Seminar 4 CP, summer term 2012

Florian Volk florian.volk@cased.de

based on last year‘s slides from Dr. Leonardo Martucci

Security, Privacy, and Trust

What? Read and analyze current scientific

publications

Topics: Security, Privacy, Trust

Florian Volk, Telekooperation 2

General Information

How? Select a topic and study it

Write a short report

Review other reports

Present your report

Who? BSc, MSc and Diploma students from Computer Science

Electrical Engineering

and related areas

Florian Volk, Telekooperation 3

General Information

Why? Introduction to a resarch area

Learn to read and analyze scientific material

Present your evaluation

When? April 17 (today) Introduction Topic Presentation Tutorial: Working with Literature

April 24 Topic Selection

June 10 First version of your report (for the review)

June 17 Deliverable of the reviews

July 01 Final version of your report

July 05 (13:00) Presentation of your work

Meetings with your advisor (optional)

Language? English or German Also depends on advisor

1. Pick a topic, read the provided literature

and find more literature

2. Write an overview or state-of-the-art report

3. Peer-Review process

Your report will be reviewed by a colleague (and by your advisor)

You will review a colleague‘s report

4. Correct your report following the reviewer‘s

comments

5. Give a presentation on your report

Florian Volk, Telekooperation 4

5 Steps to Success

Read

Literature

Write Report

Peer review

Correct Report

Presentation

enough

Yes

No

You get 4 graded credit points for Your report: 4-5 pages (max!) IEEE transactions style paper

Your participation in the review: both active and passive

Your presentation: 15 minutes + discussion

Florian Volk, Telekooperation 5

Evaluation and Grading

You need to pass all parts!

60 %

Report

15 %

Review

25 %

Presentation

4 CP Seminar with topics on Security, Privacy, and Trust

Deadlines Topic Selection: April 24

Report‘s 1st version: June 10

Review: June 17

Report‘s final version: July 01

Presentation: July 05

Florian Volk, Telekooperation 6

At a Glance

www.tk.informatik.tu-darmstadt.de/ de/teaching/sommersemester-2012/ seminar-telekooperation-s3/ florian.volk@cased.de

Advisors: Jörg Daubert

Fábio Borges de Olivera

…

Seminar Topics

Florian Volk, Telekooperation 7

8

How to gossip via Face Book?

Online Social networks are popular and helpful to stay in contact

with buddies, yet they do bear some risks in terms of privacy

You want to share with your (some) friends,

but not with the provider?

You want to share with mankind,

but not with robokind?

You want to gossip?

Goal: Survey on current soft security add ons for social networks

Stefan.Schiffner@cased.de

9

History: Privacy Paradigms

Privacy is a soft term and cannot be translated

into math directly. Paradigms can help to

describe the translation process.

Privacy as confidentiality

My privacy is preserved if my

sensitive data is not leaked

Privacy as control

My privacy is preserved if I can

control to whom I release it

Privacy as praxis

My privacy is preserved if I know

what happens to my data

Goal: Comparison and Background of

these paradigms

Stefan.Schiffner@cased.de

10

Smart Grids: Enhancing Privacy

fabio.borges@cased.de

Smart Grids: modernization of electrical systems enhances users’ monitor, control and prediction

BUT

raises new security & privacy concerns

Different privacy strategies are now being considered: Aggregation of consumers’ data

Battery-driven approaches

Trusted-third parties

Goal: Overview of one of the aforementioned strategies

11

Comparison of methods to measure IT-Security implementation

golriz.chehrazi@cased.de

Showing the economic benefit of IT-Security by design over post-hoc IT-Security implementation

Goal: Survey methods to measure

IT security implementation effort

Classify and compare the found methods

12

Survey: Privacy protection in WSNs

joerg.daubert@cased.de

Wireless Sensor Networks (WSNs)

Many sensor devices

Even yours

Collection of sensitive data

Should not be linkable to you

Some basic approaches are known for protecting privacy:

Secure Aggregation

Calculate results close to sensor

Raw values are never disclosed

Slicing & Mixing

Slicing, garbling, exchange between nodes

Origin is never disclosed

Goal: Survey state-of-the-art mechanisms for protecting privacy in WSNs.

13

Comparison: Privacy Policy Languages

joerg.daubert@cased.de

Privacy policies control the usage of data, e.g.:

What is stored? Who can access it?

