Welcome at the Chair of IT Security

We work on all aspects of technical data protection and network and IT security. We are primarily interested in privacy, i.e. the protection of individuals against the misuse of their data.

Over the past decades, digital technologies have developed rapidly. The advent of digital transformation and the interconnectivity of all areas of life opens up a wealth of new possibilities. Autonomous networked vehicles, cloud computing, industry 4.0, virtual reality with haptic feedback, online banking or social networks are just a few keywords that are changing the way and quality of life. However, this development also brings with it a number of challenges that people often do not immediately grasp, but which may well conflict with their interests.

Our research group is engaged in the development and analysis of security concepts that protect from all types of potential attackers on such systems. We are also interested in the development of technologies that promote data protection in order to protect privacy in the digital world. Finally, we develop protocols and algorithms to secure the underlying infrastructures for communication and computation.

We are part of KASTEL - Research for more security.

Head of Group Prof. Dr. Strufe


Video of 'Bonner Tage der Demokratie'

The video of our opening panel at 'Bonner Tage der Demokratie' is online. Thanks for a very nice discussion (in German) with Lorena Jaume-Palasí, Katharina Mosene, Rebekka Weiß, Ulrich Kelber, and Jan Schallaböck - moderated very professional by Ute Lange - about giving up fundamental rights to use online services. - Prof. Strufe

video link
Paper accepted at 'USENIX Security 2021'

Our paper “Inexpensive Brainwave Authentication: New Techniques and Insights on User Acceptance” has been accepted for presentation at the 30th USENIX Security Symposium. In this research, we explore and evaluate different brain biometric techniques to authenticate users with consumer BCI tools and investigate user perceptions towards accepting such technologies. Our results show that it is feasible to recognize users based on brain responses to images. With regard to adoption, users call for simpler devices, faster authentication, and better privacy.

Strufe at 'Bonner Tage der Demokratie'

Thorsten Strufe is a discussion guest at the 'Bonner Tage der Demokratie' (engl. Bonn Days of Democracy).

On May 4, starting at 7 p.m., he will speak in the opening panel about fundamental rights in relation to social media.

New Book

"Tactile Internet" is on the shelves of your (online) bookstore since March 22! Thanks to our co-authors!

Save the date!

We are proud to announce the opening talk for our “Distinguished Lecture Series in Cybersecurity” on June 11th! Prof. Johannes Buchmann will speak about Sustainable Cybersecurity and Privacy. #KASTEL

Job Offer

We offer 2 PhD positions in the field of privacy and machine learning to start in May 2021. The positions are based at our lab in Karlsruhe and UPC (Barcelona). Funded by BMBF (Project Propolis, with EURECOM, SAP and Urban Institue) and FundlaCaixa.

Article on k-anonymity

Prof. Strufe commented on Google's move away from conventional marketing to data collection via FLoC.

You can find the article on heise.de linked below.

Furthermore, Deutschlandfunk also talked to Prof. Strufe about this topic.

german article on heise.de
Talk at University of Zurich

Prof. Dr. Thorsten Strufe will give a talk titled ProMACs: Leveraging the Streaming Paradigm to Improve Integrity without Transmission Cost at the Ifl Colloquium at the University of Zurich on May 27th this year.

The program of the colloquium can be found here.


The webpage of the Practical IT Security (PS) department is still under construction.

We ask for a little patience. If you have any questions, please contact our webpage assistant

Jennifer von Olnhausen.

Paper accepted at IEEE S&P 2020

Our article "Browsing Unicity: On the Limits of Anonymizing Web Tracking Data" (Clemens Deusser, Steffen Passmann and Thorsten Strufe) has been accepted for presentation at the IEEE S&P ("Oakland")! In the paper we examine the "anonymizing methods" commonly used by industry and show that they are largely ineffective even when applied to an extent that essentially destroys all utility of web tracking data. Using the example of a data set of a large European audience measurement provider, we show that the claim that "coarsening" leads to de-identified data sets is nonsense, since even in extreme cases anonymity is not achieved. Clemens Deusser will present the article at the IEEE S&P in May 2020, congratulations Clemens and Steffen!

Paper accepted at IEEE S&P 2020

Our article "Breaking and (Partially) Fixing Provably Secure Onion Routing" (Christiane Kuhn, Martin Beck and Thorsten Strufe) has been accepted for presentation at IEEE S&P ("Oakland")! In the paper we identify a vulnerability in a lightweight anonymization system ("HORNET") which was previously considered to be proven secure. We then find a vulnerability in the underlying packet format SPHINX, which is also used for other anonymization services. Finally, we find that the evidence framework of Camenish and Lysyanskaya used in both cases is flawed and fix the found bugs to share. Christiane Kuhn presents the article at the IEEE S&P in May 2020. Congrats, Christiane and Martin!