HGI Seminar Winter Semester 2003/04

Im Wintersemester 2003/04 wird im Rahmen des Horst-Görtz Instituts ein Seminar zu IT-Sicherheit angeboten. Das Seminar wird von den Lehrstühlen IT-Sicherheit & Cryptography (ITSC, Prof. Dobbertin) und Kommunikationssicherheit (COSY, Prof. Paar) organisiert.

Das Seminar findet in der Regel jede Woche montags um 13:00 c.t. statt. Die Vorträge werden zwischen dem NA-5/64 (Mathematik) und dem IC-4/39 (E-Technik) an der RUB alternieren. Die Vorträge werden zwischen 30-45 min. dauern.

DAS SEMINAR IST OFFEN FÜR ALLE; EXTERNE GÄSTE SIND WILLKOMMEN!

EMAIL-VERTEILER: Wenn Sie Vortragsankündigungen per Email erhalten wollen, schicken Sie bitte eine kurze Nachricht an:
cpaar@crypto.rub.de

Anfahrt:
Eine Wegbeschreibung zur RUB ist auf unserer Kontaktseite zu finden.


Vortragskalender Wintersemester 2003/04:

  • 10.11.2003 Yvo Desmedt, Florida State University, USA, 13.00 c.t. IC 4/39
    Cryptanalysis of Several of the UCLA Watermarking Schemes for Intellectual Property Protection of Digital Circuits/Designs
  • 01.12.2003 Christof Paar, COSY Group - RUB, 13.00 c.t. IC 4/39
    Eingebettete IT-Sicherheit im Automobil
  • 08.12.2003, Ammar Alkassar, U. Saarland, 13.00 c.t. IC 4/39,
    "Secure Object Identification - Or: How To Solve The Chess-Grandmaster-Problem"
  • 15.12.2003, Philippe Rivard, COSY Group -RUB, 13.00 c.t. IC 4/39,
    "Low-weight Embedded SSL"
  • 12.01.2004, Sandeep Kumar, COSY Group -RUB, 12.00 s.t. IC 4/39,
    "Embedded End-to-End Wireless Security with ECDH Key Exchange"
  • 19.01.2004, Stefan Lucks, Uni. Mannheim, 13.00 c.t. IC 4/39,
    "Practice and Theory of Related-Key Attacks"
  • 26.01.2004, Johannes Ueberberg, SRC GmbH, 13.00 c.t. IC 4/39,
    "Sichere Zahlungsverkehrsmodelle im Internet"
  • 02.02.2004, Thomas Groß, IBM Research Lab Zurich, 13:15hrs. IC4/39
    "Emerging protocols in Federated Identity Management"
  • 09.02.2004, Roger Oyono, Uni. Essen, 13.00 c.t. IC 4/39,
    "Fast Arithmetic on Jacobians of Picard Curves"
  • 16.02.2004, Bernhard Loehlein, T-Systems, 13.00 c.t. IC 4/39,
    "IP Multicast Security"


 

Übersicht der Vorträge:

Yvo Desmedt, Florida State University, USA

Cryptanalysis of Several of the UCLA Watermarking Schemes for Intellectual Property Protection of Digital Circuits/Designs

We analyze four recently proposed watermarking schemes for intellectual property protection of digital designs. The first scheme watermarks solutions of a hard optimization problem, namely the graph coloring problem. The remaining three schemes belong to a family of techniques for watermarking digital circuits on programmable hardware. They were referred to as constraint-based watermarking. All of these schemes are different from usual image and audio watermarking in that they must maintain the correctness of the watermarked objects. Therefore their watermarks cannot be embedded in the form of small errors as usually done in audio and visual watermarking. Though similar constraint-based schemes existed for watermarking software, these schemes are the first ones applied to protect hardware designs.
In this lecture, we apply a novel method to break the first of these schemes. We show how to modify a watermarked object in such a way that every signature strings can be extracted from it. Thus anyone can claim ownership of the object, yet leave no traces of who leaked the object. According to our best knowledge, this method is new and it may be of its own interest. In the other three watermarking schemes, we show how to locate and to remove the watermark embedded in the object, without knowing the secret key used in the embedding.
This presentation is based on joint work with Tri V. Le.

