CODE-Kolloquium

Wir freuen uns, Sie zum CODE-Kolloquium begrüßen zu dürfen. In regelmäßigen Abständen laden wir in Kooperation mit ITIS e.V. hochkarätige Redner für 45-minütige Vorträge zu ausgewählten Themen der IT- und Cyber-Sicherheit an das Forschungsinstitut CODE ein. Im Anschluss an einen Vortrag folgt eine Questions- and Answers-Runde. Abgerundet wird das Kolloquium durch ein kleines Get-Together.

Regelmäßige Einladungen erhalten Sie über unseren E-Mail-Verteiler. Gern nehmen wir Sie mit auf. Bitte senden Sie uns dazu einfach eine kurze Mitteilung an code@unibw.de.

Nächste Veranstaltung

17.04.2024

Dr. Lucjan Hanzlik (CISPA Helmholtz-Zentrum für Informationssicherheit)

Titel des Vortrags: Fast IDentity Online with Privacy and Attributes

Abstract:
Web authentication is a critical component of today's Internet and the digital world we interact with. The Fast IDentity Online (FIDO) standard enables users to leverage devices to easily authenticate to online services in mobile and desktop environments, following the passwordless authentication approach based on public key cryptography. In this talk, I will discuss the FIDO standard's privacy guarantees and ways to introduce user attributes into the authentication process.
In more detail, I will present a remote attack that breaks the informal privacy guarantees of the FIDO token for existing hardware tokens of several manufacturers. I will also show how to use the existing ePassport infrastructure to introduce trusted attributes (e.g., age) to the WebAuthn authentication process and how an ePassport can be used instead of a hardware FIDO token. Finally, I will present our recent results on group-based authentication.

Bio:
Lucjan Hanzlik is a tenure-track faculty member at CISPA Helmholtz Center for Information Security in Saarbrucken, Germany. Before joining CISPA, he was a visiting assistant professor at Stanford University, USA. He received his PhD in 2016 from the Institute of Computer Science Polish Academy of Sciences in Warsaw, Poland. His research focuses on applied and privacy-preserving cryptography. He is particularly interested in topics related to blind, ring, and group signatures and the cryptographic protocols used in eID and WebAuthen/FIDO. He frequently publishes on leading security and cryptography venues and is currently serving on the CCS, Crypto, and PETS program committees.

Veranstaltungsort:
Cascada-Gebäude, Carl-Wery-Straße 18, 81739 München (EG, rechts neben dem Eingang). Einlass ab 17:30 Uhr.

Die Teilnahme an der Veranstaltung ist kostenlos und steht grundsätzlich allen Interessierten offen. Für unsere eigene Planung bitten wir jedoch vorab um kurze Anmeldung unter code@unibw.de.

Vergangene Termine

13.03.2024 | Prof. Dr. Konrad Rieck | When Papers Choose their Reviewers: Adversarial Machine Learning in Peer Review
21.02.2024 | Prof. Dr. Dominique Schröder, FAU Erlangen-Nürnberg | Adaptor Signatures in Practice
13.12.2023 | Prof. Dr.-Ing. Gerhard Wunder, FU Berlin | On Gradient-like Explanation under a Black-box Setting: When Black-box Explanations Become as Good as White-box
22.11.2023 | Prof. Dr. Arthur Zimek, University of Southern Denmark | Fairness in Imbalanced Classification: An Adjustment to the k Nearest Neighbor Classifier
11.10.2023 | Prof. Dr. Roy Maxion, Carnegie Mellon University, USA | When the Rubbish Meets the Road: A Lesson About Bad Data in Keystroke Dynamics
21.06.2023 | Prof. Dr. Kaveh Razavi, ETH Zürich | Open Hardware Security – A New Hope
24.05.2023 | Prof. Dr. Mark Yampolskiy, Auburn University, USA | Additive Manufacturing Security: 10+ Reasons to be Concerned
03.05.2023 | Prof. Dr. Frank Piessens, KU Leuven, Belgien | Transient execution attacks: a simple system model and a proposal for a defense
07.12.2022 | Prof. Dr. Eric Bodden, Universität Paderborn | Managing the Dependency Hell – Challenges and Current Approaches to Software Composition Analysis
23.11.2022 | Samuel Groß, Google V8 Security | Attacking and Defending JavaScript Engines
09.11.2022 | Prof. Dr. Olivier Bartheye, French Air Force and Space Academy | The cyber-crisis management as a natural framework to address the challenge of coding decision-making autonomy in embedded systems
18.05.2022 | Prof. Dr. Somesh Jha, University of Wisconsin Madison, USA | Trustworthy Machine Learning and the Security Mindset
12.02.2020 | Prof. Steve Blackburn, Australian National University | Garbage Collection – Implementation, Innovation, Performance and Security
29.01.2020 | Prof. Dr. Laurence Tratt, Kings College London | Between the Lines – VM Assumptions
18.12.2019 | Victor van der Veen | Qualcomm, System Security Research at Qualcomm Product Security
04.12.2019 | Stijn Volckaert, Katholische Universität Leuven | Making Multi-Variant Execution Practical in the Real World
30.10.2019 | Herbert Bos, Freie Universität Amsterdam | Software and Harmware: when chip vendors pull the rug from under our feet
19.06.2019 | Ben Titzer, Google Munich | What Spectre means for language implementors
12.06.2019 | Prof. Stefan Katzenbeisser, Universität Passau | Covert channels on mobile devices – gyroscopes and more
15.05.2019 | Dr. Phillip J. Windley, Brigham Young University | An Identity Metasystem – Sovrin Foundation
03.04.2019 | Thorsten Holz, Ruhr-Universität Bochum | Scalable and Efficient Fuzzing for Complex Programs
20.03.2019 | Shriram Krishnamurthi, Brown University | Logic in the Service of System Configurations
13.03.2019 | Lucas Davi, Uni Duisburg-Essen | Sereum – Protecting existing Smart Contracts against Re-Entrancy Attacks
20.02.2019 | Mathias Payer, EPF Lausanne | Memory Corruption: Exploit-guided Software Testing
12.02.2019 | Michael Franz, UC Irvine | Cyber Attacks and Defenses: Trends, Challenges, and Outlook
23.01.2019 | Thomas Dullien, (aka halvarflake) von Google Project Zero | Computer Security "Exploits" and the weird machine