News
Currently, no news are available
Registration:
About:
The seminar will give students a deep understanding of typical passwordless user authentication schemes enabling them to reason about their usability, deployability, and security properties.
Seminar Schedule (Tentative - To Be Discussed in Class):
| Week | Date | Time | Room | Meeting | Your Task |
|---|---|---|---|---|---|
| 42 | - | - | - | - | Register via CMS |
| 43 | October 23, 2024 | 10:15-11:45 | 0.02 Showroom | Introduction to FIDO & Topic Assignment | Attend |
| 44 | October 30, 2024 | 10:15-11:45 | 0.05 Lecture Hall | Background: Passwords | Attend |
| 45 | November 6, 2024 | 10:15-11:45 | 2.22 Meeting Room | How to Read and Write Scientific Papers | Attend |
| 46 | November 13, 2024 | 10:15-11:45 | 0.05 Lecture Hall | LaTeX 101 | (Optional) |
| 47 | - | - | - | - | Read and write |
| 48 | - | - | - | - | Read and write |
| 49 | - | - | - | - | Read and write |
| 50 | - | - | - | - | Read and write |
| 51 | December 20, 2024 | 23:59 | - | Seminar Paper | Submit |
| 52 | - | - | - | 🎅 | (Winter break) |
| 1 | - | - | - | 🎆 | (Winter break) |
| 2 | - | - | - | - | Read and review |
| 3 | - | - | - | - | Read and review |
| 3 | January 17, 2025 | 23:59 | - | Review | Submit |
| 4 | January 22, 2025 | 10:15-11:45 | 0.07 Meeting Room | Presentations | Co-present topic / Discuss |
| 5 | January 29, 2025 | 10:15-11:45 | 0.07 Meeting Room | Presentations | Co-present topic / Discuss |
| 6 | February 5, 2025 | 10:15-11:45 | 0.07 Meeting Room | Presentations (Alternate Date) | Co-present topic / Discuss |
| 6 | February 7, 2025 | 23:59 | - | Seminar Paper with Feedback Incorporated | Submit |
Seminar Paper:
Task:
Based on the provided and additional literature, the student is expected to provide an overview of the topic in regards to its potential security and usability benefits and problems. The seminar paper should explain how the topic effectively integrates usability or human factors with security or privacy, and clearly indicate the innovative aspects or lessons learned and cite relevant related work.
Formatting:
Papers must use the formatting template and be submitted as a PDF via the web submission system. Submissions must be 5 pages (excluding bibliography, and appendices, double column, ~4000 words). All submissions must clearly relate to the human aspects of security or privacy. Your paper should be gender neutral, inclusive, and respectful. A variety of guidance exists on this topic.
Topics:
| # | Name | Keywords |
|---|---|---|
| 0 | Passwords | Memorability, Management, Coping Strategies, Threats (Phishing, Reuse), Reinforcement (Password Manager, 2FA, RBA, Alerting) |
| 1 | Legacy Systems | Magic Links, Apps, QR Codes, Single Sign-On Systems |
| 2 | FIDO & Security Keys | Blinking Button, Handling, Uncertain Benefits, Time Required, Fear of Losing, Recovery |
| 3 | FIDO & Adoption | Willingness, Concerns, Misconceptions, UX and Deployment Obstacles |
| 4 | FIDO & Phones | caBLE, QR Codes, Availability, Recovery, Setup Difficulties, Account Delegation |
| 5 | FIDO & Passkeys | Synced/Device-Bound Passkeys, Cross-Device Authentication, Discoverable Credentials/Conditional UI, E2EE, Persistent Linking, Related Origin Requests |
| 6 | FIDO & Attacks | Malware, Browser Extension, Attestation, Real-time Phishing, Downgrade Attacks, Social Engineering, MFA Fatigue |
| 7 | FIDO & eIDs | FIDELIO, elektronischer Personalausweis (nPA), AusweisApp, FeIDo, FIDO-AC |
📖 Some recommended related literature can be found on the Materials page.
Additional Resources:
- FIDO Promises a Life Without Passwords - By Jeff Crume (IBM Technology)
- Passwords vs. Passkeys - FIDO Bites Back! - By Jeff Crume (IBM Technology)
- Passkeys 101 by Tim Cappalli (Microsoft)
- From Magic Links to Passkeys: The Future of Passwordless Authentication on the Web - By Maximilian Golla (MPI-SP)
- Mitigating Users Misconceptions about FIDO2 Biometrics - By Leona Lassak (Ruhr University Bochum)
Review:
Students are expected to read and review (~500 words) one seminar paper. The reviewing details are provided during the in-person meeting. I like to emphasize the importance of kind and constructive reviews.
Here are 3 easy steps to improve your review:
- Start with thanking the authors and mentioning something positive. "Thank you for your work on improving ... . I appreciate the effort to ..."
- Be kind and constructive and describe a path forward. "I suggest clarifying the high-level idea of the approach by adding a paragraph at the beginning of Section 3."
- Do not refer to the authors directly in your review, but direct comments toward the seminar paper. We are reviewing the paper and not the authors. "The paper must be more consistent with its wording."
Reviewers are responsible for all text they submit as part of their review. As such, you should ensure your reviews are accurate and constructive. All seminar papers are considered confidential and should not be publicly discussed or shared.
Talk (Co-Presented):
Presenters:
As a hands-on experience, students are asked to demonstrate their authentication scheme and co-present their topic in front of the class (about 15 minutes incl. demo). The idea of this presentation is to provide an overview of the topic and reason about potential usability issues and benefits of the presented authentication scheme.
Here are two easy steps to improve your talk:
- Outline your talk without using PowerPoint. What is a good motivation? What is the most important result you like to share? What is the main takeaway at the end?
- Practice, practice, practice. Please rehearse your talk multiple times. There is nothing more distressing than a presenter who is surprised by their own slides.
Audience:
Members of the audience are expected to actively contribute to a discussion by asking questions and engaging with the topic.
Talk Schedule:
| # | Date | Talk Topic | Student(s) |
|---|---|---|---|
| 1 | TBA | TBA | TBA |
Time and Location:
The seminar will take place on Wednesdays, starting October 23, 2024.
Time:10.00 - 12.00 (c.t.).
Location:Building E9 1, CISPA C0, Stuhlsatzenhaus 5, 66123 Saarbruecken.
Links: