IT security in the summer
The IT security seminar series will continue throughout the summer semester. This time we will offer not only lectures but hands-on workshops, as well:
1 June 2016: Das Internet der Dinge - wofür braucht man "Hardware Security"
Time and place: 6:30 p.m. in lecture hall 1100 on the main campus
Lecturer: Prof. Dr.-Ing. Georg Sigl (TUM and the Fraunhofer Institute for Applied and Integrated Security AISEC)
Abstract:
The Internet of Things is the future. Everything is interconnected, even in our private lives. Using my mobile phone, I can ask the refrigerator if there is any pizza left. I can preheat the oven while I'm underway. I can open the door with the smartphone. But, none of this makes sense unless there is a way to ensure that unauthorized people don’t gain access. Prof. Georg Sigl (TUM and the Fraunhofer Institute for Applied and Integrated Security AISEC) develops such secure concepts.
22 June 2016: Cybercrime & Cyberwar
Time and place: 6:30 p.m. in lecture hall 1100 on the main campus
Lecturer: Rüdiger Trost (F-Secure GmbH)
Abstract:
Is so much of the Internet really free? A glance at the terms and conditions often reveals how we pay for services: with data. This lecture delves into this trend through several examples and provides an outlook on the risks associated with the Internet of Things, which could impact not only the manufacturing industry, but all of us as individuals, as well.
Brief profile:
As a security consultant, Rüdiger Trost advises and helps companies develop and implement comprehensive security concepts and solutions. Mr Trost developed his in-depth knowledge about content security through various technical positions at well-known system houses and manufacturers.
7 July 2016: Überholte Vertrauensmodelle, schlechte Benutzbarkeit, unsichere Standards - Was ist die Zukunft der IT-Sicherheit?
Watch out! Other than usual, this lecture takes place on a Thursday!
Time and place: 6:30 p.m. in lecture hall 1100 on the main campus
Lecturer: Dr. Sebastian Gerling, CISPA - Center for IT-Security, Privacy and Accountability, Saarland University
Abstract:
Unsere IT-Sicherheit beruht heute fast ausschließlich auf Vertrauen: auf Entscheidungen von Entwicklern, auf die korrekte Funktion unserer Hard- und Software, auf Entscheidungen unserer Administratoren, auf der Korrektheit unserer eigenen Entscheidungen. Die meisten Sicherheitsprobleme entstehen durch Fehleinschätzungen in dieser Vertrauenskette. Wie können wir in Zukunft diese Form von Fehlern vermeiden? Wie kommen wir zu benutzbaren Sicherheitstechnologien und zu sicheren Standards?
Brief profile:
Dr. Sebastian Gerling ist seit 2012 administrativer Leiter des Center for IT-Security, Privacy and Accountability, kurz CISPA. Das CISPA ist ein vom BMBF gefördertes Kompetenzzentrum für IT-Sicherheit an der Universität des Saarlandes und hat sich in den letzten vier Jahren zu einem der führenden Forschungsstandorte für IT-Sicherheit in Europa entwickelt. Sebastian Gerling hat in Saarbrücken Informatik studiert und 2014 bei Prof. Backes zum Thema „Trust and Privacy“ im Kontext von mobilen und Websystemen promoviert. Vor seiner Promotion beschäftigte er sich intensiv mit First-, Second-, und Third-Level Support für Forschungs- und Verwaltungs-IT in der Max-Planck-Gesellschaft. Seit 2012 ist er nebenberuflich als IT-Security Consultant tätig.
IT Security in the Summer – Workshop: Encrypting emails. How does that work?
Some people say that emails are like post cards. They are not encrypted, so they can be read, such as by the "emailman" (the email provider) or another third-party (criminals, the NSA, the BND). Google, for instance, automatically scans the emails of its users in order to superimpose advertisements.
To prevent this from happening, you have two choices: stop using email or start using encryption. There are currently two competing, but unfortunately incompatible standards: S/MIME and OpenPGP. OpenPGP is the most commonly used encryption method for private emails.
In our workshop – call it a cryptoparty, if you will – we show how OpenPGP can be successfully implemented. And we also provide a bit of theory, including how an encryption key is created. We also help you initially set up your computer.
The only thing you have to bring is a computer with Thunderbird installed. Everything else will be provided at the workshop.
Workshops will be held on every large campus at the start of the semester.
- Munich: 19 April 2016, at 4:00 p.m. in seminar room 2100, Arcisstr. 21
- Weihenstephan: 2 May 2016, at 4:00 p.m. in PU 26, Maximus-von-Imhof-Forum 4, 1.UG
- Garching: 28 April 2016, at 4:00 p.m. in IGSSE seminar room 003, Boltzmannstr. 17 (campus map: Nr 12. in portal.mytum.de/campus/garching.pdf/download)
Because we want to offer as much individual support as possible, there are limited slots for this workshop.
Information for employees
Please be aware that, at this time, encryption for work emails relies primarily on S/MIME. Because the steps for generating the key and setting up the computer are different for S/MIME and OpenPGP, the workshop will teach you mainly about encrypting private emails.