And when it has to be deleted?

Several languages exist:

P3P – Privacy Preferences Project

EPAL – Enterprise Privacy Authorization Language

XACML – eXtensible Access Control Markup Language

But which one is best and what are the differences?

Goal: Search for, explain and compare privacy policy languages

14

Survey: Privacy-preserving Data Mining

joerg.daubert@cased.de

Data Mining is the discipline of discovering knowledge in databases

But it is also a threat to your privacy:

Disclosure of identity

Association of sensitive attributes

Linking of records and across DBs

Very old approaches exist

But also hot topic in Cloud Computing

New solutions are hitting the surface

Goal: Overview and comparison of data mining approaches that protect privacy

15

Open focus: Private P2P Communities

joerg.daubert@cased.de

Communities in Peer-2-Peer networks

Group nodes/persons by interests, e.g.:

Location = Darmstadt

Asthmatic = true

Sensitive

Dynamic network (joins and leaves) – scalability

Bazillions of interest combinations

Big challenges

How to join/leave w/o disclosing interest?

But we need control structures in P2P

How to route events w/o requiring many overlays?

No message disclosure outside community

Goal: Assess overlay & routing technologies against privacy, survey privacy for P2P communities, …

16

P2P-based Intrusion Detection

mathias.fischer@cased.de

Intrusion Detection Systems (IDS) attempt to automatically detect ongoing attacks on a system/network via

Outlier detection

Pattern matching

Problems with accuracy, scalability, efficiency

Collaborative / P2P-based IDS

More effective

Sharing of resources and thus more scalable

Protection of large networks

Better view on global attack activity

Goal: Overview and comparison of P2P-based Intrusion Detection Systems

Copyright © 2008 UC Regents. all rights reserved

17

Network-based Covert Channel Attacks

mathias.fischer@cased.de

Covert or hidden channel attacks

Masking traffic on its way through a network by providing confidentiality and anonymity

Stealing confidential data (e.g., bypassing IDS systems) or hiding from censorship

For example via

Making use of unused bits in IP-Header

Encoding data via inter-packet delays (sending packets in Morse code: . packet _ no packet)

Identification of covert channels

Non-Interference Analysis, Covert Flow Tree, etc.

Countermeasures

Traffic normalization, limiting packet rate, etc.

Goal: Classification of Covert Channel Attacks, strategies to discover them and countermeasures

18

Distributed Algorithms for the Smart Grid

mathias.fischer@cased.de

Smart Grids to closely link energy production, energy distribution networks and consumers

Consumers as energy producers (photovoltaics, wind, water, etc.)

Current proposals rely on central authorities for coordination

→Bottlenecks and SPoFs

Distributed algorithms for the Smart Grid

Locally redistribute energy from producers to consumers

Removing bottlenecks and SPoFs

Keeping energy and data locally

Goal: Overview, classification and comparison of distributed algorithms and protocols in current proposals for the smart grid

19

From Reputation to Trust: Getting a Trust Score out of Reputation Info

sascha.hauke@cased.de

Reputation models track behavior and provide information its distribution

E.g. how many 1-star, 2-star and 3-star ratings a product gets

Ranging from binary to continuous ratings

Trust models generally use a ranking criterion to compare trust scores

E.g. to find the best product

Goals:

Survey a number of existing trust models (and real-world reputation systems)

Discuss how they transfer reputation information into a trust score (e.g.by averaging)

Opinions on

Recommenders

Opinions on

Providers

INTERACT

SomeProvider, Inc

Certainty Reputation

Score

0.25 0.75

0.75

0.66

0.83

0.75

0.51

0.96

A

20

Data Mining Techniques for Trustworthiness Prediction

sascha.hauke@cased.de

Data mining is an active research field in economics and information systems... How can its techniques (e.g. time series analysis) be

applied to predict how “good” a product is or how trust- worthy a seller will be?

What kind of data can be used as an input to trust computation? Indicators of trustworthiness

Implicit data, trends, etc.

Goals:

Provide an overview of different data mining techniques for prediction (e.g., show how cool linear regression can be, or neural networks, or clustering for trust prediction)

21

Reputation-based Trust: Propagation of Reputation in Distributed Systems

sascha.hauke@cased.de

The reputation of an entity is what a “community” thinks of it. The common knowledge is vast!

But it is difficult to tap!]

