UCS Publications | UCS

A Lot of Data and Added Complexity. How Does PQC Affect the Performance of My TLS Connection?

Mon, 15 Sep 2025 05:01:40 +0000

Abstract

In a previous study, Henrich et al. (ISC ‘23) demonstrate how TLS handshake performance is affected not only by different Post Quantum Cryptography (PQC) Key Encapsulation Mechanisms KEMs and security levels, but also by varying physical network conditions. In particular, they show that prior to selecting a PQC scheme replacement for TLS, it is important to conduct an analysis of the anticipated network conditions for applications that require a high level of responsiveness. In this paper, we build upon the afore mentioned work and complement the previous experiments to include digital signature PQC schemes and hybrid variants, as well as various compositions of certificate chains. Moreover, an analysis is conducted on the effects of deploying real physical servers and varying the underlying network stack configuration. Our results show that incorporating PQC signature schemes does not negatively impact the overall transmission time as substantially as poor network conditions. However, operating at high security levels frequently results in delays using PQC schemes. These findings are consistent across hybrid schemes as well. We conclude that migrating TLS to PQ-only or hybrid usage can generally be undertaken with a high degree of confidence. However, considering suboptimal network conditions or the use of higher security levels, a cautious transition is recommended. In such cases, the configuration of certificate chains or increasing the TCP Congestion Window might prove beneficial.

Simulation-based Software Leakage Evaluation for the RISC-V Platform

Mon, 15 Sep 2025 05:01:40 +0000

Abstract

Side-channel attacks are critical as they, despite the mathematical security of the algorithm, break the security assumption that private data stays hidden from the adversary. Developing secure hardware can be expensive, as multiple iterations of prototyping may be required to achieve a satisfactory level of security against side-channel attacks. Currently, the fairly new and open-source CPU-platform RISC-V is gaining traction by entering the IoT- and consumer market and also gains interest in security oriented projects such as OpenTitan. In case of security-critical applications, especially when the hardware is exposed to third party, the implementations of cryptographic algorithms must be secure against side-channel attacks. For the RISC-V platform currently only a small number of tools exist to assess the probing security. Further, we could identify a lack of simulation-based tooling to do so, with the ability to analyze larger implementations as e.g., full ciphers. To address this demand, we use PROLEAD_SW as a starting point and extend it to support the RISC-V platform. By analyzing micro-architectural leakage effects on the RISC-V platform we show that the CPU-independent leakage model used by PROLEAD_SW for the ARM architecture is suitable for the RISC-V platform. To verify the correctness of the new tooling, test-vectors are executed with the new tooling. In a final step, the performance of the new tooling is compared to the performance of the original version of PROLEAD_SW by analyzing two masked AES C implementations with both tools.

DemoQuanDT: a carrier-grade QKD network

Mon, 04 Aug 2025 05:01:40 +0000

Abstract

Quantum key distribution networks (QKDNs) enable secure communication even in the age of powerful quantum computers. In the hands of a network operator, which can offer its service to many users, the economic viability of a QKDN increases significantly. The highly challenging operator–user relationship in a large-scale network setting demands additional requirements to ensure carrier-grade operation. Addressing this challenge, this work presents a carrier-grade QKDN architecture, which combines the functional QKDN architecture with the operational perspective of a network operator, ultimately enhancing the economic viability of QKDNs. The focus is on the network and key management aspects of a QKDN while assuming state-of-the-art commercial QKD modules. The presented architecture was rolled out within an in-field demonstrator, connecting the cities of Berlin and Bonn over a link distance of 923 km across Germany. We could show that the proposed network architecture is feasible, integrable, and scalable, making it suitable for deployment in real-world networks. Overall, the presented carrier-grade QKDN architecture promises to serve as a blueprint for network operators providing QKD-based services to their customers.

How to Respect Bystanders' Privacy in Smart Homes - A Co-Creation Study

Wed, 16 Oct 2024 05:01:40 +0000

Abstract

As technology advances, homes become more digitalized and evolve into smart homes. Bystanders, e.g. guests in smart homes, are often unaware of the smart home devices and the associated privacy risks that make them especially vulnerable. However, so far there is limited research on how the guests can be made aware of smart home devices in the household and how their resulting privacy preferences can be addressed while respecting the smart home owners’ preferences as well. To close this gap, we conducted three co-creation workshops with ten participants (N=10) developing various design solutions. Through a thematic analysis of our data, we identified design solutions for smart home devices and beyond, like higher-level applications for regulating privacy and inherent responsibility. We recommend a multi-modal approach focusing not only on the design of the devices but also on the higher-level management of privacy in smart homes.

