News

Session 3 - Link

Written on 15.09.23 by Lucjan Hanzlik

https://cispa-de.zoom-x.de/j/65087275646?pwd=Ry9MYnF0Z1lBSUpBL0dCTjVIcURYdz09

Topic Assignment

Written on 11.05.23 (last change on 13.09.23) by Lucjan Hanzlik

Dear All,

You can find the topic assignment in the material section on the CMS website. 
Thanks to your diverse preferences, the assignment should be preferable to most of you.

For those that want to attend the seminar with the topic assigned, I would like to ask 
you to register in the LSF… Read more

Dear All,

You can find the topic assignment in the material section on the CMS website. 
Thanks to your diverse preferences, the assignment should be preferable to most of you.

For those that want to attend the seminar with the topic assigned, I would like to ask 
you to register in the LSF system. The seminar should already be available there.

Best,

Lucjan Hanzlik

Topic preference

Written on 30.04.23 by Lucjan Hanzlik

Dear All,

As mentioned during the kick-off meeting, I added some materials to each topic, but I encourage you to look also
for other sources and not only rely on those.

 

Regarding the topic preferences, I would like you to send me an email with your preference list in the following… Read more

Dear All,

As mentioned during the kick-off meeting, I added some materials to each topic, but I encourage you to look also
for other sources and not only rely on those.

 

Regarding the topic preferences, I would like you to send me an email with your preference list in the following form:

12, 4, 5, 6, 2, 3, 9, 10, 11, 7, 8, 1

This list assigns each topic a value from 1 to 12, where 12 is the points you should give to the topic you like the most.
For this example, the first topic (about passwords) would be the most preferred by this example student, while the last topic
on privacy pass would be the least interesting to the student (hence only 1 point). 

Lucjan Hanzlik

Cryptographic Authentication

 

Authentication systems are crucial components in almost all areas of the digital world. They provide means for secure access control, privacy protection, and building trust between remote devices. We use those systems daily to log in to access emails, banking, and social media accounts, and even to access our smartphones and computers. We can authenticate ourselves remotely using modern electronic identification documents (eID), allowing us to use eGovernment services. We are often unaware that those systems are executed in the background between machines.

In this seminar, we will look at the cryptography behind authentication systems. Topics covered will include basic challenge-response authentication protocols, deniable authentication based on Diffie-Hellman key exchange, and authentication of eIDs and ePassports. We will also discuss privacy-preserving authentication mechanisms like group/ring signatures, anonymous credentials, and Privacy Pass.

 

Logistics
- 3 days block course with 4 hour-long meetings, time and date (13.09, 14.09, 15.09 at 10:00)

 

Venue
- Zoom

 

Topics

  1. Password-based authentication (techniques, best practices, advantages, disadvantages, attacks - real-world examples) Materials [1, 2, 3]
  2. Authentication via challenge-response (protocol design, at are signature schemes, examples, certificates) Materials [1, 2, 3]
  3. WebAuthn & Fast IDentity Online FIDO (protocol design, (non)-resident keys, key-wrapping, attacks) Materials [1, 2, 3]
  4. Authenticate Key Exchange AKE protocols (what are AKE protocols, example schemes, deniable authentication) Materials [1, 2, 3]
  5. Password Authenticated Key Exchange PAKE protocol (what are PAKE protocols, example schemes, asymmetric PAKE) Materials [1, 2, 3]
  6. TLS Authentication (what is TLS handshake, how does it work, what crypto is used) Materials [1, 2, 3]
  7. Anonymous authentications (what is it, examples, pros and cons) Materials [1, 2, 3]
  8. Remote attestation in TPM (why is it useful, what can we authenticate, privacy CA, direct anonymous attestation DAA) Materials [1, 2, 3]
  9. Group signatures and ring signatures (how to build, what are they useful for, different versions, cryptocurrencies) Materials [1, 2, 3]
  10. Cryptography in ICAO-based ePassports (basic access control, Copacobana attack, PACE, CA, TA) Materials [1, 2, 3]
  11. Cryptography in German eID (online authentication using eID, restricted identification, pseudonymous signatures) Materials [1, 2, 3]
  12. Privacy Pass and Private Access Tokens PAT (what are they used for, how do they work, PAT in Apple devices) Materials [1, 2, 3]

 

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.