Seminar Topics

Machine Learning/Data Analysis

  1. A Plot is Worth a Thousand Words: Model Information Stealing Attacks via Scientific Plots (Paper)
  2. EIFFeL: Ensuring Integrity for Federated Learning (Paper)
  3. Password Guessing Using Random Forest (Paper)


  1. SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit (VideoPaper)
  2. Scanning Malware (Paper, News, Video1, Video2)
  3. Near-Ultrasound Inaudible Trojan (Nuit): Exploiting Your Speaker to Attack Your Microphone (Paper)
  4. Remote Attacks on Speech Recognition Systems Using Sound from Power Supply (Paper)
  5. Towards a General Video-based Keystroke Inference Attack (Paper)

Digital Currencies

  1. Chia/Proof of Space (Website, Greenpaper)
  2. Attacks on Bitcoin (Eclipse, Partitioning)

Internet of Things Security

  1. Authentication Based on Non-Interactive Zero-Knowledge Proofs for the Internet of Things (Paper)
  2. Eavesdropping Mobile App Activity via Radio-Frequency Energy Harvesting (Paper)
  3. Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps (Paper)
  4. Don't Kick Over the Beehive: Attacks and Security Analysis on Zigbee (Paper)

Automotive Security

  1. EV Charging Insecurity (Usenix '19, ACM TIOT'21)

Hardware Security

  1. On the (in)security of a Self-Encrypting Drive series (Paper)
  2. ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs (Paper)
  3. MouseJack (PaperDetailsDevicesNews)
  4. Wireless Mice and Keyboards Vulnerabilities (News, Crazyradio, nRF24Playset)
  5. Fansmitter (PaperNewsVideo1Video2)
  6. Brute force iPhone 5C PIN (Paper)
    Barcode-Hacks (Weitere InformationenPräsentation)
  7. Magspoof (Website)
    Neuer Kreditkartenstandard 3.2 (ix 07/16:92)
    EMV Writer (c't 03/16)
  8. Blockcipher-based Authenticated Encryption (Paper, News1, News2)
  9. Smart TV hack embeds attack code into broadcast signal (News, Talk)
  10. Ultrasonic Side Channel (Paper)
    Google Tone (Website)

Cloud Security

  1. LoSt: Location Based Storage (Paper)
    GeoProof: Proofs of Geographic Location for Cloud Computing Environment (Paper)
  2. An Investigation of Geographic Mapping Techniques for Internet Hosts (Paper)
  3. Distributed Traceroute Approach to Geographically Located IP Devices (Paper)
  4. CPV: Delay-based Location Verification for the Internet (Paper)
    Method and systems for locating geographical locations of online users (Patent)
  5. Proofs of Retrievability for Large Files (Paper)
  6. Compact Proofs of Retrievability (Paper, Talk)
  7. Securely Accessing Encrypted Cloud Storage from Multiple Authorized Devices (Paper)
  8. A Novel Cryptographic Framework for Cloud File Systems and CryFS (Paper)

System Security

  1. Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques (PaperOverview, c't 18/15)
    Windows 10 Single Sign-On (iX 12/16:44)
  2. Deep Dive: Return Oriented Programming (Book)
    Bypass ASLR (PaperNews)
  3. Windows 10 Datenleak (Artikel, c't 01/17:158, Tool) [Experiments]
  4. Trusted Computing, Trusted Computing Modul, Trusted Platform Module, Intel SGX, ARM TrustZone, Digital Rights Management (Intel SGX PaperIntel SGX WebsiteIntel SGX KritikIntel SGX ApplicationARM TrustZone WebsiteARM TrustZone Weakness, iX 02/17)

Biometric Security and Authentication

  1. Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments (Paper)
    Evaluating Behavioral Biometrics for Continuous Authentication (Paper)
  2. Person Re-identification in 3D Space: A WiFi Vision-based Approach (Paper)

Mobile Security

  1. XApp: Unauthorized Cross-App Resource Access on MAC OS X and iOS (Paper)
    Angriff auf Sparkassen TAN-App (Informationenzweiter Angriff)
  2. On App-based Matrix Code Authentication in Online Banking (PaperNews)
  3. A Formal Security Analysis of the Signal Messaging Protocol (Paper), Concern & Resolve)
    WhatsApp: From Unsecure Most Widely Used End To End Crypto Tool On The Planet & The Noise Protocol Framework (Noise ProtocolWhatsApp SecurityAxolotlPrivate GroupsAsynchronous SecuritySimplifying OTR DeniabilityNews1News2News3News4News5News6)
    WhatsApp Design Flaw? (Report)
  4. Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage (PaperInfos)
  5. Toward Robotic Robbery on the Touch Screen (PaperInformation)
  6. (In-) Security of Security Applications (PaperInformationen)
  7. Riposte: An Anonymous Messaging System Handling Millions of Users (Paper)
  8. Extracting Qualcomm's KeyMaster Keys – Breaking Android Full Disk Encryption (BlogpostApple)
  9. Spatial-Temporal Recreation of Android App Displays from Memory Images (PaperVideo)
  10. Cloak and Dagger (Paper, Talk, Website)
  11. Passphone (Paper)
  12. Mobile Fingerprinting (Paper1, Paper2)
  13. Security and Privacy Failures in Popular 2FA Apps (Paper)

Web Security

  1. Attacking the Network Time Protocol (PaperInformationen)
    Malware in Advertisements & Ads vs. Ad Blocker vs. Ad Blocker Blocker (Source1Source2)
  2. Brotli & HTTP/2 (PaperInformationenGithubHTTP/2)
    Time-based One-time Password Algorithm (RFC)
  3. HTTP Strict Transport Security (HSTSNews1News2Attack)
    HTTP Public Key Pinning (HPKP)
    CA & Pinning list administration in browsers like Firefox, Chrome, Safari, and Internet Explorer (MozillaNews)
    DigiNotar Attack (News)
  4. Web of Trust Services (WebsiteNews1News2, iX 01/17:54, Web of Trust) [Experiments]
    Privacy and Web Robots (c't 2017/13–168, c't 2017/12–170) [Experiments]
  5. Libsodium in PHP (Website, News1, News2)
    Project Wycheproof (Website)
  7. DNSSEC Root Key Resolver, KSK, Resolver (DNSSEC, c't 2017/14–162, c't 2014/08–202, RFC1, RFC2, KSK Test, KSK Gen, DNSSEC Info1, DNSSEC Info2, KSK Rollover, News1, News2, Article, Trust Anchor Fetcher, EDNS Keytag, PK-Zip)
  8. Fingerprinting: Authentication (Paper1, Paper2, Paper3)
  9. How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic (Paper)


  1. LogJam (WebsiteNewsPaper)
    FREAK (Weitere InformationenPaperWebseitePräsentation)
    DROWN (WebseitePaper)
  2. Lucky 13 (InformationenPaper)
    BERserk (InformationenPaper1Paper2)
    SLOTH (InformationenPaper)
  3. RC4-Angriff von Klein (Paper)
  4. TLS/RC4-Angriff von AlFardan et al. (InformationenPaper)
  5. RC4-Angriff innerhalb WPA-TKIP und TLS von Vanhoef und Piessens (Paper)
  6. Sweet32 (WebseitePaperNews)
  7. A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates (Paper)
  8. Multi-Context TLS (mcTLS) (Paper, Website, Slides, Talk, News)


  1. A Practical Cryptanalysis of the Algebraic Eraser (Paper, News, Website)
  2. Dual_EC_DRBG & Juniper (PaperInformationenPräsentationPaper2Paper3BlogECBlog Juniper)
  3. Watermarking Cryptographic Programs Against Arbitrary Removal Strategies (Paper)
  4. Indistinguishability Obfuscation (InformationenPaper1Paper2Paper3Paper4Paper5)
  5. scrypt (Paper)
  6. Argon2 (Paper)
  7. Strongly Undetectable Algorithm-Substitution Attacks (Paper1Paper2Paper3Paper4)
  8. RSA Sliding Window Attack (Paper)
  9. 1024 Bit Primes may be weak: A kilobit hidden SNFS discrete logarithm (Paper)
  10. SHA-1 Shattered (Paper, Website, News, MD5 Collision)
  11. Private Set Intersection for Unequal Set Sizes with Mobile Applications (Paper)
  12. Privately Computing Set-Union and Set-Intersection Cardinality via Bloom Filters (Paper)
  13. Efficient Set Operations in the Presence of Malicious Adversaries (Paper, Talk)
  14. Forward-Security under Continual Leakage (Paper)
  15. One TPM to Bind Them All: Fixing TPM 2.0 for Provably Secure Anonymous Attestation (Paper)
  16. ElsieFour: A Low-Tech Authenticated Encryption Algorithm (Paper)
  17. Modelling a public-key infrastructure (Paper)
  18. How To Prove Yourself: Practical Solutions to Identification and Signature Problems (Paper)
    Publicly Verifiable Non-Interactive Zero-Knowledge Proofs (Paper)