsystems hinsichtlich Verifizierbarkeit sowie für die Anpassung des verifizierbaren Helios Internetwahlsystems hinsichtlich Benutzerfreundlichkeit vorgestellt. Der Vortrag wird außerdem einen Überblick über weitere laufende und geplante Projekte im Usable Security Bereich geben.
Dieter Sommer, Project Manager

IBM Research Laboratory, Zürich
"Privacy-enhanced Identity Management – From Cryptography to Practice"
Oberseminar IT-Sicherheit
29. September 2011, ab 13:00 Uhr, CASED, Mornewegstraße 32, 64293 Darmstad, Raum 5.3.01

Anonymous credential schemes are a key ingredient for realizing modern privacy-enhanced identity management. Such schemes allow a user to make identity statements to other parties based on previously-obtained credentials through the execution of protocol transactions. Such transactions have the following privacy-preserving properties: Only partial information about a credential's attributes can be released and multiple transactions remain unlinkable. Thus, credentials are a powerful mechanism for minimizing the amount of released data and are an ideal technology for building user-centric privacy-enhanced identity management systems.

To realize a credential-based identity management system, cryptographic protocols are only one important building block – multiple additional ones are required to deploy such a system in practice. In this talk we present architectural aspects and the following essential building blocks: (1) An identity specification language used to describe the identity semantics of the credential protocols to be executed, (2) an access control system capable of authorizing users based on authentications performed with credential protocols, and (3) a method for run-time generation of the cryptographic credential protocols.

The system we present supports advanced features of credential systems such as making statements about multiple credentials in a single transaction, statements comprising disjunctions, and, of particular importance, accountability of an anonymous user.
Contact: Andrea Püchner, phone 75530, puechnerinformatik.tu-darmstadt.de Weitere Informationen
Dr. Prasad G. Naldurg

Microsoft Research India, Bangalore
"EC-SPRIDE-Colloquium: Foundations of Dynamic Access Control"
15. September 2011, ab 10:00 Uhr, CASED, Mornewegstraße 32, 64293 Darmstad, Raum 3.1.01

In this talk, I will describe our work on understanding the foundations of dynamic access control. In contrast to traditional operating systems, new commercial operating systems e.g., Windows 7, and research operating systems such as Asbestos and Flume, include labels for integrity protection. Unlike the strict Bell-LaPadula mandatory access controls, these labels are allowed to change in controlled ways by users and applications. The implications of these dynamic changes need to be examined carefully, and existing formalisms cannot express or help us understand their impact on access control safety. We present a logic-programming framework to specify, analyze and automatically verify such dynamic access control models. We study the problem of reachability (equivalently safety) in these models and show that they are undecidable in the general case. We also identify a reasonably expressive fragment of this formalism that has a sound and complete decision procedure. We build a theory (and tool) based on bounded model-checking for reasoning about information flow in the general context, and show its application on real-world use-cases. We are able to highlight several important vulnerabilities in these models, as well as suggest design changes that can be provably validated. I will conclude a small discussion on open problems in this framework and future work. This talk summarizes some of our work from FMSE 2006, CCS 2008, PLAS 2009 (best paper) and SACMAT 2011. Weitere Informationen
Dr. Debdeep Mukhopadhyay

Indian Institute of Technology, Kharagpur
"EC-SPRIDE-Colloquium: Cache Attacks on Symmetric Key Crypto-systems and their Formal Analysis"
9. September 2011, ab 09:00 Uhr, CASED, Mornewegstraße 32, 64293 Darmstad, Raum 3.1.01

In In the last decade it has been shown that almost every secure system in use today is vulnerable to a class of cryptographic attacks known as side-channel attacks. These attacks glean secret information through leakages from power, timing, and electro-magnetic radiation of the device. Preventing these attacks is difficult because the leakage not only depends on the cipher algorithm but also on the implementation and the execution platform. The counter-measures proposed in literature so far are ad-hoc and are either too difficult to implement or have large overheads. Moreover, most proposals only increase the complexity of the attack but do not prevent it. Theoretical analysis of side-channel attacks is critical in order to provide a fair evaluation of leaking crypto-systems. However developing such an analysis is challenging due to the device and implementation specific nature of side-channel attacks. The first step in formally analyzing side-channel attacks is to quantify the amount of information leaked from the implementation. Contemporary approaches abstract leakage from the physical devices by polynomial time functions. However this is known to correspond to more powerful leakages than what is actually observed in practice. An alternate approach is to approximate leakages by Hamming weight and distance models. Leakage, however, is a function of several parameters and the magnitude of leakage of each parameter may differ. For example, in software implementations of ciphers, leakage is influenced by numerous system specific parameters such as the cache architecture. Hamming weight or distance models does not always apply in these cases. Depending on the cipher algorithm, its implementation, and form of side-channel attack, the leakage contribution of each parameter would vary. Therefore, in order to have an accurate measure of information leakage, it is important to pin-point the causes of leakage and quantify the amount of information leaked from each source. In our research, we consider symmetric key ciphers implemented with look-up tables. In such implementations, the cache memory is the major source of leakage. We discovered that micro-architectural features in cache memories, such as non-blocking reads, out-of-order execution, parallelization, pipelining, and prefetching in memory accesses have a significant contribution in the leakage. We first demonstrate this threat, by presenting a cache timing attack on CLEFIA, which is a 128 bit block cipher designed by Sony Corporations. The attack was important, as it was widely believed in literature that ciphers with small tables are safe against cache attacks. In the second part of the talk, we formally analyze the cache based attacks by mathematically quantifying the leakage in commonly used prefetching algorithms. The analytical results, which were supported by experimentation, brought out interesting facts like the impact of the size, number of look-up tables and their relative placement on the information leakage. In the future, we plan to utilize the leakage models developed to construct a cipher provably resilient against side-channel attacks. The final objective is to implement the proposed cipher and then compare its side-channel resistance against state-of-the-art ciphers like AES and CLEFIA. The hope is the emergence of a new class of ciphers, more resistant against these lethal forms of attacks. Weitere Informationen
Dr. Heiko Rossnagel & Jan Zibuschka

Fraunhofer-Institut für Arbeits¬wirtschaft und Organisation IAO Competence Team , Stuttgart
"Towards Viable Security Solutions - A Pragmatic Approach"
Oberseminar IT-Sicherheit
8. September 2011, ab 14:00 Uhr, CASED, Mornewegstraße 32, 64293 Darmstad, Raum 5.3.01

Technological solutions that address issues like security, privacy and reliability have been developed by companies and in research projects.

However, they often appear disconnected from markets, user needs and economic contexts. As a result several security and privacy technologies have become market failures in recent years. Economic issues are often neglected by technology developers. Instead security solutions continue to be designed with technological factors in mind, valuing increases in security guarantees and even technical complexity over practical relevance.

We argue that the widely lamented failure of many security solutions in the market is due to an overly technology- and complexity-driven design approach. Building on a literature review, we derive a set of factors influencing the viability of security solutions in the market, and thus the overall security level. Our approach requires designer to consider aspects of market compliance during the early stages of the design process.

Therefore, we present several methods that can be applied to achieve this goal. We build on earlier approaches and findings from IT security and related disciplines, but integrate them in a larger paradigmatic framework targeting specifically the security domain. Weitere Informationen
Dr. Sameer Patil

School of Informatics and Computing, Indiana University
"EC-SPRIDE-Colloquium: "It depends": Reconciling Privacy and Awareness in Collaborative Work"
5. September 2011, ab 16:00 Uhr, CASED, Mornewegstraße 32, 64293 Darmstad, Raum 3.1.01

Awareness of the activities of one's collaborators is crucial for effective and efficient collaboration. In loosely coupled collaborations, particularly those distributed across time and distance, such awareness is impoverished. Interpersonal Awareness and Interactions Systems (IAIS) aim to foster awareness and overcome the impoverishment. Promoting awareness, however, is often in tension with the individuals' desire for privacy. To explore how users currently reconcile privacy desires with awareness needs, we engaged in a longitudinal field study of a large, geographically distributed software development project spread across five sites of a large multinational corporation. Using grounded theory techniques, we generated a framework describing how privacy management operates in a collaborative work setting. The framework lists the important situational characteristics and interpretive influences that impact and guide user practices. We further analyzed responses to an online questionnaire and identified differences in interpersonal privacy concerns among collaborators in the U.S. and India along with plausible factors that lead to these differences. These results suggest several socio-technical design improvements for enhancing the privacy-sensitivity of IAIS. Weitere Informationen
Prof. Dr. Willem Jonker

Twente University und EIT ICT Labs
"EIT ICT Labs: driving ICT Innovation in Europe"
11. August 2011, ab 11:00 Uhr, CASED-Gebäude S4|14, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Prof. Willem Jonker (1962) has a broad background in ICT, both in industry as well as in academia. He studied mathematics and computer science at Groningen University, worked at Delft University of Technology, received his PhD from the University of Utrecht, and is a part-time full professor in computer science at Twente University.

Willem Jonker's industrial experience covers telecommunications (KPN), IT (European Computer industry Research Centre, Munich) and consumer electronics (Philips). He held several positions as researcher, international project leader, department head, sector head, and account manager. In 2006 he was appointed Vice President Philips Research. Prof. Dr. Jonker has served European ICT research in various ways amongst others as project leader, reviewer, and advisor.
Dr. Federica Paci

DISI, University of Trento, Italien
"EC SPRIDE Colloquium: ACConv- An access control model for conversational Web services"
10. August 2011, ab 16:00 Uhr, CASED-Gebäude S4|14, Raum 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

With organizations increasingly depending on Web services to build complex applications, security and privacy concerns including access control policy enforcement are becoming a serious issue. Ideally, service providers would like to make sure that clients have knowledge of only portions of the access control policy relevant to their interactions to the extent to which they are entrusted by the Web service and without restricting the client's choices in terms of which operations to execute.

This talk presents ACConv, a novel model for access control in Web services which is suitable when interactions between the client and the Web service are conversational and long-running. ACConv balance the trade-off between limiting the disclosure of access control policies by service providers and preventing interrupted conversations for clients.
Dr. Sebastian Gajek

Tel Aviv University, Israel
"EC SPRIDE-Colloquium: Secure Protocols for the Cloud by Design - Where composition comes to rescue"
10. August 2011, ab 14:00 Uhr, CASED-Gebäude S4|14, Raum 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

Designing and analyzing systems in a modular way has contributed to fundamental achievements in many realms of computer science and related fields (e.g. modularity, lower complexity, cost efficiency).

In contrast, building provably secure systems, that is systems within a mathematical model with well-defined security properties, in a composable way is subject to recent research.

Clouds are highly complex systems. Designing protocols for the cloud is delicate. Numerous cryptographic modules run in concurrent processes and interact with other, non-cryptographic operating system and network parts (e.g., caches, co-processors, access policies, process schedulers) of the system.

When analyzing such larger systems a major problem is scalability. The analytical complexity grows with the size of the cloud resulting likely in tedious or error-prone proofs. Composition naturally comes to rescue here. Simply decompose the larger system in smaller blocks, analyze each component stand-alone, and deduce security guarantees via a composition operator.

We motivate and present a framework for the modular design and analysis of protocols for Cloud applications. We then show how to construct cloud authentication protocols with the aid of a credential provider. Our construction can be seen as generic, composable compiler for practical and efficient federated identity management protocols (e.g., Facebook connect, Google sign in). Specifically, the compiler asserts strong security guarantees in the light of naive users and adversaries controlling relevant non-cryptographic protocol functionalities. Previous federated identity management protocols falled prey to attack by design under these realistic assumptions.
Dr. Eyad Alkassar

"EC SPRIDE-Colloquium: Cyberwars, Secure Systems and Formal Proofs"
10. August 2011, ab 11:00 Uhr, CASED-Gebäude S4|14, Raum 3.1.01, Mornewegstrasse 30, 64293 Darmstadt
Dr. Christophe Tartary

Tsinghua University, Beijing, China, Institute for Theoretical Computer Science
"EC SPRIDE Colloquium: Graph Coloring and Secure Multiparty Computation in Non-Abelian Groups"
9. August 2011, ab 15:00 Uhr, CASED-Gebäude S4|14, Raum 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

Due to the expansion of communication networks, achieving secure distributed computation has become a major focus point for the research community. Even if some generic solutions are known since 1988, those protocols are computationally inefficient.

In this talk, we present a new way of designing unconditionally secure and efficient multiparty computation algorithms for non-Abelian groups in the passive (also known as semi-honest) case. By a result (due to Barrington) on performing secure computation in the symmetric group S5, our protocols can be used to securely compute arbitrary functions. Our approach is based on a security reduction to the existence of a particular class of colorings for planar graphs.

The computational complexity of our black-box construction is a small polynomial in the number of participants and it is independent on the size of the circuit used to compute the distributed function representing a major improvement on the generic 1988 solutions.
Dr. Rohid Chadha

LSV, ENS de Cachan, France
"EC SPRIDE-Colloquium: Automated verification of cryptographic protocols"
9. August 2011, ab 13:00 Uhr, CASED-Gebäude S4|14, Raum 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

The widespread use of internet has raised serious concerns of privacy and trust. In order to address these concerns, cryptographic protocols are widely used. A cryptographic protocol is a distributed program that uses cryptographic primitives to ensure security over an untrusted network. However, the design of cryptographic protocols has proven to be error-prone and several errors have been found. Thus, there is a need for building scalable tools for automatically verifying security of cryptographic protocols. The complexity of cryptographic protocols as well as the desired security guarantees presents unique challenges to verification of cryptographic protocols.

We illustrate these challenges within the context of

a) verifying cryptographic protocols with randomization and
b) verifying equivalence-based properties of cryptographic properties.
Prof. Dr. Frederik Armknecht

Universität Mannheim
"EC SPRIDE Colloquium: Adapted homomorphic encryption"
8. August 2011, ab 15:00 Uhr, CASED-Gebäude S4|14, Raum 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

Homomorphic encryption schemes are very useful cryptographic tools that enable computation on encrypted data without the need to know the plaintext. A little bit more formal, an encryption scheme is homomorphic with respect to a set of functions F if for any function f out of F one can derive an encryption of f(x_1,…,x_n) if only encryptions of x_1,…,x_n are given.

Such schemes have been discussed in the context of various applications like cloud security or multi-party computation. Unfortunately, all existing schemes are either too inefficient for practical purposes or support only a very limited set of functions (often only one specific algebraic operation). One reason is certainly that in cryptography, one usually aims for schemes that are ‘’good for everything’’, that is being as flexible as possible and meet the highest possible security standards.

In this talk, we discuss a relaxed approach. For many practical applications, adapted homomorphic encryption schemes would be sufficient. That is schemes which provide only restricted functionalities and/or that are secure with respect to a weaker attacker model. We show that by relaxing the conditions, new schemes are possible that can be much faster and compact than existing schemes, nonetheless being perfectly suited for the considered applications.
Dr. Eric Bodden

TU Darmstadt/CASED
"EC SPRIDE Colloquium: Clara - Proving safety and security properties by evaluating runtime monitors ahead of time"
8. August 2011, ab 13:00 Uhr, CASED-Gebäude S4|14, Raum 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

A runtime monitor observes events during a program's execution and validates these events against the specification of a safety or security property. When detecting a property violation, the monitor can log the violation or even prevent the violating event from actually occurring. As we show, the latter allows the enforcement of access-control policies.

In this talk we focus on the Clara system for evaluating runtime monitors ahead of time. Clara statically evaluates runtime monitors expressed as "aspects" in the aspect-oriented programming language AspectJ. Monitors expressed as aspects are easy to write, read, maintain and analyze. This allows Clara to use syntactic, pointer-based and control-flow-based analysis techniques to partially evaluate runtime monitors already at compile-time.

Partial ahead-of-time evaluation is a powerful concept: For many programs, Clara can prove the absence of property violations on all possible executions. For other programs, Clara typically restricts the program instrumentation for runtime monitoring to a necessary minimum, speeding up the runtime monitoring process by orders of magnitude. In this talk we cover previous work on applying Clara to validate safety properties of large-scale Java programs, but we also introduce our current and planned lines of work on using Clara to enforce access-control and information-flow policies.
Dr. Thomas Schneider

TU Darmstadt/CASED
"EC SPRIDE Colloquium: Engineering Cryptographic Protocols (ENCRYPTO)"
8. August 2011, ab 10:00 Uhr, CASED-Gebäude S4|14, Raum 3.1.01, Mornewegstrasse 30, 64293 Darmstadt

As today’s world gets more and more connected, actors with different and potentially conflicting interests want to interact in many application scenarios. Examples are citizens and governments (electronic passport and id), patients and health insurances (electronic health card, e-health services), or companies (cloud computing). In this context, it is of foremost importance that the underlying IT systems and algorithms can fulfill the diverse security and privacy requirements of the involved parties. In particular, if sensitive (e.g., medical) data is processed by not fully trusted service providers (e.g., "in the cloud"), conformity with data privacy protection laws must be guaranteed.

Privacy-preserving cryptographic protocols allow to process such sensitive data in a provably secure way. Until today, the design and implementation of privacy-preserving protocols, efficient enough to be used in practical applications, is a challenging and error-prone task even for experts in the field. To make such protocols widely accessible to non-expert users, tools are needed that automatically generate efficient and secure privacy-preserving cryptographic protocols from high-level specifications.

In this talk we give an overview on our past, present, and future research performed in the area of Engineering Cryptographic Protocols (ENCRYPTO).

The long-term goal of ENCRYPTO is to provide models, languages, and tools for security and privacy by design during the entire lifecycle of privacy-preserving protocols in various application scenarios.
Dr. Cheng Feng

Hasso Plattner Institute (HPI) an der Universität Potsdam
"An Easy-to-Use Network Security Lab Manufacturing Platform"
25. Juli 2011, ab 14:00 Uhr, Fraunhofer SIT, Rheinstr. 75, 64295 Darmstadt, TK-Lab

Dr. Feng Cheng is now a research associate at Hasso Plattner Institute (HPI) at University of Potsdam (Uni Potsdam), Germany. His research is mainly focused on network security, firewall, IDS/IPS, protocol analysis, attack modeling and penetration testing, SOA and Cloud Security, etc.

This talk addresses the challenge for designing, creating, maintaining and delivering the security lab by proposing a Cloud based Network Security Lab Manufacturing Platform. Each experimental scenario is specified by three ways: a machine-readable text specification, a visible diagram, and an attack graph.

Using a well-structured data model, the real world IT entities involved in the target scenario, such as hosts, switches, and firewalls, etc., as well as their connectivity are represented in a formal way which can be directly understood by computers. Using a graphic user interface, users can create a new scenario or edit an old one on the diagram.

An attack graph is affiliated with the scenario to show all the possible attack paths which might happen in this scenario. The text based specification can further be used to automatically build the virtual network corresponding to the scenario with the support from a highly efficient Virtual Machine (VM) management framework. Flags are assigned in the output virtual network based on the attack graph of the target scenario, which are supposed to be captured by students. During the live experiment, students' behaviors and other real time lab information are gathered through the scanners or IDS sensors deployed in the scenario and then visualized on both the diagram and attack graph so that the instructors can monitor students' activities and evaluate their performance accordingly.

The overall infrastructure of the proposed platform is expected to be implemented based on the concept of “Experiment as a Cloud” which makes it possible to be efficiently executed, flexibly adapted and remotely accessed even by other universities or institutions which do not have efficient hardware and software resources.

Andrea Püchner, phone 75530, puechnerinformatik.tu-darmstadt.de Weitere Informationen
Henner Jakob

INRIA Institut Nationale de Recherche en Informatique et en Automatique, Bordeaux, Frankreich
"Towards Securing Pervasive Computing Systems by Design – A Language Approach"
20. Juli 2011, 10:00-11:00 Uhr, CASED-Gebäude S4|14, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Short-CV:
Henner Jakob finished his studies of computer science at Technische Universität
Darmstadt in 2007. His main interests were communication networks and security related topics. Afterwards, he worked for six month in the IT-Architecture group of the Multimedia Communication Lab (KOM/TUD) on software architectures.

During the last three years he worked as a PhD student on integrating security concerns into the development process of applications. This work has been realized in the Phoenix research group
at INRIA in Bordeaux.

Abstract:
Developing the functionalities of pervasive computing applications requires to
deal with a wide range of issues: heterogeneous devices, entity distribution,
entity coordination, low-level hardware knowledge…

This requires expertise in various domains and a lot of administrative code to
glue technologies together.

Integrating security concerns is especially challenging, since security typically
crosscuts the entire pervasive computing system (e.g., applications and technologies).
In this talk I will present work from the Phoenix research group at INRIA Bordeaux,
where we focus on principles, techniques and tools for the development
of pervasive computing systems. This talk will cover two parts:

(1) A general
introduction to our generative programming approach that relies on a domainspecific
language, named DiaSpec, dedicated to the pervasive computing domain.

(2) Extensions of our approach that address security at design time and
support the developer throughout the development process.

Contact
Andrea Püchner, phone 75530, puechnerinformatik.tu-darmstadt.de Weitere Informationen
Dan Wallach

Rice University , Houston, Texas, USA
"Lightweight Provenance for Smart Phone Operating Systems"
19. Juli 2011, ab 14:00 Uhr, CASED-Gebäude S4|14, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Short CV

Dan Wallach is an associate professor in the Department of Computer Science at Rice University in Houston, Texas and is the acting director of NSF's ACCURATE (A Center for Correct, Usable, Reliable, Auditable and Transparent Elections). His research considers a variety of different computer security topics, ranging from web browsers and servers through electronic voting technologies and smart phones.

Abstract

Smartphone apps are often granted to privilege to run with access to the network and sensitive local resources. This makes it difficult for remote endpoints to place any trust in the provenance of network connections originating from a user's device. Even on the phone, different apps with distinct privilege sets can communicate with one another.

