News
Next Seminar on 26.02.2025
Written on 19.02.2025 19:41 by Xinyi Xu
Dear All,
The next seminar(s) will take place on 2025-02-26 at 14:00 (Session A) and 14:00 (Session B).
Session A: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)
Manar Nassef, Felix Fierlings, Kiran Graefenstedt
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Password: BT!u5=
Session B: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)
Dylan Gomes Gouveia, Julian Rederlechner, Roman Wetenkamp
https://cispa-de.zoom-x.de/j/66136901453?pwd=YVBSZU9peUpvUlk4bWp3MDR4cGlUUT09
Meeting-ID: 661 3690 1453
Password: sxHhzA004}
Session A
14:00 - 14:30
Speaker: Manar Nassef
Type of Talk: Master Intro
Advisor: Katharina Krombholz, Maximillian Golla
Title: The Power of Magic Links
Research Area: RA5: Empirical and Behavioural Security
Abstract: It has become increasingly clear that passwords are not the only viable method of authentication, making the limitations of passwords more apparent. Passwords are often weak and reused providing an entry point for cybercriminals. That is why passwordless authentication has gained a following over the years as a more usable and secure method of authentication. One such method, magic links, allows users to log in via a link sent to their email, eliminating the need for a password. This thesis aims to design and evaluate the usability and security of a magic link authentication system, focusing on potential attacks such as token reuse and email-based attacks. Additionally, assessing the system’s usability through testing and comparing it with traditional login methods. The study aims to contribute insights into the feasibility of employing and integrating magic links as the primary method of authentication in real-world applications.
14:30 - 15:00
Speaker: Felix Fierlings
Type of Talk: Bachelor Final
Advisor: Valentin Dallmeier
Title: Using end-to-end tests to generate network-based load tests
Research Area: RA6: Others
Abstract: Load testing is an important aspect of ensuring functionality for web servers. Usually, there is a trade-off between generating sufficient random load on the network layer and running realistic but resource heavy end-to-end tests in parallel. In this thesis we explore whether it is feasible to generate a realistic enough flow of requests from predefined Playwright end-to-end tests. This way they can be executed as a network-based test without having to use browser instances that are required for running end-to-end tests. To achieve this, we look at different strategies on how this request generation might look like, as well as analyze and compare their results. We also look at the potential impact when executing those request flows as a load test against a self-hosted server.
15:00 - 15:30
Speaker: Kiran Graefenstedt
Type of Talk: Bachelor Intro
Advisor: Dañiel Gerhardt
Title: An Overview Of Discord Server Security Against Scam Spam
Research Area: RA5: Empirical and Behavioural Security
Abstract: Millions of people use the chat and hangout platform Discord every day. Unfortunately, with any large userbase come people who wish to exploit said userbase. Scam and Spam messages, often automated, make up a large part of the problems that server owners have to face. Based on Discord's latest Transparency Report, between January and June of 2024, over 35 million accounts were disabled for spam or spam-related offenses alone. While automated solutions for dealing with spam do exist, they're not all integrated into Discord, aren't fail-safe and aren't required. My thesis aims to shed light on how widespread and effective automated solutions are, and whether the size or type of a server has any influence on how well protected the users on that server are from spam.
Session B
14:00 - 14:30
Speaker: Dylan Gomes Gouveia
Type of Talk: Bachelor Final
Advisor: Lucjan Hanzlik
Title: Efficient Implementation of RSA-based Non-Interactive Oblivious Transfer
Research Area: RA0: Algorithmic Foundations and Cryptography
Abstract: Oblivious Transfer (OT) is a cryptographic protocol that allows a sender to transfer one of many pieces of information to a receiver, without learning which piece was chosen. It is fundamental to secure multi-party computation and privacy-preserving applications. Non-Interactive Oblivious Transfer (NIOT) builds on this concept by eliminating the need for interaction between sender and receiver, enhancing its applicability in distributed and asynchronous environments. In this talk, I will focus on the implementation and optimization of two RSA-based NIOT schemes, leveraging the Goldwasser-Micali cryptosystem and Shamir’s Secret Sharing. These schemes aim to improve the efficiency and scalability of cryptographic protocols, demonstrating their potential in advancing secure and privacy-preserving communication.
14:30 - 15:00
Speaker: Julian Rederlechner
Type of Talk: Bachelor Final
Advisor: Ali Abbasi
Title: Spot the Diff-erence: Investigation of bsdiff
Research Area: RA3: Threat Detection and Defenses
Abstract: In an age where efficient software updates are crucial, especially for IoT devices, smartphones with limited connectivity and even vehicles, small and reliable over-the-air (OTA) updates have become an important topic. In this talk, we will focus on the aspect of "minimizing data transmission". We will present bsdiff, an efficient binary diffing algorithm originally developed to create compact software patches. Its early version, bsdiff4, set a standard for generating minimal patches that optimize update distribution. Its successor, bsdiff6, promises smaller patch sizes, but is still largely unexplored and unpublished. Our research aims to explore the structure and benefits of bsdiff6, and ultimately provide a modern Rust implementation. This project will not only shed light on the capabilities of bsdiff6, but also provide a baseline implementation and comprehensive documentation that will contribute to OTA solutions for networked devices in various industries.
15:00 - 15:30
Speaker: Roman Wetenkamp
Type of Talk: Master Intro
Advisor: Robert Künnemann
Title: Formal Verification of the RaSTA Protocol
Research Area: RA2: Reliable Security Guarantees
Abstract: RaSTA is a standardized communication protocol in the railway domain, backed by a majority of the European Railway Operators. It is situated between the application and transport layers of the TCP/IP model and aims for an authenticated and timely transmission of safety-critical messages. Several works indicate troubling attack vectors, mainly due to the choice of MD4-MAC as the integrity and authentication mechanism. There is no formal analysis on this protocol's security as of yet, so even if MD4 was replaced, the security and safety implications are unclear. We model RaSTA in Tamarin, one of the most popular protocol verifiers and verify authenticity guarantees as well as various guarantees for the timely arrival of messages relevant to safety.