News archive

Here you can read our news highlights.
Invited Talks

Invited Talk of Mathias Fischer, in 2024
On February 9th, 9:45am, Prof. Mathias Fischer from University of Hamburg will give a talk on ‘Security monitoring and APT detection’. The talk will take place at KIT in building 50.34, room 301.

Abstract: The talk provides an introduction in intrusion detection and will discuss advanced techniques in detecting targeted attacks. Starting from a classification of current Intrusion Detection Systems (IDS), examples for IDS solutions are given, the shortcomings of IDSs as well as attacks for their evasion are discussed, and models like the Cyberkillchain that are used to describe targeted attacks are introduced. Finally, I will give a few selected examples on our most recent research in this area, e.g., how to transparently monitor TLS-encrypted data and how to make targeted attacks visible that manifest in few malicious events only.

More about the scientist: https://www.inf.uni-hamburg.de/en/inst/ab/net/team/fischer.html

Invited Talk of Mohamed Maouche, in 2023
On November 24th, 9:45am, Dr. Mohamed Maouche from INRIA/PRIVATICS will give a talk on ‘Privacy Challenges in the Era of Deep Learning: Risks and Challenges’.

Abstract: The surge of deep-learning systems has developed an imperative to construct large datasets for their training. However, this growth in data collection also brings forth significant privacy concerns that the entire data pipeline puts at risk. These concerns manifest from the initial data acquisition stage, where the risk of data owner identification and sensitive information extraction emerge, to the final model deployment phase, where the model itself can be leveraged for inference attacks, including membership, reconstruction, and attribute inference. In this talk, we examine the diverse array of privacy risks inherent in this data pipeline and present a range of proposed solutions. These solutions are presented through practical use cases, such as speech anonymization within Automatic Speech Recognition (ASR) systems and decentralized collaborative filtering for recommender systems. Additionally, we delve into the distinctions between one-to-one anonymization techniques and synthetic data generation methods.

More about the scientist: https://mmaouche.github.io/

Invited Talk of Debajyoti Das, in 2023
On February 1st, 10am, Dr. Debajyoti Das from KU Leuven will give a talk on ‘OrgAn: Organizational Anonymity with Low Latency’.

Abstract: OrgAn demonstrates how to make public-key cryptographic solution scale equally well as the symmetric-cryptographic PriFi with practical pre-computation and storage requirements. Through a prototype implementation, we show that OrgAn provides similar throughput and end-to-end latency guarantees as PriFi, while still discounting the setup challenges in PriFi.

Invited Talk of David Basin, in 2022
We cordially invite you to an invited talk by Prof. David Basin (ETH Zurich) at KIT. He will give a talk entitled ‘Security by Design: a New Internet based on SCION’ and it will be given on Oct 21st, 9:45AM in building 50.41, room no. 145 at KIT campus. Professor Basin has been leading a research group on information security and software engineering at ETH Zurich since 2003.

Invited Talk Dr. Dantcheva, in 2022
On July 18, Dr. Antitza Dantcheva (INRIA) will give a talk entitled ‘Generation and Detection of Deepfakes’. The talk will take place at KIT in building 50.34, room 236 at 15:45.

Abstract: While highly intriguing, video generation has thrusted upon us the imminent danger of deepfakes, which can offer unprecedented levels of increasingly realistic manipulated videos. Deepfakes pose an imminent security threat to us all, and to date, deepfakes are able to mislead face recognition systems, as well as humans. Therefore, we design generation and detection methods in parallel.

More about the scientist: http://antitza.com/

Invited Talk of Aurélien Francillon, in 2022
On Friday 21st, Aurélien Francillon (associate professor, System and Software Security (S3) EURECOM) will give a talk on ‘An overview of telephony fraud and abuse’.
The lecture will be held via BBB, timespan 10:00–11:30.

More about the scientist: https://www.eurecom.fr/en/people/francillon-aurelien

Guest Talk Christopher Kruegel, in 2022
We're happy to have Prof. Christopher Kruegel (University of California) as our guest at KASTEL Distinguished Lectures. On Friday, November 12, 10am, he will give a talk on ‘Finding Vulnerabilities in Embedded Software’. The venue is room HS 101 in building 50.34 at KIT Campus South.