Christof Paar, COSY Group - RUB
 Montag, 01.12.2003, 13:00 c.t. IC 4/39

Eingebettete IT-Sicherheit im Automobil

Es wird zunehmend deutlich, dass die Informationstechnik innerhalb von Automobilen rapide an Bedeutung gewinnt. Zum einen wird die Informationstechnik für grundlegende Fahrzeugfunktionen (Motorsteuerung, Bremsen, Lenkung) eingesetzt, daneben für Sekundärfunktionen wie Wegfahrsperre, Airbag etc. und letztlich für Anwendungen wie Telematik, online Streckenführung und in-car Entertainment. Ein Aspekt der modernen Informationstechnik, der bisher nicht systematisch behandelt wurde, ist die Absicherung der IT-Anwendungen. Dieses Thema wird in dem gleichen Maße an Bedeutung gewinnen, in dem Automobile mit IT-Funktionalität durchsetzt werden. Wir glauben, dass das Fehlen von adäquaten Sicherheitsmaßnamen ein ernsthafter Hinderungsgrund für die Einführung zukünftiger IT-Anwendungen sein kann, die große finanzielle und technische Bedeutung in Fahrzeugen der Zukunft haben kann. Gleichzeitig lassen sich zahlreiche neue Geschäftsmodelle im Automobilbereich durch robuste IT-Sicherheit realisieren.

Dieser Vortrag wird das Thema zunächst anhand von Fallbeispielen motivieren. Dann werden die spezifischen Anforderungen (und Schwierigkeiten) von IT-Sicherheit im Auto behandelt.

 

Ammar Alkassar, U. Saarland,
Montag, 08.12.2003, 13:00 c.t. IC 4/39

"Secure Object Identification - Or: How To Solve The Chess-Grandmaster-Problem"

Many applications of cryptographic identification protocols are vulnerable against physical adversaries who perform real time attacks. For instance, when identifying a physical object like an automated teller machine, common identification schemes can be bypassed by faithfully relaying all messages between the communicating participants. This attack is known as mafia fraud.

 In my talk I will give an overview over different approaches to cope with that fraud. One approach, the Probabilistic Channel Hopping system, solves this problem by hiding the conversation channel between the participants. The security of this approach is based on the assumption that an adversary cannot efficiently relay all possible communication channels of the PCH system in parallel.  

Philippe Rivard, COSY Group -RUB,
Monday, 15.12.2003, 13:00 c.t. IC 4/39

"Lightweight Embedded SSL"

SSL has been widely adopted in industry as a means of establishing end-to-end secure communications. However, it has not seen widespread use in embedded devices, as the protocol and its cryptographic computations are quite intensive. Embedded devices wishing to use SSL would thus require more hardware, and be more expensive.

This talk will describe my efforts to implement a specific version of SSL (TLS 1.1 with some extensions) on a highly constrained platform (Atmel 8-bit microcontroller). A brief overview of the basic SSL handshake will first be presented, followed by an explanation of how the heaviest portions of the protocol were handled. Finally, future possibilities for improvement will be identified.

In short, this talk will show what can be done to enable end-to-end secure communications between embedded devices without drastically increasing their cost.
 


Sandeep Kumar, COSY Group -RUB,
Monday, 12.01.2004, 12:00 s.t. IC 4/39

"Embedded End-to-End Wireless Security with ECDH Key Exchange"

Sensor networks offer tremendous benefits for the future as they have the potential to make life more convenient and safer. For instance sensor networks can be used for climate control to reduce power consumption, for structures such as bridges to monitor the maintenance status, or for company badges to locate employees in order to increase productivity. However the introduction of such ubiquitous computing to everyday life also raises privacy concerns.