This can allow one app to trick another into improperly exercising its privileges (resulting in a confused deputy attack). In Quire, we engineered two new security mechanisms into Android to address these issues. First, Quire tracks the call chain of on device IPCs, allowing an app the choice of operating with the reduced privileges of its callers or exercising its full privilege set by acting explicitly on its own behalf.

Second, a lightweight signature scheme allows any app to create a signed statement that can be verified by any app on the same phone. Both of these mechanisms are reflected in network RPCs. This allows remote systems visibility into the state of the phone when the RPC was made. We demonstrate the usefulness of Quire with two example applications: an advertising service that runs advertisements separately from their hosting applications, and a remote payment system. We show that Quire's performance overhead is minimal.

Joint work with Michael Dietz, Shashi Shekhar and Anhei Shu. Weitere Informationen
Sören Bleikertz

IBM Research Laboratory, Zürich , Schweiz
"Automated Verification of Virtualized Infrastructures"
19. Juli 2011, ab 11:00 Uhr, CASED-Gebäude S4|14, Raum 3.1.01, Mornewegstrasse 32, 64293 Darmstadt

Short-CV

Sören Bleikertz is a predoctoral researcher at the IBM Research Zurich laboratory focusing on security in virtualized systems and cloud computing. He holds two Master of Science degrees in Security and Mobile Computing from Norwegian University of Science and Technology and Technical University of Denmark respectively.

Abstract

Virtualized infrastructures and clouds present new challenges for security analysis and formal verification: they are complex environments that continuously change their shape, and that give rise to non-trivial security goals such as isolation and failure resilience requirements. We present a platform that connects declarative and expressive description languages with state-of-the art verification methods. The languages integrate homogeneously descriptions of virtualized infrastructures, their transformations, their desired goals, and evaluation strategies. The different verification tools range from model checking to theorem proving; this allows us to exploit the complementary strengths of methods, and also to understand how to best represent the analysis problems in different contexts. We consider first the static case where the topology of the virtual infrastructure is fixed and demonstrate that our platform allows for the declarative specification of a large class of properties. Even though tools hat are specialized to checking particular properties perform better than our generic approach, we show with a real-world case study that our approach is practically feasible. We finally consider also the dynamic case where the intruder can actively change the topology (by migrating machines). The combination of a complex topology and changes to it by an intruder is a problem that lies beyond the scope of previous analysis tools and to which we can give first positive verification results. Weitere Informationen
Prof. Marina Blanton, Ph.D.

University of Notre Dame,, Indiana, USA
"Secure Biometric Computation and Outsourcing"
15. Juli 2011, ab 14:00 Uhr, CASED-Gebäude S4|14, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt
Weitere Informationen
Prof. Johannes Buchmann

CASED | TU Darmstadt
"Impuls: Bedrohungen und Lösungsansätze, Perspektiven in der Sicherheitsforschung "
6. Juli 2011, ab 10:45 Uhr, Konferenz „Zukünftiges Internet“, Berliner Congress Center (bcc)

Das Bundesministerium für Bildung und Forschung (BMBF) greift die Herausforderung der zukünftigen Gestaltung des Internets aktiv auf.

Mit der Konferenz „Zukünftiges Internet“ in Berlin treibt das BMBF den Dialog zwischen Gesellschaft, Politik, Wissenschaft und Wirtschaft zur Gestaltung des Internets voran. Ziel ist es, einen Beitrag zu den Leitlinien für die zukünftige Forschungs- und Innovationspolitik zu leisten. Weitere Informationen
Prof. Dr. Michael Waidner

CASED | Fraunhofer SIT, Darmstadt
"Keynote: Internet als öffentlicher Raum"

5. Juli 2011, ab 13:00 Uhr, Konferenz „Zukünftiges Internet“, Berliner Congress Center (bcc)
Keynote: Johannes Buchmann

CASED| TU Darmstadt
"11th Central European Conference on Cryptology"
30. Juni - 2. Juli 2011, Debreczin, Ungarn

Bestätigte Keynote-Redner:

- Johannes Buchmann, CASED/Technische Universität Darmstadt

- Bart Preneel, Katholieke Universiteit Leuven

- Gábor Tardos, Alfréd Rényi Institute of Mathematics of the Hungarian Academy of Sciences Weitere Informationen
Jan Wulfes

Technische Universität Dresden
"Dining Cryptographers in the real world - the next big thing in anonymity services?"
Oberseminar IT-Sicherheit
28. Juni 2011, ab 14:00 Uhr, CASED, Mornewegstraße 32, 64293 Darmstad, Raum 4.3.01

Currently available anonymity services are normally based on mix network technologies. Despite their well-proven techniques, they have recently become prone to legal attacks such as the data retention law.

An alternative approach based on the Dining Cryptographers Network (DC) is presented in this talk. It provides a theoretically well defined anonymity. For confidentiality a trustworthy server, unlike mix technologies, is not required. This countervails the new threat of legal attacks.

Based on our recent work, we present an implementation and provide real-world results. Furthermore, we will discuss future research goals in the field of DC networks. Weitere Informationen
Dr. Michael Kreutzer

CASED & EC SPRIDE
"FAKO - Meeting in Darmstadt - IT-Security Meets Business"
31. Mai 2011, ab 17:00 Uhr, Technologie & Innovationszentrum TIZ-Darmstadt, Robert-Bosch-Str. 7, 64298 Darmstadt, Konferenzraum 1

Gerade nach den Datenkatastrophen von Apple und Sony, muss man sich wirklich fragen, wie sicher sind meine Daten? IT-Security ist DIE Chefsache im Unternehmen. Informieren Sie sich über Risiken und praktikable Lösungen. Ziel dieser Veranstaltungsreihe ist es kompakt und effizient IT-Fachwissen zu vermitteln und eine Kooperationsplattform für IT-Unternehmen bereitzustellen. Weitere Informationen
Keynote: Johannes Buchmann

CASED| TU Darmstadt
"MEGA 2011: Effective Methods in Algebraic Geometry"
30. Mai - 3. Juni 2011, Stockholm University, Schweden

MEGA steht für "Effektive Methoden in Algebraischer Geometrie" und ist eine alle zwei Jahre stattfindende, sehr anspruchsvolle Konferenz zu Aspekten der Berechenbarkeit und der Anwendung der Algebraischen Geometrie und verwandten Themen. Weitere Informationen
Dr. Salil Kanhere

University of New South Wales, School of Computer Science and Engineering, Sydney, Australien
"Improving QoS in Mobile Networks using Geo-Intelligence"
30. Mai 2011, ab 14:00 Uhr, S3/06 - 249 (Stadtmitte)

Abstract: The proliferation of smart mobile devices has given birth to a new Internet access scenario. More users are now accessing the Internet while travelling in cars, buses and trains. These users cover significant distances within an active Internet session opening up new opportunities as well as challenges for the Internet access.

For example, a fast moving user visits many different locations within a short time, creating the opportunity to optimize session uploads and downloads by exploiting the networking diversity available in those locations. In contrast, due to the location-sensitiveness of wireless performance, a fast moving user faces escalating bandwidth uncertainly, making real-time multimedia a challenging problem.

How to optimize the Internet access for fast moving users has become a topic of intense research in the recent years. In this talk, we introduce the concept of geo-intelligence, which entails the creation of a high- resolution geographic network performance map that continuously collects and summarizes user experiences for each 500 meter of the road.

The presentation will show how to create, store, and interface such maps to existing communication protocols. Maps created for the largest 3G providers in Australia along a 23Km route in the city of Sydney will be analyzed. Results from a recent prototype test drive, which demonstrates the utility of such maps for improving the quality of multimedia streaming in the vehicular environment will be presented.

Bio: Salil Kanhere received his MS and PhD, both in Electrical Engineering from Drexel University, Philadelphia, USA in 2001 and 2003, respectively. He is currently a Senior Lecturer in the School of Computer Science and Engineering at the University of New South Wales in Sydney, Australia. His current research interests include participatory sensing, mobile networks and wireless sensor/mesh networks.

Salil has served on the organising committees and program committees of numerous conferences. He serves as the Associate Editor for the European Transactions on Telecommunications and the ICST Transactions on Ubiquitious Environments. Salil is a Senior Member of the IEEE. Weitere Informationen
Dan Yamamoto

Hitachi, Ltd., Yokohama Research Laboratory, Japan
"Web security and identity management"
25. Mai 2011, 11:00-11:30 Uhr, CASED-Gebäude S4|14, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt
Dr. Mario Lischka

NEC Laboratories Europe, Heidelberg
"Specifying Privacy with XACML"
Oberseminar IT-Sicherheit
12. Mai 2011, ab 13:00 Uhr, Raum 4.3.01

The presentation will give an introduction into the current standard of the OASIS XACML and show its potentials to model privacy policies. Based on the experiences in the FP7 SWIFT project an extension for deductive and distributed policy specification and evaluation will be presented. This extension not only provides mechanism to control the release of private information but also enables new solutions for SaaS scenarios. Weitere Informationen
Benjamin Kellermann, TU Dresden

"Dudle: Mehrseitig Sichere Web 2.0-Terminabstimmung"
Oberseminar IT-Sicherheit
14. April 2011, ab 15:00 Uhr, CASED, Mornewegstraße 32, 64293 Darmstad, Raum 4.3.01

Es existiert eine Vielzahl an Web 2.0-Applikationen, welche es einer Gruppe von Personen ermöglichen, einen gemeinsamen Termin zu finden (z. B. doodle.com, moreganize.ch, whenisgood.net, agreeadate.com, meetomatic.com, etc.)

Der Ablauf ist simpel: Ein Initiator legt eine Terminumfrage an und schickt den Link zu der Umfrage zu den potentiellen Teilnehmern. Nachdem jeder Teilnehmer der Anwendung seine Verfügbarkeiten mitgeteilt hat, kann anhand dieser Informationen ein Termin gefunden werden, der am besten passt.

Die sogenannten „Verfügbarkeitspattern“ beinhalten oft sensitive Informationen, die auf mindestens zwei Arten die Privatsphäre beeinträchtigen. Zum einen können Dritte direkt Daten über das private Leben der Personen einsehen („Wird mein Mann für das Datum an unserem Hochzeitstag stimmen?“).

Zum anderen können Dritte diese Informationen mit anderen Informationsquellen
verketten und dadurch möglicherweise Individuen identifizieren, die

sonst anonym geblieben wären („Das Verfügbarkeitsmuster des Benutzers „flotter_hase23“ sieht dem meines Arbeitskollegen aber verdächtig ähnlich!“).

Neben den Privacy-Problemen existieren bei allen bisherigen Lösungen
Sicherheitsprobleme. So erlauben die meisten Applikationen das Ändern der Daten anderer, es ist möglich, dass man eine falsche Identität vorgibt oder mehrfach abstimmt.