In distributed systems, no central authority “knows it all” Reputation is mediated through who you know,

Reputation depends on who you trust.

Goals:

Provide an overview of different trust propagation mechanisms (and real-world reputation systems, or generic reputation spreading phenomena, e.g. multiplicators)

Evaluate criteria and provide a comparison (for instance by instantiating it with an example setup)

22

Survey: (Web) Service Composition

florian.volk@cased.de

Several services can be combined to form a new service

Such compositions rise questions about the composite’s quality, reliability, …

How can this information be derived?

Goal: Classify different service compositions

and survey strategies to derive information about composites from their components

„Jennifer Aniston“

Sherman Oaks

23

The Internet of Services

florian.volk@cased.de

The Future Internet is based on interacting services

Questions:

What is the Internet of Services?

How will it be?

Which technologies might be used?

How does it relate to the Internet of Things?

Goal: Survey literature about the Future Internet

Collect and organize answers to the above questions

Erik Wylde, University of Berkeley

Suggest something :)

Florian Volk, Telekooperation 24

Your Topic

1. How to gossip via Face Book (Stefan Schiffner)

2. History: Privacy Paradigms (Stefan Schiffner)

3. Smart Grids: Enhancing Privacy (Fábio Borges)

4. Comparison of methods to measure IT-Security implementation (Golriz Chehrazi)

5. Survey: Privacy protection in WSNs (Jörg Daubert)

6. Comparison: Privacy Policy Languages (Jörg Daubert)

7. Survey: Privacy-Preserving Data Mining (Jörg Daubert)

8. Open focus: Private P2P Communities (Jörg Daubert)

9. P2P-based Intrusion Detection (Mathias Fischer)

10. Network-based Covert Channel Attacks (Mathias Fischer)

11. Distributed Algorithms for the Smart Grid (Mathias Fischer)

12. From Reputation to Trust: Getting a Trust Score out of Reputation Info (Sascha Hauke)

13. Data Mining Techniques for Trustworthiness Prediction (Sascha Hauke)

14. Reputation-based Trust: Propagation of Reputation in Distributed Systems (Sascha Hauke)

15. Survey: (Web) Service Composition (Florian Volk)

16. The Internet of Services (Florian Volk)

Florian Volk, Telekooperation 25

Overview on Topics

by

Leonardo A. Martucci

Sascha Hauke

proudly presented and edited by

Florian Volk

How to work with Literature and write Scientific Material

CONTENT

What’s a scientific publication?

Finding (good) references

Correct referencing

Writing your own paper

Reviewing papers

*parts of this slide set are based on material provided by Guido Rößling

Basically a message With scientific background

Offer a new insight of a scientific problem

(solution)

OR a survey of a research field

The message is a claim That needs to be evaluated

AND validated

Leonardo Martucci - Telecooperation

What’s a scientific publication?

28

Books Surveys (mostly) about a topic

Theses Doctoral dissertations and Master theses

Very focused scientific work and finding

Articles and Papers Articles appear in Journals

Papers in Conferences, Symposia, Workshops

New findings and concepts

Leonardo Martucci - Telecooperation

How does a publication looks like?

29

Standards and RFC Define the common ground

Thoroughly reviewed

Published by a standardization body

Technical Reports A focused scientific work

White papers published by vendors

Sometimes biased

Not reviewed

Leonardo Martucci - Telecooperation

How does a publication looks like?

30

Journal Articles Quality mostly depends on the Journal

Good Journal Good Article

Sometimes articles are outdated

Conferences and Symposia Quality is usually connected to the Conference

Good Conference Good Paper

The most recent research achievements

Workshops Mostly for work in progress

Good for discussing new ideas

Leonardo Martucci - Telecooperation

Articles and Papers

31

Standards relate to a given technology ITU-T standards

ITU is the UN agency for ICT standards

ITU-T defines standards for telecom

e.g. the X series

IEEE standards

Industrial standards, including ICT

e.g. IEEE 802 standard family

IETF

Internet related standards i.e. RFC

e.g. IP addressing scheme

TCP, TLS protocols, routing

Always pay attention on the RFC status

Leonardo Martucci - Telecooperation

Standards and RFC

32

Refer back to the original source of information For others to identify the foundations of your work

Giving credit, when credit is due

Not doing so is REALLY bad practice

aka plagiarism

Grundregeln der wissenschaftlichen Ethik am Fachbereich Informatik

Leonardo Martucci - Telecooperation

References and Referencing

33

Scientific publications Articles, papers, books

Standards RFC, ITU, IEEE, W3C, etc.

