Verteilte Systeme
AG Waldvogel

Login |

Research Seminar Current Trends in Network Security (Winter 2016/17)

assigned topics

Topics are assigned as follows. You can download these papers for free from the university network and from the University's SVN Server. Please do not pay the publisher some ridiculous amount for a single download; the library has paid them already.


14. Digital Society (Franziska Michaela Schlor)

  • The Right to be Forgotten in the Media: A Data-Driven Study (Xue et al, PETS 2016)
  • Neutral Net Neutrality (Yiakoumis et al, PETS 2016)

3. Software Security (Kristina Theil)

  • Automatically Detecting Error Handling Bugs Using Error Specifications (Jana et al, USENIX Security 2016)
  • On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software Vulnerabilities. (Torres-Arias et al, USENIX Security 2016)


2. Intercepting Network Traffic (Ahmet Eroglu)

  • Off-Path TCP Exploits: Global Rate Limit Considered Dangerous (Cao et al, USENIX Security 2016)
  • Website-Targeted False Content Injection by Network Operators (Nakibly et al, USENIX Security 2016)

10. Attacking Tor (Alper Ozaydin)

  • On Realistically Attacking Tor with Website Fingerprinting (Wang and Goldberg, PETS 2016)
  • k-fingerprinting: A Robust Scalable Website Fingerprinting Technique (Hayes and Danezis, USENIX Security 2016)


11a. Defending the Tor Network (Erik Traise)

  • Data-plane Defenses against Routing Attacks on Tor (Tan et al, PETS 2016)
  • Identifying and Characterizing Sybils in the Tor Network (Winter et al, USENIX Security 2016)

11b. Anti-Censorship (Onur Cakmak)

  • Salmon: Robust Proxy Distribution for Censorship Circumvention (Douglas et al, PETS 2016)
  • Selfrando: Securing the Tor Browser against De-anonymization Exploits (Conti et al, PETS 2016)


9. Internet-Scale Security (Mihai Lupu)

  • Jumpstarting BGP Security with Path-End Validation (Cohen et al, PETS 2016)
  • Neutral Net Neutrality (Yiakoumis et al, PETS 2016)
  • The Effect of DNS on Tor’s Anonymity (Greschbach et al, arXiv preprint)

1. The Row Hammer Attacks (Bruno Dhima)

  • Flip Feng Shui: Hammering a Needle in the Software Stack (Razavi et al, USENIX Security 2016)
  • One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation (Xiao et al, USENIX Security 2016)
  • related: Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
  • may require some rudimentary electrical engineering knowledge


6. Mobile Security (Benjamin Moosmann)

  • The Curious Case of the PDF Converter that Likes Mozart: Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (Harkous et al, PETS 2016)
  • Wanda: Securely introducing mobile devices (Pierson et al, INFOCOM 2016)
  • Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns (Bösch et al, PETS 2016)


4. Breaking Modern Crypto (Andreea Balan)

  • DROWN: Breaking TLS using SSLv2 (Aviram et al, USENIX Security 2016)
  • Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys (Vanhoef and Piessens, USENIX Security 2016)

7. Hardware Security Devices (Claudia Bartholt)

  • The Million-Key Question—Investigating the Origins of RSA Public Keys (Švenda et al, USENIX Security 2016)
  • fTPM: A Software-Only Implementation of a TPM Chip (Raj et al, USENIX Security 2016)
  • Making USB Great Again with usbfilter (Tian et al, USENIX Security 2016)


12. (Ineffective Ways of) Hiding (Ioana Sitaru)

  • The Right to be Forgotten in the Media: A Data-Driven Study (Xue et al, PETS 2016)
  • On the (In)effectiveness of Mosaicing and Blurring as Tools for Document Redaction (Hill et al, PETS 2016)
  • Defeating Image Obfuscation with Deep Learning (McPherson et al, arXiv preprint)

5. Vehicle Insecurity (Daniel Metzger)

  • Lock It and Still Lose It—On the (In)Security of Automotive Remote Keyless Entry Systems (Garcia et al, USENIX Security 2016)
  • Fingerprinting Electronic Control Units for Vehicle Intrusion Detection (Cho and Shin, USENIX Security 2016)


  • The grade for the seminar is composed of the presentation (60%) and the report (40%).
  • There is a bonus of 0.3 on the final grade for active and productive participation in the discussions after the talks.
  • We expect you to be present for almost all talks, unless you have an important reason you cannot attend, such as being ill. The exact regulations are:

    • If important issues are preventing you from attending, please provide some evidence, such as a doctor's certificate if ill. Such absences are completely ignored. This is essentially the same as being ill for an exam.
    • When nothing important prevents you from attending the talks, we expect you to be present. You should not skip more than one day of the seminar; a single absence will not affect the participation bonus either. 2 or more absences can lead to a failing grade.
    • According to the department's regulations on exam registration, if you fix a date for a seminar presentation but do not hold the presentation, we have to give you a 5.0. Therefore, if you are ill, please send mail in advance and later bring a doctor's certificate.

  • If you find better papers that are more suitable for the topic, or find the provided papers to be unsuitable, please do contact us to discuss. Information competence, ie. judging how trustworthy a certain publication is, is a very useful skill we would certainly like to promote.
  • We know that the later presentations will be during the weeks where everybody's writing exams. If this affects you, we suggest you prepare the written version well in advance, before you hold the presentation. That way, during the "crowded" weeks, you should only have to do some small final refinements to the written version.
  • Please note the department's guidelines regarding plagiarism. Short version: Plagiarizing something is a failing grade (5.0), and can get you removed from the university (Exmatrikulation). So don't do that.

    • This also applies to slides; please try to properly attribute all images and citations you did not create yourself.