In diesem Vortrag werden existierende Ansätze für das Terminabstimmungsproblem sowie eine mehrseitig sichere Lösung vorgestellt.
Contact: Andrea Püchner, phone 75530, puechnerinformatik.tu-darmstadt.de
Jim Whitmore, IBM Security Solutions, Mechanicsburg, PA

"Developing Software with Security in Mind"
Oberseminar IT-Sicherheit
5. April 2011, ab 14:00 Uhr, CASED, Mornewegstraße 32, 64293 Darmstad, Raum 5.3.01

As use of computing grows, so does the concern over vulnerable information,
computing systems and computing services.
For hardware and software components, this means that the distinction between
"Commercial-Off-The-Shelf" or "High Assurance" is blurring, and will
eventually vanish altogether. For developers of computing products and services,
this means a increasing awareness of the attention that is paid to security
throughout the solution lifecycle. For academia and professional organizations,
this means that the treatment of security in development needs to be
front and center in Engineering and Computer Science curricula and certifications.
The IBM Security Solutions organization has been examining these issues and
working on a strategy of continuous security improvement in its development
organizations. This talk will describe the IBM Secure Engineering Initiative and
discuss the considerations for secure software found within and beyond the
development process.
Contact: Andrea Püchner, phone 75530, puechnerinformatik.tu-darmstadt.de
Dr. Sebastian Gajek, Tel Aviv University

"Playing Games in UC"
Oberseminar IT-Sicherheit
31. März 2011, ab 15:30 Uhr, CASED, Mornewegstraße 32, 64293 Darmstad, Raum 4.3.01

Universally Composable (UC) security provides a very strong guarantee:

A UC-secure protocol maintains its security properties when used in any execution environment. In many cases, however, full universal composability is not required; milder and more specific composability guarantees suffice.

We formulate a refinement of UC security, called UC with Specialized Environments (SPUC), that allows asserting and proving security properties that withstand only partial and restricted composition operations. The refined operation provides a versatile and powerful tool for asserting security properties for realistic protocols. For instance, it can be used to capture several (global) trusted set-up assumptions, network and input restrictions, and game-based
notions of security. In fact, we show that game-based definitions can be casted as a special case of our framework.

We then demonstrate the power of SPUC security by using it to capture for the first time the security properties of CPA-secure symmetric encryption and message authentication codes, as single instance protocols in a composable security framework. This allows us to analyze the security of hybrid encryption, and several common secure communication session protocols in a way that is modular, abstract, and amenable to efficient automation. Joint work with Ran Canetti.

Contact: Andrea Püchner, phone 75530, puechnerinformatik.tu-darmstadt.de
Prof. Benny Pinkas

Bar Ilan University, Israel
" Issues in the Security of Cloud Storage: Oblivious RAM, and Deduplication vs. Privacy"
10. Februar 2011, ab 14:00 Uhr, CASED, Mornewegstraße 32, 64293 Darmstadt, room 5.3.01

The talk will discuss two issues in the security of cloud storage services.

The first issue is a reinvestigation of oblivious RAM, a concept introduced by Goldreich and Ostrovsky. Oblivious RAM enables a client with limited local storage to store remotely $n$ data items, and access them while hiding the identities of the items which are being accessed. Oblivious RAM is often cited as a powerful tool, but it is also commonly considered to be impractical due to its overhead, which is asymptotically efficient but is quite high. We redesign the oblivious RAM protocol using modern tools, namely Cuckoo hashing and a recent oblivious sorting algorithm. The resulting protocol uses only $O(n)$ external memory, and replaces each data request by only $O(log2 n)$ requests.

The second part of the talk will discuss deduplication, a form of compression in which duplicate copies of files are replaced by links to a single copy. Deduplication is known to reduce the space and bandwidth requirements of cloud storage services by more than 90%, and is most effective when applied across multiple users. We study the privacy implications of cross-user deduplication. We demonstrate how deduplication can be used as a side channel which reveals information about the contents of files of other users, or as a covert channel by which malicious software can communicate with its control center. Due to the high savings offered by cross-user deduplication, cloud storage providers are unlikely to stop using this technology. We therefore propose mechanisms that enable cross-user deduplication while ensuring meaningful privacy guarantees.

Joint work with Tzachy Reinman, and with Danny Harnik and Alexandra Shulman-Peleg.
Dr. Thomas Groß

IBM Research, Zurich Laboratory, Zürich, Schweiz
"Oberseminar IT-Sicherheit: Credential Authenticated Identification and Key Exchange (CAID/CAKE) "
3. Februar 2011, ab 11:00 Uhr, CASED-Gebäude S4|14, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

We study two-party identification and key-exchange protocols in which users authenticate themselves by proving possession of credentials satisfying arbitrary policies, instead of using the more traditional mechanism of a public-key infrastructure.

For instance, Alice can prove that she is a citizen of Belgium and PhD student and KU Leuven, whereas Bob proves that he is a citizen of Germany and PostDoc at Fraunhofer SIT based on their respective credentials. If both participants fulfill the policy, they can establish a fresh joint key for a secure channel, otherwise they will not learn information about their respective credentials.

We give definitions for CAID and CAKE in the Universal Composability (UC) framework and propose practical protocols satisfying these definitions for policies of practical interest. All protocols are analyzed in the common reference string model, assuming adaptive corruptions with erasures, and no random oracles.

The new security notion includes password-authenticated key exchange (PAKE) as a special case, and new, practical protocols for this problem are proposed as well, including the first such protocol that provides resilience against server compromise (without random oracles).

The talk will cover concepts and UC-specification of CAID and CAKE, an introduction to tools and sub-protocols we used to realize the protocols, and how to put it all together. It is joint work of Jan Camenisch, Nathalie Casati, Thomas Groß and Victor Shoup published at CRYPTO 2010 and IACR ePrint 2010/055. Weitere Informationen
Dr. Douglas Stebila

Queensland University of Technology, Brisbane, Australien
"Oberseminar IT-Sicherheit: DoS-resistant key exchange: models and mechanisms"
25. Januar 2011, ab 10:00 Uhr, CASED-Gebäude, Raum 4.3.01, Mornewegstrasse 32, 64293 Darmstadt

Abstract
Security models for key exchange have been around for many years, but only recently have started to include consideration of denial-of-service attacks.
This talk will consider security models for client puzzles and in particular introduce a new model to be presented at CT-RSA 2011. The new model incorporates the possibility that an adversary may attack multiple puzzles simultaneously.
In addition we will consider the notion of gradual authentication as applied to key exchange and introduce a new mechanism combining client puzzles and digital signatures with fast verification, to be presented at ASIACCS 2011.
This is joint work with Colin Boyd, Juan Gonzalez, Lakshmi Kuppusamy, and Jothi Rangasamy.
Short Bio
Dr. Douglas Stebila is a lecturer in the Information Security Institute at the Queensland University of Technology in Brisbane, Australia. Originally from Canada, he earned a PhD from the University of Waterloo in 2009.
His research addresses a variety of areas in cryptography, including key exchange, denial of service resistance, password authentication, security models, and quantum cryptography. He will be visiting TU Darmstadt until February 2. Weitere Informationen
Dipl.-Math., M.A.St. Andreas Peter

Technische Universität Darmstadt
"A Cleaner View on IND-CCA1 Secure Homomorphic Encryption using SOAP"
Oberseminar IT-Sicherheit
18. Januar 2011, ab 10:00 Uhr, Raum 4.3.01

Informally, a public-key encryption scheme is called homomorphic, if it allows one to evaluate certain functions over encrypted data without being able to decrypt. These schemes are being extensively studied as they provide the basis for various important applications, such as Outsourcing of Computation, Electronic Voting, Private Information Retrieval, etc.
In this talk, I will give a complete characterization both in terms of security and design of a large class of such schemes that particularly comprises the prominent examples ElGamal and Paillier. This is done by considering the security and structure of a certain abstract scheme that represents the whole class.
For instance, one can show that its IND-CCA1 security is equivalent to the hardness of a new abstract problem called Splitting Oracle-Assisted Subgroup Membership Problem (SOAP).
To highlight the significance of this result, I will then explain its use for determining the security of existing schemes, deriving impossibility results, and constructing new schemes. This is joint work with Frederik Armknecht and Stefan Katzenbeisser. Weitere Informationen
André König

TU Darmstadt
"Security in Infrastructure‐less and Decentralized Communication Networks Location‐based Intrusion Response and User‐based Cooperative Decisions"
14. Dezember 2010, ab 10:00 Uhr, CASED-Gebäude, Raum 4.3.01, Mornewegstrasse 32, 64293 Darmstadt

Infrastructure‐less and decentralized communication substrates such as mobile ad hoc networks and peer‐to‐peer systems enable setting up communication services beyond the borders of contemporary wired or cellular client/server systems.

Yet, due to their specific characteristics like wireless multi‐hop data transmission and lack of central trusted instances, infrastructure‐less and decentralized networks are also beyond the protection of contemporary security mechanisms.

This especially requires consideration in possible first responder or military application scenarios. Various new threats targeting each layer of the ISO/OSI model have been identified. Central questions regarding security include how to deal with misbehavior and how to protect information in networks without well‐defined borderlines, consisting of devices, services and users from multiple administrative domains.

This talk summarizes the PhD thesis of André König, which is advised by Prof. Steinmetz, Prof. Klara Nahrstedt, and Prof. Matthias Hollick. We present possible solutions for excluding misbehaving nodes from infrastructure‐less networks to recover the availability of the network in presence of attacks.

We further present mathematical tools for governing cooperative decision processes without central trusted instances as basis for security objectives such as authentication and access control in decentralized systems. We show evaluation results based on analytical models as well as simulation and testbed studies.
Óscar García-Morchón

Distributed Sensor Systems, Philips Research Europe
"Security for Pervasive Healthcare"
29. November 2010, ab 14:00 Uhr, CASED-Gebäude S4|14, Raum 4.3.01, Mornewegstrasse 32, 64293 Darmstadt

Ubiquitous 24/7 health monitoring systems based on wireless medical sensors are going to play a key role for pervasive e-health applications. These systems allow care givers to early detect and act on signs of patients' clinical deterioration improving quality of care in a reliable unobtrusive and cost effective way.

Ensuring the privacy and security of the exchanged information is challenging in pervasive e-health environments due to the resource constraints of tiny wireless medical sensors and operational requirements such as user mobility, strict latency needs, or the multitude of parties involved in the system.

We describe a comprehensive and practical security framework for these pervasive health monitoring systems. We distinguish three layers addressing the specific security needs at the patient area network, medical sensor network, and back-end levels.

Thereby our architecture accommodates the healthcare institution-centric approach predominant today while making provisions for the more patient-centric vision of pervasive e-health environments. The tailored security mechanisms for each individual layer as well as their interworking are presented and evaluated.

The analysis shows that our proposed security framework allows the deployment of wireless medical sensor networks in a very efficient way.
Prof. Dr. Hannes Frey

Universität Paderborn, Paderborn, Deutschland
"Scalable Routing Algorithms for Large Scale Wireless Networks"
26. November 2010, 10:15-11:00 Uhr, CASED-Gebäude, Raum 4.3.01, Mornewegstrasse 32, 64293 Darmstadt

Large scale wireless networks like ad hoc, sensor sensor actuator or robot networks consist of devices which are communicating wireless without using a fixed network infrastructure. Due to limited transmission range, communication between two nodes often requires collaborating intermediate nodes in order to route messages along a path connecting source and destination node.

