Bachelor- and Master Seminar

Dear All,

The next seminar takes place on 23.6. at 14:00.

Session A
Gunnar Heide - Jonas Büchner - Philipp Zimmermann

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session A:

14:00-14:30

Speaker: Gunnar Heide
Type of talk: Bachelor Intro
Advisor: Dr. Lucjan Hanzlik, CISPA
Title: Implementing SFIDO - Improving FIDO2 with pairing-based cryptography
    
Abstract:
FIDO - "Fast IDentity Online" is a set of standard specifications published by the FIDO
Alliance for online authentication using hardware tokens. Based on traditional public
key cryptography it allows for passwordless authentication. In doing so it alleviates the
major issues of password database breaches, which are exacerbated by rampant password
reuse. It further curbs many types of phishing.
However, it is limited by its design since new features like anonymous attestation require
support for entirely new cryptographic operations on the hardware token.
SFIDO is a protocol developed by research group of L. Hanzlik at CISPA, that provides
a less complex solution leveraging pairing-based cryptography. With a fixed single cryp-
tographic primitive executed on the hardware token it provides not only authentication
and attestation, but is also extendable to a full anonymous credential system.
In this thesis a proof-of-concept implementation of the SFIDO client will be developed and benchmarked. Ideally, this will result in execution times which are comparable to FIDO2. Therefore, the goal of this thesis is to show that SFIDO represents a new, effective and efficient tool for secure online authentication using hardware tokens.

14:30-15:00

 

Speaker: Jonas Büchner
Type of talk: Bachelor Intro
Advisor: Dr. Michael Schwarz
Title: MONITORing Secrets with Hardware Features
Abstract: There is a plephora of attacks on the microarchitecture of current CPUs. They rely on a side channel for extractring (meta-)information. Prominent examples, like Flush+Reload or Prime+Probe, use the timing differences between cache hits and cache misses, which restricts the scope of those side channels to CPUs, where caches are shared.  
We try to overcome this, by replacing the side channel with the MONITOR/MWAIT instructions, which are contained in the SSE3 extensions of all modern x86 CPUs. This pair of instructions is meant for power managment and thread optimization. Its primary use is to wait for a change on a monitored address range and continue execution, once a write (or other triggering events) occur. While this aims at things like lock acquisation, it seems to be perfectly exploitable as a side channel. Since it does not rely on caches but is meant to wake up on any write to memory, it could potentially even be used as a cross-CPU side-channel. Moreover, it can be used to implement controlled channel attacks, without relying on caches. In current implementations, it is only available in kernel space, which requires a strong attacker. This is no problem in the attack scenario of SGX.  
We evaluate to what extent different attacks on SGX can make use of the MONITOR/MWAIT side channel. If the needed hardware arrives in time, we will also analyze the new UMONITOR/UMWAIT, which allows the monitoring from user space.

15:00-15:30

Speaker: Philipp Zimmermann
Type of Talk: Bachelor Intro
Advisor: Dr. Yang Zhang
Title: Link Stealing Attacks on Inductive Trained Graph Neural Networks
Abstract:
Since nowadays graphs are a common way to store and visualize data, Machine Learning algorithms have been improved to directly operate on them.
In most cases the graph itself can be deemed confidential, since the owner of the data often spends much time and resources collecting and preparing the data.
In our work, we show, that so called inductive trained graph neural networks can reveal sensitive information about their training graph.
We focus on extracting information about the edges of the target graph by observing the predictions of the target model in so called link stealing attacks.
In prior work, He et al. proposed the first link stealing attacks on graph neural networks, focusing on the transductive learning setting.
More precisely, given a black box access to a graph neural network, they were able to predict, whether two nodes of a graph that was used for training the model, are linked or not.
In our work, we now focus on the inductive setting.
Specifically, given a black box access to a graph neural network model that was trained inductively, we aim to predict whether there exists a link between any two nodes of the training graph or not.