News archive
Invited Talks
Invited Talk of Mathias Fischer, in 2024
On February 9th, 9:45am, Prof. Mathias Fischer from University of Hamburg will give a talk on ‘Security monitoring and APT detection’. The talk will take place at KIT in building 50.34, room 301.
Abstract: The talk provides an introduction in intrusion detection and will discuss advanced techniques in detecting targeted attacks. Starting from a classification of current Intrusion Detection Systems (IDS), examples for IDS solutions are given, the shortcomings of IDSs as well as attacks for their evasion are discussed, and models like the Cyberkillchain that are used to describe targeted attacks are introduced. Finally, I will give a few selected examples on our most recent research in this area, e.g., how to transparently monitor TLS-encrypted data and how to make targeted attacks visible that manifest in few malicious events only.
More about the scientist: https://www.inf.uni-hamburg.de/en/inst/ab/net/team/fischer.html
Invited Talk of Mohamed Maouche, in 2023
On November 24th, 9:45am, Dr. Mohamed Maouche from INRIA/PRIVATICS will give a talk on ‘Privacy Challenges in the Era of Deep Learning: Risks and Challenges’.
Abstract: The surge of deep-learning systems has developed an imperative to construct large datasets for their training. However, this growth in data collection also brings forth significant privacy concerns that the entire data pipeline puts at risk. These concerns manifest from the initial data acquisition stage, where the risk of data owner identification and sensitive information extraction emerge, to the final model deployment phase, where the model itself can be leveraged for inference attacks, including membership, reconstruction, and attribute inference. In this talk, we examine the diverse array of privacy risks inherent in this data pipeline and present a range of proposed solutions. These solutions are presented through practical use cases, such as speech anonymization within Automatic Speech Recognition (ASR) systems and decentralized collaborative filtering for recommender systems. Additionally, we delve into the distinctions between one-to-one anonymization techniques and synthetic data generation methods.
More about the scientist: https://mmaouche.github.io/
Invited Talk of Debajyoti Das, in 2023
On February 1st, 10am, Dr. Debajyoti Das from KU Leuven will give a talk on ‘OrgAn: Organizational Anonymity with Low Latency’.
Abstract: OrgAn demonstrates how to make public-key cryptographic solution scale equally well as the symmetric-cryptographic PriFi with practical pre-computation and storage requirements. Through a prototype implementation, we show that OrgAn provides similar throughput and end-to-end latency guarantees as PriFi, while still discounting the setup challenges in PriFi.
Invited Talk of David Basin, in 2022
We cordially invite you to an invited talk by Prof. David Basin (ETH Zurich) at KIT. He will give a talk entitled ‘Security by Design: a New Internet based on SCION’ and it will be given on Oct 21st, 9:45AM in building 50.41, room no. 145 at KIT campus. Professor Basin has been leading a research group on information security and software engineering at ETH Zurich since 2003.
Invited Talk Dr. Dantcheva, in 2022
On July 18, Dr. Antitza Dantcheva (INRIA) will give a talk entitled ‘Generation and Detection of Deepfakes’. The talk will take place at KIT in building 50.34, room 236 at 15:45.
Abstract: While highly intriguing, video generation has thrusted upon us the imminent danger of deepfakes, which can offer unprecedented levels of increasingly realistic manipulated videos. Deepfakes pose an imminent security threat to us all, and to date, deepfakes are able to mislead face recognition systems, as well as humans. Therefore, we design generation and detection methods in parallel.
More about the scientist: http://antitza.com/
Invited Talk of Aurélien Francillon, in 2022
On Friday 21st, Aurélien Francillon (associate professor, System and Software Security (S3) EURECOM) will give a talk on ‘An overview of telephony fraud and abuse’.
The lecture will be held via BBB, timespan 10:00–11:30.
More about the scientist: https://www.eurecom.fr/en/people/francillon-aurelien
Guest Talk Christopher Kruegel, in 2022
We're happy to have Prof. Christopher Kruegel (University of California) as our guest at KASTEL Distinguished Lectures. On Friday, November 12, 10am, he will give a talk on ‘Finding Vulnerabilities in Embedded Software’. The venue is room HS 101 in building 50.34 at KIT Campus South.
