The exam for the Network Security lecture is approaching and by eavesdropping a conversation with Prof. Schmitt's teaching assistant, you learned that the exam is on a private web server in the DISCO network which is only accessible via a secret URL. Since you are the infamous hacker H4X0R, you managed to trick Prof. Schmitt into revealing his password for an SSH server in his lab by using social engineering techniques. Unfortunately, Prof. Schmitt does not use this password for his personal computer, which is the actual target since the secret URL for the exam is only stored in Prof. Schmitt's browser. The only things you know is that the web server and Prof. Schmitt's personal computer are in the same network as the compromised SSH server and that Prof. Schmitt is a control freak and is checking the exam for updates on a regular basis.
Since you are too lazy to study properly for the exam, you are desperately trying to get the exam from the web server. Therefore, the first steps of this hack challenge are:
After you managed to steal the exam, you figured out that the webserver's configuration is really bad and allows certain denial of service attacks. Since you are an evil master mind and like to troll people, you decide to launch a denial of service attack to prevent Prof. Schmitt from checking the exam. The final step of this hack challenge is:
Since H4X0R is a poser and wants to show off with what he has achieved, send an email to the teaching assistant Carolina with the secret exam attached (do not change the filename!) and the time when you launched the denial of service attack. Also mention the IP addresses of Prof. Schmitt's PC and the Webserver in the mail.
You will still work in the same group as for the PhyLiSec workshop. To make sure that groups do not interfere with each other while hacking on the server, we have to make sure that only one group is working on it at a time. Therefore, you have to make reservations for the server in this Doodle poll: http://doodle.com/poll/u7cp74wkxznczkhy. Please enter the matriculation numbers of all your group members (comma separated) in the name field. The server can be booked in 2h slots. In order to give each group a chance to work on the server, groups are only allowed to make two reservations for now. If you need more time after these two slots, please contact This email address is being protected from spambots. You need JavaScript enabled to view it.. You will receive the IP and the credentials for your timeslot via email when your session starts.
Once you finished the challenge, one of your group must send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. as a proof of success. The email must contain the matriculation numbers of your group, the stolen PDF, the date and time when you launched the DoS attack, and the IP addresses of Prof. Schmitt's PC and the secret URL. When we received this email and verified your success, you passed this part of the Network Security exercise and you are one step closer to the exam.
If you encounter any problems or if you get stuck, first check the Network Security slides and try using Google. Only if you really tried solving the problem yourself without success, ask Carolina. She can give you hints or (if necessary) meet with you and assist you in solving the challenge.
To provide you a starting point, here is a list of linux commands and tools installed on the compromised server:
If you want to know how these tools work, enter "man COMMAND" or use Google. There is plenty of good documentation around! Also "COMMAND --help" usually gives you a good overview of the respective tool.
This workshop is a (mandatory!) part of the Network Security lecture held in the winter term 2015/2016. Subject of the workshop are all topics covered in the first chapter "Physical- & Link-Layer Security":
The workshop is organized in a typical computer science research conference manner. It consists of three phases:
After the third phase, we will take the best essays (according to their ratings) and publish them on the lecture's website in form of a workshop proceedings. As already mentioned in the lecture, the successful participation in this workshop (including all three phases) is mandatory and a formal prerequisit to the exam. Successful participation means that the final rating of your essay must be at least 0 (on a Likert scale).
Note: These deadlines are hard deadlines! Missing them results in an immediate exclusion from the workshop and loss of admission. So make sure you are well-organized.
Group registration: | Friday, 11.12.2015 (23:59) |
Essay submission: | Friday, 15.01.2016 (23:59) |
Reviews: | Friday, 29.01.2016 (23:59) |
Final version: | Tuesday, 09.02.2016 (23:59) |
In order to be accepted for the review process, your essay must strictly conform with the following regulations. Violations will result in exclusion from the workshop and thus, exclusion from the NetSec exam. So please read the following carefully and make sure your essay will comply with these submission guidelines.