Data communication by message routing gets a challenging task in large scale ad-hoc networks like sensor networks consisting of thousands of nodes. Networks with battery operated nodes have only a limited amount of total energy available.

It is thus of great importance that such routing protocols are operating in an energy efficient manner. Moreover, opposed to traditional networks, changes in the network topology - resulting form device mobility or form wireless channel fluctuations - are the rule and not an exceptional case.

This talk will discuss the class of localized routing algorithms which are a significant paradigm shift form traditional routing mechanisms, those based on global message exchange. In such algorithms the decision about the next hop forwarding node is based on information about the current and the nodes in its vicinity only.

Maintenance of the routing infrastructure is just limited on local exchange of information with the immediate neighborhood. The local exchange of control messages is thus not depending on the total network size.

Moreover, changes in the network topology just require control message exchange with neighbor nodes in the immediate surrounding of that change. From that perspective, such network protocols are arbitrary scalable with respect to the network size. Weitere Informationen
Dr. Utz Roedig

University of Lancaster, Lancaster, UK
"Time-Critical Data Delivery in Wireless Sensor Networks"
26. November 2010, 09:30-10:15 Uhr, CASED-Gebäude, Raum 4.3.01, Mornewegstrasse 32, 64293 Darmstadt

Abstract:

A number of wireless sensor network (WSN) applications demand timely data delivery. However, existing WSNs are designed to conserve energy and not to support timely data transmission.

In this talk I will show how WSNs can be dimensioned, deployed and operated such that both reliable and timely data delivery is ensured while scarce energy is preserved. The presented solution employs a novel Medium Access Control (MAC) protocol that incorporates topology control mechanisms to ensure timely data delivery and reliability control mechanisms to deal with inherently fluctuating wireless links.

Furthermore, the solution incorporates mechanisms to constantly evaluate link quality without disturbing time-critical data delivery. An industrial process automation and control scenario at an oil refinery in Portugal is used to define protocol requirements. Under high traffic load, the protocol delivers 100% of data in time using a maximum node duty cycle as little as 2.48%.

In an idle network a maximum node duty cycle of only 0.62% is achieved. The proposed protocol is thus an extremely energy efficient solution for time-critical data delivery. Weitere Informationen
Prof. Dr. Johannes Buchmann

CASED/Technische Universität Darmstadt
"Datenschutz im Internet der Zukunft"
25. November 2010, ab 16:00 Uhr, Gebäude S2/02, Raum C 205, Robert-Piloty-Gebäude, Hochschulstraße 1, 64289 Darmstadt

Im Rahmen der Veranstaltungsreihe der Datenschutzbeauftragten hessischer Hochschulen im Wintersemester 2010/11 anlässlich "40 Jahre Hessisches Datenschutzgesetz" spricht Prof. Dr. Johannes Buchmann, CASED, zu "Datenschutz im Internet der Zukunft". Weitere Informationen
André Miede, M.Sc.

E-Finance Lab and Multimedia Communications Lab partnership an der Technischen Universität Darmstadt
"Oberseminar IT-Sicherheit: Cross-organizational Service Security -- Attack Modeling and Evaluation of Selected Countermeasures ("
18. November 2010, ab 14:00 Uhr, CASED-Gebäude, Raum 4.3.01, Mornewegstrasse 32, 64293 Darmstadt

Challenging market dynamics and the rise of complex value networks require organizations to adjust their processes rapidly in order to stay competitive. Because many organizational processes are directly supported or even enabled by Information Technology (IT), a process is only as flexible as its underlying technological representation.

The Service-oriented Architecture paradigm (SOA) offers means on both a technological and organizational level for the flexible integration of internal and external IT systems. Thus, services are used to assemble processes through service compositions, as well as across enter-prise boundaries.

Such cross-organizational service-based workflows lead to a global SOA which is often referred to as the “Internet of Services''. The main tenor of current SOA security research is that conventional security measures are not effective enough in the SOA context.

Furthermore, just equa-lizing SOA security with Web service security reduces SOA security require-ments to Web service security standards and their configuration, which is an incomplete view. This talk shows a selection of my thesis' contributions regarding the security of service-based systems. An attack scenario of traffic analysis that threatens relationship anonymity in the Internet of Services is investigated, due to its system-inherent implications.

With a particular focus on service compositions, a simulation-based evaluation of different attack models and scenarios offers insights regarding the anonymity of cross-organizational collaboration. Fur-thermore, the impact of using standard anonymity mechanisms on selected Quality of Service parameters is evaluated for Web services in real networks.

The obtained results aim at identifying the limits of anonymity in the Internet of Services and at quantifying side-effects of using state-of-the-art counter-measures. This talk summarizes my PhD thesis, which is adviced by Prof. Steinmetz (TU Darmstadt) and Prof. Schill (TU Dresden).

Short CV

André Miede is a researcher with the E-Finance Lab and Multimedia Communi-cations Lab partnership at Technische Universitaet Darmstadt. His research focuses on security for Service-Oriented Architectures (SOA) and the Internet of Services, especially on attack and countermeasure aspects. In addition to his research activities, he is a senior consultant in the financial services sector for BearingPoint in Germany.
Working Conference on Policies & Research in Identity Management (IDMAN’10)
"Melanie Volkamer hält Keynote-Vortrag: Security in electronic voting systems"
18. November 2010, ab 13:00 Uhr, Oslo, Norwegen

Electronic voting has a young and attractive history, both in the design of basic cryptographic methods and protocols and in the application by communities who are in the vanguard of technologies. The crucial aspect of security for electronic voting systems is subject to research by computer scientists as well as by legal, social and political scientists. The essential question is how to provide a trustworthy base for secure electronic voting, and hence how to prevent accidental or malicious abuse of electronic voting in elections. The handling of electronic and real identities, both in identifiable and anonymized ways, is one of the key challenges in electronic voting. Weitere Informationen
Claude Crepeau

McGill University
"Oblivious Transfer from weakly homomorphic encryption schemes"
11. November 2010, 11:40-12:40 Uhr, TU Darmstadt | Gebäude S2/02 Raum E115

Recently, a number of new cryptographic assumptions were invented as a response to Shor's algorithm. Many of these new assumptions have some homomorphic properties, giving rise to the very first "fully homomorphic" encryption scheme by Gentry. On the other hand, most of these new assumptions do not have the general structures used in the past to securely implement Oblivious Transfer. We show in this work, that a new construction allows us to demonstrate that several of these assumptions are nevertheless sufficient for Oblivious Transfer. Joint work with Raza Ali Kazmi. Weitere Informationen
Prof. Andrei Sabelfeld

Chalmers University of Technology, Göteborg, Schweden
"Web application security: from fundamental challenges toward practical solutions"
14. Oktober 2010, ab 16:15 Uhr, TU Darmstadt | Piloty- Gebäude S2/02, Raum C120
Weitere Informationen
Dr. Martin Steinebach

CASED/Fraunhofer-Institut für Sichere Informationstechnologie SIT
"Digitale Wasserzeichen zum Urheberschutz für digitale Fotografien"

Urheberschutz ist gerade für Fotografen, Bildagenturen und all jene, die mit ihren kreativen Leistungen Geld verdienen, ein wichtiges Thema. Das Fraunhofer Institut für Sichere Informationstechnologie SIT hat mit dem digitalen Wasserzeichen ein Verfahren entwickelt, das durch nicht-wahrnehmbare Veränderungen an digitalen Bildern Informationen untrennbar mit diese einbettet verbindet. Anwendungen hierfür sind der Urheberschutz, die Kundenverfolgung, aber auch das Erkennen von Manipulationen. Die Sicherheit und Geheimhaltung der eingebetteten Information wird durch einen geheimen Schlüssel gewährleistet, ohne den sich das Wasserzeichen nicht auslesen oder verändern lässt.

In seinem Vortrag präsentiert Dr. Martin Steinebach das Verfahren und steht für Fragen zur Verfügung.
7. Oktober 2010, ab 15:30 Uhr, Messe "Bildsprachen 2010" im Wissenschaftspark Gelsenkirchen
Boris Skoric

Eindhoven University of Technology
"Recent advances on Tardos codes"
14. September 2010, ab 13:30 Uhr, TU Darmstadt | Piloty-Gebäude S2/02, Raum E202

Fingerprinting provides a means for tracing the origin and distribution of digital data. Before distribution of digital content, the content is modified by applying an imperceptible fingerprint, which plays the role of a personalized serial number. The fingerprint is usually embedded through a watermarking algorithm. Once an unauthorized copy of the content is found, the identity can be determined of those users who participated in the creation of the unauthorized copy. This can be done using a tracing algorithm, which outputs a list of allegedly guilty users. This process is also known as `forensic watermarking'.

Reliable tracing of content requires security against attacks that aim to remove the embedded information from a copy. Collusion attacks, where a coalition of pirates collude to compare their copies, are a particular threat. As any differences between the copies have to arise from the watermarks and not the content, such a comparison gives information which can be used to remove the watermark.

The by now famous Tardos code has asymptotically optimal (for large coalitions) resilience against collusion attacks. However, there are several unresolved issues regarding the performance of the code for small coalitions, and several seemingly arbitrary parameter choices in the q-ary generalization of the Tardos code.

This talk presents recent work that resolves some of these issues.
Florian Kammüller

TU Berlin
"Language Based Security for Functional Active Objects"
2. August 2010, 14:15-15:45 Uhr, TU Darmstadt | Piloty- Gebäude S2/02, Raum E302

Programming in large networks of computers, like the Internet, poses new
problems of safely implementing parallel activities, code distribution,
and complex communication structures. This talk presents current work on
the foundation and security analysis of active objects in ASPfun -- a
calculus for functional distributed objects that communicate asynchronously.

In ASPfun requests to objects are method calls represented by so-called
futures; replies finally return the result to the object containing the
future.
ASPfun is completely formalized and its properties proved in the
interactive theorem prover Isabelle/HOL. This includes a type system and
a proof of type-safety which implies deadlock-freedom.

This talk presents current work on the foundation of a semantic
definition of information flow security for ASPfun and a related type
system enabling static information flow control. We furthermore present
our future plans on developing a language based modular assembly kit for
security centered around ASPfun and security type systems.
Thorsten Holz

Ruhr Universität Bochum
"Botnet detection and mitigation: taking down Waledac"
5. Juli 2010, ab 15:00 Uhr

At the end of February 2010, the Waledac botnet was taken down in a joint effort of several experts from both academia and industry. Waledac is a peer-to-peer botnet and thus simply taking down only Command & Control servers or domains related to the botnet would not have been an effective countermeasure.

In addition, the peer-to-peer aspects also had to be taken into account to prevent the botmasters from regaining control of the bots. In this talk, we present an overview of the take-down of Waledac and shed some light into the activities that happened behind the stages.

Furthermore, we will also focus on future work in the area of botnet detection and mitigation.

Short Biography: Thorsten Holz is an assistant professor at Ruhr-University Bochum, Germany. He is a member of the International Secure Systems Lab and recently left the Technical University Vienna, where he worked for about one year as postdoctoral researcher.

