4 CP, WiSe 2014/2015Carlos Garcia C.

carlos.garcia@cased.de

based on slides by Dr. Leonardo Martucci and Florian Volk

Seminar TK: Security, Privacy, and Trust

2

What? Read and analyze current scientific

publications Topics: Security, Privacy, Trust

Carlos Garcia C., Telekooperation

General Information

How? Select a topic and study it Write a short report Review other reports Present your report

Who? BSc, MSc and Diploma students from

Computer Science Electrical Engineering and related areas

3Carlos Garcia C., Telekooperation

General Information

Why? Introduction to a resarch area Learn to read and analyze

scientific material Present your evaluation

When? October 14 (now)

Introduction Topic presentation Tutorial: Working with Literature

October 21 (1 week) Topic selection

November 18 (5 weeks) First version of your report (to be reviewed)

December 02 (7 weeks) Deliverable of the reviews of your peers

February 03 (16 weeks) First version of your presentation Final version of your report

February 10 (13:00) Presentation of your work

Meetings with your advisor (optional)

Language? English

Even though your advisor might speak German, your report hasto be in English

4

1. Pick a topic, read the provided literatureand find more literature

2. Write an overview or state-of-the-art report

3. Peer-Review process Your report will be reviewed by a colleague

and by your advisor You will review a colleague‘s report

4. Correct and improve your report following the reviewer‘s comments

5. Give a presentation on your report

Carlos Garcia C., Telekooperation

5 Steps to Success

Read Literature

Write Report

Peer review

Correct Report

Presentation

enough

Yes

No

5

You get 4 graded credit points for Your report: 4-5 pages IEEE transactions style paper

(find templates on the course web page) Your participation in the review: both active and passive

Your presentation: 15 minutes + discussion

Carlos Garcia C., Telekooperation

Evaluation and Grading

You need to pass all parts!

60 %

Report

15 %

Review

25 %

Presentation

Seminar Topics

Asymmetric DC-Nets

Scalable:In general, asymmetric DC-Nets are more efficient than symmetric DC-Nets and homomorphic encryption schemes. Verifiable:Similarly to commitments, participants can prove their messages sent.

fabio.borges@cased.de

Goal:The main goal is to compare the algorithms used in privacy-

preserving protocols and survey the differences between them.

Trust is a very important element for decisions.

Computational trust and reputation models.

PageRank is a very importantalgorithm to rank.

Widely used in the Internet.

Different trust models are now being considered.

Goal: Overview and classify different strategies and compare them with PageRank. Identify security and privacy issues in such strategies.

PageRank and Trust

12.5 1.3

1.21.4

fabio.borges@cased.de

Analyzing the Membership Management of P2P Botnets

Overview: P2P botnets are very resilient to take downs A botnet is organized based on the membership management (MM) MM influences the resulting overlay structure of each botnet Some botnets are more resilient than others

Goal: State-of-the-art survey on all P2P Botnet’s membership management and their associated

advantages and disadvantages.

shankar.karuppayah@cased.de

Tracing the Botmaster

Overview: In P2P botnets (or networks), command can be issued at any node Absence of a centralized component, makes it difficult to trace the botmasters However, metadata from other nodes, e.g., time a command received, more information

can be inferred about the source.

Goal: State-of-the-art survey on techniques that can be used in identifying source node or

source path in a P2P network.

shankar.karuppayah@cased.de

Anonymous services gaining popularity Add-on: Tor, JAB, Crowds, (Firefox) Integrated: diaspora*, GNUnet, FireChat

Attacks attempt to … Disclose participants (Anonymity) Disrupt service (Availability)

Attacks on Anonymization Services

joerg.daubert@cased.de

Motivation

Task Survey and categorize attacks

How are the attacks performed? Which features / weaknesses are exploited?

Collaboration with “Attacks on Anonymous Communication”

Anonymity Measures

Anonymous Communication Systems are trying to hide your and your communication partners identity while communicating

How is anonymity been measured?

Goal: Survey on anonymity measures, their strength and weaknesses

grube@cs.tu-darmstadt.de

Attacks on Anonymous Communication

Anonymous Communication Systems are trying to hide your identity Are the “Snowden insights” (already) represented in attacker models? What are current attacker’s capabilities?

Goal: State of the art survey on attacker models and capabilities

grube@cs.tu-darmstadt.de

Security, privacy and trust challenges in IoT platforms

manolis@cased.de

IoT: The Internet of Things (IoT) is the interconnection of uniquely identifiable embedded computing devices.

Platforms: Many IoT platforms and architectures have been proposed, e.g., IoT-A ARM, BETaaS, OpenIoT, IEEE P2413, etc.

Problem: What kind of mechanisms are utilized in the proposed platforms to ensure security, privacy, and trust?

Goal: Survey and comparison of the security features of specific IoT platforms and architectures.

Security, privacy and trust challenges in IoT Machine-to-Machine (M2M)

manolis@cased.de

M2M: In IoT, M2M refers to technologies that allow both wireless and wired systems to communicate with other devices of the same type.

Platforms: Many M2M platforms and architectures exist, e.g., ITU FG M2M Service Layer, IP for Smart Objects (IPSO), ETSI TC M2M, TIA TR-50 M2M, 3GPP / 3GPP2, etc.

Problem: What kind of mechanisms are utilized in the proposed platforms to ensure security, privacy, and trust?

Goal: Survey and comparison of the security features of specific M2M platforms and architectures.

