News
Next Seminar on 29.01.2025
Written on 22.01.2025 10:59 by Xinyi Xu
Dear All,
The next seminar(s) will take place on 2025-01-29 at 14:00 (Session A) and 14:00 (Session B).
Session A: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)
Jonas Schmitt, Thomas Helbrecht, Rizgar Ahmed
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Password: BT!u5=
Session B: (14:00 - 14:30)
Dimitri Harkovski
https://cispa-de.zoom-x.de/j/66136901453?pwd=YVBSZU9peUpvUlk4bWp3MDR4cGlUUT09
Meeting-ID: 661 3690 1453
Password: sxHhzA004}
Session A
14:00 - 14:30
Speaker: Jonas Schmitt
Type of Talk: Bachelor Intro
Advisor: Ben Stock
Title: SSH authentication with Webauthn
Research Area: RA5: Empirical and Behavioural Security
Abstract: In this work, we propose a new method for authenticating Secure Shell Protocol (SSH) sessions that utilizes hardware-backed credential stores built into all modern operating systems. By utilizing a custom pluggable authentication module we develop for Linux, we are able to make use of the new Web Authentication standard in this novel setting. This thesis discusses the usability of the new scheme in comparison to conventional public key authentication by conducting and evaluating a user study.
14:30 - 15:00
Speaker: Thomas Helbrecht
Type of Talk: Master Final
Advisor: Ben Stock, Jannis Rautenstrauch
Title: Warning: Overload. Comparing console messages across browsers
Research Area: RA5: Empirical and Behavioural Security
Abstract: Most modern web browsers package the browser console in their suite of developer tools. This console lets web developers debug their client-side website code, using the Console API in JavaScript to create console messages dynamically. Likewise, browser developers use this component to output messages about problems on opened websites from within their underlying implementation. This proximity to browser-specific implementations of potentially non-standardized browser features raises questions about differences concerning their respective output behavior. Irrespective of the originator, the emitted messages are then rendered in the Console tab, accessible to browser users from each browser's developer tools. Despite its high usefulness, prior work insufficiently covered this mechanism, often considering it only as a subordinate part of a specific domain, for instance, when implementing specific browser APIs such as Content-Security-Policy (and understanding its violation messages) or for informing about the usage of deprecated JavaScript code. Apart from the console output, we consider data from the Issues tab of Chromium, a comparatively novel developer tool serving a similar purpose to the console: displaying issues browsers detect on visited websites. In our thesis, we investigated and compared the console output obtained by crawling public websites from the perspective of Chromium, Firefox, and WebKit. To the best of our knowledge, we performed the first large-scale study capturing console messages on popular domains using our crawling infrastructure. By leveraging each browser’s public source code repository, we manually annotated our collected data with the responsible code and clustered the messages by the involved browser features. Apart from detecting inequalities in the amount of console output, we point out differences in the location of issue information depending on the browser.
15:00 - 15:30
Speaker: Rizgar Ahmed
Type of Talk: Bachelor Final
Advisor: Robert Künnemann, Kevin Morio
Title: Automatic Extraction Of Protocol Message Formats
Research Area: RA6: Others
Abstract: The secure implementation of cryptographic protocols ensures confidentiality and integrity in today’s interconnected world. Despite advances in verification tools like Tamarin, a gap persists between verified protocol designs and real-world implementations. A major challenge is that transmitted message formats are often obfuscated or undefined, complicating verification. This thesis presents a framework that bridges this gap by automatically identifying message formats using BinaryInferno, a reverse engineering tool. By introducing two new detectors and integrating with the SpecMon runtime monitoring tool, our approach leverages protocol specifications to validate and extract message formats.
Session B
14:00 - 14:30
Speaker: Dimitri Harkovski
Type of Talk: Bachelor Final
Advisor: Cas Cremers
Title: AGE - a modern file encryption tool
Research Area: RA2: Reliable Security Guarantees
Abstract: In this bachelor thesis AGE will be analyzed, a modern file encryption tool. How does it work, what are the usecases and most important: is it really secure?