IT-Sicherheits-Konferenzseminar (Bachelor) (ITSecSem)


1 2 3

Dozentinnen/Dozenten
Dr.-Ing. Hans-Georg Eßer, Prof. Dr.-Ing. Felix Freiling

Angaben
Seminar, Schein, ECTS-Studium, ECTS-Credits: 5
für Gasthörer zugelassen, Sprache Deutsch
Zeit und Ort: Einzeltermine am 19.5.2015 16:00 - 18:00, 00.153-113; 21.5.2015 16:00 - 18:00, 00.151-113; 20.7.2015 9:00 - 18:45, 00.151-113; Bemerkung zu Zeit und Ort: regelmäßige Termine nach Absprache; Vorbesprechung zu Semesterbeginn: siehe Webseite
Vorbesprechung: 16.4.2015, 16:00 - 18:00 Uhr, Raum 00.153-113

Studienfächer / Studienrichtungen
WPF INF-BA-SEM 3-4 (ECTS-Credits: 5)
WF MT-BA 5-6 (ECTS-Credits: 5)

ECTS-Informationen:

Credits: 5

Zusätzliche Informationen
Erwartete Teilnehmerzahl: 8, Maximale Teilnehmerzahl: 8
www: http://www1.informatik.uni-erlangen.de/courses/show/2015s/21191506
Für diese Lehrveranstaltung ist eine Anmeldung erforderlich.
Die Anmeldung erfolgt über: StudOn

Verwendung in folgenden UnivIS-Modulen

Startsemester SS 2018:
Biomedizin und Technik (BuT)

NEWS

[14.07.2015] Das Seminar findet am Montag, 20.07., von 09:00 bis 18:45 Uhr im Raum 00.151-113 (Hochhaus, Erdgeschoss) statt.
[07.04.2015] Der Termin für die Vorbesprechung steht fest.
[18.03.2015] Die Anmeldung via StudOn ist seit heute geschlossen (18.03.), weil das Seminar bereits ausgebucht ist und es diverse Einträge in der Warteliste gibt.

Beschreibung: Dieses Seminar trägt den Titel "Konferenzseminar IT-Sicherheit".

Terminübersicht:

Nr. Titel Termin
A Vorbesprechung (Präsenztermin), Raum 00.153-113 16.04., 16:00
B Einreichen der Abstracts 30.04.
C Fixierung der Themen  
D Einreichen Konzept (-> Betreuer/in) 12.05.
E Einreichen Vorabversion (-> Betreuer/in) 08.06.
F Einreichen Beitrag via Konf.-Mgmt.-System 22.06.
G Beginn Peer-Review-Phase 26.06.
H Abgabe Gutachten via Konf.-Mgmt.-System 08.07.
I Annahme-Entscheidung 09.07.
J Abgabe Druckversion via Konf.-Mgmt.-System 15.07.
X Präsenztermin: Wissenschaftliches Arbeiten (Raum 00.153) 19.05., 16:00
Y Präsenztermin: Review-Prozess / LaTeX (Raum 00.151) 21.05., 16:00
Z Präsenztermin: Konferenz (Seminarvorträge, Raum 00.151-113) 20.07., 09:00

Material

Material (WS 2014/15, alt!)

Ablauf

Der Seminarablauf ist in einem PDF-Dokument beschrieben, das semesterübergreifend gültig ist.

Themenvorschläge

1. Employees' Role in the Information Security Performance of Organizations
Betreuer/in: Lena Reinfelder
Welchen Einfluss haben Mitarbeiter auf die Sicherheitsziele von Unternehmen?
Literatur:
[1] Albrechtsen, Eirik. "A qualitative study of users' view on information security." Computers & security 26.4 (2007): 276-289.
[2] Bulgurcu, Burcu; Cavusoglu, Hasan; Benbasat, Izak (2010): Information security policy compliance. An empirical study of rationality-based beliefs and information security awareness? In: Management information systems : mis quarterly 34 (3), S. 523–548.
[3] Son, Jai-Yeol (2011): Out of fear or desire? Toward a better understanding of employees’ motivation to follow IS security policies. In: Information & management 48 (7), S. 296–302.

