Seminar 4 CP, winter term 2012
Florian Volk [email protected]
based on slides from Dr. Leonardo Martucci
Security, Privacy, and Trust
What? Read and analyze current scientific
publications
Topics: Security, Privacy, Trust
Florian Volk, Telekooperation 2
General Information
How? Select a topic and study it
Write a short report
Review other reports
Present your report
Who? BSc, MSc and Diploma students from Computer Science
Electrical Engineering
and related areas
Florian Volk, Telekooperation 3
General Information
Why? Introduction to a resarch area
Learn to read and analyze scientific material
Present your evaluation
When? October 16 (today) Introduction Topic Presentation Tutorial: Working with Literature
October 23 Topic Selection
December 07 First version of your report (for the review)
December 14 Deliverable of the reviews
January 25 Final version of your report
January 31 (14:00, room 4.3.01 at CASED) Presentation of your work
Meetings with your advisor (optional)
Language? English or German Also depends on advisor
1. Pick a topic, read the provided literature
and find more literature
2. Write an overview or state-of-the-art report
3. Peer-Review process
Your report will be reviewed by a colleague (and by your advisor)
You will review a colleague‘s report
4. Correct your report following the reviewer‘s
comments
5. Give a presentation on your report
Florian Volk, Telekooperation 4
5 Steps to Success
Read
Literature
Write Report
Peer review
Correct Report
Presentation
enough
Yes
No
You get 4 graded credit points for Your report: 4-5 pages (max!) IEEE transactions style paper
(find templates on the course web page)
Your participation in the review: both active and passive
Your presentation: 15 minutes + discussion
Florian Volk, Telekooperation 5
Evaluation and Grading
You need to pass all parts!
60 %
Report
15 %
Review
25 %
Presentation
4 CP Seminar with topics on Security, Privacy, and Trust
Deadlines Topic Selection: October 23
Report‘s 1st version: December 07
Review: December 14
Report‘s final version: January 25
Presentation: January 31
Florian Volk, Telekooperation 6
At a Glance
http://www.tk.informatik.tu-darmstadt.de/ de/teaching/wintersemester-201213-d/seminar-tk-security-privacy-and-trust-s3/ [email protected]
Smart Grids: Enhancing Privacy
Smart Grids: modernization of electrical syst. enhances users’ monitor, control and prediction
BUT
raises new security & privacy concerns
Different privacy strategies are now being considered: Aggregation of consumers’ data
Battery-driven approaches
Trusted-third parties
Goal: Overview of one of the aforementioned strategies
9
Attacks on Intrusion Detection Systems (IDS)
IDS: a standard security mechanism nowadays Offer Automatic detection of attacks
Most corporations use them
Multitude of detection methods exist
Usually a signature-based or anomaly-based
detection mechanism is used
Attackers try to evade an IDS, mainly with two different ways: Signature Evasion (payload/shellcode mutation, packet splitting, overlapping
fragments, etc.)
Anomaly Evasion (injecting training data, mimicry attacks, etc.)
Goal: Overview of one of the aforementioned attack classes
10
Covert Channel Attacks
Covert Channel Attacks: “A means of communicating on a computer system, where both the sender and receiver collude to leak information, over a channel not intended for the communication taking
place, in violation of a mandatory access control security policy.”
Potential Uses: Bypassing security (e.g., IDS), stealing data, evading censorship mechanisms, etc.
Detection Techniques Non-interference analysis, Covert Flow Tree, etc.
Countermeasures Traffic Normalization, limiting Covert Channel capacity, etc.
Goal:
Overview of Covert Channel Attacks, detection techniques and countermeasures
Network Resilience Metrics
Network resilience as important pre-requisite of today‘s systems
E.g., resilience to the removal of nodes:
How many nodes do I have to remove to partition the network?
Which node causes the largest number of paths to be broken?