Pass auf! - Child-Oriented Cyber Safety & Security Educational Content

Mon, 26 Aug 2024 05:01:40 +0000

Abstract

A significant number of online users are underage. Hence, their caregivers and the children themselves should know how to keep themselves safe and secure online. Our aim is to understand which cyber risks children and parents identify through independent research, whether these cyber risks are in line with the state of research and official recommendations and whether risk informed learning materials for children, parents and teachers would be beneficial. We identified a list of cyber risks that affect children online. We examined German advisory websites and research publications to determine coverage of these. We then developed a website to provide comprehensive coverage specifically for German children, which we evaluated with a sample of children, their parents and teachers. German advisory websites, official bodies and researchers do not agree on what is considered a cyber risk for children. Researchers mention many risks that are not mentioned by advisory websites. Targeted risk-informed learning content should improve the situation. This research is a first step towards providing German children, their parents, and teachers with coherent, up-to-date and easily understandable advice about online safety and security risks and the mitigations that can be used to prevent them. More cooperation between stakeholders is urgently needed ensure children are protected.

IT-Sicherheit aus Nutzerinnen- und Nutzersicht

Thu, 01 Aug 2024 00:00:00 +0000

PMMP-PQC Migration Management Process

Sun, 16 Jun 2024 05:02:36 +0000

Abstract

Organizations have to plan on migrating to quantum-resilient cryptographic measures, also known as PQC. However, this is a difficult task, and to the best of our knowledge, there is no generalized approach to manage such a complex migration for cryptography used in IT systems that explicitly integrates into organizations’ steering mechanisms and control systems. We present PMMP, a risk-based process for managing the migration of organizations from classic cryptography to PQC and establishing crypto-agility. Having completed the initial design phase, as well as a theoretical evaluation, we now intend to promote PMMP. Practitioners are encouraged to join the effort in order to enable a comprehensive practical evaluation and further development.

Ways for confidential and authenticated hop-by-hop key establishment in QKDN

Tue, 16 Apr 2024 04:47:14 +0000

Abstract

Asymmetric cryptography, specifically key exchange and digital signatures, enables secure digital communication. However, sufficiently powerful Quantum Computers, which could be available within a few years , would be able to break classical primitives like Elliptic-Curve Diffie–Hellman (ECDH) and RSA in polynomial time. Moreover, the „harvest-then-decrypt“-attack poses the danger that stored encrypted data can be decrypted later. Thus, alternative approaches are urgently needed. Besides Post Quantum Cryptography (PQC), which is based on mathematical problems, Quantum Key Distribution (QKD) uses quantum effects, to establish keys in an information-theoretically secure way. Nevertheless, there are no reliable QKD modules that bridge distances of more than 150 km. Therefore, a QKD Network (QKDN) uses a concatenation of QKD links. End users are connected to each other via a series of QKD nodes performing a hop-by-hop key forwarding. All nodes involved have access to the final shared secret. If a node cannot be trusted the security of the system is no longer guaranteed. Physical protection or key hybridization can mitigate this risk, where hybridization refers to the combination of QKD and PQC. By using both schemes appropriately, the security objectives are met as long as at least one of the schemes used has not been compromised. Nonetheless, there is a lack of concrete concepts and analyzes to enable a secure and efficient key forwarding process. In the following, ’secure’ implies the security objectives of confidentiality and authenticity. ’Efficient’ refers to the time taken to complete the process, the amount of data transferred and the amount of computing required. The analyses available often only consider specific sub-processes, e.g., forwarding between two directly adjacent nodes. The integration into the entire system and its resulting effects are disregarded. A systematic comparison of different options is missing. When implementing a QKDN, it is unclear which variant is suitable for one’s own intentions. This PhD project aims to address the problem by defining the key establishment process, analyzing security requirements, designing and implementing corresponding schemes, and evaluating these approaches.

On Criteria and Tooling for Cryptographic Inventories

Tue, 09 Apr 2024 05:01:40 +0000

Abstract

When cryptography becomes insecure, a migration to new schemes is required. Often the migration process is very complicated, but the time available is very limited. Only if the used cryptographic algorithms, protocols and configurations are known can a system be efficiently and fully adapted to changed security situations. This creates the need for a crypto-inventory that gathers this knowledge. Consequently, the question arises what criteria a crypto-inventory must fulfill to support this adaptation. It also highlights the need for tools to assist compilation. We therefore conducted a literature survey and extracted key requirements. Missing content was supplemented by expanding existing requirements or adding new ones. Furthermore, appropriate metrics were assigned to assess the fulfillment of the requirements for a certain crypto-inventory implementation. Regarding the tooling, we identified five major areas of interest — installed software, connected hardware, communication, stored data and source code scanning — and provide prototypes for semi-automatic creation of crypto-inventories for three of them. This provides organizations with a starting point to understand their cryptographic landscape as a prerequisite for crypto-agility and crypto-migration. However, theoretical design and prototypes have not yet been evaluated. This will be done as a follow-up to this work. All types of organizations are invited to participate.

Toward Next Generation Quantum-Safe eIDs and eMRTDs: A Survey

Sat, 16 Mar 2024 05:00:48 +0000

Abstract

Security mechanisms of Electronic Personal Documents (eCards) depend on (asymmetric) cryptography that is and always has been subject to the threat of compromise, be it from conventional attacks or quantum computers. With Post-Quantum Cryptography (PQC), we now have alternative building blocks at hand that can be leveraged to protect against both kind of attacks. Thus, PQC should be incorporated into eCard ecosystems, yet it is not clear how this is done best. In the work at hand, we review the state of currently used crypto-systems for eCard security, as well as their possible quantum-secure replacements. Further, we identify and categorize respective challenges that need to be addressed, present and assess existing approaches for their solution, and formulate research questions for open issues. By providing an overview of the situation, we help unraveling the issue and pave the way toward quantum-safe electronic Identity Documents and electronic Machine-Readable Travel Documents.

Performance Impact of PQC KEMs on TLS 1.3 Under Varying Network Characteristics

Fri, 16 Jun 2023 05:00:35 +0000

Abstract

Widely used asymmetric primitives such as RSA or Elliptic Curve Diffie Hellman (ECDH), which enable authentication and key exchange, could be broken by Quantum Computers (QCs) in the coming years. Quantum-safe alternatives are urgently needed. However, a thorough investigation of these schemes is crucial to achieve sufficient levels of security, performance, and integrability in different application contexts. The integration into Transport Layer Security (TLS) plays an important role, as this security protocol is used in about 90% of today’s Internet connections and relies heavily on asymmetric cryptography. In this work, we evaluate different Post Quantum Cryptography (PQC) key establishment schemes in TLS 1.3 by extending the framework of Paquin et al.. We analyze the TLS handshake performance under variation of network parameters such as packet loss. This allows us to investigate the suitability of PQC KEMs in specific application contexts. We observe that Kyber and other structured lattice-based algorithms achieve very good overall performance and partially beat classical schemes. Other approaches such as FrodoKEM, HQC and BIKE show individual disadvantages. For these algorithms, there is a clear performance decrease when increasing the security level or using a hybrid implementation, e.g., a combination with ECDH. This is especially true for FrodoKEM, which, however, meets high security requirements in general. It becomes clear that performance is strongly influenced by the underlying network processes, which must be taken into account when selecting PQC algorithms.

Crypto-Agile Design and Testbed for QKD-Networks

Thu, 15 Jun 2023 00:00:00 +0000

EICC ‘23 Poster

Towards a maturity model for crypto-agility assessment

Sat, 01 Apr 2023 00:00:00 +0000

cryptolib: comparing and selecting cryptography libraries

Fri, 06 May 2022 00:00:00 +0000

Abstract

Selecting a library out of numerous candidates can be a laborious and resource-intensive task. We present the cryptolib index, a tool for decision-makers to choose the best fitting cryptography library for a given context. To define our index, 15 library attributes were synthesized from findings based on a literature review and interviews with decision-makers. These attributes were afterwards validated and weighted via an online survey. In order to create the index value for a given library, the individual attributes are assessed using given evaluation criteria associated with the respective attribute. As a proof of concept and to give a practical usage example, the derivation of the cryptolib values for the libraries BouncyCastle and Tink are shown in detail. Overall, by tailoring the weighting of the cryptolib attributes to their current use case, decision-makers are enabled to systematically select a cryptography library fitting best to their software project at hand in a guided, repeatable and reliable way.

Towards a maturity model for crypto-agility assessment

Mon, 14 Feb 2022 00:00:00 +0000

On the State of Crypto Agility

Tue, 01 Feb 2022 00:00:00 +0000

Abstract

Cryptographic primitives and protocols require constant modifications and adaptations in order to maintain the security of IT-systems. Many researchers argue that applying the notion of crypto-agility provides more feasible and practical updating of cryptographic systems, especially in the light of the expected transition to PQC. However, there is no unified definition for this notion, nor a common understanding of the requirements that can enable it. Moreover, it is not entirely clear what measures need to be taken in order to apply crypto-agility in practice, and which aspects and challenges exist towards this endeavor. We compare the various definitions of crypto-agility including its requirements and varying facets, and investigate the state of readiness of crypto-agility by surveying works dealing with general challenges and recommendations in this regard. We present the survey and discuss discovered challenges and solutions and utilize our findings to evaluate the state of readiness for crypto-agility.

It is not as simple as that: Playing out password security trainings in order to nudge password changes

Thu, 11 Nov 2021 00:00:00 +0000

Abstract

The COVID-19 pandemic forced a number of companies to place their staff into home office. In terms of security awareness measures, this means that content or training can only be played out remotely. Within this work, we report about a security awareness campaign focusing on password security that was carried out at a German mid-size company (2000 employees). We compare the effect of remotely played out training content on user behavior, i.e, on getting employees to change their password. The first content was directly embedded into an e-mail, the second was compiled on an intranet web page, and the third content was embedded into a video. Password changes were observed solely within the IT backend on the basis of events and timestamps generated by the company’s Active Directory service. For the campaign four representative samples (140 employees per sample) among the staff were selected and assigned to the different training contents. A fourth group served as a control group. During a period of 6 weeks, the content was played out two times. Unexpectedly, the measured password change rate observed was very low. Further, compared to the control group’s behavior, none of the different content formats played out led to significant more password changes. Clearly, the campaign failed according to its aim. Based on our observations, we provide several possible explanations for which there is some evidence from the literature.

On the State of Post-Quantum Cryptography Migration

Wed, 01 Sep 2021 00:00:00 +0000

Abstract

Safeguarding current and future IT security from quantum computers implies more than the mere development of Post-Quantum Cryptography (PQC) algorithms. Much work in this respect is currently being conducted, making it hard to keep track of the many individual challenges and respective solutions so far identified. In consequence, it is difficult to judge, whether all (known) challenges have been sufficiently addressed, and whether suitable solutions have been provided. We present results of a literature survey and discuss discovered challenges and solutions categorized into different areas and utilize our findings to evaluate the state of readiness for a full scale PQC migration. We use our findings as starting point to initiate an open community project in the form of a website to keep track of the ongoing efforts and the state of the art in PQC research. Thereby, we offer a single entry-point for the community into the subject reflecting the current state in a timely manner.

Zur Integration von Post-Quantum Verfahren in bestehende Softwarepodukte

Mon, 01 Mar 2021 00:00:00 +0000

Zusammenfassung

Aktuell werden PQC-Algorithmen standardisiert, um der aufziehenden Gefahr für konventionelle asymmetrische Algorithmen durch Quantencomputer zu begegnen. Diese neuen Algorithmen müssen dann in bestehende Protokolle, Applikationen und Infrastrukturen eingebunden werden. Dabei ist mit Integrationsproblemen zu rechnen, die einerseits durch Inkompatibilitäten mit existierenden Standards und Implementierungen begründet sind, andererseits aber auch durch fehlendes Wissen der Softwareentwickler über die Handhabung von PQC-Algorithmen zustande kommen. Um Inkompatibilitäten beispielhaft aufzuzeigen, integrieren wir zwei unterschiedliche PQC-Algorithmen in zwei verschiedene bestehende Softwareprodukte (InboxPager E-Mail Client und TLS Implementierung der Bouncy Castle Bibliothek). Hierbei setzen wir auf die hoch-abstrahierende Krypto-Bibliothek eUCRITE, die Entwicklern das Detailwissen über die korrekte Verwendung klassischer und PQC-Algorithmen abnimmt und damit bereits einige potentielle Implementierungsfehler vermeidet. Die dabei zutage getretenen Probleme bestätigen teilweise bereits bekannte Inkompatibilitäten, beinhalten aber auch neue, bisher nicht angesprochene Schwierigkeiten.

IT-Sicherheit aus Nutzerinnen- und Nutzersicht

Fri, 01 Jan 2021 00:00:00 +0000

Software Development Processes for ADs, SMCs and OSCs supporting Usability, Security, and Privacy Goals - an Overview

Fri, 01 Jan 2021 00:00:00 +0000

Abstract

Software applications should be secure, usable and privacy-friendly. However, recurring headlines about data leaks in applications show that it is not so easy to develop software that meets these three challenges. Studies show that it is better to think about these challenges during a software development process. Many ideas and approaches exist in the research community that define these challenges as goals within a software development process. In addition, major companies have published their own software development processes and methods addressing these goals in part. But major companies have very different work conditions compared to a work setting faced by an App-Developer (AD), a Small and Medium Company (SMC) and the Open Source Community (OSC) respectively. This leads us to the question: Are work settings of ADs, SMCs, or the OSCs considered sufficiently by research in order to make software development processes with special focus on security, usability and privacy goals work? Therefore we performed a literature review in order to investigate the current state of research. Using an appropriate query, publications relevant for our question were identified and categorised by two independent reviewers.

Our work shows that there are some publications proposing software processes supporting usability goals and taking work settings into account. We were not able to identify any contribution that proposes a software development process which addresses privacy, usability and security goals together and differentiates the work setting of ADs or as found in SMCs and in OSCs respectively.

Zur Benutzbarkeit und Verwendung von API-Dokumentationen

Wed, 01 Jan 2020 00:00:00 +0000

Zusammenfassung

Eine gute Dokumentation ist essenziell für eine gute Benutzbarkeit von (Sicherheits-)APIs, d.h. insbesondere für die korrekte Verwendung der APIs. Anforderungen an eine gute Dokumentation von APIs wurden in mehreren Arbeiten beschrieben, jedoch gibt es bislang keine technische Umsetzung (im folgenden Dokumentationssystem genannt), welche diese Anforderungen umsetzt. Die Anforderungen lassen sich unterteilen in Anforderungen an das Dokumentationssystem und Anforderungen an den Dokumentationsinhalt. Aus 13 identifizierten Anforderungen an ein Dokumentationssystem selbst wurden im Rahmen dieser Arbeit 9 in einen Prototypen umgesetzt und in einer Nutzerstudie mit 22 Probanden unter Verwendung einer kryptografischen API evaluiert. Es hat sich gezeigt, dass die Umsetzung der Anforderung Schnelle Nutzung der API ermöglichen zum einen wesentlich von der Qualität der eingepflegten Inhalte abhängt, zum anderen aber auch 5 weitere der betrachteten Anforderungen bzw. deren Umsetzungen subsumiert. Die zwei weiteren umgesetzten Anforderungen (Klassische Referenz und Rückfragen und Kommentarfunktion) wurden von den Probanden kaum oder nicht eingesetzt. Deren Nützlichkeit und Relevanz sollte in einer Langzeitstudie untersucht werden.

API Usability of Stateful Signature Schemes

Tue, 01 Jan 2019 00:00:00 +0000

Abstract

The rise of quantum computers poses a threat to asymmetric cryptographic schemes. With their continuing development, schemes such as DSA or ECDSA are likely to be broken in a few years’ time. We therefore must begin to consider the use of different algorithms that would be able to withstand powerful quantum computers. Among the considered algorithms are hash-based signature schemes, some of which, including XMSS, are stateful. In comparison to stateless algorithms, these stateful schemes pose additional implementation challenges for developers, regarding error-free usage and integration into IT systems. As the correct use of cryptographic algorithms is the foundation of a secure IT system, mastering these challenges is essential.

