Analyse von Verfahren zum Schutz der Vertraulichkeit bei Netzwerkkodierung

Präsentation der Studienarbeit (Großer Beleg) von Marco Schrape (Institut für Systemarchitektur, Datenschutz und Datensicherheit)

28.5.2013, 13:00 Uhr, INF E010

Netzwerkkodierung ermöglicht eine Erhöhung des Durchsatzes in Multicast-Szenarien. Da die Knoten die erhaltenen Datenpakete nicht nur weiterleiten, wie das bei Routing der Fall ist, sondern algebraische Kombinationen aus diesen Paketen berechnen und weitersenden, wird bereits ein gewisser Schutz der Vertraulichkeit erreicht. Gegenüber einem stärkeren Angreifer, der genügend linear unabhängige Datenpakete abhören kann, sind jedoch weitere Schutzmaßnahmen erforderlich.
Die Vertraulichkeit der Nachrichten kann durch Ende-zu-Ende-Verschlüsselung erreicht werden. In der Literatur wurden jedoch verschiedene Verfahren vorgestellt, um die Vertraulichkeit mit geringerem Aufwand abzusichern. Im Rahmen dieser Belegarbeit sind diese Verfahren (insbesondere SPOC, P-Coding und die Nutzung homomorpher Verschlüsselung) zu untersuchen und bezüglich der erreichten Sicherheit und Effizienz im Vergleich zur Ende-zu-Ende-Verschlüsselung zu bewerten. Dazu sind ausgewählte Ansätze auch praktisch umzusetzen und zu untersuchen.

Frequent Itemset Mining on Multiprocessor Systems

Verteidigung im Promotionsverfahren von Dipl.-Inf. Benjamin Schlegel

30.5.2013, 13:00 Uhr, INF 1004 (Ratssaal)

Frequent-itemset mining is an important building block in many data mining applications like
market basket analysis, recommendation, web-mining, fraud detection, and gene expression
analysis. In many of them, the datasets being mined can easily grow up to hundreds of giga-
bytes or even terabytes of data. Hence, efficient algorithms are required to process such large
amounts of data. In recent years, there have been many frequent-itemset mining algorithms
proposed, which however (1) often have high memory requirements and (2) do not exploit
the large degrees of parallelism provided by modern multiprocessor systems. The high mem-
ory requirements arise mainly from inefficient data structures that have only been shown to
be sufficient for small datasets. For large datasets, however, the use of these data structures
force the algorithms to go out-of-core, i.e., they have to access secondary memory, which leads
to serious performance degradations. Exploiting available parallelism is further required to
mine large datasets because the serial performance of processors almost stopped increasing.
Algorithms should therefore exploit (1) the large number of available threads and (2) also the
other kinds of parallelism (e.g., vector instruction sets) besides thread-level parallelism.
In this work, we tackle the high memory requirements of frequent-itemset mining twofold:
we (1) compress the datasets being mined because they must be kept in main memory during
several mining invocations and (2) improve existing mining algorithms with memory-efficient
data structures. For compressing the datasets, we employ efficient encodings that show a good
compression performance on a wide variety of realistic datasets, i.e., the size of the datasets
is reduced by up to 6.4x. The encodings can further be applied directly while loading the
dataset from disk or network. Since encoding and decoding is repeatedly required for loading
and mining the datasets, we reduce its costs by providing parallel encodings that achieve high
throughputs for both tasks. For a memory-efficient representation of the mining algorithms’
intermediate data, we propose compact data structures and even employ explicit compression.
Both methods together reduce the intermediate data’s size by up to 25x. The smaller memory
requirements avoid or delay expensive out-of-core computation when large datasets are mined.
For coping with the high parallelism provided by current multiprocessor systems, we iden-
tify the performance hot spots and scalability issues of existing frequent-itemset mining al-
gorithms. The hot spots, which form basic building blocks of these algorithms, cover (1)
counting the frequency of fixed-length strings, (2) building prefix trees, (3) compressing in-
teger values, and (4) intersecting lists of sorted integer values or bitmaps. For all of them,
we discuss how to exploit available parallelism and provide scalable solutions. Furthermore,
almost all components of the mining algorithms must be parallelized to keep the sequential
fraction of the algorithms as small as possible. We integrate the parallelized building blocks
and components into three well-known mining algorithms and further analyze the impact of
certain existing optimizations. Our algorithms are already single-threaded often up an order
of magnitude faster than existing highly optimized algorithms and further scale almost linear
on a large 32-core multiprocessor system. Although our optimizations are intended for fre-
quent itemset mining algorithms, they can be applied with only minor changes to algorithms
that are used for mining of other types of itemsets.