2. Steganographie: Die Kunst, Daten in Daten zu verstecken
Betreuer/in: Werner Massonne
[1] Zielińska, Elżbieta, Wojciech Mazurczyk, and Krzysztof Szczypiorski. "Trends in steganography." Communications of the ACM 57.3 (2014): 86-95.
[2] Johnson, Neil F., and Sushil Jajodia. "Exploring steganography: Seeing the unseen." Computer 31.2 (1998): 26-34.
[3] Anderson, Ross J., and Fabien AP Petitcolas. "On the limits of steganography." Selected Areas in Communications, IEEE Journal on 16.4 (1998): 474-481.

3. Praktische Probleme aktueller technologischer Entwicklungen für forensische Ermittlungen
Betreuer/in: Andreas Dewald
(Recherchearbeit ohne vorgegebene Literatur)

4. Status quo in der forensischen Analyse von Navigationsgeräten
Betreuer/in: Andreas Dewald
(Recherchearbeit ohne vorgegebene Literatur)

5. Memory Encryption
Betreuer/in: Hans-Georg Eßer
[1] Michael Henson, Stephen Taylor: "Memory Encryption: A Survey of Existing Techniques", ACM Comput. Surv. 46, 4 (March 2014), http://dl.acm.org/citation.cfm?id=2566673
[2] Peter A. H. Peterson: "Cryptkeeper: Improving Security With Encrypted RAM", Technologies for Homeland Security (HST), 2010 IEEE International Conference on. IEEE, 2010. http://www.researchgate.net/profile/Peter_Peterson/publication/224201954_Cryptkeeper_Improving_security_with_encrypted_RAM/file/d912f50cfdf4b2e20b.pdf

6. Swap Forensics
Betreuer/in: Hans-Georg Eßer
[1] Golden G. Richard III, Andrew Case: "In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux", Digital Investigation Vol. 11, Suppl. 2, pp. S3-S12, Aug. 2014, http://www.sciencedirect.com/science/article/pii/S1742287614000541

7. Attacks against Support Vector Machines (NUR Master-Studenten!)
Betreuer/in: Benjamin Stritter
[1] Battista Biggio, Igino Corona, Blaine Nelson, Benjamin I. P. Rubinstein, Davide Maiorca, Giorgio Fumera, Giorgio Giacinto, Fabio Roli: Security Evaluation of Support Vector Machines in Adversarial Environments. CoRR abs/1401.7727 (2014), http://arxiv.org/pdf/1401.7727

8. Fuzzing for Cross Site Scripting Vulnerability Detection
Betreuer/in: Benjamin Stritter
[1] Fabien Duchene, Sanjay Rawat, Jean-Luc Richier, and Roland Groz. 2114. KameleonFuzz: evolutionary fuzzing for black-box XSS detection. In Proceedings of the 4th ACM conference on Data and application security and privacy (CODASPY '14). ACM, New York, NY, USA, 37-48. DOI=10.1145/2557547.2557550. http://doi.acm.org/10.1145/2557547.2557550

9. Kann man mit Tor anonym surfen? Benutzbarkeit und Sicherheit von Tor
Betreuer/in: Zina Benenson
Tor gilt unter technisch versierten Nutzern als _die_ Lösung für  anonymes Websurfen, wobei einige spektakuläre Fälle zeigen, dass die Nutzung von Tor für Laien alles andere als einfach ist und manchmal zu fatalen Fehlern führt [1,2]. Auch wissenschaftliche Untersuchungen haben einige Probleme mit Benutzbarkeit und Verständlichkeit von Tor festgestellt  [3,4]. Trotzdem ist das Interesse an Tor insbesondere nach den NSA-Enthüllungen ständig gewachsen, was man auch in der Presse nachvollziehen kann [5,6]. Diese Seminararbeit soll aufzeigen, welche Probleme bei Nutzung von Tor entstehen und wie sie gelöst werden können.
[1] Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise (Kim Zetter, Wired,  2007), http://archive.wired.com/politics/security/news/2007/09/embassy_hacks?currentPage=all
[2] Harvard Student Receives F For Tor Failure While Sending 'Anonymous' Bomb Threat (Runa A. Sandvik, Forbes, 2013), http://www.forbes.com/sites/runasandvik/2013/12/18/harvard-student-receives-f-for-tor-failure-while-sending-anonymous-bomb-threat/
[3] Spoiled Onions, http://www.cs.kau.se/philwint/spoiled_onions
[4] Greg Norcie, Jim Blythe, Kelly Caine, L Jean Camp, USEC 2014, Why Johnny Can’t Blow the Whistle: Identifying and Reducing Usability Issues in Anonymity Systems
[5] Tor – die Tarnkappe fürs Netz (Patrick Beuth, Zeit Online, 2013), http://www.zeit.de/digital/datenschutz/2013-01/serie-mein-digitaler-schutzschild-tor-browser-bundle
[6] HTG Explains: Is Tor Really Anonymous and Secure? (Chris Hoffman, 2013), http://www.howtogeek.com/142380/htg-explains-is-tor-really-anonymous-and-secure/