His research interests include the practical aspects of secure systems, but he is also interested in more theoretical considerations of dependable systems. Currently, his work concentrates on bots/botnets, malware analysis, and security of social networks. Weitere Informationen
Prof. Dr. Jadwiga Indulska

University of Queensland & NICTA Research Center
"Models for fault tolerant and intelligible context-aware applications"
30. Juni 2010, 16:00-17:30 Uhr, TU Darmstadt | Piloty- Gebäude S2/02, Raum C205

Astract:

There is a growing body of research on context-aware applications that are adaptable and capable of acting autonomously on behalf of users.

However, there are still many open research issues in the development of context-aware applications that challenge the pervasive computing community. In this talk I will describe how several of these research challenges have been addressed in my research team.

First, I will outline our models for context information modelling, management and reasoning that were developed to ease software engineering of context-aware applications. This will be followed by a discussion of models supporting development of fault-tolerant and autonomic context-aware applications.

Context-aware applications evaluate context information changes to make decisions about adaptations. However context information may be imprecise or erroneous and this can lead to incorrect adaptation decisions creating usability problems and affecting acceptance of context-aware applications.

This creates a need for intelligibility of context-aware applications and also a need for some balance between autonomy of context-aware applications and user control of these applications. I will describe some early models developed in my team to address this problem.
Dr. Salil Kanhere

University of New South Wales, School of Computer Science and Engineering, Sydney, Australien
"Ear-Phone: A participatory sensing system for noise monitoring"
29. Juni 2010, 14:45-15:45 Uhr, CASED-Gebäude, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Abstract:

A noise map facilitates monitoring of environmental noise pollution in urban areas. It can raise citizen awareness of noise pollution levels, and aid in the development of mitigation strategies to cope with the adverse effects.

However, state-of-the-art techniques for rendering noise maps in urban areas are expensive and rarely updated (months or even years), as they rely on population and traffic models rather than on real data. Participatory urban sensing can be leveraged to create an open and in- expensive platform for rendering up-to-date noise maps.

In this paper, we present the design, implementation and performance evaluation of an end-to-end partici- patory urban noise mapping system called Ear-Phone. Ear-Phone, for the first time, leverages Compressive Sensing to address the fundamental problem of recover- ing the noise map from incomplete and random samples obtained by crowdsourcing data collection.

Ear-Phone, implemented on Nokia N95 and HP iPAQ mobile de- vices, also addresses the challenge of collecting accurate noise pollution readings at a mobile device. Extensive simulations and outdoor experiments demonstrate that Ear-Phone is a feasible platform to assess noise pollu- tion, incurring reasonable system resource consumption at mobile devices and providing high reconstruction ac- curacy of the noise map.

Bio:

Salil obtained a B.E. in Electrical Engineering from VJTI, Bombay, India in 1998. Subsequently he joined the Department of Electrical and Computer Engineering at Drexel University in Philadelphia, USA as a post-graduate student. Salil received his M.S. and Ph.D., both in Electrical Engineering in 2001 and 2003 respectively.

Salil's Ph.D. dissertation was in the area of fair, efficient, and low-latency scheduling in high-speed networks with a particular focus on achieving low implementation complexity for practical use in switches and routers. Since April 2004, Salil is with the School of Computer Science and Engineering at the University of New South Wales in Sydney, Australia.

Salil is a member of the Network Research Laboratory (NRL), a leading research group, consisting of 4 academic staff, 4 research fellows and over 15 Ph.D students. Salil's current research interests are in the areas of sensor networks, mobile networking, vehicular communication, wireless mesh networks and network security. Weitere Informationen
Dr. David Galindo

University of Luxembourg, Laboratory of Algorithms Cryptology and Security, Faculty of Science, Technology and Communication, Luxembourg, Luxembourg
"Towards Revocable Privacy: The Case of the Canvas Cutters"
10. Juni 2010
Weitere Informationen
Benoit Libert, Ph.D.

Université catholique de Lovain, Lovain, Belgien
"Concise Mercurial Vector Commitments and Independent Zero-Knowledge Sets with Short Proofs"
9. Juni 2010, 16:00-17:30 Uhr, CASED-Gebäude, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

Introduced by Micali, Rabin and Kilian, zero-knowledge sets (ZKS) allow a prover to commit to a secret set S so as to be able to prove statements such as "x belongs to S" or "x does not belong to S". Chase et al. showed that ZKS protocols are underlain by a cryptographic primitive termed mercurial commitment. A (trapdoor) mercurial commitment has two commitment procedures.

At committing time, the committer can choose not to commit to any specific message and rather generate a dummy value which it will be able to softly open to any message without being able to completely open it. Hard commitments, on the other hand, can be hardly or softly opened to only one specific message. At Eurocrypt 2008, Catalano, Fiore and Messina (CFM) introduced an extension called trapdoor q-mercurial commitment (qTMC), which allows committing to a vector of q messages at once. These qTMC schemes are interesting since their openings w.r.t. specific vector positions can be short (ideally, the opening length should not depend on q), which provides zero-knowledge sets with much shorter proofs when such a commitment is combined with a Merkle tree of arity q. The CFM construction notably features short proofs of non-membership as it makes use of a qTMC scheme with short soft openings. A problem left open is that hard openings still have size O(q), which prevents proofs of membership from being as compact as those of non-membership.

In this work, we describe a new qTMC scheme where hard and soft position-wise openings, both, have constant size. We then show how our scheme can be extended to provide independent zero-knowledge sets (i.e., ZKS schemes that prevent adversaries from correlating their set to the sets of honest provers, as defined by Gennaro and Micali).

Weitere Informationen
Dr. Martin Steinebach

CASED/Fraunhofer-Institut für Sichere Informationstechnologie SIT
"Wasserzeichen, DRM und Piraterie -- Wer schützt meine Bilder?"
9. Juni 2010, ab 12:15 Uhr, bcc – Alexanderstr. 2, Berlin,
AKEP Jahrestagung, Börsenverein des Deutschen Buchhandels

Bild- und Kunstbuchverlage
AG Digitalisierung

10.00 Uhr Begrüßung und Keynote AKEP Jahrestagung

Innovation durch Kooperation. Wie Groß und Klein gemeinsam wachsen können. Strategische Innovationsentwicklung Dr. Raimund Schmolze, Leiter Ideation & User Experience Development, Deutsche Telekom Laboratories

11.30 Uhr Kaffeepause

speziell für Bild- und Kunstbuchverlage: Moderation: Dr. Bettina Preiß, Sprecherin des Arbeitskreises

11.45 Uhr Diskussionsstand in den Arbeitsgruppen „Historisches Bildmaterial“ und „Vertrieb/ Marketing“

12.15 Uhr Wasserzeichen, DRM und Piraterie – Wer schützt meine Bilder? Dr. Martin Steinebach, Fraunhofer-Institut für Sichere Informationstechnologie SIT

13.00 Uhr Mittagspause

14.00 Uhr Virales Marketing am Beispiel von book2look Rainer Rossipaul, book2look Deutschland

14.45 Uhr iPhone und iPad – Das Buch als App Volker Oppmann, Textunes

15.30 Uhr Kaffeepause

15.45 Uhr Neue Medien für neue Zielgruppen/ Kundenbindung online bei Ravensburger Angefragt

16.30 Uhr Zusammenfassung, Ausblick
Dr. Martin Steinebach

Fraunhofer SIT, Darmstadt
"Kongress Zuse 2.0: Hessen – Standort der Ideen "
Forum VI: Vom Urknall zum Digitalen Wasserzeichen - IT-Exzellenz in Hessen

Vortrag: "Digitale Wasserzeichen zwischen Forschung und Anwendung"
26. Mai 2010, 16:45-17:10 Uhr, Kurhaus Wiesbaden
"Prof. Dr. Lutz Heuser liest aus 'Heinz´Life'"
Lesung: Woher kommen die Computer und wohin gehen sie?
10. Mai 2010, ab 18:00 Uhr, TU Darmstadt | Gebäude S2/02-C205

Diese Frage beantwortet Prof. Dr. Lutz Heuser, Leiter SAP Research und Honorarprofessor beim Fachbereich Informatik der Technischen Universität Darmstadt, in den in Tagebuchform geschriebenen Erinnerungen seines Protagonisten Heinz. Der schaut im Jahr 2032 auf sein Leben zurück, das nicht nur beruflich eng mit der Informations- und Kommunikationsbranche verquickt war.

Anschaulich und unterhaltsam berichtet Heinz, was diese Computer heute schon in unseren Alltagsgeräten Erstaunliches leisten und welche nützlichen und umwälzenden Anwendungen in den nächsten 20 Jahren auf uns warten und unser Leben verändern werden.

Lesen werden:

Prof. Lutz Heuser, SAP Research und TU Darmstadt
Prof. Johannes Buchmann, CASED | TU Darmstadt
Prof. Max Mühlhäuser, CASED | TU Darmstadt
Prof. Ralf Steinmetz, TU Darmstadt Weitere Informationen
Laurent Imbert

Laboratoire d'Informatique, de Robotique et de Microélectronique de Montpellier (LIRMM), UM2/CNRS
"The Double-Base Number System"
8. April 2010, 09:40-10:40 Uhr

In this talk, I present an exotic number system and some applications in computer arithmetic and cryptography. In the so-called double-base number system, one represents integers as a sum of mixed powers of two prime numbers p and q.

I focus on the particular case (p,q)=(2,3) which possesses several properties of interest and lead to several unsolved problems. In terms of applications, I present some results, in particular in the area of elliptic curve cryptography.
Arnaud Tisserand

Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Centre national de la recherche scientifique (CNRS)
"Secured Arithmetic Operators for Cryptography"
8. April 2010, 09:00-10:00 Uhr

A cryptosystem can be considered in theory hard to break, but in practice the physical implementation of the algorithm may provide weaknesses.

For example a hardware implementation of a cryptosystem on a smart card or a FPGA, when the algorithm is executed,
can provide "side channel" information (power consumption traces, electromagnetic emissions...) which can help an attacker.

Arithmetic operators are key elements of a crypto-processor. A lot of additions, multiplications, divisions, inversions and exponentiations on very large numbers have to be computed. For instance, elliptic curve cryptography (ECC) requires 160-600 bits numbers on finite fields GF(2^m) or GF(p).

The design of efficient arithmetic operators requires very fast algorithms, clever representations of numbers and very careful implementations (FPGA, ASIC, smart cards). Speed, circuit area and power consumption are not the only parameters for the design of secured arithmetic operators, robustness against side channel and/or fault injection attacks is now another important parameter.

In this talk, we will first introduce the cryptographic context, side channels and fault injection attacks. Then we will present standard methods for the design arithmetic operators. In the last part, we will present solutions for the design of secured arithmetic operators against side channel and/or fault injection attacks.
Sonja Buchegger

KTH, Stockholm, Schweden
"Research Agenda of Privacy in Online Social Networks"
30. März 2010, ab 10:00 Uhr, S2 | 02, Raum C110 (Piloty-Gebäude)

Abstract

The information we reveal about ourselves online has changed both quanitatively (more volume) and qualitatively (increasingly personal) recently, especially over the last decade. In parallel, web services based on an advertising business model have gained market share and thus rendered information about users more valuable, resulting in an incentive for service providers to gather even more personal information.

