UniversityUniversity
577
  • Home
  • Teaching
    • Bachelor courses
      • Algorithms and Data Structures
      • Formal Foundations of Computer Science
      • Practical Computer Science I
      • Selected Topics in IT-Security
      • Theoretical Computer Science
    • Master courses
      • Algorithmics
      • Cryptography II
      • Data Security and Privacy
      • IoT Security
      • Team Project
    • Seminars
      • LS Armknecht
        • IT-Security (Master)
        • Practical IT-Security
        • Seminar Topics
      • LS Krause
    • Theses
  • Research
    • Research topics
    • Publications
    • Projects
  • People
    • Professors
      • Prof. Dr. Frederik Armknecht
      • Prof. Dr. Matthias Krause
    • Academic Staff
      • Alexander Moch
      • Christian Müller
      • Jasmin Zalonis
      • Jochen Schäfer
      • Dr. Matthias Hamann
      • Dr. Vasily Mikhalev
      • Youzhe Heng
    • Adminstration
      • Gabi Atkinson
      • Karin Teynor
      • Walter Müller
    • Alumni
  • Wirtschafts­informatik und Wirtschafts­mathematik
  • Arbeits­gruppe Theoretische Informatik und IT-Sicherheit
  • Teaching
  • Seminars
  • LS Armknecht
  • Seminar Topics
  • Topics

    Malware and Ransomware

    1. Stuxnet & Duqu (Talks at Google, Zero Days, Duqu)
    2. Industroyer & Ukrenergo (Whitepaper, News1, News2, News3, News4)
    3. SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit (Video, Paper)
    4. Scanning Malware (Paper, News, Video1, Video2)

    Digital Currencies

    1. Cryptocurrencies: Classification and Comparison
    2. Taler (Paper Draft, Webseite)

    Internet of Things Security

    1. The Thermostat, The Hacker, and The Malware (News, Video, Blog)
    2. IoT Goes Nuclear: Creating a ZigBee Chain Reaction (Paper, Website)
    3. Authentication Based on Non-Interactive Zero-Knowledge Proofs for the Internet of Things (Paper)

    Automotive Security

    1. Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer (Paper, Slides, Video, News)
    2. Vehicular Environment Security (IEEE Standard, Präsentation1, Präsentation2, Präsentation3)

    Hardware Security

    1. On the (in)security of a Self-Encrypting Drive series (Paper)
    2. ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs (Paper)
    3. MouseJack (Paper, Details, Devices, News)
    4. Wireless Mice and Keyboards Vulnerabilities (News, Crazyradio, nRF24Playset)
    5. Fansmitter (Paper, News, Video1, Video2)
    6. PoisonTap (Website, Video)
    7. Brute force iPhone 5C PIN (Paper)
      Barcode-Hacks (Weitere Informationen, Präsentation)
    8. Magspoof (Website)
      Neuer Kreditkartenstandard 3.2 (ix 07/16:92)
      EMV Writer (c't 03/16)
    9. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms (News, Website, Paper)
    10. Blockcipher-based Authenticated Encryption (Paper, News1, News2)
    11. Smart TV hack embeds attack code into broadcast signal (News, Talk)
    12. Ultrasonic Side Channel (Paper)
      Google Tone (Website)
    13. SeaGlass: Enabling City-Wide IMSI-Catcher Detection (News, Paper)

    Cloud Security

    1. Authentication & Identification: OAuth, Single Sign-On (SSO), OpenID, SAML, and SCIM. (OAuth, 3-legged-OAuth, OAuth2Oz, SSO, Covert Redirect, OpenID, SAML, SCIM, Simplecloud, iX 03/16)
    2. LoSt: Location Based Storage (Paper)
      GeoProof: Proofs of Geographic Location for Cloud Computing Environment (Paper)
    3. Position Based Cryptography (Paper)
    4. An Investigation of Geographic Mapping Techniques for Internet Hosts (Paper)
      Distributed Traceroute Approach to Geographically Located IP Devices (Paper)
    5. CPV: Delay-based Location Verification for the Internet (Paper)
      Method and systems for locating geographical locations of online users (Patent)
    6. Dude, where’s that IP? Circumventing measurement-based IP geolocation (Paper)
      Accurate Manipulation of Delay-based Internet Geolocation (Paper)
    7. Proofs of Retrievability for Large Files (Paper)
    8. Compact Proofs of Retrievability (Paper, Talk)
    9. Securely Accessing Encrypted Cloud Storage from Multiple Authorized Devices (Paper)
    10. A Novel Cryptographic Framework for Cloud File Systems and CryFS (Paper)