  • The Schreibzentrum can provide you further assistance regarding the writing process (including how to avoid accidental plagiarism.) There is also a course on scientific practices for students by Barbara Pampel.
  • If you have any other questions, feel free to send us an email or, even better, see us in the office (G230, accessible from F2 / E2).


  • Talks should be about 25 minutes, followed by 15 minutes of discussion.
  • Talks should be a summary of the most important results of the paper, but also provide enough context for the other participants to understand the topic.
  • Slides must be sent in on Monday one week before for discussion and feedback. Please make an appointment for this discussion in the week before your presentation, preferably Tuesday after the seminar. Please send email To:, Cc:
  • Presentations should end with a summary slide containing the most relevant results from the paper. This is more helpful for discussion than the classical ending slides reading "Thank you for your attention" and/or "Any questions?" so please don't use these.
  • Slide sets should use at least 50% slides using graphical or other non-textual elements to deliver their content.
  • Please do not use more than 0 (zero) slides containing the full text of what you are going to say in the presentation (unless you need to show a definition or something similar that you would like to discuss).


  • The text should be a review of the paper, that is, a short summary of the most important content (approx. ⅔ of the review), followed by your assessment of the paper (approx. ⅓ of the review). Note that you do not have to provide the full context in the report -- you can just cite the relevant literature instead.
  • A draft of the report must be sent in 2 weeks after the presentation for discussion and feedback. Please send email To:, Cc:; we will contact you when we're ready to discuss the text with you.
  • After feedback, the final report has to be sent in 1 week after the feedback discussion.
  • The final report must be 4k-6k characters, which is 2-3 pages depending on font size. Please try to make this text short and to the point.
  • If you include an abstract, table of content etc., they do not count against the character limit.
  • Graphical illustrations are welcome and count as a single character each.
  • The report must be in English and in PDF format.
  • References must include at least author, title and year of publication. Scientific articles should also include the publisher, journal name, volume / issue, pages etc. Web references obviously require a URL and when it was accessed. Using bibtex is recommended, because it reduces the likelihood of missing fields.
  • You are strongly encouraged to make your slides and reports available under a permissive license, such as one of the Creative Commons licenses (also used eg. by Wikipedia, which uses BY-SA).

Timing Overview

t-8 days

Slides sent to us (please make sure concepts and results are clearly presented; this is more important than details of the algorithm)

t-7 days

Slide discussion & feedback (after seminar, if possible)

t±0 days


  • 25 minutes presentation
  • 5 minutes comparison with other work and personal opinion
  • 15 minutes discussion (good questions from the audience will result in a bonus for the asker)

t+14 days

Draft report sent to us (4000…6000 characters; including comparison/opinion)

t+k days

Feedback by us

t+k+7 days

Final report due

How to get good grades

  • Make sure you understand the contents of the paper well enough to explain the key points in your own words.
  • Focus on the most important parts of the paper. In 30 minutes, you will not be able to present everything. If you are unsure whether it is ok to focus on some particular aspects of the papers, just ask us.
  • Present the topic in an understandable way. This may involve simplifying things, which is fine as long as you mention it.
  • Structure both your presentation and your report so they follow a common theme. This massively helps understanding.
  • Look for related literature. Some topics explicitly mention that you have to find related papers, however all topics profit from some overview of the research area.
  • If you have references that you read to get some knowledge about the research area, please feel free to cite those as well. You would not normally cite such literature in either a paper or a thesis, however they are very helpful in a seminar report.

Criteria for a Good Presentation

In no particular order:

  • Presentation Skills: Talk is delivered in understandable English and with suitable slides. Speaker speaks with confidence and it is easy to follow.
  • Time Management: Talk is adapted to the available time and thus neither hectic nor excessively wordy.
  • Structure and Understandability of Content: Talk follows a common theme, is well structured and supported by slides that help understanding. The content is easy to understand.
  • Own Thinking: Talk is a structured summary of the topic that has been well throught-out. The interrelations between the parts have been considered.
  • Scientific Correctness: Own thoughts are coherent and substantiated; facts and statements are correctly reproduced.
  • Focus: Aspects of the topic are treated according to their relevancy for the overall topic. No parts necessary for understanding are omitted. No unnecessary details.
  • Kolloquium: Presenter has some subject knowledge beyond the content that was presented and can answer questions in an understandable way. (Note: This related to reasonably on-topic questions only!)

Criteria for a Good Report

In no particular order, but sometimes suspiciously similar to the criteria for a good the presentation:

  • Structure and Understandability of Content: Text follows a common theme, is well structured and conveys the content well.
  • Information Competence: Literature list contains relevant literature and follows the proper conventions for scientific citations. No irrelevant literature. Sources are properly quoted, both when quoting literally and when reproducing content.
  • Own Thinking: Text is a structured summary of the topic that has been well throught-out. The interrelations between the parts have been considered.
  • Scientific Correctness: Own thoughts are coherent and substantiated; facts and statements are correctly reproduced.
  • Focus: Aspects of the topic are treated according to their relevancy for the overall topic. No parts necessary for understanding are omitted. No unnecessary details.
  • Linguistic Adequacy: Language is suitable for a well-written scientific text. No use of narrative or newspaper style, or excessive use of colloquial language.

Materials from the Writing Center and beyond

Some advice on how to do good presentations:

  • Video: How NOT to give a presentation. Research Skills class at the University of Cambridge, 2012, by Neil Dodgson. You may want to take a look at the related videos as well.
  • Avoid long text or lots of bullet points. Prefer pictures over text.
  • Use colors for linking where possible, ie. same color for related items.
  • Only use animation or other effects if it helps understanding.
  • Rehearse your talk sufficiently to iron out any problems and to make sure you are on time.
  • Use pictures to explain the content if possible.