News
Next Seminar on 11.05.2022
Written on 04.05.2022 21:38 by Stella Wohnig
Dear All,
The next seminar(s) take place on 11.05. at 14:00.
Session A: (RA4,5)
Philipp Dewald - Ole Heydt - Birk Blechschmidt
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session A:
14:00-14:30
Speaker: Philipp Dewald
Type of talk: Bachelor Intro
Advisor: Dr. Katharina Krombholz
Title: End User Privacy Concerns about the Corona-Warn App
Research Area: RA5
Abstract: When the Corona-Warn App was launched on the 16th of June in 2020, the expectations and hopes were quite high. Helge Braun, then Chancellery Minister and Federal Minister for Special Tasks, stated he is "quite convinced that it is the best [corona app]" and then Chancellor Angela Merkel declared it will be "a milestone in the fight against Corona." However, it turned out that was not the case. The lack of broad participation was one of the main reasons for the app's ineffectiveness.
Related work has shown that the most common reason for people not using the app was privacy concerns. In this upcoming Bachelor Thesis, we want to have a look at these and find out what they look like and where they came from.
14:30-15:00
Speaker: Ole Heydt
Type of talk: Bachelor Intro
Advisor: Nils Ole Tippenhauer, Alessandro Erba, John Henry Alvarado
Title: Systematic Evaluation of Stealthy Attacks against Quadcopter Drones
Research Area: RA4
Abstract:
Drones, rovers or more generally Robotic Vehicles (RVs) have long since ceased to be science-fiction. The usability of cyber-physical
systems in customer industry or the military is widely known. Take for example the advances of Amazon with their "Prime Air" project
where the aim is to create a drone delivery system for customers that could potentially massively impact the delivery market as a whole.
With both the commercial but also political impact that RVs can potentially hold, one needs to develop security mechanisms which are
elaborate enough to defend against - on one hand commercial loss (e.g. delivery services), on the other the endangerment of human life (e.g. military drone missions).
The corruption of cyber-physical systems holds much power as past attacks like Stuxnet prove.
The main challenges of cyber-physical-system security originate from the generally complicated nature of such, as e.g. drones or rovers
operate on both cyber (software) and physical (robotics) layers. Previous work shows that there already exist various possible attacks
on RVs like GPS spoofing or acoustic attacks on e.g. gyroscopes that can significantly deviate the vehicles from their programmed paths
or even lead to crashes. Advances in physics as well as software development and maths are required to develop security mechanisms for RVs.
In our work we want to discuss and and evaluate attacks against drones (more specifically quad-copters) that were introduced in recent research efforts.
Additionally we aim to find and create a systematic way of testing and evaluating countermeasures against such attacks.
15:00-15:30
Speaker: Birk Blechschmidt
Type of talk: Master Intro
Advisor: Dr.-Ing. Ben Stock
Title: Extended Hell: A Study on the Current Support of Email Confidentiality and Integrity
Research Area: RA5
Abstract: The core specifications of electronic mail as used today date back as early as the 1970s. At that time, security did not play a major role in the development of communication protocols. These shortcomings still manifest itself today in the prevalence of phishing and the reliance on opportunistic encryption. Besides STARTTLS, various mechanisms such as SPF, DKIM, DMARC, DANE and MTA-STS have been proposed. However, related work has shown that they are not supported by all providers or that misconfiguration is common.
This thesis aims to provide an overview on the current state of email confidentiality and integrity measures and the effectiveness of their deployment. In particular, we are going to investigate the support of security mechanisms by popular email providers, thereby validating and extending previous work. Since MTA-STS has not yet been widely studied, we contribute an overview on the outbound support of MTA-STS. Furthermore, we try to find a lower bound of domains supporting DANE bindings for OpenPGP as well as DNSSEC-associated S/MIME certificates and measure their key strength.