News | UCS

EICC 2026 at Darmstadt University of Applied Sciences

Tue, 21 Apr 2026 00:00:00 +0000

From 17 to 18 June, we will be hosting EICC 2026 at Darmstadt University of Applied Sciences. The final program is now available. Details

ATHENE Usable Security and Privacy Lab

Thu, 25 Sep 2025 00:00:00 +0000

Participation welcome: Launch of the ‘ATHENE Usable Security and Privacy Lab’ at h_da

At the beginning of October, the ‘ATHENE Usable Security and Privacy Lab’ (USP Lab) began its work at h_da. The lab is run by the User-Centered Security working group and supported by the National Research Center for Applied Cybersecurity ATHENE. Researchers and students at h_da can use the lab for projects and studies on the usability of security and privacy related technologies. The focus lies on questions of how security and privacy technologies can be designed to support users in making informed decisions and effectively protect their personal data. This includes, for example, the comprehensible presentation of privacy policies or transparent cookie banners that openly explain which data are processed and in what form when using an application. Research into user behaviour is also of great interest, for example regarding trust in AI tools and the information users may reveal.

The USP Lab has comprehensive technical resources and offers methodological support to investigate such issues, for example through usability tests on PCs or mobile devices, user interviews, surveys, eye tracking and more. The laboratory is located in building D19, room 02.12, and can also be used for teaching purposes. Researchers who are not members of ATHENE can request to use the USP Lab at any time. The laboratory website also provides detailed explanations and instructions. If required, the team will be happy to assist you with individual methodological consultation. In addition, the website provides all the necessary information on booking the laboratory and the available equipment. If you have any questions, please contact us (usp-lab@h-da.de).

Two papers accepted at ISC 2025

Wed, 03 Sep 2025 00:00:00 +0000

Two papers from our working group have been accepted at ISC 2025.

Our first paper “Simulation-based Software Leakage Evaluation for the RISC-V Platform” by Nicolai Schmitt, Jannik Zeitschner (Ruhr Universität Bochum) and Andreas Heinemann extends a tool (PROLEAD_SW) for the RISC-V platform in order to detect leakage.

Our second paper “A Lot of Data and Added Complexity. How Does PQC Affect the Performance of My TLS Connection?” by Johanna Henrich, Nicolai Schmitt, Nouri Alnahawi and Andreas Heinemann investigates the TLS handshake performance when using PQC schemes.

PIONEER project presents current investigations and publications

Mon, 25 Aug 2025 00:00:00 +0000

The ATHENE research project PIONEER was featured at the 29th International Conference Information Visualisation held on August 07, 2025 in Darmstadt. The conference brought together leading experts from academia and research institutions to discuss the latest developments in information visualisation, machine learning, and data science.

During the event, Sara Hahn presented the latest research investigations and publications on PIONEER’s innovative Digital Privacy Companion. In her talk, Sara Hahn provided a comprehensive overview of the project’s theoretical foundations and research methodology, while also showcasing current investigations, findings, and recent publications.

The PIONEER project is part of ATHENE’s mission to advance cybersecurity and privacy research with practical solutions that can be transferred into real-world applications.

Sara Hahn presenting the poster on Day 2 of the IV2025 Conference. Image © IV2025

Wir begrüßen Fabian im Team

Tue, 01 Apr 2025 00:00:00 +0000

Wir freuen uns, dass Fabian Seidl zum 01.04. unsere Gruppe verstärkt. Fabian hat einen Master in Computer Science und wird im Projekt SATURN gemeinsam mit Johanna Fragestellungen rund um PQC und QKDN untersuchen.

Willkommen, Fabian.

Nationale Konferenz IT-Sicherheitsforschung 2025

Sun, 16 Mar 2025 00:00:00 +0000

UCS will present the results of the DemoQuanDT research project in a poster session at the “National Conference IT Security Research 2025 - IT Security and Democracy” in Berlin, which is being hosted by the German Federal Ministry of Education and Research (BMBF).

The presentation will be based on a poster entitled “Confidential and authenticated key forwarding in QKD networks,” which has been accepted for the poster pitch on March 18, 2025. The central inquiry concerns the extent to which security and performance can be assured for key forwarding in extensive, interconnected QKD networks. The technology is poised to facilitate secure transmission of messages, that is, confidentiality and authentication. In contradistinction to the asymmetric cryptographic approaches currently employed, the security of the QKD system is expected to withstand the threat posed by quantum computers.

The poster was authored by Johanna Henrich. Her research focuses on key establishment in QKD networks and the potential for integrating QKD and PQC to ensure quantum-safe and high-performance communication. The research is conducted in close collaboration with the danet research group led by Prof. Dr Martin Stiemerling.

Image ©: National Conference IT Security Research 2025

PIONEER project presents current results

Thu, 21 Nov 2024 00:00:00 +0000

UCS recently participated in the ATHENE-Conference on Cognitive Security, held on November 19, 2024, at the historic Jügelhaus in Frankfurt am Main. The event gathered experts from academia, media, and politics to address the pressing challenges posed by cognitive attacks in the digital age. In addition to interesting talks and an insightful panel discussion, several projects were presented in the demo sessions.

Sara Hahn had the opportunity to present the ATHENE project PIONEER’s mobile prototype during the demo sessions with her project colleagues from the TU Darmstadt. The conference guests could explore the prototype’s features, such as lessons and quizzes about privacy, or compare applications regarding their privacy friendliness.

Within our project PIONEER, we strive to empower users in their digital sovereignty by providing them with the necessary knowledge and motivating them to acquire and apply competencies in their everyday digital lives.

The PIONEER Team. Image © Catharina Frank

Conference Impressions. Image © Catharina Frank

IETF Meeting 121 in Dublin

Thu, 24 Oct 2024 00:00:00 +0000

UCS took part in the 121st meeting of the Internet Engineering Task Force (IETF) in Dublin from 2.-8. November 2024. The IETF develops standards and best practices for the Internet and thus has a significant influence on its design.

Among other things, Johanna Henrich led a project group together with the danet research group of Prof. Dr. Martin Stiemerling. The project was part of the Hackathon, which took place from 2.-3. November. The aim was to find out how the interfaces in Quantum Key Distribution Networks (QKDN) can be designed and how quantum-resistant protection of their communication can be achieved. Read more in our final presentation.

In addition, Johanna Henrich participated in various IETF and IRTF working group sessions throughout the week to answer questions such as how post-quantum cryptography (PQC) and QKD, individually and in hybrid form, can be integrated into the existing Internet infrastructure.

Image ©: Johanna Henrich

Rump Session at ECOC 2024

Thu, 24 Oct 2024 00:00:00 +0000

On 24 September 2024, Johanna Henrich accepted an invitation to take part in a rump session at the European Conference on Optical Communication (ECOC) 2024. The session dealt with the pros and cons of post-quantum cryptography and quantum key distribution, and the extent to which they can be used in combination to reliably protect us from future attacks by quantum computers.

ECOC is Europe’s leading conference on optical communications with representatives from science and research. It consists of a broad exhibition and a parallel conference and took place this year from 22 to 26 September in Frankfurt am Main.

Image ©: ECOC 2024 IMPRESSIONS

Wir begrüßen Sara im Team

Wed, 16 Oct 2024 00:00:00 +0000

Wir freuen uns, dass Sara Hahn zum 1.10. unsere Gruppe verstärkt. Sara hat einen Master in Psychologie und wird sich im Projekt PIONEER mit psychologischen Bedürfnisse der Nutzer im Kontext von Privatsphäre und Vertrauen im Internet befassen.

Willkommen, Sara.

Unser Beitrag auf dem Usable Security and Privacy Workshop (MuC 2024)

Wed, 28 Aug 2024 00:00:00 +0000

Unser Beitrag “Pass auf! - Child-Oriented Cyber Safety & Security Educational Content” von Karen Bopp, Andreas Heinemann und Karen Renaud wird am 3. September auf dem 10. Usable Security und Privacy Workshop am KIT in Karlsruhe im Rahmen der Konferenz “Mensch und Computer 2024” vorgestellt.

Diese Arbeit basiert auf den Ergebnissen der Masterarbeit von Karen Bopp.

2 Jobs for Student Assistants

Tue, 30 Jul 2024 04:12:53 +0000

Wir bieten zwei Stellen für studentische Hilfskräfte. Obwohl beide Tätigkeiten einen Bezug zu IT-Sicherheit und unserem Forschungsfeld Quantum Key Distribution Networks haben, unterscheiden sich die Aufgaben stark. Wenn Du Dinge gut Ordnen und Strukturieren kannst und ein kleines Organisationstalent bist, kannst du gerne versuchen, für Ordnung in unseren Literaturdschungel zu sorgen. Wenn du eher Typ Programmierer und Tüftler bist, darfst Du dich an unseren Prototypen wagen.

Unten findest Du die Links zu unseren Angeboten. Melde Dich bei Interesse gerne per Mail bei Johanna Henrich.

Wir freuen uns auf Dich.

English:

We offer two positions for student assistants. Although both jobs are related to IT security and our research area Quantum Key Distribution Networks, the tasks are quite different. If you are good at organizing and structuring things and have a talent for keeping things tidy, you are welcome to try to keep our literature jungle in order. If you are more of a programmer and tinkerer, you can try your hand at our prototype.

Below you will find the links to our offers. If you are interested, please send an email to Johanna Henrich.

We are looking forward to hearing from you.

2 neue Themen für Abschlussarbeiten online (DE)

Tue, 23 Jan 2024 04:12:53 +0000

In Kooperation mit der DB Systel bieten wir die folgenden zwei Abschlussarbeiten an

Paper accepted at ISC 2023

Wed, 11 Oct 2023 00:00:00 +0000

Our paper “Performance Impact of PQC KEMs on TLS 1.3 under Varying Network Characteristics” by Johanna Henrich, Andreas Heinemann, Alexander Wiesmaier and Nicolai Schmidt will be presented at the 26th Information Security Conference (ISC) (ISC - 2023) on November 15/16/17th 2023, Groningen, Netherlands.

This work is based on the results of Johanna Henrichs’s Master’s thesis.

9. Usable Security and Privacy Workshop

Tue, 29 Aug 2023 00:00:00 +0000

On Sept. 03, 2023, the 9th Usable Security and Privacy Workshop will take place as part of the Mensch und Computer 23 in Rapperswil (SG). Andreas Heinemann is one of the co-organisers of this workshop.

Workshop on crypto-agility and migration

Tue, 01 Aug 2023 00:00:00 +0000

We will host a workshop on crypto-agility and migration on September 19, 2023. Details

UCS@1st Research Day / FBI

Wed, 12 Jul 2023 00:00:00 +0000

An article about the research day can be found here

Best Poster Award at EICC 2023

Thu, 15 Jun 2023 00:00:00 +0000

Our poster contribution to the EICC2023 titled “Crytpo-agile Design and Testbed for QKD-Networks” by Johanna Henrich, Andreas Heinemann, Martin Stiemerling & Fabian Seidl was honored with the best poster award.

Group photo

Johanna

👏👏

Article in Steinbeis Transfer Magazine

Tue, 24 Jan 2023 00:00:00 +0000

Title

Good Usability Delivers Tighter Security

Abstract

The modern world of work would be almost inconceivable without the support of IT systems. Connected systems and IT solutions also continue to make inroads into our private lives. Consider, for example, intelligent heating controls (smart home systems), which have gained in importance in the current energy crisis. This trend is being accelerated by more and more people coming into direct contact with IT solutions. Among other areas, Professor Dr. Andreas Heinemann (Darmstadt University of Applied Sciences/InCUPS, his Steinbeis Transfer Center for Internet Communication, Usability, Privacy, and Security) specializes in IT security and usability. This involves investigating how to mitigate cyber risk.

Paper accepted at FPS - 2022

Wed, 23 Nov 2022 00:00:00 +0000

Our paper “Towards a maturity model for crypto-agility assessment” by Julian Hohm, Andreas Heinemann and Alexander Wiesmaier will be presented at the 15th International Symposium on Foundations & Practice of Security (FPS - 2022) on December 12/13/14th 2022, Ottawa, Canada.

This work is based on the results of Julian Hohm’s Master’s thesis. Check out more details on CAMM.

2. Platz beim CAST-Förderpreis IT-Sicherheit 2022 (DE)

Tue, 11 Oct 2022 00:00:00 +0000

Am 10. Oktober fand die Finalrundes des CAST-Förderpreises IT-Sicherheit 2022 im Rahmen des Cybersicherheitsgipfel Hessen in Wiesbaden statt. Johanna Henrich belegte mit Ihrer Arbeit “Performanz Evaluation von PQC in TLS 1.3 unter variierenden Netzwerkcharakteristiken” den 2. Platz in der Kategorie “Beste Masterarbeiten”. Herzlichen Glückwunsch.

Zur Meldung des CAST e.V.

Studentische Hilfskraft im Bereich PQC-Migration gesucht (DE)

Sun, 25 Sep 2022 04:12:53 +0000

Weitere Details.

UCS ist mit Projekt ELITE auf der Hannover Messe (DE)

Thu, 26 May 2022 06:20:43 +0000

Hier geht es zum Blockbeitrag bei der Transferstelle IT-Sicherheit im Mittelstand.

David Konczewski verteidigt erfolgreich seine Masterarbeit (DE)

Wed, 25 May 2022 03:49:13 +0000

Im Rahmen des Abschlusskolloquiums hat Herr David Konczewski erfolgreich die Ergebnisse seiner Masterarbeit mit dem Titel “Privatsphären-/ und Benutzbarkeits-fördernde Softwareentwicklungsprozesse für kleine und mittelständische Unternehmen” vorgestellt und verteidigt. Herzlichen Glückwunsch.