Datenschutz muss benutzbar sein

Tue, 01 Jan 2019 00:00:00 +0000

Zusammenfassung

Mit der EU-Datenschutzgrundverordnung sind die Rechte der betroffenen Person ausgeweitet und gestärkt worden. Diese Rechte bilden ein zentrales Prinzip des Datenschutzrechts, indem sie die Selbstkontrolle bei der Verarbeitung personenbezogener Daten ermöglichen. Es ist jedoch zu befürchten, dass Betroffene ihre Rechte in der Praxis nicht wahrnehmen, sofern dies nicht in einfacher Weise geschehen kann. In diesem Beitrag wird vorgeschlagen, die Erkenntnisse aus dem Forschungsgebiet Usable Security and Privacy anzuwenden, um zu benutzerfreundlichen Lösungen für den Datenschutz zu kommen. Dazu wird aufgezeigt, wie in diesem Gebiet diskutierte Konzepte helfen können, den mit den Betroffenenrechten verbundenen Herausforderungen zu begegnen.

Eigenschaften optimierter API-Dokumentationen im Entwicklungsprozess sicherer Software

Tue, 01 Jan 2019 00:00:00 +0000

Zusammenfassung

Hersteller herausgegebenen offiziellen Dokumentationen von Sicherheits-APIs zu lesen. Hingegen bevorzugen sie informelle Dokumentationen, wie sie zum Beispiel auf Q&A Plattformen wie Stack Overflow zu finden sind. Allerdings enthalten Codebeispiele solcher Quellen des Internets oft falschen bzw. aus Sicht der IT-Sicherheit unsicheren Code, welcher oft unreflektiert übernommen wird und letztendlich zu unsicheren Applikationen führt. Diese Arbeit untersucht, welche Eigenschaften eine Dokumentation aus Sicht der Entwickler haben sollte, um sie bei der Erstellung von sicherem Code zu unterstützen. Dazu wurden insgesamt 26 Programmierer in sieben Fokusgruppen über die Vor- und Nachteile beispielhafter, gängiger Dokumentationsarten von APIs befragt. Abschließend wurden die Teilnehmer gebeten, Eigenschaften einer aus ihrer Sicht optimierten API-Dokumentation zu beschreiben. Herausgestellt hat sich, dass eine optimierte Dokumentation viele Beispiele haben sollte. Sie sollte gut strukturiert, durchsuchbar und bei Google leicht auffindbar sein. Weitere wichtige Funktionen wären: Ein Bereich mit Tutorials, eine klassische Referenz und Videos für den schnellen Überblick. Zu jedem Themenbereich sollte es die Möglichkeit für Fragen, Antworten und Diskussionen geben. Durch ein Bewertungssystem sollten gute Lösungen aus der Diskussion in die Beispiele einfließen können. Weiter konnte anhand der Antworten der Probanden ein Interaktionsmuster identifiziert werden, welches das Zusammenspiel der einzelnen Teile einer optimierten API-Dokumentation beschreibt. Auf Basis dieser Erkenntnisse soll in einem nächsten Schritt ein Prototyp entwickelt und seine Wirksamkeit hinsichtlich der Unterstützung im Softwareentwicklungsprozess von sicherheitskritischen Anwendungen evaluiert werden.

Phishing Attack Recognition by End-Users: Concepts for URL Visualization and Implementation

Tue, 01 Jan 2019 00:00:00 +0000

Abstract

Social engineering, through means of phishing, is a very popular entry point for a targeted attack in order to obtain further data on a company or private individual, e.g. by injecting malware on the victim’s machine. A phishing attack that leads to a malicious website can usually be identified by the HTTP link with expert knowledge. However, only very few users pay attention to the link or have the necessary knowledge to recognize a threat as such. This work addresses the question of how current link visualization could be improved so that a user can better identify whether the link points to a phishing site or a legitimate site. Additionally, we also address the question of how our proposed link concepts can be put into practice. As an improvement, the outer shape of a link will be adapted by content-based formatting, trimming and other features. The user will thus be able to interactively explore a URL and its components in order to gain a better decision. As a next step, we plan to evaluate our concepts in a controlled lab environment with few test persons as well as by a large-scale online user-study.

