Below, we give an overview over selected internal research and development projects and over projects funded by third parties. We also provide a page with summaries of completed projects.
Increasingly, industrial control systems are networked across the Internet. Unfortunately, security is often a secondary concern for industry, compared to configuring remote access for maintenance and reporting. How serious is the risk that arises from industrial control systems that are connected to the Internet? Towards a comprehensive answer, the RiskViz project aims to develop Internet-wide scanning technology along with analysis and visualization tools and metrics. At the same time, the project investigates the legal risks of such scanning activities and aims to establish processes and means to manage these risks.
Funding period: May 2015 to April 2018.
See also: www.riskviz.de
If security technology is hard to use then users will not adopt it or, when forced to use it, will find ways to bypass it. Different groups of users have different needs and desires when it comes protection and security technology. Therefore, security technology may have to be tailored to specific user groups in order to be successful. The goal of our research on users and security is to find the best possible combinations of security and ease-of-use. Currently, we perform independent validations of shoulder surfing PIN entry schemes, we investigate password mechanisms, and we experiment with end-to-end encryption of e-mail.
The goal of the enzevalos project is to investigate means to render electronic mail encryption easy to use by most e-mail users. Key to our approach is the analysis of trade-offs between security and usability and the investigation of appropriate security functions and corresponding interaction techniques. Particular attention will be given to exchanging keys, mail account setup and intrinsic and extrinsic motivations to discover and explore encryption features. A major tool we will use in the project are user-driven design processes and user studies, both in the laboratory and in the field. Since mobile devices are outpacing other means to access the Internet we will focus on smartphone platforms in this project.
Funding period: January 2016 to December 2017.
See also: Project Enzevalos
Thomas Jefferson (Third President of the United States) once said “Whenever the people are well informed, they can be trusted with their own government; that whenever things get so far wrong as to attract their notice, they may be relied on to set them to rights.” If it were not for whistleblowers, we would perhaps never know what is most important to set to rights. However, not all whistleblowers will want to sacrifice their future for the common good, like Manning or Snowden. But how might one blow the whistle in secret under the all-seeing eye of the global intelligence community? This is a research challenge. Towards a solution we do research on unobservable communication.
The Automobile industry is quickly moving towards the connected car. This project investigates the means to deploy applications in automobiles remotely, in a fashion that is both flexible and secure. The objective of the project is to design the architecture of an embedded system that meets functional and security requirements within a set of real-world constraints. The principal security enforcement mechanism relies on TrustZone hardware. Our role in that project is to conduct a threat analysis and provide design guidance to industrial partners.
Funding period: June 2014 to May 2016.
The Domain Name System (DNS) and public key infrastructures (PKI) have served us well in the past. However, the evolution of omnibars in browsers testifies that DNS names slowly become obsolete. At the same time, efforts to merge DNS and PKI into DNSSEC yields a software stack with significantly increased complexity. Cryptid is about untangling the concepts behind DNS and PKI. The goal is a simplified stack of technology that separates concerns such as mapping servers and services to keys, authenticating keys and opening authenticated and encrypted connections to them.
See also: www.cryptid.io