Zusammenfassung / Abstract

Kleine und mittelständische Unternehmen (KMU) sind auf die Untersuchungen von Methoden und Entwicklungsprozessen für die Softwareentwicklung angewiesen, um mit ihren verfügbaren Ressourcen für ihre Endbenutzer zufriedenstellende Anwendungen zu entwickeln. Dafür sind Methoden zur Integration von Sicherheit, Privatsphäre und Benutzbarkeit zentraler Bestandteil. Wie die Arbeit von Bender et al. durch eine Untersuchung der Publikationen zeigt, liegen aktuell keine Softwareentwicklungsprozesse vor, die sowohl für KMU geeignet sind als auch die Integration der drei Kriterien - Sicherheit, Privatsphäre sowie Benutzbarkeit - fördern. Diese Masterarbeit möchte diesem Umstand durch den Vorschlag eines privatsphären- und benutzbarkeitsfördernden Softwareentwicklungsprozess für KMU entgegenwirken.

Zu diesem Zweck werden ausgehend von der Arbeit von Bender et al. die Ansätze aus der Literatur betrachtet, um so geeignete Prozesse und Methoden für die Integration der drei Kriterien in einen Softwareentwicklungsprozess zu identifizieren. Zur Ermittlung der tatsächlich eingesetzten Methoden, Prozesse sowie möglicher Anforderungen an einen Softwareent- wicklungsprozess aus Sicht von KMU werden Softwareentwickler aus eben diesen in Form von Interviews befragt. Die Erkenntnisse aus der Literaturrecherche sowie der Interviews mit den Entwicklern der KMU werden im Anschluss zusammengeführt.

Die Interviews zeigen, dass KMU zwar nur in Ausnahmefällen besondere Anforderungen an einen Softwareentwicklungsprozess stellen, jedoch einer großen Diversitiät von Projekten begegnen. Diese lassen die sinnvolle Formulierung eines allgemeingültigen Softwareentwicklungsprozesses mit konkreten Methoden und Techniken nicht zu, da die Wahl der geeigneten Methoden in starker Abhängigkeit von den Projekten und deren konkreten Kontext zu treffen ist.

Damit die KMU in der Lage sind, geeignete Methoden in ihren Softwareentwicklungsprozess zu integrieren, werden im Ergebnis dieser Masterarbeit 14 Grundsätze formuliert. Diese Grundsätze können von den Unternehmen als Leitlinie für die Integration von Sicherheit, Privatsphäre und Benutzbarkeit genutzt werden. Dabei werden die Grundsätze aus den Methoden und Empfehlungen der Literatur sowie den von den KMU eingesetzten Methoden extrapoliert. Die Grundsätze werden in das kombinierte Prozessmodell eingeordnet, welches sich aus der Beschreibung der Softwareentwicklungsprozesse durch die Interview-Teilnehmer ergibt.

Paper accepted at EICC 2022

Thu, 05 May 2022 00:00:00 +0000

Our paper “cryptolib: comparing and selecting cryptography libraries” by Jan Wohlwender, Rolf Huesmann, Andreas Heinemann and Alexander Wiesmaier will be presented at the European Interdisciplinary Cybersecurity Conference 2022 (EICC 2022) on June 15/16.

This work is based on the results of Jan Wohlwender’s Master’s thesis. Jan completed his Master’s programme at the Department of Computer Science with a focus on IT security.

8. Usable Security und Privacy Workshop (DE)

Sat, 30 Apr 2022 00:00:00 +0000

Am 04. Sept. 2022 findet der 8. Usable Security und Privacy Workshop im Rahmen der Mensch und Computer 22 in Darmstadt statt. Andreas Heinemann ist einer der Co-Organisatoren dieses Workshops.

First Workshop of the EUT+ European Telecommunications and Networks Institute

Wed, 16 Mar 2022 00:00:00 +0000

On 15.03.2022 UCS took part in the first Workshop of the EUT+ European Telecommunications and Networks Institute. The aim of this workshop was to offer an opportunity to all EUT+ partners to present their research activities related to Technologies and Services for Telecommunications.

We contributed our research activities on PQC and network issues, especially the results of Johanna’s master thesis.

CAMM presentation at it-sa 365 on March 15, 2022

Fri, 11 Feb 2022 00:00:00 +0000

Title

Towards a maturity model for crypto-agility assessment

Abstract

The Crypto-Agility Maturity Model (CAMM for short), a maturity model for determining the crypto-agility of a particular software or IT landscape, is presented. CAMM consists of five levels, and for each level a set of requirements have been formulated based on existing crypto-agility literature that apply at that level. With the help of CAMM, organizations should be able to better prepare for potential threats that need to be addressed in a timely manner as vulnerabilities in cryptographic processes become known. The requirement for crypto-agility is motivated by the potential threat posed by powerful quantum computers.

Date and Format

15.03.2022, 13:45h
Online. Details at it-sa 365