Seminar 4 CP, summer term 2013

Florian Volk florian.volk@cased.de

based on slides by Dr. Leonardo Martucci

Seminar Telekooperation

What? Read and analyze current scientific

publications

Topics: Security, Privacy, Trust

Florian Volk, Telekooperation 2

General Information

How? Select a topic and study it

Write a short report

Review other reports

Present your report

Who? BSc, MSc and Diploma students from Computer Science

Electrical Engineering

and related areas

Florian Volk, Telekooperation 3

General Information

Why? Introduction to a resarch area

Learn to read and analyze scientific material

Present your evaluation

When? April 23 (today) Introduction Topic Presentation Tutorial: Working with Literature

April 28 Topic Selection

June 23 First version of your report (for the review)

June 30 Deliverable of the reviews

July 09 First version of your presentation

July 14 Final version of your report

July 16 (13:00, room 4.3.01 at CASED) Presentation of your work

Meetings with your advisor (optional)

Language? English Even though your advisor might

speak German, your report has to be in English

1. Pick a topic, read the provided literature

and find more literature

2. Write an overview or state-of-the-art report

3. Peer-Review process

Your report will be reviewed by a colleague (and by your advisor)

You will review a colleague‘s report

4. Correct and improve your report following the

reviewer‘s comments

5. Give a presentation on your report

Florian Volk, Telekooperation 4

5 Steps to Success

Read

Literature

Write Report

Peer review

Correct Report

Presentation

enough

Yes

No

You get 4 graded credit points for Your report: 4-5 pages IEEE transactions style paper

(find templates on the course web page)

Your participation in the review: both active and passive

Your presentation: 15 minutes + discussion

Florian Volk, Telekooperation 5

Evaluation and Grading

You need to pass all parts!

60 %

Report

15 %

Review

25 %

Presentation

4 CP seminar with topics on Security, Privacy, and Trust

Deadlines Topic Selection: April 28

Report‘s 1st version: June 23

Review: June 30

Presentation‘s 1st version: July 09

Report‘s final version: July 14

Presentation: July 16

Florian Volk, Telekooperation 6

At a Glance

http://www.tk.informatik.tu-darmstadt.de/de/teaching/sommersemester-2013/seminar-telekooperation-s3/ florian.volk@cased.de

Seminar Topics

Honeypots

Honeypot: a decoy system, who's value lies only in being probed,

attacked or compromised.

Low and medium interaction honeypots

simulate network operations (usually at the

TCP/IP stack), in order to trick attackers.

Interesting way to detect new attacks and

malware. More and more research centers and

companies deploy honeypots.

Goal:

State-of-the-art of low and medium Honeypots

emmanouil.vasilomanolakis@cased.de

Botnets: Hiding & Defense Mechanisms

Overview:

Botnets: Infected machines/computers over the Internet (via Malwares) and turned

into Bots/Zombies/Drones.

Bots can be instructed to execute malicious activities by the Botherder/Botmaster

Difficult to detect because of the hiding & defense mechanisms

Goal:

State-of-the-art survey on Botnet’s hiding-and-defense

mechanisms

shankar.karuppayah@cased.de

Botnets:

‘Protecting’ the Communication-and-Control Mechanism

Overview:

Infected Bots need to contact the Botmaster (controls the Bots) via Command-

and-Control (C&C) mechanism

Seek next instruction/actions

Botmasters place high importance in protecting the C&C and its communication

medium/methods

Goal:

State-of-the-art survey on how the C&C’s are ‘protected’ by the Botmasters

shankar.karuppayah@cased.de

Network Resilience Metrics

Network resilience as important pre-requisite of today‘s systems

E.g., resilience to the removal of nodes:

How many nodes do I have to remove to partition the network?

Which node causes the largest number of paths to be broken?

Goal: Survey of graph-related metrics and

algorithms quantifying the

resilience / survivability of networks

mathias.fischer@cased.de

Location is sensitive for privacy Well studied – MIX networks, cloaking, […]

What about problems strongly depending

on accurate location?

Proximity testing

Closest meeting point

Or even distributed localization

Still a hot topic!