    System Security

    1. Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques (Paper, Overview, c't 18/15)
      Windows 10 Single Sign-On (iX 12/16:44)
    2. Deep Dive: Return Oriented Programming (Book)
      Bypass ASLR (Paper, News)
    3. Dirty COW (Video1, Video2, Video3, Webseite, c't 4/17)
      Atom Bombing (Video, Website)
    4. Windows 10 Datenleak (Artikel, c't 01/17:158, Tool) [Experiments]
    5. Trusted Computing, Trusted Computing Modul, Trusted Platform Module, Intel SGX, ARM TrustZone, Digital Rights Management (Intel SGX Paper, Intel SGX Website, Intel SGX Kritik, Intel SGX Application, ARM TrustZone Website, ARM TrustZone Weakness, iX 02/17)
    6. Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud (News, Paper1, Paper2, Paper3, Talk)+

    Biometric Security

    1. Keystroke Recognition Using WiFi Signals (Paper, News)
      Don’t Skype & Type! Acoustic Eavesdropping in Voice-Over-IP (Paper)
    2. Fingerprinting: Writing & Audio (Paper1, Paper2)
    3. Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments (Paper)
      Evaluating Behavioral Biometrics for Continuous Authentication (Paper)

    Mobile Security

    1. XApp: Unauthorized Cross-App Resource Access on MAC OS X and iOS (Paper)
      Angriff auf Sparkassen TAN-App (Informationen, zweiter Angriff)
      On App-based Matrix Code Authentication in Online Banking (Paper, News)
    2. A Formal Security Analysis of the Signal Messaging Protocol (Paper), Concern & Resolve)
      WhatsApp: From Unsecure Most Widely Used End To End Crypto Tool On The Planet & The Noise Protocol Framework (Noise Protocol, WhatsApp Security, Axolotl, Private Groups, Asynchronous Security, Simplifying OTR Deniability, News1, News2, News3, News4, News5, News6)
      WhatsApp Design Flaw? (Report)
    3. Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage (Paper, Infos)
    4. Toward Robotic Robbery on the Touch Screen (Paper, Information)
    5. (In-) Security of Security Applications (Paper, Informationen)
    6. Riposte: An Anonymous Messaging System Handling Millions of Users (Paper)
    7. Extracting Qualcomm's KeyMaster Keys - Breaking Android Full Disk Encryption (Blogpost, Apple)
    8. Spatial-Temporal Recreation of Android App Displays from Memory Images (Paper, Video)
    9. Cloak and Dagger (Paper, Talk, Website)
    10. Passphone (Paper)
    11. Stealing PINs via Mobile Sensors (Paper) [Experiments]
    12. Mobile Fingerprinting (Paper1, Paper2)

    Web Security

    1. Attacking the Network Time Protocol (Paper, Informationen)
      Malware in Advertisements & Ads vs. Ad Blocker vs. Ad Blocker Blocker (Source1, Source2)
    2. Brotli & HTTP/2 (Paper, Informationen, Github, HTTP/2)
      Time-based One-time Password Algorithm (RFC)
    3. HTTP Strict Transport Security (HSTS, News1, News2, Attack)
      HTTP Public Key Pinning (HPKP)
      CA & Pinning list administration in browsers like Firefox, Chrome, Safari, and Internet Explorer (Mozilla, News)
      DigiNotar Attack (News)
    4. Security of Adobe Flash and Silverlight over the last 10 years (Start)
    5. Web of Trust Services (Website, News1, News2, iX 01/17:54, Web of Trust) [Experiments]
      Privacy and Web Robots (c't 2017/13-168, c't 2017/12-170) [Experiments]
    6. Libsodium in PHP (Website, News1, News2)
      Project Wycheproof (Website)
    7. E-Mail-Security: STARTTLS, DANE, PGP, S/MIME (STARTTLS, DANE, PGP, S/MIME)
    8. DNSSEC Root Key Resolver, KSK, Resolver (DNSSEC, c't 2017/14-162, c't 2014/08-202, RFC1, RFC2, KSK Test, KSK Gen, DNSSEC Info1, DNSSEC Info2, KSK Rollover, News1, News2, Article, Trust Anchor Fetcher, EDNS Keytag, PK-Zip)
    9. Fingerprinting: Authentication (Paper1, Paper2, Paper3)