Goal: Survey of graph-related metrics and algorithms quantifying the resilience / survivability of networks
Secure Group Communication
Trustworthy communication in ad hoc/MANET scenarios (e.g., disaster response)
TETRA as a standard with drawbacks
What is required: Confidentiality
Authentication & Integrity
Fine-grained Access Control
Secure Broadcast (e.g., geographical restricted)
Goal: Survey of methods to establish secure channels in an ad hoc manner
Botnets: Hiding & Defense Mechanisms
Overview: Botnets: Infected machines/computers over the Internet (via Malwares) and
turned into Bots/Zombies/Drones.
Bots can be instructed to execute malicious activities by the Botherder/Botmaster
Difficult to detect because of the hiding & defense mechanisms
Goal: State-of-the-art survey on Botnet’s hiding-and-defense mechanisms
Botnets: ‘Protecting’ the Communication-and-Control Mechanism
Overview: Infected Bots need to contact the Botmaster (controls the Bots) via
Command-and-Control (C&C) mechanism Seek next instruction/actions
Botmasters place high importance in protecting the C&C and its communication medium/methods
Goal: State-of-the-art survey on how the C&C’s are ‘protected’ by the Botmasters
Trust Management in MANETs, WANETs und WSNs
Trust is a important if you want to cooperate Wireless and distributed networks are based upon
collaboration to achieve the goals of all participants
Trust and reputation mechanisms help agents to ensure the trustworthiness of others
Goals:
Survey a number of existing trust models
Discuss how they are used in the context of different Wireless scenarios
Velloso, P. B. et al. (2010). Trust management in mobile ad hoc networks using a scalable maturity-based model. IEEE Transactions on Network and Service
Management, 7(3), 172-185.
Yu, H. et al (2010). A Survey of Trust and Reputation Management Systems in Wireless Communications. Proceedings of the IEEE, 98(10), 1755-1772.
Román, R. et al (2009). Trust and Reputation Systems for Wireless Sensor Networks. In S. Gritzalis, T. Karygiannis, & C. Skianis (Eds.), Security and Privacy in Mobile and Wireless Networking (pp. 105-128). Leicester, United Kingdom: Troubadour Publishing, Ltd.
Heterogeneous Wireless Networks
Heterogeneous WSNs are networks that can be made up of different device classes They are convenient to provide inclusion of citizens,
eg, through participatory sensing
Their heterogeneity poses particular challenges to securing these networks
Goals:
Provide a short survey of existing heterogeneous WSN models, highlighting their constituent parts and characteristics
Discuss their application in the real world J. Sarangapani Wireless Ad hoc and Sensor Networks: Protocols, Performance, and Control, 2007 :CRC Press
I. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci. A survey on sensor networks. IEEE Communications Magazine, 40(8):102–114, August
K. Akkaya, M. Younis. A survey on routing protocols for wireless sensor networks. Ad Hoc Networks, Volume 3, Issue 3, May 2005, Pages 325–349
Differential Privacy
Statistical DB are widely used e.g. in med.
Medical research needs this Data
But it is also a threat to your privacy:
Disclosure of identity
Association of sensitive attributes
Linking of records and across DBs
DB Sanitation algorithms has been proposed
Differential Privacy shows a fundamental problem with all of them
Goal: Overview and comparison of post differential privacy DB sanitation methods
ID age gen. Medical conditions
54832 20 m
49385 69 f
34854 45 m
43024 19 f
23945 48 m
29394 30 f
Survey: Cryptography in PPDM
Data Mining is the discipline of discovering knowledge in databases
But also a threat to your privacy:
Identity disclosure
Association of sensitive attributes
Privacy-preserving Data Mining (PPDM)
Variety of cryptographic primitives exists:
Homomorphic encryption, private keyword search, order preserving encryption, garbled circuits, […]
What can be used for PPDM today?
Which problems are solved, and what are the costs?
Goal: Survey state-of-the-art PPDM cryptography. Compare goals and drawbacks.
Survey: Pub/Sub Simulation Environments
Publish/Subscribe (pub/sub)
Powerful event dissemination, old but:
Building block for the Internet of Things (IoT)
Cool paradigm for distributed mobile applications
Great to play around with, but security & privacy challenge
Many prototypes and simulators exist
Reference implementations:
Source available and usable?
What can be measured?
Add-ons for simulators:
What are the pub/sub capabilities?
What about cryptography?
Goals: (1) List and compare open pub/sub prototypes & simulators. (2) Survey publications & extensions.
Reputation Propagation
Ratings for Composed Services need to be distributed to the single services that form the composite
A paper from Nepal, Malik and Bouguettaya in 2009 offers some first solutions but leaves a lot of questions unanswered.
Goals:
Understand and explain the algorithm proposed in the paper
Look for newer publications targeting the same problem and probably offering solutions to questions left open by Nepal et al.
20
Graphical Trust Representation
Trust is hard to visualize, especially when it is the outcome of a complex computational model.
Goals: Understand the basics of the trust models CertainTrust
and Beta Reputation System (it’s easier than it seems)
Select criteria for visual trust representations
Compare the Opinion Triangle, Human Trust Interface, and a third one (to be selected by you) according to your criteria
Human Trust Interface Opinion Triangle
21
1. Smart Grids: Enhancing Privacy (Fábio Borges)
2. Attacks on Intrusion Detection Systems (IDS) (Emmanouil Vasilomanolakis)
3. Covert Channel Attacks (Emmanouil Vasilomanolakis)
4. Network Resilience Metrics (Mathias Fischer)
5. Secure Group Communication (Mathias Fischer)
6. Botnets: Hiding & Defense Mechanisms (Shankar Karuppayah)
7. Botnets: ‘Protecting’ the Communication-and-Control Mechanism (Shankar K.)
8. Trust Management in MANETs, WANETs und WSNs (Sascha Hauke)
9. Heterogeneous Wireless Networks (Sascha Hauke)
10. Differential Privacy (Stefan Schiffner)
11. Survey: Cryptography in PPDM (Jörg Daubert)
12. Survey: Pub/Sub Simulation Environments (Jörg Daubert)
13. Reputation Propagation (Florian Volk)
14. Graphical Trust Representation (Florian Volk)
Florian Volk, Telekooperation 23
Overview on Topics
by
Leonardo A. Martucci
Sascha Hauke
proudly presented and edited by
Florian Volk
How to work with Literature and write Scientific Material
CONTENT
What’s a scientific publication?
Finding (good) references
Correct referencing
Writing your own paper
Reviewing papers
*parts of this slide set are based on material provided by Guido Rößling
Basically a message With scientific background
Offer a new insight of a scientific problem
(solution)
OR a survey of a research field
The message is a claim That needs to be evaluated
AND validated
Leonardo Martucci - Telecooperation
What’s a scientific publication?
26
Books Surveys (mostly) about a topic
Theses Doctoral dissertations and Master theses
Very focused scientific work and finding
Articles and Papers Articles appear in Journals
Papers in Conferences, Symposia, Workshops
New findings and concepts
Leonardo Martucci - Telecooperation
How does a publication looks like?
27
Standards and RFC Define the common ground
Thoroughly reviewed
Published by a standardization body
Technical Reports A focused scientific work
White papers published by vendors
Sometimes biased
Not reviewed
Leonardo Martucci - Telecooperation
How does a publication looks like?
28
Journal Articles Quality mostly depends on the Journal
Good Journal Good Article
Sometimes articles are outdated
Conferences and Symposia Quality is usually connected to the Conference
Good Conference Good Paper
The most recent research achievements
Workshops Mostly for work in progress
Good for discussing new ideas
Leonardo Martucci - Telecooperation
Articles and Papers
29
Standards relate to a given technology ITU-T standards
ITU is the UN agency for ICT standards
ITU-T defines standards for telecom
e.g. the X series
IEEE standards
Industrial standards, including ICT
e.g. IEEE 802 standard family
IETF
Internet related standards i.e. RFC
e.g. IP addressing scheme
TCP, TLS protocols, routing
Always pay attention on the RFC status
Leonardo Martucci - Telecooperation
Standards and RFC
30
Refer back to the original source of information For others to identify the foundations of your work
Giving credit, when credit is due
Not doing so is REALLY bad practice
aka plagiarism
Grundregeln der wissenschaftlichen Ethik am Fachbereich Informatik
Leonardo Martucci - Telecooperation
References and Referencing
31
Scientific publications Articles, papers, books
Standards RFC, ITU, IEEE, W3C, etc.
