19306411

SoSe 17: Seminar: IT Security

Volker Roth

Additional information / Pre-requisites

Students are expected to:

Give a technical presentation of their assigned topics; Demonstrate research software prototypes whenever applicable; Turn in a short technical report on their assigned topics (10 pages).

Students will be graded on their preparedness for discussion, their presentations and their seminar report. The report must be typeset in LaTeX. Both the LaTeX source and the PDF generated from it must be submitted as a TAR or ZIP archive. A LaTeX template is here.

The seminar report must contain references to all the articles that were used. Each literature entry must include a brief and concise summary of the article's contribution and the contribution's benefits. Please use the BibTex "note" field for this purpose and inline the bibliography by including the bbl file into the LaTeX source.

Comments

Anyone who has ever encrypted emails with PGP knows how complex and complicated this process can be. Many people cannot cope with this process and therefore do not encrypt their messages. Making encryption easily applicable for laymen is a long-known and still insufficiently solved issue. This seminar introduces students to the research areas that deal with the issue of operational simplicity for security mechanisms. We begin with a historical perspective [1,2], and then turn to principles and methods from the areas usable security and human-computer interaction.

Of particular importance here is the evaluation of systems in terms of their safety and usability. This is usually done empirically. In terms of applications, we will mainly focus on email encryption and authentication from the perspective of USEC.

No particular previous experience is necessary. Following the seminar, it is possible to write a thesis in this field.

[1] Anderson, Ross. "Why cryptosystems fail." In Proc. ACM Conference on Computer and Communications Security (CCS), pp. 215-227. ACM, 1993.

[2] Whitten, Alma, and J. Doug Tygar. "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0." In Usenix Security, vol. 1999. 1999.

[3] Artikel aus den Tagungsbänder der Konferenzen CHI, SOUPS, ACSAC.