In an effort to preserve user privacy while keeping useful features offered by online services, such as social networks, we proposed to go from centralized provider-based models toward a community-driven decentralized approach, based on peer-to-peer networks.

This talk will highlight some of the challenges of this shift, such as availability, confidentiality and other security issues, heterogeneity, incentives for cooperation, and search - in some instances exemplified by our project on peer-to-peer social networks, www.peerson.net.

Short bio:

Sonja Buchegger is an associate professor of Computer Science at KTH, Stockholm, Sweden. From 2007 to 2009 she was a senior research scientist at Deutsche Telekom Laboratories, Berlin, Germany. In 2005 and 2006, she was a post-doctoral scholar at the University of California at Berkeley, School of Information.

She received her Ph.D. in Communication Systems from EPFL, Lausanne, Switzerland, in 2004, a graduate degree in Computer Science in 1999, and undergraduate degrees in Computer Science in 1996 and in Business Administration in 1995 from the University of Klagenfurt, Austria.

In 2003 and 2004 she was a research and teaching assistant at EPFL and from 1999 to 2003 she worked at the IBM Zurich Research Laboratory in the Network Technologies Group.

Her current research interests are mobile ad-hoc and peer-to-peer networks economics and security.

Weitere Informationen

Prof. Francois-Xavier Standaert

Université catholique de Louvain UCL, Crypto Group
"Recent results about side-channel attacks and countermeasures"
25. März 2010, 10:40-11:40 Uhr

Traditionally, cryptographic algorithms provide security against an adversary who has only black box access to cryptographic devices. That is, the only thing the adversary can do is to query the cryptographic algorithm on inputs of its choice and analyze the responses, which are always computed according to the correct original secret information. However, such a model does not always correspond
to the realities of physical implementations. During the last decade, significant attention has been paid to the physical security evaluation of cryptographic devices. In particular, it has been demonstrated that actual attackers may be much more powerful than what is captured by the black box model. For example, they can actually get a side-channel information, based on the device's physical computational steps. As a consequence, some kind of obfuscation is required to protect integrated circuits from these physical attacks. This is especially important for small embedded devices (e.g. smart card, RFIDs, sensor networks, ...) that can typically be under and adversary's control for a short period of time. This implies new theoretical concerns (how to exactly model and evaluate these physical threats) and practical ones (how to prevent them). In this talk, I will discuss different results in the area of side-channel attacks, with a particular focus on formal tools that can be used to evaluate physical security on a fair basis. Starting from an introductive view of the field, I will describe some well known attacks and countermeasures, present a framework for the analysis of side-channel key-recovery from Eurocrypt 2009 and finally discuss the connection of this framework with recent works in leakage-resilient cryptography.

Dr. Iwen Coisel

Université catholique de Louvain UCL, Crypto Group
"Server-Aided Cryptography for Anonymity"
18. März 2010, 10:40-11:40 Uhr

Portable devices (mobile phones, smart cards, ...) are very useful to access services from anywhere. However, when authentication protocols require complex cryptography, implying costly mathematical operations, these devices may become inadequate because of their limited capabilities. This is in particular the case when the device must remain anonymous and unlinkable w.r.t. the service provider since it implies the use of complex cryptographic tools. In this presentation, I introduce the concept of server-aided cryptography for anonymity by adding a powerful intermediary which helps the restricted device in its cryptographic computations. I first give a general server-aided model in this setting, which model can be applied to several cryptographic tools: group, blind and ring signatures. I present the server-aided protocol for the zero-knowledge proof of knowledge of a generic discrete logarithms relations set. Then, I expose the best secure and efficient server-aided variants of several well-known constructions.

Dr. Thorsten Kleinjung

Ecole Polytechnique Federale de Lausanne
"Factoring a 768 bit RSA number"
4. März 2010, ab 11:40 Uhr, S2 02 | C110 (Robert-Piloty-Gebäude, Hochschulstr. 10)

Abstract:

One way to break the RSA crypto system is to factor a large integer. In this talk an overview of the number field sieve, an algorithm for factoring integers, will be given. The complexity of this algorithm for numbers of cryptologically interesting size will be discussed and some aspects of the recent factorisation of a 768 bit RSA number will be described.
Prof. Jintai Ding

Department of Mathematical Sciences, University of Cincinnati
"Solving multivariate polynomial equations over finite fields"
4. März 2010, ab 10:00 Uhr, S2 02 | C110 (Robert-Piloty-Gebäude, Hochschulstr. 10)

Solving multivariate polynomials over finite fields becomes increasingly important in many areas including cryptography.In this talk, we will present some of the new progresses in the area of polynomial solving in the last few years and some of the critical challenges in terms of its applications in cryptography Weitere Informationen
Prof. Dr. Johannes Buchmann

CASED | TU Darmstadt
"SAP Worldtour CeBIT 2010"
3. März 2010, 10:00-10:45 Uhr, CeBIT 2010, Halle 20

Johannes Buchmann spricht im Forum der SAP Worldtour 2010-Keynote "Timeless software & Innovation made in Germany". Keynote Speaker ist Prof. Dr. Lutz Heuser, Executive Vice President & Leiter der SAP Forschung. Weitere Informationen
Prof. Dr. Johannes Buchmann

CASED | TU Darmstadt
"TECHNIKWISSENSCHAFTLICHE VORLESUNG: Sicherheit und das Internet der Zukunft"
25. Februar 2010, 18:00-19:30 Uhr, Stiftung Brandenburger Tor

Der Schutz kritischer Infrastrukturen - z.B. Energieversorgung, Verkehr und Logistik und Gesundheitswesen - ist eine der größten Herausforderungen des neuen Jahrzehnts. Das Internet ist das Rückgrat dieser Infrastrukturen und muss vor immer raffinierteren Angriffen geschützt werden.

Über neueste Entwicklungen in diesem Bereich berichten Lutz Heuser, Leiter der SAP Forschung, die in Darmstadt das Future Public Security Center der SAP betreibt und Johannes Buchmann, Kryptologe und Direktor des IT-Sicherheitszentrums CASED an der TU Darmstadt.

CASED erforscht neue Verfahren, die das Internet auch in Zukunft wirkungsvoll vor Angreifern schützt, zum Beispiel Verschlüsselungsverfahren, die auch noch sicher sind, wenn es Quantencomputer gibt, und digitale Wasserzeichen. Aber selbst der beste Internetschutz wird schwere Schäden an kritischen Infrastrukturen nicht verhindern können.

Die SAP erforscht unter anderem, wie in Großschadensfällen fortgeschrittene Internet-Technologien schnelle und effektive Maßnahmen ermöglichen, die zum Beispiel den Einsatz von Feuerwehr, Rettungskräften und Polizei der jeweils aktuellen Situation angepasst hocheffizient koordinieren.

Begrüßung
Dr. Pascal Decker
Vorstand der Stiftung Brandenburger Tor

Einführung
Klaus-Peter Schmitz
Sekretar der Technikwissenschaftlichen Klasse

Mehr Sicherheit durch das Internet der Zukunft
Prof. Dr. Lutz Heuser
Executive Vice President & Head of SAP Research

Mehr Sicherheit für das Internet der Zukunft
Prof. Dr. Johannes Buchmann
Direktor des Center for Applied Security Technology
Darmstadt CASED an der TU Darmstadt
und Akademiemitglied

Literarisch-musikalische Intermezzi
Peter Gößwein & Partner

Eine Gemeinschaftsveranstaltung der Stiftung Brandenburger Tor und der Berlin-Brandenburgischen Akademie der Wissenschaften mit freundlicher Unterstützung der Senatsverwaltung für Bildung, Wissenschaft und Forschung, Berlin.

Hinweise zur Teilnahme:
Der Eintritt ist frei. Um Anmeldung wird gebeten unter presse-prakt3bbaw.de. Weitere Informationen
Dr. Steffen Reidt

"The Fable of the Bees: Incentivizing Robust Revocation Decision Making
in Ad Hoc Networks"
19. Februar 2010, ab 15:30 Uhr, CASED-Gebäude, Raum 5.3.01, Mornewegstrasse 32, 64293 Darmstadt

ABSTRACT
In this paper we present a new key-revocation scheme for ad hoc network environments with the following characteristics:
• Distributed: Our scheme does not require a permanently available central authority.
• Active: Our scheme incentivizes rational (selfish but honest) nodes to revoke malicious nodes.
• Robust: Our scheme is resilient against large numbers of colluding malicious nodes (30% of the network for a detection error rate of 15%).
• Detection error tolerant: Revocation decisions fundamentally rely on intrusion detection systems (IDS). Our scheme is active for any meaningful IDS (IDS error rate < 0.5) and robust for an IDS error rate of up to 29%.

Several schemes in the literature have two of the above four characteristics (characteristic four is typically not explored).
This work is the first to possess all four, making our revocation scheme well-suited for environments such as ad hoc networks, which are very dynamic, have significant bandwidth constraints, and where many nodes must operate under the continual threat of compromise.

Bio:
Steffen Reidt graduated in Mathematics with a major in Computer Science from the Technical University of Darmstadt in 2006. In his diploma thesis he started working in the field of security for ad hoc networks, which he continued during his Ph.D. studies at the Royal Holloway University of London.
During his time as a Ph.D. student he closely collaborated with the IBM Watson Research Center in NY. His most recent research focuses on incentive driven security protocols and provable security of distributed network protocols based on game theory. Recently in September 2009, he completed his Ph.D. studies.
Weitere Informationen
Dr. Christophe Chabot

Unité de Formation et de Recherche Mathématiques, Institute de Recherche Mathématiques de Rennes (IRMAR), Rennes, Frankreich
"Quasi-cyclic codes as codes over rings of matrices"
18. Februar 2010
Prof. Dr. Johannes Buchmann

CASED | TU Darmstadt
"Fiktion Privatsphäre?"
Die Sorge um die Autonomie in der Informationsgesellschaft
8. Februar 2010, 20:00-22:00 Uhr, TU Darmstadt, Karo 5 (Eingangsgebäude), Karolinenplatz 5, 64289 Darmstadt
Weitere Informationen
Dr. Matthieu Finiasz

ENSTA - École Nationale Supérieure de Techniques Avancées, Paris, Frankreich
"Bounds for the Design of Code-based Cryptosystems"
27. Januar 2010
Weitere Informationen
Dr. Aurélie Bauer

Département, Ècole normale supérieure, Paris
"Using Gröbner bases in Coppersmith's techniques for finding small roots on polynomial equations"
21. Januar 2010, Darmstadt
Weitere Informationen
Dr. ir. Hugo Jonker

Universität von Luxemburg
"Measuring Voter-controlled Privacy"
17. Dezember 2009, 11:10-11:40 Uhr

Privacy is a necessary requirement for voting. Without privacy, voters
can be forced to vote in specific ways, and the forcing party can check
their compliance. But offering privacy does not suffice: if a voter can
reduce her privacy, an attacker can force her to do so.
We introduce the notion of choice groups as a measure of privacy. We
illustrate how this notion can be used to better understand privacy
concerns in proposed theoretical voting systems. In particular, we show
how this notion (and the underlying formalisation) enable a more
fine-grained approach to privacy than the binary "yes" or "no".
Dr. ir. Wolter Pieters

University of Twente, Enschede , The Netherlands
"The Dutch e-voting controversy: a Frankenstein perspective"
17. Dezember 2009, 10:40-11:40 Uhr

The Dutch electronic voting controversy revealed several requirements of electronic voting that had not been laid down in the applicable legislation. In this presentation, we identify some of these requirements, including resistance against so-called TEMPEST attacks and verifiability of the results.

