News
Next Seminar on 16.08.2023
Written on 10.08.2023 14:46 by Mang Zhao
Dear All,
The next seminar(s) take place on 16.08.2023 at 14:00 (Session A) and 15:00 (Session B).
Session A: (14:00-15:30)
Dimitri Harkovski, Laura Thineta Mulia, Devi Faustine
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B: (15:00-15:30)
Matthias Michels
https://cispa-de.zoom-x.de/j/64797489563?pwd=MFliNGNpSWRoTEtmNC9HUkNVN2ZNUT09
Session A:
14:00 - 14:30
Speaker: Dimitri Harkovski
Type of talk: Bachelor Intro
Advisor: Prof. Dr. Cas Cremers
Title: AGE - a modern file encryption tool
Research Area: RA2: Reliable Security Guarantees
Abstract: In this bachelor thesis AGE will be analyzed, a modern file encryption tool. How does it work, what are the usecases and most important: is it really secure?
14:30 - 15:00
Speaker: Laura Thineta Mulia
Type of talk: Bachelor Intro
Advisor: Prof. Thorsten Holz, Bhupendra Acharya
Title: Analyzing the Prevalence of Fake Cryptocurrency Wallet Distribution
Research Area: RA5: Empirical and Behavioural Security
Abstract:
Since the release of Bitcoin, the concept of cryptocurrency has been growing rapidly. The rapid growth of cryptocurrency not only created a decentralized trading and investment opportunity for users but also attracted malicious attackers in performing various social engineering tricks. These tricks include but are not limited to scam initial coin offers, fake airdrops, and distribution of fake crypto wallets via apps marketplaces.
One common option where users can download their crypto wallet app is through Google Play Store, a vetted Android marketplace. Secondly, there are also plenty of non-vetted Android marketplaces that are available in the wild where users can download Android apps. These non-vetted app places do not go through a similar rigorous vetting process compared to Android marketplace app publishing. Though Android marketplaces such as Google Play Store are not themselves free from fake app publishing, however comparatively, malicious attackers have been on the rise lately in uploading socially-engineered fake apps in these non-vetted marketplaces.
In this work, we aim to focus on fake crypto wallets that target Android applications. Our goal is to analyze the prevalence of fake crypto wallets in the wild that are found in both vetted and non-vetted Android marketplaces. By identifying such scamming wallets, we plan to provide an end-to-end analysis of how typically a victim falls for an attack which often results in the loss of private key phrases or stealing credentials associated.
15:00 - 15:30
Speaker: Devi Faustine
Type of talk: Bachelor Intro
Advisor: Dr. Lucjan Hanzlik
Title: Efficiency of Post-Quantum Blind Signature using Secure Multi-Party Computation
Research Area: RA1
Abstract: Quantum resistant blind signatures nowadays have a relatively large size for their signatures due to security reasons and to keep the user input private from the signer. The idea of this thesis is to use Secure Multi-Party Computation (MPC) as means of computing a digital signature. Since MPC also keeps privacy of the parties' input, meaning this also fulfills the purpose of blind signatures. The digital signature used in this scheme would be SPHINCS+, which is a quantum-resistant, stateless hash-based signature scheme, specifically aimed at reducing signature size.
The goal is to evaluate the efficiency of this scheme in practice and optimize its efficiency.
Session B:
15:00 - 15:30
Speaker: Matthias Michels
Type of talk: Master Intro
Advisor: Christine Utz, Ben Stock
Title: Privacy, Anyone? An Investigation into the Adoption of Privacy-Friendly Services and Configurations
Research Area: RA5: Empirical and Behavioural Security
Abstract:
Many website integrate embed third-party services for e.g., getting insights into their audience or for embedding additional content.
Because these services can and often even must process personal data of the websites visitors, website owners have to be careful when they decide to embed such a service.
But website owners can also influence the amount of processed personal identifiable information in two ways.
The first possibility is the selection of the third-party service and the second its configuration.
The decision of which third-party service to use and how it should be configured must also be considered in the context of data protection laws.
The GDPR as an example, requires website operators to limit the data collection to the least amount possible.
In order to account for this, courts already have placed boundaries for configurations which must or must not be made.
Such court decisions have already lead to waves of cease and desist letters in Germany and Austria.
In this thesis, we will crawl one million websites from the CrUX list and classify their use of third party services.
On websites where we identified the use of a privacy-friendly configuration, we will use the Internet Archive to find more information about the temporal context of the adoption of the privacy-friendly configuration.
With this information, we hope to identify additional internal and external factors which play a role in the adoption of privacy-friendly configurations of embedded third-party services.