We organize a conference for collecting IMSc points in the context of the IT Security BSc course in the spring semester of the 2023/24 academic year at BME. Beyond IMSc point collection, the goal of the conference is to encourage students to deep-dive into some hot topics of IT security, to get familiar with the challenges and recent research results, and to share knowledge with other students in the form of short presentations. We do hope that the conference will shed light on the beauty of the field of IT security and some of its exciting research areas, and it will stimulate both the active participants of the conference and all other students enrolled in the IT security course to engage in further studies in the domain of IT security.
The Call for Papers (CfP) for the conference is available here.
all, uav, cyber-physical-system, vehicle, network-security, power grid, machine-learning, data-evaluation, privacy, economics, malware, binary-similarity, cryptography, machine-learning-security, LLM-security, LLM, copilot, federated-learning, poisoning, password-manager, AAA, OAuth, web-security, Kerberos
Passwords are still the most commonly used means of authentication. Some people use the very same password for every website, some reuse a couple different passwords, while the more paranoid use a different password for each site... stored in a text file aptly named passwords.txt. Those who follow security best practices (or at least pay attention on our lectures) know that the most secure way of generating, storing, and managing passwords is using a password manager. But are these as secure as they are claimed to be? Discover the aspects of the evaluation of the security of password managers and see for yourself!
Tags: password-manager, AAA
References:
OAuth is one of the most widely used authorization frameworks. Despite all the recommendations of not merely using it as a means of authentication, it is also commonly leveraged as such. Over the years, we have seen a multitude of security breaches related to OAuth, and while OAuth itself includes some questionable design choices (such as the now deprecated Impicit Grant flow), most security issues stem from improper use of the framework, incorrect knowledge of its workings, or simply implementation errors. Explore the history of OAuth and some of the most baffling blunders leading to hacks and breaches!
Tags: OAuth, web-security, AAA
References:
Kerberos is one of the most frequently used authentication protocols in enterprise environments. Enabling single sign-on and providing mutual authentication for the communicating parties, it is a cornerstone of not only Microsoft's Active Directory, but also Linux-based Samba deployments. While the protocol itself is generally considered to be secure, implementations may be flawed or otherwise vulnerable to exploitation...
References: