News
Next On-Site Seminar on 28.05.2025, CISPA D1
Written on 21.05.2025 15:55 by Xinyi Xu
Dear All,
The next seminar(s) will take place on 28.05.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany) - . Presenters and their advisors are encouraged to present in person. We especially encourage other students and teachers to attend and present in person as well.
For presenters,
1. We would book the room half an hour in advance, so you are encouraged to arrive a few minutes early to set up your own poster.
2. For this session, you need to print the poster on your own. The size of the poster should be 116x86cm or 86x116cm.
3. You need to present your poster in a much smaller group, but you are encouraged to roam around and ask questions about other posters.
4. We encourage you to bring your laptop to present your demo; there will be small tables in the room where you can put your laptop.
Presenters: Ali Zindari, Parham Yazdkhasti, Akansh Maurya, Javeria Nadeem, Celine Vincent Santosh -, Simon Einzinger, Lukas Reinert, Lisa Hoffmann, Nicolas Tran, Lara Engelkamp
28.05.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Ali Zindari
Type of Poster: Master Intro
Advisor: Sebastian U. Stich
Title: On the Convergence of Local SGD Under Hessian Similarity and Third-Order Smoothness
Research Area: RA1: Trustworthy Information Processing
Abstract: Local SGD is a widely used method for solving distributed optimization problems, particularly for training models on large datasets across multiple machines. While it performs remarkably well in practice, its theoretical understanding remains limited, often characterized by pessimistic convergence bounds. In this thesis, we aim to bridge the gap between the practical performance and theoretical analysis of Local SGD by introducing a novel similarity assumption that more accurately captures the structure of the problem. Under this assumption, we derive new convergence guarantees that improve upon the current state-of-the-art for strongly convex objectives. Furthermore, we investigate scenarios in which Local SGD outperforms minibatch SGD and demonstrate how additional local updates can be leveraged effectively in highly heterogeneous settings.
28.05.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Parham Yazdkhasti
Type of Poster: Master Intro
Advisor: Sebastian U. Stich
Title: Decoupled SGDA for Games with Intermittent Strategy Communication
Research Area: RA1: Trustworthy Information Processing
Abstract: We aim to reduce communication overhead in multiplayer games, where frequent strategy exchange between players is often impractical. In many real-world scenarios, communication is significantly more expensive than local computation. To address this, we propose Decoupled SGDA, an extension of Stochastic Gradient Descent Ascent (SGDA), in which players perform independent updates using stale strategies of their opponents, with occasional synchronization. We plan to explore the benefits of Decoupled SGDA in weakly coupled games, where player interactions are relatively limited. In such settings, we expect our method to substantially lower communication costs compared to standard SGDA. Our broader goal is to extend this framework to general multiplayer games and to analyze how communication frequency influences convergence. As a first step, we will study quadratic minimax problems to better understand the dynamics of Decoupled SGDA.
28.05.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Akansh Maurya
Type of Poster: Master Intro
Advisor: Sebastian U. Stich, Rotem Mulayoff
Title: Unpaired Multi-Modal Federated Learning (MMFL) for Satellite Images
Research Area: RA1: Trustworthy Information Processing
Abstract: Federated Learning (FL) has emerged as a prominent approach for privacy-preserving machine learning, enabling multiple data centers or clients to collaboratively train models without sharing their raw data. Traditional FL methods typically require homogeneous data modalities across clients (e.g., exclusively images or text). Although recent machine learning research shows that integrating multiple modalities can lead to richer and more robust representations, applying this to the federated setting remains underexplored. In this work, we propose to extend FL to the multi-modal and unpaired data setting, introducing the paradigm of Unpaired Multi-Modal Federated Learning (MMFL). Our key challenge is addressing modality misalignment, wherein data from different modalities lack explicit one-to-one correspondences yet remain semantically related. For instance, thermal and RGB imagery both represent complementary aspects of visual information. Our research will specifically target remote sensing applications, incorporating heterogeneous image modalities such as optical, hyperspectral, and synthetic aperture radar (SAR) data.
28.05.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Javeria Nadeem
Type of Poster: Master Intro
Advisor: Katharina Krombholz, Simon Anell
Title: Navigating Privacy Concerns in Fitness Trackers: Understanding User Awareness and Perceptions of Inferred Data
Research Area: RA5: Empirical and Behavioural Security
Abstract: As fitness trackers become increasingly embedded in everyday life, they collect not only explicit user data but also infer deeper insights—often without the user’s full awareness. This Master's thesis investigates how users perceive and respond to the privacy implications of such inferred data collection. Through a mixed-method study combining semi-structured interviews and a card-sorting task, the research explores when and how privacy concerns arise, what users find acceptable or intrusive, and what factors shape their perceptions. The study involves 12–15 diverse fitness tracker users and emphasizes ethical research practices including informed consent, anonymization, and secure data handling. The findings aim to contribute to a more user-centered understanding of privacy in health and fitness technologies, offering insights for designers, developers, and privacy advocates alike.
