The exam for the Network Security lecture is approaching and by overhearing a conversation with Matthias and his teaching assistant Sarah, you learned that the exam is on a private web server in the DISCO network which is only accessible via a secret URL. Since you are secretly the infamous hacker H4X0R, you managed to trick Matthias into revealing his password for an SSH server in his lab by using evil social engineering techniques. Unfortunately, Matthias does not use this password for his personal computer, which is the actual target since the secret URL for the exam is only stored in Matthias' browser. The only things you know is that the web server hosting the exam and Matthias' personal computer are in the same local network as the compromised SSH server and that Matthias is a control freak and is checking the exam for updates on a very regular basis.
Since you are too lazy to study properly for the exam, you are desperately trying to get the exam from the web server. Therefore, the first steps of this hack challenge are:
While you were stealing the exam, you figured out that the webserver's configuration is really bad and allows certain denial of service attacks. Since you are an evil master mind and like to troll people, you decide to launch a denial of service attack to prevent Matthias from checking the exam. The final step of this hack challenge is:
Since H4X0R is a poser and wants to show off with what he has achieved, send an email to the teaching assistant This email address is being protected from spambots. You need JavaScript enabled to view it. with the secret exam attached (do not change the filename!) and the time when you launched the denial of service attack. Also mention the IP addresses of Matthias' PC and the webserver in the mail.
You can still work in the same group as for the PhyLiSec workshop. To make sure that groups do not interfere with each other while hacking on the server, we have to make sure that only one group is working on it at a time. Therefore, we have randomly assigned four 1h timeslots to your group over the next 3 weeks. You should receive an email with the timeslots upfront.
Note that it is your responsibility to organize your group to work on the challenge during your timeslots. You will receive further information, the IP of the target, and the credentials for your timeslot via email when your session starts.
Once you finished the challenge, one of your group must send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. as a proof of success. The email must contain the names of your group mates, the stolen PDF, the date and time when you launched the DoS attack, and the IP addresses of Matthias' PC and the secret URL. When we received this email and verified your success, you passed this part of the Network Security exercise and you are one step closer to the exam.
If you encounter any problems or if you get stuck, first check the Network Security slides and try using Google. Only if you really tried solving the problem yourself without success, ask Sarah. She can give you hints or (if necessary) meet with you and assist you in solving the challenge.
To provide you a starting point, here is a list of linux commands and tools installed on the compromised server:
If you want to know how these tools work, enter "man COMMAND" or use Google. There is plenty of good documentation around! Also "COMMAND --help" usually gives you a good overview of the respective tool.
This workshop is a (mandatory!) part of the Network Security lecture held in the winter term 2018/2019. Subject of the workshop are all topics covered in the first chapter "Physical- & Link-Layer Security":
The workshop is organised in a typical computer science research conference manner. It consists of three phases:
After the third phase, we will take the best essays (according to their ratings) and publish them on the lecture's website in form of a workshop proceedings. As already mentioned in the lecture, the successful participation in this workshop (including all three phases) is mandatory and a formal prerequisite to the exam. Successful participation means that the final rating of your essay must be at least 0 (on a Likert scale).
Note: These deadlines are hard deadlines! Missing them results in an immediate exclusion from the workshop and loss of admission. So make sure you are well-organised.
Essay submission: | Wednesday, 15.01.2020 (23:59) |
Reviews: | Wednesday, 29.01.2020 (23:59) |
Final version: | Wednesday, 05.02.2020 (23:59) |
In order to be accepted for the review process, your essay must strictly conform with the following regulations. Violations will result in exclusion from the workshop and thus, exclusion from the NetSec exam. So please read the following instructions carefully and make sure your essay complies with the submission guidelines.
Send me a pre version of the project report until Friday March 6th.
The presentation will be on Monday March 9th at 8:30 in the morning in our seminar room (36.438).
Send the final version of the project report until March 16th.
This year's project will be about Bluetooth Low Energy (BLE) security. BLE is a part of the Bluetooth communication technology, designed for embedded devices with local connectivity and low data rates.
