distributed computer systems

Contents

This workshop is a (mandatory!) part of the Network Security lecture held in the winter term 2018/2019. Subject of the workshop are all topics covered in the first chapter "Physical- & Link-Layer Security":

• Jamming: Attacks, Detection, Mitigation
• WiFi (IEEE 802.11): Problems, Attacks, State-of-the-art
• Cellular networks: GSM, LTE
• Cyber-physical Systems: PKES, ADS-B
• Countermeasures: Secure Location Verification, Distance Bounding

Organisation

The workshop is organised in a typical computer science research conference manner. It consists of three phases:

1. Submission phase: Students submit their contributions (here: in form of essays) to the conference. Each essay must be written in a group of three students. Therefore, you need to find two peers for your group. In case you do not know any other attendees, you will have the opportunity to find a group in the lecture. Please read the submission guidelines (below) carefully!
2. Review phase: After the submission deadline below has passed, all submissions will be reviewed and rated by members of the program committee. For this workshop, the program committee consists of all authors, that is, you. This means, that you have to read, comment, and rate three essays from other students. The submission and reviewing process is double-blind, which means that neither the authors know the reviewers, nor do the reviewers know the authors.
3. Revision phase: Once the deadline for reviews has passed, we hand out the (anonymous) reviews to the authors of the essays. The authors will then have to revise their essay based on the comments of the reviewers. After processing the reviews and updating the essays, the groups have to re-submit their works and the reviewers have to adjust their ratings.

After the third phase, we will take the best essays (according to their ratings) and publish them on the lecture's website in form of a workshop proceedings. As already mentioned in the lecture, the successful participation in this workshop (including all three phases) is mandatory and a formal prerequisite to the exam. Successful participation means that the final rating of your essay must be at least 0 (on a Likert scale).

Deadlines

Note: These deadlines are hard deadlines! Missing them results in an immediate exclusion from the workshop and loss of admission. So make sure you are well-organised.

Submission Guidelines

In order to be accepted for the review process, your essay must strictly conform with the following regulations. Violations will result in exclusion from the workshop and thus, exclusion from the NetSec exam. So please read the following instructions carefully and make sure your essay complies with the submission guidelines.

• The number of authors is limited to at most three authors per essay. We prefer groups of three, however, smaller groups are possible under special circumstances. Organisation of group members and group-internal division of work is at your own responsibility. If you do not find any group mates, ask This email address is being protected from spambots. You need JavaScript enabled to view it. or during the lecture.
• The essays will be reviewed in double-blind mode. They must be submitted in a form suitable for anonymous review: no author names may appear on the title page, and papers should avoid revealing their identity in the text. Contact the program chair This email address is being protected from spambots. You need JavaScript enabled to view it. if you have any questions. Papers that are not properly anonymised may be rejected without review. Please note that only the essay itself, not the registration at easychair (see below) must be anonymised. Since students from other groups may be your reviewer in the review process, it is strongly recommended not to reveal your topic other groups or students outside the lecture to obtain unbiased reviews.
• The length of the essay must be at least 2 pages per author and at least 3 pages in total. So if you plan to write your essay alone, you will have to write more. Your essay should consist of at least 66% text. That means that figures and tables combined should not occupy more than 1/3rd of the available space.
• Essays must be written using the LaTeX markup language. Knowing LaTeX is a key skill in the academic world. If you are not familiar with LaTeX yet, there is plenty of documentation and examples available online. As common for international research conferences, essays must be formatted for US letter (not A4) size paper. The text must be formatted in a two-column layout, with columns no more than 9.5 inches tall and 3.5 inches wide. The text must be in Times font, 10-point, with 11-point or 12-point line spacing. Authors are strongly encouraged to use the IEEE conference proceedings templates. Its default settings when using \documentclass[10pt, conference, letterpaper]{IEEEtran} are accepted.
• Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Your document should render correctly in Adobe Reader 9 and when printed in black and white.
• We expect every student to use at least 2 references. Use the bibliography of the NetSec slides (last set of slides) or search engines like Google Scholar to find literature on your topic. That means, if you are writing your essay in a group of three students, your essay should list at least 6 references. Use e.g. BibTeX for referencing.
• Plagiarism in any form is unacceptable and is considered a serious breach of professional conduct. If you refer to information from other sources directly or indirectly, indicate the original source carefully using references. We will use plagiarism detection tools, so make sure you do not copy without referencing the source. For referencing and bibliography examples, please check e.g. the papers referenced in the NetSec lecture. It is again strongly recommended to use the IEEE bibliography style as shown here. This style is common for computer science papers.
• Essays must be submitted at https://easychair.org/conferences/?conf=phylisec19 and may be updated at any time until the submission deadline (see above). On registration, EasyChair requires you to enter your home address. If you feel uncomfortable with providing your data to EasyChair (although it is a reputable platform), just use the address of TU Kaiserslautern instead of your private one.
• Fairness: In case one of your group mates does not deliver her/his part of the essay, do not hesitate to omit the name when registering the essay on the submission platform. To keep this exercise fair, you do not have to do the work for lazy group mates. Work should be evenly distributed to all group members. For instance, if only two of the three group members are actually doing the work, enter only these two names on EasyChair. Also the required number of pages is then reduced accordingly to 4 (or 3 if only one is doing all the work).