After you've submitted your essay, it's time to start the review phase of the PhyLiSec workshop. Therefore, you have been added to the so called "Program Committee" on Easychair and Carolina has assigned two essays to all of you. If you have no account on EasyChair yet, use the email address your group mate entered in your submission. The reviews will be double-blind. That means, neither you know who you are reviewing, nor the other authors will know who reviewed them.
For each of your two assigned essays, you have to write a short review. Start with reading the essays carefully and then fill in this text template for each essay. Each section in the review (summary/strengths/weaknesses/feedback) should have at least 100 words. Be concise and provide arguments for your statements. The reviews will serve as a basis for improvements in the revision phase and all reviewers should keep this in mind. Finally, rate the essay between very bad (-2) and very good (2).
Plagiarism: In case you learn that the essay you are reviewing is a case of plagiarism, we recommend to reject the paper by rating it with -2. In such a case, please provide proof for your allegation by referencing the respective parts of the essay. Examples for plagiarism (which have already been found) would be if the essay is almost completely copied from other works.
The deadline for the review submission is at 23:59 on the 29th of January. You can find the essays assigned to you under "Reviews->My papers" on Easychair. To submit a review, click on the green "+"-Button and enter your review into the form.
As mentioned in the notification email, those of you who are not rejected need to revise their essay according to the comments in the reviews until the 9th of February at 23:59. You can upload your revised essay on EasyChair. To do so, please change your role back to author (PhyLiSec16->Change Role).
The final versions of the papers are listed below. They are supposed to serve as an additional source for information for the exam preparation. Thanks everyone for participating and producing these valuable resources. The five best essays (according to the reviews) are marked with ★. Congratulations!
ID | Author(s) | Title | Link |
Jamming |
|||
J01 | Peter Brucker, Marco Meides, Nils Sievers | A Short Introduction to Jamming | |
J02 | Aleem Sarwar, Dipesh Dangol, Sameed Munir | On the Efficiency of Jammers | |
J03 | Shashank H. Kedlaya, Nagashree Natesh, Anusha Halsnad | On the Efficiency of Jammers | |
J10 | Markus Fögen, Eric Jedermann, Roman Kowalew | On the Efficiency of Jammers | |
J04 | Jahanzeb Khan, Fahim Mahmood Mir, Syed Moiz Hasan | Reactive Jamming: Challenges and State of the Art | |
J05 | Manish Kumar, Pramod Gopal Hegde, Prajakta Pathak | Reactive Jamming: Challenges and State of the Art | |
J06 | Patrick Helber, Fabian Hering, Markus Urschel | Challenges of Jamming Detection | |
J07 | Johannes Korz, Tim Krakow, Patrick Pfenning | Challenges of Jamming Detection | |
J08 | Andre Backes, David Christian, Phil Stuepfert | Jamming Mitigation Techniques | |
J09 | Nikolay Grechanov | Jamming Mitigation Techniques ★★★★ | |
IEEE 802.11 |
|||
W01 | Ranjith K B, Amit R Desai, Devina Vyas | An Introduction to Security in IEEE 802.11 | |
W02 | Jan Albert, Kira Kraft, Matthias Thomas | An Introduction to Security In IEEE 802.11 ★★★★★ | |
W03 | Johannes Aubart, Simon Nilius | Crypto Failures: The Case of WEP | |
W04 | Hemad Sefati, Kiran Mathews | Crypto Failures: The Case of WEP | |
W05 | Corvin Kuebler, Mario Keuler, Oliver Petter | Attacks on IEEE 802.11: A Summary | |
W06 | Waleed Bin Khalid, Zaryab Iftekhar, Max Stein | Attacks on IEEE 802.11: A Summary | |
W07 | Aniket Mohapatra,Vishwanath Chiniwar, Siavash Mohebbi | Attacks on IEEE 802.11: A Summary | |
Cellular Networks |
|||
C01 | Willy Loedts, Jan Fiete Schütte, Valentin Doll | An Overview of Security Measures in Cellular Networks (GSM/3G/LTE) | |
C02 | Alexander Scheffler, Tobias Renner, Xavier Hofmann | Attacks on GSM and LTE Networks ★★★★ | |
C03 | Paulo Aragao, Tenzin Chozom, Tewanima Löwe | Security Measures in Cellular Networks ★★★ | |