More about the scientist: https://cybersec.kcist.kit.edu/89.php

Invited Talk of Wouter Lueks, in 2021
Wouter Lueks (post-doctoral researcher at EPFL) will present ‘CrowdNotifier: Decentralized Privacy-Preserving Presence Tracing’ on November 3rd at 12:30.

Abstract: There is growing evidence that SARS-CoV-2 can be transmitted beyond close proximity contacts, in particular in closed and crowded environments with insufficient ventilation. To help mitigation efforts, contact tracers need a way to notify those who were present in such environments at the same time as infected individuals. Neither traditional human-based contact tracing powered by handwritten or electronic lists, nor Bluetooth-enabled proximity tracing can handle this problem efficiently. In this talk, I introduce CrowdNotifier, a protocol that can complement manual contact tracing by efficiently notifying visitors of venues and events with SARS-CoV-2-positive attendees. We prove that CrowdNotifier provides strong privacy and abuse-resistance, and show that it can scale to handle notification at a national scale.

Other News
Paper accepted at CSF 2024

The paper “Composition in Differential Privacy for General Granularity Notions” (Patricia Guerra-Balboa, Àlex Miranda-Pascual, Javier Parra-Arnau, Thorsten Strufe) has been accepted at IEEE CSF 2024!

In this paper the scientists work with Differential Privacy and examine how differentially private mechanisms can be composed. Previous results from ‘sequential composition’ and ‘parallel composition’ are extended to more generalized settings.

Congratulations!

Link to the paper
Paper at IEEE NFV-SDN

The paper "Hybrid Testbed for Security Research in Software-Defined Networks" of our new PhD student Fritz Windisch (in cooperation with Kamyar Abedi, Tung Doan, Thorsten Strufe und Giang T. Nguyen) has been accepted at IEEE NFV-SDN 2023.

Fritz Windisch will present the paper at the conference in Dresden at the 8th of November.

Congratulations!

Link to the paper
Partner in the new project "Universitäres Telemedizinnetzwerk"

The Chair of Privacy and Security is a new partner in the "Universitäres Telemedizinnetzwerk" (university telemedicine network) project. Together with the German university hospitals and the Dresden Institute for Data Protection (DID), a unified network is to be developed for better communication between clinics and the improved exchange of research data. The project focuses on COVID-19 and Long COVID data, but should also enable rapid collaboration for future crises.

Prof. Thorsten Strufe explains the specific challenge in this area:

"Since we are in the medical field, we are automatically dealing with very sensitive data. Here, we have to be particularly careful in our approach, as patients may be identified and very private information about them may be disclosed. So my group and I are looking at how we can protect the data during the merge and how it can be processed in the respective hospitals."

Link to the project website (German)
"INTO GERMANY!" podcast interviews Prof. Strufe

The podcast INTO GERMANY! of GTAI has interviewed Prof. Strufe about the topic of cybersecurity. They talk specifically about the protection of companies against cyber attacks, and why achieving this protection is difficult.

Link to the episode
Invited talk at socialBRIDGES

On September 21st, 2023, Julian Todt is invited to present his work "On Risks and Anonymizations of Behavioral Biometrics" (with Simon Hanisch, Melanie Volkamer, Thorsten Strufe) at the socialBRIDGES e-conference of TU Dresden.

The presentation will start at 11:30 CEST and will be streamed publicly free of charge.

Recording of the talk
"Forum Privatheit"-paper published

The paper "Zu Risiken und Anonymisierungen von Verhaltensbiometrie" (Simon Hanisch, Julian Todt, Melanie Volkamer, Thorsten Strufe) has been published in Daten-Fairness in einer globalisierten Welt. It is the written report of their presentation at Forum Privatheit 2022 (German).

The article provides an overview of the personal information that can be obtained from different sensor data and the resulting privacy risks. This is especially important in the face of growing augmented reality and virtual reality platforms, as they are equipped with a variety of sensors. Finally, the researchers provide possible solutions based on better information for users, more fine-grained rights management and various anonymization methods.