Machine Learning in Anomaly Detection Artificially intelligent techniques to detect intruders

Overview: Machine Learning: Techniques for extracting knowledge from data Anomaly Detection: Intrusion detection using machine learning tools Are you interested in learning more about this field of Artificial Intelligence?

carlos.garcia@cased.de

Goal: Explore different tools and algorithms already used by

anomaly detection systems. Review what the latest papers are talking about. Find different and current algorithms for supervised,

unsupervised, semi-supervised and reinforcement learning.

Florian Volk, Telekooperation 17

1. Asymmetric DC-Nets (Fabio)2. PageRank and Trust (Fabio)3. Analyzing the Membership Management of P2P Botnets (Shankar)4. Tracing the Botmaster (Shankar)5. Attacks on Anonymization Services (Jörg)6. Anonymity Measures (Tim)7. Attacks on Anonymous Communication (Tim)8. Security, privacy and trust challenges

in IoT platforms (Manolis)9. Security, privacy and trust challenges

in IoT Machine-to-Machine (M2M) (Manolis)10. Machine Learning in Anomaly Detection (Carlos)

Overview on Topics

by

Leonardo A. MartucciSascha HaukeFlorian Volk

proudly presented and edited by

Carlos Garcia C.

How to work with Literature and write Scientific Material

CONTENT What’s a scientific publication? Finding (good) references

Correct referencing Writing your own paper Reviewing papers

* parts of this slide set are based on material provided by Guido Rößling

Leonardo Martucci - Telecooperation

Scientific Publication a message With scientific background Offer a new insight of a scientific problem

Solution Problem Criticism

OR a survey of a research field

The message is a claim That needs to be evaluatedAND validated

What’s a scientific publication?

01

Leonardo Martucci - Telecooperation

Books Survey (mostly) about a topic

Journal Articles Collection of related topics into one magazine (the journal) Quality mostly depends on the Journal Rankings: http://www.core.edu.au/index.php/

Good Journal Good Article

Conferences and Symposia The most recent research achievements Strict page limits Papers followed by a presentation Quality is usually connected to the Conference Rankings: http://www.core.edu.au/index.php/

Good Conference Good Paper

Workshops Mostly for work in progress Good for discussing new ideas

Types of Publications

02

Leonardo Martucci - Telecooperation

Refer back to the original source of information For others to identify the foundations of your work Giving credit, when credit is due

Not doing so is REALLY bad practice A.K.A. plagiarism Grundregeln der wissenschaftlichen Ethik am Fachbereich Informatik

References and Referencing

03

Leonardo Martucci - Telecooperation

Scientific publications Articles, papers, books

Standards RFC, ITU, IEEE, W3C etc.

+ All other non-scientific sources Surveys Magazines Reports

Can I reference Wikipedia?or any other online material?

YES, but mind: not reliable (or stable) information sources

What should I reference?

04

Leonardo Martucci - Telecooperation

1. First, define the message Objective of your publication

define the area of research

2. Read the related work Define the work around your work Finding out what has been done

3. Implement your idea Evaluate your idea Validate your idea

4. Write your publication

Writing a Scientific Publication

3. Survey the related work Evaluate differences Identify trade-offs

05

Leonardo Martucci - Telecooperation

Finding the message The most difficult part (!) Also, the creative one

go beyond the state of the art Find a story line.

A message that needs science Scientific foundations + challenges

can be found in related work

1. Your Work, Your Message

!

06

Leonardo Martucci - Telecooperation

Related Work? Where? For the initial literature ask your supervisor

it will give you a broad idea about the area

Check publication repositoriesACM Digital Lib http://portal.acm.org/portal.cfm

IEEE Xplore http://ieee.org/portal/site

Google Scholar http://scholar.google.com

Academic Search http://academic.research.microsoft.com/

Conference directories http://www.dblp.org/search/Authors’ home pages

Other sources from the reference listsREPEAT

2a. Related Work? Where? How?

07

Leonardo Martucci - Telecooperation

Related Work ∞ Identify the relevant sources Evaluating the importance of a publication

1. Read the abstract

2. Check the reference list

3. Read the conclusions

4. Read the rest

Related work will Compare your results against their results Be used as input for a survey

2b. Related Work and Relevance

Good

Good

Good

Paper Read

Next Paper

No

Yes

Yes

Yes

08

Leonardo Martucci - Telecooperation

A reference looks like this:

there are also other reference styles

if you use LaTeX to write your report, have a look at BibTeX.

Referencing: doing it right

authors

title

how was it published(proceedings)publisher date page number

09

Leonardo Martucci - Telecooperation

Always have a good paper structure Organize your ideas Organize your papersDefine it BEFORE starting to add text

Plan the content of each section

Writing skills No one learns without doing itGeneral Guidelines: Be concise Be precise

4. Write your Publication

10

Leonardo Martucci - Telecooperation

Peer-reviews Peers review your work and verify its general quality Evaluate the work before being published Offer suggestions to improve the work (!)

How’s quality definedin a publication?

Novelty Soundness

Evaluation + Validation Completeness Readability

Peer-reviews

11

What to write Positive and negative aspects of the work Constructive criticism (if possible) Offer suggestions to improve the paper

e.g. + literature Suggest an overall evaluation of the work

It is NOT the reviewer’s work to correct the publication! to point typos (unless if it’s one or two)

Leonardo Martucci - Telecooperation

A scientific publication is a message; a validated claim

Refer to the original source of information, avoid plagiarism

The peer-review should help, not criticize

12

Summary

Good

Good

Good

Paper Read

Next Paper

No

Yes

Yes

Yes

1. Read the abstract

2. Check the reference list

3. Read the conclusions

4. Read the rest