+ All other non-scientific sources Surveys
Magazines
Reports
Can I reference Wikipedia?
or any other online material?
YES, but mind: not reliable (or stable) information sources
Leonardo Martucci - Telecooperation
What should I reference?
32
First, define the message Objective of your publication
define the area of research
Read the related work Define the work around your work
Finding out what has been done
Implement your idea Evaluate your idea
Validate your idea
Write your publication
Leonardo Martucci - Telecooperation
Writing a Scientific Publication
Survey the related work Evaluate differences
Identify trade-offs
33
Finding the message The most difficult part (!)
Also, the creative one
going beyond the state of the art
A message that needs science Scientific foundations + challenges
can be found in the related work
Leonardo Martucci - Telecooperation
Your Work, Your Message
!
34
Related Work? Where? For the initial literature ask a researcher in the field
it will give you a broad idea about the area
Check publication repositories
ACM Digital Lib http://portal.acm.org/portal.cfm
IEEE Xplore http://ieee.org/portal/site
Google Scholar http://scholar.google.com
Academic Search http://academic.research.microsoft.com/
Conference directories http://dblp.uni-trier.de/
Authors’ home pages
Other sources from the reference lists
REPEAT
Leonardo Martucci - Telecooperation
Related Work? Where? How?
35
Related Work ∞ Identify the relevant sources
Evaluating the importance of a publication
1. Read the abstract
2. Check the reference list
3. Read the conclusions
4. Read the rest
Related work will Compare your results against their results
Be used as input for a survey
Leonardo Martucci - Telecooperation
Related Work and Relevance
Good
Good
Good
Paper Read
Next Paper
No
Yes
Yes
Yes
36
A reference looks like this:
there are also other reference styles
Leonardo Martucci - Telecooperation
Referencing: doing it right
authors
title
how was it published (proceedings) publisher date page number
37
Complete entries using BibTeX DBLP (Uni-Trier), ACM Digital Library, etc.
In the text, you just need to use: \cite{MartucciKAP08}
Leonardo Martucci - Telecooperation
Referencing with BibTeX
@inproceedings{MartucciKAP08, author = {Leonardo A. Martucci and Markulf Kohlweiss and Christer Andersson and Andriy Panchenko}, title = {Self-certified Sybil-free pseudonyms}, booktitle = {WISEC}, year = {2008}, pages = {154-159}, ee = {http://doi.acm.org/10.1145/1352533.1352558}, crossref = {wisec/2008} } @proceedings{wisec/2008, editor = {Virgil D. Gligor and Jean-Pierre Hubaux and Radha Poovendran}, title = {Proceedings of the First ACM Conference on Wireless Network Security, WISEC 2008, Alexandria, VA, USA, March 31 - April 02, 2008}, booktitle = {WISEC}, publisher = {ACM}, year = {2008}, isbn = {978-1-59593-814-5} }
38
Always have a good paper structure Organize your ideas
Organize your papers
Define it BEFORE starting to add text
Plan the content of each section
Writing skills No one learns without doing it
General Guidelines:
Be concise
Be precise
Leonardo Martucci - Telecooperation
Structure is the Key!
40
Peer-reviews Peers review your work and verify its general quality
Evaluate the work before being published
Offer suggestions to improve the work (!)
How’s quality defined in a publication?* Novelty
Soundness
Evaluation + Validation
Completeness
Readability
Leonardo Martucci - Telecooperation
Peer-reviews
* it sometimes depends on the venue
42
What to write Positive and negative aspects of the work
Constructive criticism (if possible)
Offer suggestions to improve the paper
e.g. + literature
Suggest an overall evaluation of the work
It is NOT the reviewer’s work to correct the publication!
to point typos (unless if it is one or two)
Leonardo Martucci - Telecooperation
Writing a Review
43
Top Related