    SSL/TLS and RC4

    1. BEAST (Informationen)
      POODLE (Weitere Informationen, Paper)
    2. BREACH (Informationen, Paper)
      CRIME (Weitere Informationen, Präsentation)
      HEIST (Paper)
    3. LogJam (Website, News, Paper)
      FREAK (Weitere Informationen, Paper, Webseite, Präsentation)
      DROWN (Webseite, Paper)
    4. Lucky 13 (Informationen, Paper)
      BERserk (Informationen, Paper1, Paper2)
      SLOTH (Informationen, Paper)
    5. RC4-Angriff von Klein (Paper)
    6. TLS/RC4-Angriff von AlFardan et al. (Informationen, Paper)
    7. RC4-Angriff innerhalb WPA-TKIP und TLS von Vanhoef und Piessens (Paper)
    8. Sweet32 (Webseite, Paper, News)
    9. A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates (Paper)
    10. Multi-Context TLS (mcTLS) (Paper, Website, Slides, Talk, News)

    Cryptography

    1. A Practical Cryptanalysis of the Algebraic Eraser (Paper, News, Website)
    2. Dual_EC_DRBG & Juniper (Paper, Informationen, Präsentation, Paper2, Paper3, BlogEC, Blog Juniper)
    3. Watermarking Cryptographic Programs Against Arbitrary Removal Strategies (Paper)
    4. Indistinguishability Obfuscation (Informationen, Paper1, Paper2, Paper3, Paper4, Paper5)
    5. scrypt (Paper)
    6. Argon2 (Paper)
    7. Strongly Undetectable Algorithm-Substitution Attacks (Paper1, Paper2, Paper3, Paper4)
    8. Post-quantum key exchange - a new hope & CECPQ1 (Paper, Backreference1, Backreference2, CECPQ1)
    9. RSA Sliding Window Attack (Paper)
    10. 1024 Bit Primes may be weak: A kilobit hidden SNFS discrete logarithm (Paper)
    11. SHA-1 Shattered (Paper, Website, News, MD5 Collision)
    12. Private Set Intersection for Unequal Set Sizes with Mobile Applications (Paper)
    13. Privately Computing Set-Union and Set-Intersection Cardinality via Bloom Filters (Paper)
    14. Efficient Set Operations in the Presence of Malicious Adversaries (Paper, Talk)
    15. Forward-Security under Continual Leakage (Paper)
    16. One TPM to Bind Them All: Fixing TPM 2.0 for Provably Secure Anonymous Attestation (Paper)
    17. ElsieFour: A Low-Tech Authenticated Encryption Algorithm (Paper)
    18. Modelling a public-key infrastructure (Paper)
    19. Non-Interactive Zero-Knowledge and Its Applications (Paper)
      Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack (Paper)
    20. How To Prove Yourself: Practical Solutions to Identification and Signature Problems (Paper)
      Publicly Verifiable Non-Interactive Zero-Knowledge Proofs (Paper)
Arbeitsgruppe für Theoretische Informatik und IT-Sicherheit
Photo credit: Anna Logue
Arbeits­gruppe für Theoretische Informatik und IT-Sicherheit
Route planner

Arbeits­gruppe für Theoretische Informatik und IT-Sicherheit

University of Mannheim
School of Business Informatics and Mathematics
B6, 26
68159 Mannheim
+Service
  • Anfahrt und Campusplan
  • Portal²
  • Newsletter
  • Abteilung Kommunikation
  • Abteilung Marketing
  • Universitäts­bibliothek
+Engagement
  • Stiftung Universität Mannheim
  • Freunde Universität Mannheim
  • Absolventum Mannheim
  • Stipendien
FORUM
Das Magazin der Universität Mannheim
FORUM Magazin, Ausgabe 2/2019
+Engagement
  • Stiftung Universität Mannheim
  • Freunde Universität Mannheim
  • Absolventum Mannheim
  • Stipendien
  • Contact
  • About this Site
  • Privacy Policy
  • Sitemap
In order to improve performance and enhance the user experience for the visitors to our website, we use cookies and store anonymous usage data. For more information please read our privacy policy.
Allow
Reject

Tracking cookies are currently allowed.

Do not allow tracking cookies

Tracking cookies are currently not allowed.

Allow tracking cookies