Hauptseminar Privacy and Security

Current news:

  • Any updates related to the seminar will be announced via OPAL. Please enroll in the respective OPAL course. If you experience any difficulties, please contact Stefan Köpsell.

Description

This seminar aims to convey the skills that are needed to perform a thorough literature research in the area of privacy and security and to communicate its results in a manner suitable to a scientic audience. For the latter, the seminar mimics the process of a scientific conference, where authors first submit papers for review and upon a positive review, afterwards present their work in a short presentation to the other attendants.
In contrast to a real scientific conference, the reviews are done by the participants of the seminar, and each student will receive at least one review by their supervisor.

The seminar will proceed in the following phases:

  • Literature research & writing: Each participant will choose a topic (topic suggestions can be found below) and perform a scientific literature research to assess the current state of the art with regards to that topic. Furthermore, each participant will write a report that summarizes, compares and discusses the discovered literature. At the end of the phase, every participant will submit its written report for peer review.
  • Peer Review: Each Student will receive 2 Reviews for their Paper.
  • Revision: Each participant has the chance to improve the report accordingly.
  • Presentation: Every participant will give a talk about the results from its literature research.

The precise deadlines for each phase can be found further down the page under "Important Dates".

INFORMATION

Course of studies

Master Informatik —>Modul INF-AQUA, Bereich 1
Diplom Informatik —>Modul INF-D-940, Bereich 1

Kinds of teaching

Hauptseminar

Temporal imbedding/semester recommended

5th semester or later

Prerequisites

Basic knowledge of IT-Security / Cryptography, learned for instance through attending the course "Security and Cryptography I" or "Kryptographie und Kryptoanalyse"

Size in SWS

Seminar: 2 SWS

Form of the examination

Ausarbeitung und Präsentation (P(m) 25 min)

Time and Location

Tuesday, 4. DS, 13:00 - 14:30, APB/E006

Mandatory subscription with OPAL
  • Please register with OPAL

Links & Resources

Important dates

Date Time Event
9.4.24 13:00

Welcome meeting (slides)

Introduction to literature research (slides)
(BBL recording of semester WS21/22)
15.4.24 23:59 Deadline for sending topic preferences
16.4.24  

Annoucment of topic assignments
29.4.24

23:59

Deadline for contacting your supervisor
7.5.24 13:00

Introduction to scientific writing (slides)
(BBL recording of semester WS21/22)

Introduction to peer review (slides)
(BBL recording of last semester)

6.5.24 - 24.6.24

   Core working period
24.6.24 23:59 Deadline for first version of Paper
15.7.24 23:59 Deadline for revised version of paper
???

???

 Presentations

TOPICS

Each student is encouraged to propose own topics of interest from the area of security and privacy. If you would like to work on a topic not included in the following list, please send an email to Sebastian Rehms and Stefan Köpsell

Possible Topics for this Semester:

Topic #1: Random Walks for Source Obfuscation

Peer-to-Peer (P2P) system can provide an open environment to exchange data.
One problem of these P2P data sharing networks is user privacy.
The privacy of users can be improved by applying mechanisms to hide the source of a request.
There are multiple mechanisms to hide the source of a request.
This topic focuses on randomly selecting another peer of the network, which executes the request on behalf of the original requester.
The random selection of the peer is done via a random walk.

The goal of the topic is to provide a conceptual comparison of two different random walks.
A rough example of such a comparison can be seen in Clover [1], which compares itself with Dandelion [2]/Dandelion++ [3].

The following methods could be compared:
Rumor Riding [4] and Garlic Cast [5]
AP3 [6] and Torsk [7]

References:
[1] F. Franzoni and V. Daza,
“Clover: An anonymous transaction relay protocol for the bitcoin p2p network,”
In: Peer-to-Peer Networking and Applications, vol. 15, no. 1, pp. 290–303, 2022.

[2] S. Bojja Venkatakrishnan, G. Fanti, and P. Viswanath,
“Dandelion: Redesigning the Bitcoin Network for Anonymity,”
In: Proceedings of the ACM on Measurement and Analysis of Computing Systems, vol. 1, no. 1, pp. 1–34, 2017.

[3] G. Fanti, S. B. Venkatakrishnan, S. Bakshi, B. Denby, S. Bhargava, A. Miller, and P. Viswanath,
“Dandelion++ Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees,”
In: Proceedings of the ACM on Measurement and Analysis of Computing Systems, vol. 2, no. 2, pp. 1– 35, 2018.

[4] Y. Liu, J. Han, and J. Wang,
“Rumor Riding: Anonymizing Unstructured Peer-to-Peer Systems,”
In: IEEE Transactions on Parallel and Distributed Systems, vol. 22, no. 3, pp. 464–475, 2011.

[5] C. Qian, J. Shi, Z. Yu, Y. Yu, and S. Zhong,
“Garlic Cast: Lightweight and Decentralized Anonymous Content Sharing,”
In: ICPADS ’16: Proceedings of the 22nd IEEE International Conference on Parallel and Distributed Systems, Wuhan, China, Dec. 2016, pp. 216–223.

[6] A. Mislove, G. Oberoi, A. Post, C. Reis, P. Druschel, and D. S. Wallach,
“AP3: Cooperative, Decentralized Anonymous Communication,”
In: SIGOPS ’04: Proceedings of the 11st ACM SIGOPS European Workshop, Leuven, Belgium, Sep. 2004, p. 30.