More about the scientist: https://cybersec.kcist.kit.edu/89.php
Invited Talk of Wouter Lueks, in 2021
Wouter Lueks (post-doctoral researcher at EPFL) will present ‘CrowdNotifier: Decentralized Privacy-Preserving Presence Tracing’ on November 3rd at 12:30.
Abstract: There is growing evidence that SARS-CoV-2 can be transmitted beyond close proximity contacts, in particular in closed and crowded environments with insufficient ventilation. To help mitigation efforts, contact tracers need a way to notify those who were present in such environments at the same time as infected individuals. Neither traditional human-based contact tracing powered by handwritten or electronic lists, nor Bluetooth-enabled proximity tracing can handle this problem efficiently. In this talk, I introduce CrowdNotifier, a protocol that can complement manual contact tracing by efficiently notifying visitors of venues and events with SARS-CoV-2-positive attendees. We prove that CrowdNotifier provides strong privacy and abuse-resistance, and show that it can scale to handle notification at a national scale.
Other News
On March 6, Prof. Lam Kwok Yan, Director of the Digital Trust Center in Singapore and Vice President of Nanyang Technological University, visited the KASTEL Security Research Labs in Karlsruhe. After presentations by the SECUSO research group which focuses on the human factor in IT security, the chair of Privacy and Security has shown parts of its ongoing research. Here, we demonstrated the risks attached to smart cities and their diverse and ubiquitous sensors. The data collected by various sensors is shown live on our demonstrator, providing an accessible visualization.
Article on the KASTEL siteOn February 29, Mr. Ioannis Legouras, head of the Brussels Office of the Helmholtz Association, visited KASTEL in Karlsruhe. In addition to a presentation by the Chair of Cryptography and Security about new approaches to securely process sensitive information, he was also given a demonstration of current research at the Chair of Privacy and Security. Here, we demonstrated the risks that arise in Smart Cities, as sensors collect more and a wider variety of data about citizens.
Article on the KASTEL siteWe are looking forward to having Prof. Mathias Fischer from the University of Hamburg (UHH) as a guest on February 9. As part of the lecture “Resilient Networking”, he will give a talk about Intrusion Detection Systems (IDS), and present advanced methods to detect attacks as well as recent research results.
The lecture will take place 9th of February, 2024, at 9:45 in room 301.
Prof. Fischer’s profile (UHH)On January 22nd, 2024, Prof. Strufe was invited to the University of Hamburg (UHH). In his talk “(Not so) Private in the Metaverse” he talks about data protection and privacy in Extended Reality, and why advertised methods of anonymization and pseudonymization are not sufficient to protect the users. He also presents recent results from studies conducted by the Privacy and Security chair.
Information on the UHH websiteWe are organising the First International Workshop on Security and Privacy in AR and extended realities, SePAR. The workshop will be held on the 4th of June 2024 in Perth, co-located with the 25th IEEE WoWMoM symposium.
The deadline for submissions is on the 23rd of Feburary 2024. More information about the topics and submission method can be found on the website of the workshop.
We are looking forward to many interesting submissions!
To the workshopWe congratulate Kilian Becher on his successful PhD defense!
In his thesis, Kilian engineers techniques which allow supply chains to be made verifiable, but still retain confidentiality to not expose trade secrets. He constructs protocols based on fully homomorphic encryption, proxy re-encryption and methods of differential privacy to achieve this goal.
Congratulations!
The paper “Composition in Differential Privacy for General Granularity Notions” (Patricia Guerra-Balboa, Àlex Miranda-Pascual, Javier Parra-Arnau, Thorsten Strufe) has been accepted at IEEE CSF 2024!
In this paper the scientists work with Differential Privacy and examine how differentially private mechanisms can be composed. Previous results from ‘sequential composition’ and ‘parallel composition’ are extended to more generalized settings.
Congratulations!
Link to the paperThe paper "Hybrid Testbed for Security Research in Software-Defined Networks" of our new PhD student Fritz Windisch (in cooperation with Kamyar Abedi, Tung Doan, Thorsten Strufe und Giang T. Nguyen) has been accepted at IEEE NFV-SDN 2023.
Fritz Windisch will present the paper at the conference in Dresden at the 8th of November.
Congratulations!
Link to the paperThe Chair of Privacy and Security is a new partner in the "Universitäres Telemedizinnetzwerk" (university telemedicine network) project. Together with the German university hospitals and the Dresden Institute for Data Protection (DID), a unified network is to be developed for better communication between clinics and the improved exchange of research data. The project focuses on COVID-19 and Long COVID data, but should also enable rapid collaboration for future crises.
Prof. Thorsten Strufe explains the specific challenge in this area:
"Since we are in the medical field, we are automatically dealing with very sensitive data. Here, we have to be particularly careful in our approach, as patients may be identified and very private information about them may be disclosed. So my group and I are looking at how we can protect the data during the merge and how it can be processed in the respective hospitals."
Link to the project website (German)The podcast INTO GERMANY! of GTAI has interviewed Prof. Strufe about the topic of cybersecurity. They talk specifically about the protection of companies against cyber attacks, and why achieving this protection is difficult.
Link to the episodeOn September 21st, 2023, Julian Todt is invited to present his work "On Risks and Anonymizations of Behavioral Biometrics" (with Simon Hanisch, Melanie Volkamer, Thorsten Strufe) at the socialBRIDGES e-conference of TU Dresden.
The presentation will start at 11:30 CEST and will be streamed publicly free of charge.
Recording of the talkThe paper "Zu Risiken und Anonymisierungen von Verhaltensbiometrie" (Simon Hanisch, Julian Todt, Melanie Volkamer, Thorsten Strufe) has been published in Daten-Fairness in einer globalisierten Welt. It is the written report of their presentation at Forum Privatheit 2022 (German).
The article provides an overview of the personal information that can be obtained from different sensor data and the resulting privacy risks. This is especially important in the face of growing augmented reality and virtual reality platforms, as they are equipped with a variety of sensors. Finally, the researchers provide possible solutions based on better information for users, more fine-grained rights management and various anonymization methods.
Congratulations!
Link to the article (German)The paper "PolySphinx: Extending the Sphinx Mix Format With Better Multicast Support" (Daniel Schadt, Christoph Coijanovic, Christiane Weis, Thorsten Strufe) has been accepted at IEEE S&P 2024!
In this paper, the scientists construct a new message format for anonymizing mix networks, which makes group communication more efficient. This helps in providing new applications on top of anonymous communication networks.
Congratulations!
The paper "Panini — Anonymous Anycast and an Instantiation" (Christoph Coijanovic, Christiane Kuhn, Thorsten Strufe) has been accepted at ESORICS 2023!
In this paper, the scientists formalize the idea of an "anonymous anycast", in which even a sender does not know to whom they are sending a message. This could be of use to activists who want to use a "dead man's switch". Additionally, they implement a protocol that satisfies the formal requirements.
Congratulations!
Paper preprintThe paper "A False Sense of Privacy: Towards a Reliable Evaluation Methodology for the Anonymization of Biometric Data" (Simon Hanisch, Julian Todt, Jose Patino, Nicholas Evans, Thorsten Strufe) has been accepted for publishing at PETS 2024!
In this paper, the scientists analyse with which methods anonymisation techniques are evaluated, and which shortcomings current methods have. They propose a new, stronger method, to provide a more reliable evaluation.
Congratulations!
Paper preprintPatricia Guerra-Balboa and Àlex Miranda-Pascual have won the Best Poster Award at the 2nd Community Congress of StartUpSecure KASTEL for their poster Differentially Private Trajectory Data. Congratulations!
Simon Hanisch for 6G-life at #its_konf23.
Thorsten Strufe during his talk at #its_konf23.
(The links are to posts on LinkedIn).
The German Federal Ministry of Education and Research will host the National Conference on IT Security Research from March 13-15, 2023. On March 15 from 10:45-12:15, Thorsten Strufe will speak on the panel 'International Collaborations in IT Security Research'.
To the conference (in german)Prof. Strufe was interviewed by ZDF for heute journal.