Congratulations!

Link to the article (German)
Paper accepted at S&P 2024

The paper "PolySphinx: Extending the Sphinx Mix Format With Better Multicast Support" (Daniel Schadt, Christoph Coijanovic, Christiane Weis, Thorsten Strufe) has been accepted at IEEE S&P 2024!

In this paper, the scientists construct a new message format for anonymizing mix networks, which makes group communication more efficient. This helps in providing new applications on top of anonymous communication networks.

Congratulations!

Paper accepted at ESORICS 2023

The paper "Panini — Anonymous Anycast and an Instantiation" (Christoph Coijanovic, Christiane Kuhn, Thorsten Strufe) has been accepted at ESORICS 2023!

In this paper, the scientists formalize the idea of an "anonymous anycast", in which even a sender does not know to whom they are sending a message. This could be of use to activists who want to use a "dead man's switch". Additionally, they implement a protocol that satisfies the formal requirements.

Congratulations!

Paper preprint
Paper accepted at PETS 2024

The paper "A False Sense of Privacy: Towards a Reliable Evaluation Methodology for the Anonymization of Biometric Data" (Simon Hanisch, Julian Todt, Jose Patino, Nicholas Evans, Thorsten Strufe) has been accepted for publishing at PETS 2024!

In this paper, the scientists analyse with which methods anonymisation techniques are evaluated, and which shortcomings current methods have. They propose a new, stronger method, to provide a more reliable evaluation.

Congratulations!

Paper preprint
Bild der Preisübergabe
Best Poster Award at StartUpSecure

Patricia Guerra-Balboa and Àlex Miranda-Pascual have won the Best Poster Award at the 2nd Community Congress of StartUpSecure KASTEL for their poster Differentially Private Trajectory Data. Congratulations!

Link to the poster (PDF)

Nationale Konferenz IT-Sicherheitsforschung

 

Simon Hanisch for 6G-life at #its_konf23.

Thorsten Strufe during his talk at #its_konf23.

(The links are to posts on LinkedIn).

 

Talk at National Security Conference Berlin

The German Federal Ministry of Education and Research will host the National Conference on IT Security Research from March 13-15, 2023. On March 15 from 10:45-12:15, Thorsten Strufe will speak on the panel 'International Collaborations in IT Security Research'.

To the conference (in german)
Strufe at ZDF

Prof. Strufe was interviewed by ZDF for heute journal.
The topic of the short video is 'Time Machine: Communication' and is linked below this post.

Link to video (german)
New Publications!

We have two new papers accepted for PoPETs Symposium 2023:

'SoK: Differentially Private Publication of Trajectory Data' and 'Understanding person identification via gait'.

A list of all our publications authored at the chair can be found under the tab of the same name, or the link below.

Go to: Publications
Theses successfully defended

Supervised by Prof. Strufe

In 2023

Dr. Amr Osman

Dr. Jan Reubold

In 2022

Dr. Christiane Kuhn

Dr. Martin Byrenheid

Dr. Paul Walther

Strufe and the media

Thorsten Strufe is always a sought-after expert for the media. You will find a selection of his interviews here:

Märkische Allgemeine Zeitung (Newspaper), Topic: "Why the EU's General Data Protection Regulation (DSGVO) unjustly has a bad reputation". (german)

Spiegel Netzwelt, Topic: Innovations in Whatsapp. (german)

 

Call for participants!

Matin Fallahi is looking for participants for an experiment on "Smart Factory".
Biometric data will be collected using an eye-tracker and a headset.
You can find out more about the experiment via the link below.

Find out more
Prize for Matin Fallahi

Matin Fallahi has won the first place in the CYS Biometrics Competition 2022. Congratulations!

Prize for Julian Todt

Julian Todt won 1st place of the Academic Award of the CYBERSECURITY CONFERENCE 2022, which was awarded to him on Oktober 21 for his master thesis 'Towards a general approach for reversing biometric data
anonymization' (supervised by Simon Hanisch). Congratulations!