Air Trafic Surveillance |
|||
A01 | Alex Kerber, Alexandra Rau | Security of ADS-B: Attack Scenarios | |
A02 | Patrick Blaß, Sebastian Wüst | Security of ADS-B: Attack Scenarios ★★★★★ | |
A03 | Johannes Müller, Florian Blandfort | Security of ADS-B: Attack Scenarios | |
Location & Track Verification |
|||
L01 | Ahsan Naeem, Claudio José Castaldello Busatto, Gilson Souza | Methods for Secure Location Verification: An Overview | |
L02 | Eid Muhammad, Khurshid Alam | Methods for Secure Location Verification: An Overview | |
L03 | Paul Fröhling, Tulasi Seelamkurthi | Relay Attacks: The Case of PKES | |
L04 | John Cristian Borges Gamboa, Ram Kumar Ganesan | How To Defeat Relay Attacks? | |
L05 | Michael Emde, Fabian Neffgen, Martine Schaack | Secure Track Verification: How to Secure Air Traffic Surveillance? | |
L06 | Clemens Vögele, Dennis Reski, Elrike van den Heuvel | Secure Track Verification: How to Secure Air Traffic Surveillance? |
Organization
News: |
Exam dates have been coordinated. |
Exam: |
March 7 and April 13 |
Lecture: |
Every Tuesday, 10am in room 48-379 |
Exercises: |
TBA |
Contact: |
Prof. Dr.-Ing. Jens Schmitt |
The objective of this lecture is to introduce the art of perfomance-related modeling of complex distributed systems.
The focus will be on different analytical methods for performance modeling:
The slides are accessible only from within the university network (131.246.*). Please use SSH or VPN for remote access.
Title | Last Update |
Slides |
---|---|---|
Organisation | 27 October 2015 | |
Introduction | 27 October 2015 | |
Arrivals | 16 November 2015 | |
Service | 28 January 2016 | |
Bounds | 28 January 2016 | |
Conclusion | 5 February 2016 |
There is a script, which includes the topics of the course, written by Michael Beck. The chapters of the script will be published, as the course advances:
Title | Last Update |
Download |
---|---|---|
Chapter 1 | November 2015 | |
Chapter 1-2 | November 2015 | |
Chapter 1-3 | January 2016 |
Dates for the oral examinations will be announced.
To qualify for the examination students are required to partake in the exercises.
The exercises to this course will be based on a wiki. Further information can be found on the lecture slides.
To participate in the exercises students need to register here:
https://131.246.19.102/registration/stocads1516/
The registration opens 27 November 2015 at 11 AM and closes 29 November 2015 at midnight.
Participating in the exercises is mandatory to be eligible for the examination!
The first meetup for the StocADS-Wiki takes place on Friday 20th, 11:45 in 36-438.
Please find the slides of our kick-off meeting last Friday here. If you decide to participate in the project, you can register via email to This email address is being protected from spambots. You need JavaScript enabled to view it. until next Friday, the 22nd of January. Further instructions will follow via email just before the project's start in February.
M.Sc. Daniel Berger
M.Sc. Matthias Schäfer
Follow #PEDSproject and @DISCO_Teaching.
Please find the results of the first phase here:
Our goal is to find a trade-off between compression ratio and timeliness. Information which is older than 1 second is considered outdated and must be ignored. So the first requirement is to transmit messages at latest 1s after its reception. However, we first start with finding the algorithm(s) which suit(s) our data best.
Therefore, use this trace of binary sensor data and find the algorithm with the maximum compression ratio. The data is formatted as follows:
<esc> "2" : 6 byte MLAT timestamp, 1 byte signal level, 7 byte Mode-S short frame <esc> "3" : 6 byte MLAT timestamp, 1 byte signal level, 14 byte Mode-S long frame
where
<esc><esc>: true 0x1a (i.e. 0x1a's within packets are escaped) <esc> is 0x1a, and "1", "2" and "3" are 0x31, 0x32 and 0x33
The original format description can be found here. The upper 18 bit of the MLAT timestamp are the seconds of the day, the lower 30 bits are the nanoseconds of the second of the day. The Mode-S frames are encoded according to ICAO Annex 10 Volume IV. Find the Mode S message encoding in this file.