New protocols & solutions appearing

Location-based Privacy Enhancing Technologies

12 joerg.daubert@cased.de

Motivation

Task

Survey LBS PETs

Discover & explain approaches

Identify common primitives & categorize

Compare benefits & drawbacks

(Social) graphs describe our lives

Friends, work, news, hobbies, […]

Anonymizaton techniques protect

privacy

Pseudonyms, Tor, MIXnets

However, unique social graph

properties can counter anonymity

Multiple graphs might be linked

By similar structures and properties

(Social) Graph Privacy Survey

13 joerg.daubert@cased.de

Motivation

Task

Survey social graphs & privacy

Graph types & properties

Existing reference graphs & data sets

Privacy properties & metrics of graphs

(Trust and) Reputation Systems are found in numerous online sites

We are interested in

what kind of reputation systems are out there

who uses which kind of reputation system

what are they used for

Goals:

Find and survey sites using reputation systems

Classify the reputation systems according to what is being rated (products, companies, people,...)

how the rating works

Reputation Systems in the Wild

sascha.hauke@cased.de

Virtualization as Security Enabler in Mobile Devices

Overview:

OS are complex -> many

vulnerabilities

Solutions: Virtualization

However, IO hardware is shared

Attacker might mock the interaction

with the secure application

Goal:

State-of-the-art survey on

Virtualization Solutions for Mobile

Devices

Focus: Secure I/O

Stefan.Schiffner@cased.de

Hardware Platform

Hypervisor

OS

Secure OS

Trustworthy

apps behave as expected!

Unexpected behaviour

can cause your money

can release your private information

Review the threats and classify them

Review the privacy issues

Trustworthy Mobile Applications

Source: Lookout Inc.

sheikh.habib@cased.de, stefan.schiffner@tk.informatik.tu-darmstadt.de

Application stores

Google play, Apple‘s app store,…

How trustworthy they are?

Remember! there are third party app stores

AppBrain, OpenAppMkt

How those stores enforce trust?

Review and classify underlying mechanisms

Trustworthy Application Stores

sheikh.habib@cased.de

Comparison of Three Modern Trust Models

Computational Trust Modeling

When entities (e.g., people, services) interact, there is an interest in knowing the behavior

of a partner upfront.

Estimating the outcome of an interaction helps entities to decide on interaction partners.

florian.volk@cased.de

Goals

Understand the three trust models

FIRE, TRAVOS and CSRC.

Compare them based on what they

try to achieve and how they

accomplish that.

Classify these models according to

older classifications for trust

models.

Effect and Use of Product Ratings

There is an asynchrony in product ratings

Customers base their purchase decisions on product ratings.

Customers don’t rate their purchased products.

florian.volk@cased.de

Goals

Make a study (ask your friends and

fellow students) to research the

following:

Is the assumption above

correct?

Why and under which conditions

do customers rate? (Only after

bad experiences, when they

want to criticize?)

Scientifically evaluate your results.

Draw conclusions from your

findings.

Suggest a topic :)

Florian Volk, Telekooperation 20

Your Song

1. Honeypots (Emmanouil Vasilomanolakis)

2. Botnets: Hiding & Defense Mechanisms (Shankar Karuppayah)

3. Botnets: ‘Protecting’ the Communication-and-Control Mechanism (Shankar Karuppayah)

4. Network Resilience Metrics (Mathias Fischer)

5. Location-based Privacy Enhancing Technologies (Jörg Daubert)

6. (Social) Graph Privacy Survey (Jörg Daubert)

7. Reputation Systems in the Wild (Sascha Hauke)

8. Virtualization as Security Enabler in Mobile Devices (Stefan Schiffner)

9. Trustworthy Mobile Applications (Sheikh Habib, Stefan Schiffner)

10. Trustworthy Application Stores (Sheikh Habib)

11. Comparison of Three Modern Trust Models (Florian Volk)

12. Effect and Use of Product Ratings (Florian Volk)

Florian Volk, Telekooperation 21

Overview on Topics

by

Leonardo A. Martucci

Sascha Hauke

proudly presented and edited by

Florian Volk

How to work with Literature and write Scientific Material

CONTENT

What’s a scientific publication?

Finding (good) references

Correct referencing

Writing your own paper

Reviewing papers

*parts of this slide set are based on material provided by Guido Rößling

Basically a message With scientific background

Offer a new insight of a scientific problem

(solution)

OR a survey of a research field

The message is a claim That needs to be evaluated

AND validated

Leonardo Martucci - Telecooperation

What’s a scientific publication?

24

Books Survey (mostly) about a topic

Theses Doctoral dissertations and Master theses

Very focused scientific work and findings

Articles and Papers Articles appear in Journals

Papers in Conferences, Symposia, Workshops

New findings and concepts

Leonardo Martucci - Telecooperation

How does a publication looks like?

25

Standards and RFC Define the common ground

Thoroughly reviewed

Published by a standardization body

Technical Reports A focused scientific work

White papers published by vendors

Sometimes biased

Not reviewed

Leonardo Martucci - Telecooperation

How does a publication looks like?