Address spreading in future Internet (Statusvortrag)

Vortrag im Promotionsverfahren von Dipl.-Ing. Florent Fourcot (Institut für Systemarchitektur, Lehrstuhl Rechnernetze und Lehrstuhl Datenschutz und Datensicherheit)

4.6.2013, 14:00 Uhr, INF 3105 (Beratungsraum, 3. Etage)

Privacy is a major concern on the current Internet, but transport
mechanisms like IPv4 and more specifically IPv6 do not offer the
necessary protection to users. However, the IPv6 address size allows
privacy mechanisms impossible in IPv4. Nevertheless existing IPv6
solutions like Privacy Extensions are not optimal. Here still only one
address is in use for several communications over time. And it does not
offer a control of the network by the administrator (end devices use a
randomly generated address).

The talk first presents an overview of IPv6 address management
solutions, and of existing protocols for address rewriting. The second
part of the presentation discusses the introduction of a "spreader" at
the border of the local network. This spreader allows the control of the
local network security for the administrator by means of stable
addresses on the local network and ephemeral addresses outside of it.

This solution is based on new opportunities of IPv6: a large address
space and a new flow label field. In combination with Cryptographically
Generated Addresses, it can provide a protection against spoofing on the
local network and it provides good privacy for Internet communication.

The last part of the presentation extends this basic idea with
frequently changes of addresses even during a single connection.

(Betreuer: Prof. Dr. Alexander Schill; Fachreferent: Dr. Stefan Köpsell)

Protection of the User’s Privacy in Ubiquitous E-ticketing Systems based on RFID and NFC Technologies (Statusvortrag)

Vortrag im Promotionsverfahren von M.Sc. Ivan Gudymenko (Institut für Systemarchitektur, Lehrstuhl Rechnernetze und Lehrstuhl Datenschutz und Datensicherheit)

12.6.2013, 11:00 Uhr, INF 1004 (Ratssaal)

In the last decade, the concept of ubiquitous computing has affected many areas of public life. The public transport sector is no exception. The introduction of the so-called electronic ticketing (e-ticketing) has revolutionized the process of automatic fare collection (AFC) allowing for deployment of flexible fare policies attractive to customers and profitable for public transport companies. As a result, such systems have already been deployed in many countries around the world, e.g., Dutch OV-Chipkaart, London Oyster Card, EZ-Link in Singapore, Hong-Kong Octopus Card, etc. Despite introducing noticeable benefits, these systems raise serious concerns over the user privacy.

In the first part of this status talk, the specific privacy threats endemic to such systems are identified and classified. Subsequently, the core requirements for a target privacy-preserving e-ticketing system together with the main goals of the current dissertation are presented. Based on them, the results of a comparative analysis of the most relevant state-of-the-art solutions are discussed identifying the open research questions in this area. It turns out that none of the reviewed approaches fully satisfies the aforementioned requirements set which is mainly aimed at providing the capabilities of fine-granular regular billing for the Transport Authority on the one hand, and protecting the user privacy (especially in the relatively insecure front-end part of the system) on the other hand. Therefore, the second part of the talk is devoted to our own solution to this problem outlining and discussing the main concepts together with the arising trade-offs.


Betreuer: Prof. Dr. rer. nat. habil. Dr. h. c. Alexander Schill
Fachreferent: Dr. Borcea-Pfitzmann

Machine Learning based Test Process Control

Verteidigung im Promotionsverfahren von Dipl.-Inf. Matthias Kirmse (Institut für Künstliche Intelligenz)

13.6.2013, 13:00 Uhr, INF 1004 (Ratssaal)

A growing complexity in modern semiconductor production requires more and more elaborate test processes. As a result, test process faults and corresponding test errors become increasingly frequent and expensive. Thereby, studies have shown that conventional models often fail to efficiently detect, diagnose and recover these faults. In our thesis, we present new machine learning based approaches for each of these main test process control areas. We provide extensive experimental results underlying their ability to significantly decrease test process fault related cost. Moreover, we present a productive test error detection system based on our new approach that has been successfully applied in the studied test department for over two years.

Originating from these semiconductor studies, we furthermore developed the novel meta learning approach “Large Margin Rectangle Learning” (LMRL). It combines the interpretability of hyperrectangle based models and the minimal risk property of the large margin principle. Besides introducing its theoretical background, we provide empirical evidence for the supposed margin-accuracy relation. And we finally present experimental results showing that LMRL outperforms a majority of the compared machine learning approaches, especially the studied interpretable methods. Altogether, LMRL is a promising new approach to create more accurate interpretable models.

Suche im Ankündigungsarchiv

Abonnieren Sie die Vortragsankündigungen als News Feed: