News
Next Seminar on 20.12.2023
Written on 15.12.2023 12:39 by Mang Zhao
Dear All,
The next seminar(s) take place on 20.12.2023 at 14:00 (Session A) and 14:00 (Session B).
Session A: (14:00-15:30)
Yousuf Tanvir Kazi, Justus Sparenberg, Tim Nagel
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B: (14:00-15:30)
Oliver Schedler, Niklas Lohmann, Louise Malvin Tanaka
https://cispa-de.zoom-x.de/j/67589187585?pwd=R0NTMWx5M1lNa0JWdk1GY3BWR21wUT09
Session A:
14:00 - 14:30
Speaker: Yousuf Tanvir Kazi
Type of Talk: Master Intro
Advisor: Dr. Cristian-Alexandru Staicu
Title: Plug-and-Play in the Web: An Examination of Web Components' Usage and Security Implications
Research Area: RA5: Empirical and Behavioural Security
Abstract:
Web components, in most basic form, can be defined as a pre-built set of reusable custom elements primarily built with HTML and JavaScript. Each framework has its own definition for the word Web Component. We define it as a plug- and-play snippet of code that can primarily be acquired from a package manager such as Node Package Manager (NPM).
The surge in popularity of web components, driven by frameworks, raises security concerns. In our study, we aim to explore the realm of web components, investigating their popularity, dissemination, utilization, and security challenges in the modern web.
Additionally, we will explore Server-Side Rendering (SSR) in relation to these web components. The primary motivation for this exploration is that if the web components are vulnerable or malicious, they could cause more damage to the application and compromise data privacy during Server-Side Rendering. This is because, on the server, access rights are typically elevated, access to data is usually easier, and so forth.
14:30 - 15:00
Speaker: Justus Sparenberg
Type of talk: Bachelor Intro
Advisor: Sven Bugiel
Title: Detecting, Categorizing & Evaluating App Permission Rationales
Research Area: RA5: Empirical and Behavioural Security
Abstract: Mobile applications have been an integral part in the everyday lives of people for a while now. To function properly, these apps need access to private data.
Users are understandably reluctant to give apps permission to use this data. For example, users should be hesitant to tell an unknown entity where they currently are. But for apps that are used for navigation this information is necessary to function. To increase the chance, that users give permission to use this data, developers can provide rationales to give users insight on what the data is used for.
This work aims to use NLP to provide a system to detect rationales from the strings of apps, classify them according to the type of permission requested and evaluate the sentiment of these rationales.
15:00 - 15:30
Speaker: Tim Nagel
Type of talk: Bachelor Intro
Advisor: Dr. Mridula Singh
Title: Quantifying Location Leakage from a Mobile Device
Research Area: RA4
Abstract:
Mobile devices have become an integral part of our daily lives, offering connectivity and convenience. However, this permanent connectivity often comes at the cost of privacy, particularly concerning continuous tracking of users through location leakage. Thus, to prevent tracking of devices, researchers have proposed the use of temporary randomized identifiers. Earlier works exist on analyzing the randomness and implementation of these temporarily randomized identifiers concerning protocols such as WiFi, Bluetooth and LTE.
Our research delves into a more profound vulnerability: even with securely randomized and timely updated identifiers, the asynchronous updates across different protocols enable prolonged tracking through cross-linking of these identifiers. Therefore, if we can establish correlation between the protocols based on the features of the transmitted messages, cross-linking will be possible.
In this work, we will address two important research questions to assess the privacy leakage of devices: Can we establish correlation between different protocols from the messages transmitted by a single device, and is it possible to establish a cross-linking between the protocols? We plan to evaluate the privacy assessment of the devices in a real setting which will enable us to measure the privacy of different types of devices.
Session B:
14:00 - 14:30
Speaker: Oliver Schedler
Advisor: Carolyn Guthoff, Matthias Fassl
Title: Evaluating Design Methods for Age-Appropriate CSE Protection
Research Area: RA 5 Empirical and Behavioural Security
Abstract: Messenger Apps can pose a risk to young adults' well-being by letting them see inappropriate content or confronting them with unwanted behavior from other users, ranging from sexual content over cyberbullying to cyber grooming. The goal of my study is twofold. One aim is to find feasible implementations for content warnings on WhatsApp. However, this is embedded into the broader proposition of finding viable approaches to involve youth in the (co-)design process in general. I choose a participatory design approach using interviews and focus groups to improve our knowledge of user needs, achieve high user value, and for immediate validation of ideas.
14:30 - 15:00
Speaker: Niklas Lohmann
Type of talk: Bachelor Intro
Advisor: Dr. Mridula Singh
Title: Time Advancement Attacks on OFDM Signals using Machine Learning
Research area: RA4: Secure Mobile and Autonomous Systems
Abstract:
Orthogonal Frequency-Division Multiplexing (OFDM) forms the backbone of modern wireless communication, underscoring the necessity of robust security measures. This study delves into the potential of Machine Learning algorithms to not only understand but also replicate the precision of Time Advancement Attacks on OFDM signals. Focusing specifically on the Early Detect; Late Commit (EDLC) attack, we assess whether ML can offer a comparable approach to existing methodologies.
15:00 - 15:30
Speaker: Louise Malvin Tanaka
Type of Talk: Bachelor Final
Advisor: Dr. Lucjan Hanzlik
Title: Virtual ICAO ePassport and Application to Attribute-based Online Authentication
Research Area: RA1: Trustworthy Information Processing
Abstract:
Personal identification is a critical aspect of internet security in today's digital era. Ensuring that users comply with specific rules while preserving anonymity poses significant challenges. Identity verification is often necessary to access sensitive online services, but mishandling this process can pose significant vulnerabilities and privacy concerns. Users may also have to reveal unnecessary personal information to the relying parties in the process, putting their privacy at risk. In this thesis, we propose a novel identity verification method that prioritizes user privacy while ensuring secure authentication.