+ All other non-scientific sources Surveys

Magazines

Reports

Can I reference Wikipedia?

or any other online material?

YES, but mind: not reliable (or stable) information sources

Leonardo Martucci - Telecooperation

What should I reference?

34

First, define the message Objective of your publication

define the area of research

Read the related work Define the work around your work

Finding out what has been done

Implement your idea Evaluate your idea

Validate your idea

Write your publication

Leonardo Martucci - Telecooperation

Writing a Scientific Publication

Survey the related work Evaluate differences

Identify trade-offs

35

Finding the message The most difficult part (!)

Also, the creative one

going beyond the state of the art

A message that needs science Scientific foundations + challenges

can be found in the related work

Leonardo Martucci - Telecooperation

Your Work, Your Message

!

36

Related Work? Where? For the initial literature ask a researcher in the field

it will give you a broad idea about the area

Check publication repositories

ACM Digital Lib http://portal.acm.org/portal.cfm

IEEE Xplore http://ieee.org/portal/site

Google Scholar http://scholar.google.com

Academic Search http://academic.research.microsoft.com/

Conference directories http://dblp.uni-trier.de/

Authors’ home pages

Other sources from the reference lists

REPEAT

Leonardo Martucci - Telecooperation

Related Work? Where? How?

37

Related Work ∞ Identify the relevant sources

Evaluating the importance of a publication

1. Read the abstract

2. Check the reference list

3. Read the conclusions

4. Read the rest

Related work will Compare your results against their results

Be used as input for a survey

Leonardo Martucci - Telecooperation

Related Work and Relevance

Good

Good

Good

Paper Read

Next Paper

No

Yes

Yes

Yes

38

A reference looks like this:

there are also other reference styles

Leonardo Martucci - Telecooperation

Referencing: doing it right

authors

title

how was it published (proceedings) publisher date page number

39

Complete entries using BibTeX DBLP (Uni-Trier), ACM Digital Library, etc.

In the text, you just need to use: \cite{MartucciKAP08}

Leonardo Martucci - Telecooperation

Referencing with BibTeX

@inproceedings{MartucciKAP08, author = {Leonardo A. Martucci and Markulf Kohlweiss and Christer Andersson and Andriy Panchenko}, title = {Self-certified Sybil-free pseudonyms}, booktitle = {WISEC}, year = {2008}, pages = {154-159}, ee = {http://doi.acm.org/10.1145/1352533.1352558}, crossref = {wisec/2008} } @proceedings{wisec/2008, editor = {Virgil D. Gligor and Jean-Pierre Hubaux and Radha Poovendran}, title = {Proceedings of the First ACM Conference on Wireless Network Security, WISEC 2008, Alexandria, VA, USA, March 31 - April 02, 2008}, booktitle = {WISEC}, publisher = {ACM}, year = {2008}, isbn = {978-1-59593-814-5} }

40

Write your publication

Leonardo Martucci - Telecooperation 41

Always have a good paper structure Organize your ideas

Organize your papers

Define it BEFORE starting to add text

Plan the content of each section

Writing skills No one learns without doing it

General Guidelines:

Be concise

Be precise

Leonardo Martucci - Telecooperation

Structure is the Key!

42

Reviews and Reviewing

Leonardo Martucci - Telecooperation 43

Peer-reviews Peers review your work and verify its general quality

Evaluate the work before being published

Offer suggestions to improve the work (!)

How’s quality defined in a publication?* Novelty

Soundness

Evaluation + Validation

Completeness

Readability

Leonardo Martucci - Telecooperation

Peer-reviews

* it sometimes depends on the venue

44

What to write Positive and negative aspects of the work

Constructive criticism (if possible)

Offer suggestions to improve the paper

e.g. + literature

Suggest an overall evaluation of the work

It is NOT the reviewer’s work to correct the publication!

to point typos (unless if it is one or two)

Leonardo Martucci - Telecooperation

Writing a Review

45

What’s a scientific publication?

Finding (good) references

Correct referencing

Writing your own paper

Reviewing papers

Leonardo Martucci - Telecooperation

Summary

46