News

Send me a pre version of the project report until Friday March 6th.

The presentation will be on Monday March 9th at 8:30 in the morning in our seminar room (36.438).

Send the final version of the project report until March 16th.

Contact

M.Sc. Eric Jedermann

Topic

This year's project will be about Bluetooth Low Energy (BLE) security. BLE is a part of the Bluetooth communication technology, designed for embedded devices with local connectivity and low data rates.

Many "smart" devices, available in every tech-market, are controllable via BLE. Often the security of those devices is insufficient. We plan to get some of these devices, analyze their security, create an application to control the device and break the security.

 Official module entry: [89-4245] INF-42-45-L-6

Schedule and Slides

Results

Every group examined an individual BLE device and has written a report about their experiments. Every report introduces the examined device and the public available vendor app. In the next step every group created their own application to access the BLE device. Then they used their gained knowledge to analyze the security of the device and perform attacks against it. Three devices were examined:

• Mipow Playbulb Candle
• Mipow Playbulb Sphere
• Revogi Smart Meter

The reports are accessible from inside the university.

Requirements

• Programming knowledge is required (we will use Android Studio Java/Kotlin).
• Lecture "Communication systems" is required.
• Lecture "Network security" is recommended.
• ... You should be interested in security.

Organization

It will be a group project. It is planned to have group sizes of 2 to 4 people.

Recommended Readings

• With Low Energy comes Low Security
• Analysing Characteristic Securityon BLE Peripherals

Organization

Course Overview

The objective of this lecture is to introduce the art of performance-related modeling of distributed systems. We will use worst-case assumptions in order to obtain robust results.

Lecture Slides

The lecture material is only accessible from within the university network (131.246.*). Please use SSH or VPN for remote access. 

Script

We will provide a script in the further course. Be aware that it might undergo many changes and hence should never be seen as a "final version".

Exercises

The exercise sheets are only accessible from within the university network (131.246.*). You can use SSH or VPN for remote access.

Literature

• Jean-Yves Le Boudec, Patrick Thiran. Network Calculus. Springer, 2001. (Also →available online)
• Cheng-Shang Chang, Performance Guarantees in Communication Networks. Springer, 2000.
• Anne Bouillard, Marc Boyer, and Euriell Le Corronc. Deterministic Network Calculus: From Theory to Practical Implementation. John Wiley & Sons, 2018.
• Jörg Liebeherr. Duality of the Max-Plus and Min-Plus Network Calculus. Foundations and Trends® in Networking 11, 2017.

Organisation

Course Overview

This course covers aspects and principles of network security. Based on many attacks on common technologies used in communication systems, this course illustrates how things can go wrong and provides basic measures to protect a network from mistakes committed in the past. It covers furthermore the fundamental concepts of security and security problems.

Areas covered in this lecture:

• Physical and Link Layer Security
• Network Layer Security
• Transport Layer Security
• Application Layer Security

Please note that it is strongly recommended to attend communication systems first since it provides the background knowledge for this lecture.

Exercises

The exercises will be split into three parts: a workshop and two network hack challenges. Successful participation in all three parts is a mandatory admission requirement for the final exam.

Please refer to the website of the physical- and link-layer workshop for the first exercise.

Please refer to the website of the first hack challenge for the second exercise.

The second hack challenge has started. You should have received all instructions via email.

Slides

The slides are accessible only from within the university network (131.246.*). Please use SSH or VPN for remote access.