Auf dem Weg zu sicheren abgeleiteten Identitäten mit Payment Service Directive 2

Mon, 01 Jan 2018 00:00:00 +0000

Zusammenfassung

Online-Dienste erfordern eine eindeutige Identifizierung der Benutzer und somit eine sichere Authentisierung. Insbesondere eGovernment-Dienste innerhalb der EU erfordern eine starke Absicherung der Benutzeridentität. Auch die mobile Nutzung solcher Dienste wird bevorzugt. Das Smartphone kann hier als einer der Faktoren für eine Zwei-Faktor-Authentifizierung dienen, um eine höhere Sicherheit zu erreichen. Diese Arbeit schlägt vor, den Zugang und die Nutzung einer abgeleiteten Identität mit einem Smartphone zu sichern, um es dem Benutzer zu ermöglichen, sich auf sichere Weise gegenüber einem Online-Dienst zu identifizieren. Dazu beschreiben wir ein Schema zur Ableitung der Identität eines Benutzers mithilfe eines Account Servicing Payment Service Provider (ASPSP) unter Verwendung der Payment Service Directive 2 (PSD2) der Europäischen Union. PSD2 erfordert eine Schnittstelle für Dritte, die von ASPSPs implementiert werden muss. Diese Schnittstelle wird genutzt, um auf die beim ASPSP gespeicherten Kontoinformationen zuzugreifen und daraus die Identität des Kontoinhabers abzuleiten. Zur Sicherung der abgeleiteten Identität ist der Einsatz von FIDO (Fast Identity Online) vorgesehen. Wir bewerten unseren Vorschlag anhand der Richtlinien von eIDAS LoA (Level of Assurance) und zeigen, dass für die meisten Bereiche das Vertrauensniveau substantiell erreicht werden kann. Um diesem Level vollständig gerecht zu werden, ist zusätzlicher Arbeitsaufwand erforderlich: Zunächst ist es erforderlich, Extended Validation-Zertifikate für alle Institutionen zu verwenden. Zweitens muss der ASPSP sichere TAN-Methoden verwenden. Schließlich kann derWiderruf einer abgeleiteten Identität nicht erfolgen, wenn der Benutzer keinen Zugriff auf sein Smartphone hat, das mit der abgeleiteten ID verknüpft ist. Daher ist ein anderes Widerrufsverfahren erforderlich (z. B. eine Support-Hotline).

Alle reden über Blockchain

Sun, 01 Jan 2017 00:00:00 +0000

Design and Implementation Aspects of Mobile Derived Identities

Sun, 01 Jan 2017 00:00:00 +0000

Abstract

With the ongoing digitalisation of our everyday tasks, more and more eGovernment services make it possible for citizens to take care of their administrative obligations online. This type of services requires a certain assurance level for user authentication. To meet these requirements, a digital identity issued to the citizen is essential. Nowadays, due to the widespread use of smartphones, mobile user authentication is often favoured. This naturally supports two-factor authentication schemes (2FA). We use the term mobile derived identity to stress two aspects: a) the identity is enabled for mobile usage and b) the identity is somehow derived from a physical or digital proof of identity. This work reviews 21 systems and publications that support mobile derived identities. One subset of the considered systems is already in place (public or private sector in Europe), another subset is subject to research. Our goal is to identify prevalent design and implementation aspects for these systems in order to gain a better understanding on best practises and common views on mobile derived identities. We found, that research prefers storing identity data on the mobile device itself whereas real world systems usually rely on cloud storage. 2FA is common in both worlds, however biometrics as second factor is the exception.

Zur Wirksamkeit von Security-Awareness-Maßnahmen

Sun, 01 Jan 2017 00:00:00 +0000

Zusammenfassung

Im Rahmen einer elfwöchigen Studie bei einem mittelständigen Unternehmen wurde untersucht, ob das Investment in ein Präsenztraining zur Verbesserung der Security Awareness mit Fokus auf E-Mail-Phishing-Angriffe lohnenswert ist. Das erstellte Präsenztraining wird mit kostengünstig erwerbbaren Online-Lernspielen verglichen. Die Auswertung der Daten zeigt, dass beide Maßnahmen sich positiv auf das Verhalten der Mitarbeiter auswirken, jedoch die Verbesserungen durch das Präsenztraining überwiegen. Hierbei ist auffällig, dass bei einer freiwilligen Teilnahme die Motivation, eigenständig ein Online-Lernspiel zu absolvieren, sehr gering ist. Bemerkenswert ist ebenfalls, dass allein das Versenden von fingierten Phishing-E-Mails zu einer Sensibilisierung der Mitarbeiter führt.