10. Where do all the attacks go?
Betreuer/in: Zina Benenson
[1] D. Florêncio and C. Herley. "Where do all the attacks go?." Economics of Information Security and Privacy III. Springer New York, 2013. 13-33.
Dieser Artikel untersucht die Frage: Wenn alles so unsicher ist, die meisten Computer verwundbar sind und die meisten Nutzer keine Ahnung vom sicherheitsbewussten Verhalten haben, warum wird nicht jeder jeden Tag gehackt? Ganz im Gegenteil, Angriffe sind eher selten, und kaum jemand wird ersnsthaft geschädigt.

11. Overview of State-of-the-Art Binary Unpacking Techniques
Betreuer/in: Johannes Götzfried
Description: The packing of binary files is often used to prevent analysts from figuring out the behaviour of a given program. While maleware usually uses poor and easy to reverse packing tools, e.g., the UPX packer, there exist sophisticated commercial packers such as Themida[1], VMProtect[2] or CodeVirtualizer[3] which complicate the analysis of closed-source binaries by utilizing virtual machine based obfuscation. Although the detailed packing techniques of these tools are kept secret, it is claimed by members of the 'reversing scene' that binaries protected with these tools can be automatically unpacked. Within this work, it shall be examined whether these claims are justified and different unpacking approaches for at least one of the three commercial tools shall be presented. A good starting point is the deobfuscation/unpacking section from the 30C3 session on binary analysis [4]. Tools and plugins provided by the tuts4you community [5,6,7] are of special interest. This work is mainly intended as an investigation work but tools may be tested practically as well if desired.
[1] http://www.oreans.com/themida.php
[2] http://vmpsoft.com
[3] http://www.oreans.com/codevirtualizer.php
[4] https://events.ccc.de/congress/2013/wiki/Session:Binary_Analysis
[5] http://www.tuts4you.com
[6] http://tuts4you.com/download.php?list.53
[7] http://tuts4you.com/download.php?view.3059

12. Hardware-based Remote Attestation and Software Protection Mechanisms
Betreuer/in: Johannes Götzfried
Remote attestation and software protection are important concepts if software needs to run within an untrusted environment. With remote attestation it can be ensured to an external third party that software routines have been executed as intended and results have not been tampered with when they, for example, are sent back over an insecure channel. Software protection is needed if additionally the confidentiality of code and data needs to be guaranteed. There are numerous recent solutions [1,2,3,4] which provide at least one of the two concepts for general purpose hardware but also in particular for embedded systems. In this work, existing remote attestation and software protection mechanisms should be summarized and compared regarding their specific advantages and disadvantages.
[1] Baumann, A., Peinado, M., Hunt, G.: Shielding Applications from an Untrusted Cloud with Haven. In: 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14).
[2] Eldefrawy, K., Francillon, A., Perito, D., Tsudik, G.: SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust. In: NDSS 2012, 19th Annual Network and Distributed System Security Symposium
[3] Koeberl, P., Schulz, S., Sadeghi, A.R., Varadharajan, V.: TrustLite: A Security Architecture for Tiny Embedded Devices. In: Proceedings of the Ninth European Conference on Computer Systems.
[4] Noorman, J., Agten, P., Daniels, W., Strackx, R., Herrewege, A.V., Huygens, C., Preneel, B., Verbauwhede, I., Piessens, F.: Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base.

13. Introducing the Security Architecture of Bluetooth Low Energy
Betreuer/in: Philipp Morgner
The Internet of Things (IoT) describes in general a network of physical devices, like sensors, household gadgets or industrial machines, among others. The communication between these devices is often based on low-energy wireless standards like Bluetooth Low Energy (BLE) or IEEE 802.15.4.
In this paper, we focus on the BLE standard. The goal of the paper is to summarize the security specification of the BLE standard, version 4.0. Furthermore, the student investigates security weaknesses of the Bluetooth standard and analyzes their impact on BLE applications.
[1] Bluetooth SIG. “Bluetooth Specification Version 4.0”, 2010
[2] Padgette, John, Karen Scarfone, and Lily Chen. "Guide to Bluetooth Security." NIST Special Publication 800-121, 2012
[3] Ryan, Mike. "Bluetooth: With Low Energy Comes Low Security." WOOT. 2013.

14. Analyzing the Security Evolution of IEEE 802.15.4
Betreuer/in: Philipp Morgner
The Internet of Things (IoT) describes in general a network of physical devices, like sensors, household gadgets or industrial machines, among others. The communication between these devices is often based on low-energy wireless standards like Bluetooth Low Energy (BLE) or IEEE 802.15.4.
The focus of this paper lies on the IEEE 802.15.4 standard. The first version of IEEE 802.15.4 was introduced in 2003, and one year later Wagner et. al. presented major security weaknesses in this standard. The goal of this seminar paper is to compare the security features of IEEE 802.15.4 version 2003 with the latest version of this standard from 2011. Therefore, the student is asked to provide a brief overview of the IEEE 802.15.4 security features, and to describe the security flaws of version 2003. At the end, the student analyzes whether the security weaknesses have been fixed in the latest IEEE 802.15.4 standard or not.
[1] IEEE Computer Society: IEEE 802.15.4-2003 Specification, 2003
[2] IEEE Computer Society: IEEE 802.15.4-2011 Specification, 2011
[3] Sastry, Naveen, and David Wagner. "Security Considerations for IEEE 802.15. 4 Networks." Proceedings of the 3rd ACM workshop on Wireless security. ACM, 2004.

15. Comparison of Security Specifications in ZigBee and WirelessHART
Betreuer/in: Philipp Morgner
The Internet of Things (IoT) describes in general a network of physical devices, like sensors, household gadgets or industrial machines, among others. There exists a big variety of industrial standards that enable the communication between these devices. Examples are the ZigBee standard (mainly for domestic environments) and the WirelessHART standard (used in industrial environments) which both are based on the global IEEE 802.15.4 specifications.
The goal of this paper is to give a brief introduction in the latest ZigBee and WirelessHART specifications, and to provide a detailed overview of differences between the two standards focusing on security aspects.
[1] ZigBee Alliance: ZigBee Specification, 2012
[2] International Electronic Commission: IEC 62591 Ed. 1.0: Industrial communication networks – Wireless communication network and communication profiles – WirelessHART, 2010
[3] Raza, Shahid, et al. "Security Considerations for the WirelessHART Protocol." ETFA 2009. IEEE Conference on Emerging Technologies & Factory Automation, 2009. IEEE, 2009.
[4] Vidgren, Niko, et al. "Security Threats in ZigBee-Enabled Systems: Vulnerability Evaluation, Practical Experiments, Countermeasures, and Lessons Learned." 46th Hawaii International Conference on System Sciences (HICSS). IEEE, 2013.