[7] J. McLachlan, A. Tran, N. Hopper, and Y. Kim,
“Scalable Onion Routing with Torsk,”
In: CCS ’09: Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL, USA, Nov. 2009, pp. 590–599.
 

Topic #2: Exploring the Power of Generative AI for Securing Communication Networks

Generative Artificial Intelligence (GAI) seeks to learn the underlying features of input data to generate new content that is similar to real data. GAI demonstrates versatility in generating diverse forms of data, varying from text and images to videos and beyond.

It revolutionizes AI innovation by not only excelling in content generation but also in analytical capabilities for learning complex data distributions. This topic aims to delve into how GAI can enhance security within the physical layer of communication networks, where traditional AI approaches struggle with adapting to evolving physical attributes and cyber threats. There are various applications of GAI in security at the physical layer, including advanced models like Generative Adversarial Networks (GANs) and Autoencoders (AEs) GAI's potential to address emerging challenges in secure physical layer communications and sensing.

The assignment is to analyze and contrast different Generative Artificial Intelligence (GAI) models, comprising Generative Adversarial Networks (GANs), Autoencoders (AEs), Variational Autoencoders (VAEs), and Diffusion Models (DMs). Examine their respective strengths, weaknesses, and their appropriateness for various security applications.

  • Karapantelakis, Athanasios, et al. "Generative ai in mobile networks: a survey." Annals of Telecommunications 79.1 (2024): 15-33.   https://rdcu.be/dDtRA


Topic #3: Transferring Attacks on IoT to Distributed Process Mining

There is a vast amount of research in the area of IoT security and privacy:

  • A Review on Security and Privacy Issues and Challenges in Internet of Things [Dhuha Khalid Alferidah1; NZ Jhanjhi2] https://expert.taylors.edu.my/file/rems/publication/109566_7213_1.pdf
  • Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic https://arxiv.org/pdf/1708.05044.pdf
  • Privacy-Aware Smart Metering: A Survey https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7093120
  • Smart Meter Data Privacy: A Survey https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7959167

We want to identify if this knowledge can be applied to our research area of distributed process mining.

Your Task:

- identify five meaningful papers that analyze privacy in the area of IoT. You can use the paper above or choose your own

- summarize privacy risks and privacy-enhancing technologies

- discuss which of these risks and countermeasures apply to the setting of distributed process mining

Topic #4: Literature Review: Production Line Models
Production lines are not only studied in the real world and simulations, but also with small models. For example, built with FischerTechnik or Lego:

  • Integrating process management and event processing in smart factories: A systems architecture and use cases: https://www.sciencedirect.com/science/article/pii/S0278612522000814
  • Towards Explainable Process Predictions for Industry 4.0 in the DFKI-Smart-Lego-Factory: https://link.springer.com/article/10.1007/s13218-019-00586-1

Your Task:

Identify five papers where a model factory is built and summarize:

- which sensors are used

- what is produced

- which technology is used (Lego, FischerTechnik, ...)

- Which results have been achieved

Topic #5: Exploring the feasibility of alternative anonymous communication networks in the Lightning network
The Lightning network (LN) can be used over Tor. This allows nodes to offer (and make use of) routing services in the networkwhile maintaining their anonymity. While the integration of Tor in LN -- and in the wider Bitcoin ecosystem -- is generally undisputed, there are alternative networks that follow the same goals as Tor.
One such example is the Invisible Internet project (I2P) which, in contrast to Tor, employs garlic routing. The goal of this work is to investigate whether I2P can potentially be used in LN as an alternative to Tor. This entails understanding the fundamental differences between Tor and I2P as well as LN's current requirements on such an anonymisation layer.

  • Poon et al.(2016): The Bitcoin Lightning Network: Scalable Off-Chain Instant Payments
  • Dingledine et al. (2004): Tor: The Second-Generation Onion Router

Topic #6: A survey of systems providing practical differential privacy

Differential Privacy provides a theoretical framework for data analysis while protecting the privacy of individuals. However due to the theoretical nature of differential privacy it is not easy for software engineers to build differential privacy application without being specially trained. Many contribution have been made to help developers to integrate differential privacy data aggregation into their software. One example is Airavat [1].

In the seminar the student should find at least on other contribution for this use case and write and present a qualitative analysis of the solutions.

[1] Roy, Indrajit, Srinath T V Setty, Ann Kilzer, Vitaly Shmatikov, and Emmett Witchel. “Airavat: Security and Privacy for MapReduce,” n.d.

Topic #7: Post-quantum secure drone control

In this work the current state of the art regarding remote control of drones (especially in "Beyond line of sight" (BVLOS) scenarios) should be analysed. How does the communication work in general? Which protocols exist and which secure feature do they offer? Is post quantum security already considered? The analysis should cover scientific work as well as existing solutions/implementations (including protocols proposed in standards). Thereby only solutions based on cryptography (based on math) should be considered. Out of scope are solutions which rely on quantum mechanics.

Literature (starting point!):

  • 3GPP TS 33.256
  • https://mavlink.io/
  • "Communication and networking technologies for UAVs: A survey"
  • "Quantum Cryptography-as-a-Service for Secure UAV Communication: Applications, Challenges, and Case Study"

About this page

Stephan Escher
Last modified: Apr 26, 2024