26

Journal Articles Quality mostly depends on the Journal

Good Journal Good Article

Sometimes articles are outdated

Conferences and Symposia Quality is usually connected to the Conference

Good Conference Good Paper

The most recent research achievements

Workshops Mostly for work in progress

Good for discussing new ideas

Leonardo Martucci - Telecooperation

Articles and Papers

27

Standards relate to a given technology ITU-T standards

ITU is the UN agency for ICT standards

ITU-T defines standards for telecom

e.g. the X series

IEEE standards

Industrial standards, including ICT

e.g. IEEE 802 standard family

IETF

Internet related standards i.e. RFC

e.g. IP addressing scheme

TCP, TLS protocols, routing

Always pay attention on the RFC status

Leonardo Martucci - Telecooperation

Standards and RFC

28

Refer back to the original source of information For others to identify the foundations of your work

Giving credit, when credit is due

Not doing so is REALLY bad practice

aka plagiarism

Grundregeln der wissenschaftlichen Ethik am Fachbereich Informatik

Leonardo Martucci - Telecooperation

References and Referencing

29

Scientific publications Articles, papers, books

Standards RFC, ITU, IEEE, W3C etc.

+ All other non-scientific sources Surveys

Magazines

Reports

Can I reference Wikipedia?

or any other online material?

YES, but mind: not reliable (or stable) information sources

Leonardo Martucci - Telecooperation

What should I reference?

30

First, define the message Objective of your publication

define the area of research

Read the related work Define the work around your work

Finding out what has been done

Implement your idea Evaluate your idea

Validate your idea

Write your publication

Leonardo Martucci - Telecooperation

Writing a Scientific Publication

Survey the related work Evaluate differences

Identify trade-offs

31

Finding the message The most difficult part (!)

Also, the creative one

going beyond the state of the art

A message that needs science Scientific foundations + challenges

can be found in the related work

Leonardo Martucci - Telecooperation

Your Work, Your Message

!

32

Related Work? Where? For the initial literature ask a researcher in the field

it will give you a broad idea about the area

Check publication repositories

ACM Digital Lib http://portal.acm.org/portal.cfm

IEEE Xplore http://ieee.org/portal/site

Google Scholar http://scholar.google.com

Academic Search http://academic.research.microsoft.com/

Conference directories http://www.dblp.org/search/

Authors’ home pages

Other sources from the reference lists

REPEAT

Leonardo Martucci - Telecooperation

Related Work? Where? How?

33

Related Work ∞ Identify the relevant sources

Evaluating the importance of a publication

1. Read the abstract

2. Check the reference list

3. Read the conclusions

4. Read the rest

Related work will Compare your results against their results

Be used as input for a survey

Leonardo Martucci - Telecooperation

Related Work and Relevance

Good

Good

Good

Paper Read

Next Paper

No

Yes

Yes

Yes

34

A reference looks like this:

there are also other reference styles

Leonardo Martucci - Telecooperation

Referencing: doing it right

authors

title

how was it published (proceedings) publisher date page number

35

Complete entries using BibTeX DBLP, CiteSeerX, ACM Digital Library, etc.

In the text, you just need to use: \cite{MartucciKAP08}

Leonardo Martucci - Telecooperation

Referencing with BibTeX

@inproceedings{MartucciKAP08, author = {Leonardo A. Martucci and Markulf Kohlweiss and Christer Andersson and Andriy Panchenko}, title = {Self-certified Sybil-free pseudonyms}, booktitle = {WISEC}, year = {2008}, pages = {154-159}, ee = {http://doi.acm.org/10.1145/1352533.1352558}, crossref = {wisec/2008} } @proceedings{wisec/2008, editor = {Virgil D. Gligor and Jean-Pierre Hubaux and Radha Poovendran}, title = {Proceedings of the First ACM Conference on Wireless Network Security, WISEC 2008, Alexandria, VA, USA, March 31 - April 02, 2008}, booktitle = {WISEC}, publisher = {ACM}, year = {2008}, isbn = {978-1-59593-814-5} }

36

Write your publication

Leonardo Martucci - Telecooperation 37

Always have a good paper structure Organize your ideas

Organize your papers

Define it BEFORE starting to add text

Plan the content of each section

Writing skills No one learns without doing it

General Guidelines:

Be concise

Be precise

Leonardo Martucci - Telecooperation

Structure is the Key!

38

Reviews and Reviewing

Leonardo Martucci - Telecooperation 39

Peer-reviews Peers review your work and verify its general quality

Evaluate the work before being published

Offer suggestions to improve the work (!)

How’s quality defined in a publication?* Novelty

Soundness

Evaluation + Validation

Completeness

Readability

Leonardo Martucci - Telecooperation

Peer-reviews

* it sometimes depends on the venue

40

What to write Positive and negative aspects of the work

Constructive criticism (if possible)

Offer suggestions to improve the paper

e.g. + literature

Suggest an overall evaluation of the work

It is NOT the reviewer’s work to correct the publication!

to point typos (unless if it is one or two)

Leonardo Martucci - Telecooperation

Writing a Review

41

What’s a scientific publication?

Finding (good) references

Correct referencing

Writing your own paper

Reviewing papers

Leonardo Martucci - Telecooperation

Summary

42