News
Slides + Deadlines + LSF + HotCRPWritten on 21.11.23 by Maximilian Golla Thank you all for participating and contributing today! 😇 The slides of today's lecture are uploaded to the Materials page. LSF: Thank you all for participating and contributing today! 😇 The slides of today's lecture are uploaded to the Materials page. LSF: Review: - I will contact you after the deadline about your assigned review (this is also done on HotCRP) Talk: - I will contact you in January so you can vote on your preferred date for your talk (3x talk slots on January 30 and 3x talk slots on February 6). |
About:
The seminar will give students a deep understanding of typical passwordless user authentication schemes enabling them to reason about their usability, deployability, and security properties.
Topics:
| # | Name | Keywords |
|---|---|---|
| 0 | Passwords | Memorability, Management, Coping Strategies, Threats (Phishing, Reuse), Reinforcement (Password Manager, 2FA, RBA, Alerting) |
| 1 | Legacy Systems | Magic Links, Apps, QR Codes, Single Sign-On Systems |
| 2 | FIDO & Security Keys | Blinking Button, Handling, Uncertain Benefits, Time Required, Fear of Losing, Recovery |
| 3 | FIDO & Adoption | Willingness, Concerns, Misconceptions, UX and Deployment Obstacles |
| 4 | FIDO & Phones | caBLE, QR Codes, Availability, Recovery, Setup Difficulties, Account Delegation |
| 5 | FIDO & Passkeys | Multi-Device Credentials, Cross-Device Authentication, Discoverable Credentials/Conditional UI, E2EE, Persistent Linking |
| 6 | FIDO & Attacks | Malware, Browser Extension, Attestation, Real-time Phishing, Downgrade Attacks, Social Engineering, MFA Fatigue |
| 7 | FIDO & eIDs | FIDELIO, elektronischer Personalausweis (nPA), AusweisApp2, FeIDo, FIDO-AC |
📖 Some recommended related literature can be found on the Materials page.
Seminar Paper:
Task:
Based on the provided and additional literature, the student is expected to provide an overview of the topic in regards to its potential security and usability benefits and problems. The seminar paper should explain how the topic effectively integrates usability or human factors with security or privacy, and clearly indicate the innovative aspects or lessons learned and cite relevant related work.
Formatting:
Papers must use the formatting template and be submitted as a PDF via the web submission system. Submissions must be 5 pages (excluding bibliography, and appendices, double column, ~4000 words). All submissions must clearly relate to the human aspects of security or privacy. Your paper should be inclusive and respectful. A variety of guidance exists on this topic.
Ethics:
Papers with human subjects studies, are expected to discuss ethical considerations. Risks and benefits of the presented research should be weighed.
Review:
Students are expected to read and review (~500 words) one seminar paper. The reviewing details are provided during the in-person meeting. I like to emphasize the importance of kind and constructive reviews.
Here are 3 easy steps to improve your review:
- Start with thanking the authors and mentioning something positive. "Thank you for your work on improving ... . I appreciate the effort to ..."
- Be kind and constructive and describe a path forward. "I suggest clarifying the high-level idea of the approach by adding a paragraph at the beginning of Section 3."
- Do not refer to the authors directly in your review, but direct comments toward the seminar paper. We are reviewing the paper and not the authors. "The paper must be more consistent with its wording."
Reviewers are responsible for all text they submit as part of their review. As such, you should ensure your reviews are accurate and constructive. All seminar papers are considered confidential and should not be publicly discussed or shared.
Talk (Co-Presented):
Presenters:
As a hands-on experience, students are asked to demonstrate their authentication scheme and co-present their topic in front of the class (about 15 minutes incl. demo). The idea of this presentation is to provide an overview of the topic and reason about potential usability issues and benefits of the presented authentication scheme.
Here are two easy steps to improve your talk:
- Outline your talk without using PowerPoint. What is a good motivation? What is the most important result you like to share? What is the main takeaway at the end?
- Practice, practice, practice. Please rehearse your talk multiple times. There is nothing more distressing than a presenter who is surprised by their own slides.
Audience:
Members of the audience are expected to actively contribute to a discussion by asking questions and engaging with the topic.
Talk Schedule:
| # | Date | Talk Topic | Student(s) |
|---|---|---|---|
| 1 | 30.01.2024 | Legacy Systems | Ince & Kopański |
| 2 | 30.01.2024 | FIDO & Security Keys | Berrens & Wasim |
| 3 | 06.02.2024 | FIDO & Phones | Saini & Talwar |
| 4 | 06.02.2024 | FIDO & Adoption | Gerhardt & Shah |
| 5 | 06.02.2024 | FIDO & eIDs | Sujela |
| 6 | 06.02.2024 | FIDO & Passkeys | Nawrath |
| 7 | 06.02.2024 | FIDO & Attacks | Tran & Löffler |
Seminar Schedule:
| Week | Date | Time | Room | Meeting | Your Task |
|---|---|---|---|---|---|
| 43 | - | - | - | - | Register in CMS |
| 44 | - | - | - | - | Vote on date and time |
| 45 | 07.11.2023 | 10:15-11:45 | C0 - 0.02 | Introduction to FIDO & Topic Assignment | Attend |
| 46 | 14.11.2023 | 10:15-11:45 | C0 - 0.07 | Background: Passwords | Attend & Discuss |
| 47 | 21.11.2023 | 10:15-11:45 | Online | How to Read and Write Scientific Papers | Attend |
| 48 | - | - | - | - | Read and write |
| 49 | - | - | - | - | Read and write |
| 50 | - | - | - | - | Read and write |
| 51 | - | - | - | - | Read and write |
| - | 22.12.2023 | 23:59 | - | Seminar Paper | Submit |
| 52 | - | - | - | 🎅 | (Winter Break) |
| 01 | - | - | - | 🎆 | (Winter Break) |
| 02 | - | - | - | - | Read and review |
| 03 | - | - | - | - | Read and review |
| - | 19.01.2024 | 23:59 | - | Review | Submit |
| 04 | - | - | - | - | Co-prepare talk |
| 05 | 30.01.2024 | 10:15-11:45 | C0 - 0.02 | Presentations | Co-present topic / Discuss |
| 06 | 06.02.2024 | 10:00-12:00 | C0 - 0.02 | Presentations | Co-present topic / Discuss |
| - | 09.02.2024 | 23:59 | - | Seminar Paper with Feedback Incorporated | Submit |