The topic of the short video is 'Time Machine: Communication' and is linked below this post.
We have two new papers accepted for PoPETs Symposium 2023:
'SoK: Differentially Private Publication of Trajectory Data' and 'Understanding person identification via gait'.
A list of all our publications authored at the chair can be found under the tab of the same name, or the link below.
Go to: PublicationsSupervised by Prof. Strufe
In 2023
Dr. Amr Osman
Dr. Jan Reubold
In 2022
Dr. Christiane Kuhn
Dr. Martin Byrenheid
Dr. Paul Walther
Thorsten Strufe is always a sought-after expert for the media. You will find a selection of his interviews here:
Märkische Allgemeine Zeitung (Newspaper), Topic: "Why the EU's General Data Protection Regulation (DSGVO) unjustly has a bad reputation". (german)
Spiegel Netzwelt, Topic: Innovations in Whatsapp. (german)
Matin Fallahi is looking for participants for an experiment on "Smart Factory".
Biometric data will be collected using an eye-tracker and a headset.
You can find out more about the experiment via the link below.
Matin Fallahi has won the first place in the CYS Biometrics Competition 2022. Congratulations!
Julian Todt won 1st place of the Academic Award of the CYBERSECURITY CONFERENCE 2022, which was awarded to him on Oktober 21 for his master thesis 'Towards a general approach for reversing biometric data
anonymization' (supervised by Simon Hanisch). Congratulations!
The Graduate School invites all (prospective) doctoral researchers to join them next Tuesday, December 13 at 5:15 pm (CS, building 50.34, room 252) for the first 'Ask the Professor' session. Our chair professor Dr. Thorsten Strufe is one of the three scholars you can direct your questions to.
For more information, please visit the page linked below.
Registration pageIn collaboration with CeTI: in the paper we investigate how identifying (recorded) gait actually is, and how difficult it will be to effectively anonymize, or protect this data in any other sensible way. Congrats to Evelyn and Simon!
PreprintThorsten Strufe: 'The preprint of our PETS paper on Facebook collecting data from (all sorts of!) third parties and its ineffective consent procedure is online, thanks Patricia Arias Cabarcos!'
Find the link to the paper below.
About the paper50 years ago, the first faculty for computer science at a German university was established in Karlsruhe. Time for celebration! The faculty is organizing a ceremony on Thursday, October 20, starting at 11 a.m. in the Tullahörsaal, which will be celebrated by exciting lectures and a panel discussion. Please find the program and the link to the registration below.
About the jubileeThorsten Strufe will give a tutorial on 'Privacy of Behavioral Data' at this year's EMBEDDED SYSTEMS WEEK on October 9.
ESWEEK will take place in Shanghai and hybrid.
More about ESWEEK
On June 30, Thorsten Strufe will give a talk at the OpenS3 Lab's workshop 'Emerging Challenges in Cybersecurity and Privacy' entitled 'You better act normal! Ubiquitous electronic observation: Threats and Attempted Solutions.' More information about the program can be found via the link below.
With this presentation he is also represented at the Honda Research Colloquium on Security and Privacy in Frankfurt (June 15) and the Heinz Nixdorf Symposium in Paderborn (Sept. 15).
opens3-lab.com/eventsIn view of the war in Ukraine, the BSI is calling for increased vigilance and readiness to react on the Internet. Dangers in this context are phishing e-mails relating to offers of help and fake news. Therefore, the research groups SECUSO (Security-Usability-Society) and PS (Practical IT-Security) offer an online course for citizens.
The course is in german, online via Zoom on 5/5/2022, 7-8pm.
More about this course and praticipationThe paper 'Ray-tracing based Inference Attacks on Physical Layer Security' by Paul Walther, Markus Richter and Thorsten Strufe was awarded with the Best Paper Award of NetSys 2021!
Link to articleThe Paper "Side-channel attacks on query-based data anonymization" was published on this years CCS. Authors are: Franziska Boenisch (Fraunhofer AISEC); Reinhard Munz (Max Planck Institute for Software Systems (MPI-SWS)); Marcel Tiepelt (Karlsruhe Institute of Technology); Simon Hanisch and Christiane Kuhn (Karlsruhe Institute of Technology); Paul Francis (Max Planck Institute for Software Systems (MPI-SWS)).
We offer four fully funded positions to do a PhD or Post-Doc (co-supervision of PhD students, in case of interest) on 6G security and privacy (location privacy, availability, security architectures, practical quantum key generation) at KIT/KASTEL and Excellence Cluster CeTI.
Contact: Thorsten Strufe
Our job pageThe paper "Is the Buzz on? - A Buzz Detection System for Viral Posts in Social Media" was published. Here, Facebook posts were examined to develop a buzz detection system. For more details, see the paper linked below.
Authors: Thorsten Strufe, Clemens Deusser, Nora Jansen and Oliver Hinz.
paper onlineWe have a fully funded position to pursue a PhD (or join us as a postdoc) as part of our French-German project Propolis (on Smart City Privacy), in a consortium with Eurecom, SAP, and The Urban Institute. We will primarily work on publishing location trajectories with DP guarantees and differentially private ML on location data (for instance for traffic management, public security, and risk management in smart cities).
Contact: Thorsten Strufe and Javier Parra-Arnau
Our job pageChristoph Coijanovic won 1st place of the Academic Award of the CYBERSECURITY CONFERENCE 2021, which was awarded to him on Oktober 22 for his master thesis "Privacy Analysis of Anonymous Communication Networks at Example of Vuvuzela" (supervised by Christiane Kuhn). Congratulations!
Thorsten Strufe gives a talk about ProMACs on September 28 at 10:30 am. For further information check the link below.
centre inriaAmr Osman and Jeannine Born (TU Dresden) won Telekom Challenge 2021, receiving the first prize of 150,000 euros for their idea on "automatic network isolation of IoT devices". Congratulations!
more information from TU Dresden (german article)
From September 21 to 23, CeTI will be offering an exciting on- and offline program on the topic of "smart textiles and wearables". The offer ranges from lectures to workshops, for which you can register online. You can find the link below.
registration and programme of CeTI Summer SchoolFlorian Thie received the TU Dresden award for his thesis "Analysis of complex anonymization networks at the case study of Aqua".
He was supervised by Christiane Kuhn and Simon Hanisch, the first examiner was Thorsten Strufe.
The paper entitled "2PPS - Publish/Subscribe with Provable Privacy" by Sarah Abdelwahab Gaballah and Max Mühlhäuser (both TU Darmstadt), Christoph Coijanovic and Thorsten Strufe has been accepted for the SRDS 2021 conference (September 20.-23.).
The paper is about publish/subscribe systems (such as Twitter) that provide strong and provable privacy protections for both publishers of messages and subscribers.
more about the conferenceAs part of the KIT Open Day under the motto "7 Days - 7 Questions - 7 Formats", Thorsten Strufe was a discussion guest on the topic "Electron Brains & Cyborgs" - Artificial Intelligence revolutionizes the world. You can find the link to the video below.
recording of discussion (german)The video of our opening panel at 'Bonner Tage der Demokratie' is online. Thanks for a very nice discussion (in German) with Lorena Jaume-Palasí, Katharina Mosene, Rebekka Weiß, Ulrich Kelber, and Jan Schallaböck - moderated very professional by Ute Lange - about giving up fundamental rights to use online services. - Prof. Strufe
video linkProf. Strufe will give a talk on "ProMACs: Leveraging the Streaming Paradigm to Improve Integrity without Transmission Cost" at a colloquium at the University of Hamburg on Monday, May 31, 21.
The event will take place via zoom, starting at 17:15.
registration (Informatik Uni Hamburg)Our paper “Inexpensive Brainwave Authentication: New Techniques and Insights on User Acceptance” has been accepted for presentation at the 30th USENIX Security Symposium. In this research, we explore and evaluate different brain biometric techniques to authenticate users with consumer BCI tools and investigate user perceptions towards accepting such technologies. Our results show that it is feasible to recognize users based on brain responses to images. With regard to adoption, users call for simpler devices, faster authentication, and better privacy.
Thorsten Strufe is a discussion guest at the 'Bonner Tage der Demokratie' (engl. Bonn Days of Democracy).
On May 4, starting at 7 p.m., he will speak in the opening panel about fundamental rights in relation to social media.
"Tactile Internet" is on the shelves of your (online) bookstore since March 22! Thanks to our co-authors!
We are proud to announce the opening talk for our “Distinguished Lecture Series in Cybersecurity” on June 11th! Prof. Johannes Buchmann will speak about Sustainable Cybersecurity and Privacy. #KASTEL
Prof. Strufe commented on Google's move away from conventional marketing to data collection via FLoC.
You can find the article on heise.de linked below.
Furthermore, Deutschlandfunk also talked to Prof. Strufe about this topic.
german article on heise.deProf. Dr. Thorsten Strufe will give a talk titled ProMACs: Leveraging the Streaming Paradigm to Improve Integrity without Transmission Cost at the Ifl Colloquium at the University of Zurich on May 27th this year.
The program of the colloquium can be found here.
Our article "Browsing Unicity: On the Limits of Anonymizing Web Tracking Data" (Clemens Deusser, Steffen Passmann and Thorsten Strufe) has been accepted for presentation at the IEEE S&P ("Oakland")! In the paper we examine the "anonymizing methods" commonly used by industry and show that they are largely ineffective even when applied to an extent that essentially destroys all utility of web tracking data. Using the example of a data set of a large European audience measurement provider, we show that the claim that "coarsening" leads to de-identified data sets is nonsense, since even in extreme cases anonymity is not achieved. Clemens Deusser will present the article at the IEEE S&P in May 2020, congratulations Clemens and Steffen!
Our article "Breaking and (Partially) Fixing Provably Secure Onion Routing" (Christiane Kuhn, Martin Beck and Thorsten Strufe) has been accepted for presentation at IEEE S&P ("Oakland")! In the paper we identify a vulnerability in a lightweight anonymization system ("HORNET") which was previously considered to be proven secure. We then find a vulnerability in the underlying packet format SPHINX, which is also used for other anonymization services. Finally, we find that the evidence framework of Camenish and Lysyanskaya used in both cases is flawed and fix the found bugs to share. Christiane Kuhn presents the article at the IEEE S&P in May 2020. Congrats, Christiane and Martin!
Thorsten Strufe is giving an invited lecture at TU Graz on the topic "On the Limits of 'Anonymizing' Web Tracking Data by Generalization" on December, 18th.
AbstractThorsten Strufe is giving an invited lecture at the University of Kiel on the topic "On Privacy Notions in Anonymous Communications" on December 13.
Thorsten Strufe is giving an invited lecture, entitled "On the Limits of 'Anonymizing' Web Tracking Data by Generalization" at UC Irvine, on Dec. 9th.
Thorsten Strufe is holding an invited talk at the final ENCASE Workshop “Cybersafety: Threats and Intelligent Parental Advice Tools for Protection in Social Networks”, entitled "On the Limits of 'Anonymizing' Web Tracking Data by Generalization" on October 18th.
Patricia Cabarcos is presenting our paper "'I don’t see why I would ever want to use it': Analyzing the Usability of Popular Smartphone Password Managers" at ACM CCS in London, on Sept. 14th!
On February 3, Thorsten Strufe will give his inaugural lecture, entitled "Privacy and freedom or surveillance and censorship in web and mobile apps? (Thorsten Strufe -- from Hamburg to Karlsruhe, with small detours)" in the context of the semester colloquium of the Faculty of Informatics at KIT.
Everybody is cordially envited! :-)
Update: The slides of the lecture can be found here.
Thorsten Strufe is giving the keynote on "Security, the Elusive Goal of Privacy, and the Surprising Difficulties around Corona Tracing" at this year's ARES conference!
ARES on twitterOur research at work -- the system we designed and published in 2017 is now going live, at the German ABC! Congrats to Steffen Passmann, who was the driving force behind our collaboration, too!
article digital inside
Thorsten Strufe is giving an invited lecture on the tactile Internet at the New Year's Reception at the University of Jena on January 8.