Refine
Departments, institutes and facilities
- Institut für Cyber Security & Privacy (ICSP) (30) (remove)
Document Type
- Conference Object (21)
- Article (4)
- Book (monograph, edited volume) (1)
- Conference Proceedings (1)
- Contribution to a Periodical (1)
- Lecture (1)
- Preprint (1)
Year of publication
- 2015 (30) (remove)
Keywords
- REST (2)
- Authentication (1)
- Authorship watermark (1)
- Botnet tracking (1)
- Cloud (1)
- Computersicherheit (1)
- Conformance Testing (1)
- Digital watermarking (1)
- FPGA implementation (1)
- Fingerprint watermark (1)
In education, finding the appropriate learning pace that fits to the members of a large group is a challenging task. This becomes especially evident when teaching multidisciplinary subjects such as epidemiology in medicine or computer science in most study programs, since lecturers have to face a very heterogeneous state of previous knowledge. Approaching this issue requires an individual supervision of each and every student, which is obviously bounded by the available resources. Moreover, when referring back to the second example, writing computer programs requires a complex installation and configuration of development tools. Many beginning programmers already become stuck at this entry stage. This paper introduces WHELP, a Web-based Holistic E-Learning Platform, which provides an integrated environment enabling the learning and teaching of computer science topics without the need to install any software. Moreover, WHELP includes an interactive feedback system for each programming exercise, where lecturers or tutors can supply comments, improvements, code assistance or tips helping the students to accomplish their tasks. Furthermore, WHELP offers a statistical analysis module as well as a real-time classroom polling system both promoting an overview of the state of knowledge of a course. In addition to that, WHELP enables collaborative working including code-sharing and peer-to-peer learning. This feature enables students to work on exercises simultaneously at distinct places. WHELP has been successfully deployed in the winter term 2013 at the Cologne University of Applied Sciences supporting the 120 students and 3 lecturers to learn and teach basic topics of computer science in an engineering study program.
WebSocket - WS^2 2.0
(2015)
Das Websocket-Protokoll hat sich derzeit zu einer wichtigen Technologie für die Entwicklung moderner Webanwendungen durchgesetzt. Mit der Möglichkeit eine dauerhafte bidirektionale Verbindung zwischen Client und Server aufzubauen, ergeben sich neue Anwendungsszenarien, die vorher mit dem reinen HTTP nicht realisierbar waren. Die Einsatzgebiete reichen hier von einfachen Chats bis hin zu komplexen Systemen wie das kollaborative Arbeiten an Dokumenten in Echtzeit. Mittlerweile hat sogar der Instant Messaging-Dienst WhatsApp die Vorteile der WebSocket-Technologie für sich entdeckt und erlaubt Benutzern ihre Nachrichten nun auch über den Webbrowser auszutauschen.
Dieser Workshop soll den Teilnehmern zeigen wie sie die oben genannten oder andere Echzeitwebanwendungen mit der WebSocket-Technologie implementieren können. Nach einer kurzen Einführung wird gezeigt wie es in einfachen Schritten möglich ist, mehr als nur simple Chat-Anwendungen mit den WebSocket-Protokoll zu realisieren. Zudem stellt der Workshop nach Möglichkeit auch die Verwendung von Subprotokollen vor, wodurch auch RPC- sowie Publish and Subscribe-Anwendungen mit WebSockets umgesetzt werden können.
This paper gives necessary foundations to understand the mechanism of warning processing and summarizes the state of the art in warning development. That includes a description of tools, researchers use to work in this scientific field. In detail these are models that describes the human way of processing warnings and mental models. Both are presented detailed with relevant examples. The paper tells how these tools are connected and how they are used to improve the effectiveness of warnings.
Despite the lack of standardisation for building REST-ful HTTP applications, the deployment of REST-based Web Services has attracted an increased interest. This gap causes, however, an ambiguous interpretation of REST and induces the design and implementation of REST-based systems following proprietary approaches instead of clear and agreed upon definitions. Issues arising from these shortcomings have an influence on service properties such as the loose coupling of REST-based services via a unitary service contract and the automatic generation of code. To overcome such limitations, at least two prerequisites are required: the availability of specifications for implementing REST-based services and auxiliaries for auditing the compliance of those services with such specifications. This paper introduces an approach for conformance testing of REST-based Web Services. This appears conflicting at the first glance, since there are no specifications available for implementing REST by, e.g., t he prevalent technology set HTTP/URI to test against. Still, by providing a conformance test tool and leaning it on the current practice, the exploration of service properties is enabled. Moreover, the real demand for standardisation gets explorable by such an approach. First investigations conducted with the developed conformance test system targeting major Cloud-based storage services expose inconsistencies in many respects which emphasizes the necessity for further research and standardisation.
Web of Services Security
(2015)
Dieses Buch führt Sie umfassend in die WebSocket-Technik und die damit einhergehenden neuen Entwicklungsmöglichkeiten ein. Unter den zahlreichen exemplarischen Anwendungen finden sich Beispiele auf Basis von Node.js, Vert.x, und JSR 356, als Programmiersprachen werden Java und JavaScript eingesetzt.
The latest advances in the field of smart card technologies allow modern cards to be more than just simple security tokens. Recent developments facilitate the use of interactive components like buttons, displays or even touch-sensors within the card's body thus conquering whole new areas of application. With interactive functionalities the usability aspect becomes the most important one for designing secure and popularly accepted products. Unfortunately, the usability can only be tested fully with completely integrated hence expensive smart card prototypes. This restricts severely application specific research, case studies of new smart card user interfaces and the optimization of design aspects, as well as hardware requirements by making usability and acceptance tests in smart card development very costly and time-consuming. Rapid development and simulation of smart card interfaces and applications can help to avoid this restriction. This paper presents a rapid development process for new smart card interfaces and applications based on common smartphone technology using a tool called SCUID^Sim. We will demonstrate the variety of usability aspects that can be analyzed with such a simulator by discussing some selected example projects.
Secure vehicular communication has been discussed over a long period of time. Now,- this technology is implemented in different Intelligent Transportation System (ITS) projects in europe. In most of these projects a suitable Public Key Infrastructure (PKI) for a secure communication between involved entities in a Vehicular Ad hoc Network (VANET) is needed. A first proposal for a PKI architecture for Intelligent Vehicular Systems (IVS PKI) is given by the car2car communication consortium. This architecture however mainly deals with inter vehicular communication and is less focused on the needs of Road Side Units. Here, we propose a multi-domain PKI architecture for Intelligent Transportation Systems, which considers the necessities of road infrastructure authorities and vehicle manufacturers, today. The PKI domains are cryptographically linked based on local trust lists. In addition, a crypto agility concept is suggested, which takes adaptation of key length and cryptographic algorithms during PKI operation into account.
TinyECC 2.0 is an open source library for Elliptic Curve Cryptography (ECC) in wireless sensor networks. This paper analyzes the side channel susceptibility of TinyECC 2.0 on a LOTUS sensor node platform. In our work we measured the electromagnetic (EM) emanation during computation of the scalar multiplication using 56 different configurations of TinyECC 2.0. All of them were found to be vulnerable, but to a different degree. The different degrees of leakage include adversary success using (i) Simple EM Analysis (SEMA) with a single measurement, (ii) SEMA using averaging, and (iii) Multiple-Exponent Single-Data (MESD) with a single measurement of the secret scalar. It is extremely critical that in 30 TinyECC 2.0 configurations a single EM measurement of an ECC private key operation is sufficient to simply read out the secret scalar. MESD requires additional adversary capabilities and it affects all TinyECC 2.0 configurations, again with only a single measurement of the ECC private key operation. These findings give evidence that in security applications a configuration of TinyECC 2.0 should be chosen that withstands SEMA with a single measurement and, beyond that, an addition of appropriate randomizing countermeasures is necessary.