28.05.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Celine Vincent Santosh -
Type of Poster: Master Intro
Advisor: Robert Künnemann
Title: Monitoring WASM applications for protocol compliance
Research Area: RA2: Reliable Security Guarantees
Abstract: Nowadays, many privacy-conscious users are hesitant to rely on closed source applications like WhatsApp. They are often worried about their data privacy while using such applications. To ease these fears and build user trust, software vendors could offer methods which will assure safety to the users regarding data handling and privacy. In this work, we address such verification needs by applying SpecMon, a recently proposed runtime monitor, designed to perform protocol verification in an isolated environment. We propose an isolation architecture based on Wasmtime, a WebAssembly runtime, with memory isolation between the application and SpecMon, providing granular control over file and network access, ensuring all of the application’s network and cryptographic calls are routed to SpecMon for verification and only compliant calls are forwarded to the real library.
28.05.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Simon Einzinger
Type of Poster: Bachelor Intro
Advisor: Michael Schwarz
Title: Zero Pages Given: Leveraging Zero-Page Deduplication for Side-Channel Attacks
Research Area: RA3: Threat Detection and Defenses
Abstract: Modern operating systems widely use page deduplication, merging identical memory pages into a shared physical page using Copy-On-Write (COW). Since this deduplication can occur across process and virtual machine (VM) boundaries, these shared pages introduce a shared state that can be probed through memory access timings, which are influenced by caching (e.g., Translation Lookaside Buffer (TLB)). This thesis exploits timing variations when accessing shared zero pages - memory pages filled with zero bytes. By leveraging these variations, we construct an efficient cross-VM covert channel and demonstrate that observing zero-page access patterns allows fingerprinting of applications and websites.
28.05.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Lukas Reinert
Type of Poster: Bachelor Intro
Advisor: Lucjan Hanzlik
Title: SHARP: Enhancing Privacy Pass with Hardware-Based Double-Spending Prevention and Batched Signatures
Research Area: RA0: Algorithmic Foundations and Cryptography
Abstract: Content delivery networks (CDNs) aim to improve website performance and reduce bandwidth. Today, a large part of the Internet content served is delivered through CDNs. Unsurprisingly, CDNs also became global arbiters for which content requests are allowed and which are blocked to help reduce malicious traffic. However, this also affects honest users, especially those who use shared IP addresses, including users of privacy tools such as Tor, VPNs, and I2P. A solution to prevent users from being exposed to a disproportionate amount of internet challenges such as CAPTCHAs is Privacy Pass. It allows users to obtain signed tokens that are redeemed later instead of solving another challenge while preserving full privacy. The goal of this thesis is to enhance Privacy Pass by using batched signatures to optimize server-side computations and reduce bandwidth. Furthermore, I aim to solve the need for a global list to prevent double-spending by using existing secure hardware with simple assumptions. .
28.05.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Lisa Hoffmann
Type of Poster: Master Intro
Advisor: Matthias Fassl, Katharina Krombholz
Title: Re-Replication: No one Can Hack My Mind Investigating the Change over Time on Expert and Non-Expert Security Practices and Advice
Research Area: RA5: Empirical and Behavioural Security
Abstract: In 2015, Ion et al. published the study “{“... No} one can hack my {Mind”}: Comparing expert and {Non-Expert} security practices.”, which investigated the security practices and advice provided by IT security experts, the behaviors adopted by non-experts, and how effective and realistic these practices are perceived to be by both groups. The study highlighted notable differences between expert advice and non-expert behavior, shedding light on the gap between recommended practices and real-world user implementation. In 2019, Busse et al. replicated this study, identifying shifts in the popularity of certain security practices and documenting changes in both expert and non-expert behavior over time. Nearly a decade after the original research, this thesis aims to replicate and extend the study once more to further investigate the changes of security advice and practices over time. The study will examine how security behaviors and advice have changed since the prior studies, how the expert–non-expert gap has developed, and which sources of advice are relied upon by both groups.
28.05.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Nicolas Tran
Type of Poster: Master Intro
Advisor: Robert Künnemann
Title: OpenSSL's libcrypto instrumentation
Research Area: RA2: Reliable Security Guarantees
Abstract: We present a method to dynamically analyze cryptographic function calls by leveraging frida to hook into ossl’s libcrypto library. At the same time, we use strace to capture network-related system calls issued by the process. By intercepting function calls at runtime, we generate a detailed trace of cryptographic operations, including execution flow and key parameters. This raw trace is rewritten into a structured representation compatible with specmon for trace verification. Our approach enables in-depth inspection of cryptographic protocols, supporting security evaluation and behavioral analysis of applications using libcrypto.
28.05.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Lara Engelkamp
Type of Poster: Bachelor Intro
Advisor: Robert Künnemann
Title: Formally Proving UC-Style Composition for the SAPIC+ Calculus
Research Area: RA6: Others
Abstract: Modern cryptographic protocols require scalable verification methods to manage their increasing complexity. One approach is to analyze protocol components in isolation while preserving security guarantees under composition. This thesis develops compositional security analysis for the Stateful Applied Pi-Calculus (SAPIC+) based on principles from Universal Composability (UC). Using Isabelle/HOL, we formalize and prove UC properties and congruences of SAPIC+'s operational semantics under parallel and sequential composition. They are needed for UC-style composition of SAPIC+ modules.