News
Next Seminar on 25.09.2024
Written on 18.09.2024 15:38 by Xinyi Xu
Dear All,
The next seminar(s) will take place on 2024-09-25 at 14:00 (Session A) and 14:00 (Session B).
Session A: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)
Metodi Mitkov, Julian Jacques Maurer, Ady Elouej
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Password: BT!u5=
Session B: (14:00 - 14:30, 15:00 - 15:30)
Dimitri Harkovski, Sophie Wenning
https://cispa-de.zoom-x.de/j/66136901453?pwd=YVBSZU9peUpvUlk4bWp3MDR4cGlUUT09
Meeting-ID: 661 3690 1453
Password: sxHhzA004}
Session A
14:00 - 14:30
Speaker: Metodi Mitkov
Type of Talk: Master Intro
Advisor: Ben Stock
Title: Adapting to 3P Cookie De-Deprecation: A Longitudinal Study on the Developing Tracking Ecosystem
Research Area: RA5: Empirical and Behavioural Security
Abstract: Web sites extensively use cross-site cookies to enable cross-site functionality. Third-party cookies serve legitimate purposes, such as content personalization, fraud prevention, and authentication. However, they have also been extensively used for invasive advertisement and tracking. Browser vendors are taking measures against privacy risks caused by third-party cookies. Safari and Firefox have already implemented tracking protections. Google announced that Chrome would block third-party cookies but later reverted its decision. As a result, much of the responsibility for privacy protection now rests with users. Moreover, stricter privacy measures have pushed advertisers to explore new tracking avenues. We study the deprecation of third-party cookies to understand how tracking develops in response to it. In a longitudinal experiment, we measure the usage of third-party tracking cookies and the rise of alternative tracking methods. We want to understand the impact of browser intervention policies, what tracking patterns are emerging on the Web, and how they impact user privacy.
14:30 - 15:00
Speaker: Julian Jacques Maurer
Type of Talk: Bachelor Intro
Advisor: Robert Künnemann
Title: UC-like Guarantees for the WireGuard Payload Protocol in the Dolev-Yao Model
Research Area: RA2: Reliable Security Guarantees
Abstract: Proofs of universal composability (UC) for cryptographic protocols are hard and rare, but a recently discovered connection to robust hyper-property preserving compilation (RHP) allows mechanising UC proofs. In my thesis, I investigate UC-like properties of WireGuard's payload protocol within the Dolev-Yao model, a symbolic approach abstracting real-world cryptographic limitations into idealized operations. Using DEEPSEC, a tool for deciding equivalence properties in security protocols, I transfer an existing proof of computational RHP to perfect RHP and conclude with an evaluation of the process.
15:00 - 15:30
Speaker: Ady Elouej
Type of Talk: Bachelor Intro
Advisor: Thorsten Holz, Bhupendra Acharya
Title: Exploiting Follower Bases: A Comprehensive Analysis of Follow-Based Attacks and
Research Area: RA5: Empirical and Behavioural Security
Abstract: Malicious Tactics on Social Media Research Area: RA5 Abstract: This research aims to explore how cybercriminals exploit the followers of high-profile accounts on X (formerly Twitter), focusing on follow-based attacks across categories like cryptocurrency, sports, and music. Using a honeypot approach, we developed a ground-truth dataset to capture these malicious tactics. Preliminary findings highlight the extensive use of sophisticated bot networks, especially in the cryptocurrency sector. Our analysis identified over 700 suspicious accounts following our honeypots, with nearly 65\% containing links to external sites, often leading to Telegram or WhatsApp groups or scam pages. The profiles vary in characteristics depending on the target, illustrating the adaptive strategies of these actors. Additionally, we documented how attackers leverage bot networks to enhance the visibility and longevity of scam posts, highlighting the complex and evolving landscape of malicious activities. Future research will expand to additional categories and refine the analysis of attack vectors, deepening our understanding of spam and scam tactics on social media and the evolving methods of malicious actors.
Session B
14:00 - 14:30
Speaker: Dimitri Harkovski
Type of Talk: Bachelor Intro
Advisor: Cas Cremers
Title: AGE - a modern file encryption tool
Research Area: RA2: Reliable Security Guarantees
Abstract: In this bachelor thesis AGE will be analyzed, a modern file encryption tool. How does it work, what are the usecases and most important: is it really secure?
15:00 - 15:30
Speaker: Sophie Wenning
Type of Talk: Master Intro
Advisor: Christoph Lenzen
Title: Boosting performance: Gradient Clock Synchronisation with two-way measured links
Research Area: RA1: Trustworthy Information Processing
Abstract: Large distributed networks require all their computational units to be synchronised in time in order to guarantee smooth pipelining of executions and optimal performance. Large scale systems often use tree-based such as PTP to ensure synchrony. However, their centralised architecture and single point of failure makes them vulnerable to failures induced by faults attacks. To cope with these issues, the gradient synchronisation algorithm, offering an decentralised and self-stabilising framework running on general graphs, was introduced by Lynch and Fan in 2004. With the goal of facilitating implementations in hardware, this thesis aims to further refine the underlying theoretical computational model to account for more of the issues faced in real-world implementations, such as practical execution of measurements.