Many "smart" devices, available in every tech-market, are controllable via BLE. Often the security of those devices is insufficient. We plan to get some of these devices, analyze their security, create an application to control the device and break the security.
Official module entry: [89-4245] INF-42-45-L-6
Class time | Title | Slides | Last Updated |
---|---|---|---|
Nov 12, 5.15pm (36-438) | Kickoff Meeting | kick-off | 14.11.19 |
5th December, 5.15pm (36-438) | Phase 2 (get the BLE device) | 9.12.19 | |
16th January, 5.15pm (36-438) | Phase 3 (attack & report) | 16.1.2020 |
Every group examined an individual BLE device and has written a report about their experiments. Every report introduces the examined device and the public available vendor app. In the next step every group created their own application to access the BLE device. Then they used their gained knowledge to analyze the security of the device and perform attacks against it. Three devices were examined:
The reports are accessible from inside the university.
It will be a group project. It is planned to have group sizes of 2 to 4 people.
News: |
New exam dates. |
Exam: |
The next oral exams can be taken on July 3 and August 4. For a registration, please contact our secretary Mrs. Gerber (This email address is being protected from spambots. You need JavaScript enabled to view it.) |
Lecture: |
Mondays, 10:00-11:30 in room 36-438 (seminar room) |
Exercises: |
Mondays, 13:45-15:15 in room 36-438 (will always be announced) |
Contact: |
Prof. Dr.-Ing. Jens Schmitt |
The objective of this lecture is to introduce the art of performance-related modeling of distributed systems. We will use worst-case assumptions in order to obtain robust results.
The lecture material is only accessible from within the university network (131.246.*). Please use SSH or VPN for remote access.
Chapter | Title | Last Update | Slides |
---|---|---|---|
0 | Organization | Oct 29, 2019 | |
1 | Introduction | Oct 30, 2019 | |
2 | Min-Plus Algebra Primer | Nov 18, 2019 | PDF annotated |
3 | Network Calculus Basics | Jan 13, 2020 | PDF annotated one_slide_to_rule |
4 | Advanced Network Calculus | Feb 03, 2020 | PDF annotated network_analysis |
We will provide a script in the further course. Be aware that it might undergo many changes and hence should never be seen as a "final version".
Last Update | Changelog | Script |
---|---|---|
June 1, 2020 | Improved explanation in Section 4.3 Feedback Systems |
The exercise sheets are only accessible from within the university network (131.246.*). You can use SSH or VPN for remote access.
Sheet | Day | Submission Deadline | Exercise | Download |
---|---|---|---|---|
1 | Nov 18, 2019 | Submission is optional | 13:45 | |
2 | Dec 16, 2019 | 9.59am | 13:45 | PDF data_set |
3 | Jan 13, 2020 | 9.59am | 13:45 | |
4 | Feb 10, 2020 | 9.59am | 13:45 |
News: |
New slides online (Feb 12) |
Examination: |
New Dates!!! |
Lecture: |
Wednesdays, 11:45-13:15 in room 01-006 |
Contact: |
Matthias Schäfer |
This course covers aspects and principles of network security. Based on many attacks on common technologies used in communication systems, this course illustrates how things can go wrong and provides basic measures to protect a network from mistakes committed in the past. It covers furthermore the fundamental concepts of security and security problems.
Areas covered in this lecture:
Please note that it is strongly recommended to attend communication systems first since it provides the background knowledge for this lecture.
The exercises will be split into three parts: a workshop and two network hack challenges. Successful participation in all three parts is a mandatory admission requirement for the final exam.
Please refer to the website of the physical- and link-layer workshop for the first exercise.
Please refer to the website of the first hack challenge for the second exercise.
The second hack challenge has started. You should have received all instructions via email.
The slides are accessible only from within the university network (131.246.*). Please use SSH or VPN for remote access.
Title | Last Update |
Slides |
---|---|---|
Organization | 30.10.2019 | |
Introduction | 30.10.2019 | |
Physical- & Link Layer | 16.02.2019 | |
Network Layer | 06.01.2020 | |
Application Layer | 16.02.2020 |
We offer a variety of bachelor and master theses at any point in the academic year. Also check out some of our completed theses. Read more...