In this presentation I will present a public-key cryptography implementation for secure key exchane on low-end wireless devices using elliptic curves. Our implementation is based on optimal extension fields(OEF) that are a special type of finite fields GF(p^m).

 

Stefan Lucks, Uni. Mannheim,
Montag, 19.01.2004, 13.00 c.t. IC 4/39

"Practice and Theory of Related-Key Attacks"

The "classical" attack scenarios for block ciphers allow the adversary to choose plaintexts and ask for ciphertexts, or additionally to choose ciphertexts and request plaintexts. "Related-key" attacks give the adversary the additional power to manipulate the secret key. Two practical reasons to study related-key attacks are:

1. Related key attacks have been found useful to evaluate the security of block ciphers (e.g. in the context of the AES-process).

2. Some cryptographic protocols actually allow the adversary to mount a related-key attack against an underlying block cipher. Thus, the security of the protocol can depend on the block cipher's related-key security.

The talk gives examples for related-key attacks against block ciphers and protocols. Also, it presents new theoretical constructions for ciphers provably secure against related-key attacks.

 


Johannes Ueberberg, SRC GmbH,
Montag, 26.01.2004, 13.00 c.t. IC 4/39

 "Sichere Zahlungsverkehrsmodelle im Internet"

Kartengestützte elektronische Bezahlverfahren gibt es derzeit fast ausschließlich an einem Terminal (Kartenleser), das sich physisch beim Händler befindet.

Diese Systeme (insbesondere Kreditkarte, Debitkarte und GeldKarte) werden derzeit weiterentwickelt, um sie auch für Internet-Zahlungen nutzbar zu machen.

In dem Vortrag wird ein Überblick über den Stand der Entwicklungen gegeben.

 

 

 

Thomas Groß, IBM Research Lab Zurich,
Montag, 02.02.2004, 13:00 c.t. IC 4/39

"Emerging protocols in Federated Identity Management"

Many influential industrial players are currently pursuing the development of new protocols for federated identity management. The Security Assertion Markup Language (SAML), Liberty, and WS Federation are the most important examples of this new protocol class and will be widely used in business-to-business scenarios to reduce user-management costs. All of them utilize constraint-based specifications and techniques of modular design, but do not include general security analyses. We analyze the security of the SAML Single Sign-on Browser/Artifact profile, which is the most important protocol of this class and already included in all major access control products. We demonstrate flaws of SAML Single Sign-on by mounting exemplary attacks on the protocol. Given this result, we also deduce the need for a methodology of Research to model, analyze and prove the security of this new protocol class.



 

 

Roger Oyono, Uni. Essen,
Montag, 09.02.2004, 13.00 c.t. IC 4/39,

"Fast Arithmetic on Jacobians of Picard Curves"

In this paper we present a fast addition algorithm in the Jacobian of a Picard curve over a finite field $\mathbb F_q$ of characteristic different from $3$. This algorithm has a nice geometric interpretation, comparable to the classic "chord and tangent" law for the elliptic curves. Computational cost for addition is $144M + 12SQ + 2I$ and $158M + 16SQ + 2I$ for doubling.
 

 

 

Bernhard Loehlein, T-Systems,
Montag, 16.02.2004, 13.00 c.t. IC 4/39,

"IP Multicast Security"

T-Systems is currently developing a Multicast Security Gateway, called MuSeGa, which enables secure content distribution over multicast networks. The concept is compatible to the IETF MSEC architecture which is a general framework for multicast security at the IP layer.

IPSec is the well defined and accepted standard for security in unicast IP. In the step from unicast to multicast there arise several problems concerning security: group key agreement, key management, source authentication, ...

Our main focus in this talk is on the status of standardization  in the IETF and an overview of efficient group key management algorithms for IP multicast.