Welcome at the Chair of IT Security
We work on all aspects of technical data protection and network and IT security. We are primarily interested in privacy, i.e. the protection of individuals against the misuse of their data.
Over the past decades, digital technologies have developed rapidly. The advent of digital transformation and the interconnectivity of all areas of life opens up a wealth of new possibilities. Autonomous networked vehicles, cloud computing, industry 4.0, virtual reality with haptic feedback, online banking or social networks are just a few keywords that are changing the way and quality of life. However, this development also brings with it a number of challenges that people often do not immediately grasp, but which may well conflict with their interests.
Our research group is engaged in the development and analysis of security concepts that protect from all types of potential attackers on such systems. We are also interested in the development of technologies that promote data protection in order to protect privacy in the digital world. Finally, we develop protocols and algorithms to secure the underlying infrastructures for communication and computation.
On February 3, Thorsten Strufe will give his inaugural lecture, entitled "Privacy and freedom or surveillance and censorship in web and mobile apps? (Thorsten Strufe -- from Hamburg to Karlsruhe, with small detours)" in the context of the semester colloquium of the Faculty of Informatics at KIT.
Everybody is cordially envited! :-)
Update: The slides of the lecture can be found here.
Thorsten Strufe is giving an invited lecture on the tactile Internet at the New Year's Reception at the University of Jena on January 8.
Our article "Browsing Unicity: On the Limits of Anonymizing Web Tracking Data" (Clemens Deusser, Steffen Passmann and Thorsten Strufe) has been accepted for presentation at the IEEE S&P ("Oakland")! In the paper we examine the "anonymizing methods" commonly used by industry and show that they are largely ineffective even when applied to an extent that essentially destroys all utility of web tracking data. Using the example of a data set of a large European audience measurement provider, we show that the claim that "coarsening" leads to de-identified data sets is nonsense, since even in extreme cases anonymity is not achieved. Clemens Deusser will present the article at the IEEE S&P in May 2020, congratulations Clemens and Steffen!
Our article "Breaking and (Partially) Fixing Provably Secure Onion Routing" (Christiane Kuhn, Martin Beck and Thorsten Strufe) has been accepted for presentation at IEEE S&P ("Oakland")! In the paper we identify a vulnerability in a lightweight anonymization system ("HORNET") which was previously considered to be proven secure. We then find a vulnerability in the underlying packet format SPHINX, which is also used for other anonymization services. Finally, we find that the evidence framework of Camenish and Lysyanskaya used in both cases is flawed and fix the found bugs to share. Christiane Kuhn presents the article at the IEEE S&P in May 2020. Congrats, Christiane and Martin!
Thorsten Strufe is giving an invited lecture at TU Graz on the topic "On the Limits of 'Anonymizing' Web Tracking Data by Generalization" on December, 18th.https://www.tugraz.at/fileadmin/user_upload/Fakultaeten/ETIT/PDF/Ankuendigung_GV14_T-Strufe_448-12-19.pdf
Thorsten Strufe is giving an invited lecture at the University of Kiel on the topic "On Privacy Notions in Anonymous Communications" on December 13.
Thorsten Strufe is giving an invited lecture, entitled "On the Limits of 'Anonymizing' Web Tracking Data by Generalization" at UC Irvine, on Dec. 9th.
Patricia Cabarcos is presenting our paper "'I don’t see why I would ever want to use it': Analyzing the Usability of Popular Smartphone Password Managers" at ACM CCS in London, on Sept. 14th!
Thorsten Strufe is holding an invited talk at the final ENCASE Workshop “Cybersafety: Threats and Intelligent Parental Advice Tools for Protection in Social Networks”, entitled "On the Limits of 'Anonymizing' Web Tracking Data by Generalization" on October 18th.