News
Next Seminar on 18.12.2024
Written on 11.12.2024 21:50 by Xinyi Xu
Dear All,
The next seminar(s) will take place on 2024-12-18 at 14:00 (Session A) and 14:00 (Session B).
Session A: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)
Amala Augustine, Xicheng Wan, Dylan Gomes Gouveia
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Password: BT!u5=
Session B: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)
Riddhi Suryavanshi, Sagar Kishore, Florian Nawrath
https://cispa-de.zoom-x.de/j/66136901453?pwd=YVBSZU9peUpvUlk4bWp3MDR4cGlUUT09
Meeting-ID: 661 3690 1453
Password: sxHhzA004}
Session A
14:00 - 14:30
Speaker: Amala Augustine
Type of Talk: Master Intro
Advisor: Thorsten Holz and Dr. Bhupendra Acharya
Title: Understanding Pig Butchering Scams Targeting Dating App Users: A Multi-Source Analysis
Research Area: RA3: Threat Detection and Defenses
Abstract: The widespread use of online dating platforms has created new opportunities for Pig Butchering scams, a form of financial fraud that exploits users’ emotional vulnerabilities to lure them into fraudulent investment schemes. These scams often lead to significant financial losses and emotional distress for victims, as scammers build trust before manipulating them into making investments. Despite the growing number of these incidents, there is a lack of in-depth research addressing how Pig Butchering scams are executed on dating apps, their psychological and financial impact, and the effectiveness of current prevention measures. This thesis aims to investigate the mechanics of Pig Butchering scams on dating apps by analyzing publicly available scam reports collected from different social media platforms such as Reddit, Instagram, Twitter, and news articles. By examining the scam techniques, tactics, and emotional manipulation used by scammers and also the victim recovery processes, this study will provide a detailed understanding of how Pig Butchering operates on dating apps. Additionally, user surveys and interviews will be conducted to assess the psychological toll on victims and to propose preventive measures that can reduce these scams in the future. The research seeks to fill the current gap in the literature by offering practical recommendations to protect users from these increasingly prevalent scams.
14:30 - 15:00
Speaker: Xicheng Wan
Type of Talk: Master Intro
Advisor: Julian Loss
Title: On the adaptive security for threshold signature
Research Area: RA0: Algorithmic Foundations and Cryptography
Abstract: Threshold signature schemes are widely used in the scenarios such as distributed key management, secure voting systems, and blockchain systems. They enable a group of participants to collaboratively sign a message, requiring at least a certain number of them to generate a valid signature with the presence of the corrupted parties. Adaptive security, a crucial property of the threshold signatures, ensures that the scheme remains secure under the adversary takes decisions on their targets or strategy based on observed messages during the protocol execution. Our research studies a new prove strategy in proving adaptive security in threshold Schnorr signature scheme. We generalize this approach to group-based threshold signatures and design new efficient threshold signature schemes satisfying adaptive security requirements.
15:00 - 15:30
Speaker: Dylan Gomes Gouveia
Type of Talk: Bachelor Intro
Advisor: Lucjan Hanzlik
Title: Efficient Implementation of RSA-based Non-Interactive Oblivious Transfer
Research Area: RA0: Algorithmic Foundations and Cryptography
Abstract: Oblivious Transfer (OT) is a cryptographic protocol that allows a sender to transfer one of many pieces of information to a receiver, without learning which piece was chosen. It is fundamental to secure multi-party computation and privacy-preserving applications. Non-Interactive Oblivious Transfer (NIOT) builds on this concept by eliminating the need for interaction between sender and receiver, enhancing its applicability in distributed and asynchronous environments. In this talk, I will focus on the implementation and optimization of two RSA-based NIOT schemes, leveraging the Goldwasser-Micali cryptosystem and Shamir’s Secret Sharing. These schemes aim to improve the efficiency and scalability of cryptographic protocols, demonstrating their potential in advancing secure and privacy-preserving communication.
Session B
14:00 - 14:30
Speaker: Riddhi Suryavanshi
Type of Talk: Master Final
Advisor: Nils Ole Tippenhauer
Title: Driving Off the Privacy Hill - Examining Privacy Concerns in Connected Cars
Research Area: RA4: Secure Mobile and Autonomous Systems
Abstract: In today’s automotive landscape, the integration of cloud connectivity into modern vehicles offers a range of benefits. However, because cars produce and send enormous volumes of data, including private user and operational data, this connectivity also raises privacy issues. Despite these concerns, a noticeable gap exists in research regarding the data collection practices and privacy in connected cars. This thesis evaluated the privacy practices in modern connected cars and found that a broader scope of data declared by the privacy policies as compared to public documentation. We also presented 14 potential methods to collect V2C data. Additionally, we devised a framework to select the most appropriate method based on various factors such as invasiveness, cost, data accuracy, challenges, skillset, and end-to-end execution time. Finally, using practical implementation on the Polestar vehicle and app, we found various discrepancies in the manufacturer's claims and real-world data.
14:30 - 15:00
Speaker: Sagar Kishore
Type of Talk: Master Intro
Advisor: Thorsten Holz, Bhupendra Acharya
Title: EduHijack:Analyzing Ransomware Incidents in Academic Institutions
Research Area: RA5: Empirical and Behavioural Security
Abstract: Ransomware attacks have emerged as a significant threat to academic institutions, causing severe disruptions, financial losses, and reputational damage. These institutions, which house vast amounts of sensitive data, are increasingly targeted due to their open, collaborative environments and, often, lim- ited cybersecurity budgets. In this proposal, we outline a comprehensive study to an- alyze the impact of social engineering-based ransomware attacks on academic institutions across the top 10 affected countries: the US, UK, Canada, Netherlands, France, Aus- tralia, India, Pakistan, New Zealand, and China. Our dataset, compiled from a detailed manual and automated investiga- tion, includes over 521 universities and schools across these regions. Tools such as Twilio from SendGrid [19] for sur- vey distribution, Calendly [3] for scheduling interviews, and LimeSurvey [17] for data collection will aid in gathering in- sights from the affected institutions. This ongoing study seeks to analyze the frequency, financial impact, and response strate- gies that institutions use when facing ransomware attacks. The results will provide targeted cybersecurity recommendations designed to strengthen resilience against future ransomware threats in the academic sector. Our study aims to create a foun- dation against the mitigation and proactive detection of future ransomware attacks targeted against academic institutions.
15:00 - 15:30
Speaker: Florian Nawrath
Type of Talk: Master Intro
Advisor: Sven Bugiel, Dr.-Ing. Maximillian Golla
Research Area: RA6: Others
Title: Investigating the Influence of Passkey Enrollment Strategies on Passkey Acceptance
Abstract: Challenging passwords, the predominant authentication system in the web, the FIDO Alliance released passkeys. Passkeys are an authentication method designed to replace traditional passwords with a more secure and user-friendly system. They are based on public-key cryptography and provide a way to log in to websites, apps, and devices without having to remember a password. The credentials created are bound to the user's account and are only stored on the user's device. Passkeys therefore intend to increase security and are not prone to the main drawbacks of the traditional password ecosystem: weak passwords, phishing, and password reuse. Still, the challenges of the new system remain to be seen, as passkeys may not be intuitively understood by laymen. This thesis aims to explore the adoption and acceptance by everyday users and investigates potential challenges and pitfalls.