We show how these are related to requirements that WERE present in the law. Based on results in philosophy of technology, we argue that the missing requirements can be described as "monsters" within the categorisation of security properties.

We also show how these requirements could have been found by systematic reasoning starting from the existing requirements.
Prof. Simone Fischer-Hübner

Karlstad Universität, Schweden
"Usable Privacy-enhancing Identity Management"
14. Dezember 2009, ab 11:15 Uhr, CASED-Gebäude, 5. Stock, Raum 5.3.01, Mornewegstrasse 32, Darmstadt

In our networked society, users have lost effective control over their personal spheres and privacy is increasingly at risk. Privacy-enhancing identity management systems, such as those developed within the PRIME and PrimeLife EU projects, allow users to act securely in the information society while keeping sovereignty over their personal spheres.

A critical success factor for Privacy-Enhancing Technologies (PETs), and for Privacy-Enhancing Identity Management in particular, will be user-friendly and intelligible user interfaces that are legally compliant and convey trust. Such user interfaces have to meet challenges such as the user-friendly representation of complex PET concepts (such as "pseudonyms", "unlinkabilty" or "anonymous credentials") that are unfamiliar to many users, the provision of security, the enforcement of legal privacy principles, such as informed consent or transparency, as well as the mediation of reliable trust to the end users.

This presentation will first discuss emerging privacy risks and will present basic concepts of the PRIME/PrimeLife architecture.

Finally, it will discuss challenges for usable privacy-enhancing identity management and will provide some HCI guidelines for addressing those challenges.

Simone Fischer-Hübner has been a Full Professor at Karlstad University since June 2000, where is the head of the Privacy & Security (PriSec) research group. She received a Diploma Degree in Computer Science with a minor in Law (1988), and a PhD (1992) and Habilitation (1999) Degrees in Computer Science from Hamburg University.
Her research interests include IT and network security and privacy-enhancing technologies. She was a research assistant and assistant professor at Hamburg University (1988-2000) and a Guest Professor at the Copenhagen Business School (1994-1995) and at Stockholm University/KTH (1998-1999).

She is the vice chair of IFIP WG 11.6 on "Identity Management", a member of the External Advisory Board of the IBM Privacy Institute, board member of the of IEEE-Sweden Section Computer/Software Engineering Chapter, member of the NordSec steering committee, coordinator of the Swedish IT Secure Network for PhD students.

She has been partner in many European research projects, including the ongoing EU Framework Programme 7 projects PrimeLife (Privacy and Identity Management for Life) and Newcom++.
Weitere Informationen
Prof. Dr. Jan Jürjens

TU Dortmund | Fraunhofer ISST
"Modellbasierte Entwicklung sicherheitskritischer Software"
14. Dezember 2009, ab 10:00 Uhr, TU Darmstadt, Piloty Building S2 02 / C120

The development of trustworthy security-critical software is a great challenge. There are still many examples in current industrial practice where security-critical software is developed and deployed that does not meet its security requirements.

To support the development of security-critical systems, we developed the extension UMLsec of the Unified Modeling Language (UML), which supports including security-relevant information into UML design models.

On the basis of this, we develop techniques and tools for the automated analysis of software artefacts for security requirements (such as confidentiality, integrity, authenticity). Artefacts include UMLsec models, annotated program source code, or run-time configuration data (such as user permissions). The verification techniques build on tools such as model checkers and automated theorem provers for first-order logic.

Our research has been validated in industrial application projects with partners such as Microsoft Research (Cambridge), BMW, O2 (Germany), HypoVereinsbank, T-Systems, Münchener Rückversicherung and others.
Weitere Informationen
Prof. Patrick Lam, Ph. D.

Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Ontario
"Implementation and Use of Data Structures in Java Programs"
8. Dezember 2009, Darmstadt
Weitere Informationen
Dr. Torsten Schütze

Robert Bosch GmbH, Corp. Sector Research and Advanced Engineering Software (CR/AEA)
"Some thoughts about numerical stable and efficient computations occurring in Template Attacks and Principal Subspace-based Template Attacks"
2. Dezember 2009, 14:00-15:30 Uhr, CASED-Gebäude, 4. Stock, Raum 4.3.01, Mornewegstrasse 32, Darmstadt

ABSTRACT: Side Channel Attacks are one of the most efficient threats against implementations of cryptographic algorithms on smart cards, security hardware, and embedded systems. Since their introduction at Crypto 1998 they have attracted lots of attention throughout engineers and cryptographers. Template Attacks (TA) were introduced by Chari, Rao, and Rohatgi [CRR02] at CHES 2002 as an optimal side channel attack in an information theoretic sense. Later, at CHES 2006 these attacks were further improved by Archambeau, Peeters, Standaert, and Quisquater [APSQ06] with the so-called Principal Subspace-based Template Attacks (PSTA). In PSTA, the data set -- power traces living in a multidimensional space -- is first transformed by linear transformations, in fact orthogonal transformations, so that the first axis (the principal axis) has the largest variance, the second axis has the second largest variance, etc. In [APSQ06], the authors report on possible practical problems with PSTA and propose a solution (trace principal subspaces) based on the eigendecomposition of the empirical covariance matrix. While performing experiments with Template Attacks and Principal Subspace-based Template Attacks we experienced the same kind of practical problems. In more detail, we experienced non-traceability of repeated experiments, numerical instability and large rounding errors leading to bad recognition rates. In trying to dig into these practical problems, we analyzed some of the numerical operations used in our experiments. This talk is the result of our investigation. From the standpoint of numerical analysis, more specifically from that from numerical linear algebra, we analyze the operations when implementing TA and PSTA. Special emphasis is given on the numerical effort required as well as the numerical stability and rounding error behavior in typical implementations. So we approach the problem of Template Attacks using Principal Components Analysis from the side of numerical linear algebra. Our main tools are orthogonal transformations (Householder transformations), LR- and LL^T-matrix decompositions, eigenvalue and singular value decompositions. In the end, we achieved a better understanding of the mathematical processes, a more stable side channel experiment, and another approach to PSTA using Singular Value Decomposition (SVD) of the trace matrix. In this talk, we look at the successful PSTA attacks by engineers from a mathematical point of view. In doing so, we try to achieve a better ,,Verbindung ingenieurmäßiger Ansätze bei Seitenkanalangriffen mit mathematischen Methoden und Einbettung in eine mathematische Theorie'' [Arbeitsprogramm IT-Sicherheitsforschung des BMBF und BMI, 2009, S. 13]. Weitere Informationen
Technische Universität Darmstadt

"Infoveranstaltung: Neue TU-Master ab Sommersester 2010 "
2. Dezember 2009, 09:50-11:30 Uhr, TU Darmstadt, Piloty-Gebäude S2 02 | Raum C120

Ab Sommersemester 2010 stehen die neuen Masterstudiengänge Autonome Systeme, Distributed Software Systems, Internet- und webbasierte Systeme, IT-Sicherheit, Visual Computing zur Verfügung.

Für Darmstädter Studierende gibt es eine Informationsveranstaltung am Mittwoch, 2. Dezember 2009 von 9:50 - 11:30 Uhr in S2|02/C120. Externe Interessierte kontaktieren den Dekan: weihe(a-t)informatik.tu-darmstadt.de.

Diese Studiengänge können auch als Aufbaustudium etwa nach einem Diplomabschluss belegt werden. Sie sind als Vollzeitstudium angelegt und daher nur berufsbegleitend studierbar für Interessenten, die ihre beruflichen Arbeitszeiten sehr flexibel festlegen können. Weitere Informationen
Andrea Röck, Ph.D.

Helsinki University of Technology, Department of Information and Computer Science
"Cryptanalysis of the ESSENCE hash function"
26. November 2009
Weitere Informationen
Céline Blondeau

INRIA Paris Rocquencourt, Le Chesnay Cedex France
"On the Data Complexity of Statistical Attacks against Block Ciphers"
29. Oktober 2009
Weitere Informationen
Dr. Katerina Mitrokotsa

Delft University of Technology, Delft, The Netherlands
"Intrusion Detection in Ubiquitous Computing Technologies"
16. Oktober 2009
Weitere Informationen
Prof. Dr. Werner Schindler

CASED, Darmstadt | Bundesamt für Sicherheit in der Informationstechnik, Bonn
"Constructive Sidechannel Analysis and Secure Design"
14. Oktober 2009
Weitere Informationen
Julia Lawall

University of Copenhagen
"A Foundation for Flow-Based Program Matching Using Temporal Logic and Model Checking"
17. September 2009
Weitere Informationen
Gilles Muller

INRIA Paris Rocquencourt
"Coccinelle: A Program Matching and Transformation Tool for Systems Code"
17. September 2009
Weitere Informationen
Jens Hermans

Katholieke Universiteit Leuven, Leuven, Belgium
"NTRU on graphics cards"
30. Juli 2009
Weitere Informationen
Prof. Olivier Pereira

Université catholique de Louvain, UCL Crypto Group,Louvain-la-Neuve, Belgien
"Electing a University President using Open-Audit Voting: Analysis of real-world use of Helios"
18. Juni 2009
Weitere Informationen
Prof. Klara Nahrstedt, Ph. D.

University of Illinois at Urbana-Champaign, Champaign and Urbana, Illinois, USA
"Integrity and Privacy Issues in Advanced Wireless Metering Infrastructure"
16. Juni 2009
Weitere Informationen
Vadim Lyubashevsky, Ph. D.

Tel Aviv Universität, Tel Aviv, Israel
"On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem"
10. Juni 2009
Weitere Informationen
Dana Lodrova

Brno University of Technology, Brno, Tschechische Republik
"Semantic Conformance Testing for Finger Minutiae Data"
27. Mai 2009
Weitere Informationen
Prof. Tobias Nipkow

Technische Universität München, München, Deutschland
"Verifying a Hotel Key Card System"
20. Mai 2009
Weitere Informationen
Jonathan Herbach

Adobe Systems - Product Manager (World)
"Enterprise Rights Management Technology"
18. Mai 2009
Dr. Ulrich Flegel

SAP Research Center CEC Karlsruhe
"Compliance - Ein Widerspruch in sich?"
15. Mai 2009
Stefano Tessaro

ETH Zürich, Zürich, Schweiz
"Computational Indistinguishability Amplification?"
23. April 2009
Weitere Informationen
Prof. Dr. Felix Freiling

Universität Mannheim, Deutschland
"IT – Forensik – ein Überblick"
19. Januar 2009
Weitere Informationen

Kontakt

CASED wird gefördert durch

Distinguished Lectures

Vorträge