News
Next Seminar on 27.04.2022
Written on 20.04.2022 22:17 by Stella Wohnig
Dear All,
The next seminar takes place on 27.04. at 14:30.
Session A: (RA1,5)
Nils Olze - Erfan Balazadeh
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session A:
14:00-14:30
No talk this week.
14:30-15:00
Speaker: Nils Olze
Type of talk: Master Intro
Advisor: Sven Bugiel
Title: Is Your Password On Your Hard Drive? Impact of File System Access on Credential Access
Research Area: 5
Abstract: Passwords are an aging but still the most wide-spread way of user authentication. With the ever growing amount of online services, users are burdened to manage more and more credentials, often leading to insecure password management behavior. Password Reuse puts all accounts of a user at risk, once a single pair credentials is known to an attacker. While Password Managers offer a solution to this problem, they are still lacking adoption by users, especially less tech-savy ones. Simpler methods like Password Notebooks in physical or digital form are adopted instead. Physical notebooks on the one hand, the are often recommended as a valid strategy, but unsecured digital ones put credentials at risk to anyone who has access to the file.
In this work, we consider an attacker with access to the file system of a victim. Our goal is threefold. First, we seek to empirically validate the results of prior work concerning password management of users. Second, we determine whether it is feasible for an attacker to automatically detect credentials saved in unprotected text files in a file system. Lastly, we try to measure the impact of the available data on a tailored password cracking attempt.
15:00-15:30
Speaker: Erfan Balazadeh
Type of talk: Bachelor Intro
Advisor: Dr. Lucjan Hanzlik
Title: Timed-Release Cryptography using Proof-of-Stake Blockchain
Research Area: 1
Abstract: Imagine a scenario where you want to encrypt a message, but you don't want it to be able to be decrypted by the receiving party right away.
The concept of "encrypting a message to the future" is not new and has been around for many years. The proposed solutions so far, like time-lock puzzles or verifiable delay functions for instance,
are not perfect however. They require a lot of computing power and the speed can vary drastically depending on the hardware being used.
This thesis' goal is to implement a new encryption scheme, which is efficiently computable and which gets rid of the previously mentioned solutions' weaknesses, inside of a real world setting.
The idea is to make use of the existing Proof-of-Stake architecture in the Ethereum 2.0 consensus protocol, where so called committees vote on new blocks by using an aggregatable signature scheme named BLS. One of the implementation tasks of the thesis is to see if it is possible to listen to the unaggregated BLS signatures and the signed message, which are necessary for the encryption scheme. Once we have accumulated enough of these unaggregated signatures, we can go on to decrypt the message. Basically, a receiving party can only decrypt the message once certain conditions are met that the encrypter knows will happen in a desired amount of time in the future.