The maximum compression ratio of about 2.2 has been achieved with LZMA. An additional 10% improvement can be achieved with some optimizations: reducing the entropy by XORing the CRC and removing ESC chars. However, the high compression ratio is paid for with a high computation time of up to 4 minutes. Find the presentation with the details below:
Group 3 provided a clean dataset without the escape characters (so each message directly starts with 2 -> short message (15 Bytes) or 3 -> long message (22 Bytes)), they removed unnecessary messages, and they XORed the CRC so that the entropy is lower. They also provided the chunks needed for the next task. Find both, the complete clean and optimized dataset as well as the chunks here.
In the third task, we investigated the effect of the datasize on the compression ratio and compression time. Since we aim at compressing very small chunks of data, the investiated chunk sizes are 1, 2, 4, ..., 1024 Radarcape messages. Three compression algorithms were tested: LZMA, deflate (gzip, zlib), and burrows wheeler. Interestingly, while in the previous task LZMA was the outstanding winner with the best compression ratio for the complete dataset, the results of this experiment show that for these very small datasets, all algorithms and compression levels perform more or less equally good.
In addition to the compression ratio for different chunksizes, we profiled the execution time of the different steps of compression algorithms. The results clearly show, that matching the longest symbols is the most expensive task for dictionary-based compression schemes.
Find the presentation with the details below:
Two-week task: March 7 until March 18.
Use Latex and this template (DiscoReport.zip).
News: |
The final results of the exam are online. |
Exam: |
Written Exam: Results are available. See below. Oral Exam (only for Sozioinformatik): April 13 and May 4 2016 |
Lecture: |
Every Friday, 10am in room 11-262, starting on the 30th of October 2015 |
Contact: |
Prof. Dr.-Ing. Jens Schmitt |
This course covers aspects and principles of network security. Based on many attacks on common technologies used in communication systems, this course illustrates how things can go wrong and provides basic measures to protect a network from mistakes commited in the past. It covers furthermore the fundamental concepts of security and security problems.
Areas covered in this lecture:
Please note that it is strongly recommended to attend communication systems first since it provides the background knowledge for this lecture.
The workshop (first exercise) website can be found here. The proceedings (results) of the workshop are also online.
The first hack challenge (second exercise) can be found here.
The second hack challenge (third exercise) can be found here.
The final results of the exam can be found here. Well done :-)
The written exam will be held on Monday, March 21st 2016 at 8:30am in room 42-115. It will last about 60 minutes. Please be there at latest by 8:15am, we will start on time. Again: Please check the list of admissions below!! There are some registrations without admission. They will be cancelled automatically if you don't do anything. You will not be allowed to participate in the exam without admission! In addition, to avoid any trouble on Monday check the QIS if you are properly registered for the exam. Please contact the Prüfungsamt and This email address is being protected from spambots. You need JavaScript enabled to view it. BEFORE the exam if there is any trouble with your registration.
Find the list of the students who passed the exercises and got the admission here. If you registered for the exam but you are not on the list, please cancel your registration. In case you don't, the Prüfungsamt will cancel it for you. If you are not on the list but you think you should be, please contact This email address is being protected from spambots. You need JavaScript enabled to view it..
The slides are accessible only from within the university network (131.246.*). Please use SSH or VPN for remote access.
Title | Last Update | Slides |
---|---|---|
Organization | 27.10.2015 | |
Introduction | 27.10.2015 | |
Physical & Link Layer | 03.12.2015 | |
Network & Transport Layer | 14.01.2015 | |
Application Layer | 14.01.2015 |
We offer a variety of bachelor and master theses at any point in the academic year. Also check out some of our completed theses. Read more...