Graduate School Cyber Security

The Graduate School invites all (prospective) doctoral researchers to join them next Tuesday, December 13 at 5:15 pm (CS, building 50.34, room 252) for the first 'Ask the Professor' session. Our chair professor Dr. Thorsten Strufe is one of the three scholars you can direct your questions to.

For more information, please visit the page linked below.

Registration page
Paper accepted!

In collaboration with CeTI: in the paper we investigate how identifying (recorded) gait actually is, and how difficult it will be to effectively anonymize, or protect this data in any other sensible way. Congrats to Evelyn and Simon!

Preprint
PETS Paper

Thorsten Strufe: 'The preprint of our PETS paper on Facebook collecting data from (all sorts of!) third parties and its ineffective consent procedure is online, thanks Patricia Arias Cabarcos!'

Find the link to the paper below.

About the paper
Jubilee

50 years ago, the first faculty for computer science at a German university was established in Karlsruhe. Time for celebration! The faculty is organizing a ceremony on Thursday, October 20, starting at 11 a.m. in the Tullahörsaal, which will be celebrated by exciting lectures and a panel discussion. Please find the program and the link to the registration below.

About the jubilee
Tutorial at ESWEEK '22

Thorsten Strufe will give a tutorial on 'Privacy of Behavioral Data' at this year's EMBEDDED SYSTEMS WEEK on October 9.

ESWEEK will take place in Shanghai and hybrid.

 

 

More about ESWEEK
Talk in Darmstadt

On June 30, Thorsten Strufe will give a talk at the OpenS3 Lab's workshop 'Emerging Challenges in Cybersecurity and Privacy' entitled 'You better act normal! Ubiquitous electronic observation: Threats and Attempted Solutions.' More information about the program can be found via the link below.

With this presentation he is also represented at the Honda Research Colloquium on Security and Privacy in Frankfurt (June 15) and the Heinz Nixdorf Symposium in Paderborn (Sept. 15).

opens3-lab.com/events
Charity cybersecurity course for Ukraine

In view of the war in Ukraine, the BSI is calling for increased vigilance and readiness to react on the Internet. Dangers in this context are phishing e-mails relating to offers of help and fake news. Therefore, the research groups SECUSO (Security-Usability-Society) and PS (Practical IT-Security) offer an online course for citizens.

The course is in german, online via Zoom on 5/5/2022, 7-8pm. 

More about this course and praticipation
Paper awarded

The paper 'Ray-tracing based Inference Attacks on Physical Layer Security' by Paul Walther, Markus Richter and Thorsten Strufe was awarded with the Best Paper Award of NetSys 2021!

Link to article
Paper published

The Paper "Side-channel attacks on query-based data anonymization" was published on this years CCS. Authors are: Franziska Boenisch (Fraunhofer AISEC); Reinhard Munz (Max Planck Institute for Software Systems (MPI-SWS)); Marcel Tiepelt (Karlsruhe Institute of Technology); Simon Hanisch and Christiane Kuhn (Karlsruhe Institute of Technology); Paul Francis (Max Planck Institute for Software Systems (MPI-SWS)).

PhD/Post-Doc

We offer four fully funded positions to do a PhD or Post-Doc (co-supervision of PhD students, in case of interest) on 6G security and privacy (location privacy, availability, security architectures, practical quantum key generation) at KIT/KASTEL and Excellence Cluster CeTI.

Contact: Thorsten Strufe

Our job page
Paper published

The paper "Is the Buzz on? - A Buzz Detection System for Viral Posts in Social Media" was published. Here, Facebook posts were examined to develop a buzz detection system. For more details, see the paper linked below.

Authors: Thorsten Strufe, Clemens Deusser, Nora Jansen and Oliver Hinz. 

paper online
PhD position ML privacy

We have a fully funded position to pursue a PhD (or join us as a postdoc) as part of our French-German project Propolis (on Smart City Privacy), in a consortium with Eurecom, SAP, and The Urban Institute. We will primarily work on publishing location trajectories with DP guarantees and differentially private ML on location data (for instance for traffic management, public security, and risk management in smart cities).