Usability-Untersuchung eines Papierprototypen für eine mobile Online-Ausweisfunktion des Personalausweises

Fri, 30 Sep 2016 00:00:00 +0000

Abtract (german)

Die Online-Ausweisfunktion des Personalausweises in Deutschland besitzt eine Reihe von Usability-Schwierigkeiten und somit eine geringe Akzeptanz bei den Bürgerinnen und Bürgern. Die Umsetzung des Personalausweises in Form einer App auf einem Smartphone könnte hier Abhilfe schaffen. Mithilfe eines Papierprototypen wurden erste Usabilty-Untersuchungen durchgeführt, die zeigen, dass zwar die Benutzbarkeit der App gegeben ist, das Vertrauen in die Sicherheitsfunktionen der App jedoch nicht.

AnonDrop - Räumlich begrenzte anonyme Informationsverbreitung

Tue, 27 Sep 2016 00:00:00 +0000

Abstract (german)

Opportunistische Netze bieten ein alternatives Kommunikationssystem in Situationen, in denen ein repressiver Staat die klassische Internetkommunikation filtert oder ganz unterbindet. AnonDrop erlaubt hier eine räumlich begrenzte Kommunikation, die mittels dynamischer Netzadressen (MAC und IP) und weiterer Schutzmaßnahmen Angriffen auf die Identifizierung von Knoten überwiegend standhält. Auf Basis von Android Smartphones wurde ein Prototyp realisiert, der bei ersten Last- und Mobilitätstests zufriedenstellende Ergebnisse zeigt.

Security-Management-as-a-Service für die öffentliche Verwaltung

Tue, 27 Sep 2016 00:00:00 +0000

Abstract (german)

Die vorliegende Arbeit stellt einen Ansatz vor, der kommunale Behörden bei der Etablierung eines ganzheitlichen IT-Sicherheitsprozesses und dessen Aufrechterhaltung im laufenden Betrieb unterstützt. Die wesentliche Idee besteht darin, derzeit umgesetzte organisatorische Sicherheitsmaßnahmen in Technische umzuwandeln, die wiederum durch einen zentralen Dienst ausgelagert werden können. Der zur Verfügung gestellte, zentrale Dienst soll die Kommune ebenfalls bei der Etablierung eines Informations- sicherheitsmanagementsystems unterstützen. Um die Anforderungen an einen solchen zentralen Dienst formulieren zu können, wurden die IT-Infrastrukturen in verschiedenen kommunalen Bürgerämtern untersucht. Des Weiteren wurden Mitarbeiter befragt und bei der Durchführung ihrer Aufgaben beobachtet. Basierend auf diesen Untersuchungen wurden Hauptprobleme, die zu Sicherheitsvorfällen führen können, erhoben und zusammengefasst. Darauf aufbauend wird ein erster Lösungsvorschlag für die Konzeption und Einbindung des zentralen Dienstes diskutiert.

Zur Benutzbarkeit der AusweisApp2

Sun, 04 Sep 2016 00:00:00 +0000

Abstract (german)

Die Akzeptanz und Nutzung der Online-Ausweisfunktion des deutschen Personalausweises liegt hinter den Erwartungen zurück. Sie verlangte in der Vergangenheit vom Anwender den Einsatz der AusweisApp, die eine Reihe von Usability-Schwächen zeigt. Aus diesem Grund wurde bei der Neuentwicklung des Nachfolgers – der AusweisApp2 – auf den frühzeitigen und stetigen Einbezug des Anwenders geachtet. Im Rahmen von entwicklungsbegleitenden Usability-Untersuchungen konnten so frühzeitig Schwächen identifiziert und für die finale Version der AusweisApp2 eliminiert werden. Es zeigt sich jedoch auch, dass schwerwiegende Usability-Schwächen erst in der Interaktion des Gesamtsystems (Personalausweis, Kartenleser, AusweisApp2, Browser, Diensteanbieter) zum Vorschein treten und nicht durch die AusweisApp2 allein, sondern nur in der Betrachtung des Gesamtsystems zu lösen sind.