Jeff Schymiczek (University of Helsinki)
6. ZTT Research Seminar, 07/25/2023, 15:00
Abstract: Reversible network covert channels restore the original carrier object before forwarding it to the overt receiver, drawing them a security threat hard to detect. Some of these covert channels utilize computational intensive operations, such as the calculation of cryptographic hashes.
Center for Technology und Transfer (ZTT) und Research & Transfer Office (F&T)
5. ZTT Research Seminar, 11/17/2023, 10:30
Abstract: All-day interdisciplinary exchange with presentation of research activities at Worms University, technical lectures on the topics: cyber security, AI, business and innovation as well as virtual and augmented reality, poster session and discussion
Prof. Dr. Jörg Keller, FernUniversität in Hagen
4. ZTT Research Seminar, 11/24/2022, 15:30
Abstract: Cryptographic hash functions have been studied for decades and are used in many protocols. Is there anything else to discover here? (This is what the Simon & Garfunkel referenece in the title refers to.)
The lecture will consider phenomena that occur when a hash function is applied multiple times to a seed, such as in Lamport's hash-based one-time passwords:
- Do you really have to use a 2n-bit hash function to have n-bit security, or is there a cheaper way?
- What does n-bit security even mean in this case?
- Can a longer seed value for hash chains help reduce hashing overhead without compromising security?
- Does it help if you use two hash functions of different widths?
Saffija Kasem-Madani, Doktorandin, Universität Bonn
3. ZTT Research Seminar, 01/04/2022
Abstract: The processing of personal data is omnipresent. In order to respect the privacy and informational self-determination of those affected, it is necessary to take measures to protect the confidentiality of the data. This includes, among other things, pseudonymisation.
To date, users have required expert knowledge of privacy-enhancing technologies (PET) to use pseudonymization processes.
The dissertation examines the fundamental question of how an effective, usability-preserving pseudonymization of personal data can be made accessible to broad user groups and thus practicable. To this end a framework is being developed with which pseudonymization can be achieved without expert knowledge, reducing the risk of the re-identification of those affected and maintaining very specific usability constraints. The framework consists of a requirements model for the definition of usability and confidentiality requirements, a description language for the machine-readable requirements description, a data structure for pseudonymization and translation rules for the derivation of customized pseudonymization. The framework is intended to facilitate the creation of pseudonymization, regardless of the application. The framework is evaluated within two use cases.
Prof. Dr. Alexandra Dmitrienko, Universität Würzburg
2. ZTT Research Seminar, 12/17/2021
Abstract: The proliferation of IoT devices is increasing at a fast pace, whether for private or business use. In the race for minimal production costs and under time-to-market pressure, the IoT industry often disregards even the most basic security protections, which have made today's IoT systems attractive and easy to attack targets. Furthermore, typical features of IoT systems such as resource constraints, battery-based power sources and asynchronous communication patterns complicate application of the state-of-the-art security mechanisms, especially for large-scale networks.
In this talk, we will talk about security challenges of large-scale IoT networks and present key results of the recently completed SIMPL project (2018-2021) which was funded by the German Federal Ministry of Education and Research (BMBF).
The project outcome is SIMPL – the Secure IoT Management Platform, which is intended for large-scale publish/subscribe IoT networks and enables essential security services, such as secure communication within groups of devices, key management, as well as network health monitoring and healing. The platform will soon be open-sourced and can serve as a basis for secure IoT products and further research projects.
Biography: Alexandra is a professor at the Julius-Maximilians-Universität Würzburg in Germany, where she heads the Secure Software Systems research group. Before taking her current faculty position in 2018, she worked for nearly 10 years in renowned security institutions in Germany and in Switzerland: Ruhr-University Bochum (2008-2011), Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt (2011-2015). ), and ETH Zurich (2016-2017). She holds a PhD in Security and Information Technology from TU Darmstadt (2015). Her PhD dissertation focused on security and privacy of mobile systems and applications and was awarded by the European Research Consortium in Informatics and Mathematics (ERCIM STM WG 2016 Award) and recognized as outstanding by Intel – she received an Intel Doctoral Student Honor Award.
Today, her research interests focus on various topics on secure software engineering, systems security and privacy, and security and privacy of mobile, cyber-physical, and distributed systems.
Prof. Dr. Daniel Spiekermann, Polizeiakademie Niedersachsen
1. ZTT Research Seminar, 10/19/2021
Abstract: Data centers are the backbone and the basis for the operation of company-relevant IT applications or the provision of publicly available services. Modern environments differ fundamentally from classic data centers, which still exist in companies due to long-term planning.
If a (usually gradual) conversion of a data center takes place, the paradigm for the provision of services usually also changes. Flexible and dynamic environments are being introduced that are based on virtual machines, virtual networks and virtualized storage. This paradigm shift creates completely new possibilities in the workflow, new processes are created and the increased automation possibilities enable faster and more flexible adjustments to ever-changing requirements.
However, the need to carry out IT security-related work remains unaffected by the paradigm shift. In addition to the well-known techniques such as data backup and virus protection, this also includes attack detection, data leakage prevention and forensic work to clarify unclear processes.
While these techniques were relatively well implemented in the area of classic environments, completely new problems arise in the implementation of IT security as a result of the significantly more dynamic environments.
Techniques such as machine learning are being used to cope with the new requirements. However, the virtual environments have a high level of dynamics in the processes, so that the previous approaches quickly reach their limits and the need for new and adapted approaches has increased significantly.