Contact: Thorsten Strufe and Javier Parra-Arnau

Our job page
Prize for Christoph Coijanovic

Christoph Coijanovic won 1st place of the Academic Award of the CYBERSECURITY CONFERENCE 2021, which was awarded to him on Oktober 22 for his master thesis "Privacy Analysis of Anonymous Communication Networks at Example of Vuvuzela" (supervised by Christiane Kuhn). Congratulations! 

Invited Talk at Inria

Thorsten Strufe gives a talk about ProMACs on September 28 at 10:30 am. For further information check the link below.

centre inria
Telekom-Prize for Amr Osman

Amr Osman and Jeannine Born (TU Dresden) won Telekom Challenge 2021, receiving the first prize of 150,000 euros for their idea on "automatic network isolation of IoT devices". Congratulations!

 

more information from TU Dresden (german article)
from our network: CeTI Summer School

From September 21 to 23, CeTI will be offering an exciting on- and offline program on the topic of "smart textiles and wearables". The offer ranges from lectures to workshops, for which you can register online. You can find the link below.

registration and programme of CeTI Summer School
Diploma Award for Florian Thie

Florian Thie received the TU Dresden award for his thesis "Analysis of complex anonymization networks at the case study of Aqua".

He was supervised by Christiane Kuhn and Simon Hanisch, the first examiner was Thorsten Strufe.

Paper accepted at SRDS conference

The paper entitled "2PPS - Publish/Subscribe with Provable Privacy" by Sarah Abdelwahab Gaballah and Max Mühlhäuser (both TU Darmstadt), Christoph Coijanovic and Thorsten Strufe has been accepted for the SRDS 2021 conference (September 20.-23.).

The paper is about publish/subscribe systems (such as Twitter) that provide strong and provable privacy protections for both publishers of messages and subscribers.

more about the conference
"Elektronengehirne & Cyborgs" - Interview

As part of the KIT Open Day under the motto "7 Days - 7 Questions - 7 Formats", Thorsten Strufe was a discussion guest on the topic "Electron Brains & Cyborgs" - Artificial Intelligence revolutionizes the world. You can find the link to the video below.

recording of discussion (german)
Video of 'Bonner Tage der Demokratie'

The video of our opening panel at 'Bonner Tage der Demokratie' is online. Thanks for a very nice discussion (in German) with Lorena Jaume-Palasí, Katharina Mosene, Rebekka Weiß, Ulrich Kelber, and Jan Schallaböck - moderated very professional by Ute Lange - about giving up fundamental rights to use online services. - Prof. Strufe

video link
Talk at Uni Hamburg on May 31

Prof. Strufe will give a talk on "ProMACs: Leveraging the Streaming Paradigm to Improve Integrity without Transmission Cost" at a colloquium at the University of Hamburg on Monday, May 31, 21.

The event will take place via zoom, starting at 17:15.

registration (Informatik Uni Hamburg)
Paper accepted at 'USENIX Security 2021'

Our paper “Inexpensive Brainwave Authentication: New Techniques and Insights on User Acceptance” has been accepted for presentation at the 30th USENIX Security Symposium. In this research, we explore and evaluate different brain biometric techniques to authenticate users with consumer BCI tools and investigate user perceptions towards accepting such technologies. Our results show that it is feasible to recognize users based on brain responses to images. With regard to adoption, users call for simpler devices, faster authentication, and better privacy.

Strufe at 'Bonner Tage der Demokratie'

Thorsten Strufe is a discussion guest at the 'Bonner Tage der Demokratie' (engl. Bonn Days of Democracy).

On May 4, starting at 7 p.m., he will speak in the opening panel about fundamental rights in relation to social media.

New Book

"Tactile Internet" is on the shelves of your (online) bookstore since March 22! Thanks to our co-authors!

Save the date!

We are proud to announce the opening talk for our “Distinguished Lecture Series in Cybersecurity” on June 11th! Prof. Johannes Buchmann will speak about Sustainable Cybersecurity and Privacy. #KASTEL

Article on k-anonymity

Prof. Strufe commented on Google's move away from conventional marketing to data collection via FLoC.

You can find the article on heise.de linked below.

Furthermore, Deutschlandfunk also talked to Prof. Strufe about this topic.

german article on heise.de
Talk at University of Zurich

Prof. Dr. Thorsten Strufe will give a talk titled ProMACs: Leveraging the Streaming Paradigm to Improve Integrity without Transmission Cost at the Ifl Colloquium at the University of Zurich on May 27th this year.

The program of the colloquium can be found here.

Paper accepted at IEEE S&P 2020

Our article "Browsing Unicity: On the Limits of Anonymizing Web Tracking Data" (Clemens Deusser, Steffen Passmann and Thorsten Strufe) has been accepted for presentation at the IEEE S&P ("Oakland")! In the paper we examine the "anonymizing methods" commonly used by industry and show that they are largely ineffective even when applied to an extent that essentially destroys all utility of web tracking data. Using the example of a data set of a large European audience measurement provider, we show that the claim that "coarsening" leads to de-identified data sets is nonsense, since even in extreme cases anonymity is not achieved. Clemens Deusser will present the article at the IEEE S&P in May 2020, congratulations Clemens and Steffen!

Paper accepted at IEEE S&P 2020

Our article "Breaking and (Partially) Fixing Provably Secure Onion Routing" (Christiane Kuhn, Martin Beck and Thorsten Strufe) has been accepted for presentation at IEEE S&P ("Oakland")! In the paper we identify a vulnerability in a lightweight anonymization system ("HORNET") which was previously considered to be proven secure. We then find a vulnerability in the underlying packet format SPHINX, which is also used for other anonymization services. Finally, we find that the evidence framework of Camenish and Lysyanskaya used in both cases is flawed and fix the found bugs to share. Christiane Kuhn presents the article at the IEEE S&P in May 2020. Congrats, Christiane and Martin!

Invited Talk at TU Graz

Thorsten Strufe is giving an invited lecture at TU Graz on the topic "On the Limits of 'Anonymizing' Web Tracking Data by Generalization" on December, 18th.

Abstract
Invited talk at Uni Kiel

Thorsten Strufe is giving an invited lecture at the University of Kiel on the topic "On Privacy Notions in Anonymous Communications" on December 13.

Invited talk at UC Irvine

Thorsten Strufe is giving an invited lecture, entitled "On the Limits of 'Anonymizing' Web Tracking Data by Generalization" at UC Irvine, on Dec. 9th.

 

Invited talk at the final ENCASE Workshop on Cybersafety

Thorsten Strufe is holding an invited talk at the final ENCASE Workshop “Cybersafety: Threats and Intelligent Parental Advice Tools for Protection in Social Networks”, entitled "On the Limits of 'Anonymizing' Web Tracking Data by Generalization" on October 18th.

Paper presented at ACM CCS

Patricia Cabarcos is presenting our paper "'I don’t see why I would ever want to use it': Analyzing the Usability of Popular Smartphone Password Managers" at ACM CCS in London, on Sept. 14th!

Inaugural lecture

On February 3, Thorsten Strufe will give his inaugural lecture, entitled "Privacy and freedom or surveillance and censorship in web and mobile apps? (Thorsten Strufe -- from Hamburg to Karlsruhe, with small detours)" in the context of the semester colloquium of the Faculty of Informatics at KIT.
Everybody is cordially envited! :-)
Update: The slides of the lecture can be found here.

Keynote Speech

Thorsten Strufe is giving the keynote on "Security, the Elusive Goal of Privacy, and the Surprising Difficulties around Corona Tracing" at this year's ARES conference!

ARES on twitter
INFOnline

Our research at work -- the system we designed and published in 2017 is now going live, at the German ABC! Congrats to Steffen Passmann, who was the driving force behind our collaboration, too!

 

article digital inside
Invited Talk at Uni Jena

Thorsten Strufe is giving an invited lecture on the tactile Internet at the New Year's Reception at the University of Jena on January 8.