16. Intel Software Guard Extensions (SGX)
Betreuer/in: Tilo Müller, Sprache: Englisch (bevorzugt) oder Deutsch
Im Jahr 2013 hat Intel den SGX-Befehlssatz für zukünftige x86 CPUs vorgestellt. Durch SGX wird Software in Zukunft besser vor einer Analyse durch höher privilegierte Prozesse (wie dem Betriebssystemkern oder Debuggern) geschützt werden können. SGX dient im Gegensatz zu einer Sandbox nicht dem Schutz der Ausführungsumgebung vor unprivilegierten Prozessen, sondern dem Schutz von Prozessen vor der Ausführungsumgebung. Intel bezeichnet dieses Konzept daher auch als "inverse Sandbox". Im Zuge dieses Seminars soll das Konzept von Intel SGX beschrieben werden, sowie Möglichkeiten und Herausforderungen beim Einsatz des Befehlssatz herausgearbeitet werden. Auch die potentiellen Gefahren von Intel SGX, wie bspw. der Einsatz von DRM-Systemen und SGX-geschützte Malware, sollen erörtert werden.

17. Games for IT-Security Skills Training
Betreuer/in: Norman Hänsch
Es soll ein Überblick über (aktuelle) Publikationen zum Thema IT-Security und Gamification/Serious Games zur Schulung von  IT-Sicherheitsthemen gegeben werden. Ein möglicher Startpunkt für die Recherche:
[1] Adams, Mackenzie, and Maged Makramalla. "Cybersecurity Skills Training: An Attacker-Centric Gamified Approach." Technology Innovation Management Review 5.1 (2015).

18. Security Implications of the new Android Runtime (ART)
Betreuer/in: Mykola Protsenko
The Dalvik Virtual Machine, which was responsible for execution of Android apps up to the Android version 4.4 was completely replaced by the new Android Runtime (ART) [1] environment in version 5.0. The main feature of ART is ahead-of-time compilation approach, meaning that the apps are now compiled to elf executable format (with .oat extension) on their installation. The goal of this work is an in-depth study of ART, especially in context of security and software protection. Some inspiring examples can be found in the revues by Sabanal [2,3]. For instance, the boot.oat file, containing precompiled library classes, is mapped to the fixed address 0x700000. This allows easy circumvention of the ASLR protection mechanism with ROP. Furthermore, manipulation or replacement of boot.oat can be utilized to create user mode rootkits.
[1] "ART and Dalvik" https://source.android.com/devices/tech/dalvik/
[2] "State Of The ART. Exploring The New Android KitKat Runtime". Paul Sabanal. http://bofh.nikhef.nl/events/HitB/hitb-2014-amsterdam/praatjes/D1T2-State-of-the-Art-Exploring-the-New-Android-KitKat-Runtime.pdf
[3] "Hiding Behind ART", Paul Sabanal. https://www.blackhat.com/docs/asia-15/materials/asia-15-Sabanal-Hiding-Behind-ART-wp.pdf

19. Software Watermarking and Tamperproofing with a Presense of Untrusted Compiler
Betreuer/in: Mykola Protsenko
Software watermarking [1] refers to a technique of embedding of a stealth 'property' into the program code, which then can be used to identify the origin of the program and hence track an unlicensed copy. Tamperproofing [1] is another software protection tool which aims to detect changes of the program's code introduced prior or during the execution, which violate developer intentions. The most widely used tamperproofing approaches are based on runtime checksum computation over the code instructions. For the Android platform, the applicability of these protection mechanisms becomes questionable, as Google has replaced the Dalvik VM with the new Android Runtime (ART) [2], which compiles Dalvik Bytecode to the device-specific machine code on the installation of the app. Therefore, the checksums of the resulting machine code are unknown at development/obfuscation time and cannot be used to check program's integrity. Similarly, it is not clear what types of software watermarks could survive compilation by unknown compiler for unknown machine architecture. The aim of this work is to investigate the opportunities for watermarking and tamperproofing in such environment. The broad literature survey should serve a basis for own creative ideas during this project.
[1] Christian Collberg and Jasvir Nagra. 2009. Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection (1st ed.). Addison-Wesley Professional.
[2] "ART and Dalvik" https://source.android.com/devices/tech/dalvik/

20. Vergleich von Lehrveranstaltungen in der digitalen Forensik
Betreuer/in: Christian Moch
Aufgabe: Aufgabe ist es Lehrveranstaltungen in Deutschland und International zum Thema digitale Forensik zu recherchieren. Im Anschluss sollen die Inhalte der einzelnen Veranstaltungen anhand unterschiedlicher Faktoren verglichen werden. Z.B. Umfang, Zielgruppe, Übungsaufgaben, Theorie-/Praxisanteil, Skripte etc. [1] Einführung in die digitale Forensik / Forensische Informatik II / Forensic Hacks (Uni Erlangen)[2] Master Digitale Forensik (HS Albsig)[3] Digitale Forensik (Uni Bochum)
[4] IT Forensik (HS Aachen)
[4] Einführung in die IT-Forensik (HS Augsburg)

21. Überprüfung von Vorhersagen in der digitalen Forensik
Betreuer/in: Christian Moch
Aufgabe: In einigen Artikeln wurde die Zukunft der digitalen Forensik vorhergesagt. Dabei wurden Entwicklungen beschrieben die notwendig für diese Disziplin sind und in naher Zukunft umgesetzt werden sollten. Einige dieser Artikel sind schon einige Jahre alt. Aufgabe dieser Arbeit ist es, Artikel in dieser Art zu recherchieren und zu prüfen ob die Vorhersagen bereits umgesetzt sind.
[1] Digital forensics research: The next 10 years, Simson L. Garfinkel (2010)[2] The future of computer forensics: a needs analysis survey, Marcus K Rogers, Kate Seigfried (2004)[3] The future of forensic computing, Andrew Sheldon (2005)

22. Automatic Event Reconstruction in Digital Forensics
Betreuer/in: Sven Kälber
This seminar work should summarize the state of the art on automatic event reconstruction in digital forensic investigations. Which approaches and ideas exist today? Which challenges still exist, esp. regarding automatization?

 

Achtung: ALT - Die folgenden Themen auf dieser Seite stammen aus dem letzten Semester und werden noch ausgetauscht.

3. State of the Art in XSS filters
Betreuer/in: Ben Stock
In the course of this work, the current implementations of XSS filters on both server and client side is to be discussed. The focus should be on the implementation (e.g. RegExp) and drawbacks of specific current and previous filter approaches and discuss other related work such as the one listed below.
[0] Bates, D; Barth, A; Jackson, C; Regular expressions considered harmful in client-side XSS filters in WWW '10
[1] Pelizzi, R; Sekar, R; Protection, Usability and Improvements in Reflected XSS Filters in AsiaCCS '12
[2] Bisht, P; Venkatakrishnan V.N.; XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks in DIMVA '08
[3] Reis, C; Dunagan, J; Wang, H.; Dubrovsky, O; Esmeir, S; BrowserShield: Vulnerability-driven filtering of dynamic HTML in ACM Transactions on the Web 2007

11. Searchable Encryption
Betreuer/in: Michael Gruhn
Searchable Encryption allows the search, either for keywords or raw
text, in encrypted data. This seminar work should summarize the
current searchable encryptions schemes and their different properties.

12. Electroencephalographical Side-Channels
Betreuer/in: Michael Gruhn
In 2012 Martinovic et. al. [1] introduced their work on side-channels
in Computer Brain Interfaces. This seminar work should summarize the
current state of the art on electroencephalographical side-channel
research.
[1] https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/martinovic

21. Every download a lost sale? Software Piracy in Numbers

Betreuer/in: Philipp Klein
This seminar work should offer an overview of current software piracy rates and their regional distribution. Emphasis: The methodology with which the data was acquired.
[1] http://globalstudy.bsa.org/2011/downloads/study_pdf/2011_BSA_Piracy_Study-Standard.pdf
[2] Bryan W. Husted: "The Impact of National Culture on Software Piracy", Journal of Business Ethics

22. BitTorrent
Betreuer/in: Philipp Klein
This seminar work should focus on some of the following questions: How does BitTorrent work? What are public and private Trackers? How can I pirate software without getting caught? How do I catch the software pirates (preferably without doing illegal stuff myself)? Are there ways to attack a specific torrent?
[1] The BitTorrent protocol specification, http://www.bittorrent.org/beps/bep_0003.html
[2] Dhungel at al.: "Measurement and mitigation of BitTorrent leecher attacks", Computer Communications, Volume 32, Issue 17