News
Next Seminar on 24.05.2023
Written on 22.05.2023 11:34 by Niklas Medinger
Dear All,
The next seminar(s) take place on 24.05.2023 at 14:00 (Session A) and 14:00 (Session B).
Session A: (14:00-14:30)
Chandrika Mohan
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B: (14:00-14:30)
Tim Schneider
https://cispa-de.zoom.us/j/69371224982?pwd=amFFbmVBcVhDeGg5Q2VacXh0M3pKQT09
Session A:
14:00 - 14:30
Speaker: Chandrika Mohan
Type of talk: Master Intro
Advisor: Dr. Katharina Krombholz
Title: Contextual Analysis of Risk-based Re-authentication factors
Research Area: RA5: Empirical and Behavioural Security
Abstract:
Risk-based Authentication (RBA) is a process where each authentication request
is analysed to determine the risk associated with it. According to the risk score
computed, the user is either permitted to log in or is asked for further
re-authenticate. This process is now predominantly used by major online services
in varied sectors. The model used to calculate the risk score and the strategy to
select the re-authentication factors is currently kept confidential and varies from
one context of the website to another. There are no guidelines to determine how
the re-authentication factors should vary across different contexts.
We investigate how different re-authentication factors affect the usability of
online platforms where Risk-based authentication is used to determine the risk
level associated with the login attempt. Furthermore, we dwell on the security
and usability perceptions of users associated with using different
re-authentication factors. Analysis of website users' behaviour is also not yet been
studied. We believe it is necessary to assess users' perceptions of usability,
security, and effectiveness while using different RBA re-authentication factors so
web developers can make informed decisions while implementing RBA solutions
for their web platforms.
Session B:
14:00 - 14:30
Speaker: Tim Schneider
Type of talk: Bachelor Intro
Advisor: Dr. Michael Schwarz
Title: RISC(Y) Operations. Finding hidden instructions in RISC-V Chips
Research Area: RA3
Abstract:
The RISC-V instruction set architecture (ISA) has gained popularity in recent years due to its open-source nature and flexibility.
However, it has come to light that some well-established ISAs may contain hidden instructions that are not documented in the official ISA specification, which could potentially introduce security vulnerabilities or other unintended consequences.
It is therefore essential to identify and analyze these instructions to ensure the security and reliability of processors.
This thesis aims to build a tool that automates the process of finding hidden instructions in RISC-V processors and tests it on different chips.
By uncovering hidden instructions, this thesis seeks to contribute to the security and reliability of RISC-V processors while providing a better understanding of their behavior.